0

netsim-tools (now netlab) on the Modem Podcast

A few weeks ago, Nick Buraglio and Chris Cummings invited me for an hour-long chat about netlab on the Modem Podcast¹.

We talked about why one might want to use netlab instead of another lab orchestration solution and the high-level functionality offered by the tool. Nick particularly loved its IPAM features which got so extensive in the meantime that I had to write a full-blown addressing tutorial. But there’s so much more: you can also get a fully configured OSPFv2, OSPFv3, EIGRP, IS-IS, SRv6, or BGP lab built from more than a dozen different devices. In short (as Nick and Chris said): you can use netlab to make labbing less miserable.

0

netsim-tools on the Modem Podcast

A few weeks ago, Nick Buraglio and Chris Cummings invited me for an hour-long chat about netsim-tools on the Modem Podcast.

We talked about why one might want to use netsim-tools instead of another lab orchestration solution and the high-level functionality offered by the tool. Nick particularly loved its IPAM features which got so extensive in the meantime that I had to write a full-blown addressing tutorial. But there’s so much more: you can also get a fully configured OSPFv2, OSPFv3, EIGRP, IS-IS, SRv6, or BGP lab built from more than a dozen different devices. In short (as Nick and Chris said): you can use netsim-tools to make labbing less miserable.

0

Using the Linux host command to dig out DNS details

The host command on Linux systems can look up a variety of information available through the Domain Name System (DNS). It can find a host name if given an IP address or an IP address if given a host name plus a lot of other interesting details on systems and internet domains.The first query below tells us that the system associated with the address 192.168.0.18 is named “dragonfly”. The second tells us that 192.168.0.1 is the default router.$ host 192.168.0.18 18.0.168.192.in-addr.arpa domain name pointer dragonfly. $ host 192.168.0.1 1.0.168.192.in-addr.arpa domain name pointer router. To do the reverse, you can use commands like these:To read this article in full, please click here

0

Using the Linux host command to dig out DNS details

The host command on Linux systems can look up a variety of information available through the Domain Name System (DNS). It can find a host name if given an IP address or an IP address if given a host name plus a lot of other interesting details on systems and internet domains.The first query below tells us that the system associated with the address 192.168.0.18 is named “dragonfly”. The second tells us that 192.168.0.1 is the default router.$ host 192.168.0.18 18.0.168.192.in-addr.arpa domain name pointer dragonfly. $ host 192.168.0.1 1.0.168.192.in-addr.arpa domain name pointer router. To do the reverse, you can use commands like these:To read this article in full, please click here

0

Intel Unfolds Xeon Roadmap With More Cores, Denser Transistors

We were complaining a few weeks ago that Intel had not put out a server processor roadmap of any substance in a long time, and instead of just leaving it at that, we created our own Xeon SP roadmap based on rumors, speculation, hunches, and desires. …

Intel Unfolds Xeon Roadmap With More Cores, Denser Transistors was written by Timothy Prickett Morgan at The Next Platform.

0

Calico Cloud: Active Build and Runtime Security for Cloud-Native Applications

Calico Cloud has just celebrated its 1-year anniversary! And what better way to celebrate than to launch new features and capabilities that help users address their most urgent cloud security needs.

Over the past year, the Tigera team has seen rapid adoption of Calico Cloud for security and observability of cloud-native applications. With this new release, Calico Cloud becomes the first in the industry to offer the most comprehensive active cloud-native application security that goes beyond detecting threats to limit exposure and automatically mitigate risks in real time.

With news of new zero-day threats emerging almost every day (e.g. Argo CD, Chrome Browser), the current security approach needs to evolve. We need active build, deploy, and runtime security, all together, instead of using a siloed approach. Security threats, vulnerabilities, and risks for all three areas should be addressed together, by the same security platform, rather than using multiple disjointed tools. Calico Cloud does just that!

With Calico Cloud, you can reduce your cloud-native application’s attack surface, harness machine learning to combat runtime security risks from known and unknown zero-day threats, enable continuous compliance, and prioritize and mitigate the risks from vulnerabilities and attacks.

Let’s take a look Continue reading

0

Can Nvidia Be The Biggest Chip Maker In The Datacenter?

Next year, with the launch of the “Grace” Arm server processors, Nvidia will have all of the compute and networking bases it cares about in the datacenter covered, and it will be selling its technology at a rapid pace. …

Can Nvidia Be The Biggest Chip Maker In The Datacenter? was written by Timothy Prickett Morgan at The Next Platform.

0

Production ready eBPF, or how we fixed the BSD socket API

As we develop new products, we often push our operating system - Linux - beyond what is commonly possible. A common theme has been relying on eBPF to build technology that would otherwise have required modifying the kernel. For example, we’ve built DDoS mitigation and a load balancer and use it to monitor our fleet of servers.

This software usually consists of a small-ish eBPF program written in C, executed in the context of the kernel, and a larger user space component that loads the eBPF into the kernel and manages its lifecycle. We’ve found that the ratio of eBPF code to userspace code differs by an order of magnitude or more. We want to shed some light on the issues that a developer has to tackle when dealing with eBPF and present our solutions for building rock-solid production ready applications which contain eBPF.

For this purpose we are open sourcing the production tooling we’ve built for the sk_lookup hook we contributed to the Linux kernel, called tubular. It exists because we’ve outgrown the BSD sockets API. To deliver some products we need features that are just not possible using the standard API.

• Our services are available on millions of Continue reading

0

Combating Increased Complexity

Organizations need an enterprise-wide data and observability strategy, and standardization of visibility to combat the complexity of the digital world.

0

Using cert-manager with Kuma for mTLS

When configuring mutual TLS (mTLS) on the open source Kuma service mesh, users have a couple of different options. They can use a “builtin” certificate authority (CA), in which Kuma itself will generate a CA certificate and key for use in creating service-specific mTLS certificates. Users also have the option of using a “provided” CA, in which they must supply a CA certificate and key for Kuma to use when creating service-specific mTLS certificates. Both of these options are described on this page in the Kuma documentation. In this post, I’d like to explore the use of cert-manager as a “provided” CA for mTLS on Kuma.

Currently, Kuma lacks direct integration with cert-manager, so the process is a bit more manual than I’d prefer. If direct cert-manager integration is something you’d find useful, please consider opening an issue to that effect on the Kuma GitHub repository.

Assuming you have cert-manager installed already, the process for using cert-manager as the CA for a “provided” CA mTLS backend looks like this:

1. Define the root CA in cert-manager.
2. Prepare the secrets for Kuma.
3. Configure the Kuma mesh object for mTLS.

I know these steps are really too high level to be useful Continue reading

0

DEVASC Study Resources and Plan

0

How to Pass DEVASC

0

What is DEVASC

0

Who is Squatting IPv4 addresses?

Who is Squatting IPv4 addresses?

It’s an established fact on the internet that we have ran out of IP(v4) addresses, and we are st

0

Who is squatting IPv4 addresses?

Who is squatting IPv4 addresses?

It’s an established fact on the internet that we have ran out of IP(v4) addresses, and we are st

0

The Impact of Jumbo Maximum Frame Size on Data Center Switches

Sander Steffann sent me an intriguing question a long while ago:

I was wondering if there are any downsides to setting “system mtu jumbo 9198” by default on every switch? I mean, if all connected devices have MTU 1500 they won’t notice that the switch could support longer frames, right?

That’s absolutely correct, and unless the end hosts get into UDP fights things will always work out (aka TCP MSS saves the day)… but there must be a reason switching vendors don’t use maximum frame sizes larger than 1514 by default (Cumulus Linux seems to be an exception, and according to Sébastien Keller Arista’s default maximum frame size is between 9214 and 10178 depending on the platform).

0

The Impact of Jumbo Maximum Frame Size on Data Center Switches

Sander Steffann sent me an intriguing question a long while ago:

I was wondering if there are any downsides to setting “system mtu jumbo 9198” by default on every switch? I mean, if all connected devices have MTU 1500 they won’t notice that the switch could support longer frames, right?

That’s absolutely correct, and unless the end hosts get into UDP fights things will always work out (aka TCP MSS saves the day)… but there must be a reason switching vendors don’t use maximum frame sizes larger than 1514 by default (Cumulus Linux seems to be an exception, and according to Sébastien Keller Arista’s default maximum frame size is between 9214 and 10178 depending on the platform).

0

Cisco faces a $14B backlog thanks to component scarcity

Cisco, like many of its competitors, has found increased revenue from pent-up demand, but chip shortages and other supply constraints continue to loom large over the industry.“We remain one of the largest software companies in the world,” Cisco CEO Chuck Robbins told investment analysts on an earnings call for its fiscal second quarter ended in January. "In Q2, our software revenue grew by 6% to $3.8 billion, total subscription revenue accelerated to $5.5 billion, up 7% year over year."To read this article in full, please click here

0

CIsco faces a $14B backlog thanks to component scarcity

Cisco, like many of its competitors, has found increased revenue from pent-up demand, but chip shortages and other supply constraints continue to loom large over the industry.“We remain one of the largest software companies in the world,” Cisco CEO Chuck Robbins told investment analysts on an earnings call for its fiscal second quarter ended in January. "In Q2, our software revenue grew by 6% to $3.8 billion, total subscription revenue accelerated to $5.5 billion, up 7% year over year."To read this article in full, please click here

0

Data-center spending is half that of cloud services

Spending on cloud services reached a total of $178 billion in 2021, a 37% increase over the $130 billion spent in 2020 and twice the amount enterprises are spending on their data centers, according to Synergy Research Group. For the fourth quarter of 2021, total cloud spending was $50.5 billion.When the COVID-19 pandemic hit in 2020, it drove a major shift in worldwide IT operational and spending to the cloud as company shifted to working from home. That trend is only continuing, even with the pandemic tapering off and companies calling people back into the office.John Dinsdale, principal analyst with Synergy, said he expects the cloud market to continue to grow at the considerable pace. “There is absolutely no doubt that the cloud market will continue to grow rapidly. That is an environment in which leading cloud providers ought to be able to continue aggressively growing their revenues,” he said via email.To read this article in full, please click here