Over the years I have customised my shell prompt to make it "cool" and "informative". Previously I have used powerline and powerlevel10k. Both were pretty nice, with powerlevel10k being the much faster of the two. I recently came across the Starship project which looks pretty rad....continue reading
Over the years I have customised my shell prompt to make it "cool" and "informative". Previously I have used powerline and powerlevel10k. Both were pretty nice, with powerlevel10k being the much faster of the two. I recently came across the Starship project which looks pretty rad....continue reading
I recently observed a conversation around ECMP/Hash buckets which made me realize on how the end to end concept is not very well understood. So this provided me enough motivation to write about this topic which will be covered in various upcoming blog posts. But while thinking about the subject, I ran into an interesting RFC RFC2992. This RFC goes through a simple mathematical proof which I found impressive due to the fact that someone wrote that in ASCII in 2000. My intent in this blog post is to provide some colorization to the RFC and perhaps cover a bit more in detail.
In the RFC, the focus is on Hash-threshold implementation for mapping hash values to the next-hop. To re-iterate for completeness sake, we all know that a router computes a hash key based on certain fields, like SRC IP, DST IP, SRC Port, DST Port by performing a hash (CRC16, CRC32, XOR16, XOR32 etc.). This hash gets mapped to a region and the next-hop assigned to that region is where the flow get’s assigned.
For example,assume that we have 5-next hops to choose from and we have a key space which is 40 bits wide. Continue reading
After discussing the architecture of our design during part 1, and the underlay configuration during part 2, today i’ll show how the overlay it’s configured and hopefully we will be able to draw our conclusions to the question: Are SONiC and White Box switches ready to be used in the enterprise DC?
Our two servers will be connected with LACP and trunk interfaces. 1 VLAN will be bridged (no SVI) and both servers will have an interface into such vlan so that layer 2 can be tested.
Other 2 vlans instead will each be configured on a different pair of switches together with an SVI so that Layer 3 symmetric IRB can be tested.
VRF Configuration
First of all, let’s create a VRF. This vrf requires an VLAN and a Layer 3 VNI for symmetric IRB to function. Configuration is really simple, but a small caveat must be overlooked, specifically every vrf must contain the prefix Vrf- in the name.
From a configuration point of view, we have to follow the usual steps:
If you treat your engineers like interchangeable human resources you’ll get the results you deserve ;)… but if you wonder how to make them keep them happy and production, there’s no better place to start than the Key Factors in Attracting and Retaining Talent by Daniel Dib.
Fancy a VPN build in under 10 minutes? , there are many vendors outside who offer mobile App and connectivity all through the world, most of the times ofcourse they under perform. Be it for beating Apps which impose Geographical restrictions etc.
What is wireguard ?
https://www.wireguard.com/ – you can read all about it
Why do you need it ?
Simple and easy to build your own VPN service plus Pay as you Go by turning off the cloud instance and Wire-guard has some cutting edge encryption at the software level, which makes it performs better even in cloud instances.
Do i need to Install anything?
All you need is to run a docker image.
https://hub.docker.com/r/linuxserver/wireguard – and you will have all install instructions
Ok i have installed whats Next?
Get your Mobile App, and scan the QR code generated by the system.
Next ?
Nothing, download the app and you are good to by scanning this and you are on your way to your own VPN
How do i verify my traffic stats ?
Log into docker and execute wg, all stats will be readily available
-Rakesh
Heavy Networking gets nerdy about disaggregation with sponsor DriveNets. The company's Network Cloud routing software runs on whitebox hardware and enables service providers and telcos to quickly scale capacity, control capital outlay, and support automation. Our guests are Amir Krayden, VP R&D Customers; and Yuval Moshe, VP of Products.
The post Heavy Networking 517: DriveNets Disaggregates SP And Cloud Networks To Boost Capacity, Control Costs(Sponsored) appeared first on Packet Pushers.
Artificial intelligence is a broad area, covering diverse fields such as image recognition, natural language processing (NLP), and robotics. …
The Next Wave Of AI Is Even Bigger was written by Daniel Robinson at The Next Platform.
I’m a storyteller. I realize this based on the fact that I tell them a lot. I’ve been told by a lot of people that I tell stories all the time. I’m okay with this. And a lot of the time I’m totally good at it. But one of the side effects of being someone that enjoys telling stories is that you recognize them in others and you start critiquing.
One of the more recent trends I’ve seen in product marketing revolves around stories. We’ve seen people telling all kinds of narratives about how disparate pieces of the puzzle fit together. It’s important because it frames the discussion for everyone. But I’ve also noticed some companies focus less on the framing story and more on the pieces. And it made me realize that’s a different kind of story.
Merriam-Webster defines an anthology as a collection of selected literary pieces or passages or works of art or music. When I think of an anthology movie or video series, I think of a collection of disconnected stories around a framing device. Sometimes that device is as tenuous as a shared narrator, such as the Twilight Zone or Tales from Continue reading
BIER is Bit Indexed Explicit Replication which is a newest proposal for IP Multicast.
Although I say IP Multicast, of course it works on MPLS networks as well.
BIER works by assigning every edge device a Bit Mask position. Then, instead of sending Multicast packet to each destination IP address (Receiver IP address), basically it sets the Bit positions and save the amount of data plane state.
It uses Unicast transport as underlay reachability, and Bit Mask is advertised through IGP control plane.
So, OSPF and IS-IS newly assigned TLVs handle the BitMask to Edge device (BFER – Bit Forwarding Edge Router in BIER terminology) assignment and distribution.
It is in theory can be used not only for multicast but also for Unicast traffic as well.
When we use it, we don’t need to have mLDP, RSVP P2MP LSPs, or PIM in the Core Network (Of course at the Edge, you can still have towards the customer in mVPN scenarios).
So basically, by removing those protocols from the network, in theory, simpler network design you should have. I am saying in theory, because having less protocol doesn’t always mean, having simpler design.
Because we would be throwing the complexity to Continue reading
This opinion piece was originally published in Arizona Central.
If anyone doubted the importance of the Internet before the COVID-19 pandemic, those doubts have vanished like toilet paper at Kroger. During this time, the Internet has proved to be a lifeline, delivering the latest coronavirus health and emergency updates, connecting people to coworkers and bosses, and facilitating online classes.
But this is only the case for those lucky enough to have access. The American Library Association says seven in 10 residents on rural tribal lands remain without access to fixed high-capacity broadband. Making matters worse, massive swaths of tribal land don’t even have a cellphone signal, much less a broadband Internet connection.
No Internet access means no access to the economic opportunities the Internet holds. In 2018 alone, the Internet sector accounted for $2.1 trillion of the U.S. economy. But during this pandemic, many residents of rural Indian Country don’t have the luxury of dreaming up online business plans.
They are instead fearful for their lives and the lives of their loved ones who lack access to solutions like telehealth or online counseling during this time of isolation.
A lack of access leaves us behind
The Internet was always Continue reading
With the launch of VMware NSX in 2013, VMware pioneered micro-segmentation. Back then our solution was based on stateful Layer 4 filtering. We’ve added in dynamic grouping, enabling policies based on VM context such as VM Name, Operating System or Security Tags. Using dynamic grouping, the life cycle of a Service-defined Firewall policy is directly tied to the life cycle of the workloads/application it’s protecting. This is radically different from traditional firewalls which use IP-address based policies.
Another addition to our Service-defined firewall is Layer 7 Application Identity. You may be familiar with the concept from the perspective of a perimeter firewall where it can be used to allow access to Facebook chat but block access to Facebook games. The data center is different and so are the use cases for layer 7 Application Identity.
In this blog I will cover why organizations should use Layer 7 Application Identity in their data center segmentation policies.
While stateful Layer 4 firewalls have significantly reduced both the complexity and security gaps that come with configuring stateless Access Control Continue reading
As we wrapped up the first quarter of 2020, we set out to understand if and how DDoS attack trends have shifted during this unprecedented time of global shelter in place. Since then, traffic levels have increased by over 50% in many countries, but have DDoS attacks increased as well?
Traffic increases are often observed during holiday seasons. During holidays, people may spend more time online; whether shopping, ordering food, playing online games or a myriad of other online activities. This higher usage translates into higher revenue per minute for the companies that provide those various online services.
Downtime or service degradation during these peak times could result in user churn and loss of significant revenue in a very short time. ITIC estimates that the average cost of an outage is $5,600 per minute, which extrapolates to well over $300K per hour. It is therefore no surprise that attackers capitalize on the opportunity by launching a higher number of DDoS attacks during the holiday seasons.
The current pandemic has a similar cause and effect. People are forced to stay home. They have become more reliant on online services to accomplish their daily tasks which has generated a surge in the Continue reading
A while ago we discussed a software-focused view of Network Interface Cards (NICs) with Luke Gorrie, and a hardware-focused view of them with Or Gerlitz (Mellanox), Andy Gospodarek (Broadcom) and Jiri Pirko (Mellanox).
Why would anyone want to implement features in hardware and not in software, and what would be the best hardware implementation? We discussed these dilemmas with Silvano Gai in Episode 110 of Software Gone Wild podcast.
The hyperscalers and cloud builders have been setting the pace for innovation in the server arena for the past decade or so, particularly and publicly since Facebook set up the Open Compute Project in April 2011 and ramping up as Microsoft joined up in early 2014 and basically created a whole new server innovation stream that was unique from – and largely incompatible with – the designs put out by Facebook. …
Inside Facebook’s Future Rack And Microserver Iron was written by Timothy Prickett Morgan at The Next Platform.
https://codingpackets.com/blog/growing-a-beard