Network Break 404: Episode Not Found

This week the Network Break covers new SASE capabilities from Fortinet, new 800G hardware from Cisco that uses its homegrown ASIC, and an app from RSA for smart phones that can disable authentication if the app detects malicious behavior. Plus we cover new initiatives from the Open Compute Project, disaggregated Wi-Fi, and more tech news.

Network Break 404: Episode Not Found

This week the Network Break covers new SASE capabilities from Fortinet, new 800G hardware from Cisco that uses its homegrown ASIC, and an app from RSA for smart phones that can disable authentication if the app detects malicious behavior. Plus we cover new initiatives from the Open Compute Project, disaggregated Wi-Fi, and more tech news.

The post Network Break 404: Episode Not Found appeared first on Packet Pushers.

On the ‘net: Privacy and Networking

The final three posts in my series on privacy for infrastructure engineers is up over at Packet Pushers. While privacy might not seem like a big deal to infrastructure folks, it really is an issue we should all be considering and addressing—if for no other reason than privacy and security are closely related topics. The primary “thing” you’re trying to secure when you think about networking is data—or rather, various forms of privacy.

Focusing on legal defensibility is the wrong way to look at privacy, or rather the wrong end of the stick.

What are some best practices network operators can follow to reduce their risk? The simplest way to think about best practices is to think about user rights and risks at each stage of the data lifecycle.

For the final post in this series, I’ll address two topics: the privacy implications of Domain Name System (DNS) queries, and the absolute necessity of having a plan for how to respond to a breach. Let’s start with DNS.

Sidecars are Changing the Kubernetes Load-Testing Landscape

As your infrastructure is scaling and you start to get more traffic, it’s important to make sure everything works as expected. This is most commonly done through testing, with load testing being the optimal way of verifying the resilience of your services. Traditionally, load testing has been accomplished via standalone clients, like JMeter. However, as the world of infrastructure has gotten more modern, and organizations are using tools like Kubernetes, it’s important to have a modern toolset as well. With traditional load testing, you’ll commonly run into one of three major issues: Scripting load tests takes a lot of time Load tests typically run in large, complex, end-to-end environments, that are difficult to provision, as well as being expensive for production-scale infrastructure Data and realistic use cases are impossible to mirror one-to-one, unless you have production data A more modern approach is to integrate your load-testing tools directly into your infrastructure. If you’re using Kubernetes, that can be accomplished via something like an 

Tech Bytes: Using Opengear Every Day–For Disruptions And More (Sponsored)

Today on the Tech Bytes podcast we talk about how to use out-of-band management for daily networking tasks, not just when there’s a problem or crisis. Our sponsor is Opengear and we’re joined by Ramtin Rampour, Solutions Architect, to talk about use cases including zero touch provisioning, configuration, and more.

The post Tech Bytes: Using Opengear Every Day–For Disruptions And More (Sponsored) appeared first on Packet Pushers.

How chaos engineering can improve network resiliency

Conventional wisdom says, ‘If it ain’t broke, don’t fix it.’ Chaos engineering says, ‘Let’s try to break it anyway, just to see what happens.’The online group Chaos Community defines chaos engineering as “the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production.”Practitioners of chaos engineering essentially stress test the system and then compare what they think might happen with what actually does. The goal is to improve resiliency.For network practitioners who have spent their entire careers focused on keeping the network up and running, the idea of intentionally trying to bring it down might seem a little crazy.To read this article in full, please click here

Best of Fest 2022

At AnsibleFest 2022, the power of automation was on full display. Through sessions, workshops, labs and more, we explored how to transform enterprise and industry through automation. There were a lot of exciting announcements made on both days, and in case you missed it, we are going to dive into what is new!

 

Ansible + AWS 

We are thrilled to also announce a new AWS Marketplace offering, Red Hat Ansible Automation Platform. By offering Ansible Automation Platform as a pre-integrated service that can be quickly deployed from cloud marketplaces, we are meeting our customers where they are, while giving them the flexibility to deliver any application, anywhere, without additional overhead or complexity. Whether you are automating your hybrid cloud or multi-cloud environments, Ansible Automation Platform acts as a single platform. This platform provides consistency, visibility, and control to help  you manage these environments at scale. Ansible is the IT automation “glue” for bringing your cloud, network, bare-metal and cloud-native infrastructure together. This  provides the functionality to coordinate and manage across  hybrid cloud environments in a simple and efficient way. Interested in learning more? Check out the press release

 

Automation at the Edge

Ansible Automation Platform provides a Continue reading

And here’s another one: the Next.js Edge Runtime becomes the fourth full-stack framework supported by Cloudflare Pages

And here's another one: the Next.js Edge Runtime becomes the fourth full-stack framework supported by Cloudflare Pages
And here's another one: the Next.js Edge Runtime becomes the fourth full-stack framework supported by Cloudflare Pages

You can now deploy Next.js applications which opt in to the Edge Runtime on Cloudflare Pages. Next.js is the fourth full-stack web framework that the Pages platform officially supports, and it is one of the most popular in the 'Jamstack-y' space.

Cloudflare Pages started its journey as a platform for static websites, but with last year's addition of Pages Functions powered by Cloudflare Workers, the platform has progressed to support an even more diverse range of use cases. Pages Functions allows developers to sprinkle in small pieces of server-side code with its simple file-based routing, or, as we've seen with the adoption from other frameworks (namely SvelteKit, Remix and Qwik), Pages Functions can be used to power your entire full-stack app. The folks behind Remix previously talked about the advantages of adopting open standards, and we've seen this again with Next.js' Edge Runtime.

Next.js' Edge Runtime

Next.js' Edge Runtime is an experimental mode that developers can opt into which results in a different type of application being built. Previously, Next.js applications which relied on server-side rendering (SSR) functionality had to be deployed on a Node.js server. Running a Node.js Continue reading

The Cloud is Not a Railroad – An Argument Against the Vertical Separation of Cloud Providers

 

There's a move to regulate cloud providers by vertically separating the services they offer.

Like railroads of yore, who were not allowed to provide freight services on top of their base services, cloud providers would not be allowed to provide services on top of their base platform services.

Vertical separation would be new to the cloud industry. Is it a good idea? Would it actually solve any problems? My answers are no and no, but probably not for the reasons you think. Let's dive in.

Here are a few useful resources for exploring this argument:

  • Maintaining monopolies with the cloud by Cory Doctorow. https://pluralistic.net/2022/09/28/other-peoples-computers.
  • A group advocating for fair licensing. https://www.fairsoftwarelicensing.com/our-principles.
  • Cloud Infrastructure Services -- An analysis of potentially anti-competitive practices by Professor Frédéric Jenny. https://www.fairsoftwarestudy.com/.

Now Cory is about 100x times smarter than I am, but this analogy is wrong:

That's why the trustbusters were so big on "structural separation": the principle that a business can own a platform or use the platform, but not both.

So this remedy is also wrong:

Rather than trying to construct rules that kept the referee honest even when they played on one of the teams, they Continue reading

Use VRFs for VXLAN-Enabled VLANs

I started one of my VXLAN tests with a simple setup – two switches connecting two hosts over a VXLAN-enabled (gray tunnel) red VLAN. The switches are connected with a single blue link.

Test lab

Test lab

I configured VLANs and VXLANs, and started OSPF on S1 and S2 to get connectivity between their loopback interfaces. Here’s the configuration of one of the Arista cEOS switches:

Read more …

Use VRFs for VXLAN-Enabled VLANs

I started one of my VXLAN tests with a simple setup – two switches connecting two hosts over a VXLAN-enabled (gray tunnel) red VLAN. The switches are connected with a single blue link.

Test lab

Test lab

I configured VLANs and VXLANs, and started OSPF on S1 and S2 to get connectivity between their loopback interfaces. Here’s the configuration of one of the Arista cEOS switches:

Read more …

The RISC Deprogrammer

I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is wrong. It's some weird nerd cult. Techies frequently mention RISC in conversation, with other techies nodding their head in agreement, but it's all wrong. Somehow everyone has been mind controlled to believe in wrong concepts.

An example is this recent blogpost which starts out saying that "RISC is a set of design principles". No, it wasn't. Let's start from this sort of viewpoint to discuss this odd cult.

What is RISC?

Because of the march of Moore's Law, every year, more and more parts of a computer could be included onto a single chip. When chip densities reached the point where we could almost fit an entire computer on a chip, designers made tradeoffs, discarding unimportant stuff to make the fit happen. They made tradeoffs, deciding what needed to be included, what needed to change, and what needed to be discarded.

RISC is a set of creative tradeoffs, meaningful at the time (early 1980s), but which were meaningless by the late 1990s.

The interesting parts of CPU evolution are the three decades from 1964 with Continue reading

Controversial Reads 102222


A Chinese law that went into effect six months ago required online service providers to file details of the algorithms they use with China’s centralized regulator, the Cyberspace Administration of China (CAC).


How is deep learning going to assist rather than replace the average creative worker? If replacement is the goal — valid, by the way, if a net positive for humanity — are we paying the people responsible for work the models have been trained on?


Since the WSJ and a viral TikTok video made quiet quitting a cultural phenomenon, it seems as though every news outlet, Fortune 500 CEO, lifestyle coach, or entry-level employee has something to say about quiet quitting.


After looking into the matter, I’m less confused but more distressed: Smart heating and cooling is even more knotted up than I thought. Ultimately, your smart thermostat isn’t made to help you. It’s there to help others—for reasons that might or might not benefit you directly, or ever.


This month, LinkedIn researchers revealed in Science that the company spent five years quietly researching more than 20 million users. By tweaking the professional networking platform’s algorithm, researchers were trying to determine through A/B testing whether users end up Continue reading

Weekend Reads 102122


New research has disclosed what’s being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm.


Telcos deal with a considerable amount of multivendor devices. Although many hope/expect that these are equipped with state-of-the-art telemetry technologies, most of the time they’re not


Concerns over a critical authentication bypass vulnerability in certain Fortinet appliances heightened this week with the release of proof-of-concept (PoC) exploit code and a big uptick in vulnerability scans for the flaw.


Cracks and keygens have long been a problem for software vendors in that they allow users to install their products without needing to pay for a legitimate license. As the Internet and website development advanced and became more accessible, the number of sites offering software cracking tools grew.


The result is ChilliRack, a cooling system that Klein believes can address key challenges in the cost of cooling and the low utilization seen in many data centers.


With DevSecOps coming a long way as a discipline, there are now great frameworks and best practices for applying security gates in your CI, and later CD.


LitmusChaos is a dynamic open source chaos engineering platform Continue reading

Heavy Networking 652: Why Networkers Should Want Routing Protocols Written In Rustlang

On today’s Heavy Networking episode, I talk with Nick Carter about Flock Networks, his routing protocol stack startup, as well as Nick’s love of the Rust programming language. As a network engineer, maybe you don’t think you care about Rust. Nick’s here to explain why the discerning network engineer might prefer their routing daemons to have been written in Rust. We also talk about the pleasures and travails of startup life.
1 415 416 417 418 419 3,842