From Python To Go 002. Basic Data Types (Numeric, Boolean, String) and Variables.

Hello my friend,

We continue our blog series about learning Go (Golang) as second programming language, which you can use for network and IT infrastructure automation. Today we’ll talk about the basic data types and variables both in Python and Go

How To Start Automating?

Any programming language, whether it is Python or Go (Golang), is a tool to implement your business logic. Whilst it is very important to be experienced with the tool, it is important also to understand the wide context of network automation, and this is where our trainings will kick start you:

We offer the following training programs in network automation for you:

During these trainings you will learn the following topics:

  • Success and failure strategies to build the automation tools.
  • Principles of software developments and the most useful and convenient tools.
  • Data encoding (free-text, XML, JSON, YAML, Protobuf).
  • Model-driven network automation with YANG, NETCONF, RESTCONF, GNMI.
  • Full configuration templating with Jinja2 based on the source of truth (NetBox).
  • Best programming languages (Python, Bash) for developing automation
  • The most rock-solid and Continue reading

Weekend Reads 110924


Toward the end of August 2024, a customized malware dubbed “Voldemort” based on strings found in its code was used in a cyber espionage campaign targeting various countries.


Until 2019, it was a Google partner running full Android. Then it forked its own version of Android, called it HarmonyOS, stopped including Google proprietary apps, and set up its own Android app store.


As previously discussed in this post, Xiong’an New Area (Xiong’an), a pilot city established in 2017 about 100 kilometres west of Beijing, aims to be a model for future digital cities, built with IPv6-only infrastructure from the start.


A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft.


Today, we’re excited to announce the launch of Kentik’s Cloud Latency Map, a public service that uses Kentik Synthetics to continuously measure latency between the regions of the biggest cloud providers.


Data can undergo a similar transformation—two pieces of data, linked, such that changing one has an impact on the other. Think of this as “spooky data at a distance.”


In this work, we aim to Continue reading

How we prevent conflicts in authoritative DNS configuration using formal verification

Over the last year, Cloudflare has begun formally verifying the correctness of our internal DNS addressing behavior — the logic that determines which IP address a DNS query receives when it hits our authoritative nameserver. This means that for every possible DNS query for a proxied domain we could receive, we try to mathematically prove properties about our DNS addressing behavior, even when different systems (owned by different teams) at Cloudflare have contradictory views on which IP addresses should be returned.

To achieve this, we formally verify the programs — written in a custom Lisp-like programming language — that our nameserver executes when it receives a DNS query. These programs determine which IP addresses to return. Whenever an engineer changes one of these programs, we run all the programs through our custom model checker (written in Racket + Rosette) to check for certain bugs (e.g., one program overshadowing another) before the programs are deployed.

Our formal verifier runs in production today, and is part of a larger addressing system called Topaz. In fact, it’s likely you’ve made a DNS query today that triggered a formally verified Topaz program.

This post is a technical description of how Continue reading

Latency Numbers Every Programmer Should Know

One of the key arguments against stretched clusters (and similar stupidities) I used in my Disaster Recovery Myths presentation was the SSD read latency versus cross-site round-trip time.

Thanks to Networking Notes, I found a great infographic I can use in my next presentation (bonus points: it also works great in a terminal when fetched with curl) and a site that checks the latency of your web site from various vantage points.

TL007: Hot Takes on Technical Leadership

Everyone has their own hot take or bit of wisdom to share regarding technical leadership.  Today, host Laura Santamaria weaves these insights on communication, collaboration, decision making and more from her guests on the first six episodes of Technically Leadership. Listen, reflect and then apply to your own leadership role. Episode Links: Laura Santamaria Packet... Read more »

Juniper EX Switch Port Mirroring

Juniper EX Switch Port Mirroring

In this blog post, we will look at how to set up port mirroring on Juniper EX switches. The goal is to mirror all the traffic coming in and going out of one switch port to another port. By doing this, we can connect a laptop to the mirrored port and capture all the traffic. This is particularly useful when you can't directly capture traffic from a device, such as a CCTV camera, TV, or other similar devices. Let's get started.

Juniper EX Switch Port Mirroring

In this example, we have a database server connected to port ge-1/0/1, and we want to mirror all traffic going in and out of this port to port ge-1/0/4, where our laptop is connected. With this setup, we can use Wireshark on the laptop to capture the mirrored traffic.

configure
edit forwarding-options
edit analyzer my_capture

set input ingress interface ge-1/0/1
set input egress interface ge-1/0/1
set output interface ge-1/0/4

commit

The ingress and egress parts of the configuration refer to the traffic coming into the port (ingress) and leaving the port (egress). Ideally, we want to capture traffic in both directions, but you have the option to mirror traffic in only one direction if needed.

If you Continue reading

A look at the latest post-quantum signature standardization candidates

On October 24, 2024, the National Institute of Standards and Technology (NIST) announced that they’re advancing fourteen post-quantum signature schemes to the second round of the “signatures on ramp” competition. “Post-quantum” means that these algorithms are designed to resist the attack of quantum computers. NIST already standardized four post-quantum signature schemes (ML-DSA, SLH-DSA, XMSS, and LHS) and they are drafting a standard for a fifth (Falcon). Why do we need even more, you might ask? We’ll get to that.

A regular reader of the blog will know that this is not the first time we’ve taken measure of post-quantum signatures. In 2021 we took a first hard look, and reported on the performance impact we expect from large-scale measurements.  Since then, dozens of new post-quantum algorithms have been proposed. Many of them have been submitted to this new NIST competition. We discussed some of the more promising ones in our early 2024 blog post.

In this blog post, we will go over the fourteen schemes advanced to the second round of the on ramp and discuss their feasibility for use in TLS — the protocol that secures browsing the Internet. The defining Continue reading

Leveraging GPO to Distribute User- and Computer Certificate

The use of Group Policy Objects (GPO) can be really powerful in a Windows environment. In this post we’re going to leverage GPO to distribute certificates to the user and computer as well as enabling the 802.1X supplicant.

First, let’s see if there are any certificates on the Windows 10 VM in my lab:

Currently, there are no certificates present on the VM. It has also not been joined to the domain.

First, open the GPO app:

There’s a default domain policy that can be used, but I’m going to create new policies, one for users, and one for computers. First, let’s create a policy for computers. I’m going to right click my computer OU, named iselab computers, and then select Create a GPO in this domain, and Link it here…:

Give the GPO a name:

The GPO has been created:

Right click the GPO and select Edit…:

The GPO Editor window opens:

Then we’re going to navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies and select Certificate Services Client – Auto Enrollment and then Properties:

A new window opens up:

Change the Configuration Model to Enabled and Continue reading

Understanding BGP – Establishing peering

After some reflection I’ve realized that while I’ve spent a lot of time talking about BGP in it’s many forms I haven’t really ever done a deep dive on it. To be clear – Im not aiming to talk about how to configure BGP , or how path selection works, or even how to troubleshoot BGP. What I want to examine is what BGP is doing on the wire. How it communicates with peers, when it sends updates, and what kind of things are in the updates. Im hoping to write several blogs starting with the basics and then diving deeper as we go. That said, let’s get started!

To start things out with – I think it makes sense to start with a simple lab consisting of two BGP nodes that are peering together. Something like this…

I don’t want to spend a lot of time focusing on the configuration syntax and basic configuration parameters so let’s just run BIRD on both of the nodes so we can get off the ground with minimal effort. Let’s assume that both BGP Peers shown above are just normal Ubuntu VMs and both have a single interface on common 169.254.10. Continue reading

D2DO256: Alkira’s Universal Transit: Simplifying Hybrid & Multi-Cloud Networks (Sponsored)

We are firmly entrenched in a hybrid cloud world, from on-prem data centers to multiple cloud platforms to branch and remote offices, not to mention wandering end users connecting via VPN. While the network is the common substrate among all these locations, every cloud provider has its own network implementation. Managing, monitoring and securing all... Read more »

Exploring Internet traffic shifts and cyber attacks during the 2024 US election

Elections are not just a matter of casting ballots. They depend on citizens being able to register to vote and accessing information about candidates and the election process, which in turn depend on the strength and security of the Internet. Despite the risks posed by potential cyberattacks aimed to disrupt democracy, Cloudflare did not observe any significant disruptions to campaigns or local government websites from cyberattack.

Tuesday, November 5, 2024 was Election Day in the United States. It not only decided the next president and vice president but also included elections for the US Senate, House of Representatives, state governorships, and state legislatures. Results confirm that Republican Donald Trump won the presidential election.

In this blog post, we examine online attacks against election-related sites — some of which were notable but none were disruptive — and how initial election results impacted Internet traffic across the US at both national and state levels, with increases in traffic as much as 15% nationwide. We’ll also explore email phishing trends and general DNS data around news interest, the candidates, and election-related activity.

We’ve been tracking 2024 elections globally through our blog and election report on Cloudflare Radar, covering some of the more Continue reading

Using a BGP Route Server in an Internet Exchange Point

A BGP route server is like a BGP route reflector but for EBGP sessions. In its simplest implementation, it receives BGP updates over EBGP sessions and propagates them over other EBGP sessions without inserting its own AS number in the AS path (more details).

BGP route servers are commonly used on Internet Exchange Points (IXPs), and that’s what you can practice in the BGP Route Server in an Internet Exchange Point lab exercise.

Click here to start the lab in your browser using GitHub Codespaces (or set up your own lab infrastructure). After starting the lab environment, change the directory to session/5-routeserver and execute netlab up.

1 109 110 111 112 113 3,856