Next Platform TV for September 22, 2020
Can Nvidia jump the regulatory hurdles to capture Arm—and how?; OpenCAPI is the right answer for memory and I/O—so what’s missing?; …
Next Platform TV for September 22, 2020 was written by Nicole Hemsoth at The Next Platform.
Cable testing on Juniper EX switches
Does anyone use the cable test feature on EX switches? Did you even know you could do this kind of thing?
In case you didn’t, here is a bit of background and an example.
The Time Domain Reflectometer (TDR) test has been available on the EX switches for some time, but not a lot of people seem to know about it. What is TDR, I hear you ask?
A futuristic-sounding thing, what a TDR does is send a signal down a cable and measure how much (if any) is reflected by the far end. If the cable is damaged a little way along its length, the TDR test will tell you that distance to a fair level of accuracy.
In an ethernet cable, there are four pairs of conductors – eight wires in total. The operative ones are 1 & 2, and 3 & 6. The other conductors are unused but their presence in the Cat5 or Cat6 cable helps prevent cross-talk and signal attenuation. In a lab, usually cables are fairly short and easily replaced, but in a working environment, cables in floor-boxes under desks, or the structured wiring under the raised floor in an office often suffers quite Continue reading
Arm Expands Its Server Universe With Updated Neoverse Roadmap
When Arm began its pursuit of the datacenter a decade ago, the idea behind offering a low-power architecture as an alternative to Intel and is Xeon product line made sense. …
Arm Expands Its Server Universe With Updated Neoverse Roadmap was written by Jeffrey Burt at The Next Platform.
Snakes in a Facebook Datacenter
Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of some of its components. You might think Facebook solved all of its fault tolerance problems long ago, but when a serpent enters the Edenic datacenter realm, even Facebook must consult the Tree of Knowledge.
In this case, it's not good or evil we'll learn about, but Workload Placement, which is a method of optimally placing work over a set of failure domains.
Here's my gloss of the Fault Tolerance through Optimal Workload Placement talk:
Technologies that Didn’t: CLNS
Note: RFC1925, rule 11, reminds us that: “Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works.” Understanding the past not only helps us to understand the future, it also helps us to take a more balanced and realistic view of the technologies being created and promoted for current and future use.
The Open Systems Interconnect (OSI) model is the most often taught model of data transmission—although it is not all that useful in terms of describing how modern networks work. What many engineers who have come into network engineering more recently do not know is there was an entire protocol suite that went with the OSI model. Each of the layers within the OSI model, in fact, had multiple protocols specified to fill the functions of that layer. For instance, X.25, while older than the OSI model, was adopted into the OSI suite to provide point-to-point connectivity over some specific kinds of physical circuits. Moving up the stack a little, there were several protocols that provided much the same service as the widely used Internet Protocol (IP).
The Connection Oriented Network Service, or CONS, ran on top Continue reading
Full Stack Journey 046: Understanding AWS Controllers For Kubernetes (ACK)
Today's Full Stack Journey podcast explores AWS Controllers for Kubernetes (ACK). Currently available as a developer preview, the ACK project lets customers manage their AWS services directly from Kubernetes. Our guide to ACK is Justin Garrison, a container advocate at AWS and author.
Full Stack Journey 046: Understanding AWS Controllers For Kubernetes (ACK)
Today's Full Stack Journey podcast explores AWS Controllers for Kubernetes (ACK). Currently available as a developer preview, the ACK project lets customers manage their AWS services directly from Kubernetes. Our guide to ACK is Justin Garrison, a container advocate at AWS and author.
The post Full Stack Journey 046: Understanding AWS Controllers For Kubernetes (ACK) appeared first on Packet Pushers.
Docker Github Actions
In our first post in our series on CI/CD we went over some of the high level best practices for using Docker. Today we are going to go a bit deeper and look at Github actions.
We have just released a V2 of our GitHub Action to make using the Cache easier as well! We also want to call out a huge THANK YOU to @crazy-max (Kevin :D) for the of work he put into the V2 of the action, we could not have done this without him!
Right now let’s have a look at what we can do!
To start we will need to get a project setup, I am going to use one of my existing simple Docker projects to test this out:
The first thing I need to do is to ensure that I will be able to access Docker Hub from any workflow I create, to do this I will need to add my DockerID and a Personal Access Token (PAT) as secrets into GitHub. I can get a PAT by going to https://hub.docker.com/settings/security and clicking ‘new access token’, in this instance I will call my token ‘whaleCI’
I can then Continue reading
Python: The Minimum You Need to Know
Many network engineers and other professionals are transitioning their skills set to include programming and automation. Commonly, their previous programming experience comes from a few programming courses they attended in university a long time ago. I am one of those professionals and I created this Python programming guide for people like you and me.
In this guide, I explain the absolute minimum amount you need to learn about Python in order to create useful programs. Follow this guide to get a very short, but functional, overview of Python programming in less than one hour.
I omit many topics from this text that you do not need to know when you begin using Python; you can learn them later, when you need them. I don’t want you to have to unlearn misconceptions later, when you become more experienced, so I do include some Python concepts that other beginner guides might skip, such as the Python object model. This guide is “simple” but it is also “mostly correct”.
Getting Started
In this guide, I will explore the seven fundamental topics you need to know to create useful programs almost immediately. These topics are:
- The Python object model simplified
- Defining objects
- Core types
- Continue reading
Tigera Announces Open-Source Calico for Windows and Collaboration with Microsoft
Tigera is pleased to announce that we have open-sourced Calico for Windows and made it immediately available for all to use for free. With the launch of open-source Calico for Windows, the vast ecosystem of Windows users now has unprecedented access to Kubernetes via the industry’s de-facto standard for Kubernetes networking and network security.
We have been collaborating with Microsoft and our joint customers over the past few years to bring Project Calico to the Windows platform, and have seen increasing demand for Windows nodes ever since the release of Kubernetes 1.14. Most enterprises have a Windows footprint, and Windows workloads are increasingly being modernized and migrated to containers and orchestrated with Kubernetes. Enterprise users want to deploy a single solution for network security that works across both Linux and Windows workloads. Open-sourcing Calico for Windows provides those users with the best and only solution available, and for free.
“We are seeing an influx in interest in Windows Kubernetes workloads, as well as interest in securing those workloads. Calico has been a key means of deploying network security policies across both Windows and Linux platforms, however, their Windows support has been commercially licensed by Tigera until today,“ said Continue reading
Accessing Docker Container Services over IPv6
Getting Docker to work with IPv6 is an interesting and under-documented (trying to stay diplomatic) adventure, but there’s a shortcut to the promised land: even if your Docker environment is pure IPv4 morass, you can still reach published container ports over IPv6 thanks to the userland proxy I described last week. The performance is obviously commensurate with traversing kernel-user boundary too many times.
New to this rabbit hole? Start here.
Finally, you don’t have to tell me (again) that Docker is dead and we should all use K8s. It’s as useful as telling me CloudStack is dead and we should all use OpenStack. Different challenges deserve different tools.
Best practices for using Docker Hub for CI/CD
According to the 2020 Jetbrains developer survey 44% of developers are now using some form of continuous integration and deployment with Docker Containers. We know a ton of developers have got this setup using Docker Hub as their container registry for part of their workflow so we decided to dig out the best practices for doing this and provide some guidance for how to get started. To support this we will be publishing a series of blog posts over the next few weeks to answer the common questions we see with the top CI providers.
We have also heard feedback that given the changes Docker introduced relating to network egress and the number of pulls for free users, that there are questions around the best way to use Docker Hub as part of CI/CD workflows without hitting these limits. This blog post covers best practices that improve your experience and uses a sensible consumption of Docker Hub which will mitigate the risk of hitting these limits and how to increase the limits depending on your use case.
To get started, one of the most important things when working with Docker and really any CI/CD is to work out when Continue reading
Reducing RPKI Single Point of Takedown Risk
The RPKI, for those who do not know, ties the origin AS to a prefix using a certificate (the Route Origin Authorization, or ROA) signed by a third party. The third party, in this case, is validating that the AS in the ROA is authorized to advertise the destination prefix in the ROA—if ROA’s were self-signed, the security would be no better than simply advertising the prefix in BGP. Who should be able to sign these ROAs? The assigning authority makes the most sense—the Regional Internet Registries (RIRs), since they (should) know which company owns which set of AS numbers and prefixes.
The general idea makes sense—you should not accept routes from “just anyone,” as they might be advertising the route for any number of reasons. An operator could advertise routes to source spam or phishing emails, or some government agency might advertise a route to redirect traffic, or block access to some web site. But … if you haven’t found the tradeoffs, you haven’t looked hard enough. Security, in particular, is replete with tradeoffs.
Every time you deploy some new security mechanism, you create some new attack surface—sometimes more than one. Deploy a stateful packet filter to protect a Continue reading
How did they send money in the olden days of telegraphs?
It's not all that different really, especially that part where you can lose all your bitcoin. Here's an excerpt from East of Eden by John Steinbeck:
Say, Carlton, how do you go about telegraphing money?”
“Well, you bring me a hundred and two dollars and sixty cents and I send a wire telling the Valdosta operator to pay Adam one hundred dollars. You owe me sixty cents too.”
“I’ll pay—say, how do I know it’s Adam? What’s to stop anybody from collecting it?”
The operator permitted himself a smile of worldliness.
“Way we go about it, you give me a question couldn’t nobody else know the answer. So I send both the question and the answer. Operator asks this fella the question, and if he can’t answer he don’t get the money.””
“Say, that’s pretty cute. I better think up a good one.”
“You better get the hundred dollars while Old Breen still got the window open.”
Charles was delighted with the game. He came back with the money in his hand.
“I got the question,” he said.
“I hope it ain’t your mother’s middle name. Lot of people don’t remember.”
“No, nothing Continue reading
Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere
It's a baker's dozen of tech news in today's Network Break episode. We analyze Nvidia's $40 billion bid for Arm, Broadcom's banishment of Cumulus, vSphere's Kubernetes injection via Tanzu, a new hardware strategy from Extreme, new products from Palo Alto and Juniper, and more!Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere
It's a baker's dozen of tech news in today's Network Break episode. We analyze Nvidia's $40 billion bid for Arm, Broadcom's banishment of Cumulus, vSphere's Kubernetes injection via Tanzu, a new hardware strategy from Extreme, new products from Palo Alto and Juniper, and more!
The post Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere appeared first on Packet Pushers.