How to deploy Red Hat Ansible Automation Platform on Google Cloud

This blog is co-authored by Zack Kayyali and Hicham (he-sham) Mourad

Deploying Red Hat Ansible Automation Platform

The steps below detail how to install Red Hat Ansible Automation Platform on Google Cloud from the marketplace. Before starting the deployment process, please ensure the Google Cloud account you are using to deploy has the following permissions. These IAM roles are required to deploy the Google Cloud foundation stack offering.  The foundation stack offering here refers to the base Ansible Automation Platform 2 deployment.

This blog details how to deploy Ansible Automation Platform on Google Cloud, and then access the application. This deployment process will be configured to set up Ansible Automation Platform on its own Virtual Private Cloud (VPC) that it creates and manages. We also support deploying into an existing VPC.

To begin, first log into your Google Cloud account. If you have a private offer, ensure that these are accepted for both the foundation and extension node offerings. 

Note: 

  • The foundation offer refers to the “Red Hat Ansible Automation Platform 2 - Up to 100 Managed Nodes” marketplace item. 
  • The extension node offer refers to the “Extension Node - Ansible Automation Platform 2 - 100 Managed Continue reading

Building a WAN Impairment Device in Linux on VMware vSphere

In some scenarios it is really useful to be able to simulate a WAN in regards to latency, jitter, and packet loss. Especially for those of us that work with SD-WAN and want to test or policies in a controlled environment. In this post I will describe how I build a WAN impairment device in Linux for a VMware vSphere environment and how I can simulate different conditions.

My SD-WAN lab is built on VMware vSphere using Catalyst SD-WAN with Catalyst8000v as virtual routers and on-premises controllers. The goal with the WAN impairment device is to be able to manipulate each internet connection to a router individually. That way I can simulate that a particular connection or router is having issues while other connections/routers are not. I don’t want to impose the same conditions on all connections/devices simultaneously. To do this, I have built a physical topology that looks like this:

All devices are connected to a management network that I can access via a VPN. This way I have “out of band” access to all devices and can use SSH to configure my routers with a bootstrap configuration. To avoid having to create many unique VLANs in the vSwitch, Continue reading

Multichannel fast file transfers over AX.25

Lately I’ve been thinking about a better data protocol for amateur radio.

“Better” is, of course, relative. And the space is so big. Are we talking HF or VHF/UHF? Should it work with existing radios (just working the audio spectrum), or be its own radio? Should it be just RF improvements, or higher networking layers?

File transfers on the application layer

In my previous post I started off trying ZMODEM, but was fairly disappointed. The Linux AX.25 implementation sucks, and ZMODEM is too chatty. Every roundtrip is expensive. But even tuning the parameters, there are better ways to avoid needless retransmits and roundtrips.

I’ve started a tool called hamtransfer. The implementation is currently only point-to-point, but the protocol will work for more “bittorrent” style too.

It uses Raptor codes, but I’ll save you some time: It encodes the file (it calls a “block”) into smaller chunks (it calls “symbols”). It then sends the symbols to the receiver, which will be able to reassemble the original block.

The trick is that the set of symbols is infinite, and the block can be assembled by almost any subset of symbols. If the block is 10kB, then with more than Continue reading

Calico monthly roundup: June 2023

Welcome to the Calico monthly roundup: June edition! From open source news to live events, we have exciting updates to share—let’s get into it!

 

 

Customer case study: Box

Using Calico, Box achieved zero-trust security and policy automation at scale in a multi-cluster environment. Read our new case study to find out how.

Read case study.

Is your container environment compliant with NIST guidelines?

This assessment helps you compare your current security posture against the NIST Cybersecurity Framework and assess your readiness to detect and protect against cyberattacks.

Read the guide.

Open source news

  • Calico Live – Join the Calico community every Wednesday at 2:00 pm ET for a live discussion about learning how to leverage Calico and Kubernetes for networking and security. We will explore Kubernetes security and policy design, network flow logs and more. Join us live on Linkedin or YouTube.
  • Calico Wall of Fame – As a valued member of our Calico users community, we would like to feature you on our NEW Project Calico Wall of Fame. To participate, fill out the form here.

Connect

Worth Reading: Another BGP Session Reset Bug

Emile Aben is describing an interesting behavior observed in the Wild West of the global Internet: someone started announcing BGP paths with an unknown attribute, which (regardless of RFC 7606) triggered some BGP session resets.

One would have hoped we learned something from the August 2010 incident (supposedly caused by a friend of mine 😜), but it looks like some things never change. For more details, watch the Network Security Fallacies and Internet Routing Security webinar.

Worth Reading: Another BGP Session Reset Bug

Emile Aben is describing an interesting behavior observed in the Wild West of the global Internet: someone started announcing BGP paths with an unknown attribute, which (regardless of RFC 7606) triggered some BGP session resets.

One would have hoped we learned something from the August 2010 incident (supposedly caused by a friend of mine 😜), but it looks like some things never change. For more details, watch the Network Security Fallacies and Internet Routing Security webinar.

Worth Reading: AI Does Not Help Programmers

On the Communications of the ACM web site, Bertrand Meyer argues that (contrary to the exploding hype) AI Does Not Help Programmers:

As a programmer, I know where to go to solve a problem. But I am fallible; I would love to have an assistant who keeps me in check, alerting me to pitfalls and correcting me when I err. A effective pair-programmer. But that is not what I get. Instead, I have the equivalent of a cocky graduate student, smart and widely read, also polite and quick to apologize, but thoroughly, invariably, sloppy and unreliable. I have little use for such supposed help.

Not surprisingly, my experience is pretty close to what he’s describing. AI is the way to go if you want something that looks reasonable (at a first glance), but not if you want to get something right. Unfortunately, there’s a bit of a difference between marketing and engineering: networks that are configured 90% correctly sometimes fail to do what you expect them to do.

Worth Reading: AI Does Not Help Programmers

On the Communications of the ACM web site, Bertrand Meyer argues that (contrary to the exploding hype) AI Does Not Help Programmers:

As a programmer, I know where to go to solve a problem. But I am fallible; I would love to have an assistant who keeps me in check, alerting me to pitfalls and correcting me when I err. A effective pair-programmer. But that is not what I get. Instead, I have the equivalent of a cocky graduate student, smart and widely read, also polite and quick to apologize, but thoroughly, invariably, sloppy and unreliable. I have little use for such supposed help.

Not surprisingly, my experience is pretty close to what he’s describing. AI is the way to go if you want something that looks reasonable (at a first glance), but not if you want to get something right. Unfortunately, there’s a bit of a difference between marketing and engineering: networks that are configured 90% correctly sometimes fail to do what you expect them to do.

AskJJX: Help! Office Wi-Fi is So Bad An Intern Is Following The CEO Around With An AP

AskJJX: How do you set up and configure Wi-Fi for a two-level office in a crowded office building area (downtown San Francisco across from Moscone Center) with concrete poles all over the place? It was a nightmare. APs were dropping traffic like flies. We were at the point of almost having an intern follow the […]

The post AskJJX: Help! Office Wi-Fi is So Bad An Intern Is Following The CEO Around With An AP appeared first on Packet Pushers.

Weekend Reads 063023


Enterprises can use multiple DNS providers to serve their zone. This increases the reliability of the service and will likely help them to keep their zone available if one provider is suffering from a critical failure.


According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow.


With browser fingerprinting, many pieces of data can be collected about a user’s web browser and device, such as screen resolution, location, language, and operating system. When you stitch these pieces together, they reveal a unique combination of information that forms every user’s visitor ID or “digital fingerprint.


John Goodenough, who shared the 2019 Nobel Prize in chemistry for his work developing the lithium-ion battery that transformed technology with rechargeable power for devices ranging from cellphones, computers, and pacemakers to electric cars, has died at 100, the University of Texas announced Monday.


Microsoft has been increasingly moving Windows to the cloud on the commercial side with Windows 365, but the software giant also wants to do the same for consumers


Moonlighter, a foot-long toaster-sized CubeSat, is designed for hacking contests Continue reading

Cisco urges stop using weak crypto algorithms with OSPF

To reduce the risk of service problems, Cisco is making it harder for organizations to use weak cryptographic algorithms when setting up authentication for OSPF packets on certain Catalyst Edge Platforms and Integrated Services Routers (ISR).Newer versions of Cisco’s IOS XE software (Release 17.11.1 and later) no longer support those algorithms—DES, 3DES, and MD5—by default, Cisco stated in a field Notice.Specifically, the algorithms are no longer default options for the open shortest path first v 3 (OSPFv3) protocol, which uses the IPsec secure socket API to add authentication to OSPFv3 packets that distribute routing information.To read this article in full, please click here

Cisco urges stop using weak crypto algorithms with OSPF

To reduce the risk of service problems, Cisco is making it harder for organizations to use weak cryptographic algorithms when setting up authentication for OSPF packets on certain Catalyst Edge Platforms and Integrated Services Routers (ISR).Newer versions of Cisco’s IOS XE software (Release 17.11.1 and later) no longer support those algorithms—DES, 3DES, and MD5—by default, Cisco stated in a field Notice.Specifically, the algorithms are no longer default options for the open shortest path first v 3 (OSPFv3) protocol, which uses the IPsec secure socket API to add authentication to OSPFv3 packets that distribute routing information.To read this article in full, please click here

Is The OSI Model Good For Understanding How Networks Work? Not Really

Looking back at my career in network engineering, beyond some basic concepts and naming conventions, I cannot remember using the OSI model once. Not for troubleshooting, not for protocol design. I have used the concept of layering, but never the OSI model specifically.

The post Is The OSI Model Good For Understanding How Networks Work? Not Really appeared first on Packet Pushers.

1 261 262 263 264 265 3,835