Controlling IT Costs to Cope with COVID
Successfully navigating the uncertainty will take determination, agility, and foresight. You’ll likely have to make some tough decisions about your IT environments.Interesting: PyEnv
If you’re like me, you’re probably sick-and-tired of Python versions, environments… Every time I update Python on my MacBook Pro with Homebrew, I lose all packages I installed for the previous version of Python (because I’m installing them system-wide and they’re stored in version-specific directory).
Jon Langemak found a potential solution to this problem: PyEnv. My first reaction was: Great, just what I need… but as he described how it really works, I realized that it’s always possible to add another layer of indirection. RFC1925 strikes again.
Keepalived and unicast over multiple interfaces
Keepalived is a Linux implementation of VRRP. The usual role of VRRP is to share a virtual IP across a set of routers. For each VRRP instance, a leader is elected and gets to serve the IP address, ensuring the high availability of the attached service. Keepalived can also be used for a generic leader election, thanks to its ability to use scripts for healthchecking and run commands on state change.
A simple configuration looks like this:
vrrp_instance gateway1 { state BACKUP # ❶ interface eth0 # ❷ virtual_router_id 12 # ❸ priority 101 # ❹ virtual_ipaddress { 2001:db8:ff/64 } }
The state keyword in ❶ instructs Keepalived to not take the leader
role when starting. Otherwise, incoming nodes create a temporary
disruption by taking over the IP address until the election settles.
The interface keyword in ❷ defines the interface for sending and
receiving VRRP packets. It is also the default interface to configure
the virtual IP address. The virtual_router_id directive in ❸ is
common to all nodes sharing the virtual IP. The priority keyword in
❹ helps choosing which router will be elected as leader. If you need
more information around Keepalived, be sure to check Continue reading
Syncing NetBox with a custom Ansible module
The netbox.netbox collection from Ansible Galaxy
provides several modules to update NetBox objects:
- name: create a device in NetBox netbox_device: netbox_url: http://netbox.local netbox_token: s3cret data: name: to3-p14.sfo1.example.com device_type: QFX5110-48S device_role: Compute Switch site: SFO1
However, if NetBox is not your source of truth, you may want to ensure it stays in sync with your configuration management database1 by removing outdated devices or IP addresses. While it should be possible to glue together a playbook with a query, a loop and some filtering to delete unwanted elements, it feels clunky, inefficient and an abuse of YAML as a programming language. A specific Ansible module solves this issue and is likely more flexible.
Notice
I recommend that you read “Writing a custom Ansible module” as an introduction, as well as “Syncing MySQL tables” for a first simpler example.
Code
The module has the following signature and it syncs NetBox with the content of the provided YAML file:
netbox_sync: source: netbox.yaml api: https://netbox.example.com token: s3cret
The synchronized objects are:
- sites,
- manufacturers,
- device types,
- device Continue reading
Solve the Simple Problems
One thing I’ve found out over the past decade of writing is that some problems are easy enough to solve that we sometimes forget about them. Maybe it’s something you encounter once in a great while. Perhaps it’s something that needed a little extra thought or a novel reconfiguration of an existing solution. Something so minor that you didn’t even think to write it down. Until you run into the problem again.
The truth behind most of these simple problems is that the solutions aren’t always apparent. Sure, you might be a genius when it comes to fixing the network or the storage array. Maybe you figured out how to install some new software to do a thing in a way that wasn’t intended. But did you write any of it down for later use? Did you make sure to record what you’ve done so someone else can use it for reference?
Part of the reason why I started blogging was to have those written solutions to problems I couldn’t find a quick answer to. What it became was way more than I had originally intended. But the posts that I write that still get the most attention aren’t my Continue reading
Weekend Reads 091820
In Europe and beyond we struggle with effective policing of online communications. As generations before, we want to be both: free and safe when we interact with others, go shopping or get our news. While this balance is difficult, it is possible to achieve: the rapid development of online communications, often proclaimed the wild west of modern society, Continue reading
MUST Read: Blockchain, the amazing solution for almost nothing
One of the weekend reads collected by Russ White contained a pointer to a hilarious description of blockchain - a solution in search of a problem. Here are a few quotes to get you started (and I had a really hard time selecting just a few):
I’ve never seen so much bloated bombast fall so flat on closer inspection.
At its core, blockchain is a glorified spreadsheet.
The only thing is that there’s a huge gap between promise and reality. It seems that blockchain sounds best in a PowerPoint slide.
Someone should use that article as a framework and replace blockchain with OpenFlow or SDN ;)
Heavy Networking 540: Sinefa Blends Network Data, Synthetics To Measure End User Experience (Sponsored)
In today's sponsored show, we talk with Sinefa about its Digital Experience Monitoring capabilities. Sinefa assembles network traffic, DPI, end point monitoring, and synthetic transactions to get clear, actionable information on network performance to measure end user experience and improve troubleshooting. Our guests are Chris Siakos, CTO; and Alex Henthorn-Iwane, VP of Product Marketing.
The post Heavy Networking 540: Sinefa Blends Network Data, Synthetics To Measure End User Experience (Sponsored) appeared first on Packet Pushers.
Heavy Networking 540: Sinefa Blends Network Data, Synthetics To Measure End User Experience (Sponsored)
In today's sponsored show, we talk with Sinefa about its Digital Experience Monitoring capabilities. Sinefa assembles network traffic, DPI, end point monitoring, and synthetic transactions to get clear, actionable information on network performance to measure end user experience and improve troubleshooting. Our guests are Chris Siakos, CTO; and Alex Henthorn-Iwane, VP of Product Marketing.The Digital Services Act and Why the Architecture of the Internet Must Be Preserved
Earlier this year, as part of the European Digital Strategy, the European Commission announced a Digital Services Act package to develop new and revised rules to harmonize and deepen the Single Market for digital services. As a part of that initiative, it also initiated a public consultation to scope the specific issues that may require regulatory intervention.
The Internet Society submitted recommendations in response to the critical issues raised in this consultation. One of the key considerations that we hope comes across in this submission is that in order “to design better regulation for the Internet, it is important to understand two things: the first one is that today’s Internet, despite how much it has evolved, still continues to depend on its original architecture; and, the second relates to how preserving this design is important for drafting regulation that is fit for purpose.”
As noted by the Commission, the scale of digital services is substantially different from 20 years ago, when the E-Commerce Directive was introduced. New actors and new services have emerged, creating a much more complex ecosystem. This new ecosystem presents new challenges, particularly with regard to illegal and harmful activities and content online. Current discussions and regulatory initiatives Continue reading
Making Connections to Make a Difference at the 2020 Chapter Workshops
Each year during Chapter Workshops, representatives from across the Internet Society come together to advance their shared vision of an open and trusted Internet for everyone. They gather elbow-to-elbow on five different continents, sharing experiences and exchanging local, regional, and global perspectives. These annual workshops are a meeting ground for Internet Society Chapters, project leads, global colleagues, and our partners at the Internet Society Foundation – a chance to collaborate, define strategies, and develop plans.
Key to the Chapter Workshops is working closely to foster synergies, exchange lessons learned, spark engagement, and strengthen relationships across the global Internet Society community.
This year is a little different.
The 2020 Chapter Workshops come at a time when the world is grappling with the COVID-19 pandemic and relying on the Internet to enable continuity. We now understand too well the importance of having a better, reliable, and affordable Internet for everyone.
With this in mind, the Chapter Workshops have been tailored to this context and will take place virtually – where human connection will still be on the agenda. Each region has identified priority topics and developed their sessions accordingly.
Africa (22-25 September)
Europe (5-7 October)
Asia-Pacific (15-16 October)
North America & The Caribbean (19-23 October)
Middle East Continue reading
Raking the floods: my intern project using eBPF
Cloudflare’s globally distributed network is not just designed to protect HTTP services but any kind of TCP or UDP traffic that passes through our edge. To this end, we’ve built a number of sophisticated DDoS mitigation systems, such as Gatebot, which analyze world-wide traffic patterns. However, we’ve always employed defense-in-depth: in addition to global protection systems we also use off-the shelf mechanisms such as TCP SYN-cookies, which protect individual servers locally from the very common SYN-flood. But there’s a catch: such a mechanism does not exist for UDP. UDP is a connectionless protocol and does not have similar context around packets, especially considering that Cloudflare powers services such as Spectrum which are agnostic to the upper layer protocol (DNS, NTP, …), so my 2020 intern class project was to come up with a different approach.
Protecting UDP services
First of all, let's discuss what it actually means to provide protection to UDP services. We want to ensure that an attacker cannot drown out legitimate traffic. To achieve this we want to identify floods and limit them while leaving legitimate traffic untouched.
The idea to mitigate such attacks is straight forward: first identify a group of packets that is Continue reading
Video: Cisco SD-WAN Routing Goodness
After covering the Cisco SD-WAN components and its architecture in the Cisco SD-WAN Foundations and Design Aspects webinar, David Penaloza focused on the routing capabilities it offers and its control plane characteristics, including types of routes and some scalability recommendations.
You need Free ipSpace.net Subscription to watch the video.
IPv6 Buzz 060: Why the Internet Needs IPv6 – With Special Guest Vint Cerf
In this week's episode Ed, Scott, Tom, and guest host Greg Ferro talk to Vint Cerf about why the Internet needs IPv6, and whether the Internet is in danger of fragmenting along political lines and the impacts of that fragmentation. Vint is Google's chief Internet evangelist and the co-creator, with Bob Khan, of the Internet Protocol.
The post IPv6 Buzz 060: Why the Internet Needs IPv6 – With Special Guest Vint Cerf appeared first on Packet Pushers.
IPv6 Buzz 060: Why the Internet Needs IPv6 – With Special Guest Vint Cerf
In this week's episode Ed, Scott, Tom, and guest host Greg Ferro talk to Vint Cerf about why the Internet needs IPv6, and whether the Internet is in danger of fragmenting along political lines and the impacts of that fragmentation. Vint is Google's chief Internet evangelist and the co-creator, with Bob Khan, of the Internet Protocol.Architecting an Agile Approach to App Development
COVID-19 has accelerated the pace of digital transformation to warp speed. Never has the need to develop transformative technology been more urgent. Learn how you can accelerate and scale app development with a modern approach.CBRS Spectrum Auction Transforms Enterprise Cellular Landscape
Win, lose, or watch, IT managers gained as auction opens numerous opportunities for corporate wireless networks soon.About Your Remote Access Policy: It’s Time for an Update
Times have changed, with more employees working from home. Has your enterprise's remote access policy kept pace with the arrival of new users, tasks, access technologies, and threats?Can Video Game Systems Like PS5 Be Used for Workplace Team Collaboration?
Team collaboration has been an issue in the workplace for too long. Countless solutions have been proposed and tried. And here is a new idea. Can video game systems like PS5 be used for workplace team collaboration? The simple answer is yes. But how?
Video game systems have long had the option for multiplayer games. These also allow numerous people around the world to connect, create teams, and play against other teams. If you’re a true gamer, you would know how this works. However, what does this mean for offices? Video game systems like the PS5 have many features that can enable workplace team collaboration. Here are some of the ways this is encouraged.
3 Ways PS5 Will be Used for Workplace Team Collaboration
Delegation of Tasks
The option to play as teams helps develop skills in employees that contribute to the workplace. The more you work in a team, the better you adapt to it. In video game systems like PS5, you can choose your own game, which means having a story you like. This can engage the employees in multiple ways, but most importantly divide the tasks.
Playing as a team in a video game would not only Continue reading