Archive

Category Archives for "Networking"

pygnmi 1. Intro to pure Python gNMI module by karneliuk.com.

Hello my friend,

It took a while since our latest post from the Code Express (CEX) series. During this time we were working heavy to launch an advanced version of our industry-leading network automation training. However, this time we were working on something special…


1
2
3
4
5
No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.

Automate all the network things

Each and every element in the network can be automated. It is always the question, if it shall be. Both of these questions are subject to our training:

  • We teach you how automate each and every network function in your network.
  • We teach you how to identify, what makes sense to automate, what not, and how to make your network automation successful.

At our network automation training (either live or self-paced) you will guide you from the foundation of the automation for the small networks till advanced automation use cases in big data centres, and clouds. You will lean how to structure the data using YANG Continue reading

Using Flow Tracking to Build Firewall Rulesets… and Halting Problem

Peter Welcher identified the biggest network security hurdle faced by most enterprise IT environments in his comment to Considerations for Host-based Firewalls (Part 1) blog post:

I have NEVER found a customer application team that can tell me all the servers they are using, their IP addresses, let alone the ports they use.

His proposed solution: use software like Tetration (or any other flow collecting tool) to figure out what’s really going on:

Arm updates Neoverse server processors with considerable performance claims

Acquisitions and defections be damned, Arm Holdings is pushing forward with its Neoverse line of server processor designs with the launch of the Neoverse V1 and N2 processor architectures.The new chips are the successors to the Neoverse N1 and E1 designs, which are used in server processors like Ampere’s Altra, Amazon’s Graviton2, and Marvel’s ThunderX2. Arm claims these chips will deliver 40% to 50% better performance than the previous generation while consuming the same amount of power.To read this article in full, please click here

Arm updates Neoverse server processors with considerable performance claims

Acquisitions and defections be damned, Arm Holdings is pushing forward with its Neoverse line of server processor designs with the launch of the Neoverse V1 and N2 processor architectures.The new chips are the successors to the Neoverse N1 and E1 designs, which are used in server processors like Ampere’s Altra, Amazon’s Graviton2, and Marvel’s ThunderX2. Arm claims these chips will deliver 40% to 50% better performance than the previous generation while consuming the same amount of power.To read this article in full, please click here

Vendors extend the range of 5G millimeter-wave transmissions

Two wireless vendors say they have collaborated to significantly extend the useful range of millimeter-wave 5G transmissions beyond what had been widely considered its limits. 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises Qualcomm and Ericsson have worked together in separate trials with two other companies to boost that distance from less than a mile (1.6km) to 3.8km in one case and to 5km-plus in the other, the companies claim.To read this article in full, please click here

Cable testing on Juniper EX switches

Does anyone use the cable test feature on EX switches? Did you even know you could do this kind of thing?

In case you didn’t, here is a bit of background and an example.

The Time Domain Reflectometer (TDR) test has been available on the EX switches for some time, but not a lot of people seem to know about it. What is TDR, I hear you ask?

A futuristic-sounding thing, what a TDR does is send a signal down a cable and measure how much (if any) is reflected by the far end. If the cable is damaged a little way along its length, the TDR test will tell you that distance to a fair level of accuracy.

In an ethernet cable, there are four pairs of conductors – eight wires in total. The operative ones are 1 & 2, and 3 & 6. The other conductors are unused but their presence in the Cat5 or Cat6 cable helps prevent cross-talk and signal attenuation. In a lab, usually cables are fairly short and easily replaced, but in a working environment, cables in floor-boxes under desks, or the structured wiring under the raised floor in an office often suffers quite Continue reading

Technologies that Didn’t: CLNS

Note: RFC1925, rule 11, reminds us that: “Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works.” Understanding the past not only helps us to understand the future, it also helps us to take a more balanced and realistic view of the technologies being created and promoted for current and future use.

The Open Systems Interconnect (OSI) model is the most often taught model of data transmission—although it is not all that useful in terms of describing how modern networks work. What many engineers who have come into network engineering more recently do not know is there was an entire protocol suite that went with the OSI model. Each of the layers within the OSI model, in fact, had multiple protocols specified to fill the functions of that layer. For instance, X.25, while older than the OSI model, was adopted into the OSI suite to provide point-to-point connectivity over some specific kinds of physical circuits. Moving up the stack a little, there were several protocols that provided much the same service as the widely used Internet Protocol (IP).

The Connection Oriented Network Service, or CONS, ran on top Continue reading

Full Stack Journey 046: Understanding AWS Controllers For Kubernetes (ACK)

Today's Full Stack Journey podcast explores AWS Controllers for Kubernetes (ACK). Currently available as a developer preview, the ACK project lets customers manage their AWS services directly from Kubernetes. Our guide to ACK is Justin Garrison, a container advocate at AWS and author.

The post Full Stack Journey 046: Understanding AWS Controllers For Kubernetes (ACK) appeared first on Packet Pushers.

Python: The Minimum You Need to Know

Many network engineers and other professionals are transitioning their skills set to include programming and automation. Commonly, their previous programming experience comes from a few programming courses they attended in university a long time ago. I am one of those professionals and I created this Python programming guide for people like you and me.

In this guide, I explain the absolute minimum amount you need to learn about Python in order to create useful programs. Follow this guide to get a very short, but functional, overview of Python programming in less than one hour.

I omit many topics from this text that you do not need to know when you begin using Python; you can learn them later, when you need them. I don’t want you to have to unlearn misconceptions later, when you become more experienced, so I do include some Python concepts that other beginner guides might skip, such as the Python object model. This guide is “simple” but it is also “mostly correct”.

Getting Started

In this guide, I will explore the seven fundamental topics you need to know to create useful programs almost immediately. These topics are:

  • The Python object model simplified
  • Defining objects
  • Core types
  • Continue reading

Tigera Announces Open-Source Calico for Windows and Collaboration with Microsoft

Tigera is pleased to announce that we have open-sourced Calico for Windows and made it immediately available for all to use for free. With the launch of open-source Calico for Windows, the vast ecosystem of Windows users now has unprecedented access to Kubernetes via the industry’s de-facto standard for Kubernetes networking and network security.

We have been collaborating with Microsoft and our joint customers over the past few years to bring Project Calico to the Windows platform, and have seen increasing demand for Windows nodes ever since the release of Kubernetes 1.14.  Most enterprises have a Windows footprint, and Windows workloads are increasingly being modernized and migrated to containers and orchestrated with Kubernetes. Enterprise users want to deploy a single solution for network security that works across both Linux and Windows workloads. Open-sourcing Calico for Windows provides those users with the best and only solution available, and for free.

“We are seeing an influx in interest in Windows Kubernetes workloads, as well as interest in securing those workloads. Calico has been a key means of deploying network security policies across both Windows and Linux platforms, however, their Windows support has been commercially licensed by Tigera until today,“ said Continue reading

Accessing Docker Container Services over IPv6

Getting Docker to work with IPv6 is an interesting and under-documented (trying to stay diplomatic) adventure, but there’s a shortcut to the promised land: even if your Docker environment is pure IPv4 morass, you can still reach published container ports over IPv6 thanks to the userland proxy I described last week. The performance is obviously commensurate with traversing kernel-user boundary too many times.

New to this rabbit hole? Start here.

Finally, you don’t have to tell me (again) that Docker is dead and we should all use K8s. It’s as useful as telling me CloudStack is dead and we should all use OpenStack. Different challenges deserve different tools.

Cradlepoint buy nets Ericsson 5G infrastructure for carriers, enterprises

Ericsson’s purchase of wireless WAN vendor Cradlepoint means that the Sweden-based networking powerhouse is targeting growth in the 5G and edge markets, according to experts. 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises The deal, valued at $1.1 billion, will see Cradlepoint become a fully owned subsidiary of Ericsson, part of the larger company’s Business Area Technologies and New Business divisionTo read this article in full, please click here

Reducing RPKI Single Point of Takedown Risk

The RPKI, for those who do not know, ties the origin AS to a prefix using a certificate (the Route Origin Authorization, or ROA) signed by a third party. The third party, in this case, is validating that the AS in the ROA is authorized to advertise the destination prefix in the ROA—if ROA’s were self-signed, the security would be no better than simply advertising the prefix in BGP. Who should be able to sign these ROAs? The assigning authority makes the most sense—the Regional Internet Registries (RIRs), since they (should) know which company owns which set of AS numbers and prefixes.

The general idea makes sense—you should not accept routes from “just anyone,” as they might be advertising the route for any number of reasons. An operator could advertise routes to source spam or phishing emails, or some government agency might advertise a route to redirect traffic, or block access to some web site. But … if you haven’t found the tradeoffs, you haven’t looked hard enough. Security, in particular, is replete with tradeoffs.

Every time you deploy some new security mechanism, you create some new attack surface—sometimes more than one. Deploy a stateful packet filter to protect a Continue reading

Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere

It's a baker's dozen of tech news in today's Network Break episode. We analyze Nvidia's $40 billion bid for Arm, Broadcom's banishment of Cumulus, vSphere's Kubernetes injection via Tanzu, a new hardware strategy from Extreme, new products from Palo Alto and Juniper, and more!

The post Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere appeared first on Packet Pushers.

The Week in Internet News: Trading Trash for WiFi

Turning plastic into access: Students in a Jakarta, Indonesia, neighborhood are collecting discarded plastic and trading it for access at a WiFi station that sells the plastic waste, the World Economic Forum website says. The owner of the WiFi station uses the profits from selling the plastic to purchase access for small groups of students who need Internet access during continuing COVID-19 lockdowns.

No access here: About 54 percent of households in rural Bangladesh lack Internet access, according to a new survey featured at The Daily Star. Nearly six in 10 don’t have access to a smart phone. The survey also found that about eight in 10 rural households have very limited digital skills.

Trump vs. TikTok: U.S. President Donald Trump’s administration has moved to ban Chinese apps TikTok and WeChat as of 20 September, Reuters reported. The U.S. Department of Commerce was planning to issue an order on Friday that would prohibit app stores available in the U.S. from offering the two apps. TikTok owner ByteDance was still exploring a sale of the video-sharing app to U.S. companies.

Rockets on boats: SpaceX is planning to test its proposed Starlink satellite Internet network by using a Continue reading