Must Read: Ironies of Automation

Stumbled upon a 35-year-old article describing the ironies of automation (HT: The Morning Paper). Here’s a teaser…

Unfortunately automatic control can ‘camouflage’ system failure by controlling against the variable changes, so that trends do not become apparent until they are beyond control.

In simpler words: when things fail, they fail really badly because the intermittent failures were kept hidden. Keep that in mind the next time someone tells you how wonderful software-defined AI-assisted networking is going to be.

Weekly Top Posts: 2020-01-12

1. Aruba SD-Branch Update Targets Retail
2. AT&T Clarifies Perplexing, Ambiguous Network Virtualization Goal
3. Veeam Snatched Up by Insight for $5B
4. How SD-Branch Rises to the Next-Gen Demands of Financial Services Networks
5. Equinix CEO Talks Edge: Friend or Foe?

Junos SNMP via Routing Instance

Juniper routing instances are very useful when you need separate routing tables on the one device, for example to separate customers. Junos lets you configure SNMP polling of routing instances, so customers can poll “their” interfaces using 'instance_name'@'community'. All very useful. But it wasn’t obvious to me how to poll the default table via an interface in a routing instance. The trick is to just use @'community'. Here’s an example.

Network Overview

To demo this I have a simple network. I’m using a Virtual QFX plus Vagrant setup, based on the Vagrantfiles in this repo. I’m running one vqfx10k, connected to one server. The key here is that the server has two connections to the vqfx. One interface is in the default instance, one is in a “Customer” routing instance:

Here’s the routing-instance config:

1
2
3
4
5
6
7
8
vagrant@vqfx> show configuration routing-instances
Customer {
    instance-type virtual-router;
    interface xe-0/0/1.0;
}

{master:0}
vagrant@vqfx>

And here’s my SNMP configuration:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
vagrant@vqfx>  Continue reading

Junos SNMP via Routing Instance

Juniper routing instances are very useful when you need separate routing tables on the one device, for example to separate customers. Junos lets you configure SNMP polling of routing instances, so customers can poll “their” interfaces using 'instance_name'@'community'. All very useful. But it wasn’t obvious to me how to poll the default table via an interface in a routing instance. The trick is to just use @'community'. Here’s an example.

Network Overview

To demo this I have a simple network. I’m using a Virtual QFX plus Vagrant setup, based on the Vagrantfiles in this repo. I’m running one vqfx10k, connected to one server. The key here is that the server has two connections to the vqfx. One interface is in the default instance, one is in a “Customer” routing instance:

Here’s the routing-instance config:

1
2
3
4
5
6
7
8
vagrant@vqfx> show configuration routing-instances
Customer {
    instance-type virtual-router;
    interface xe-0/0/1.0;
}

{master:0}
vagrant@vqfx>

And here’s my SNMP configuration:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
vagrant@vqfx> show  Continue reading

Another perspective on "engineering" in IT

Found a nice article about Margaret Hamilton, the lady who coined the term "software engineering".

Engineering—back in 1969 as well as here in 2020—carries a whole set of associated values with it, and one of the most important is the necessity of proofing for disaster before human usage. You don’t “fail fast” when building a bridge: You ensure the bridge works first.

Now be a good "networking engineer" and go and stretch another VLAN around the globe... ;)

Cuckoo Installation and Configuration on Debian 10 Buster

HPE and Cumulus Networks partner for open storage

Cumulus Networks has announced a partnership with HPE that will see its NetQ management software run on HPE's network storage products.Under the deal, HPE's StoreFabric M-Series Ethernet switches will run Cumulus's Linux operating system and NetQ, a move that Cumulus said in a statement will deliver “a flexible networking fabric that is predictable, scalable, and reliable."[Get regularly scheduled insights by signing up for Network World newsletters.] Combining the M-Series switches with Linux and NetQ will offer enterprises a high-bandwidth, low-latency way to connect primary, secondary, hyperconverged, NAS, or object-storage systems, and is an ideal way to build an Ethernet Storage Fabric (ESF), the company added.To read this article in full, please click here

HPE and Cumulus Networks partner for open storage

Cumulus Networks has announced a partnership with HPE that will see its NetQ management software run on HPE's network storage products.Under the deal, HPE's StoreFabric M-Series Ethernet switches will run Cumulus's Linux operating system and NetQ, a move that Cumulus said in a statement will deliver “a flexible networking fabric that is predictable, scalable, and reliable."[Get regularly scheduled insights by signing up for Network World newsletters.] Combining the M-Series switches with Linux and NetQ will offer enterprises a high-bandwidth, low-latency way to connect primary, secondary, hyperconverged, NAS, or object-storage systems, and is an ideal way to build an Ethernet Storage Fabric (ESF), the company added.To read this article in full, please click here

Heavy Networking 497: Good Reasons To Start Your Tech Blog

If one of your New Year's resolutions is to blog more, or start a blog, this episode is for you. We discuss the benefits of technical blogging including raising your profile, improving your own understanding, contributing to the community, and creating new opportunities in your professional life. Our guests are John Mark Troyer and Stephen Foskett.

The post Heavy Networking 497: Good Reasons To Start Your Tech Blog appeared first on Packet Pushers.

‘Major Initiatives in Cybersecurity’ Shows Everyone Can Contribute to Trust

How do we work toward a more secure Internet?

In the Cyber Security discussions that take place in the various policy fora around the world, there is often little appreciation that the security of the Internet is a distributed responsibility, where many stakeholders take action.

By design, the Internet is a distributed system with no central core or point of control. Instead, Internet security is achieved by collaboration where multiple companies, organizations, governments, and individuals take action to improve the security and trustworthiness of the Internet – so that it is open, secure, and available to all.

Today we’ve published Major Initiatives in Cybersecurity: Public & Private Contributions Towards Increasing Internet Security to illustrate, via a handful of examples regarding Internet Infrastructure, there are a great number initiatives working, sometimes together and sometimes independently, in improving the Internet’s security. An approach we call collaborative security.

Major Initiatives in Cybersecurity describes Internet security as the part of cybersecurity that, broadly speaking, relates to the security of Internet infrastructure, the devices connected to it, and the technical building blocks from which applications and platforms are built.

We make no claim to completeness, but we do hope that the paper illustrates the complexity, breath, Continue reading

Cisco NX-OS Graceful Insertion and Removal (GIR)

If you operate a data-center network with Cisco Nexus, you’ve probably already faced the problem of how to perform a maintenance on one of the two switches of a vPC pair, with minimum impact and risks for the production network. Cisco NX-OS contains a feature called “Graceful Insertion and Removal” or GIR to help you for that. Here is how it works. Scenario Let’s take the example below: (click on the image to see a larger version) We have two Nexus (in nx-os mode) in vPC. Doing layer-2 aggregation and …

The post Cisco NX-OS Graceful Insertion and Removal (GIR) appeared first on AboutNetworks.net.

4 tech startup predictions for 2020

Capital markets are in transition, unicorns are falling and geopolitical instability abounds. That adds up to an 'interesting' climate for tech startups.

The Art of Saying “No”

No.

It’s the shortest sentence in the English language. It requires no other parts of speech. It’s an answer, a statement, and a command all at once. It’s a phrase that some people have zero issues saying over and over again. And yet, some others have an extremely difficult time answering anything in the negative.

I had a fun discussion on twitter yesterday with some friends about the idea behind saying “no” to people. It started with this tweet:

Coincidentally, I tweeted something very similar to what Bob Plankers had tweeted just hours before:

The gist is the same though. Crazy features and other things that have been included in software and hardware because someone couldn’t tell another person “no”. Sadly, it’s something Continue reading

Equinix CEO Talks Edge: Friend or Foe?

Money Moves: December 2019

NetDev 0x13 on Software Gone Wild

The last Software Gone Wild podcast recorded in 2019 focused on advances in Linux networking - in particular on interesting stuff presented at NetDev 0x13 conference in Prague. The guests (in alphabetical first name order) Jamal Hadi Salim, Shrijeet Mukherjee, Sowmini Varadhan, and Tom Herbert shared their favorite topics, and commented on the future of Linux networking.

DIY communications networks to trend in 2020, says major telco

Communications networks without a centralized infrastructure will become more popular this year as folks become increasingly aware of data collection from governments and tech companies, says telecommunications provider Telenor Group.The company refers to fully encrypted mesh and peer-to-peer apps as the technology that will enable these consumer-level “off-the-grid, build-it-yourself” links. Mesh apps will also be useful in disasters where traditional networks fail.[Get regularly scheduled insights by signing up for Network World newsletters.] “Communicating without a central coordinating network is appealing to people for many reasons, and in 2020, we expect to see more go that route, especially in conflict situations, to mobilize for protests, and simply to stay below the radar,” the company says on its website.To read this article in full, please click here

Aruba reinforces SD-Branch with security, management upgrades

Aruba has taken steps to bolster the security and manageability of its branch-office networking package for customers with lots of branch sites.The HPE company enhanced its SD-Branch software with identity-based attack detection and intrusion prevention, and improvements to its SD-WAN Orchestrator to make it easier to deploy security features on a large scale.See predictions about what's big in IT tech for the coming year. Aruba’s SD-Branch software runs on its branch gateways and includes a variety of integrated features like a firewall that support LAN, WAN, Wi-Fi networks, and segmentation as well integration with the company’s ClearPass policy-management software and its cloud-based package Aruba Central. The package can integrate its data with partner security platforms such as Check Point, Palo Alto Networks, and Z-Scaler.To read this article in full, please click here

Aruba SD-Branch Update Targets Retail

Veeam Snatched Up by Insight for $5B