Validating Data in GitOps-Based Automation

Anyone using text files as a poor man’s database eventually stumbles upon the challenge left as a comment in Automating Cisco ACI Environments blog post:

The biggest challenge we face is variable preparation and peer review process before committing variables to Git. I’d be particularly interested on how you overcome this challenge?

We spent hours describing potential solutions in Validation, Error Handling and Unit Tests part of Building Network Automation Solutions online course, but if you never built a network automation solution using Ansible YAML files as source-of-truth the above sentence might sound a lot like Latin, so let’s make it today’s task to define the problem.

Read more …

Validating Data in GitOps-Based Automation

Anyone using text files as a poor man’s database eventually stumbles upon the challenge left as a comment in Automating Cisco ACI Environments blog post:

The biggest challenge we face is variable preparation and peer review process before committing variables to Git. I’d be particularly interested on how you overcome this challenge?

We spent hours describing potential solutions in Validation, Error Handling and Unit Tests part of Building Network Automation Solutions online course, but if you never built a network automation solution using Ansible YAML files as source-of-truth the above sentence might sound a lot like Latin, so let’s make it today’s task to define the problem.

Read more …

Underhanded Code and Automation

So, software is eating the world—and you thought this was going to make things simpler, right? If you haven’t found the tradeoffs, you haven’t looked hard enough. I should trademark that or something! ? While a lot of folks are thinking about code quality and supply chain are common concerns, there are a lot of little “side trails” organizations do not tend to think about. One such was recently covered in a paper on underhanded code, which is code designed to pass a standard review which be used to harm the system later on. For instance, you might see at some spot—

if (buffer_size=REALLYLONGDECLAREDVARIABLENAMEHERE) {
/* do some stuff here */
} /* end of if */

Can you spot what the problem might be? In C, the = is different than the ==. Which should it really be here? Even astute reviewers can easily miss this kind of detail—not least because it could be an intentional construction. Using a strongly typed language can help prevent this kind of thing, like Rust (listen to this episode of the Hedge for more information on Rust), but nothing beats having really good code formatting rules, even if they are apparently arbitrary, for catching Continue reading

MikroTik – RouterOSv7 first look – L3 ASIC performance testing

When MikroTik announced the CRS3xx series switches a few years ago, one of the most exciting aspects of that news release was the prospect of L3 forwarding in hardware on very inexpensive devices.

A quick review of the Marvell Prestera ASIC family showed a number of advanced routing, switching, MPLS and VxLAN capabilites.

Fast forward to 2020, where MikroTik has started to enable some of those features in RouterOS v7 beta.

Now we can finally take some of the CRS3xx switches and test their capabilities with L3 forwarding performance in hardware


CRS 3xx series capabilities overview

Before getting into the testing, it’s probably helpful to review some of the basic specs and capabilities of the CRS3xx switch line.

Here is a chart from MikroTik that outlines ACL rule count, Unicast FDB entries and MTU size.

CRS 3xx model comparison

MIkroTik has been working on the development of the features listed below to offload into hardware.

For the tests in this article, we’ll be using IPv4 Unicast and Inter-VLAN routing.

Supported feature list

Currently, the following switches are supported.

For the testing in this article, we are using the CRS317-1G-16S+

Switches supported by 7.1beta2



Performance testing – overview

The physical Continue reading

Introducing Cloudflare One

Introducing Cloudflare One
Introducing Cloudflare One

Today we’re announcing Cloudflare One™. It is the culmination of engineering and technical development guided by conversations with thousands of customers about the future of the corporate network. It provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers.

Over the course of this week, we'll be rolling out the components that enable Cloudflare One, including our WARP Gateway Clients for desktop and mobile, our Access for SaaS solution, our browser isolation product, and our next generation network firewall and intrusion detection system.

The old model of the corporate network has been made obsolete by mobile, SaaS, and the public cloud. The events of 2020 have only accelerated the need for a new model. Zero Trust networking is the future and we are proud to be enabling that future. Having worked on the components of what is Cloudflare One for the last two years, we’re excited to unveil today how they’ve come together into a robust SASE solution and share how customers are already using it to deliver the more secure and productive future of the corporate network.

What Is Cloudflare One? Secure, Optimized Global Networking

Cloudflare One is a comprehensive, cloud-based network-as-a-service solution Continue reading

The Week in Internet News: U.S. Lawmakers Want to Break Up Big Tech Firms

Break ‘em up: A report released by the Democrats on the U.S. House of Representatives Judiciary Committee has accused Amazon, Apple, Facebook, and Google of abusing their monopoly power and has called the four companies to effectively be broken up, the New York Times reports. The report calls the four companies “the kinds of monopolies we last saw in the era of oil barons and railroad tycoons.”

India wants in: Meanwhile, Google is reportedly facing an antitrust investigation in India for allegedly abusing its Android operating system’s position in the smart television market, The Economic Times of India says. This is the fourth major antitrust case Google has faced in the huge India market.

Hackers for hire: A mercenary hacking group is operating throughout the Middle East, with Saudi diplomats, Sikh separatists, and Indian business executives among those being targeted, Al Jazeera reports. The diversity of the group Bahamut’s activities makes it appear that it’s not working for a single group or nation, researchers say.

Ready for takeoff: SpaceX’s space-based Internet service is nearly ready for use after the company’s latest launches of Starlink satellites, CEO Elon Musk says. SpaceX has delivered 60 additional satellites into low-Earth orbit this Continue reading

What is Cloudflare One?

What is Cloudflare One?

Running a secure enterprise network is really difficult. Employees spread all over the world work from home. Applications are run from data centers, hosted in public cloud, and delivered as services. Persistent and motivated attackers exploit any vulnerability.

Enterprises used to build networks that resembled a castle-and-moat. The walls and moat kept attackers out and data in. Team members entered over a drawbridge and tended to stay inside the walls. Trust folks on the inside of the castle to do the right thing, and deploy whatever you need in the relative tranquility of your secure network perimeter.

The Internet, SaaS, and “the cloud” threw a wrench in that plan. Today, more of the workloads in a modern enterprise run outside the castle than inside. So why are enterprises still spending money building more complicated and more ineffective moats?

Today, we’re excited to share Cloudflare One™, our vision to tackle the intractable job of corporate security and networking.

What is Cloudflare One?

Cloudflare One combines networking products that enable employees to do their best work, no matter where they are, with consistent security controls deployed globally.

Starting today, you can begin replacing traffic backhauls to security appliances with Cloudflare WARP and Gateway to filter Continue reading

Deep Dive: ACL Configuration Management Using Ansible Network Automation Resource Modules

In October 2019 as part of the Red Hat Ansible Engine 2.9 release, the Ansible Network Automation team introduced the first resource modules. These opinionated network modules make network automation easier and more consistent for those automating various network platforms in production. The goal for resource modules is to avoid creating and maintaining overly complex jinja2 templates for rendering and pushing network configuration. 

This blog post covers the newly released ios_acls resource module and how to automate manual processes associated with switch and router configurations. These network automation modules are used for configuring routers and switches from popular vendors (but not limited to) Arista, Cisco, Juniper, and VyOS. The access control lists (ACLs) network resource modules are able to read ACL configuration from the network, provide the ability to modify and then push changes to the network device. These opinionated network resource modules make network automation easier and more consistent for those automating various network platforms in production. I’ll walk through several examples and describe the use cases for each state parameter (including three newly released state types) and how these are used in real world scenarios.

 

The Certified Content Collection

This blog uses the cisco.ios Continue reading

What 5G promises for IoT

The internet of things, already booming, can expect a big boost from 5G cellular technology as it becomes more available and as commercial services catch up with enhanced standards that are already in the pipeline 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises “Because of the increased spectrum that is available to 5G, it increases the overall bandwidth and allows massive amount of IoT devices to connect,” says Michelle Engarto, vice president wireless solutions and product line management at Corning, which, among other things, makes distributed antenna systems for in-building cellular products.To read this article in full, please click here

How building bricks could store electricity

Common red masonry bricks – the same type used in construction projects, including many data centers – can be adapted and used to store electricity, researchers claim.A team from Washington University in St. Louis has found that the red pigment in bricks can trigger a chemical reaction, in much the same way rust occurs, that enables bricks to store a significant amount of energy.Specialized bricks aren't required; the synthesis works with any kind of brick, according to an article published on the university's news site. The team used common bricks bought from the Home Depot in Brentwood, Missouri, for 65 cents apiece.To read this article in full, please click here

What 5G brings to IoT today and tomorrow

The internet of things, already booming, can expect a big boost from 5G cellular technology as it becomes more available and as commercial services catch up with enhanced standards that are already in the pipeline 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises “Because of the increased spectrum that is available to 5G, it increases the overall bandwidth and allows massive amount of IoT devices to connect,” says Michelle Engarto, vice president wireless solutions and product line management at Corning, which, among other things, makes distributed antenna systems for in-building cellular products.To read this article in full, please click here

How building bricks could store electricity

Common red masonry bricks – the same type used in construction projects, including many data centers – can be adapted and used to store electricity, researchers claim.A team from Washington University in St. Louis has found that the red pigment in bricks can trigger a chemical reaction, in much the same way rust occurs, that enables bricks to store a significant amount of energy.Specialized bricks aren't required; the synthesis works with any kind of brick, according to an article published on the university's news site. The team used common bricks bought from the Home Depot in Brentwood, Missouri, for 65 cents apiece.To read this article in full, please click here

New: AWS Networking Update

In last week’s update session we covered the new features AWS introduced since the creation of AWS Networking webinar in 2019:

  • AWS Local Zones, Wavelengths, and Outposts
  • VPC Sharing
  • Bring Your Own Addresses
  • IP Multicast support
  • Managed Prefix Lists in security groups and route tables
  • VPC Traffic Mirroring
  • Web Application Firewall
  • AWS Shield
  • VPC Ingress Routing
  • Inter-region VPC peering with Transit Gateways

The videos are already online; you need Standard or Expert ipSpace.net subscription to watch them.

New: AWS Networking Update

In last week’s update session we covered the new features AWS introduced since the creation of AWS Networking webinar in 2019:

  • AWS Local Zones, Wavelengths, and Outposts
  • VPC Sharing
  • Bring Your Own Addresses
  • IP Multicast support
  • Managed Prefix Lists in security groups and route tables
  • VPC Traffic Mirroring
  • Web Application Firewall
  • AWS Shield
  • VPC Ingress Routing
  • Inter-region VPC peering with Transit Gateways

The videos are already online; you need Standard or Expert ipSpace.net subscription to watch them.

1 818 819 820 821 822 3,785