Archive

Category Archives for "Networking"

Microsoft and Arista Cloud Decade

JerichoPlus_blog

As we celebrate the 5thAnniversary of Arista’s IPO this week at NYSE, we pause to reflect on this key milestone. Arista’s results are a tribute to the customers who chose us, appreciated our innovative technology and stood by us through our highs and lows. One key customer who played a pivotal part in the decade was Microsoft. Microsoft coincidentally was destined to be a part of our journey since 2008 when we were searching for a new name for our company. Our top choice was Azure, but the domain name was taken just a few weeks before we started our naming effort. Since then, Microsoft redefined the public cloud with Azure and Arista has become a critical foundation to enabling the scale, reach, reliability, and performance that have become synonymous with the Azure cloud.

Generalize the Network-as-Graph Data Model

Remember the avoid duplicate data in network automation data models challenge and the restructuring we did to represent a network as a graph.

Well, I was not happy with the end result - I hated the complexity of supporting Jinja2 templates that had to check left- and right nodes of a link, so I generalized the data structure a bit, and all of a sudden I could model stub interfaces, P2P links and multi-access networks.

Keep reading

Campus design feature set-up : Part 4

In case you’ve missed the first three blogs, I’ve been showing you how to set up the CL 3.7.5 campus feature: Multi-Domain Authentication. This is a 6-part blog series and we’re officially past the half-way point.

In blogs 1-3 we covered Wired 802.1x using Aruba ClearPass, Wired MAC Authentication using Aruba ClearPass, Multi-Domain Authentication using Aruba ClearPass. We’ll also have guides for Wired 802.1x using Cisco ISE, Wired MAC Authentication using Cisco ISE, and Multi-Domain Authentication using Cisco ISE. So yes, we’ve got all the bases covered.

In this fourth guide, I’ll be sharing how to enable wired 802.1X authentication in Cumulus Linux 3.7.5+ using Cisco ISE (Identity Services Engine) 2.4 Patch 8.

Keep in mind that this step-by-step guide assumes that you have already performed an initial setup of Cisco ISE.

Cisco ISE Configuration:

1. Add a Cumulus Switch group to Cisco ISE:

First, we are going to add a Network Device Group to Cisco ISE:

Administration > Network Resources > Network Device Groups. Click the “+Add” button

Make sure to set the “Parent Group” to “All Device Types.” The result will look like the following:

2. Adding Continue reading

It’s time for the IoT to ‘optimize for trust’

One of the strengths of internet of things (IoT) technology is that it can do so many things well. From smart toothbrushes to predictive maintenance on jetliners, the IoT has more use cases than you can count. The result is that various IoT uses cases require optimization for particular characteristics, from cost to speed to long life, as well as myriad others.But in a recent post, "How the internet of things will change advertising" (which you should definitely read), the always-insightful Stacy Higginbotham tossed in a line that I can’t stop thinking about: “It's crucial that the IoT optimizes for trust."To read this article in full, please click here

When should you use IPv6 PA space?

I was reading RFC8475 this week, which describes some IPv6 multihoming ‘net connection solutions. This set me to thinking about when you should uses IPv6 PA space. To begin, it’s useful to review the concept of IPv6 PI and PA space.

PI, or provider independent, space, is assigned by a regional routing registry to network operators who can show they need an address space that is not tied to a service provider. These requirements generally involve having a specific number of hosts, showing growth in the number of IPv6 addresses used over time, and other factors which depend on the regional registry providing the address space. PA, or provider assigned, IPv6 addresses can be assigned by a provider from their PI pool to an operator to which they are providing connectivity service.

There are two main differences between these two kinds of addresses. PI space is portable, which means the operator can take the address space when them when they change providers. PI space is also fixed; it is (generally) safe to use PI space as you might private or other IP address spaces; you can assign them to individual subnets, hosts, etc., and count on them remaining the Continue reading

The Week in Internet News: Germany Considers Banning Encryption on Chat Apps

Transparent chatting: The German Ministry of the Interior is considering new regulations that would ban end-to-end encryption on chat apps, The Register reports. The proposed rules would require operators of chat services to provide plain-text records of users’ chats under court order. Meanwhile, by saying it sometimes needs access to user communications, Facebook is creating a blueprint for German officials, Forbes says.

No, thanks: In other anti-encryption news, the U.K. Government Communications Headquarters, or GCHQ, has issued its own proposal to allow spy agencies to listen into chat and other encrypted communications. But U.S. tech companies, cryptography experts, and human rights groups, lined up in opposition to the proposal, notes Fortune. The Internet Society has also added its name to the letter.

Attacking encryption another way: Meanwhile, a new study suggests a quantum computer could break 2048-bit RSA encryption in about eight hours, reports the MIT Technology Review. The researchers “have found a more efficient way for quantum computers to perform the code-breaking calculations, reducing the resources they require by orders of magnitude.”

No need to ban encryption on the IoT: At the risk of this being too encryption-focused this week, we look at one more related story: Continue reading

Network Break 237: Standards Bodies About-Face On Huawei; Will China’s Military Dump Windows?

Today's Network Break podcast examines the latest twists in the Huawei vs. USA battle, speculates on China's threat to ban Windows from military computers, explores a new telemetry feature from Mellanox, discusses Google's moves to deprecate ad-blocking features in Chrome, and more tech news.

The post Network Break 237: Standards Bodies About-Face On Huawei; Will China’s Military Dump Windows? appeared first on Packet Pushers.

Grafana and Influx – Infrastructure Engineers Language

If you want to understand what Infra engineer speaks and use a tool provided by them you need to have some exposure to the tool itself, you don’t have to be an expert.

 

Monitoring systems that I see nowadays are mostly centric around Prometheus while the Database used for storing any time-series events is InfluxDB. How do you actually map beautifully, its via Grafana

Grafana – https://grafana.com/

Influxdb – https://www.influxdata.com/

Prometheus – https://prometheus.io/

Now the problem here is that many tools are programmed on a daily basis, from a Network Engineer point of view I understood a few things. 

Not everything you need to know the end to end like an Expert for that tool and some choices is purely based on Cost than anything else. 

How would you really understand this? I set up a BME680 sensor in my home and will precisely use Grafana and Influx to map the recordings

Tools Used 

https://learn.adafruit.com/adafruit-bme680-humidity-temperature-barometic-pressure-voc-gas

Raspberry Pi 3

Docker Images – Grafana and Influx

Sample Influx Script – https://github.com/yukthr/auts/blob/master/random_programs/influx-test.py

And finally Beautiful Grafana

All of this is open source and are not hard after the invent of Docker. Give Continue reading

Know Thy Environment Before Redesigning It

A while ago I had an interesting consulting engagement: a multinational organization wanted to migrate off global Carrier Ethernet VPN (with routers at the edges) to MPLS/VPN.

While that sounds like the right thing to do (after all, L3 must be better than L2, right?) in that particular case they wanted to combine the provider VPN with Internet-based IPsec VPN… and doing that in parallel with MPLS/VPN tends to become an interesting exercise in “how convoluted can I make my design before I give up and migrate to BGP”.

Read more ...

MultiCloud… flare

If you want to start an intense conversation in the halls of Cloudflare, try describing us as a "CDN". CDNs don't generally provide you with Load Balancing, they don't allow you to deploy Serverless Applications, and they certainly don't get installed onto your phone. One of the costs of that confusion is many people don't realize everything Cloudflare can do for people who want to operate in multiple public clouds, or want to operate in both the cloud and on their own hardware.

Load Balancing

Cloudflare has countless servers located in 180 data centers around the world. Each one is capable of acting as a Layer 7 load balancer, directing incoming traffic between origins wherever they may be. You could, for example, add load balancing between a set of machines you have in AWS' EC2, and another set you keep in Google Cloud.

This load balancing isn't just round-robining traffic. It supports weighting to allow you to control how much traffic goes to each cluster. It supports latency-based routing to automatically route traffic to the cluster which is closer (so adding geographic distribution can be as simple as spinning up machines). It even supports health checks, allowing it Continue reading

1 923 924 925 926 927 3,345