How Difficult is SD-WAN?

In a recent Packet Pushers Heavy Networking episode, Ethan and Greg discussed how difficult SD-WAN is, and why you shouldn’t outsource your SD-WAN to a MSP. So, how difficult is really SD-WAN?

Now, this is of course going to depend on your organization’s level of skill, as well as what vendor you go with, but there are still some conclusions that we can come to.

Most of the SD-WAN solutions are operated by cloud-hosted SDN controllers, where the vendor has setup the virtual machines running the software for you. This greatly simplifies a lot of things that have been painful in the past. From a Cisco perspective, this is some of the pain that has been removed from you:

• Controllers – Controllers are installed for you and backed up by Cisco
• Software – Software is managed centrally, don’t need to login to each device to update it
• Traffic engineering – Can modify routing behavior without being an expert in say BGP
• Certificates – Only devices with a valid certificate can join the overlay, you don’t need your own Public Key Infrastructure (PKI)
• Pre Shared Keys (PSK) – Keys used for IPSec are rotated automatically without manual intervention

This means Continue reading

Junos – Loading Configs – 5 of 5 – Set

This is the fifth post in the Loading Configs series. In this post, we will cover the load set command. …

Continue reading →

The post Junos – Loading Configs – 5 of 5 – Set appeared first on Fryguy's Blog.

Stretched Layer-2 Subnets in Azure

Last Thursday morning I found this gem in my Twitter feed (courtesy of Stefan de Kooter)

Greg Cusanza in #BRK3192 just announced #Azure Extended Network, for stretching Layer 2 subnets into Azure!

As I know a little bit about how networking works within Azure, and I’ve seen something very similar a few times in the past, I was able to figure out what’s really going on behind the scenes in a few seconds… and got reminded of an old Russian joke I found somewhere on Quora:

Snap: a microkernel approach to host networking

Snap: a microkernel approach to host networking Marty et al., SOSP’19

This paper describes the networking stack, Snap, that has been running in production at Google for the last three years+. It’s been clear for a while that software designed explicitly for the data center environment will increasingly want/need to make different design trade-offs to e.g. general-purpose systems software that you might install on your own machines. But wow, I didn’t think we’d be at the point yet where we’d be abandoning TCP/IP! You need a lot of software engineers and the willingness to rewrite a lot of software to entertain that idea. Enter Google!

I’m jumping ahead a bit here, but the component of Snap which provides the transport and communications stack is called Pony Express. Here are the bombshell paragraphs:

Our datacenter applications seek ever more CPU-efficient and lower-latency communication, which Pony Express delivers. It implements reliability, congestion control, optional ordering, flow control, and execution of remote data access operations. Rather than reimplement TCP/IP or refactor an existing transport, we started Pony Express from scratch to innovate on more efficient interfaces, architecture, and protocol. (Emphasis mine).

and later on “we are seeking to grow Continue reading

Headcount: Firings, Hirings, and Retirings — October 2019

CVE 2019-14866: GNU cpio

I found a security bug in GNU cpio and thought I’d write down the story of that. It’s not the most interesting bug in the world, but it may still be an interesting story to some.

An odd limit

The whole thing started with me looking at the manpage

-H, --format=FORMAT
  Use given archive FORMAT. Valid formats are (the number in
  parentheses gives maximum size for individual archive member):
  bin    The obsolete binary format. (2147483647 bytes)
  odc    The old (POSIX.1) portable format. (8589934591 bytes)
  newc   The new (SVR4) portable format, which supports file
         systems having more than 65536 i-nodes. (4294967295 bytes)
  crc    The new (SVR4) portable format with a checksum added.
  tar    The old tar format. (8589934591 bytes)
  ustar  The POSIX.1 tar format. Also recognizes GNU tar archives, which are
         similar but not identical. (8589934591 bytes)
  hpbin  The obsolete binary format used by HPUX's cpio (which stores device
         files differently).
  hpodc  The portable format used by HPUX's cpio (which stores device files
         differently).

What’s wrong with this picture? Those are some very odd size limits. 2GiB and 4GiB I understand, as it’s 32bit signed and unsigned int. But tar having a max size of 8GiB? 33 bits? That Continue reading

Analysts Debate SASE’s Merits as Vendors Board Hype Train

Heavy Networking 484: Cloud And SD-WAN Are New Opportunities To Rethink Your Network (Sponsored)

Today on Heavy Networking, sponsor Open Systems comes on the podcast to discuss the new opportunities--and challenges--for networking in a time when more applications and services are running in the cloud. We explore how cloud services affect WAN design, how organizations can use SD-WAN to enhance networking and security, and much more. Our guest is Silvan Tschopp, head of solutions architecture at Open Systems.

The post Heavy Networking 484: Cloud And SD-WAN Are New Opportunities To Rethink Your Network (Sponsored) appeared first on Packet Pushers.

Why is everybody talking about 6G?

We're not even using 5G yet, and already 6G is in the news. What is 6G? Is it real? When do we all get it? (Spoiler alert: Nonexistent, no and a long time from now.)

Google Killed Chronicle, Report Claims

Rakuten: We Have More Edge Locations Than Amazon

Weekly Wrap: Fortinet Fortifies Firewall, SD-WAN Capabilities

Kasten K10 v2.0 Targets Security and Simplicity

The Future of Hidden Features

You may have noticed last week that Ubiquiti added a new “feature” to their devices in a firmware updated. According to this YouTube video from @TomLawrenceTech, Ubiquiti built an new service that contacts a URL to “phone home” and check in with their servers. It got some heavy discussion going, especially on Reddit.

The consensus is that Ubiquiti screwed up here by not informing people they were adding the feature up front and also not allowing users to opt-out initially. The support people at Ubiquiti even posted a quick workaround of blocking the URL at a perimeter firewall to prevent the communications until they could patch in the option to opt-out. If this was an isolated incident I could see some manner of outcry about it, but the fact of the matter is that companies are adding these hidden features more and more every day.

The first issue comes from the fact that most release notes for apps any more are nothing aside from platitudes. “Hey, we fixed some bugs and stuff so turn on automatic updates so you get the best version of our stuff!” is somewhat common now when it comes to a list of Continue reading

This 11-course Microsoft & Oracle SQL certification prep bundle is only $39 today

If you’re interested in a career in data administration, you’re in luck! Nowadays, companies handle larger data sets than ever before, so the need for data experts is higher than ever. Whether you’re new to the field or you want to brush up on your database management skills, this $39 bundle is for you. The Complete Microsoft & Oracle SQL Certification Bundle features 11 courses on how to become a skilled database administrator. One of the most popular relational database management systems is Microsoft SQL Server, and you’ll learn the basics behind this tool such as modifying data and combining data sets in Microsoft 70-461: Querying SQL Server 2012. Alternatively, you can specialize in Oracle, another popular RDBMS, by completing Oracle 12c OCP 1Z0-061: SQL Fundamentals. Once you’ve completed either of these, you can pursue advanced SQL certifications to design data warehouses, design business intelligence solutions, and more. To read this article in full, please click here

IDG Contributor Network: Microsoft’s vision for the multi-cloud future

We are seeing it from all sides now. From the usual suspects in OEM to HCI to virtualization to public cloud, everyone is out to address the growing demand to shift legacy IT workloads to agile, cloud native, consumption-based, hybrid-friendly, modernized IT environments. A mouthful perhaps, but that doesn’t make it any less true. We have entered a multi-cloud world, and the competition is going to be abundant.The question that’s top of mind for many is which company or companies will emerge as the market leader. This week at Ignite, Microsoft’s annual customer conference, the company made a number of announcements around its Azure Cloud. Based on those announcements and the company’s existing platform of services, I wanted to break down how I see Microsoft’s Azure strategy evolving and share what business and IT leaders need to be thinking about when they are looking at modernizing their IT to support the growing multi-cloud initiative.To read this article in full, please click here

Rita Younger – Believe in Yourself, Technical Woman

Showing the path helps you walk it

The post Rita Younger – Believe in Yourself, Technical Woman appeared first on EtherealMind.

HPE boosts storage, hyperconvergence products with AI

Two announcements from Hewlett Packard Enterprise highlight the potential for artificial intelligence to make systems more autonomous and adaptable to changing workload demands.HPE has beefed up its SimpliVity hyperconverged infrastructure (HCI) platform and its Primera storage system to include AI capabilities and composability features from HPE Synergy and HPE Composable Rack. Read more: Making the right hyperconvergence choice: HCI hardware or software?To read this article in full, please click here

HPE boosts storage, hyperconvergence products with AI

Two announcements from Hewlett Packard Enterprise highlight the potential for artificial intelligence to make systems more autonomous and adaptable to changing workload demands.HPE has beefed up its SimpliVity hyperconverged infrastructure (HCI) platform and its Primera storage system to include AI capabilities and composability features from HPE Synergy and HPE Composable Rack. Read more: Making the right hyperconvergence choice: HCI hardware or software?To read this article in full, please click here

NXTWORK 2019 – It’s that time!

It’s that time – time for Juniper NXTWORK 2019 in Las Vegas, NV at Ceasars Palace! Few quick things to …

Continue reading →

The post NXTWORK 2019 – It’s that time! appeared first on Fryguy's Blog.