0

Walking on Clouds with Ansible

Today is a good day, and when it's a day like this we often feel like we are walking on clouds. With this latest announcement for the newest Red Hat Ansible Certified Collections available to our customers on the 28th of November, I am sure many cloud practitioners will be anticipating what the future will bring for their cloud automation. 

Over the last few months, there has been a fair amount of activity in the Ansible team showing how Red Hat Ansible Automation Platform can extend and connect different technologies. This has been a crucial component of Ansible’s success in cloud automation for many customers.

 

Cloud automation requires the ability to perform many different complicated tasks and cover just as many domains. Often, organizations have different technologies to meet specific requirements and needs. One of the technologies widely used is Terraform.  

We have done a number of blogs recently on the topic, ranging from a simple example of using Terraform with Ansible Automation Platform - Terraforming Clouds with Ansible, to in-depth looks at the differences between the tools - Ansible vs Terraform Demystified and Ansible vs Terraform, clarified. AnsibleFest 2022 even featured a lab where we Continue reading

0

The Linux Kernel Key Retention Service and why you should use it in your next application

We want our digital data to be safe. We want to visit websites, send bank details, type passwords, sign documents online, login into remote computers, encrypt data before storing it in databases and be sure that nobody can tamper with it. Cryptography can provide a high degree of data security, but we need to protect cryptographic keys.

At the same time, we can’t have our key written somewhere securely and just access it occasionally. Quite the opposite, it’s involved in every request where we do crypto-operations. If a site supports TLS, then the private key is used to establish each connection.

Unfortunately cryptographic keys sometimes leak and when it happens, it is a big problem. Many leaks happen because of software bugs and security vulnerabilities. In this post we will learn how the Linux kernel can help protect cryptographic keys from a whole class of potential security vulnerabilities: memory access violations.

Memory access violations

According to the NSA, around 70% of vulnerabilities in both Microsoft's and Google's code were related to memory safety issues. One of the consequences of incorrect memory accesses is leaking security data (including cryptographic keys). Cryptographic keys are just some (mostly random) data stored in Continue reading

0

So You Want to Be a Network Administrator

Thick skin required. Any application or service performance problem incurred will inevitably lead a network administrator having to prove that it’s not a network problem.

0

Data-center requirements should drive network architecture

If you like survey data, here’s an interesting fact for you. Every year since 2000, when I started surveying enterprises on the question, the most important factor driving investment and change in enterprise networks was the data center. It’s like the network is the tail of a big, fuzzy, maybe-largely-invisible dog, and it’s time we look at where that dog might be leading us.Today’s virtual private networks (VPNs) evolved from the days when companies leased time-division-multiplexed (TDM) lines and connected their own routers. That approach focused companies on how to network sites, and they now think about networking people instead. But people are half the story; the other half is what the people are doing, which is accessing (increasingly via the cloud) data-center applications and databases.To read this article in full, please click here

0

Data-center requirements should drive network architecture

If you like survey data, here’s an interesting fact for you. Every year since 2000, when I started surveying enterprises on the question, the most important factor driving investment and change in enterprise networks was the data center. It’s like the network is the tail of a big, fuzzy, maybe-largely-invisible dog, and it’s time we look at where that dog might be leading us.Today’s virtual private networks (VPNs) evolved from the days when companies leased time-division-multiplexed (TDM) lines and connected their own routers. That approach focused companies on how to network sites, and they now think about networking people instead. But people are half the story; the other half is what the people are doing, which is accessing (increasingly via the cloud) data-center applications and databases.To read this article in full, please click here

0

netlab Release 1.4.1: Cisco ASAv

The star of the netlab release 1.4.1 is Cisco ASAv support: IPv4 and IPv6 addressing, IS-IS and BGP, and libvirt box building instructions.

Other new features include:

• VRRP on VyOS
• Anycast gateway and VRRP on Dell OS10 (with a bunch of caveats)
• Unnumbered OSPF interfaces on VyOS
• Support for all EVPN bundle services
• FRR version 8.4.0

Upgrading is as easy as ever: execute pip3 install --upgrade networklab.

New to netlab? Start with the Getting Started document and the installation guide.

0

netlab Release 1.4.1: Cisco ASAv

The star of the netlab release 1.4.1 is Cisco ASAv support: IPv4 and IPv6 addressing, IS-IS and BGP, and libvirt box building instructions.

Other new features include:

• VRRP on VyOS
• Anycast gateway and VRRP on Dell OS10 (with a bunch of caveats)
• Unnumbered OSPF interfaces on VyOS
• Support for all EVPN bundle services
• FRR version 8.4.0

Upgrading is as easy as ever: execute pip3 install --upgrade networklab.

New to netlab? Start with the Getting Started document and the installation guide.

0

Coding Packets the Shazam Edition

https://codingpackets.com/blog/coding-packets-the-shazam-edition

0

Day Two Cloud Invite: Recording At TopGolf Las Vegas Nov. 30, 2022

If you're headed to AWS re:Invent in Las Vegas, you can catch Ned & me recording a show live. On Wednesday, November 30, 2022, we’ll be at TopGolf with sponsor Prosimo from 4 to 7 pm. Join us to have some fun! Links and drinks, meet fellow engineers building clouds for their companies, and then watch us record the show. Space is limited, so register at prosimo.io. We’ll see you at TopGolf Las Vegas on Wednesday the 30th!

0

Day Two Cloud Invite: Recording At TopGolf Las Vegas Nov. 30, 2022

If you're headed to AWS re:Invent in Las Vegas, you can catch Ned & me recording a show live. On Wednesday, November 30, 2022, we’ll be at TopGolf with sponsor Prosimo from 4 to 7 pm. Join us to have some fun! Links and drinks, meet fellow engineers building clouds for their companies, and then watch us record the show. Space is limited, so register at prosimo.io. We’ll see you at TopGolf Las Vegas on Wednesday the 30th!

The post Day Two Cloud Invite: Recording At TopGolf Las Vegas Nov. 30, 2022 appeared first on Packet Pushers.

0

Congestion Control Algorithms Are Not Fair

Creating a mathematical model of queuing in a distributed system is hard (Queuing Theory was one of the most challenging ipSpace.net webinars so far), and so instead of solutions based on control theory and mathematical models we often get what seems to be promising stuff.

Things that look intuitively promising aren’t always what we expect them to be, at least according to an MIT group that analyzed delay-bounding TCP congestion control algorithms (CCA) and found that most of them result in unfair distribution of bandwidth across parallel flows in scenarios that diverge from spherical cow in vacuum. Even worse, they claim that:

[…] Our paper provides a detailed model and rigorous proof that shows how all delay-bounding, delay-convergent CCAs must suffer from such problems.

It seems QoS will remain spaghetti-throwing black magic for a bit longer…

0

Congestion Control Algorithms Are Not Fair

Creating a mathematical model of queuing in a distributed system is hard (Queuing Theory was one of the most challenging ipSpace.net webinars so far), and so instead of solutions based on control theory and mathematical models we often get what seems to be promising stuff.

Things that look intuitively promising aren’t always what we expect them to be, at least according to an MIT group that analyzed delay-bounding TCP congestion control algorithms (CCA) and found that most of them result in unfair distribution of bandwidth across parallel flows in scenarios that diverge from spherical cow in vacuum. Even worse, they claim that:

[…] Our paper provides a detailed model and rigorous proof that shows how all delay-bounding, delay-convergent CCAs must suffer from such problems.

It seems QoS will remain spaghetti-throwing black magic for a bit longer…

0

Mastodon – Part 3 – statsd and Prometheus

About this series

I have seen companies achieve great successes in the space of consumer internet and entertainment industry. I’ve been feeling less enthusiastic about the stronghold that these corporations have over my digital presence. I am the first to admit that using “free” services is convenient, but these companies are sometimes taking away my autonomy and exerting control over society. To each their own of course, but for me it’s time to take back a little bit of responsibility for my online social presence, away from centrally hosted services and to privately operated ones.

In my [first post], I shared some thoughts on how I installed a Mastodon instance for myself. In a [followup post] I talked about its overall architecture and how one might use Prometheus to monitor vital backends like Redis, Postgres and Elastic. But Mastodon itself is also an application which can provide a wealth of telemetry using a protocol called [StatsD].

In this post, I’ll show how I tie these all together in a custom Grafana Mastodon dashboard!

Mastodon Statistics

I noticed in the [Mastodon docs], that there’s a one-liner breadcrumb that might be easy to overlook, Continue reading

0

Worth Reading: Troubleshooting EVPN Control Plane

When trying to decide whether to use EVPN for your next data center fabric, you might want to consider how easy it is to configure and troubleshoot.

You’ll find a few configuration hints in the Multivendor Data Center EVPN part of the EVPN Technical Deep Dive webinar. For the troubleshooting part, check out the phenomenal Troubleshooting EVPN with Arista EOS article by Tony Bourke.

0

Worth Reading: Troubleshooting EVPN Control Plane

When trying to decide whether to use EVPN for your next data center fabric, you might want to consider how easy it is to configure and troubleshoot.

You’ll find a few configuration hints in the Multivendor Data Center EVPN part of the EVPN Technical Deep Dive webinar. For the troubleshooting part, check out the phenomenal Troubleshooting EVPN with Arista EOS article by Tony Bourke.

0

Palo Packet Captures

Information on running packet captures and debugging commands to follow traffic flows.

0

An early look at Thanksgiving 2022 Internet trends

"The more you practice the art of thankfulness, the more you have to be thankful for."

— Norman Vincent Peale, American author  

The turkey. The sweet potatoes. The stuffing. The pumpkin pie. Yesterday, November 24, 2022, was Thanksgiving Day in the US. A time for families and loved ones to be together and thankful, according to the tradition. Last year, we saw how the US paused shopping (and browsing) for Thanksgiving. So, how was it this year? Not only did we see Internet traffic go down (by 13%) during Thanksgiving dinner, but it was much higher than usual the day before and the day after (the Black Friday effect… so far). There was also a clear, but short, Thanksgiving day effect on e-commerce DNS trends.

We'll have to wait to see what Black Friday looks like.

Let’s start with Internet traffic at the time of Thanksgiving dinner. Although every family is different, a 2018 survey of US consumers showed that for 42% early afternoon (between 13:00 and 15:00 is the preferred time to sit at the table and start to dig in). But 16:00 seems to be the “correct time” — The Atlantic explains why.

That said, Cloudflare Continue reading

0

How Cloud Computing Adoption Has Accelerated in the Remote Work Era

Our personal and professional lives are fundamentally shaped by technology, and there is, to a growing extent, an increased reliance on cloud computing for remote work today.

0

Cloudflare servers don’t own IPs anymore – so how do they connect to the Internet?

A lot of Cloudflare's technology is well documented. For example, how we handle traffic between the eyeballs (clients) and our servers has been discussed many times on this blog: “A brief primer on anycast (2011)”, "Load Balancing without Load Balancers (2013)", "Path MTU discovery in practice (2015)",  "Cloudflare's edge load balancer (2020)", "How we fixed the BSD socket API (2022)".

However, we have rarely talked about the second part of our networking setup — how our servers fetch the content from the Internet. In this blog we’re going to cover this gap. We'll discuss how we manage Cloudflare IP addresses used to retrieve the data from the Internet, how our egress network design has evolved and how we optimized it for best use of available IP space.

Brace yourself. We have a lot to cover.

Terminology first!

Each Cloudflare server deals with many kinds of networking traffic, but two rough categories stand out:

• Internet sourced traffic - Inbound connections initiated by eyeball to our servers. In the context of this blog post we'll call these "ingress connections".
• Cloudflare sourced traffic - Outgoing connections initiated by our servers to other Continue reading

0

Heavy Networking 657: New VMware Client Connects Users To SASE, SD-WAN (Sponsored)

Today on Heavy Networking, a discussion with sponsor VMware about SD-WAN and SASE. We’re diving into announcements from VMware Explore Barcelona 2022 covering a new SD-WAN client and more. With this client, you’ll be able to connect your users to the SASE cloud with software--no hardware edge box required. We dive into how it works, the network architecture, use cases, and more.