Will Artificial Intelligence Be Used for Good or Evil?
As AI and ML begin to reach their full potential, the race is on between network administrators and attackers to implement the technologies into their procedures, for better or for worse.
Cisco Live 2018 – The BAG!
Earlier Cisco dropped the band information, and now we have the bag information too! The bag this year is a …
The post Cisco Live 2018 – The BAG! appeared first on Fryguy's Blog.
Book Review – How SRE Relates to Devops
Link – https://www.safaribooksonline.com/library/view/how-sre-relates/9781492030645
Quick Read – Few Pages
Other Books which are related to SRE
-> Site Reliability Engineering: How Google Runs Production Systems
Few Points that I liked
– Quick read , hardly an hour
– Intro on how Devops got introduced
– what needs to be improved – Key Idea “No More Silos”
– stress on non-localization of knowledge, lack of collaboration
– New Job Role called SRE – Site Reliability Engineering
– Operations is a Software problem and Work to minimize Toil are some best examples of productivity and how we should view
– Key Idea – “Automate This Year’s Job Away” and “It’s Better to fix-it over-selves than blame someone else”
Good Read to understand the over picture of SRE Role and some of the
work Discipline Ideas.
-Rakesh
Up for a House Party? ready to go The Distance? are you Coming home? like Refugee? Wanted Dead or Alive?
I am sure you are asking yourself what is up with that title? Well, as you can tell from the …
The post Up for a House Party? ready to go The Distance? are you Coming home? like Refugee? Wanted Dead or Alive? appeared first on Fryguy's Blog.
Introducing a New MANRS IXP Programme for Routing Security
Today, we are pleased to announce that the Mutually Agreed Norms for Routing Security (MANRS) is getting a new category of members – IXPs. The MANRS IXP Programme introduces a separate membership category for IXPs with a set of security actions to address the unique needs and concerns of IXPs.
The ten founding participants are Asteroid (International), CABASE (Argentina), CRIX (Costa Rica), DE-CIX (Germany), INEX (Ireland), MSK-IX (Russia), Netnod (Sweden), RINEX (Rwanda), TorIX (Canada), and YYCIX (Canada).
Programme participation provides an opportunity for an IXP to demonstrate its attention to the security and sustainability of the Internet ecosystem and, therefore, its dedication to providing high-quality services.
The IXP Action set was developed by a group of IXPs from all around the world and was presented at multiple IXP fora for discussion and feedback. We hope that with IXPs as partners, their ISP members will also join the Network Operator category of MANRS.
Participation in the MANRS IXP Programme requires an IXP to implement and document a majority of the IXP Programme Actions (at least three out of five). Actions 1 and 2 are mandatory, and the IXP must implement at least one additional Action. Here are the five Actions:
- Facilitate Continue reading
Flash Storage Adoption in the Enterprise
Evaluator Group study provides insight into how companies are deploying solid-state storage systems.
Cisco Switch Attacks Represent New Wave of Network Exploits
The widespread attacks exploiting a Cisco flaw illustrate how tools to streamline management of large networks can be targeted by hackers to launch large-scale assaults.
A more privacy-friendy blog
When I started this blog, I embraced some free services, like Disqus or Google Analytics. These services are quite invasive for users’ privacy. Over the years, I have tried to correct this to reach a point where I do not rely on any “privacy-hostile” services.
Analytics?
- Before: Google Analytics
- After: nothing
Google Analytics is an ubiquitous solution to get a powerful analytics solution for free. It’s also a great way to provide data about your visitors to Google—also for free. There are self-hosted solutions like Matomo—previously Piwik.
I opted for a simpler solution: no analytics. It also enables me to think that my blog attracts thousands of visitors every day.
Fonts?
- Before: Google Fonts
- After: self-hosted
Google Fonts is a very popular font library and hosting service,
which relies on the generic Google Privacy Policy. The
google-webfonts-helper service makes it easy to self-host any font
from Google Fonts. Moreover, with help from
pyftsubset, I include only the characters used in this
blog. The font files are lighter and more complete: no problem
spelling “Antonín Dvořák”.
Videos?
- Before: YouTube
- Continue reading
Upcoming Webinars: May and June 2018
Another month has swooshed by and it’s time for a refreshed list of upcoming webinars:
- Mitja Robas will explain the basics of NSX and ACI planning and design on April 24th. He has tons of material on this topic – expect to see him quite often in the autumn/winter timeframe;
- Dinesh Dutt will continue the EVPN Technical Deep Dive saga on May 3rd;
- Christoph Jaggi will run a free webinar on the basics of transport (layer-1/2) and network (layer-3) security on May 10th;
- We’ll run another SDDC webinar on May 22nd. More details later…
- On June 5th Christoph will be back with Ethernet Encryptors Deep Dive;
- The last webinar before the summer break will be Data Center Fabric Troubleshooting with Dinesh Dutt on June 19th.
All you need to have to attend all these live sessions is a current ipSpace.net webinar subscription.
WISP Design – Building Highly Available VPLS for Public Subnets
What is VPLS?
Virtual Private LAN Service or VPLS is a Layer 2 overlay or tunnel that allows for the encapsulation of ethernet frames (with or without VLAN tags) over an MPLS network.
https://tools.ietf.org/html/rfc4762
VPLS is often found in Telco networks that rely on PPPoE to create centralized BRAS deployments by bringing all of the end users to a common point via L2.
MikroTik VPLS example (https://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks_using_MPLS)
Background
The idea for this post came out of a working session (at the bar of course) at WISPAmerica 2018 in Birmingham, Alabama.
There was a discussion about how to create redundancy for VPLS tunnels on multiple routers. I started working on this in EVE-NG as we were talking about it.
The goal is creating highly available endpoints for VPLS when using them to deploy a public subnet that can be delivered to any tower in the WISP. The same idea works for wireline networks as well.
Use Case
As IPv4 becomes harder to get, ISPs like WISPs, without large blocks of public space find it difficult to deploy them in smaller subnets. The idea behind breaking up a /23 or /24 for example, is that every Continue reading
WISP Design – Building Highly Available VPLS for Public Subnets
What is VPLS?
Virtual Private LAN Service or VPLS is a Layer 2 overlay or tunnel that allows for the encapsulation of ethernet frames (with or without VLAN tags) over an MPLS network.
https://tools.ietf.org/html/rfc4762
VPLS is often found in Telco networks that rely on PPPoE to create centralized BRAS deployments by bringing all of the end users to a common point via L2.
MikroTik VPLS example (https://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks_using_MPLS)
Background
The idea for this post came out of a working session (at the bar of course) at WISPAmerica 2018 in Birmingham, Alabama.
There was a discussion about how to create redundancy for VPLS tunnels on multiple routers. I started working on this in EVE-NG as we were talking about it.
The goal is creating highly available endpoints for VPLS when using them to deploy a public subnet that can be delivered to any tower in the WISP. The same idea works for wireline networks as well.
Use Case
As IPv4 becomes harder to get, ISPs like WISPs, without large blocks of public space find it difficult to deploy them in smaller subnets. The idea behind breaking up a /23 or /24 for example, is that every Continue reading
WSMeter: A performance evaluation methodology for Google’s production warehouse-scale computers
WSMeter: A performance evaluation methodology for Google’s production warehouse-scale computers Lee et al., ASPLOS’18
(The link above is to the ACM Digital Library, if you don’t have membership you should still be able to access the paper pdf by following the link from The Morning Paper blog post directly.)
How do you know how well your large kubernetes cluster / data centre / warehouse-scale computer (WSC) is performing? Is a particular change worth deploying? Can you quantify the ROI? To do that, you’re going to need some WSC-wide metric of performance. Not so easy! The WSC may be running thousands of distinct jobs all sharing the same underlying resources. Developing a load-testing benchmark workload to accurately model this is ‘practically impossible.’ Therefore, we need a method that lets us evaluate performance in a live production environment. Google’s answer is the Warehouse Scale performance Meter (WSMeter), “a methodology to efficiently and accurately evaluate a WSC’s performance using a live production environment.” At WSC scale, even small improvements can translate into considerable cost reductions. WSMeter’s low-risk, low-cost approach encourages more aggressive evaluation of potential new features.
Challenges in defining a WSC performance metric
Consider a change Continue reading
Get Started with Junos Quickly (and free!)
When I got started in networking, my education (like so many network engineers) was all about Cisco. All my networking courses in college, as well as my early networking jobs all used Cisco curricula and equipment, and valued Cisco certifications like the CCNA/CCNP/CCIE above all. It wasn’t until I had already been in the industry for about three years or so before I even got my hands on a Juniper device, and by that time, my IOS habits had taken root in my muscles, which made the new set/delete style of Junos configurations even more strange.Get Started with Junos Quickly (and free!)
When I got started in networking, my education (like so many network engineers) was all about Cisco. All my networking courses in college, as well as my early networking jobs all used Cisco curricula and equipment, and valued Cisco certifications like the CCNA/CCNP/CCIE above all. It wasn’t until I had already been in the industry for about three years or so before I even got my hands on a Juniper device, and by that time, my IOS habits had taken root in my muscles, which made the new set/delete style of Junos configurations even more strange.Get Started with Junos Quickly (and free!)
When I got started in networking, my education (like so many network engineers) was all about Cisco. All my networking courses in college, as well as my early networking jobs all used Cisco curricula and equipment, and valued Cisco certifications like the CCNA/CCNP/CCIE above all.
It wasn’t until I had already been in the industry for about three years or so before I even got my hands on a Juniper device, and by that time, my IOS habits had taken root in my muscles, which made the new set/delete style of Junos configurations even more strange. While my Junos experience never came close to exceeding my IOS/NXOS experience, I grew to appreciate some of the subtle advantages that Juniper bakes into its software. However, getting this experience meant I had to work that much harder to get my hands on lab gear to make it more a part of my day-to-day experience.
These days, it’s way easier to get started with Junos. You don’t have to wait for someone to get you some lab gear - you can set up a virtual lab right on your laptop. While there are a few places you can do this, one of the Continue reading
OMG The Stupid It Burns
This article, pointed out by @TheGrugq, is stupid enough that it's worth rebutting.“The views and opinions expressed are those of the author and not necessarily the positions of the U.S. Army, Department of Defense, or the U.S. Government.” <- I sincerely hope so…— the grugq (@thegrugq) April 22, 2018
“the cyber guns of August” https://t.co/xdybbr5B0E
The article starts with the question "Why did the lessons of Stuxnet, Wannacry, Heartbleed and Shamoon go unheeded?". It then proceeds to ignore the lessons of those things.
Some of the actual lessons should be things like how Stuxnet crossed air gaps, how Wannacry spread through flat Windows networking, how Heartbleed comes from technical debt, and how Shamoon furthers state aims by causing damage.
But this article doesn't cover the technical lessons. Instead, it thinks the lesson should be the moral lesson, that we should take these things more seriously. But that's stupid. It's the sort of lesson people teach you that know nothing about the topic. When you have nothing of value to contribute to a topic you can always take the moral high road and criticize everyone for being morally weak for not taking it Continue reading
Describing Network Automation: Automate the Coffee
How to Describe Automation
Cisco Live, Milan, 2014, the place where everyone drinks a caffé! It was this year that Cisco’s DevNet began to grow and my passion for software, automation and networking was in for a roller-coaster ride. I watched various refreshment stands delivering coffee to the endless queues of guests and began to see something special in the thing that I originally called an espresso!
For so long we’ve used pipes and water to describe networking itself and for a long time I was hunting for a good way to talk about network automation. Turns out a caffé is a great way to describe automation and especially network automation. We also feel emotionally about it and understand the process used to have one placed in ones hand.
Annoyingly so, when automation is the topic up for conversation, we start with "Let’s automate the network" and not with what it is we want to automate. If you’ve raised your eyebrow, point in case. Even worse is when you’re asked for a use-case. The answer is nothing more than a reflection: "Tell me what your humans do". This isn’t a product, it’s the deep integration of human process and digitised Continue reading
What Came First: VLANs or VRFs?
One of my friends sent me this question:
Do you remember if VLANs came first or was it VRFs?
I remember VLANs using ISL (pre-802.1q encapsulation) on early Cisco Ethernet switches (mid 90s), the earliest reference I could track down on Wikipedia is from 1988.
Read more ...Cisco Express Forwarding (CEF)
I am currently studying to rectify my CCIE and it is at these times that I realise there is so much I have studied and learnt but forgotten. There are many cool things I come across that I think at the time are useful features that I need to remember, but unfortunately if you don’t have a real world use for them they are soon put to the back of the brain and over time forgotten. The same applies with taking for granted the way things work, be that ARP, DHCP or the process a switch or router goes through when moving traffic. I came across some of my old notes on CEF which I thought worth sharing.