Snakes in a Facebook Datacenter

 

What do you do when you find a snake in your datacenter? You might say this. (NSFW)

 

Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of some of its components. You might think Facebook solved all of its fault tolerance problems long ago, but when a serpent enters the Edenic datacenter realm, even Facebook must consult the Tree of Knowledge.

In this case, it's not good or evil we'll learn about, but Workload Placement, which is a method of optimally placing work over a set of failure domains. 

Here's my gloss of the Fault Tolerance through Optimal Workload Placement talk:

Technologies that Didn’t: CLNS

Note: RFC1925, rule 11, reminds us that: “Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works.” Understanding the past not only helps us to understand the future, it also helps us to take a more balanced and realistic view of the technologies being created and promoted for current and future use.

The Open Systems Interconnect (OSI) model is the most often taught model of data transmission—although it is not all that useful in terms of describing how modern networks work. What many engineers who have come into network engineering more recently do not know is there was an entire protocol suite that went with the OSI model. Each of the layers within the OSI model, in fact, had multiple protocols specified to fill the functions of that layer. For instance, X.25, while older than the OSI model, was adopted into the OSI suite to provide point-to-point connectivity over some specific kinds of physical circuits. Moving up the stack a little, there were several protocols that provided much the same service as the widely used Internet Protocol (IP).

The Connection Oriented Network Service, or CONS, ran on top Continue reading

Full Stack Journey 046: Understanding AWS Controllers For Kubernetes (ACK)

Today's Full Stack Journey podcast explores AWS Controllers for Kubernetes (ACK). Currently available as a developer preview, the ACK project lets customers manage their AWS services directly from Kubernetes. Our guide to ACK is Justin Garrison, a container advocate at AWS and author.

The post Full Stack Journey 046: Understanding AWS Controllers For Kubernetes (ACK) appeared first on Packet Pushers.

Docker Github Actions

In our first post in our series on CI/CD we went over some of the high level best practices for using Docker. Today we are going to go a bit deeper and look at Github actions. 

We have just released a V2 of our GitHub Action to make using the Cache easier as well! We also want to call out a huge THANK YOU to @crazy-max (Kevin :D) for the of work he put into the V2 of the action, we could not have done this without him! 

Right now let’s have a look at what we can do! 

To start we will need to get a project setup, I am going to use one of my existing simple Docker projects to test this out:

The first thing I need to do is to ensure that I will be able to access Docker Hub from any workflow I create, to do this I will need to add my DockerID and a Personal Access Token (PAT) as secrets into GitHub. I can get a PAT by going to https://hub.docker.com/settings/security and clicking ‘new access token’, in this instance I will call my token ‘whaleCI’

I can then Continue reading

Python: The Minimum You Need to Know

Many network engineers and other professionals are transitioning their skills set to include programming and automation. Commonly, their previous programming experience comes from a few programming courses they attended in university a long time ago. I am one of those professionals and I created this Python programming guide for people like you and me.

In this guide, I explain the absolute minimum amount you need to learn about Python in order to create useful programs. Follow this guide to get a very short, but functional, overview of Python programming in less than one hour.

I omit many topics from this text that you do not need to know when you begin using Python; you can learn them later, when you need them. I don’t want you to have to unlearn misconceptions later, when you become more experienced, so I do include some Python concepts that other beginner guides might skip, such as the Python object model. This guide is “simple” but it is also “mostly correct”.

Getting Started

In this guide, I will explore the seven fundamental topics you need to know to create useful programs almost immediately. These topics are:

  • The Python object model simplified
  • Defining objects
  • Core types
  • Continue reading

Tigera Announces Open-Source Calico for Windows and Collaboration with Microsoft

Tigera is pleased to announce that we have open-sourced Calico for Windows and made it immediately available for all to use for free. With the launch of open-source Calico for Windows, the vast ecosystem of Windows users now has unprecedented access to Kubernetes via the industry’s de-facto standard for Kubernetes networking and network security.

We have been collaborating with Microsoft and our joint customers over the past few years to bring Project Calico to the Windows platform, and have seen increasing demand for Windows nodes ever since the release of Kubernetes 1.14.  Most enterprises have a Windows footprint, and Windows workloads are increasingly being modernized and migrated to containers and orchestrated with Kubernetes. Enterprise users want to deploy a single solution for network security that works across both Linux and Windows workloads. Open-sourcing Calico for Windows provides those users with the best and only solution available, and for free.

“We are seeing an influx in interest in Windows Kubernetes workloads, as well as interest in securing those workloads. Calico has been a key means of deploying network security policies across both Windows and Linux platforms, however, their Windows support has been commercially licensed by Tigera until today,“ said Continue reading

Accessing Docker Container Services over IPv6

Getting Docker to work with IPv6 is an interesting and under-documented (trying to stay diplomatic) adventure, but there’s a shortcut to the promised land: even if your Docker environment is pure IPv4 morass, you can still reach published container ports over IPv6 thanks to the userland proxy I described last week. The performance is obviously commensurate with traversing kernel-user boundary too many times.

New to this rabbit hole? Start here.

Finally, you don’t have to tell me (again) that Docker is dead and we should all use K8s. It’s as useful as telling me CloudStack is dead and we should all use OpenStack. Different challenges deserve different tools.

Cradlepoint buy nets Ericsson 5G infrastructure for carriers, enterprises

Ericsson’s purchase of wireless WAN vendor Cradlepoint means that the Sweden-based networking powerhouse is targeting growth in the 5G and edge markets, according to experts. 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises The deal, valued at $1.1 billion, will see Cradlepoint become a fully owned subsidiary of Ericsson, part of the larger company’s Business Area Technologies and New Business divisionTo read this article in full, please click here

Best practices for using Docker Hub for CI/CD

According to the 2020 Jetbrains developer survey 44% of developers are now using some form of continuous integration and deployment with Docker Containers. We know a ton of developers have got this setup using Docker Hub as their container registry for part of their workflow so we decided to dig out the best practices for doing this and provide some guidance for how to get started. To support this we will be publishing a series of blog posts over the next few weeks to answer the common questions we see with the top CI providers.

We have also heard feedback that given the changes Docker introduced relating to network egress and the number of pulls for free users, that there are questions around the best way to use Docker Hub as part of CI/CD workflows without hitting these limits. This blog post covers best practices that improve your experience and uses a sensible consumption of Docker Hub which will mitigate the risk of hitting these limits and how to increase the limits depending on your use case. 

To get started, one of the most important things when working with Docker and really any CI/CD is to work out when Continue reading

Reducing RPKI Single Point of Takedown Risk

The RPKI, for those who do not know, ties the origin AS to a prefix using a certificate (the Route Origin Authorization, or ROA) signed by a third party. The third party, in this case, is validating that the AS in the ROA is authorized to advertise the destination prefix in the ROA—if ROA’s were self-signed, the security would be no better than simply advertising the prefix in BGP. Who should be able to sign these ROAs? The assigning authority makes the most sense—the Regional Internet Registries (RIRs), since they (should) know which company owns which set of AS numbers and prefixes.

The general idea makes sense—you should not accept routes from “just anyone,” as they might be advertising the route for any number of reasons. An operator could advertise routes to source spam or phishing emails, or some government agency might advertise a route to redirect traffic, or block access to some web site. But … if you haven’t found the tradeoffs, you haven’t looked hard enough. Security, in particular, is replete with tradeoffs.

Every time you deploy some new security mechanism, you create some new attack surface—sometimes more than one. Deploy a stateful packet filter to protect a Continue reading

How did they send money in the olden days of telegraphs?

 

It's not all that different really, especially that part where you can lose all your bitcoin. Here's an excerpt from East of Eden by John Steinbeck:

Say, Carlton, how do you go about telegraphing money?”

“Well, you bring me a hundred and two dollars and sixty cents and I send a wire telling the Valdosta operator to pay Adam one hundred dollars. You owe me sixty cents too.”

“I’ll pay—say, how do I know it’s Adam? What’s to stop anybody from collecting it?”

The operator permitted himself a smile of worldliness.

“Way we go about it, you give me a question couldn’t nobody else know the answer. So I send both the question and the answer. Operator asks this fella the question, and if he can’t answer he don’t get the money.””

“Say, that’s pretty cute. I better think up a good one.”
“You better get the hundred dollars while Old Breen still got the window open.”
Charles was delighted with the game. He came back with the money in his hand.
“I got the question,” he said.
“I hope it ain’t your mother’s middle name. Lot of people don’t remember.”
“No, nothing Continue reading

Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere

It's a baker's dozen of tech news in today's Network Break episode. We analyze Nvidia's $40 billion bid for Arm, Broadcom's banishment of Cumulus, vSphere's Kubernetes injection via Tanzu, a new hardware strategy from Extreme, new products from Palo Alto and Juniper, and more!

The post Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere appeared first on Packet Pushers.

The Week in Internet News: Trading Trash for WiFi

Turning plastic into access: Students in a Jakarta, Indonesia, neighborhood are collecting discarded plastic and trading it for access at a WiFi station that sells the plastic waste, the World Economic Forum website says. The owner of the WiFi station uses the profits from selling the plastic to purchase access for small groups of students who need Internet access during continuing COVID-19 lockdowns.

No access here: About 54 percent of households in rural Bangladesh lack Internet access, according to a new survey featured at The Daily Star. Nearly six in 10 don’t have access to a smart phone. The survey also found that about eight in 10 rural households have very limited digital skills.

Trump vs. TikTok: U.S. President Donald Trump’s administration has moved to ban Chinese apps TikTok and WeChat as of 20 September, Reuters reported. The U.S. Department of Commerce was planning to issue an order on Friday that would prohibit app stores available in the U.S. from offering the two apps. TikTok owner ByteDance was still exploring a sale of the video-sharing app to U.S. companies.

Rockets on boats: SpaceX is planning to test its proposed Starlink satellite Internet network by using a Continue reading

Watchman: monitoring dependency conflicts for Python library ecosystem

Watchman: monitoring dependency conflicts for Python library ecosystem Wang et al., ICSE ‘20

There are more than 1.4M Python libraries in the PyPI repository. Figuring out which combinations of those work well together is not always easy. In fact, we have a phrase for navigating the maze of dependencies modern projects seem to accumulate: “dependency hell”. It’s often not the direct dependencies of your project that bite you, but the dependencies of your dependencies, all the way on down to transitive closure. In today’s paper from ICSE ‘20, Wang et al. study the prevalence of dependency conflicts in Python projects and their causes. Having demonstrated (not that many of us would need much convincing) that dependency conflicts are a real problem, they build and evaluate Watchman, a tool to quickly find and report dependency conflicts, and to predict dependency conflicts in the making. Jolly useful it looks too.

Welcome to dependency hell

If you have a set of versioned dependencies that all work together, you can create a lock file to pin those versions. But if you haven’t yet reached that happy place, or you need to upgrade, add or remove a dependency, you’ll be Continue reading

Should you upgrade tape drives to the latest standard?

With the recent release of the linear tape–open 9 (LTO-9) standard, tape drives with increased capacity and speed should be available soon, but that doesn’t mean users of tape drives should rush to buy them.Here are some of the pros and cons to weigh when considering whether an upgrade is in order.Tape drives are a very reliable way to write data to storage, and are very good at holding onto data for multiple decades. They make an excellent medium for long-term storage and for shipping large amounts of data across long distances (a FedEx truck has unlimited bandwidth).[Get regularly scheduled insights by signing up for Network World newsletters.] What tape is not good at is going slow. LTO-8 has a compressed transfer speed of 900MB/s, which is significantly faster than most any backup you're going to send to it. It's definitely faster than any incremental backup that will be sent to it, and that comprises most backups. That makes tapes as the initial target of backups problematic.To read this article in full, please click here

1 833 834 835 836 837 3,785