Fat Pipe Transition Notification – May 2024
Hey, everyone. Ethan here with a behind-the-scenes administrative request. Several thousand of you subscribe to the Packet Pushers’ Fat Pipe. In the Fat Pipe, we’ve been stuffing every single podcast we produce. The problem is that we produce way too many shows–one almost every weekday–for the average podcast client to absorb them all. We can... Read more »3 observability best practices for improved security in cloud-native applications
Why is observability important for better security?
Observability, especially in the context of cloud-native applications, is important for several reasons. First and foremost is security. By design, cloud-native applications rely on multiple, dynamic, distributed, and highly ephemeral components or microservices, with each microservice operating and scaling independently to deliver the application functionality. In this type of microservices-based architecture, observability and metrics provide security insights that enable teams to identify and mitigate zero-day threats through the detection of anomalies in microservices metrics, such as traffic flow, process calls, syscalls, and more. Using machine learning (ML) and heuristic analysis, security teams can identify abnormal behavior and issue alerts.
Observability also enables security teams to visualize the blast radius in the event of a breach. Using this information, teams can apply mitigating controls, such as security policy updates, to isolate the breached microservice and thereby limit exposure.
And finally, observability helps DevOps teams maintain the quality of service by identifying service failure and performance hotspots, and conducting a detailed investigation with capabilities such as packet capture and distributed tracing.
Observability challenges
DevOps and SRE teams today are being overwhelmed by an enormous amount of data from multiple, disparate systems that monitor infrastructure and Continue reading
AMD Firing On All Compute Engine Cylinders
A few years ago, it was hard to imagine how AMD would have survived without re-entering the datacenter with its CPU and GPU compute engines. …
AMD Firing On All Compute Engine Cylinders was written by Timothy Prickett Morgan at The Next Platform.
Managing Multiple Python Versions with pyenv
In my Python journey, I've always stuck to just one version of Python at a time. I happily used Python 3.9 for quite a while, then switched to Python 3.10 without any issues. Everything was perfect until recently when I tried installing a Python application using pip, but no matter what I did, the installation kept failing. I couldn't fix the issue even after hours of Googling.
That's when I finally decided to check the documentation (which I should have done from the start), and there it was, this application requires a minimum Python version of 3.8 and was only tested on versions 3.8 and 3.9. That made me think, maybe I should have installed it using Python 3.9, but how? I'm no expert in Linux or Unix systems, and I worried that reinstalling Python 3.9 could mess up other projects I'd built on 3.10.
So, I started exploring how to manage multiple Python versions on the same machine, and that's when I stumbled upon a tool called 'pyenv'. This seemed like the perfect solution to my problem, so I decided to learn more about it.
Python For Network Engineers Continue reading
Cisco vPC in VXLAN/EVPN Network – Part 2 – Configuring vPC
When building leaf and spine networks, leafs connect to spines, but leafs don’t connect to leafs, and spines don’t connect to spines. There are exceptions to this and vPC is one of those exceptions. The leafs that are going to be part of the same vPC need to connect to each other. There are two ways of achieving this:
- Physical interfaces.
- Fabric peering.
We will first use physical interfaces and then later remove that and use fabric peering. Now, my lab is virtual so take physical with a grain of salt, but they will be dedicated interfaces. The following will be required to configure vPC:
- Enable vPC.
- Enable LACP.
- Create vPC domain.
- Create a VRF for the vPC peer keepalive.
- Configure the interface for vPC peer keepalive.
- Configure the vPC peer keepalive.
- Configure the vPC peer link interfaces.
- Configure the vPC peer link.
This is shown below:
The vPC is now up:
Leaf1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
Continue reading
Testing Pi-hole Development Version 6
Pi-hole, the network-wide ad-blocking solution, has recently undergone significant updates, introducing a range of new […]
The post Testing Pi-hole Development Version 6 first appeared on Brezular's Blog.
PP012: Planning for a Post Quantum Cryptography World
The classical encryption algorithms that currently undergird our IT infrastructure will be broken once there’s a powerful and stable enough quantum computer to do the job. Quantum-resistant algorithms are being developed by NIST, but implementation and deployment of these algorithms still have to be addressed. So what does all this mean for busy IT and... Read more »The Perfect AI Storage: Trino From Facebook And Iceberg From Netflix?
When it comes to solving data analytics problems at scale, it is tough to beat the hyperscalers. …
The Perfect AI Storage: Trino From Facebook And Iceberg From Netflix? was written by Timothy Prickett Morgan at The Next Platform.
Building The Power Grid Of Tomorrow
The energy sector is undergoing a monumental shift as the power grid struggles to accommodate growing demand and the complexity of modern energy systems. …
Building The Power Grid Of Tomorrow was written by Timothy Prickett Morgan at The Next Platform.
HW026: Wireless Training and Certifications for IoT
With the rapid growth of IoT across enterprise and industrial spaces, now is a good time to check in on the wireless training and certification landscape beyond Wi-Fi. Today, Tom Carpenter, the Director of Education for the Certified Wireless Network Professionals joins us to give a lay of the land. He explains how the protocols... Read more »
Repost: The Real LISP Mobility Use Case
Béla Várkonyi is working on an interesting challenge: building ground-to-airplane(s) networks providing multilink mobility. Due to its relative simplicity, he claims LISP works much better than BGP in that environment.
In some newer routers BGP would not be such a big bottleneck, but you need a lot of knob turning in BGP to get it right, while in LISP it is quite simple.
If you have many thousands concurrent airplanes with multi-link and max. 16 subnets with different routing policies on each, and the radio links are going up and down, then you have a large number of mobility events.
History of Networking: Updated Links
Someone told me some (or many?) of the links are broken to the History of Networking recordings. I went through the S3 bucket and renamed all the files so there are no spaces (because S3 buckets don’t always work right with spaces), and then checked them all to make certain they work. Along the way I found three or four episodes that were recorded and not on the HoN page, so I added them.
Check out the corrected listing here.
I think I have one more recording that was never edited and published; I will probably put it in the Hedge stream in the next month or two just so it’s out there.
Tech Bytes: Using ZTNA for VPN Consolidation, Protecting Dev Access with SSE (Sponsored)
Zero Trust Network Access, or ZTNA, is a core element of a Security Service Edge because it enables secure remote access to on-prem and cloud-based applications. On today’s episode, sponsored by HPE Aruba Networking, we dig into ZTNA from HPE’s perspective and hear customer stories on how it’s being used for third-party access, VPN consolidation,... Read more »NB476: IBM Buys HashiCorp; Running Data Centers With Vegetable Oil?
Take a Network Break! We welcome guest commentator Kyler Middleton of Day Two Cloud to discuss the IBM/HashiCorp deal, then pivot to new Wi-Fi 7 APs from HPE Aruba Networking, and discuss why a data center builder in Ireland is constructing a power generation plant alongside the generator–and powering it partly with vegetable oil. Noncompete... Read more »The Cutting Edge In Power Grid Management
Commissioned: Thanks to recent technological advancements, there are many different sources of electricity available which can help organizations address our growing demand for energy from power hungry devices such as electric vehicles while reducing their reliance on fossil fuels like petroleum, coal, and gas. …
The Cutting Edge In Power Grid Management was written by Timothy Prickett Morgan at The Next Platform.
Q1 2024 Internet disruption summary
This post is also available in 日本語, 한국어, Deutsch, Français, Español.
Cloudflare’s network spans more than 310 cities in over 120 countries, where we interconnect with over 13,000 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions. Thanks to recently released Cloudflare Radar functionality, this quarter we have started to explore the impact from a routing perspective, as well as a traffic perspective, at both a network and location level.
The first quarter of 2024 kicked off with quite a few Internet disruptions. Damage to both terrestrial and submarine cables caused problems in a number of locations, while military action related to ongoing geopolitical conflicts impacted connectivity in other areas. Governments in several African countries, as well as Pakistan, ordered Internet shutdowns, focusing heavily on mobile connectivity. Malicious actors known as Anonymous Sudan claimed responsibility for cyberattacks that disrupted Internet connectivity in Israel and Bahrain. Maintenance and power outages forced users offline, resulting in observed drops in traffic. And in Continue reading
netlab: Global and Node VRFs
When designing the netlab VRF configuration module, I tried to make it as flexible as possible while using the minimum number of awkward nerd knobs. As is often the case1, the results could be hard to grasp, so let’s walk through the various scenarios of using global and node VRFs.
netlab allows you to define a VRF in the lab topology vrfs dictionary (global VRF) or in a node vrfs dictionary (node VRF). In most cases, you’d define a few global VRFs and move on.
Cisco vPC in VXLAN/EVPN Network – Part 1 – Anycast VTEP
Many vendors offer MLAG features, that is, the ability to form a PortChannel (some vendors call it trunk or bond) towards two separate devices. In this post, I will cover the following:
- Briefly describe vPC in a traditional network.
- Describe vPC in a VXLAN/EVPN network.
- Configure leaf switches to support vPC.
- Setup of Ubuntu Linux host to bond two interfaces and use LACP.
- Verification of the setup.
Traditional vPC
On Cisco Nexus switches, virtual Port Channel (vPC) has been a highly used feature for many years. It has been used towards other network devices such as firewalls, routers, and switches, but also towards hosts running hypervisors such as ESX.
As opposed to other technologies such as Virtual Switching System (VSS) or StackWise Virtual, it does not require the two switches to become one to provide the ability to do MLAG. Instead, the two devices appear as one in PDUs such as LACP, STP, and IGMP, by using a vPC system MAC address as the source MAC. With MLAG features, the two switches need to verify the other is alive and also synchronize state and perform consistency checking. This is done by connecting them with a vPC peer keepalive link, and Continue reading