Network Modeling: Automating Mikrotik RouterOS CHR Containerlab images

Introduction

In a previous post, we talked about using Containerlab and ZeroTier to provide remote access to a lab instance. One of the things that was glossed over was creating the Containerlab images. As part of building the images, Containerlab ready Mikrotik RouterOS images are available on Docker Hub.

Containerlab images

Containerlab currently supports 2 different kinds of images: pre-built containers and VMs packaged as containers.

Presently, only a handful of NOS vendors provide pre-built containers (Nokia’s SR Linux, Juniper cRPD, Arista cEOS, Cumulus VX, and SONIC VS).

The other option utilizes vrnetlab and is essentially a QEMU VM packaged in a Docker container. The more traditional network operating systems are currently supported via this method. This includes operating systems like Mikrotik RouterOS, Juniper vMX, Nokia SROS, and many more.

http://iparchitechs.com/contact

Building Mikrotik RouterOS containers

Containerlab provides a nice and easy way to build Containerlab ready Docker images. The process is fairly simple.

Setting it up

Containerlab uses a custom fork of vrnetlab that sets things up so that the images built will work with Containerlab. That repository can be found on Github. The first step is to clone that repository.

The next step is to download the Continue reading

Supply chain woes forcing more workloads to the cloud

Messaging services vendor Interop Technologies runs three data centers to provide services to customers and to run its own back-office systems. Interop also provides turnkey hardware/software solutions that run at customer sites. Pandemic-related hardware shortages, particularly those of servers and storage, have put a severe crimp in the way it does business."When you go to procurement, you get so much push-back," said Joshua Collazo, the company's director of infrastructure. "This is back ordered, that is back ordered."Before the pandemic, the company was able to jump on opportunities quickly. "That's gone away," he said. "Ad-hoc has gone the way of the dodo for us."To read this article in full, please click here

Supply chain woes forcing more workloads to the cloud

Messaging services vendor Interop Technologies runs three data centers to provide services to customers and to run its own back-office systems. Interop also provides turnkey hardware/software solutions that run at customer sites. Pandemic-related hardware shortages, particularly those of servers and storage, have put a severe crimp in the way it does business."When you go to procurement, you get so much push-back," said Joshua Collazo, the company's director of infrastructure. "This is back ordered, that is back ordered."Before the pandemic, the company was able to jump on opportunities quickly. "That's gone away," he said. "Ad-hoc has gone the way of the dodo for us."To read this article in full, please click here

Linux sound devices are a mess

It started with a pretty simple requirement: I just want to know which sound card is which.

Background about the setup

I sometimes play around with amateur radios. Very often I connect them to computers to play around. E.g. JS8Call, FT8, SSTV, AX.25, and some other things.

This normally works very well. I just connect radio control over a serial port, and the audio using a cheap USB audio dongle. Sometimes the radio has USB support and delivers both a serial control port and an audio interface over the same cable.

The problem

So what if I connect two radios at the same time? How do I know which sound card, and which serial port, is which?

Both serial ports (/dev/ttyUSB<n>) and audio device numbers and names depend on the order that the devices were detected, or plugged in, which is not stable.

The fix for serial ports

Serial ports are relatively easy. You just tell udev to create some consistent symlinks based on the serial number of the USB device.

For example here’s the setup for a raspberry pi that sees various radios at various times (with some serial numbers obscured) Continue reading

Weekend Reads 121721


Unfortunately, when engineers are entrusted with the task of delivering smooth video streaming to our users, we face numerous challenges from ‘last-mile’ wireless connections.


Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source logging utility that’s used in countless apps, including those used by large enterprise organizations, several websites reported last Thursday.


The Tuesday outage at an Amazon Web Services data center affected services from several collaboration software vendors, highlighting how reliant companies have become on cloud providers for a variety of workplace tools.


Amazon.com Inc.’s ubiquitous cloud-computing network, the spine for a lot of digital communications and transactions across the U.S., went dark for several hours on Tuesday.


This is the hoarder’s mentality. “I can’t use this right now, but maybe I will some other time.”


More than 35,000 Java packages, amounting to over 8% of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed log4j vulnerabilities


So much for a quiet holiday season: CVE-2021-44228 (aka Log4Shell) may well be the most impactful vulnerability we’ve seen in years.


Cybersecurity researchers have demonstrated a new attack technique that makes it possible Continue reading

Supporting Remix with full stack Cloudflare Pages

Supporting Remix with full stack Cloudflare Pages
Supporting Remix with full stack Cloudflare Pages

We announced the open beta of full stack Cloudflare Pages in November and have since seen widespread uptake from developers looking to add dynamic functionality to their applications. Today, we're excited to announce Pages' support for Remix applications, powered by our full stack platform.

The new kid on the block: Remix

Remix is a new framework that is focused on fully utilizing the power of the web. Like Cloudflare Workers, it uses modern JavaScript APIs, and it places emphasis on web fundamentals such as meaningful HTTP status codes, caching and optimizing for both usability and performance. One of the biggest features of Remix is its transportability: Remix provides a platform-agnostic interface and adapters allowing it to be deployed to a growing number of providers. Cloudflare Workers was available at Remix's launch, but what makes Workers different in this case, is the native compatibility that Workers can offer.

One of the main inspirations for Remix was the way Cloudflare Workers uses native web APIs for handling HTTP requests and responses. It's a brilliant decision because developers are able to reuse knowledge on the server that they gained building apps in the browser! Remix runs natively on Cloudflare Workers, and the results Continue reading

A Recipe for Presentation Success

When I was a kid, I loved to help my mother bake. My absolute favorite thing to make was a pecan pie. I made sure I was always the one that got to do the work to fix it during the holidays. When I was first starting out I made sure I followed the recipe to the letter. I mixed everything in the order that it was listed. One of the first times I made the pie I melted the butter and poured it into the mixture which also had an egg. To my horror I saw the egg starting to cook and scramble in the bowl due to the hot butter. When I asked my mom she chuckled and said, “Now you get to learn about why the recipe isn’t always right.”

Throughout my career in IT and in presentations, I’ve also had to learn about why even if the recipe for success is written down properly there are other things you need to take into account before you put everything together. Just like tempering a mixture or properly creaming butter and sugar together, you may find that you need to do some things in a different order Continue reading

When Supply-Chain Attacks Meet CI/CD Infrastructures

Supply-chain attacks can be so destructive that they are often considered black-swan events. Often, the most upsetting aspect of the attack is that it manages to compromise what is normally deemed to be safe by definition — whether that’s a software component or an MSP (managed service provider). The result is that our understanding of perimeters, security boundaries, and/or best practices is often flipped upside down.

Consider, for example, the SolarWinds attack back in December 2020: disguised as a normal software update, attackers managed to implant a pre-crafted backdoor on thousands of customers, which led many frantic security teams to discover that their network perimeter had already been breached several months before. Another (and even more destructive) attack took place in July 2021: by exploiting a vulnerability in Kaseya VSA servers, attackers managed to infect hundreds of MSPs, which in turn deployed the REvil ransomware to thousands of customers, breaking the assumption of a safe boundary between different IT infrastructures.

Fast forward to October 2021. An innocent bug report alerted the entire NPM developer community that a core open-source library had been hacked. Fortunately, the community quickly handled and fixed the issue. But, had it not been detected, the potential Continue reading

Heavy Networking 611: Data Center Networking And Observability In 2022 (Sponsored)

As we approach the end of 2021, it's informative to look back at how much change has gone on in the industry. One of the biggest transitions we've seen in enterprise networking has taken place in the data center. Software-defined approaches that emerged over the past decade have matured and are being deployed in production. On today's Heavy Networking, we talk with Juniper Networks in a sponsored episode about its Apstra Intent-Based Networking (IBN) platform and how Apstra is transforming the enterprise data center.

Heavy Networking 611: Data Center Networking And Observability In 2022 (Sponsored)

As we approach the end of 2021, it's informative to look back at how much change has gone on in the industry. One of the biggest transitions we've seen in enterprise networking has taken place in the data center. Software-defined approaches that emerged over the past decade have matured and are being deployed in production. On today's Heavy Networking, we talk with Juniper Networks in a sponsored episode about its Apstra Intent-Based Networking (IBN) platform and how Apstra is transforming the enterprise data center.

The post Heavy Networking 611: Data Center Networking And Observability In 2022 (Sponsored) appeared first on Packet Pushers.

Silicon Valley Scandals

The Theranos scandal has rocked Silicon Valley. Once considered a visionary billionaire, Elizabeth Holmes is now facing up to 20 years in prison for numerous charges of fraud and false representation. This may be the final nail in the coffin that changes how startups are funded and what type of entrepreneur Silicon Valley will back moving forward.

Who Is Elizabeth Holmes?

Elizabeth Holmes is one of the most famous names in the Silicon Valley. She attended the University of Stanford and dropped out at a young age to launch her company Theranos. The goal was simple: create a technology that would make blood testing much more efficient for doctors and patients alike. In 2003 she registered as a medical device manufacturer and by 2004 raised $25 million from venture capitalists. By 2014 their valuation reached $50 billion dollars making Elizabeth Holmes youngest self-made billionaire ever on paper before it all came crashing down in 2018.

How Did It All Fall Apart? 

The hype around Theranos began building back in 2013 when a journalist at the Wall Street Journal was contacted by an anonymous source who claimed Theranos’ testing machines were faulty and inaccurate. The company had been receiving FDA Continue reading

Timedatectl can control your Linux time and time zone

The timedatectl command allows you to both query and change the system clock and its settings on Linux systems.To display the current settings, use the command by itself—with no arguments. You should see something like this:[Get regularly scheduled insights by signing up for Network World newsletters.] $ timedatectl Local time: Thu 2021-12-16 11:12:31 EST Universal time: Thu 2021-12-16 16:12:31 UTC RTC time: Thu 2021-12-16 16:12:31 <; real time clock Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no The fields shown include the local time, universal time (the same around the globe), RTC (the real-time clock, usually an integrated circuit), and the time zone (America/New York” is the Eastern US time zone). NTP is network time protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In this case, the RTC it is not set to the local time zone.To read this article in full, please click here

Timedatectl can control your Linux time and time zone

The timedatectl command allows you to both query and change the system clock and its settings on Linux systems.To display the current settings, use the command by itself—with no arguments. You should see something like this:[Get regularly scheduled insights by signing up for Network World newsletters.] $ timedatectl Local time: Thu 2021-12-16 11:12:31 EST Universal time: Thu 2021-12-16 16:12:31 UTC RTC time: Thu 2021-12-16 16:12:31 <; real time clock Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no The fields shown include the local time, universal time (the same around the globe), RTC (the real-time clock, usually an integrated circuit), and the time zone (America/New York” is the Eastern US time zone). NTP is network time protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In this case, the RTC it is not set to the local time zone.To read this article in full, please click here

Using the timedatectl command to control your Linux time and time zone

The timedatectl command allows you to both query and change the system clock and its settings on Linux systems.To display the current settings, use the command by itself—with no arguments. You should see something like this:[Get regularly scheduled insights by signing up for Network World newsletters.] $ timedatectl Local time: Thu 2021-12-16 11:12:31 EST Universal time: Thu 2021-12-16 16:12:31 UTC RTC time: Thu 2021-12-16 16:12:31 <; real time clock Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no The fields shown include the local time, universal time (the same around the globe), RTC (the real-time clock, usually an integrated circuit), and the time zone (America/New York” is the Eastern time zone). NTP is network time protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In this case, the RTC it is not set to the local time zone.To read this article in full, please click here

Using the timedatectl command to control your Linux time and time zone

The timedatectl command allows you to both query and change the system clock and its settings on Linux systems.To display the current settings, use the command by itself—with no arguments. You should see something like this:[Get regularly scheduled insights by signing up for Network World newsletters.] $ timedatectl Local time: Thu 2021-12-16 11:12:31 EST Universal time: Thu 2021-12-16 16:12:31 UTC RTC time: Thu 2021-12-16 16:12:31 <; real time clock Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no The fields shown include the local time, universal time (the same around the globe), RTC (the real-time clock, usually an integrated circuit), and the time zone (America/New York” is the Eastern time zone). NTP is network time protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In this case, the RTC it is not set to the local time zone.To read this article in full, please click here

Experiment with Calico BGP in the Comfort of Your Own Laptop!

Yes, you read that right – in the comfort of your own laptop, as in, the entire environment running inside your laptop! Why? Well, read on. It’s a bit of a long one, but there is a lot of my learning that I would like to share.

I often find that Calico Open Source users ask me about BGP, and whether they need to use it, with a little trepidation. BGP carries an air of mystique for many IT engineers, for two reasons. Firstly, before its renaissance as a data center protocol, BGP was seen to be the domain of ISPs and service provider networks. Secondly, many high-profile and high-impact Internet outages have been due to BGP misuse or misconfiguration.

The short answer to the question is that in public cloud Kubernetes deployments, it is almost never necessary to configure or use BGP to make best use of Calico Open Source. Even in on-premise Kubernetes deployments, it is only needed in certain scenarios; you shouldn’t configure BGP unless you know why you need it. It is even less common to require complex BGP setups involving route reflectors and the like.

If you’re unsure what you need, the best plan is Continue reading

That’s It for 2021

It’s hard to believe, but another year has swooshed by, and it’s time to shut down my virtual office and disappear until mid-January. Of course I’ll be around in case of urgent support problems – I will read my email, but won’t reply to 90% of the stuff coming in.

I hope you’ll be able to find a few days to disconnect from the crazy pace of networking world and focus on your loved ones. I would also like to wish you all the best in 2022!

1 602 603 604 605 606 3,841