NetworkingNexus.net

Book Review: REST API Design Rulebook

REST API Design Rulebook (written by Mark Masse and published by O’Reilly Media; more details here) is an older book, published in late 2011. However, having never attempted to design a REST API before, I found lots of useful information inside that really helped shape my understanding of REST APIs and REST API design.

(In case you’re wondering why I was reading a book about REST API design, this ties into my 2018 project list and the software development project I recently launched.)

Overall, I found the book quite helpful and useful. If I had one complaint about the book, it would be the book’s repeated insistence on referring to WRML (Web Resource Modeling Language), which—as I understand it—is a proposed solution by the book’s author to some of the challenges around REST API design. I get that the author is sold on the value of WRML, but at times the book felt very much like a WRML commercial.

Aside from that one complaint, the book’s organization into a set of “rules” helped make the material reasonably consumable, and I appreciated the review of key terms at the end of each chapter.

I do still have some Continue reading

Planning Your First IoT Network

Organizations that get an IoT project started on the right foot can avoid major headaches down the road. Here's some advice to help you move forward with ease.

SILVER PEAK SD-WAN WITH DELL EMC VEP – PART 2: Deployment Options

Continuing from where we left off in part 1, we will start with a look at some of the implementation details, before looking at Deployment

Introducing Network4dev

Intro

Some of you may have heard it through the grapevine but it’s time to make my plans known. I have founded a new website called Network4dev which has been setup by my friend Cristian Sirbu.

What is it?

Network4dev is a web site about networking mainly for people that are developers, systems administrators or that spend most of their time working on applications. The goal is to provide short, concise and to the point articles on different networking topics. The articles will stay at a technical level suitable for someone that is not mainly into networking.

Why?

In todays IT infrastructures it’s important to break down silos. We in networking must understand a bit about compute, storage, virtualization, applications and automation. It is equally important for someone working with applications to understand a bit about networking.

For people in networking learning about apps and automation, there are many initiatives such as Devnet, but there isn’t much available for a people working with apps to learn about networking. Most of the networking content out there is aimed for people in networking (naturally). I don’t expect a person not in networking to go after for example the CCNA or to read Continue reading

Worth Reading: Chip architecture switches to heterogeneous

There are shifts underway in computing that are driving the need for more heterogeneous computing that can adapt to the workload at hand without having to change any of the underlying infrastructure. —Jeffrey Burt @The Next Platform

Is BGP Good Enough?

In a recent podcast, Ivan and Dinesh ask why there is a lot of interest in running link state protocols on data center fabrics. They begin with this point: if you have less than a few hundred switches, it really doesn’t matter what routing protocol you run on your data center fabric. Beyond this, there do not seem to be any problems to be solved that BGP cannot solve, so… why bother with a link state protocol? After all, BGP is much simpler than any link state protocol, and we should always solve all our problems with the simplest protocol possible.

TL;DR

BGP is both simple and complex, depending on your perspective
BGP is sometimes too much, and sometimes too little for data center fabrics
We are danger of treating every problem as a nail, because we have decided BGP is the ultimate hammer

Will these these contentions stand up to a rigorous challenge?

I will begin with the last contention first—BGP is simpler than any link state protocol. Consider the core protocol semantics of BGP and a link state protocol. In a link state protocol, every network device must have a synchronized copy of the Link State Continue reading

JNCIA-Junos

I recently completed the entry level Juniper certification. I thought it would be a good idea to study for something other than the mighty Cisco, so Juniper’s JNCIA-Junos seemed like a good choice.

It was a very fair exam I can highly recommend.

Next up is AWS Solution Architect Associate. Need to get some cloud skills as thats where everything is going right?

Worth Reading: Edge Analytics

Edge analytics is the lynchpin that drives real-time decision-making. So, edge analytics means increased intelligence on the devices at the edge. This translates to increased processing capabilities (compute) as well as higher storage on the edge devices. —Balaji Sivakumar @https://opensourceforu.com

The Week in Internet News: More Communities Building Their Own Broadband Networks

Build-your-own broadband: Small towns in the United States and the United Kingdom are increasingly bypassing large ISPs and building their own broadband networks, according to two recent stories. Reuters notes that rural communities in the U.K. are building networks to improve speeds and expand coverage, while Wired.com reports that independent broadband networks are proliferating across the United States in small towns, with speeds often exceeding a gigabit per second.

Where the IT jobs are: If you understand blockchain or Artificial Intelligence, job recruiters are looking for you. SHRM.org, the website for the Society of Human Resource Management, notes there’s been a 500 percent increase in blockchain-related job postings on Stack Overflow in the past year. Meanwhile, the Economic Times of India reports that AI experts are getting job offers that include major salary increases.

Power grid and IoT security don’t mix: Princeton researchers have suggested that insecure IoT devices could be used against the power grid, potentially leading to local power outages or even widescale blackouts, SecurityBoulevard.com reports. During a recent conference, the researchers demonstrated how an IoT botnet of Internet-connected high wattage devices could give attackers the ability to launch large-scale attacks on the Continue reading

Do We Need Leaf-and-Spine Fabrics?

Evil CCIE left a lengthy comment on one of my blog posts including this interesting observation:

It's always interesting to hear all kind of reasons from people to deploy CLOS fabrics in DC in Enterprise segment typically that I deal with while they mostly don't have clue about why they should be doing it in first place. […] Usually a good justification is DC to support high amount of East-West Traffic....but really? […] Ask them if they even have any benchmarks or tools to measure that in first place :)

What he wrote proves that most networking practitioners never move beyond regurgitating vendor marketing (because that’s so much easier than making the first step toward becoming an engineer by figuring out how technology really works).

Fear the reaper: characterization and fast detection of card skimmers

Fear the reaper: characterization and fast detection of card skimmers Scaife et al., USENIX Security 2018

Until I can get my hands on a Skim Reaper I’m not sure I’ll ever trust an ATM or other exposed card reading device (e.g., at garages) again!

Scaife et al. conduct a study of skimming devices found by the NYPD Financial Crimes Task Force over a 16 month period. The bad news is that you and I don’t really have much chance of detecting a deployed card skimming device (most of the folk wisdom about how to do so doesn’t really work). The good news is that the Skim Reaper detection device developed in this research project was able to effectively detect 100% of the devices supplied by the NYPD. That’s great if you happen to have a Skim Reaper handy to test with before using an ATM. The NYPD are now actively using a set of such devices in the field.

Card skimmers and why they’re so hard for end-users to detect

Almost as well-know as (credit and debit) cards themselves is the ease with which fraud can be committed against them. Attackers often acquire card data using skimmers Continue reading

Porting Our Software to ARM64

As we enable more ARM64^[1] machines in our network, I want to give some technical insight into the process we went through to reach software parity in our multi-architecture environment.

To give some idea of the scale of this task, it’s necessary to describe the software stack we run on our servers. The foundation is the Linux kernel. Then, we use the Debian distribution as our base operating system. Finally, we install hundreds of packages that we build ourselves. Some packages are based on open-source software, often tailored to better meet our needs. Other packages were written from scratch within Cloudflare.

Industry support for ARM64 is very active, so a lot of open-source software has already been ported. This includes the Linux kernel. Additionally, Debian made ARM64 a first-class release architecture starting with Stretch in 2017. This meant that upon obtaining our ARM64 hardware, a few engineers were able to bring Debian up quickly and smoothly. Our attention then turned to getting all our in-house packages to build and run for ARM64.

Our stack uses a diverse range of programming languages, including C, C++, Go, Lua, Python, and Rust. Different languages have different porting requirements, with some being easier Continue reading

Better XMind-GNOME Integration

In December of 2017 I wrote about how to install XMind 8 on Fedora 27, and at the time of that writing I hadn’t quite figured out how to define a MIME type for XMind files that would allow users to double-click on an XMind file in Nautilus and open that file in XMind. After doing a bit of additional research and testing, I’ve found a solution and would like to share it here.

The solution I’ll describe here has been tested on Fedora 28, but it should work on just about any distribution with the GNOME desktop environment.

First, you’ll want to define the MIME type by creating an XML file in the ~/.local/share/mime/packages directory, as outlined here. I called my file application-vnd-xmind-workbook.xml, but I don’t know if the filename actually matters. (I derived the filename from this list of XMind file types.) The contents of the file should look something like this:

<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
  <mime-type type="application/vnd.xmind.workbook">
    <comment>XMind Workbook</comment>
    <glob pattern="*.xmind"/>
    <glob pattern="*.XMIND"/>
    <glob pattern="*.XMind"/>
  </mime-type>
</mime-info>

You’ll note that multiple glob patterns are included to help deal with case sensitivity issues. The specific values used in Continue reading

Weekly Show 405: Juniper Contrail SD-WAN: Driving Wave Two (Sponsored)

In today's Weekly Show we drill into Contrail SD-WAN with sponsor Juniper Networks. We discuss Contrail SD-WAN's three pillars--routing, VPNs, and security--and look at how the product distinguishes itself from its competitors. Our guest is Tony Sarathchandra, Director, Product Management - Software Defined Networking Technology and Solutions at Juniper Networks.

The post Weekly Show 405: Juniper Contrail SD-WAN: Driving Wave Two (Sponsored) appeared first on Packet Pushers.

Networking in the Cloud – Different but the Same

Networking in the cloud is impressive. Building redundant internet access is as easy as attaching an internet gateway (IGW) to your VPC. In an on-premises network we would have to build VLANs, subnets, IGPs, possibly HSRP and BGP etc. This holds true for many of the services in the cloud.

I’ve seen statements as “The networking team is going away because everyone is moving to the cloud”. “The networking team is going away because webscaler/startup company X networking team is only Y number of people”. This is like comparing apples to ostridges. I call BS. Why?

Networking in the cloud is relatively easy when you can leverage the standard services available, which is not always the case. It’s relatively easy because people are in the beginning of their cloud journey. They have one or a couple of VPCs. If they really move a major part of their app stack to the cloud, networking won’t be so easy. Let’s think about some examples.

In the cloud you can provision resources into different subnets, meaning different availability zones. This leads to a very high availability but it’s not enough. To build a really resilient service you need to be in different regions. Continue reading

The Long And Winding Network Road

How do you see your network? Odds are good it looks like a big collection of devices and protocols that you use to connect everything. It doesn’t matter what those devices are. They’re just another source of packets that you have to deal with. Sometimes those devices are more needy than others. Maybe it’s a phone server that needs QoS. Or a storage device that needs a dedicated transport to guarantee that nothing is lost.

But what does the network look like to those developers?

Work Is A Highway

When is the last time you thought about how the network looks to people? Here’s a thought exercise for you:

Think about a highway. Think about all the engineering that goes into building a highway. How many companies are involved in building it. How many resources are required. Now, think of that every time you want to go to the store.

It’s a bit overwhelming. There are dozens, if not hundreds, of companies that are dedicated to building highways and other surface streets. Perhaps they are architects or construction crews or even just maintenance workers. But all of them have a function. All for the sake of letting us drive on Continue reading