NetworkingNexus.net

Case Study: Hootsuite

hootsuite-ansible

Hootsuite, the excellent social media management platform used by over 75% of the Fortune 500, is a big fan of Ansible and uses it for app deployment. Beier Cai, the Director of Technology at Hootsuite was kind enough to speak to us about how Hootsuite uses Asnible to overcome their business challenges.

“Our infrastructure is not scripted, repeatable or immutable. Rebuilding a server relies on limited documentation and mostly memory. Lack of repeatability makes automating our infrastructure and application deployment difficult.

Read the full case study amd learn how Ansible solves their problems here.

Read more about Ansible and App Deployment.

Unified wireless: AP template rename

On the Unified Wireless controllers, it is common to enable the auto-ap and auto-persistent features to make it easy to adopt new Access Points. The new APs will be discovered and auto-registered as AP template based on the AP MAC … Continue reading →

Unified wireless : AP console/telnet access

With the Unified controllers, the APs which come online will dynamically get their configuration from the controller when they establish the LWAPP tunnel. When AP based feature are configured, such as AP provisioning or AP-based user authentication (de-central authentication), it … Continue reading →

Training Wheels and Protective Gear

Throughout the development cycle of new features and functions for any network platform (or probably most other products not targeted at the mass market consumer) this one question will always come up: should we protect the user of our product from doing this? And “this” is always something that would allow the user of the product to really mess things up if not done right. As a product management organization you almost have to take a philosophical stand when it comes to these questions.

Protect the user

Sure enough, the question came up last week as part of the development of one our features. When putting the finishing touches on a feature that allows very direct control over some of the fundamental portions of what creates a Plexxi fabric, our QA team (very appropriately) raised the concern: if the user does this, bad things can happen, should we not allow the user to change this portion of the feature?

This balancing act is part of what as made networking as complex as it has become. As an industry we have been extremely flexible in what we have exposed to our users. We have given access to portions of our products Continue reading

I Challenge Me And You To 30 Blogs in 30 days

Advertise here with BSA

There are many people who are dissatisfied with the social media platforms. I am too. I'm challenging myself to blog 30 times in 30 days to highlight the blog as the best social media platform.

Advertise here with BSA

The post I Challenge Me And You To 30 Blogs in 30 days appeared first on EtherealMind.

VXLAN and OTV: The Saga Continues

Randall Greer left a comment on my Revisited: Layer-2 DCI over VXLAN post saying:

Could you please elaborate on how VXLAN is a better option than OTV? As far as I can see, OTV doesn't suffer from the traffic tromboning you get from VXLAN. Sure you have to stretch your VLANs, but you're protected from bridging failures going over your DCI. OTV is also able to have multiple edge devices per site, so there's no single failure domain. It's even integrated with LISP to mitigate any sub-optimal traffic flows.

Before going through the individual points, let’s focus on the big picture: the failure domains.

Show 208 – So, You Want To Work For A Vendor?

Lauren Malhoit, Paul Stewart, and Ed Henry join Packet Pushers hosts Greg Ferro and Ethan Banks for a discussion about what it’s like to work for a networking vendor. Lauren and Paul recently started working at Cisco in two very different roles, while Ed went the startup route, landing at Plexxi. Why did they do it? What […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 208 – So, You Want To Work For A Vendor? appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Response to Kathy Sierra

People are asking me about this post from Kathy Sierra. It’s inaccurate, twisted, and personally insulting. That Kathy was doxxed and harassed 7 years is indeed an awful thing, but that doesn’t justify her own bad behavior toward others.

I always defend targets of lynch mobs, such as accused Boston Bomber Dzhokhar Tsarnaev. To the right is a picture of what appears to be Tsarnaev placing the bomb right behind 9 year old boy Martin Richards who died in the blast. I feel sick to my stomach looking at it. But here’s the thing: Tsarnaev is an American citizen, and I will vigorously defend his rights to due process. When they violated his civil rights, interrogating him for days while he hung near death in his hospital bed, begging for a lawyer, I vocally condemned this. All fruits of that interrogation need to be thrown out, even if it means Tsarnaev goes free. And I have no problem saying this to the face of Martin Richard’s parents.

Weev may be a bad human being, but he’s not as vile as mass bomber. I likewise defend him from lynch mobs. His arbitrary conviction and imprisonment under the CFAA was a gross Continue reading

Blessay: Human Infrastructure Poverty & Over-Capitalisation In The Enterprise – Part 2

Advertise here with BSA

Is Enterprise IT starving its operational process by reducing headcount and overcapitalising on assets ? If so, what arguments can we make for or against this idea ? Part 2 of an essay on investing in people instead of equipment.

Advertise here with BSA

The post Blessay: Human Infrastructure Poverty & Over-Capitalisation In The Enterprise – Part 2 appeared first on EtherealMind.

Internet Regulation: Section 706 vs Title II

At the NANOG meeting in Baltimore this week I listened to a presentation by Patrick Gilmore on “The Open Internet Debate: Section 706 vs Title II”. It’s true that this is a title that would normally induce a comatose reaction from any audience, but don’t let the title put you off. Behind this is an impassioned debate about the nature of the retail Internet for the United States, and, I suspect, a debate about the Internet itself and the nature of the industry that provides it.

A bit of maintenance

I am currently performing a bit of maintenance on the blog (moving host), so there might be some small errors here and there. I apologise for this! – Hopefully everything will be up and running smoothly in a few days time.

Thank you for your patience!

/KP

Technology Short Take #45

Welcome to Technology Short Take #45. As usual, I’ve gathered a collection of links to various articles pertaining to data center-related technologies for your enjoyment. Here’s hoping you find something useful!

Networking

Cormac Hogan has a list of a few useful NSX troubleshooting tips.
If you’re not really a networking pro and need a “gentle” introduction to VXLAN, this post might be a good place to start.
Also along those lines—perhaps you’re a VMware administrator who wants to branch into networking with NSX, or you’re a networking guru who needs to learn more about how this NSX stuff works. vBrownBag has been running a VCP-NV series covering various objectives from the VCP-NV exam. Check them out—objective 1, objective 2, objective 3, and objective 4 have been posted so far.

Servers/Hardware

I’m going to go out on a limb and make a prediction: In a few years time (let’s say 3–5 years), Intel SGX (Software Guard Extensions) will be regarded as important if not more important than the virtualization extensions. What is Intel SGX, you ask? See here, here, and here for a breakdown of the SGX design objectives. Let’s be real—the ability for an Continue reading

Cisco NX-API 1.0 Update

In review, NX-API is a new, programmatic method of interacting with a Cisco Nexus switch. In many ways, Cisco is playing catch-up here, since this interface is really just a wrapper for the CLI (admittedly with some convenient output parsing), and most of their competitors have had similar interfaces for a while. Nevertheless, it is better than scraping an SSH session, so it’s worth looking into.

I’d like to go over a few new things you should know about if you are or will be working with this interface.

NX-API 1.0 Updates

From a strictly API perspective, not a lot seems to have changed. I would be more specific, but as of yet I’ve been unable to find release notes from Cisco on what’s changed from 0.1 to 1.0. If I ever find something like this, I’ll get my hands on it – part of publishing a good API means publishing good documentation, and Continue reading

Talking Tech Series: VMware NSX Edge Scale Out with Equal-Cost Multi-Path Routing

This post was written by Roie Ben Haim and Max Ardica, with a special thanks to Jerome Catrouillet, Michael Haines, Tiran Efrat and Ofir Nissim for their valuable input.

****

The modern data center design is changing, following a shift in the habits of consumers using mobile devices, the number of new applications that appear every day and the rate of end-user browsing which has grown exponentially. Planning a new data center requires meeting certain fundamental design guidelines. The principal goals in data center design are: Scalability, Redundancy and High-bandwidth.

In this blog we will describe the Equal Cost Multi-Path functionality (ECMP) introduced in VMware NSX release 6.1 and discuss how it addresses the requirements of scalability, redundancy and high bandwidth. ECMP has the potential to offer substantial increases in bandwidth by load-balancing traffic over multiple paths as well as providing fault tolerance for failed paths. This is a feature which is available on physical networks but we are now introducing this capability for virtual networking as well. ECMP uses a dynamic routing protocol to learn the next-hop towards a final destination and to converge in case of failures. For a great demo of how this works, you can Continue reading

Dependency management and organic IT integrations

If the future of IT is about integrated infrastructure, where will this integration take place? Most people will naturally tend to integrate systems and tools that occupy adjacent spaces in common workflows. That is to say that where two systems must interact (typically through some manual intervention), integration will take place. If left unattended, integration will grow up organically out of the infrastructure.

But is organic growth ideally suited for creating a sustainable infrastructure?

A with B with C

In the most basic sense, integration will tend to occur at system boundaries. If A and B share a boundary in some workflow, then integrating A with B makes perfect sense. And if B and C share a boundary in a different (or even further down the same) workflow, then it makes equal sense to integrate B with C.

In less abstract terms, if you use a monitoring application to detect warning conditions on the network, then integrating the monitoring application and the network makes good sense. If that system then flags issues that trigger some troubleshooting process, then integrating the tools with your help desk ticketing system might make sense to automatically open up trouble tickets as issues arise.

In Continue reading

Technology Short Take #45

Networking

Cormac Hogan has a list of a few useful NSX troubleshooting tips.
If you’re not really a networking pro and need a “gentle” introduction to VXLAN, this post might be a good place to start.
Also along those lines—perhaps you’re a VMware administrator who wants to branch into networking with NSX, or you’re a networking guru who needs to learn more about how this NSX stuff works. vBrownBag has been running a VCP-NV series covering various objectives from the VCP-NV exam. Check them out–objective 1, objective 2, objective 3, and objective 4 have been posted so far.

Servers/Hardware

I’m going to go out on a limb and make a prediction: In a few years time (let’s say 3-5 years), Intel SGX (Software Guard Extensions) will be regarded as important if not more important than the virtualization extensions. What is Intel SGX, you ask? See here, here, and here for a breakdown of the SGX design objectives. Let’s be real—the ability for an Continue reading

Wget off the leash

As we all know, to grab a website with wget, we'll use the "-r" option to "recurse" through all the links. There is also the '-H' option, means that wget won't restrict itself to just one host. In other words, with '-r -H' together, it'll try to spider the entire Internet. So I did that to see what would happen.

Well, for a 32-bit bit process, what happened is that after more than a month, it ran out of memory. It maintained an ever growing list of URLs that it has to visit, which can easily run in the millions. At a hundred bytes per URL and 2-gigabytes of virtual memory, it'll run out of memory after 20 million URLs -- far short of the billions on the net. That's what you see below, where 'wget' has crashed exhausting memory. Below that I show the command I used to launch the process, starting at cnn.com as the seed with a max timeout of 5 seconds.

How much data did I download from the Internet? According to 'du', the answer is 18-gigabytes, as seen in the following screenshot:

It reached 79425 individual domains, far short of the millions it held Continue reading

Six-month anniversary scan for Heartbleed

I just launched my six-month anniversary scan for Heartbleed. I'll start reporting early results tomorrow afternoon. I'm dialing the scan to run slowly and spreading it across four IP addresses (and 32k ports) in order to avoid unduly alarming people.

If you would like the results of the scan for your subnet, send us your address ranges to our "abuse@" email address. We'll lookup the abuse contact email for those ranges and send you what we found for that range. (This offer good through the end of October 2014).

Here is a discussion of the options.

--conf /etc/masscan/masscan.conf
You don't see this option, but it's the default. This is where we have the 'excluderanges' configured. Because we exclude everyone who contacts us an "opts-out" of our white-hat scans, we are down to scanning only 3.5 billion hosts now, out of around 4 billion.

0.0.0.0/0
The the "/0" means "the entire Internet". Actually, any valid IPv4 address can replace the 0.0.0.0 and it'll produce the same results, such as "127.0.0.0/0" to amuse your friends.

-p443
This says to scan on port 443, the default SSL port. At some point in Continue reading

Data Center Design Case Studies on Amazon – Take 2

In July I wrote about an Amazon Kindle version of my Data Center Design Case Studies book and complained about their royalties model. Someone quickly pointed out how to adapt to their system: split the book into multiple volumes and charge $9.99 for each.

It took me months to get there, but the first two volumes are finally on Amazon:

Cisco NX-API 1.0 Update

If you weren’t paying attention, it was easy to miss. NX-API, Cisco’s new JSON/XML switch API is now shipping as version 1.0. NX-API originated on the Nexus 9000 platform created by the Insieme group, and I’ve explored this in detail before. In review, NX-API is a new, programmatic method of interacting with a Cisco Nexus switch. In many ways, Cisco is playing catch-up here, since this interface is really just a wrapper for the CLI (admittedly with some convenient output parsing), and most of their competitors have had similar interfaces for a while.

« Previous 1 … 3,694 3,695 3,696 3,697 3,698 … 3,841 Next »