Tech Bytes: MSSP Partners With Fortinet To Deliver Secure SD-WAN (Sponsored)
Today's Tech Bytes podcast from the Packet Pushers is a conversation with Node4, a managed security service provider that's deploying and operating Fortinet’s Secure SD-WAN for its customers. Fortinet is our sponsor. Our guest from Node4 is Glenn Akester, Lead Network Services Architect.
The post Tech Bytes: MSSP Partners With Fortinet To Deliver Secure SD-WAN (Sponsored) appeared first on Packet Pushers.
Rant: Don’t Ever Compare Enterprise IT Shenanigans with Apollo 13
Here’s a recent tweet by my friend Joe Onisick that triggered this blog post:
My favorite people are the ones that start with “how could we make that work?” Before jumping into all of their preconceived bs on why it won’t work.
I couldn’t agree more with that sentiment. The number of people who would invent all sorts of excuses just to avoid turning on their brains and keep to their cozy old methods is staggering. Unfortunately, someone immediately had the urge to switch into what I understood to be a heroic MacGyver mode (or maybe it was just my lack of caffeine, in which case I apologize for the misquote… but you might still like the rest of the rant):
Rant: Don’t Ever Compare Enterprise IT Shenanigans with Apollo 13
Here’s a recent tweet by my friend Joe Onisick that triggered this blog post:
My favorite people are the ones that start with “how could we make that work?” Before jumping into all of their preconceived bs on why it won’t work.
I couldn’t agree more with that sentiment. The number of people who would invent all sorts of excuses just to avoid turning on their brains and keep to their cozy old methods is staggering. Unfortunately, someone immediately had the urge to switch into what I understood to be a heroic MacGyver mode (or maybe it was just my lack of caffeine, in which case I apologize for the misquote… but you might still like the rest of the rant):
Networking and Infrastructure News Roundup: February 12 Edition
In the news this week: Solutions and partnerships to help with the transition to cloud and support for Kubernetes.Install azruntime as a CLI program using pipx
azruntime, the Python program I wrote to manage virtual machines in my Azure subscriptions, is more convenient to use when run as a command from the Linux prompt instead of as a Python program in its virtual environment. You can install Python packages as command-line-programs using pipx.
To make azruntime work after using pipx to install it, I had to organize the project into a proper Python package folder structure, add an entry point in the setup.py file, and change the authentication class used by azruntime.
This post describes what I learned about pipx and Python packaging to enable me to install azruntime as a CLI application.
Changing the package directory structure
I originally structured the azruntime package so all its files were in one folder. I know this is not the standard way that packages are organized but I thought it was simpler and it worked with pip. However, pipx requires the correct package folder structure.
Below, I show the new folder structure I created.
azruntime/
├── LICENSE
├── README.md
├── azruntime
│ ├── __init.py__
│ ├── __main__.py
│ └── azruntime.py
├── requirements.txt
└── setup.py
At the top level, I have Continue reading
Worth Reading: Internet of Trash
I love the recent Internet of Trash article by Geoff Huston, in particular this bit:
“Move fast and break things” is not a tenable paradigm for this industry today, if it ever was. In the light of our experience with the outcomes of an industry that became fixated on pumping out minimally viable product, it’s a paradigm that heads towards what we would conventionally label as criminal negligence.
Of course it’s not just the Internet-of-Trash. Whole IT is filled with examples of startups and “venerable” companies doing the same thing and boasting about their disruptiveness. Now go and read the whole article ;)
Worth Reading: Internet of Trash
I love the recent Internet of Trash article by Geoff Huston, in particular this bit:
“Move fast and break things” is not a tenable paradigm for this industry today, if it ever was. In the light of our experience with the outcomes of an industry that became fixated on pumping out minimally viable product, it’s a paradigm that heads towards what we would conventionally label as criminal negligence.
Of course it’s not just the Internet-of-Trash. Whole IT is filled with examples of startups and “venerable” companies doing the same thing and boasting about their disruptiveness. Now go and read the whole article ;)
Closing out the Tokyo Assignment
In late 2019, I announced that I would be temporarily relocating to Tokyo for a six-month assignment to build out a team focused on cloud-native services and offerings. A few months later, I was still in Colorado, and I explained what was happening in a status update on the Tokyo assignment. I’ve had a few folks ask me about it, so I thought I’d go ahead and shared that the Tokyo assignment did not happen and will not happen.
So why didn’t it happen? In my March 2020 update, I mentioned that paperwork, approvals, and proper budget allocations had slowed down the assignment, but then the pandemic hit. Many folks, myself included, expected that the pandemic would work itself out, but—as we now clearly know—it did not. And as the pandemic dragged on (and continues to drag on), restrictions on travel and concerns over public health and safety continued to mean that the assignment was not going to happen. As many of you know all too well, travel restrictions still exist even today.
OK, but why won’t it happen in the future, when the pandemic is under control? At the time when the Tokyo assignment was offered to me, there Continue reading
Worth Reading: Advice(s) for Engineering Managers
Just in case you were recently promoted to be a team leader or a manager: read these somewhat-tongue-in-cheek advices:
- How do I feel worthwhile as a manager when my people are doing all the implementing? by Charity Majors
- The Non-psychopath’s Guide to Managing an Open-source Project by Kode Vicious.
Need more career advice? How about The Six Year Rule by Bryan Sullins… or you could go and reread my certifications-related blog posts.
Worth Reading: Advice(s) for Engineering Managers
Just in case you were recently promoted to be a team leader or a manager: read these somewhat-tongue-in-cheek advices:
- How do I feel worthwhile as a manager when my people are doing all the implementing? by Charity Majors
- The Non-psychopath’s Guide to Managing an Open-source Project by Kode Vicious.
Need more career advice? How about The Six Year Rule by Bryan Sullins… or you could go and reread my certifications-related blog posts.
Automate Leaf and Spine Deployment – Part3
The 3rd post in the ‘Automate Leaf and Spine Deployment’ series goes the through the variables from which the core fabric declaration is made and how this transposes into a dynamic inventory. This uses only the base and fabric roles to create the fabric ready for the service sub-roles (tenant, interface and route) to be deployed on top of the fabric at a later stage.
Building your own SD-WAN with Envoy and Wireguard
When using a personal VPN at home, one of the biggest problems I’ve faced was the inability to access public streaming services. I don’t care about watching Netflix from another country, I just want to be able to use my local internet connection for this kind of traffic while still encrypting everything else. This problem is commonly known in network engineering as “local internet breakout” and is often implemented at remote branch/edge sites to save costs of transporting SaaS traffic (e.g. Office365) over the VPN infrastructure. These “local breakout” solutions often rely on explicit enumeration of all public IP subnets, which is a bit cumbersome, or require “intelligent” (i.e. expensive) DPI functionality. However, it is absolutely possible to build something like this for personal use and this post will demonstrate how to do that.
Solution Overview
The problem scope consists of two relatively independent areas:
Traffic routing - how to forward traffic to different outgoing interfaces based on the target domain.
VPN management - how to connect to the best VPN gateway and make sure that connection stays healthy.
Each of one these problem areas is addressed by a separate set of components.
VPN management is solved Continue reading
Czech Republic Sticks With NEC Vector Engines For Weather Modeling
There are two different Auroras right now in supercomputing. There is the shape-shifting, legendary, and maybe even mythical “Aurora” and now “Aurora A21” exascale supercomputer that was being built by Intel with “Knights” many core processors and now, if Intel can get them out the door, with a combination of “Sapphire Rapids” Xeon SP processors and “Ponte Vecchio” Xe GPU accelerators, for Argonne National Laboratory. …
Czech Republic Sticks With NEC Vector Engines For Weather Modeling was written by Timothy Prickett Morgan at The Next Platform.
Announcing the Candidate Slates for the 2021 Board of Trustees Elections
As Chair of the Internet Society Nominations Committee, I am pleased to announce the slates of candidates for the 2021 Board of Trustees elections. The candidates for each slate are listed below in alphabetical order by last name.
Chapters Election (one seat available)
- Leiska Evanson
- Luis Martinez
- Rao Naveed Bin Rais
- Muhammad Shabbir
- Niels ten Oever
Organization Members Election (two seats available)
- Paul Ebersman
- Robert Pepper
- Wei Wang
- Heather West
Additional nominations for election to the Board of Trustees may be made by petition by the nominee, and filed with the Chair of the Nominations Committee using the online form available at the Petitions page: https://www.internetsociety.org/board-of-trustees/elections/2021/petitions/
The deadline for receipt of petition requests is 15:00 UTC on Friday, 26 February 2021. The deadline for petition signatures is Friday, 5 March 2021 at 15:00 UTC. The names of any successful petitioners will be placed on the ballot.
The final candidate slate will be announced on Monday, 8 March, and voting will open on Friday, 9 April.
Learn more about the candidates and the elections, including the petition process at: https://www.internetsociety.org/board-of-trustees/elections/
The Committee thanks all of the nominees who expressed interest and willingness to serve on the Internet Continue reading
Heavy Networking 561: Modeling Your Network For Intent-Based Assurance With IP Fabric (Sponsored)
In today's podcast, sponsored by IP Fabric, we dive into the IP Fabric Network Assurance platform. This platform gathers network configuration and state, and then builds a network model using a graph database. The result is a "digital twin" of the network that engineers and security teams can use for troubleshooting, to plan and verify changes, for network and security analysis, and to enable closed-loop automation. Our guests from IP Fabric are Pavel Bykov, CEO; and Daren Fulwell, Network Automation Evangelist.Heavy Networking 561: Modeling Your Network For Intent-Based Assurance With IP Fabric (Sponsored)
In today's podcast, sponsored by IP Fabric, we dive into the IP Fabric Network Assurance platform. This platform gathers network configuration and state, and then builds a network model using a graph database. The result is a "digital twin" of the network that engineers and security teams can use for troubleshooting, to plan and verify changes, for network and security analysis, and to enable closed-loop automation. Our guests from IP Fabric are Pavel Bykov, CEO; and Daren Fulwell, Network Automation Evangelist.
The post Heavy Networking 561: Modeling Your Network For Intent-Based Assurance With IP Fabric (Sponsored) appeared first on Packet Pushers.