Managing AWS Complexity: Insights from Dr. Werner Vogels

https://www.youtube.com/watch?v=aim5x73crbM

Dr. Werner Vogels’ keynote at AWS re:Invent 2024 explores how simplicity can lead to complexity, highlighting innovations in AWS services and the importance of maintaining manageable systems.

Highlights

  • 🚀 Simplicity breeds complexity: AWS services like S3 exemplify the journey from simple beginnings to complex systems.
  • 🍕 The Two-Pizza Team: Small, autonomous teams enhance innovation while managing complexity effectively.
  • 🔄 Continuous learning: Emphasis on adapting structures and processes to accommodate growth and change.
  • 🌎 Global scalability: AWS focuses on building technologies that enable businesses to expand effortlessly across regions.
  • 🔍 Importance of observability: Understanding and managing system complexity through effective monitoring and metrics.
  • đź”’ Security by design: Embedding security measures from the outset to ensure robust systems.
  • 🤝 Community involvement: Encouraging tech professionals to support initiatives that address global challenges.

Key Insights

  • 🧩 Managing Complexity: Systems evolve over time, and complexity is inevitable. Organizations must strategically manage this complexity to avoid fragility while ensuring functionality.
  • âš™ Evolvability as a Requirement: Building systems with the ability to evolve in response to user needs is essential. Flexibility in architecture allows for future changes without major disruptions.
  • đź”— Decoupling Systems: Breaking down monolithic systems into smaller, independently functioning components enhances Continue reading

From Python to Go 006. Dictionaries and Maps.

Hello my friend,

We continue our journey from Python to Go (Golang), or more right to say with Python and Go (Golang) together. Today we are going to talk about a data structure, which is by far the most widely used in Python when it comes to a network and IT infrastructure automation and management. This data structure is called dictionaries in Python, or Map in Go (Golang).

Black Friday Is Over, Can I Still Buy Your Trainings?

Of course, you can. Our self-paced network automation trainings are the perfect place to start your journey in network and IT infrastructure automation or to upskill yourself further if you are seasoned engineer. There is no such thing as excessive knowledge, therefore we encourage you to join our network automation programs and start your study today:

We offer the following training programs in network automation for you:

During these trainings you will learn the following topics:

  • Success and failure strategies to build the automation tools.
  • Principles of software developments and the most useful and convenient tools.
  • Data Continue reading

TNO010: Navigating Network Automation Complexities: Insights from AutoCon 2 (Sponsored)

On today’s show, we recap some highlights of AutoCon2 with guest Jeremy Rossbach from sponsor Broadcom. Jeremy gives some background on his career, and then elaborates on conversations he had at AutoCon2. He also shares observations on the present and future of network automation, which include AI and robust observability solutions that integrate with the... Read more »

Why You Should Change Palo Alto Master Key?

Why You Should Change Palo Alto Master Key?

Palo Alto firewalls come with a default master key used to encrypt passwords, secrets, and certificates. If your firewall is compromised or someone gains unauthorized access, they can easily decrypt these secrets, posing a significant security risk. In this blog post, let's explore why you should change the master key, important considerations, and how to configure it. Let's get started.

Why Change the Master Key?

Palo Alto firewalls come with a default master key. Anyone with unauthorized access to the firewall can easily decrypt your secrets or export the configuration to another firewall to retrieve those secrets. For this reason, Palo Alto strongly recommends changing the master key as soon as possible.

Master Key Considerations

Configuring the master key isn’t something you can just set and forget; it requires careful consideration. Here are some important points to keep in mind.

  • The new master key must be exactly 16 characters long.
  • If your firewalls are in an HA pair, you need to disable 'Config Sync' before configuring the key, as the key does not sync across the pair. You must configure the exact same key on each firewall individually.
  • If the master key expires, the firewall or Panorama will Continue reading

HN760: Mitigate IoT/OT Vulnerabilities with Guided Virtual Patching (Sponsored)

Today on Heavy Networking, sponsored by Palo Alto Networks, we explore how virtual patching can be used to protect IoT and OT devices. Virtual patching leverages intrusion detection and intrusion prevention, combined with threat research, to block exploits targeting IoT and OT devices. Why would you use virtual patching? When it comes to IoT and... Read more »

Cutting to the Quick

No doubt you’ve seen the news that Intel has parted ways with Pat Gelsinger. There is a lot of info to unpack on that particular story but we did a good job of covering it on the Rundown this week. What I really wanted to talk about was a quote that I brought up in the episode that I heard from my friend Michael Bushong a couple of months ago:

No one cuts their way back into relevance.

It’s been rattling around in my head for a while and I wanted to talk about why he’s absolutely right.

Outcomes Need Incomes

Do you remember the coupon clipping craze of ten years ago? I think it started from some show on TLC about people that were ultra crazy couponers. They would do the math and they could buy like 100 lbs of rice for $2. They would stock up on a year’s worth of toothpaste at a time because you could pay next to nothing for it. However, the trend died out after a year or so. In part, that was because the show wasn’t very exciting after the shock of buying two years of hand soap wore off. The other Continue reading

IPB165: IPv6 Basics – Address Planning

Continuing the IPv6 Basics series, today’s podcast addresses IPv6 address planning.  Special “guest” Tom Coffeen who literally wrote the book, IPv6 Address Planning, helps answer questions and gives advice on how to effectively plan IPv6 addresses. We discuss topics such as the importance of long-term planning and understanding prefix sizes, common design pitfalls, and the... Read more »

N4N005: The Sort-of-Useful OSI Model

Network engineers should be familiar with the Open Systems Interconnection (OSI) model, a framework for understanding network communications. On today’s show, Ethan and Holly delve into each of the model’s seven layers to discuss their functions, associated protocols, and practical implications for modern networking. They also talk about how the OSI model is, in fact,... Read more »

NAN080: Elevating Your Network Automation Skills and the DevNet Expert Track

Ongoing education and training is a constant in a networking career, especially if you want to advance. And certifications are a common path forward. On today’s episode, guest Andreas Baekdahl shares his journey from traditional networking to automation architect and certification instructor. Along the way, he’s had his share of challenges and failures, and he... Read more »

D2DO259: See Deep Inside Public Cloud for Greater Visibility and Troubleshooting with ThousandEyes Cloud Insights (Sponsored)

Public cloud networks can be a bit of a black box when it comes to monitoring and troubleshooting. Today on Day Two DevOps we talk with sponsor Cisco ThousandEyes about its Cloud Insights tool, which aims to open that box so you can see exactly what’s going on in your cloud networks, identify problems, help... Read more »

Is BGP PIC Edge an Oxymoron?

This blog post discusses an old arcane question that has been nagging me from the bottom of my Inbox for almost exactly four years. Please skip it if it sounds like Latin to you, but if you happen to be one of those readers who know what I’m talking about, I’d appreciate your comments.

Terminology first:

  • Prefix Independent Convergence allows entries in the forwarding table to point to shared next hops (or next-hop groups), reducing the FIB update bottleneck when changing the next hop for a large number of prefixes (for example, when dealing with a core link failure). More details in the initial blog post and PIC applicability to fast reroute.
  • PIC Edge (as defined by vendor marketing) is the ability to switch to a backup CE route advertised to a backup PE router before the network convergence is complete.

Here’s (in a nutshell) how PIC Edge is supposed to work:

Read more …

From deals to DDoS: exploring Cyber Week 2024 Internet trends

In 2024, Thanksgiving (November 28), Black Friday (November 29), and Cyber Monday (December 2) significantly impacted Internet traffic, similar to trends seen in 2023 and previous years. This year, Thanksgiving in the US drove a 20% drop in daily traffic compared to the previous week, with a notable 33% dip at 15:45 ET. In contrast, Black Friday and Cyber Monday drove traffic spikes. But how global is this trend, and do attacks increase during Cyber Week?

At Cloudflare, we manage and protect a substantial amount of traffic for our customers, providing a unique vantage point to analyze traffic and attack patterns across the Internet. This perspective reveals insights like Cyber Monday being the busiest Internet traffic day of 2024 globally, followed by Black Friday, with patterns varying across countries. Notably, global HTTP request volume on Cyber Monday 2024 was 36% higher than 2023, with 5% of that traffic blocked as potential attacks.

For this analysis, we examined anonymized and aggregated HTTP requests and DNS queries across our network to uncover key patterns. Cyber Monday, December 2, was the day with peak traffic, and key findings for that day include:

1 87 88 89 90 91 3,840