NB463: Cisco Buys eBPF Startup For Cloud-Native Networking; Garter Forecasts $5 Trillion In IT Spending
This week’s Network Break examines why Cisco bought eBPF startup Isovalent (hint: it’s about cloud-native networking), why Broadcom is cranking up pressure on VMware resellers and customers (hint: it’s about money), and why Google Cloud is sort of dropping fees for customers who want to exit the cloud (hint: it’s about getting out ahead of... Read more »Juniper Acquisition by HPE – What Might it Mean for Enterprise Customers?
Significant overlap between HPE and Juniper network portfolios may force some customers to reevaluate their hardware and software options.Expect Datacenters To Get Denser, Hotter, And Smarter
The datacenter industry today looks very different than it did a decade ago. …
Expect Datacenters To Get Denser, Hotter, And Smarter was written by Tobias Mann at The Next Platform.
Using SSH with the Pulumi Docker Provider
In August 2023, Pulumi released a version of the Docker provider that supported SSH-based connections to a Docker daemon. I’ve written about using SSH with Docker before (see here), and I sometimes use AWS-based “Docker build hosts” with my M-series Macs to make it easier/simpler (and sometimes faster) to build x86_64-based Docker images. Naturally, I’m using an SSH connection in those cases. Until this past weekend, however, I hadn’t really made the time to look deeper into how to use SSH with the Pulumi Docker provider. In this post, I’ll share some details that (unfortunately) haven’t yet made it into the documentation about using SSH with the Pulumi Docker provider.
First, let’s talk about some prerequisites to making this work.
- You’ll need Docker installed locally. I fairly certain this is only the
dockerCLI (much in the same way the Pulumi Kubernetes provider requireskubectlto be installed locally), but I haven’t verified this for certain yet. I tested this from a Linux system running Docker 24.0.7; I think the earliest version that is supported is 18.09. - You’ll need Docker installed on the remote SSH host (obviously). I used Flatcar Container Linux (stable channel) on AWS.
- Continue reading
Q4 2023 Internet disruption summary
Cloudflare’s network spans more than 310 cities in over 120 countries, where we interconnect with over 13,000 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions.
During previous quarters, we tracked a number of government directed Internet shutdowns in Iraq, intended to prevent cheating on academic exams. We expected to do so again during the fourth quarter, but there turned out to be no need to, as discussed below. While we didn’t see that set of expected shutdowns, we did observe a number of other Internet outages and disruptions due to a number of commonly seen causes, including fiber/cable issues, power outages, extreme weather, infrastructure maintenance, general technical problems, cyberattacks, and unfortunately, military action. As we have noted in the past, this post is intended as a summary overview of observed disruptions, and is not an exhaustive or complete list of issues that have occurred during the quarter.
Government directed
Iraq
In a slight departure from the usual subject of Continue reading
How To Get Over The Memory Wall
SPONSORED: MemCon 2024 is billed as a one stop shop for emerging technologies in the memory and storage domain, and a hub for efficient data movement and management. …
How To Get Over The Memory Wall was written by David Gordon at The Next Platform.
Simulate a Silent Host in a VXLAN Network
I’m working on a blog post explaining route type 5 in EVPN. To demonstrate a scenario with a silent host, I want to simulate this behavior. Normally, hosts can be quite chatty and ARP for their GW, for example. In this post I will show how arptables on Linux can be used to simulate a silent host.
Currently the leaf switch has an ARP entry for the host:
Leaf4# show ip arp vrf Tenant1
Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface
IP ARP Table for context Tenant1
Total number of entries: 1
Address Age MAC Address Interface Flags
198.51.100.44 00:15:20 0050.56ad.7d68 Vlan10
It is possible to ping the host from the leaf switch:
Leaf4# ping 198.51.100.44 vrf Tenant1 PING 198.51.100.44 (198.51.100.44): 56 data bytes 64 bytes from 198.51.100.44: icmp_seq=0 ttl=63 time=1.355 ms 64 bytes from 198.51.100.44: Continue reading
Secure Access Service Edge (SASE) Boosts Your Company Cybersecurity
Many enterprises view SASE as the right technology to provide their increasingly distributed workforce with access to corporate resources in a way that protects users, data, and the company.Why The New England Patriots Tapped Cisco to Modernize Its Stadium Network
Cisco revamped Gillette Stadium’s network infrastructure focusing on the delivery of stellar video and fan experiences while meeting the Wi-Fi needs of retailers, security services, and more.HN717: Network Source(s) Of Truth – A Roundtable Discussion
On today’s episode, we discuss networking sources of truth. That’s right, sources of truth, because you’re likely to have more than one depending on your environment and your point of view. On LinkedIn, Ethan quoted someone at the AutoCon0 conference who essentially said that the network itself shouldn’t be used as a source of truth.... Read more »BGP EVPN Part III: BGP EVPN Local Learning Fundamentals
Multi-Protocol BGP (MP-BGP) is a BGP-4 extension that enables BGP speakers to encode Network Layer Reachability Information (NLRI) of various address types, such as IPv4/6, VPNv4, and MAC addresses, into BGP Update messages. MP-BGP features an MP_REACH_NLRI Path-Attribute (PA), which utilizes an Address Family Identifier (AFI) to describe service categories. Subsequent Address Family Identifier (SAFI), in turn, defines the solution used for providing the service. For example, L2VPN (AFI 25) is a primary category for Layer-2 VPN services, and the Ethernet Virtual Private Network (EVPN: SAFI 70) provides the service. Another L2VPN service is Virtual Private LAN Service (VPLS: SAFI 65). The main differences between these two L2VPN services are that only EVPN supports active/active multihoming, has a control-plane-based MAC address learning mechanism, and operates over an IP-routed infrastructure.
EVPN utilizes various Route Types (EVPN RT) to describe the Network Layer Reachability Information (NLRI) associated with Unicast, BUM (Broadcast, Unknown unicast, and Multicast) traffic, as well as ESI Multihoming. The following sections explain how EVPN RT 2 (MAC Advertisement Route) is employed to distribute MAC and IP address information of Tenant Systems enabling the expansion of VLAN over routed infrastructure.
The Tenant System refers to a host, virtual machine, Continue reading
Hedge 209: User Interface Stupidity
User interface design is notoriously bad for networking gear–but why, and what can we do about it? Frank Seesink joins Tom and Russ to talk about user interface stupidity.
Technology Short Take 173
Welcome to Technology Short Take #173! After a lull in links to share last time around, it looks like things have rebounded and folks are in full swing writing new content for me to share with you. I think I have a decent round-up of links for you; hopefully you can find something useful here. Enjoy!
Networking
- This article on running WireGuard in Docker may prove useful if that’s an approach I decide to adopt for my AWS lab infrastructure.
- Natalie Marek educates readers on VPC endpoints.
- Russ White laments some of the issues facing network engineering.
Servers/Hardware
- Alex Ellis provides some details on his workflow for booting Raspberry Pi 5 from NVMe.
- Tom Hummel finds himself veering back into a hardware-based home lab (instead of a cloud-based lab).
Security
- Rory McCune shares some information about a change in
kubeadmversion 1.29 pertaining to administrative credentials. - Quintessence Anx of SPIRL shares some guidance on how to construct SPIFFE IDs.
- A set of vulnerabilities in the open source reference implementation of the UEFI specification has been uncovered. The flaws, referred to as PixieFail, specifically affect the PXE network boot process. BleepingComputer has more details.
Cloud Computing/Cloud Management
- Dean has published Continue reading
BGP Labs: Work with FRR and Cumulus Linux
FRR or (pre-NVUE) Cumulus Linux are the best bets if you want to run BGP labs in a resource-constrained environment like your laptop or a small public cloud instance. However, they both behave a bit differently from what one might expect from a networking device, including:
- Interfaces are created through standard Linux tools;
- You have to start the FRR management CLI from the Linux shell;
- If you need a routing daemon (for example, the BGP daemon), you must enable it in the FRR configuration file and restart FRR.
A new lab exercise covers these intricate details and will help you get fluent in configuring BGP on FRR or Cumulus Linux virtual machines or containers.
Taming Network Complexity with Digital Twins
Digital twins can help manage and troubleshoot complex networks by providing an accurate replica of the network's configuration and state.KU046: Do Kubernetes Certs Prepare You For Real-World Production?
Technical trainer Benjamin Muschko joins hosts Kristina Devochko and Michael Levan to discuss the gap between Kubernetes certifications and real-world production skills. All three critique the focus on command-line proficiency in certifications, advocating for a practical approach that tests real-life scenarios. Muschko proposes a “capture the flag” style exam with hands-on projects, while the hosts... Read more »IT Spending In 2024 Cools Thanks To “Change Fatigue”
Change may be inevitable, but it is also a pain in the neck. …
IT Spending In 2024 Cools Thanks To “Change Fatigue” was written by Timothy Prickett Morgan at The Next Platform.