Stop the Network-Based Application Recognition Nonsense

One of my readers sent me an interesting update on the post-QUIC round of NBAR whack-a-mole (TL&DR: everything is better with Bluetooth AI):

Cloudflare (and the other hyperscalers) are full into QUIC, as it gives them lots of E2E control, taking a lot of choice away from the service providers on how they handle traffic and congestion. It is quite well outlined by Geoff Huston in an APNIC podcast.

So far, so good. However, whenever there’s a change, there’s an opportunity for marketing FUD, coming from the usual direction.

Read more …

Stop the Network-Based Application Recognition Nonsense

One of my readers sent me an interesting update on the post-QUIC round of NBAR whack-a-mole (TL&DR: everything is better with Bluetooth AI):

Cloudflare (and the other hyperscalers) are full into QUIC, as it gives them lots of E2E control, taking a lot of choice away from the service providers on how they handle traffic and congestion. It is quite well outlined by Geoff Huston in an APNIC podcast.

So far, so good. However, whenever there’s a change, there’s an opportunity for marketing FUD, coming from the usual direction.

Read more …

Lessons from building an automated SDK pipeline

In case you missed the announcement from Developer Week 2024, Cloudflare is now offering software development kits (SDKs) for Typescript, Go and Python. As a reminder, you can get started by installing the packages.

// Typescript
npm install cloudflare

// Go
go get -u github.com/cloudflare/cloudflare-go/v2

// Python
pip install --pre cloudflare

Instead of using a tool like curl or Postman to create a new zone in your account, you can use one of the SDKs in a language that you’re already comfortable with or that integrates directly into your existing codebase.

import Cloudflare from 'cloudflare';

const cloudflare = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN']
});

const newZone = await cloudflare.zones.create({
  account: { id: '023e105f4ecef8ad9ca31a8372d0c353' },
  name: 'example.com',
  type: 'full',
});

Since their inception, our SDKs have been manually maintained by one or more dedicated individuals. For every product addition or improvement, we needed to orchestrate a series of manually created pull requests to get those changes into customer hands. This, unfortunately, created an imbalance in the frequency and quality of changes that made it into the SDKs. Even though the product teams would drive some of these changes, not all languages were covered and the SDKs Continue reading

CCNA 200-301 Updated To Version 1.1

Cisco is updating the Cisco Certified Network Associate (CCNA) exam to version 1.1. In the past, Cisco only did major updates to their exams. Since then, they have moved to doing more frequent and minor updates, in a more agile fashion. Before going in to the changes, let’s answer some common questions that are covered in Cisco’s FAQ:

    Why is the CCNA being updated?
    Cisco regularly performs reviews of their exams. Exams get updated to clarify exam topics, introduce new ones, and phase out outdated products and solutions.

    What is being added?
    New topics include generative AI, cloud network management, and machine learning.

    When can candidates register for CCNA v1.1?
    Registration begins on August 20, 2024.

    What if I’m already studing for CCNA v1.0?
    Complete your study and take the CCNA v1.0 exam.

    What percentage of the exam is being updated?
    Approximately 10% of the exam is updated.

    When is the last day to test for CCNA v1.0?
    The last day of testing for CCNA v1.0 is August 19, 2024.

    So what is being changed? The different domains and their percentages is not changing. The domains and their percentage remain as:

    NB475: Cisco Hypes Hypershield; Broadcom Tries To Clarify VMware Strategy

    Take a Network Break! This week we cover Hypershield, a new Cisco security product that uses technology from its Isovalent acquisition. We parse a blog from Broadcom CEO Hock Tan on the company’s VMware strategy, and discuss China’s latest counter-punch in its tech infrastructure fight with the United States. A KPMG survey reveals that executives... Read more »

    Engineer’s Dilemma: Constant Learning and Forgetting

    Engineer's Dilemma: Constant Learning and Forgetting

    As a Network Engineer, I've noticed we're in a constantly evolving field. Traditional networking is already a deep pool of knowledge, covering a wide range of topics. But the tech world doesn't stand still – it's moving at a fast pace.

    Now, we're not just dealing with routers and switches. We've got a whole new set of skills to learn. There's Cloud, then there's Automation. We're also diving into tools like Ansible, Docker and Terraform and let's not forget Python. With all these new areas to explore, the big question is how do we keep up? How do we learn all these new skills without forgetting the fundamentals that got us here?

    Do You Keep Forgetting?

    Let me pull out EIGRP as an example. Back when I was studying for my CCNP certification, EIGRP and I were best buddies. I could set up labs, get EIGRP running between them, and troubleshoot any issues that popped up. Ask me about it now. Well, it's a bit embarrassing, but I'd be scratching my head. I remember something about a 'feasible route', but that's about it.

    Tech Bytes: Begin Your Unified SASE Journey with Next-Gen SD-WAN (Sponsored)

    Secure Access Service Edge, or SASE, combines SD-WAN with cloud-delivered security services including next-gen firewall, CASB, secure web gateway, and others. You can mix and match your SD-WAN and cloud security, but today Rajesh Kari from Palo Alto Networks is here to advocate for the benefits of their single-vendor option. We talk performance, security, and... Read more »

    BGP EVPN with VXLAN: Fabric Overview

     




    Figure illustrates the simplified operation model of EVPN Fabric. At the bottom of the figure is four devices, Tenant Systems (TS), connected to the network. When speaking about TS, I am referring to physical or virtual hosts. Besides, The Tenant System can be a forwarding component attached to one or more Tenant-specific Virtual Networks. Examples of TS forwarding components include firewalls, load balancers, switches, and routers.

    We have connected TS1 and TS2 to VLAN 10 and TS3-4 to VLAN 20. VLAN 10 is associated with EVPN Instance (EVI) 10010 and VLAN 20 to EVI 10020. Note that VLAN-Id is switch-specific, while EVI is Fabric-wide. Thus, subnet A can have VLAN-Id XX on one Leaf switch and VLAN-Id YY on another. However, we must map both VLAN XX and YY to the same EVPN Instance.

    When a TS connected to the Fabric sends the first Ethernet frame, the Leaf switch stores the source MAC address in the MAC address table, where it is copied to the Layer 2 routing table (L2RIB) of the EVPN Instance. Then, the BGP process of the Leaf switch advertises the MAC address with its reachability information to its BGP EVPN peers, essentially the Spine switches. Continue reading

    Repost: Campus-Wide Wireless Roaming with EVPN

    As a response to my LISP vs EVPN: Mobility in Campus Networks blog post, Route Abel provided interesting real-life details of a large-scale campus wireless testing using EVPN and VXLAN tunnels to a central aggregation point (slightly edited):

    I was arguing for VxLAN EVPN with some of my peers, but I had no direct hands-on knowledge of how it would actually perform and very limited ability to lab it on hardware. My client was considering deploying Campus VxLAN, and they have one of the largest campuses in North America.

    Read more …
    1 113 114 115 116 117 3,808