OMG: Democratizing Network Automation

I totally understand that entities relying on sponsors have to become creative while promoting whatever theirs sponsors want to sell, but in my opinion this is a bridge too far:

[…] explore how Gluware aims to democratize automation; that is, get you quick wins around common tasks such as configuration changes and OS updates.

Democratizing automation? Because it’s authoritarian now? By providing the abilities like configuration changes and OS updates that have been available in network management tools like CiscoWorks or SolarWinds for ages?

You know what’s really hard when automating existing networks? Figuring out how to simplify them to the point where it makes sense to automate them. Will any shrink-wrapped GUI product solve that? Of course not.

Where is mobile traffic the most and least popular?

Where is mobile traffic the most and least popular?
Where is mobile traffic the most and least popular?

You’re having dinner, you look at the table next to and everyone is checking their phone, scrolling and browsing and interacting with that little (is getting bigger) piece of hardware that puts you in contact with friends, family, work and the giant public square of sorts that social media has become. That could happen in the car (hopefully with the passengers, never the driver), at home when you’re on the sofa, in bed or even when you’re commuting or just bored in line for the groceries.

Or perhaps you use your mobile phone as your only connection to the Internet. It might be your one means of communication and doing business. For many, the mobile Internet opened up access and opportunity that simply was not possible before.

Around the world the use of mobile Internet differs widely. In some countries mobile traffic dominates, in others desktop still reigns supreme.

Mobile Internet traffic has changed the way we relate to the online world — work (once, for some, done on desktop/laptop computers) is just one part of it — and Cloudflare Radar can help us get a better understanding of global Internet traffic but also access regional trends, and monitor emerging Continue reading

Heavy Networking 601: Monitoring The Dispersed Network With Cisco ThousandEyes (Sponsored)

Cisco ThousandEyes is a long-time Packet Pushers sponsor, and we're going to probe deeply to discuss the latest feature additions that will bring you the data you need. And, since it’s been just about a year since ThousandEyes was acquired by Cisco, we’ll also discuss how ThousandEyes is being integrated into the gargantuan Cisco product portfolio.

Heavy Networking 601: Monitoring The Dispersed Network With Cisco ThousandEyes (Sponsored)

Cisco ThousandEyes is a long-time Packet Pushers sponsor, and we're going to probe deeply to discuss the latest feature additions that will bring you the data you need. And, since it’s been just about a year since ThousandEyes was acquired by Cisco, we’ll also discuss how ThousandEyes is being integrated into the gargantuan Cisco product portfolio.

The post Heavy Networking 601: Monitoring The Dispersed Network With Cisco ThousandEyes (Sponsored) appeared first on Packet Pushers.

Rethinking observability for Kubernetes

Observability is a staple of high-performing software and DevOps teams. Research shows that a comprehensive observability solution, along with a number of other technical practices, positively contributes to continuous delivery and service uptime.

Observability is sometimes confused with monitoring, but there is a clear difference between the two; it’s important to understand the distinction. Observability refers to a technical solution that enables teams to actively debug a system. It is based on exploring activities, properties, and patterns that are not defined in advance. Monitoring, in contrast, is a technical solution that enables teams to watch and understand the state of their systems and is based on gathering pre-defined sets of metrics or logs.

What makes Kubernetes observability different?

Conventional observability and monitoring tools were designed for monolithic systems, observing the health and behavior of a single application instance. Complex distributed microservices architectures, like Kubernetes, are constantly changing, with hundreds and even thousands of pods being created and destroyed within minutes. Because this environment is so dynamic, pre-defined metrics and logs aren’t effective for troubleshooting issues. Conventional observability approaches, which work well in traditional, monolithic environments, are inadequate for Kubernetes. So an observability solution that is purpose-built for a distributed microservices Continue reading

Weekend Reads 100821

first, a few interesting stories on the facebook outage


Facebook says that a configuration error broke its connection to a key network backbone, disconnecting all of its data centers from the Internet and leaving its DNS servers unreachable, the company said.


Following the Facebook outage that took place on 4 October, we saw people looking to BGPlay to get a better view of what went on. Here’s a look at what the RIPEstat visualisation has to show us about the event in question.


On October 4th Facebook managed to achieve one of the more impactful of outages of the entire history of the Internet, assuming that the metric of “impact” is how many users one can annoy with a single outage. In Facebook’s case the 6-hour outage affected the services it provides so some 3 billion users, if we can believe Facebook’s marketing hype.


But surely the bigger lesson is that we are all too dependent on too few Really Big providers. EU Competition Commissioner told Reuters “Facebook’s (FB.O) six-hour outage the previous day shows “the repercussions fn relying on just a few big players and underscores the need for more rivals.”

and other stories, as usual


Email Continue reading

What Can You Learn From Facebook’s Meltdown?

I wanted to wait to put out a hot take on the Facebook issues from earlier this week because failures of this magnitude always have details that come out well after the actual excitement is done. A company like Facebook isn’t going to do the kind of in-depth post-mortem that we might like to see but the amount of information coming out from other areas does point to some interesting circumstances causing this situation.

Let me start off the whole thing by reiterating something important: Your network looks absolutely nothing like Facebook. The scale of what goes on there is unimaginable to the normal person. The average person has no conception of what one billion looks like. Likewise, the scale of the networking that goes on at Facebook is beyond the ken of most networking professionals. I’m not saying this to make your network feel inferior. More that I’m trying to help you understand that your network operations resemble those at Facebook in the same way that a model airplane resembles a space shuttle. They’re alike on the surface only.

Facebook has unique challenges that they have to face in their own way. Network automation there isn’t a bonus. It’s Continue reading

What happened on the Internet during the Facebook outage

What happened on the Internet during the Facebook outage

It's been a few days now since Facebook, Instagram, and WhatsApp went AWOL and experienced one of the most extended and rough downtime periods in their existence.

When that happened, we reported our bird's-eye view of the event and posted the blog Understanding How Facebook Disappeared from the Internet where we tried to explain what we saw and how DNS and BGP, two of the technologies at the center of the outage, played a role in the event.

In the meantime, more information has surfaced, and Facebook has published a blog post giving more details of what happened internally.

As we said before, these events are a gentle reminder that the Internet is a vast network of networks, and we, as industry players and end-users, are part of it and should work together.

In the aftermath of an event of this size, we don't waste much time debating how peers handled the situation. We do, however, ask ourselves the more important questions: "How did this affect us?" and "What if this had happened to us?" Asking and answering these questions whenever something like this happens is a great and healthy exercise that helps us improve our own resilience.

Continue reading

Technology Short Take 146

Welcome to Technology Short Take #146! Over the last couple of weeks, I’ve gathered a few technology-related links for you all. There’s some networking stuff, a few security links, and even a hardware-related article. But enough with the introduction—let’s get into the content!

Networking

Servers/Hardware

  • Chris Mellor speculates that Cisco UCS may be on the way out; Kevin Houston responds with a “I don’t think so.” Who will be correct? I guess we will just have to wait and see.

Security

Cloud Computing/Cloud Management

VMware resource MOID lookup filter

Are you trying to manage private clouds easily and efficiently using Ansible Automation Platform? When it comes to VMware infrastructure automation, the latest release of the vmware.vmware_rest Collection and new lookup plugins bring a set of fresh features to build, manage and govern various VMware use cases and accelerate the process from development to production.

The modules in the vmware.vmware_rest Collection rely on the resource MOID a lot. This is a design decision that we covered in an earlier blog. Consequently, when the users want to modify a VMware resource, they need to first write Ansible tasks to identify its MOID.

The new 2.1.0 release of vmware.vmware_rest Collection comes with a series of filter plugins dedicated to gathering the resource MOID. In this blog post, we will help you to keep your VMware automation playbooks concise.

 

But first, What is a MOID?

Internally VMware vSphere manages resources in the form of objects. Every object has a type and an ID. What we are calling MOID stands for Managed Object ID. Using the vSphere UI obfuscates the MOID logic from users and presents the objects in a visible hierarchy, potentially at several different locations.

 

Continue reading

Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)

Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)
Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)

On September 29, 2021, the Apache Security team was alerted to a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49. The vulnerability, in some instances, can allow an attacker to fully compromise the web server via remote code execution (RCE) or at the very least access sensitive files. CVE number 2021-41773 has been assigned to this issue. Both Linux and Windows based servers are vulnerable.

An initial patch was made available on October 4 with an update to 2.4.50, however, this was found to be insufficient resulting in an additional patch bumping the version number to 2.4.51 on October 7th (CVE-2021-42013).

Customers using Apache HTTP Server versions 2.4.49 and 2.4.50 should immediately update to version 2.4.51 to mitigate the vulnerability. Details on how to update can be found on the official Apache HTTP Server project site.

Any Cloudflare customer with the setting normalize URLs to origin turned on have always been protected against this vulnerability.

Additionally, customers who have access to the Cloudflare Web Application Firewall (WAF), receive additional protection by turning on the rule with the following IDs:

Video: Theoretical View of Network Addressing

After explaining the basics of (network) names, addresses and routes, I wasted a few minutes of everyone’s time discussing the theoretical aspects of layered addressing, and then got back to practical issues like address scopes, namespaces, and address provisioning.

The video ends with a simple (and unappreciated) truth: if you have a point-to-point link between two nodes you don’t need data-link-layer addresses. The consequences of that fact are left as an exercise for the viewer (or you can wait till the next video ;)

Watch the video
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.
1 639 640 641 642 643 3,832