Wi-Fi 6E Growing Pains For Apple

You may have seen that the new iPad Pro has Wi-Fi 6E support. That caused a lot of my wireless friends to jump out and order one, as I expected. As I previously mentioned, 2023 is going to be a big year for Wi-Fi 6E. I was wrong about the 6E radio on the new iPhone but given the direction that Apple is going with the iPad Pro and probably the MacBook as well we’re in for a lot of fun. Why? Because Apple is changing their stance on how to configure 6GHz networks.

An SSID By Any Other Name

If you’ve ever set up wireless networks before you know there are some different suggestions about how to configure the SSIDs with multiple bands. One school of thought says that you need to combine both 2.4GHz and 5GHz in the same SSID and let the device figure out which one is the best to use. This is the way that I have mine set up at home.

However, if you do a quick Google search you’ll find a lot of other wisdom that suggests creating two different SSIDs that only work on a single band. The thought process Continue reading

Heavy Networking 653: Design, Deploy, And Operate With Nokia Data Center Fabric Solution (Sponsored)

Today’s Heavy Networking, sponsored by Nokia, dives into Nokia's fabric-based approach to data center automation and operations. That approach includes its SR Linux network OS, its Fabric Services System intent-based platform, its NetOps Development Kit, or NDK, and how all this ties together to address your operational life cycle across Day zero, Day 1, Day Two, and beyond.

Heavy Networking 653: Design, Deploy, And Operate With Nokia Data Center Fabric Solution (Sponsored)

Today’s Heavy Networking, sponsored by Nokia, dives into Nokia's fabric-based approach to data center automation and operations. That approach includes its SR Linux network OS, its Fabric Services System intent-based platform, its NetOps Development Kit, or NDK, and how all this ties together to address your operational life cycle across Day zero, Day 1, Day Two, and beyond.

The post Heavy Networking 653: Design, Deploy, And Operate With Nokia Data Center Fabric Solution (Sponsored) appeared first on Packet Pushers.

Technology Short Take 161

Welcome to Technology Short Take #161! It’s been a little over a month since the last Technology Short Take, although the Full Stack Journey recently did an “Audio Edition” of a Technology Short Take that you should probably check out. In any case, I’ve spent the last month collecting links to articles and tutorials from around the web on all the various technologies that us IT folk are likely to encounter in our day-to-day adventures. I hope there’s something here that you find useful!

Networking

Servers/Hardware

  • Howard Oakley has a great series on Apple Silicon; the series is up to three posts so far. The first post provides a high-level overview of how Apple Silicon M-series chips are different, and the second post has more details on the capabilities of the P and E cores. The third post Continue reading

Could I Use netlab instead of GNS3?

I’m often getting questions like “I’m using GNS3. Could I replace it with netlab?”

TL&DR: No.

You need a set of functions to build a network lab:

  • Virtualization environment (netlab supports VirtualBox, libvirt, Docker, and Podman)
  • An orchestration tool/system that will deploy network device images in such an environment (netlab supports Vagrant and containerlab)
  • A tool that will build orchestration system configuration (netlab core functionality)
Read more …

Could I Use netlab instead of GNS3?

I’m often getting questions along the lines of “I’m using GNS3. Could I replace it with netlab?"

TL&DR: No.

You need a set of functions to build a network lab:

  • Virtualization environment (netlab supports VirtualBox, libvirt, Docker, Podman)
  • An orchestration tool/system that will deploy network device images in such an environment (netlab supports Vagrant and containerlab)
  • A tool that will build orchestration system configuration (netlab core functionality)
Read more …

Data Validation using Pydantic Models

Data Validation using Pydantic Models

In the realm of automation, scripts often thrive on the variables they receive. These variables determine the actions the script will perform. However, if a script encounters a variable in a format or data type it doesn't expect, it might throw an error with a message that's about as clear as mud. This is where data validation comes into play.

Validating the data passed to a script is like giving it a road map to success. It ensures that the script knows what to expect and how to handle it. Whether the data is coming from another script or an end device, validation helps prevent those cryptic error messages and keeps your automation journey smooth sailing.

What is Data Validation?

Data validation is like the gatekeeper of your data world—it's all about ensuring that the data you're dealing with is accurate, reliable, and fits the requirements of whatever you're trying to do with it. Think of it as quality control for your data before you start using it in your programs or analyses. There are various ways to validate data depending on what you need it for and what rules it needs to follow. And that's where pydantic swoops in Continue reading

The Next Wave of Network Orchestration: MDSO

Demand for network automation and orchestration continues to rise as organizations reap the business and technical benefits it brings to their operations, including significant improvements in productivity, cost reduction and efficiency. As a result, many organizations are now looking to the next wave of network orchestration: orchestration across technology domains, more commonly known as Multi-Domain Service Orchestration (MDSO). Early adopters have learned that effectively leveraging automation and orchestration at the domain level doesn’t necessarily translate to the MDSO layer due to the different capabilities required to effectively coordinate and communicate across different technologies. While the potential benefits of MDSO are high, there are unique challenges in multidomain deployments that organizations must tackle. The most obvious difference when orchestrating across domains versus within specific domains is the need to design around the direction your network data will travel. Within a single domain, the activities are primarily focused north to south, and vice versa. Instructions are sent to the domain controller which executes the changes to the network functions. This makes single-domain orchestration relatively straightforward. When you start orchestrating across domains, however, things get a little more complex. Now you need to account for both north/south activities and also for a large Continue reading

Hedge 152: Joel King on the network and DevOps

DevOps, SecDevOps, GitDevOps—stick DevOps on the end of anything, and it will sound cool, generation FOMO in thousands (maybe millions). What does DevOps really mean to network engineers, though? In this episode of The Hedge, we discuss examples of how the Three Ways, (described in Part One of The DevOps Handbook) of Flow, Feedback, and Continual Learning with Joel King, a leading light in this field.

download

Kubernetes Unpacked 012: Getting Hands-On For The Certified Kubernetes Administrator (CKA) Cert

In this episode, Michael catches up with Chad Crowell to talk about the Certified Kubernetes Administrator (CKA) exam. They talk about why the certification is important, its hands-on emphasis, how you can study for the cert, and what you should know when going in to sit for the exam.

The post Kubernetes Unpacked 012: Getting Hands-On For The Certified Kubernetes Administrator (CKA) Cert appeared first on Packet Pushers.

Privacy Gateway: a privacy preserving proxy built on Internet standards

Privacy Gateway: a privacy preserving proxy built on Internet standards
Privacy Gateway: a privacy preserving proxy built on Internet standards

If you’re running a privacy-oriented application or service on the Internet, your options to provably protect users’ privacy are limited. You can minimize logs and data collection but even then, at a network level, every HTTP request needs to come from somewhere. Information generated by HTTP requests, like users’ IP addresses and TLS fingerprints, can be sensitive especially when combined with application data.

Meaningful improvements to your users’ privacy require a change in how HTTP requests are sent from client devices to the server that runs your application logic. This was the motivation for Privacy Gateway: a service that relays encrypted HTTP requests and responses between a client and application server. With Privacy Gateway, Cloudflare knows where the request is coming from, but not what it contains, and applications can see what the request contains, but not where it comes from. Neither Cloudflare nor the application server has the full picture, improving end-user privacy.

We recently deployed Privacy Gateway for Flo Health Inc., a leading female health app, for the launch of their Anonymous Mode. With Privacy Gateway in place, all request data for Anonymous Mode users is encrypted between the app user and Flo, which prevents Flo Continue reading

Stronger than a promise: proving Oblivious HTTP privacy properties

Stronger than a promise: proving Oblivious HTTP privacy properties
Stronger than a promise: proving Oblivious HTTP privacy properties

We recently announced Privacy Gateway, a fully managed, scalable, and performant Oblivious HTTP (OHTTP) relay. Conceptually, OHTTP is a simple protocol: end-to-end encrypted requests and responses are forwarded between client and server through a relay, decoupling who from what was sent. This is a common pattern, as evidenced by deployed technologies like Oblivious DoH and Apple Private Relay. Nevertheless, OHTTP is still new, and as a new protocol it’s imperative that we analyze the protocol carefully.

To that end, we conducted a formal, computer-aided security analysis to complement the ongoing standardization process and deployment of this protocol. In this post, we describe this analysis in more depth, digging deeper into the cryptographic details of the protocol and the model we developed to analyze it. If you’re already familiar with the OHTTP protocol, feel free to skip ahead to the analysis to dive right in. Otherwise, let’s first review what OHTTP sets out to achieve and how the protocol is designed to meet those goals.

Decoupling who from what was sent

OHTTP is a protocol that combines public key encryption with a proxy to separate the contents of an HTTP request (and response) from the sender of an HTTP request. Continue reading

Leave BGP Next Hops Unchanged on Reflected Routes

Here’s the last question I’ll answer from that long list Daniel Dib posted weeks ago (answer to Q1, answer to Q2).

I am trying to understand what made the BGP designers decide that RR should not change the BGP Next Hop for IBGP-learned routes.

If anyone wants to have the answer to the very last question in Daniel’s list, they’re free to search for “BGP Next Hops” on my blog and start exploring. Studying OSPF Forwarding Address might provide additional clues.
Read more …

Leave BGP Next Hops Unchanged on Reflected Routes

Here’s the last question I’ll answer from that long list Daniel Dib posted weeks ago (answer to Q1, answer to Q2).

I am trying to understand what made the BGP designers decide that RR should not change the BGP Next Hop for IBGP-learned routes.

If anyone wants to have the answer to the very last question in Daniel’s list, they’re free to search for “BGP Next Hops” on my blog and start exploring. Studying OSPF Forwarding Address might provide additional clues.
Read more …
1 406 407 408 409 410 3,836