Heavy Networking 498: Creating A Single Source Of Truth For Network Automation

For network automation you need a single source of truth that’s programmatically accessible, reflects intended state, and enables others to stand up infrastructure correctly without you getting in the middle of every provisioning request. Tim Schreyack joins us today to discuss network automation approaches using Ansible and Python, and of course, a single source of truth.

The post Heavy Networking 498: Creating A Single Source Of Truth For Network Automation appeared first on Packet Pushers.

Pacific Report to the Dynamic Coalition of Small Island Developing States in the Internet Economy

2019 was an active year for Pacific involvement in the Internet economy. What we have demonstrated is that originating from small island developing states (SIDS) in the Pacific does not restrict one’s opportunity to become a leader within large international organizations like ICANN, which manages and allocates domain names and IP addresses globally.

I was very honored that my colleagues from the ICANN At-Large Advisory Committee (ALAC) elected me to be their Chair for 2019, and again for the upcoming year. It has enabled me to use my organizational management skills which I did by distance learning from Rarotonga through Massey University in New Zealand.

My Cook Islands colleague, Pua Hunter, was also elected at the recent ICANN meeting as regional co-chair for the Government Advisory Committee (GAC). She is already the chair of GAC’s Underserved Regions Committee. Such leadership roles have also been achieved by others from SIDS in other Internet-related organizations, which goes to show that being from small islands does not mean that we will go unnoticed if we are prepared to be active in our commitment to improving our regions.

The Pacific Islands Chapter of the Internet Society (PICISOC) received a boost at the elections last Continue reading

IBM Secures $1.1B Contract With Banco Sabadell

Verizon Expands 4G LTE Small Cell Navy Base Footprint

Capturing Logs in Docker Desktop

Docker Desktop runs a Virtual Machine to host Docker containers. Each component within the VM (including the Docker engine itself) runs as a separate isolated container. This extra layer of isolation introduces an interesting new problem: how do we capture all the logs so we can include them in Docker Desktop diagnostic reports? If we do nothing then the logs will be written separately into each individual container which obviously isn’t very useful!

The Docker Desktop VM boots from an ISO which is built using LinuxKit from a list of Docker images together with a list of capabilities and bind mounts. For a minimal example of a LinuxKit VM definition, see https://github.com/linuxkit/linuxkit/blob/master/examples/minimal.yml — more examples and documentation are available in the LinuxKit repository. The LinuxKit VM in Docker Desktop boots in two phases: in the first phase, the init process executes a series of one-shot “on-boot” actions sequentially using runc to isolate them in containers. These actions typically format disks, enable swap, configure sysctl settings and network interfaces. The second phase contains “services” which are started concurrently and run forever as containerd tasks.

The following diagram shows a simplified high-level view of the boot process:

By default Continue reading

Oracle Fixes 334 Bugs in Record-Breaking Critical Patch Update

DigitalOcean Slashes Jobs as Part of Restructure

Technology Short Take 123

Welcome to Technology Short Take #123, the first of 2020! I hope that everyone had a wonderful holiday season, but now it’s time to jump back into the fray with a collection of technical articles from around the Internet. Here’s hoping that I found something useful for you!

Networking

• Eric Sloof mentions the NSX-T load balancing encyclopedia (found here), which intends to be an authoritative resource to NSX-T load balancing configuration and management.
• David Gee has an interesting set of articles exploring service function chaining in service mesh environments (part 1, part 2, part 3, and part 4).

Servers/Hardware

• Frank Denneman has a nice article aimed at helping readers understand PCIe device to NUMA Node Locality.
• Guiliano Bertello introduces PowerVCF, a PowerCLI module aimed at interacting with the SDDC Manager and VMware Cloud Foundation (VCF) stack. (If you’re not familiar with VCF, see here.)
• This is pricey, but I can’t say I don’t want one.
• James Hamilton is back with a post on the AWS Graviton2 ARM processors.

Security

• On January 13, Brian Krebs discussed the critical flaw (a vulnerability in crypt32.dll, a core Windows cryptographic component) that was rumored Continue reading

JetBrains Mono: A free and open source typeface for developers

Looks Lush.

The post JetBrains Mono: A free and open source typeface for developers appeared first on EtherealMind.

Weekly Wrap: Nokia Cuts 180 Jobs With More to Come

Video: Fallacies of Distributed Computing

What better way to start How Networks Really Work webinar than with fallacies of distributed computing… and that’s exactly what I did in late August 2019.

Synthesizing data structure transformations from input-output examples

Synthesizing data structure transformations from input-output examples, Feser et al., PLDI’15

The Programmatically Interpretable Reinforcement Learning paper that we looked at last time out contained this passing comment coupled with a link to today’s paper choice:

It is known from prior work that such [functional] languages offer natural advantages in program synthesis.

That certainly caught my interest. The context for the quote is synthesis of programs by machines, but when I’m programming, I’m also engaged in the activity of program synthesis! So a work that shows functional languages have an advantage for programmatic synthesis might also contain the basis for an argument for natural advantages to the functional style of programming. I didn’t find that here. We can however say that this paper shows “functional languages are well suited to program synthesis.”

Never mind, because the ideas in the paper are still very connected to a question I’m fascinated by at the moment: “how will we be developing software systems over this coming decade?”. There are some major themes to be grappled with: system complexity, the consequences of increasing automation and societal integration, privacy, ethics, security, trust (especially in supply chains), interpretability vs black box models, Continue reading

How to back up Kubernetes and Docker

Yes, your container infrastructure needs some type of backup.  Kubernetes and Docker will not magically build themselves after a disaster. As discussed in a separate article, you don’t need to back up the running state of each container, but you will need to back up the configuration used to run and manage your containers.Here’s a quick reminder of what you’ll need to back up.[Get regularly scheduled insights by signing up for Network World newsletters.] Configuration and desired-state information The Dockerfiles used to build your images and all versions of those files The images created from the Dockerfile and used to run each container Kubernetes etcd & other - K8s databases that info on cluster state Deployments - YAML files describing each deployment Persistent data created or changed by containers Persistent volumes Databases Dockerfiles Docker containers are run from images, and images are built from Dockerfiles. A proper Docker configuration would first use some kind of repository such as GitHub as a version-control system for all Dockerfiles. Do not create ad hoc containers using ad hoc images built from ad hoc Dockerfiles. All Dockerfiles should be stored in a repository that allows you to pull historical Continue reading

Cache Is King

The gap between the performance of processors, broadly defined, and the performance of DRAM main memory, also broadly defined, has been an issue for at least three decades when the gap really started to open up. …

Cache Is King was written by Timothy Prickett Morgan at The Next Platform.

McAfee Hires New CEO, Mulls Sale or IPO

Locking and unlocking accounts on Linux systems

If you are administering a Linux system, there will likely be times that you need to lock an account. Maybe someone is changing positions and their continued need for the account is under question; maybe there’s reason to believe that access to the account has been compromised. In any event, knowing how to lock an account and how to unlock it should it be needed again is something you need to be able to do.One important thing to keep in mind is that there are multiple ways to lock an account, and they don't all have the same effect. If the account user is accessing an account using public/private keys instead of a password, some commands you might use to block access to an account will not be effective.To read this article in full, please click here

Daily Roundup: CenturyLink Nabs $1.6B IT Win

HPC In 2020: Acquisitions And Mergers As The New Normal

After a decade of vendor consolidation that saw some of the world’s biggest IT firms acquire first-class HPC providers such as SGI, Cray, and Sun Microsystems, as well as smaller players like Penguin Computing, WhamCloud, Appro, and Isilon, it is natural to wonder who is next. …

HPC In 2020: Acquisitions And Mergers As The New Normal was written by Michael Feldman at The Next Platform.

Why Do You Need NAT66?

It’s hard to believe that it’s been eight years since I wrote my most controversial post ever. I get all kinds of comments on my NAT66 post even to this day. I’ve been told I’m a moron, an elitist, and someone that doesn’t understand how the Internet works. I’ve also had some good comments that highlight a specific need for tools like NAT66. I wanted to catch up with everything and ask a very important question.

WHY?

Every Tool Has A Purpose

APNIC had a great post about NAT66 back in 2018. You should totally read it. I consider it a fair review of the questions surrounding NAT’s use in 2020. Again, NAT has a purpose and when used properly and sparingly for that purpose it works well. In the case of the article, Marco Cilloni (@MCilloni) lays out the need to use NAT66 to use IPv6 at his house due to ISP insanity and the latency overhead of using tunnels with Hurricane Electric. In this specific case, NAT66 was a good tool for him to use to translate his /128 address to something useable in his network.

If you’re brave, you should delve into the comments. A Continue reading

Rogers Breaks Ice on Canada’s First 5G Deployment