Azure Networking Fundamentals: Site-to-Site VPN

Comment: Here is a part of the introduction section of the fifth chapter of my Azure Networking Fundamentals book. I will also publish other chapters' introduction sections soon so you can see if the book is for you. The book is available at Leanpub and Amazon (links on the right pane).

A Hybrid Cloud is a model where we split application-specific workloads across the public and private clouds. This chapter introduces Azure's hybrid cloud solution using Site-to-Site (S2S) Active-Standby VPN connection between Azure and on-prem DC. Azure S2S A/S VPN service includes five Azure resources. The first one, Virtual Network Gateway (VGW), also called VPN Gateway, consists of two VMs, one in active mode and the other in standby mode. These VMs are our VPN connection termination points on the Azure side, which encrypt and decrypt data traffic. The active VM has a public IP address associated with its Internet side. If the active VM fails, the standby VM takes the active role, and the public IP is associated with it. Active and standby VMs are attached to the special subnet called Gateway Subnet. The name of the gateway subnet has to be GatewaySubnet. The Local Gateway (LGW) Continue reading

Automation 21. Interactive Python with Jupyter Notebooks to Collect Data from Network Devices with pyGNMI and Process with Pandas

Dear friend,

Today’s topic will be an unusual one. We will talk about some (of course) Python-related technology, which despite its existence for quite a while already, we have been always somewhat avoiding. It always seemed for me that Jupyter is not a right thing for network automation, especially when we talk proper software development, not simple scripts. I still stand this ground; however, I see now where Jupyter can be quite useful.

Is There Any Limit in Network Automation Tools?

Well. The truth is that there is no limit. In vast majority of cases, tools used in Network Automation are either ones coming from DevOps or from Software Development. Both of these areas are massive and are ever growing, what ultimately means that amount of tools for network automation is growing as well. Some of these tools are more suitable for network automation, some are less: it is possible to assess if the particular one is suitable for network automation only if you test , which is time consuming.

The good news is that we already created a selection of great network automation tools and technologies for you. We have carefully tested and put them together, so that you Continue reading

Weekend Reads 012723


The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition.


Going into 2023, phishing is still as large a concern as ever. “If it ain’t broke, don’t fix it,” seems to hold in this tried-and-true attack method.


This follow-up post describes what techniques exist to enumerate subdomains in a DNSSEC-enabled zone and what countermeasures exist to prevent it. DNSSEC itself is not explained further, however, some relevant record types are briefly described.


In 1987 economics Nobel Laureate Robert Solow said that the computer age was everywhere—except in productivity data. A similar thing could be said about AI today: It dominates tech news but does not seem to have boosted productivity a whit.


Names such as Novelli, orangecake, Pirat-Networks, SubComandanteVPN, and zirochka are unlikely to mean anything to a vast majority of enterprise security teams.


Decision-makers might wonder — is investing time and resources in Resource Public Key Infrastructure (RPKI) worth it? What is the effectiveness of RPKI Route Origin Validation (ROV)? In the last year, a number of interesting reports were published.


In Continue reading

MUST READ: Nothing Works

Did you ever wonder why it’s impossible to find good service company, why most software sucks, or why networking vendors can get away with selling crap? If you did, and found no good answer (apart from Sturgeon’s Law), it’s time to read Why is it so hard to buy things that work well? by Dan Luu.

Totally off-topic: his web site uses almost no CSS and looks in my browser like a relic of 1980s. Suggestions how to fix that (in Chrome) are most welcome.

MUST READ: Nothing Works

Did you ever wonder why it’s impossible to find good service company, why most software sucks, or why networking vendors can get away with selling crap? If you did, and found no good answer (apart from Sturgeon’s Law), it’s time to read Why is it so hard to buy things that work well? by Dan Luu.

Totally off-topic: his web site uses almost no CSS and looks in my browser like a relic of 1980s. Suggestions how to fix that (in Chrome) are most welcome.

Intel’s Datacenter Business Goes From Bad To Worse, With Worst Still To Come

Everybody expected that Intel was going to turn in a pretty bad final quarter in 2022, and even before it posted its numbers yesterday after the market closed, there were plenty of signals that it was going to be worse.

Intel’s Datacenter Business Goes From Bad To Worse, With Worst Still To Come was written by Timothy Prickett Morgan at The Next Platform.

Using Linux hexedit and xxd commands to view and modify binary files

Linux systems support a number of file editors – like vi, vim, neovim, ne, GNU Emacs etc. But you can also install an editor that allows you to view the contents of and make changes to binary files--hexedit.With hexedit, you can edit images, executables and other binaries, though you have to know a lot about the format of the file you’re editing to make valid changes that don't disrupt the file's format. After all, you'll be editing one byte at a time. This is not meant to imply that you can't use this command for viewing or editing text files. There's just little or no reason to do that.To read this article in full, please click here

Using Linux hexedit and xxd commands to view and modify binary files

Linux systems support a number of file editors – like vi, vim, neovim, ne, GNU Emacs etc. But you can also install an editor that allows you to view the contents of and make changes to binary files--hexedit.With hexedit, you can edit images, executables and other binaries, though you have to know a lot about the format of the file you’re editing to make valid changes that don't disrupt the file's format. After all, you'll be editing one byte at a time. This is not meant to imply that you can't use this command for viewing or editing text files. There's just little or no reason to do that.To read this article in full, please click here

Turbocharging Host Workloads with Calico eBPF and XDP

In Linux, network-based applications rely on the kernel’s networking stack to establish communication with other systems. While this process is generally efficient and has been optimized over the years, in some cases it can create unnecessary overhead that can affect the overall performance of the system for network-intensive workloads such as web servers and databases. Calico Open Source offer an easier way to tame these technologies. Calico Open Source is a networking and security solution that seamlessly integrates with Kubernetes and other cloud orchestration platforms. While infamous for its policy engine and security capabilities, there are many other features that can be used in an environment by installing Continue reading

A Database For All Locations, Models, And Scales

Enterprises are creating huge amounts of data and it is being generated, stored, accessed, and analyzed everywhere – in core datacenters, in the cloud distributed among various providers, at the edge, in databases from multiple vendors, in disparate formats, and for new workloads like artificial intelligence.

A Database For All Locations, Models, And Scales was written by Jeffrey Burt at The Next Platform.

Being the Best at Beginning

The other day I was listening to an excellent episode of The Art of Network Engineering talking about technical marketing engineers (TME). The discussion was excellent and there was one line from Pete Lumbis in the episode that stuck with me. He said that one of the things that makes you good as a TME is being an “expert beginner”. That phrase resonates at lot with me.

Fresh Eyes on the Problem

I talked a bit about this last year when I talked about being a beginner and how exciting that it was to start over with something. As I compared that post to the AONE episode I realized that what Pete was talking about was a shift in mindset that gives you the energy and focus to pick things up quickly.

You may have heard the phrase “familiarity breeds contempt”. It’s a common phrase used to describe how we feel less impressed with things the more we learn about then. Our brains are wired to enjoy new things. We love new experiences, going to new places, or even meeting new people. The excitement and rush that we get from something unfamiliar causes our brain to devour things. It’s only Continue reading

BrandPost: Driving Impact: The AI Capabilities That Deliver Value

Your network is the heartbeat of the user experience. When it goes down, employees and customers get frustrated, which can lead to reduced productivity, abandoned sales, and other unwelcome business results. And there’s further frustration if users must call or submit a support ticket to IT. This extra step slows resolution. How can an organization avoid this scenario?The answer is experience-first networking, which includes a strong network infrastructure with visibility into how it’s performing. This approach provides the best possible experience for network operators who must keep the network heartbeat thrumming, as well as end users who keep the business moving.To read this article in full, please click here

BrandPost: Why You Need the Ability to Explain AI

Trust is a critical factor in most aspects of life. But this is especially true with complex concepts like artificial intelligence (AI). In a word, it’s essential for day-to-day users to trust these technologies will work.“AI is so complicated that it can be difficult for operators and users to have confidence that the system will do what it’s supposed to do,” said Andrew Burt, Managing Partner, BNH.AI.Without trust, individuals will remain uncertain, doubtful, and possibly even fearful of AI solutions, and those concerns can seep into implementations.To read this article in full, please click here

Technology Short Take 164

Welcome to Technology Short Take #164! I’ve got another collection of links to articles on networking, security, cloud, programming, and career development—hopefully you find something useful!

Networking

  • William Morgan’s 2022 service mesh recap captures some of the significant events in service mesh in 2022, although through a Linkerd-colored lens. I do agree that the synergy between service mesh and the Gateway API was a surprise for a lot of folks, but they really are a good match.
  • Back in October of last year, Tom Hollingsworth weighed in on Hedgehog, the networking company that has set out to commercialize SONiC, a Linux-based NOS used extensively in Azure.
  • Ah, the bygone sounds of yesteryear…what a blast from the past!

Servers/Hardware

  • What do you think of the ThinkPhone? (Hat tip to James Kane for bringing this to my attention.)
  • I just found this article buried in my list of “articles to include in a future TST”: it’s a list of blade server resources from “blade server guy” Kevin Houston.

Security

Cloud Computing/Cloud Management

BrandPost: A Close Look at a Retailer’s Modern Network – and its ROI

Artificial intelligence (AI) solutions are grabbing headlines for good reasons. These technologies — which include intelligent automation, machine learning (ML), and natural language processing (NLP) — are delivering business value and easing the workloads of IT and network teams.For example, an AI-driven network can reduce the need for IT staff to: Travel to remote locations to provision network capabilities Spend days pushing out updated network configurations to access points Manually stitch together information to gain visibility into incidents Spend hours or days troubleshooting network support tickets AI-enabled network solutions can also help IT teams rapidly deliver network enhancements and get ahead of issues before they become problems. The combination of AI, ML, and data science enables automated event correlation, root cause identification, anomaly detection, and more. Together, these technologies optimize operations across wireless, wired, and SD-WAN networks.To read this article in full, please click here

1 360 361 362 363 364 3,841