Terraform for Network Engineers: Part One

Terraform for Network Engineers: Part One

When I mention to my industry peers that I use Terraform to manage parts of my on-premise network infrastructure, I often get blank stares or a look of surprise. It's understandable — Terraform is usually associated with cloud infrastructure, not on-premise network devices. A quick Google search for "Terraform for Network Engineers" mostly brings up results about creating AWS VPCs, Azure VNETs, or deploying Palo Alto firewalls in AWS. There's not much out there about using Terraform for network devices like routers, switches, firewalls, and load balancers.

In this blog post series, I'll share my experience using Terraform to manage network devices and explain how it can benefit network engineers. While I'm not sure how many parts this series will have, I'll keep each post concise and informative, giving you the essentials to get started. If you have questions or need help, feel free to reach out.

Throughout the series, I'll use Palo Alto Network (Panorama) as the target, but the concepts can be applied to any network device that supports Terraform.

In Part One of this series, we'll cover the following topics:

  1. Introduction to Terraform.
  2. Understanding Terraform Terminology.
  3. Terraform Workflow.
  4. Deciding if Terraform is the Right Tool.
  5. Installing Terraform

Continue reading

Case Study: IPng at Coloclue

Coloclue

I have been a member of the Coloclue association in Amsterdam for a long time. This is a networking association in the social and technical sense of the word. [Coloclue] is based in Amsterdam with members throughout the Netherlands and Europe. Its goals are to facilitate learning about and operating IP based networks and services. It has about 225 members who, together, have built this network and deployed about 135 servers across 8 racks in 3 datacenters (Qupra, EUNetworks and NIKHEF). Coloclue is operating [AS8283] across several local and international internet exchange points.

A small while ago, one of our members, Sebas, shared their setup with the membership. It generated a bit of a show-and-tell response, with Sebas and other folks on our mailinglist curious as to how we all deployed our stuff. My buddy Tim pinged me on Telegram: “This is something you should share for IPng as well!”, so this article is a bit different than my usual dabbles. It will be more of a show and tell: how did I deploy and configure the Amsterdam Chapter of IPng Networks?

I’ll make this article a bit more picture-dense, to show the look-and-feel of Continue reading

Weekend Reads 062824


Often the scourge of tech execs in the US, Britain’s competition regulator has a new potential target in its sights: HPE’s proposed $14 billion purchase of Juniper Networks.


Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it?


Comparing social media with tobacco use is bizarre. Smoking cigarettes is a known danger, whereas social media is a generally positive development that has troubling side effects for some young people who spend too much time on the platforms.


The Biden administration today banned the sale of Kaspersky Lab products and services in the United States, declaring the Russian biz a national security risk.


Meta has identified another reason AI might produce rubbish output: Hardware faults that corrupt data.


During the 59th BEREC plenary meeting (6 June 2024), the Board of Regulators approved the Draft BEREC Report on the IP Interconnection Ecosystem (BoR (24) 93) for public consultation.


Is there any company out there who has hurt young people more than Mark Zuckerberg’s gargantuan Meta empire?


At Continue reading

Technology Short Take 179

Welcome to Technology Short Take #179! I’m back with another set of links to articles on various data center- and IT-related topics. In the interest of full transparency, I’d like to give credit to Russ White for his “Weekend Reads” series of posts, which are similar in nature to my Technology Short Takes. If you aren’t reading Russ’ “Weekend Reads” posts, you’re missing out on a good source of useful information. Several of the links included below are taken from recent posts by Russ. Thanks, Russ—and to all the other content creators and content curators referenced here—for your great work! Now, on to the content.

Networking

  • This post about netlab just reminds me that I really should spend some quality time with it. Need more than 24 hours in a day…
  • Timothy Ham created a GitHub Gist-based short IPv6 guide for home IPv4 admins.
  • Daniel Dib has a six-part series (so far) on Cisco vPC in a VXLAN/EVPN network. I’ll only link to part 1 of the series; you can find links to the rest in the sidebar on his site. I haven’t yet read all of them, but they’re on my list to read.
  • Hat tip to Ivan Continue reading

How the first 2024 US presidential debate influenced Internet traffic and security trends

Key findings:

  • The Biden vs. Trump debate influenced Internet traffic at the state level in the US, with drops in traffic as high as 17% (in Vermont) during the debate.
  • Microblogging and video streaming platforms saw traffic changes during the debate.
  • Trump-related sites, including donation platforms, gained much more traction than Biden’s during and after the debate.
  • Emails with “Trump” in the subject had higher rates of spam and malicious content compared to those with “Biden.”
  • No increase in cyberattacks during the debate, but frequent DDoS attacks targeted government and political sites in the preceding months.

Internet traffic ebbs and flows usually follow human patterns, and high visibility events that are broadcast on TV usually have an impact. Let’s take a look at the first of the 2024 United States presidential debates between the two major presumptive candidates, Joe Biden and Donald Trump, for the November presidential election.

2024 has been dubbed “the year of elections,” with elections taking place in over 60 countries, as we have mentioned before (1, 2, 3). We are regularly updating our election report on Cloudflare Radar, including analysis of recent elections in South Africa, India, Iceland, Mexico, Continue reading

Supporting Postgres Named Prepared Statements in Hyperdrive

Hyperdrive (Cloudflare’s globally distributed SQL connection pooler and cache) recently added support for Postgres protocol-level named prepared statements across pooled connections. Named prepared statements allow Postgres to cache query execution plans, providing potentially substantial performance improvements. Further, many popular drivers in the ecosystem use these by default, meaning that not having them is a bit of a footgun for developers. We are very excited that Hyperdrive’s users will now have access to better performance and a more seamless development experience, without needing to make any significant changes to their applications!

While we're not the first connection pooler to add this support (PgBouncer got to it in October 2023 in version 1.21, for example), there were some unique challenges in how we implemented it. To that end, we wanted to do a deep dive on what it took for us to deliver this.

Hyper-what?

One of the classic problems of building on the web is that your users are everywhere, but your database tends to be in one spot.  Combine that with pesky limitations like network routing, or the speed of light, and you can often run into situations where your users feel the pain of having your Continue reading

Embedded function calling in Workers AI: easier, smarter, faster

Introducing embedded function calling and a new ai-utils package

Today, we’re excited to announce a novel way to do function calling that co-locates LLM inference with function execution, and a new ai-utils package that upgrades the developer experience for function calling.

This is a follow-up to our mid-June announcement for traditional function calling, which allows you to leverage a Large Language Model (LLM) to intelligently generate structured outputs and pass them to an API call. Function calling has been largely adopted and standardized in the industry as a way for AI models to help perform actions on behalf of a user.

Our goal is to make building with AI as easy as possible, which is why we’re introducing a new @cloudflare/ai-utils npm package that allows developers to get started quickly with embedded function calling. These helper tools drastically simplify your workflow by actually executing your function code and dynamically generating tools from OpenAPI specs. We’ve also open-sourced our ai-utils package, which you can find on GitHub. With both embedded function calling and our ai-utils, you’re one step closer to creating intelligent AI agents, and from there, the possibilities are endless.

Why Cloudflare’s AI platform?

OpenAI has been the gold Continue reading

NVIDIA Air Infrastructure Simulation Platform

I recently tested the NVIDIA Air Infrastructure Simulation Platform and would like to share my first experiences with you. What is NVIDIA Air Infrastructure Simulation Platform or NVIDIA Air? In a nutshell, NVIDIA Air is a cloud-hosted, data center simulation platform. Where you can: Test and validate network configurations, features, and automation code. Build your own data center topology or choose from an impressive list of pre-built topologies. You can use Cumulus Linux or SONiC as network operating system, add Ubuntu nodes, and more. Import / Export lab topologies. Share the…

The post NVIDIA Air Infrastructure Simulation Platform appeared first on AboutNetworks.net.

AI/ML Networking Part I: RDMA Basics

Remote Direct Memory Access - RDMA Basics


Introduction

Remote Direct Memory Access (RDMA) architecture enables efficient data transfer between Compute Nodes (CN) in a High-Performance Computing (HPC) environment. RDMA over Converged Ethernet version 2 (RoCEv2) utilizes a routed IP Fabric as a transport network for RDMA messages. Due to the nature of RDMA packet flow, the transport network must provide lossless, low-latency packet transmission. The RoCEv2 solution uses UDP in the transport layer, which does not handle packet losses caused by network congestion (buffer overflow on switches or on a receiving Compute Node). To avoid buffer overflow issues, Priority Flow Control (PFC) and Explicit Congestion Notification (ECN) are used as signaling mechanisms to react to buffer threshold violations by requesting a lower packet transfer rate.

Before moving to RDMA processes, let’s take a brief look at our example Compute Nodes. Figure 1-1 illustrates our example Compute Nodes (CN). Both Client and Server CNs are equipped with one Graphical Processing Unit (GPU). The GPU has a Network Interface Card (NIC) with one interface. Additionally, the GPU has Device Memory Units to which it has a direct connection, bypassing the CPU. In real life, a CN may have several GPUs, each with multiple memory units. Intra-GPU communication within the CN happens over high-speed NVLinks. The connection to remote CNs occurs over the NIC, which has at least one high-speed uplink port/interface.

Figure 1-1 also shows the basic idea of a stacked Fine-Grained 3D DRAM (FG-DRAM) solution. In our example, there are four vertically interconnected DRAM dies, each divided into eight Banks. Each Bank contains four memory arrays, each consisting of rows and columns that contain memory units (transistors whose charge indicates whether a bit is set to 1 or 0). FG-DRAM enables cross-DRAM grouping into Ranks, increasing memory capacity and bandwidth.

The upcoming sections introduce the required processes and operations when the Client Compute Node wants to write data from its device memory to the Server Compute Node’s device memory. I will discuss the design models and requirements for lossless IP Fabric in later chapters.



Figure 1-1: Fine-Grained DRAM High-Level Architecture.
Continue reading

DNS Evolution

The DNS is a crucial part of the Internet's architecture. However, the DNS is not a rigid and unchanging technology. It has changed considerably over the lifetime of the Internet and here I’d like to look at what’s changed and what’s remained the same.

Explore and Fix BGP Wedgies

RFC 4264 defines BGP wedgies as “a class of BGP configurations for which there is more than one potential outcome, and where forwarding states other than the intended state are equally stable.” Even worse, “the stable state where BGP converges may be selected by BGP in a non-deterministic manner.

Want to know more? You can explore a real-life BGP wedgie and fix it in the latest BGP lab exercise.

Explore and fix a BGP wedgie

Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet

polyfill.io, a popular JavaScript library service, can no longer be trusted and should be removed from websites.

Multiple reports, corroborated with data seen by our own client-side security system, Page Shield, have shown that the polyfill service was being used, and could be used again, to inject malicious JavaScript code into users’ browsers. This is a real threat to the Internet at large given the popularity of this library.

We have, over the last 24 hours, released an automatic JavaScript URL rewriting service that will rewrite any link to polyfill.io found in a website proxied by Cloudflare to a link to our mirror under cdnjs. This will avoid breaking site functionality while mitigating the risk of a supply chain attack.

Any website on the free plan has this feature automatically activated now. Websites on any paid plan can turn on this feature with a single click.

You can find this new feature under Security ⇒ Settings on any zone using Cloudflare.

Contrary to what is stated on the polyfill.io website, Cloudflare has never recommended the polyfill.io service or authorized their use of Cloudflare’s name on their website. We have asked them to remove the Continue reading

1 34 35 36 37 38 3,698