Day Two Cloud 054: Real Life VMware Cloud On AWS
We discuss the reality of running VMware Cloud (VMC) on AWS with Adam Fisher, Cloud & DevOps Engineer at RoundTower. Adam's been deploying VMC on AWS in the real world for customers since the product's early days, and has plenty of insights. VMC on AWS presents a VMware software defined data center (SDDC) hosted on bare metal in AWS data centers. If you're trying to vacate your own data centers or colos, but aren't going to refactor your applications to do it, VMC on AWS presents a compelling technical solution.BiB094 – HPE Discover Greenlake and Ezmeral
HPE Greenlake Common cloud platform – pivot to “edge-to-cloud platform-as-a-service company” cloud services, software and customer experiences. Greenlake in numbers: 4B in contract value , 1000 customers, 50 countries, 90% retention rate 700 partners selling Greenlake = next generational partner ecosystem self-served, pay per use HPE Ezmeral The HPE Ezmeral... Read more »BiB094 – HPE Discover Greenlake and Ezmeral
HPE Greenlake Common cloud platform – pivot to “edge-to-cloud platform-as-a-service company” cloud services, software and customer experiences. Greenlake in numbers: 4B in contract value , 1000 customers, 50 countries, 90% retention rate 700 partners selling Greenlake = next generational partner ecosystem self-served, pay per use HPE Ezmeral The HPE Ezmeral […]
The post BiB094 – HPE Discover Greenlake and Ezmeral appeared first on Packet Pushers.
Eighty for Africa: Kenya and Nigeria’s IXP Success
Ten years ago the peering community came up with a vision: We wanted 80 percent of Internet traffic to be localized by 2020. I must admit, over the last decade there were times I wondered if it was possible.
But Kenya and Nigeria have just proven that it is – all thanks to the help of Internet exchange points (IXPs). A new report, Anchoring the African Internet Ecosystem: Lessons from Kenya and Nigeria’s Internet Exchange Points Growth is a case study on how they did it.
What Changed in Kenya and Nigeria
In just eight years a dedicated community helped Kenya and Nigeria to boost the levels of Internet traffic that is locally exchanged from 30% to 70%.
That happened because of a vibrant community of people united around a common cause: bringing faster, cheaper, and better Internet to their neighbours. They did this by focusing on their local Internet ecosystem that is dependent on the IXP.
Building an IXP takes humans and tech. We often say it takes 80% human engineering and 20% network engineering. It certainly is no easy task. Building a strong local Internet community facilitates this collaboration and results in neutral, even, and good local governance Continue reading
Adapting Network Design to Support Automation
This blog post was initially sent to the subscribers of my SDN and Network Automation mailing list. Subscribe here.
Adam left a thoughtful comment addressing numerous interesting aspects of network design in the era of booming automation hype on my How Should Network Architects Deal with Network Automation blog post. He started with:
A question I keep tasking myself with addressing but never finding the best answer, is how appropriate is it to reform a network environment into a flattened design such as spine-and-leaf, if that reform is with the sole intent and purpose to enable automation?
A few basic facts first:
Open Call To The Next Generation of Internet Leaders – Apply for the IGF Youth Ambassadors Program
We are living in unprecedented times. COVID-19 has disrupted our world and it’s a crucial time for the Internet. We are facing issues related to misinformation, online education and connectivity. Challenges have been posed to encryption. Debates around the trade-off between privacy and contact tracing apps take place around the globe.
The acceleration of digital transformation worldwide has created immense opportunities and at the same time, uncertainty and challenges. Under these circumstances, youth must be represented in these discussions.
Young people know the benefits of connection, sharing and openness. Young engineers and programmers create new tools for the Internet every day, and many proposals about governance of new technologies come from interested people below the age of 30.
We grew up in cyberspace, and it has become an intrinsic part of many of our lives. We care for it, we value its principles, invariants and characteristics. Most of all, we understand how important the Internet is and how much of a force for good (or for evil) it can be.
The voice of youth matters and the Internet Society plays a significant role to empower the next generation of Internet leaders and to provide them with the freedom to voice Continue reading
The History of LINUX and SUSE with Dirk Hohndel
Started as a consulting company, SUSE was one of the first organizations to begin working in the development and commercialization of LINUX. Through the years, LINUX has become the base for much of the IT world, including many of the open source network operating systems. Dirk Hohndel joins the History of Networking to discuss the origins of SUSE LINUX.
Lessons from a 2020 intern assignment
This summer, Cloudflare announced that we were doubling the size of our Summer 2020 intern class. Like everyone else at Cloudflare, our interns would be working remotely, and due to COVID-19, many companies had significantly reduced their intern class size, or outright cancelled their programs entirely.
With our announcement came a huge influx of students interested in coming to Cloudflare. For applicants seeking engineering internships, we opted to create an exercise based on our serverless product Cloudflare Workers. I'm not a huge fan of timed coding exercises, which is a pretty traditional way that companies gauge candidate skill, so when I was asked to help contribute an example project that would be used instead, I was excited to jump on the project. In addition, it was a rare chance to have literally thousands of eager pairs of eyes on Workers, and on our documentation, a project that I've been working on daily since I started at Cloudflare over a year ago.
In this blog post, I will explain the details of the full-stack take home exercise that we sent out to our 2020 internship applicants. We asked participants to spend no more than an afternoon working on it, and Continue reading
Security Aspects of Using Smart NICs
After I published the blog post describing how infrastructure cloud provides (example: AWS) might use smart Network Interface Cards (NICs) as the sweet spot to implement overlay virtual networking, my friend Christoph Jaggi sent me links to two interesting presentations:
Both presentations describe how you can take over a smart NIC with a properly crafted packet, and even bypass CPU on a firewall using smart NICs.
Network Break 289: Cisco Live 2020, Palo’s ML, HPE Edge Telco and more
Cisco Live Virtual topics so SecureX, Webex Collaboration and the "Connected Experience" (even if we don't really know what that is). Palo Alto gets machine learning features into the latest PAN-OS release for malware scanning, automated rule creation and more. HPE get Edgey with Telco plus more on Zoom security tradeoffs.
The post Network Break 289: Cisco Live 2020, Palo’s ML, HPE Edge Telco and more appeared first on Packet Pushers.
Network Break 289: Cisco Live 2020, Palo’s ML, HPE Edge Telco and more
Cisco Live Virtual topics so SecureX, Webex Collaboration and the "Connected Experience" (even if we don't really know what that is). Palo Alto gets machine learning features into the latest PAN-OS release for malware scanning, automated rule creation and more. HPE get Edgey with Telco plus more on Zoom security tradeoffs.Research: Off-Path TCP Attacks
I’s fnny, bt yu cn prbbly rd ths evn thgh evry wrd s mssng t lst ne lttr. This is because every effective language—or rather every communication system—carried enough information to reconstruct the original meaning even when bits are dropped. Over-the-wire protocols, like TCP, are no different—the protocol must carry enough information about the conversation (flow data) and the data being carried (metadata) to understand when something is wrong and error out or ask for a retransmission. These things, however, are a form of data exhaust; much like you can infer the tone, direction, and sometimes even the content of conversation just by watching the expressions, actions, and occasional word spoken by one of the participants, you can sometimes infer a lot about a conversation between two applications by looking at the amount and timing of data crossing the wire.
The paper under review today, Off-Path TCP Exploit, uses cleverly designed streams of packets and observations about the timing of packets in a TCP stream to construct an off-path TCP injection attack on wireless networks. Understanding the attack requires understanding the interaction between the collision avoidance used in wireless systems and TCP’s reaction to packets with a sequence number outside Continue reading
The Week in Internet News: U.S. DOJ Wants to Hold Website Liable for User Comments
Legal landmines: The U.S. Department of Justice has proposed ending a 24-year-old provision that protections websites and social media outlets from lawsuits for comments and other content posted by users, the Washington Post reports. While some Republicans have complained about social media sites allegedly burying conservative voices, the proposal would actually force sites into heavy moderation as a way to avoid lawsuits. The DOJ proposal would also end legal protections for tech companies that fail to allow law enforcement access to encrypted communications.
Taxing the Internet: The European Union is considering a digital goods tax, but it may have to do so without an agreement from the U.S. government, Al Jazeera reports. The U.S. government has announced it is withdrawing from negotiations with European countries over new international tax rules on digital goods. Nearly 140 countries have been involved in the negotiations.
Internet in space: SpaceX is opening up its Starlink low-earth orbit Internet service to beta testers, ZDNet says. SpaceX now has 540 satellites deployed, allowing for “minor” coverage. The company plans to eventually launch as many as 30,000 Starlink satellites.
The café society: Operators of Internet cafés and gaming centers in Thailand are pushing for Continue reading
Worth Reading: Starting Your Network Automation Journey
Daniel Teycheney published an excellent blog post with numerous hints on starting your automation journey including:
- Which programming language should you start with?
- Python or Ansible?
- What about Terraform?
- What resources could you use?
Measuring Route Origin Validation
How well are we doing with the adoption of Route Origin Validation in the Inter-Domain routing space? How many users can no longer reach a destination if the only available ROAs mark the destination announcement as invalid?Bayesian Finite Mixture Models
Motivation
I have been lately looking at Bayesian Modelling which allows me to approach modelling problems from another perspective, especially when it comes to building Hierarchical Models. I think it will also be useful to approach a problem both via Frequentist and Bayesian to see how the models perform. Notes are from Bayesian Analysis with Python which I highly recommend as a starting book for learning applied Bayesian.
Mixture Models
In statistics, mixture modelling is a common approach for model building. A Model built by simpler distributions to obtain a more complex model. For instance,
- Combination of two Gaussian’s to describe a bimodal distribution.
- Many Guassian’s to describe any arbitrary distributions.
We can use a mixture of models for modelling sub-populations or complicated distributions which can not be modelled with simpler distributions.
Finite Mixture Models
In Finite mixture models, as the name suggests, we mix a known number of models together with some weights associated for each model. Probability density of the observed data is a weighted sum of the probability density for K subgroups of the data where K is the number of models.
\[p(y|\theta) = \sum_{i=1}^{K} w_{i}p_{i}(y_{i}|\theta_{i})\]Here, \(w_{i}\) is the weight for each group and all the Continue reading
Connect a VXLAN-EVPN DC to the Public Cloud the right way
In my latest blog post i was ranting on how you should not do cloud connectivity, and specifically how you should stay miles away from whoever suggests the use of vxlan to “extend layer 2”.
Today i wanted to show you instead how you could actually extend your network into the cloud to allow workload mobility. It’s assumed that your application is “cloud ready” and won’t require a layer 2 adjacency with other components.
As part of a customer project i was supposed to design a cloud connectivity solution that would allow to extend several VRFs into AWS. The requirements were very clear, so let’s list them:
- It is required to extend around 15 VRFs into AWS to allow application migrations into the cloud.
- The solution needs to be ready for other clouds like Azure or IBM Cloud
- The solution needs to be scalable and be able to ensure support to additional VRFs without network redesign
The high level solution
Simply put, what we did was to extend VXLAN-EVPN Overlay into AWS, specifically by making the CSR 1000v a vtep.
In my specific use case, the customer is running a dual site VXLAN-EVPN DC with EVPN Multi-Site for the DCI Continue reading