Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored)

Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored)

On today's Tech Bytes podast we talk with sponsor CodiLime about the benefits of SDN, how SDN works, and CodiLime's network engineering services that help organizations of all sizes migrate to SDN. Our guest Monika Antoniak, head of R&D at CodiLime.

The post Tech Bytes: Is SDN A Revolution Or An Evolution Of Traditional Networks? (Sponsored) appeared first on Packet Pushers.

The Week in Internet News: Let’s Encrypt Hits One Billion Certificates

Encryption wave: Let’s Encrypt, the website encryption project supported by the Internet Society, has issued 1 billion web security certificate, ZDNet reports. About 81 percent of the world’s websites now are secured with Transport Layer Security (TLS) encryption, and Let’s Encrypt, which offers free TLS certificates, now serves nearly 200 million websites.

Even more encryption: In other encryption news, the Firefox browser has begun turning on DNS over HTTPS (DoH) by default for users in the U.S., The Verge says. The encryption tool secures Internet traffic, including browsing histories.

No more WiFi: Google is shutting down a free Wi-Fi service called Station that has served parts of India, Indonesia, South Africa, Mexico, Thailand, Nigeria, Philippines, Brazil and Vietnam. TechCrunch reports. Google says the service is no longer needed because of falling prices for mobile broadband service. Google also struggled to find a business model.

Keep your hands off the network: Employees are increasingly connecting their personal Internet of Things devices, like smart watches and fitness trackers, to corporate networks, according to research by Zscaler, detailed at ZDNet. These unauthorized connections undermine network security. The most connected personal devices included digital home assistants, TV set-top boxes, video cameras, smart-home Continue reading

Technology Short Take 124

Welcome to Technology Short Take #124! It seems like the natural progression of the Tech Short Takes is moving toward monthly articles, since it’s been about a month since my last one. In any case, here’s hoping that I’ve found something useful for you. Enjoy! (And yes, normally I’d publish this on a Friday, but I messed up and forgot. So, I decided to publish on Monday instead of waiting for Friday.)

Networking

• Said van de Klundert has a post on screen scraping basics for network engineers. For network engineers just getting started with network automation, I suspect that the information shared here may prove quite useful.
• Ronald de Jong takes readers through using the migration coordinator to migrate from NSX-v (NSX for vSphere) to NSX-T. Ronald’s post is fairly detailed, and worth a read if this is a migration you’re going to have to undertake.
• For readers who may be new to networking, Daniel Wray has a write-up on network cabling.
• Redpill Linpro talks to readers about their new routers running Cumulus Linux. That’s cool.

Servers/Hardware

• This article is about hardware, just not the hardware I’d typically talk about in this section—instead, it’s about Philips Hue light bulbs. Continue reading

How to deploy on remote Docker hosts with docker-compose

The docker-compose tool is pretty popular for running dockerized applications in a local development environment. All we need to do is write a Compose file containing the configuration for the application’s services and have a running Docker engine for deployment. From here, we can get the application running locally in a few seconds with a single  `docker-compose up` command. 

This was the initial scope but…

As developers look to have the same ease-of-deployment in CI pipelines/production environments as in their development environment, we find today docker-compose being used in different ways and beyond its initial scope. In such cases, the challenge is that docker-compose provided support for running on remote docker engines through the use of the DOCKER_HOST environment variable and -H, –host command line option. This is not very user friendly and managing deployments of Compose applications across multiple environments becomes a burden.

To address this issue, we rely on Docker Contexts to securely deploy Compose applications across different environments and manage them effortlessly from our localhost. The goal of this post is to show how to use contexts to target different environments for deployment and easily switch between them.

We’ll start defining a sample application to use Continue reading

When Bloom filters don’t bloom

I've known about Bloom filters (named after Burton Bloom) since university, but I haven't had an opportunity to use them in anger. Last month this changed - I became fascinated with the promise of this data structure, but I quickly realized it had some drawbacks. This blog post is the tale of my brief love affair with Bloom filters.

While doing research about IP spoofing, I needed to examine whether the source IP addresses extracted from packets reaching our servers were legitimate, depending on the geographical location of our data centers. For example, source IPs belonging to a legitimate Italian ISP should not arrive in a Brazilian datacenter. This problem might sound simple, but in the ever-evolving landscape of the internet this is far from easy. Suffice it to say I ended up with many large text files with data like this:

This reads as: the IP 192.0.2.1 was recorded reaching Cloudflare data center number 107 with a legitimate request. This data came from many sources, including our active and passive probes, logs of certain domains we own (like cloudflare.com), public sources (like BGP table), etc. The same line would usually be repeated across multiple Continue reading

My Cisco Certified DevNet Associate Journey by Nick Russo

On 27 February 2020, I took and passed the Cisco Certified DevNet Associate (DEVASC) exam on my first attempt. TLDR; it was a well-structured and fair exam. I think it was my favorite Cisco exam of all time. It had clear questions, good depth, no off-blueprint curveballs, and a great measure of candidate skill. The distribution of questions was also in accordance with the blueprint topic weights.

I’m known for being a concise and high signal-to-noise blogger, so I won’t turn this into a blueprint exploration article. You can learn more about the official certification here. Instead, I’ll focus on how I prepared for this exam.

Above all else, you need to sign up for an account at Cisco DevNet. It’s 100% free and contains many excellent resources to help you learn software-related topics. This is more than just “network automation” as you’ll be exposed to software development techniques and strategies, too. While everything on DevNet is useful, I believe the following three resources are the most important for this exam. Learning the content and passing any DevNet exam would be almost impossible without them:

1. Sandboxes: These are demo environments that learners can use for testing specific products and Continue reading

Automation Story: Network Diagrams

Anne Baretta got pretty far in his automation story: after starting with configuration templates and storing network inventory into a database, he tackled the web UI. What’s next? How about a few auto-generated network diagrams?

Notes

• We covered the magic behind network diagrams in our network automation course.
• For whatever reason, I see numerous networking engineers focusing on generating useful network diagrams. Wasn’t that problem solved ages ago with miraculous single-pane-of-glass network management software?

Automation Story: Network Diagrams

Anne Baretta got pretty far in his automation story: after starting with configuration templates and storing network inventory into a database, he tackled the web UI. What’s next? How about a few auto-generated network diagrams?

Notes

• We covered the magic behind network diagrams in our network automation course.
• For whatever reason, I see numerous networking engineers focusing on generating useful network diagrams. Wasn’t that problem solved ages ago with miraculous single-pane-of-glass network management software?

Firecracker: lightweight virtualization for serverless applications

Firecracker: lightweight virtualisation for serverless applications, Agache et al., NSDI’20

Finally the NSDI’20 papers have opened up to the public (as of last week), and what a great looking crop of papers it is. We looked at a couple of papers that had pre-prints available last week, today we’ll be looking at one of the most anticipated papers of this year’s crop: Amazon’s Firecracker.

Firecracker is the virtual machine monitor (VMM) that powers AWS Lambda and AWS Fargate, and has been used in production at AWS since 2018. Firecracker is open source, and there are a number of projects that make it easy to work with outside of the AWS environment too, including Weave Firekube (disclaimer: Accel is an investor in Weaveworks). Firekube exists because none of the existing alternatives (virtualisation, containers or language-specific vms) met the combined needs of multi-tenant efficiency and strong isolation in the AWS environment.

The traditional view is that there is a choice between virtualization with strong security and high overhead, and container technologies with weaker security and minimal overhead. This tradeoff is unacceptable to public infrastructure providers, who need both strong security and minimal overhead.

Approaches to isolation

The first version of Continue reading

8 reasons to consider hyperconverged infrastructure for your data center

Demand for on-premises data center equipment is shrinking as organizations move workloads to the cloud. But on-prem is far from dead, and one segment that’s thriving is hyperconverged infrastructure (HCI).HCI is a form of scale-out, software-integrated infrastructure that applies a modular approach to compute, network and storage capacity. Rather than silos with specialized hardware, HCI leverages distributed, horizontal blocks of commodity hardware and delivers a single-pane dashboard for reporting and management. Form factors vary: Enterprises can choose to deploy hardware-agnostic hyperconvergence software from vendors such as Nutanix and VMware, or an integrated HCI appliance from vendors such as HP Enterprise, Dell, Cisco, and Lenovo.To read this article in full, please click here

Eight reasons to consider hyperconverged infrastructure for your data center

Demand for on-premises data center equipment is shrinking as organizations move workloads to the cloud. But on-prem is far from dead, and one segment that’s thriving is hyperconverged infrastructure (HCI).HCI is a form of scale-out, software-integrated infrastructure that applies a modular approach to compute, network and storage capacity. Rather than silos with specialized hardware, HCI leverages distributed, horizontal blocks of commodity hardware and delivers a single-pane dashboard for reporting and management. Form factors vary: Enterprises can choose to deploy hardware-agnostic hyperconvergence software from vendors such as Nutanix and VMware, or an integrated HCI appliance from vendors such as HP Enterprise, Dell, Cisco, and Lenovo.To read this article in full, please click here

Why edge computing needs open networking

Edge computing deployments need to be compact, efficient, and easy to administer. Hyperconverged infrastructure (HCI) has proven to be a natural choice for handling compute and storage at the edge, but what considerations are there for networking?

To talk about edge computing it helps to define it. Edge computing is currently in a state very similar to “cloud computing” in 2009: If you asked five different technologists to define it, you’d get back eight different answers. Just as cloud computing incorporated both emerging technologies and a limited set of established practices, edge computing does the same.

The broadest definition of edge computing is that it’s any situation in which an organization places workloads inside someone else’s infrastructure, but isn’t at one of the major public clouds. This comes with the caveat that the major public cloud providers are, of course, heavily investing in edge computing offerings of their own, muddying the waters.

Traditional IT practices that fall into the realm of edge computing today include colocation, content delivery networks (CDNs), most things involving geographically remote locations and so forth—the “edge” of modern networks. But edge computing also covers the emerging practices of using mobile networks (among others) for Internet of Continue reading

CEX (Code EXpress) 05. From lists to separate variables and back.

Hello my friend,

So far, we have covered the separate variables and the list variables in the Python 3.8. Before we go further, it makes sense how you can convert one type of the variables to another. Therefore, we discuss this topic today.  

Network automation training – boost your career

Don’t wait to be kicked out of IT business. Join our network automation training to secure your job in future. Come to NetDevOps side.

How does the training differ from this blog post series? Here you get the basics and learn some programming concepts in general, whereas in the training you get comprehensive set of knowledge with the detailed examples how to use Python for the network and IT automation. You need both.

What are we going to do today?

Working with variables is an essential part of any programming language including Python. Part of such a work is a conversion of a variable of one type to another and back. That’s why we will explore today the following functions:

• split() function, which transforms a string value into a list of variables based on a defined separator;
• join() function, which transforms a list into a string value using Continue reading

SDxCentral’s Top 10 Articles — February 2020

Technical Details of Why Cloudflare Chose AMD EPYC for Gen X Servers

From the very beginning Cloudflare used Intel CPU-based servers (and, also, Intel components for things like NICs and SSDs). But we're always interested in optimizing the cost of running our service so that we can provide products at a low cost and high gross margin.

We're also mindful of events like the Spectre and Meltdown vulnerabilities and have been working with outside parties on research into mitigation and exploitation which we hope to publish later this year.

We looked very seriously at ARM-based CPUs and continue to keep our software up to date for the ARM architecture so that we can use ARM-based CPUs when the requests per watt is interesting to us.

In the meantime, we've deployed AMD's EPYC processors as part of Gen X server platform and for the first time are not using any Intel components at all. This week, we announced details of this tenth generation of servers. Below is a recap of why we're excited about the design, specifications, and performance of our newest hardware.

Servers for an Accelerated Future

Every server can run every service. This architectural decision has helped us achieve higher efficiency across the Cloudflare network. It has also given us more Continue reading

How much network automation stuff should I learn as a network engineer? & Passing the DevNet Associates Exam

It is important to note that the question is not "should I learn any?" but rather "how much should I learn?". The new Cisco DevNet Certifications help us answer that question. Let me share my journey to that conclusion. In early February I decided to take the DevNet Associates Exam. I scheduled it for the READ MORE

The post How much network automation stuff should I learn as a network engineer? & Passing the DevNet Associates Exam appeared first on The Gratuitous Arp.

Going Beyond Black History Month

Around this time of year in the United States, African-Americans are often tasked with explaining why we spend 28 (or in the case of a leap year 29) days celebrating the contributions our ancestors made to this country. It may come in the form of responding to ignorant questions posed in learning environments or expressed in well-crafted articles lauding the relevancy of Black history in our modern time.

Black history is not only relevant, it is how we ensure that our heroes are not forgotten and that we have a viable future in our respective industries. As Carter G. Woodson famously said, “If a race has no history, if it has no worthwhile tradition, it becomes a negligible factor in the thought of the world, and it stands in danger of being exterminated.”

As the US leaders of Afroflare, Cloudflare’s employee resource group (ERG) for employees of African descent, we made a personal commitment this month and beyond to effectively represent, build, and grow at Cloudflare and in the tech industry.

To honor that commitment, we decided to tackle some commonly asked questions about the state of African-Americans in tech.

How many African-Americans work in tech?

The latest Continue reading

AT&T, Verizon, T-Mobile Tied to GSMA Net-Zero Emission Pact

Worth Reading: Do We Need Regulation for IoT Security?

A pretty good summary of the topic by Drew Conry-Murray: the market is not going to correct itself, it’s very hard to hold manufacturers or developers accountable for security defects in their products, and nothing much will change until someone dies.

And just in case you wonder how "innovative forwarding-looking disruptive knowledge-focused" companies could produce such ****, I can highly recommend The Stupidity Paradox.