Notes on Pushing Ansible-generated FortiOS Configs

I’m working on a project to push out configuration files to Fortigates using the ‘configuration restore’ capability in FortiOS. The configs are generated using Jinja2 templates and then restored to the remote device via SCP. This post is to collect together a few of the pitfalls and things I learned in the process. Hopefully it will help someone else out of a hole.

Why use SCP in the first place?

I had every intention of using the FortiOS Ansible modules for this process, specifically fortinet.fortios.fortios_system_config_backup_restore. The issue with doing so is that it operates over the REST API. To use the API, you have to go on to the box and generate an API token. The issue here is that you only see the token in cleartext at the point of creation, after which it is stored cryptographically in the config. This means that on the script host you need to keep a vault with both versions – cleartext to push to the API, and cryptotext to insert into the config file you are pushing.

Instead, it is easier to enable SCP on the devices, put an admin PKI user’s public key in every config and restore over Continue reading

Video: Finding Paths Across the Network

Regardless of the technology used to get packets across the network, someone has to know how to get from sender to receiver(s), and as always, you have multiple options:

  • Almighty controller
  • On-demand dynamic path discovery (example: probing)
  • Participation in a routing protocol

For more details, watch Finding Paths Across the Network video.

Watch the video
The video is part of How Networks Really Work webinar and available with Free ipSpace.net Subscription.

Video: Finding Paths Across the Network

Regardless of the technology used to get packets across the network, someone has to know how to get from sender to receiver(s), and as always you have multiple options:

  • Almighty controller
  • On-demand dynamic path discovery (example: probing)
  • Participation in a routing protocol

For more details, watch Finding Paths Across the Network video.

Watch the video
The video is part of How Networks Really Work webinar and available with Free ipSpace.net Subscription.

US Air Force Spends $100 Million To Accelerate Data Warehouses

We talk about big money being spent on GPU-accelerated HPC and AI systems all the time here at The Next Platform, and we have been clear that we think another area where such acceleration will take off is with databases and related analytics, and particularly with data warehouses that have trillions of rows of data.

US Air Force Spends $100 Million To Accelerate Data Warehouses was written by Timothy Prickett Morgan at The Next Platform.

Member News: Mali Chapter Works to Get Women Online

Lending a hand: The Mali Chapter of the Internet Society is focusing on helping women who aren’t digitally literate connect to the Internet. The chapter is providing training to help these women, including women with disabilities, earn income through online services like Facebook and WhatsApp. Participants have included small business operators, including caterers and hairdressers.

Antisocial networks: A recent survey by Internet Society chapter the Israeli Internet Association has found that about half of the people in the country refrain from responding on social networks for fear of encountering violent reactions. The survey also found that 86 percent of Israelis believe that discourse on social networks is violent, and 80 percent believe that public figures and politicians share violent discourse on social media.

Talking governance: Netherlands chapter board member Ruben Brave was recently invited by the Ministry of Foreign Affairs and the FreedomLab think tank to give a speech about Internet governance and respond to a recent position paper. He focused on recognizing human rights during debates about Internet governance. “Invest again in the explicit contribution of human rights in the re-design and management of Internet protocols by making people and resources available to knowledge institutions and invest in training for Continue reading

Cisco AppDynamics software melds security, application management

Cisco AppDynamics is making it easier for customers to integrate security features with application development to help customers detect threats, identify non-standard application behavior, and block attacks.The company is adding software, called Cisco Secure Application, to the AppDynamics platform to correlate security and application information by scanning code execution for known exploits. Vulnerability data is shared with application and security operations teams so that together they can prioritize, execute, and track remediation efforts. Read more: How AI can create self-driving data centersTo read this article in full, please click here

Cisco AppDynamics software melds security, application management

Cisco AppDynamics is making it easier for customers to integrate security features with application development to help customers detect threats, identify non-standard application behavior, and block attacks.The company is adding software, called Cisco Secure Application, to the AppDynamics platform to correlate security and application information by scanning code execution for known exploits. Vulnerability data is shared with application and security operations teams so that together they can prioritize, execute, and track remediation efforts. Read more: How AI can create self-driving data centersTo read this article in full, please click here

The Real Intent Behind Intent Based Networking

Networking is one of the industries where every time a good idea comes around it doesn’t take long for that idea to get coopted and turned into something to sell products, often drastically changing the intent of the original idea. Today we’re going to try to roll back the clock a bit and discuss the original idea around Intent Based Networking. What is it? What does it mean for you? And how do products fit into the original intent.

Show Notes

  • Compare/contrast the original intent of Intent Based Networking with what it has been marketed as
  • Trajectory towards Intent Based Networks
    • Traditional models
    • Automation added
    • Orchestration added
    • Intent added
  • Three pillars of Intent Based Networking
    • Defining Intent
    • Fulfilling Intent
    • Assuring Intent
  • Gaps between the vision and current reality
  • Approach vs. Product – what’s the right way to think about Intent Based Networking
Daren Fulwell
Guest
Tony Efantis
Host
Jordan Martin
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post The Real Intent Behind Intent Based Networking appeared first on Network Collective.

Donating Docker Distribution to the CNCF

We are happy to announce that Docker has contributed Docker Distribution to the Cloud Native Computing Foundation (CNCF). Docker is committed to the Open Source community and open standards for many of our projects, and this move will ensure Docker Distribution has a broad group maintaining what is the foundation for many registries. 

What is Docker Distribution?

Distribution is the open source code that is the basis of the container registry that is part of Docker Hub, and also many other container registries. It is the reference implementation of a container registry and is extremely widely used, so it is a foundational part of the container ecosystem. This makes its new home in the CNCF highly appropriate.

Docker Distribution was a major rewrite of the original Registry code which was written in Python and was a much earlier design not using content addressed storage. This new version, written in Go, was designed to be an extensible library, so that different backends and subsystems could be designed. Docker formed the Open Container Initiative (OCI) in 2015, in the Linux Foundation, in order to standardise the specifications for the container ecosystem, including the registry and image formats.

Why are we donating Docker Continue reading

MUST READ: Fast and Simple Disaster Recovery Solution

More than a year ago I was enjoying a cool beer with my friend Nicola Modena who started explaining how he solved the “you don’t need IP address renumbering for disaster recovery” conundrum with production and standby VRFs. All it takes to flip the two is a few changes in import/export route targets.

I asked Nicola to write about his design, but he’s too busy doing useful stuff. Fortunately he’s not the only one using common sense approach to disaster recovery designs (as opposed to flat earth vendor marketectures). Adrian Giacometti used a very similar design with one of his customers and documented it in a blog post.

Read more …

MUST READ: Fast and Simple Disaster Recovery Solution

More than a year ago I was enjoying a cool beer with my friend Nicola Modena who started explaining how he solved the “you don’t need IP address renumbering for disaster recovery” conundrum with production and standby VRFs. All it takes to flip the two is a few changes in import/export route targets.

I asked Nicola to write about his design, but he’s too busy doing useful stuff. Fortunately he’s not the only one using common sense approach to disaster recovery designs (as opposed to flat earth vendor marketectures). Adrian Giacometti used a very similar design with one of his customers and documented it in a blog post.

Read more …

PCI-Express 5.0: The Unintended But Formidable Datacenter Interconnect

If the datacenter has been taken over by InfiniBand, as was originally intended back in the late 1990s, then PCI-Express peripheral buses and certainly PCI-Express switching – and maybe even Ethernet switching itself – would not have been necessary at all.

PCI-Express 5.0: The Unintended But Formidable Datacenter Interconnect was written by Timothy Prickett Morgan at The Next Platform.

Bill Krause | Zero to a Million Ethernet Ports + The Epiphany

Hosts Brandon and Derick have the honor of interviewing Bill Krause and hearing some fascinating stories about the early days of Silicon Valley, including the origins of HP's first computer division, and how Bill (along with previous podcast guest Bob Metcalfe) took Ethernet from zero to one million ports ahead of their already-ambitious timeline.

Bill is a tech luminary, having served as the CEO and President, and then Board Chairman, of 3Com, growing the business from a VC-backed startup to a publicly traded $1B company with global operations. Prior to 3Com, Bill was the GM of HP's first personal computer division, and grew that business exponentially as well.  He's currently a board partner with Andreessen Horowitz as well as Chairman of the Board at Veritas, and he also serves on the boards of CommScope, SmartCar, and Forward Networks.  Bill is a noted philanthropist; he and his wife Gay Krause have funded many national and local programs focusing on education, leadership, and ethics. 

Tune in and join us to hear Bill's amazing stories, his lessons learned, and his profound advice to young entrepreneurs. 

Networking software can ease the complexity of multicloud management

Deploying and operating applications in multiple public clouds is critical to many IT leaders, and networking software can help.Migrating applications to cloud infrastructure requires scale, performance, and, importantly, automation. But achieving them all can be challenging due to limited visibility into that infrastructure and the fact that each IaaS platform has proprietary controls for networking and security that can make multicloud operations highly manual and therefore time consuming.[Get regularly scheduled insights by signing up for Network World newsletters.] As a result, IT teams can be challenged to quickly resolve application performance issues, protect against external attacks and reduce costs. Their goal should be to combine the agility of IaaS resources with the security, manageability and control of their physical network.To read this article in full, please click here

The Hedge Podcast #69: Container Networking Done Right

Everyone who’s heard me talk about container networking knows I think it’s a bit of a disaster. This is what you get, though, when someone says “that’s really complex, I can discard the years of experience others have in designing this sort of thing and build something a lot simpler…” The result is usually something that’s more complex. Alex Pollitt joins Tom Ammon and I to discuss container networking, and new options that do container networking right.

download

1 797 798 799 800 801 3,842