Rethinking BGP on the DC Fabric (part 4)

Before I continue, I want to remind you what the purpose of this little series of posts is. The point is not to convince you to never use BGP in the DC underlay ever again. There’s a lot of BGP deployed out there, and there are lot of tools that assume BGP in the underlay. I doubt any of that is going to change. The point is to make you stop and think!

Why are we deploying BGP in this way? Is this the right long-term solution? Should we, as a community, be rethinking our desire to use BGP for everything? Are we just “following the crowd” because … well … we think it’s what the “cool kids” are doing, or because “following the crowd” is what we always seem to do?

In my last post, I argued that BGP converges much more slowly than the other options available for the DC fabric underlay control plane. The pushback I received was two-fold. First, the overlay converges fast enough; the underlay convergence time does not really factor into overall convergence time. Second, there are ways to fix things.

If the first pushback is always true—the speed of the underlay control plane Continue reading

Hyperscalers Are Pushing Big Banking Infrastructure Around

Everyone who can afford it wants to emulate how the hyperscalers operate their infrastructure. …

Hyperscalers Are Pushing Big Banking Infrastructure Around was written by Nicole Hemsoth at The Next Platform.

Tech Bytes: InterBank Invests In Aruba EdgeConnect To Speed Branch Performance (Sponsored)

Today’s Tech Bytes podcast, sponsored by Aruba, dives into an SD-WAN deployment with InterBank. Guest Daniel Ruhl, Senior VP and Director of IT at InterBank, turned to Aruba's EdgeConnect SD-WAN edge platform to bond MPLS connections with broadband at each branch to improve the quality of experience while also retiring legacy infrastructure.

Tech Bytes: InterBank Invests In Aruba EdgeConnect To Speed Branch Performance (Sponsored)

The post Tech Bytes: InterBank Invests In Aruba EdgeConnect To Speed Branch Performance (Sponsored) appeared first on Packet Pushers.

Setting up Wireguard for AWS VPC Access

Seeking more streamlined access to AWS EC2 instances on private subnets, I recently implemented Wireguard for VPN access. Wireguard, if you’re not familiar, is a relatively new solution that is baked into recent Linux kernels. (There is also support for other OSes.) In this post, I’ll share what I learned in setting up Wireguard for VPN access to my AWS environments.

Since the configuration of the clients and the servers is largely the same (especially since both client and server are Linux), I haven’t separated out the two configurations. At a high level, the process looks like this:

Installing any necessary packages/software
Generating Wireguard private and public keys
Modifying the AWS environment to allow Wireguard traffic
Setting up the Wireguard interface(s)
Activating the VPN

The first thing to do, naturally, is install the necessary software.

Installing Packages/Software

On recent versions of Linux—I’m using Fedora (32 and 33) and Ubuntu 20.04—kernel support for Wireguard ships with the distribution. All that’s needed is to install the necessary userspace tools.

On Fedora, that’s done with dnf install wireguard-tools. On Ubuntu, the command is apt install wireguard-tools. (You can also install the wireguard meta-package, if you’d prefer.) Apple’s macOS, for example, Continue reading

The Week in Internet News: Facebook Blocks News from Australia

No news for you: Facebook has blocked Australians from viewing or sharing news on its site in response to a proposed law that would require social media sites and other online services to pay news publishers, the BBC reports. The “power play” may backfire, however, “given how concerned many governments have grown about the company’s unchecked influence over society, democracy and political discourse,” The Associated Press says.

SpaceX rejected: A village in France is not interested in becoming the site of a ground station for SpaceX’s satellite-based broadband service, Yahoo Finance says. Residents of Saint-Senier-de-Beuvron are concerned about the impact of the antennas on the health of residents, said Noemie Brault, deputy mayor in the village. Still, many supporters of the SpaceX Starlink project see major benefits, including expanded Internet access to low-income nations, writes Larry Press, an information systems professor at California State University. Press writes on CircleID.com that connections to India, for example, are likely to serve community organizations, clinics, schools, and businesses.

No pictures, please: Facial recognition startup Clearview AI is in trouble in Canada for collecting photos of the country’s residents without their permission, TechCrunch reports. Collecting the photos violated Canadian privacy regulations, the country’s Continue reading

Introduction to ansible-test

As automation becomes crucial for more and more business cases, there is an increased need to test the automation code itself. This is where ansible-test comes in: developers who want to test their Ansible Content Collections for sanity, unit and integration tests can use ansible-test to achieve testing workflows that integrate with source code repositories.

Both ansible-core and ansible-base come packaged with a cli tool called ansible-test, which can be used by collection developers to test their Collection and its content. The ansible-test knows how to perform a wide variety of testing-related tasks, from linting module documentation and code to running unit and integration tests.

We will cover different features of ansible-test in brief below.

How to run ansible-test?

With the general availability of Ansible Content Collections with Ansible-2.9, a user can run ansible-test inside a collection to test the collection itself. ansible-test needs to be run from the collection root or below in order for ansible-test to run tests on the Collection.

If you try to run ansible-test from outside the above directory norms, it will throw an error like below:

root@root ~/.ansible/collections ansible-test sanity
ERROR: The current working directory must be at or below:
                                                                                                                                                                                                                                            
-  Continue reading

Introduction to ansible-test

We will cover different features of ansible-test in brief below.

How to run ansible-test?

If you try to run ansible-test from outside the above directory norms, it will throw an error like below:

root@root ~/.ansible/collections ansible-test sanity
ERROR: The current working directory must be at or below:
                                                                                                                                                                                                                                            
 Continue reading

Tetrate’s GetIstio Promises to Simplify Management of a Istio Service Mesh

While the open source GetIstio, a commercial service mesh based on Istio and Varun Talwar. “The thing is, these are not static projects, right? Neither Kubernetes, nor Istio, nor Envoy,” said Talwar. “Every three months, you typically have new releases from these projects, Continue reading

IoT, edge computing and AI projects pay off for asset-based enterprises

Bill Holmes, facilities manager at the Corona, Calif., plant that produces the iconic Fender Stratocaster and Telecaster guitars, remembers all too well walking the factory floor with a crude handheld vibration analyzer and then plugging the device into a computer to get readings on the condition of his equipment.While all of the woodworking was done by hand when Leo Fender founded Fender Musical Instruments Corp. 75 years ago, today the guitar necks and bodies are produced with computer-controller woodworking routers, then handed off to the craftsmen who build the final product. Holmes says he is always looking for the latest technological advances to solve problems (he uses robotics to help paint the guitars), and there's no problem more vexing than equipment breakdowns.To read this article in full, please click here

Pure Storage expands its flash-storage systems and software lines

Pure Storage, the all-flash storage-array vendor, has expanded its Purity software base and is also expanding its line of storage products.Pure has three storage lines, the FlashArray//X, the FlashBlade, and the FlashArray//C lines, all managed by its Purity software line. The updated Purity software adds Windows-application acceleration for the FlashBlade and FlashArray lines and delivers ransomware protection across file, block and native cloud-based apps, among other features. Read about backup and recovery: Backup vs. archive: Why it’s important to know the difference How to pick an off-site data-backup method Tape vs. disk storage: Why isn’t tape dead yet? The correct levels of backup save time, bandwidth, space The new version of Purity also adds granular monitoring so administrators get real-time visibility into the most active users on a network and see who is stressing the storage system.To read this article in full, please click here

IT Salary Survey 2021: Compensation holds steady despite pandemic

Our survey of 1,172 IT pros finds that despite the pandemic, most people have seen compensation rise or remain steady but some old inequalities remain

IoT, edge computing and AI projects pay off for asset-based enterprises

Pure Storage expands its flash-storage systems and software lines

MUST READ: Designing a Simple Disaster Recovery Solution

A few weeks ago Adrian Giacometti described a no-stretched-VLANs disaster recovery design he used for one of his customers.

The blog post and related LinkedIn posts generated tons of comments (and objections from the usual suspects), prompting Adrian to write a sequel describing the design requirements he was facing, tradeoffs he made, and interactions between server and networking team needed to make it happen.

Keep reading

MUST READ: Designing a Simple Disaster Recovery Solution

A few weeks ago Adrian Giacometti described a no-stretched-VLANs disaster recovery design he used for one of his customers.

Keep reading

Do These 5 Things Before Moving Your Business to the Cloud

When moving to cloud it’s easy to assume they’re doing things you should be doing and aren’t. With cloud, you always want to know who’s flying the plane.

Tools 5. Searching for live hosts with fping. IPv4 and IPv6 version.

Hello my friend,

Quite often, when we do the troubleshooting of our networks and systems, we want to figure out, which hosts are alive in the certain range. The quickest and the easiest way (though, not 100% accurate) is to run the ping against a specific range of IPs. There is a brilliant tool for this purpose, which is called fping.


1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Can automation help to find issues in the network quickly?

All the time, when the outage is happening in the production environment, either with the network or server/application infrastructure, the race starts to restore the service as soon as possible. Automation is a key helper there.

In our trainings, the Live Network Automation Training (10 weeks) and Automation with Nornir (2 weeks), we explore a lot of real use cases, where the automation helps you to validate the state of you network and change it if necessary. You will learn the whole spectre of Continue reading

Networking and Infrastructure News Roundup: February 19 Edition

In the news this week: Partnerships to enhance SD-WAN offerings, improve attendee experience in ballparks, and modernize legacy apps by migrating to public cloud.

Weekend Reads 021921

In the current quantum computing landscape, there are hardware and software providers with the most prominent players doing both. While the shakeout on which of these companies will become the prominent won’t even begin for a few years yet, there are some companies that have some significant advantages across the quantum spectrum.

NLNOG RING allows engineers to access other networks securely so they can collect troubleshooting data without having to wait for the other side. Ten years after its launch, Martin Pels takes a look back on how the project came to be and how it evolved over the past decade.

SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series devices.

Even after 40 years of working to mitigate fileless attacks, the software industry is still struggling to eliminate them. By hijacking the control flow of a running application by exploiting a buffer-overflow vulnerability, fileless malware is responsible for numerous zero-day attacks.

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade.

A growing number of ransomware victims Continue reading

« Previous 1 … 776 777 778 779 780 … 3,832 Next »