Network Automation: a Service Provider Perspective

Antti Ristimäki left an interesting comment on Network Automation Considered Harmful blog post detailing why it’s suboptimal to run manually-configured modern service provider network.

I really don’t see how a network any larger and more complex than a small and simple enterprise or campus network can be developed and engineered in a consistent manner without full automation. At least routing intensive networks might have very complex configurations related to e.g. routing policies and it would be next to impossible to configure them manually, at least without errors and in a consistent way.

Read more …

Network Automation: a Service Provider Perspective

Antti Ristimäki left an interesting comment on Network Automation Considered Harmful blog post detailing why it’s suboptimal to run manually-configured modern service provider network.

I really don’t see how a network any larger and more complex than a small and simple enterprise or campus network can be developed and engineered in a consistent manner without full automation. At least routing intensive networks might have very complex configurations related to e.g. routing policies and it would be next to impossible to configure them manually, at least without errors and in a consistent way.

Read more …

Network Automation with CUE – Advanced workflows

What I’ve covered in the previous blog post about CUE and Ansible were isolated use cases, disconnected islands in the sea of network automation. The idea behind that was to simplify the introduction of CUE into existing network automation workflows. However, this does not mean CUE is limited to those use cases and, in fact, CUE is most powerful when it’s used end-to-end — both to generate device configurations and to orchestrate interactions with external systems. In this post, I’m going to demonstrate how to use CUE for advanced network automation workflows involving fetching information from an external device inventory management system, using it to build complex hierarchical configuration values and, finally, generating and pushing intended configurations to remote network devices.

CUE vs CUE scripting

CUE was designed to be a simple, scalable and robust configuration language. This is why it includes type checking, schema and constraints validation as first-class constructs. There are some design decisions, like the lack of inheritance or value overrides, that may take new users by surprise, however over time it becomes clear that they make the language simpler and more readable. One of the most interesting features of CUE, though, is that all code Continue reading

Using the zip and zipcloak commands on Linux

Both the Linux zip and zipcloak commands can create encrypted zip files, but they have some important and interesting differences. Here’s what you need to know about how they work and what you should understand when using them.zip The zip command provides an easy way to take a group of files and squeeze their content into a single smaller file. To join a group of files into a single file—often done to make copying them to other systems considerably easier—use a command like the one shown below. The first argument is the name to be used for the zip file and is followed by the list of files to be included.To read this article in full, please click here

Using the zip and zipcloak commands on Linux

Both the Linux zip and zipcloak commands can create encrypted zip files, but they have some important and interesting differences. Here’s what you need to know about how they work and what you should understand when using them.zip The zip command provides an easy way to take a group of files and squeeze their content into a single smaller file. To join a group of files into a single file—often done to make copying them to other systems considerably easier—use a command like the one shown below. The first argument is the name to be used for the zip file and is followed by the list of files to be included.To read this article in full, please click here

Reference Architecture and Easy Deployment Design Guides – NSX 3.2 Update

We are excited to announce an updated version of the NSX Reference Design and the NSX Easy Adoption Design guide based on the generally available NSX-T release 3.2. NSX-T 3.2 is part of the recently released VCF 4.5 software bundle, making it a very popular release among our customers.

To support you in your network and security virtualization journey, we introduced the NSX-T reference architecture design guide on the NSX-T 2.0 release, showing how you should design your data centers with NSX-T. Over time we introduced additional design guides such as the NSX-T Multi-Location Design Guide (Federation + Multisite), the Easy Adoption Design guide, and the NSX-T Data Center and EUC Design Guide for more specific use cases.

These latest updates cover the new features included in the 3.2 versions and the design and implementation guidelines we developed working tightly with our customers on their NSX projects.

The NSX Reference Design guide version 3.2

This document is the most essential document for any NSX practitioner. Whether you are just starting with NSX or have already successfully implemented NSX in your environment, the NSX Reference Design guide provides a clear and detailed description Continue reading

Why I Joined Rafay

Recently I made the decision to join Rafay Systems. I had been in Enterprise IT for over two decades (all in networking), and most recently at multicloud networking pioneer Aviatrix Systems. So what made me want to join Rafay? In a nutshell – application modernization. Although Multicloud Networking has grown to the point where Gartner … Continue reading Why I Joined Rafay

UK competition agency launches inquiry into Broadcom’s $61B VMware buy

The UK’s Competition and Market’s Authority (CMA) has announced it is investigating Broadcom’s proposed acquisition of VMware to determine whether the deal would raise problems for competition.Semiconductor manufacturer and infrastructure software giant Broadcom first announced its intention to acquire VMware in May, in a deal worth $61 billion in stock and cash. However, not everyone is happy with the proposed deal, with senior analyst for Forrester, Tracy Woo, noting back in September that Broadcom had a poor track record when it came to previous acquisitions.To read this article in full, please click here

Tech Bytes: Boosting WAN Speeds While Cutting Costs With VMware SD-WAN (Sponsored)

On today’s Tech Bytes podcast, sponsored by VMware, we explore a real-world SD-WAN deployment. A customer in the automotive industry needed a better way to share large CAD files among global sites, and its MPLS network wasn’t cutting it. The company also wanted to lower WAN costs while improving performance of business apps. We talk with Coevolve, a VMware partner, on how Coevolve helped the automotive company deploy and operate a global SD-WAN from VMware that increased bandwidth by a factor of 10 and cut costs by as much as 40 percent.

Tech Bytes: Boosting WAN Speeds While Cutting Costs With VMware SD-WAN (Sponsored)

On today’s Tech Bytes podcast, sponsored by VMware, we explore a real-world SD-WAN deployment. A customer in the automotive industry needed a better way to share large CAD files among global sites, and its MPLS network wasn’t cutting it. The company also wanted to lower WAN costs while improving performance of business apps. We talk with Coevolve, a VMware partner, on how Coevolve helped the automotive company deploy and operate a global SD-WAN from VMware that increased bandwidth by a factor of 10 and cut costs by as much as 40 percent.

The post Tech Bytes: Boosting WAN Speeds While Cutting Costs With VMware SD-WAN (Sponsored) appeared first on Packet Pushers.

Network Break 408: Arista Launches Network Automation Pipeline; Palo Alto Targets Software Supply Chain Security

Take a Network Break! This week we cover a new continuous integration pipeline from Arista Networks to support network automation, Cisco's intention to open a new silicon design center in Spain, and Apple spending $450 million to support emergency text messaging using satellites. We also discuss Palo Alto Networks spending $195 million for Cider Security, financial results, and more.

Network Break 408: Arista Launches Network Automation Pipeline; Palo Alto Targets Software Supply Chain Security

Take a Network Break! This week we cover a new continuous integration pipeline from Arista Networks to support network automation, Cisco's intention to open a new silicon design center in Spain, and Apple spending $450 million to support emergency text messaging using satellites. We also discuss Palo Alto Networks spending $195 million for Cider Security, financial results, and more.

The post Network Break 408: Arista Launches Network Automation Pipeline; Palo Alto Targets Software Supply Chain Security appeared first on Packet Pushers.

BrandPost: Taking the Pulse of Data Center Automation

By: Arun Gandhi, Senior Manager of Product Marketing at Juniper NetworksWhen you’re trying to convince companies to modernize, it can seem like you’re shouting into the void. Sure, they understand that what you’re advocating is important, but knowing you should do something and actually doing it are two different things.This has been the story around data center network automation for the last several years.We all know that data centers have become more complex and critical to most businesses. So, finding a way to enable more agile and efficient operations should be on every company’s to-do list. Yet, even with organizations that could benefit most from automation — communication service providers (CSPs) and enterprises managing large, distributed data centers — actual implementation has been slow. Fortunately, we seem to be turning a corner.To read this article in full, please click here

3 new Ansible automation hub updates

Beyond the buzz at AnsibleFest 2022 around event-driven automation, availability of Ansible in  AWS and Azure marketplaces, and Project Wisdom, some important changes were happening within Ansible automation hub, so let's take a closer look at the latest developments. 

 

Content signing for enhanced security

Content signing is a new feature currently available in technology preview in Ansible Automation Platform 2.2 and will be generally available with the release of 2.3. Content signing provides the framework to establish a secure chain-of-custody so you can consume, publish, and share Ansible content with more confidence that it is less vulnerable to tampering and malicious code. With content signing, you now have more control over compliance and your organization's internal security requirements. 

In addition, we have completed signing all of Red Hat Ansible Certified Collections available in Ansible automation hub, and we will work with our partners to sign any new content as it's released.  

Private automation hub is your internal content repository for automation execution environments as well as Ansible content you create or download from Ansible automation hub. In a future release, we hope to enable signing both content and execution environments Continue reading

Mastering Active Directory groups can streamline management, pave way for automation

On the surface, Active Directory groups are a simple and straightforward way to manage identities (users and/or computers) and assign permissions. Users or computers are added as group members, and the group is referenced in access control lists (ACL) on file shares, mailboxes, applications, or other corporate resources. But experienced admins know that this simplicity quickly goes out the window as environments scale. As group memberships grow, management of memberships becomes increasingly complex.Over the years, Microsoft and others have developed best practices for managing groups and permissions in an Active Directory environment. These strategies are something of a lost art, but there’s value to be gained by leveraging these layers of sophistication.To read this article in full, please click here

Mastering Active Directory groups can streamline management, pave way for automation

On the surface, Active Directory groups are a simple and straightforward way to manage identities (users and/or computers) and assign permissions. Users or computers are added as group members, and the group is referenced in access control lists (ACL) on file shares, mailboxes, applications, or other corporate resources. But experienced admins know that this simplicity quickly goes out the window as environments scale. As group memberships grow, management of memberships becomes increasingly complex.Over the years, Microsoft and others have developed best practices for managing groups and permissions in an Active Directory environment. These strategies are something of a lost art, but there’s value to be gained by leveraging these layers of sophistication.To read this article in full, please click here

netlab: IRB with Anycast Gateways

netlab release 1.4 added support for static anycast gateways and VRRP. Today we’ll use that functionality to add anycast gateways to the VLAN trunk lab:

Lab topology

Lab topology

We’ll start with the VLAN trunk lab topology and make the following changes:

  • We’ll rearrange the node list to make sure the switches get the lowest possible node ID:
nodes: [ s1, s2, h1, h2, h3, h4 ]
  • The switches have to use the new gateway module:
groups: switches: members: [ s1, s2 ] module: [ vlan, gateway ] device: eos
  • We have to enable first-hop gateway on VLAN links:
vlans: red: gateway: True blue: gateway: True
  • The default FHRP protocol is anycast (we could also use VRRP), and the default shared IP address is the last IP address in the subnet. We’ll use the first IP address in the subnet:
gateway.id: 1

After starting the lab you’ll notice the change in node identifiers and interface IP addresses. Without the anycast gateway, netlab assigns node ID 1 (and loopback IP address 10.0.0.1) to S1. Now that the node ID 1 is reserved, S1 gets loopback address 10.0.0.2.

The only other change on the Continue reading

Looking at Centrality in the DNS

Many aspects of the digital environment are dominated by a small clique of extremely large enterprises. Meta and Twitter may be teetering at the moment, but we have Google, Apple, Microsoft and Amazon who are still strongly dominant in their respective markets. Looking further afield, what about our common infrastructure services that everyone is forced to rely upon? How's the Domain Name System faring? Is the DNS also falling under the influence of these digital hypergiants? Or is the DNS still highly distributed and resisting the trends of centralization? Lets take a look at some DNS data to see if we can answer this question.
1 397 398 399 400 401 3,841