You’re asked to update the SSL certificate for movingpackets.net on a load balancer. The requestor (me, I suppose) gives you the certificate, the private key and passphrase, and the intermediate bundle file provided by the certificate authority.
movingpackets.net.crt
movingpackets.net.key
movingpackets.net-intermediate-chain.crt
You faithfully go to the load balancer, upload the files, enter the passphrase, and create a client SSL profile referencing the cert/key/chain combination I provided, and all is well. The only thing is, you have 200 VIPs on the load balancer, mostly issued by the same certification authority (CA), so don’t they nominally share the same intermediate chain? (Hint: Almost certainly, yes)
Here is the operational annoyance. The fact that the same intermediate certificate/chain has been uploaded 200 times with different names doesn’t stop things working, but it does seem rather inefficient. As far as I can determine, the F5 LTM load balancers (for example) actually concatenate all the uploaded certificates into a single bundle file and search the bundle when a certificate is referenced. I have no idea if there’s a huge performance gain here (unlikely), but it seems logical to want to minimize that file size regardless. On other Continue reading
Take a Network Break! Grab a coffee, a doughnut and then join us for an analysis of the latest IT news, vendor moves and new product announcements. We’ll separate the signal from the noise–or at least make some noise of our own.
The post Network Break 41 appeared first on Packet Pushers Podcast and was written by Greg Ferro.
[P]re-acting to something that hasn’t happened yet is nonsense.
Refusing to learn from people you don’t agree with isn’t a particularly modern vice, but in our world of information overload, where there are so many voices that we can choose to listen only to people we agree with, it does create a particularly modern narrowness of mind.
The post Worth Reading: Politics and Technology appeared first on 'net work.
Startup wants to put containers right next to the databases they crave.
I’m betting that I could take my certifications off my resume and still have a fair chance at finding a job. It’s a guess, of course, and I’ve never tried any sort of an experiment towards finding out, but the point is this: at some point in your career, certifications should become just one more thing on an excellent resume, rather than the focal point of your resume. Given this, why do I still support certifications? To answer this question, I need to back up into the certification development process a bit.
One of the strangest “mind trips” I’ve ever encountered was working with the “psycho’s” (psychometricians, really, but you know how engineers are with long words) through the entire CCDE/CCAr process. The two things we were challenged constantly were:
Both of these are hard questions.
The first question we turned into a simpler one (again, you know how engineers are): Why do I care? When someone would suggest a particular question or skill, they were immediately met with the counter — Do I care? If I were a designer working on a Continue reading
How does Internet work - We know what is networking
Network Packet Generator or Network Traffic Generator is a tool every network engineer will sooner or later want to use. Here’s one I found and it’s great! First time I saw an Ethernet frame in details on my CCNA class back in 2010 I immediately got the idea about generating some packets on my own. It was logical next step to ask myself: “Ok, so how can I make one of those and see what happens when I send it out on the network?”. I was not really sure that there is a tool that would make it possible. Don’t get me wrong,
How to generate network packets – Ostinato Packet/Traffic Generator
Geoff Huston published an interesting number-crunching exercise in his latest IPv6-focused blog post: 8% of the value of the global Internet (GDP-adjusted number of eyeballs) is already on IPv6, and a third of the top-30 providers (which control 43% of the Internet value) have deployed large-scale IPv6.
The message is clear: The big players have moved on. Who cares about the long tail?
Read more ...
With everything going on in the industry, what is happening to the CCIE program?
I recently watched a webinar on coming updates to the CCIE program. I have also been talking to the CCIE and CCDE program managers which I am proud to call my friends. The certifications are a big part of Cisco’s business, people are afraid that certifications will lose value as Software Defined Networking (SDN) gains more traction in the industry. What is Cisco’s response to the ever changing landscape of networking?
We have already seen Cisco announce the CCNA cloud and CCNA industrial which shows that Cisco follows the market. Will we see a CCIE cloud or CCIE SDN? Doubtful… Why? Because SDN is not a track in itself, it will be part of all tracks… The CCIE DC will be refreshed to include topics like Application Centric Infrastructure (ACI) in the blueprint. When? It’s not official yet which means you have at least 6 months. My guess is that we will see an announcement before this year ends which would mean that the update is around a year away.
CCIE DC is the natural fit for SDN. What about the other tracks? Expect other tracks Continue reading
My development environment usually consists of a host machine running Windows and a development Linux “headless” virtual machine. I create and edit files in a Notepad++ text editor and then transfer them over to the Linux VM. Until recently I’ve been using a hypervisor-enabled “shared” folder. However, Windows file system emulators in Linux do not support symbolic links and therefore breaks a lot of applications that rely on them. This prompted me to start looking for a new way to sync my files. That’s how I came across this new amazing file syncing app called Syncthing. Why is it amazing?
