Miscellaneous notes on Aviatrix.
Usually updated on Fridays. New and updated notes are placed at the top.
Updating the Aviatrix Controller IAM Policy:
When deploying the Aviatrix controller in AWS for the first time, the AWS CloudFormation template that launched your controller may not have the most current IAM policy definitions for the IAM roles it creates for the controller to use. To remedy this, right after your controller is launched and you’ve logged on for the first time, do the following:
Define your Primary access account. Go to Onboarding > AWS > Create Primary Access Account. This is the AWS account that your controller lives in.
Now go to Accounts > Access Accounts. Highlight the Primary access account you just created and click “Update Policy”. This will update the IAM policy applied to the IAM roles your controller will be using to the latest and greatest.
How to use an AWS ACM Certificate with your Aviatrix controller:
To apply an ACM public certificate to your UI sessions with the Aviatrix controller you’ll need to use a Load Balancer and attach your certificate to it. Here’s what I did:
The history of El Salvador’s Internet exchange point (IXSal) is perhaps the longest and most complex, beginning at the end of the last century, in 1999, explains its founder, Lito Ibarra, with a smile. “It started out as a utopia after I started hearing about the experiences of other countries.” Ibarra wrote proposals and received […]
if stretching the layer 2 is not recommended, then what is the recommendation if you need to fault over to a different physical location and still got to keep the same IP addresses for mission critical applications?
TL;DR
That video is a couple of years old at this point, and I don’t recall the entire discussion. Here’s my answer at this moment in time. If DCI is required (and I argue that it shouldn’t be in most cases), look at VXLAN/EVPN. EVPN is supported by several vendors. If you are a multi-vendor shop, watch for EVPN inter-vendor compatibility problems. Also look for vendor EVPN guides discussing the use case of data center interconnect (DCI).
Also be aware (and beware) of vendor-proprietary DCI technologies like Cisco’s OTV. I recommend against investing in OTV and similar tech unless you already have hardware that can do it and can turn the feature on for free. Otherwise, my opinion, for what it’s worth, is to stick with an EVPN solution. EVPN is a standard that’s been running in production environments for Continue reading
Today's Heavy Networking explores how First Bank uses Aruba’s SD-WAN to advance its cloud migration, support remote workers, and provide secure segmentation for IoT devices. We also discuss the growing trend of SASE and First Bank’s strategy around cloud-delivered security services. Our guests are Marc Ashworth, CISO at First Bank; and Damon Ennis, VP of Engineering at Aruba Networks.
Today's Heavy Networking explores how First Bank uses Aruba’s SD-WAN to advance its cloud migration, support remote workers, and provide secure segmentation for IoT devices. We also discuss the growing trend of SASE and First Bank’s strategy around cloud-delivered security services. Our guests are Marc Ashworth, CISO at First Bank; and Damon Ennis, VP of Engineering at Aruba Networks.
In this episode we will discuss the idea of SD-WAN vs. Application Acceleration and WANop. With the proliferation of SD-WAN we’ve heard a lot of people say that SD-WAN gives you the traffic control, but does it negate the need for application acceleration or WAN optimization tools? We attack this common misconception and discuss our stance on the matter in this episode.
Load Balancing as a concept is pretty straightforward. Take an existing infrastructure and route requests to the available origin servers so no single server is overwhelmed. Add in some health monitoring to ensure each server has a heartbeat/pulse so proactive decisions can be made. With two steps, you get more effective utilization of your existing resources… simple enough!
As your application grows, however, load balancing becomes more complicated. An example of this — and the subject of this blog post — is how load balancing interacts with the Host header in an HTTP request.
Host headers and load balancing
Every request to a website contains a unique piece of identifying information called the Host header. The Host header helps route each request to the correct origin server so the end user is sent the information they requested from the start.
For example, say that you enter example.com into my URL bar in my browser. You are sending a request to ‘example.com’ to send you back the homepage located within that application. To make sure you actually get resources from example.com, your browser includes a Host header of example.com. When that request reaches the back-end infrastructure, Continue reading
This chapter introduces the operation of the Overlay Management Protocol (OMP). It starts by introducing TLOC Routes which are used for establishing tunnels between vEdges. Next, it explains OMP Routes which in turn are used for advertising client VPN-specific networks reachability information. I am also going to show the data plane encapsulation when data is sent between the hosts in site 10 and site 30. The purpose of the data plane section is to show how the label attribute advertised within OMP routing advertisements is used to identify customer VPN. In order to see inside captured packets, I am using GRE tunnels instead of IPSec. Figure 3-1 illustrates the example topology used in this chapter. The customer VPN 10 is used on both sites. Site 10 subnet is 172.16.10.0/24 and site 30 subnet is 172.16.30.0/24. Interface ge0/0 in both vEdges is connected to the Public-Internet, and interface ge0/1 is the connected to MPLS transport network where the customer has its dedicated MPLS VPN.
In this Linux tip, learn how to use the ps command. It displays information on running processes. If you want to see only certain processes, you can pass the output of a ps command to grep and specify what you want to see – for example, by username or process name.
As I started Software Gone Wild podcast in June 2014, I wanted to help networking engineers grow beyond the traditional networking technologies. It’s only fitting to conclude this project almost seven years and 116 episodes later with a similar theme Avi Freedman proposed when we started discussing podcast topics in late 2020: how do we make networking attractive to young engineers.
Elisa Jasinska and Roopa Prabhu joined Avi and me, and we had a lively discussion that I hope you’ll find interesting.
As I started Software Gone Wild podcast in June 2014, I wanted to help networking engineers grow beyond the traditional networking technologies. It’s only fitting to conclude this project almost seven years and 116 episodes later with a similar theme Avi Freedman proposed when we started discussing podcast topics in late 2020: how do we make networking attractive to young engineers.
Elisa Jasinska and Roopa Prabhu joined Avi and me, and we had a lively discussion that I hope you’ll find interesting.
Before the beginning of the COVID-19 pandemic, massive-scale remote connections over the Internet to households largely consisted of connections to entertainment services, such as Netflix. For those types of symmetric connections, fast download times ensure a good service. However, once the pandemic started, users working from home lacked sufficient upload times that could be at least 10 times slower for uploading data. This quickly became problematic for work-related connections, such as video and even audio connections for web meetings, said
Today we are pleased to announce the release of Docker Desktop 3.3.
We’ve been listening to your feedback on our Public Roadmap and we are consistently asked for three things: smaller downloads, more flexible installation options, and more frequent feature releases, bug fixes, and security updates.
We also heard from our community that the smaller updates are appreciated, requiring immediate installation is not convenient, and automatic background downloads are problematic for developers on constrained or metered bandwidth.
We’ve heard you and are changing how updates to Docker Desktop work, while still maintaining the ability to provide you with smaller, faster updates. We are also providing additional flexibility to developers with Pro or Team subscriptions.
Flexibility for Updates
With Docker Desktop 3.3, when a new update to Docker Desktop is available, it will no longer be automatically downloaded and installed on your next restart.You can now choose when to start the download and installation process.
To encourage developers to stay up to date, we have built in increasingly persistent reminders after an update has become available.
If you use Docker Desktop at work you may need to skip a specific update. For this reason, Pro or Team subscription Continue reading
Last week I told you about an immersion-cooling firm called LiquidStack being spun off from its parent company, the China-based server vendor Wiwynn. The story mentioned how Microsoft was experimenting with immersion cooling, and now Microsoft has pulled back the curtain on the whole show.It’s been trying out immersion cooling for two years but is now going full throttle, at least at its Quincy, Washington, data center. Situated in the middle of the state, the city of Quincy is tiny—just 6,750 as of 2010—but the Columbia River cuts through it, making it ideal for a hydropower-based data center, and there are several data centers in this tiny town.To read this article in full, please click here
Last week I told you about an immersion-cooling firm called LiquidStack being spun off from its parent company, the China-based server vendor Wiwynn. The story mentioned how Microsoft was experimenting with immersion cooling, and now Microsoft has pulled back the curtain on the whole show.It’s been trying out immersion cooling for two years but is now going full throttle, at least at its Quincy, Washington, data center. Situated in the middle of the state, the city of Quincy is tiny—just 6,750 as of 2010—but the Columbia River cuts through it, making it ideal for a hydropower-based data center, and there are several data centers in this tiny town.To read this article in full, please click here
Those who follow my work know I’ve been focused on building live webinars for the last year or two, but I am still creating pre-recorded material for Pearson. The latest is built from several live webinars which I no longer give; I’ve updated the material and turned them into a seven-hour course called How Networks Really Work. Although I begin here with the “four things,” the focus is on a problem/solution view of routed control planes. From the description:
There are many elements to a networking system, including hosts, virtual hosts, routers, virtual routers, routing protocols, discovery protocols, etc. Each protocol and device (whether virtual or physical) is generally studied as an individual “thing.” It is not common to consider all these parts as components of a system that works together to carry traffic through a network. To show how all these components work together to form a complete system, this video course presents a series of walk throughs showing the processing involved in various kinds of network events, and how control planes use those events to build the information needed to carry traffic through a network.
The San Diego Supercomputer Center (SDSC) will be preparing to put nearly ten racks of Habana AI hardware on the floor, marking the first time we have seen the AI chip startup (acquired by Intel in 2019) in force at any major supercomputing site. …
