Migrating Existing Content Into a Dedicated Ansible Collection

Today, we will demonstrate how to migrate part of the existing Ansible content (modules and plugins) into a dedicated Ansible Collection. We will be using modules for managing DigitalOcean's resources as an example so you can follow along and test your development setup. But first, let us get the big question out of the way: Why would we want to do that?

Ansible on a Diet

In late March 2020, Ansible's main development branch lost almost all of its modules and plugins. Where did they go? Many of them moved to the ansible-collections GitHub organization. More specifically, the vast majority landed in the community.general GitHub repository that serves as their temporary home (refer to the Community overview README for more information).

The ultimate goal is to get as much content in the community.general Ansible Collection "adopted" by a caring team of developers and moved into a dedicated upstream location, with a dedicated Galaxy namespace. Maintainers of the newly migrated Ansible Collection can then set up the development and release processes as they see fit, (almost) free from the requirements of the comunity.general collection. For more information about the future of Ansible content delivery, please Continue reading

Using Python and Pandas to look at Pandemic Data

The script and supporting files in this repository are intended to show how the Python Pandas module can be used to analyze data, specifically COVID-19 data. I am going to recommend 3 data sets to "investigate": WHO (Download from 06 April 2020) CSSEGISandData on GitHub New York Times US Data GitHub Repository Background WHO Data READ MORE

The post Using Python and Pandas to look at Pandemic Data appeared first on The Gratuitous Arp.

VMware Claims SD-WAN Dominance Over Cisco

More than 225,000 branch offices have deployed VMware’s SD-WAN, said VMware’s Tom Gillis....

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

VMware Delivers NSX-T 3.0 with Innovations in Cloud, Security, Containers, and Operations

We are excited to announce the general availability of VMware NSX-T 3.0, a major release of our full stack Layer 2 to Layer 7 networking platform that offers virtual networking, security, load balancing, visibility, and analytics in a single platform. NSX-T 3.0 includes key innovations across cloud-scale networking, security, containers, and operations that help enterprises achieve one-click public cloud experience wherever their workloads are deployed. As enterprises adopt cloud, containers, and new applications, IT teams are managing more heterogenous and distributed environments that need to be secured, automated, and monitored. The need to run and manage workloads on all types of infrastructure, VMs, containers, bare metal across both private and public clouds, is greater than ever. Enterprises need end-to-end software-defined solutions to fully automate, connect, and protect all their workloads.

As a key component of VMware Virtual Cloud Network, VMware NSX-T 3.0 includes groundbreaking innovations that make it easier to replace legacy appliances that congest data center traffic, achieve stronger security posture, and run virtual Continue reading

HPE Readies $2B in Loan Relief for Enterprises

The company earlier this week, like many others, withdrew its previously issued financial guidance...

Read More »

How To Use 1.1.1.1 w/ WARP App And Cloudflare Gateway To Protect Your Phone From Security Threats

Cloudflare Gateway protects users and devices from security threats. You can now use Gateway inside the 1.1.1.1 w/ WARP app to secure your phone from malware, phishing and other security threats.

The 1.1.1.1 w/ WARP app has secured millions of mobile Internet connections. When installed, 1.1.1.1 w/ WARP encrypts the traffic leaving your device, giving you a more private browsing experience.

Starting today, you can get even more out of your 1.1.1.1 w/ WARP. By adding Cloudflare Gateway’s secure DNS filtering to the app, you can add a layer of security and block malicious domains flagged as phishing, command and control, or spam. This protection isn’t dependent on what network you’re connected to - it follows you everywhere you go.

You can read more about how Cloudflare Gateway builds on our 1.1.1.1 resolver to secure Internet connections in our announcement. Ready to get started bringing that security to your mobile device? Follow the steps below.

Download the 1.1.1.1 w/ WARP mobile app

If you don’t have the latest version of the 1.1.1.1 w/ WARP app go to the Apple Continue reading

RFC 1 Was Fifty One Years Ago

Has much changed since then ?

The post RFC 1 Was Fifty One Years Ago appeared first on EtherealMind.

Istio 1.5 Brings Advanced Automation for Secure Performance

Istio has emerged as one of the most frequently utilized service mesh technologies for securing and controlling network traffic within containers and Kubernetes. Its powerful feature set makes it instrumental in solving a number of real issues users regularly encounter when running microservices. Following the standard three-month period since the release of Istio 1.4, Istio 1.5 introduces an impressive number of improvements that increase automation and provide tooling to help further operationalize the platform. With major architectural changes and several API updates under the hood, Istio 1.5 provides new capabilities that improve the user experience and functionality of the platform. The following highlights will help organizations optimize Istio for configuration management, architecture support, and overall performance. Configuration Management Karen Bruner Karen Bruner is a Principal DevOps Engineer for StackRox, where she drives automation and advocates for operationalizing the product. Previously, Karen has held DevOps and site reliability engineering roles at Clari, Ooyala, LinkedIn, and Yahoo. She started her career working in Hollywood in the digital effects industry and has a film credit in “Babe” for Internet Bandit. She spends her spare time rendering puns in yarn, learning obscure fiber crafts, and tripping over cats. Istioctl Istio 1. Continue reading

Building BGP Route Reflector Configuration with Ansible/Jinja2

One of our subscribers sent me this email when trying to use ideas from Ansible for Networking Engineers webinar to build BGP route reflector configuration:

I’m currently discovering Ansible/Jinja2 and trying to create BGP route reflector configuration from Jinja2 template using Ansible playbook. As part of group_vars YAML file, I wish to list all route reflector clients IP address. When I have 50+ neighbors, the YAML file gets quite unreadable and it’s hard to see data model anymore.

Whenever you hit a roadblock like this one, you should start with the bigger picture and maybe redefine the problem.

Why use Typha in your Calico Kubernetes Deployments?

Calico is an open source networking and network security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, Docker EE, OpenStack, and bare metal. In this blog, we will focus on Kubernetes pod networking and network security using Calico.

Calico uses etcd as the back-end datastore. When you run Calico on Kubernetes, you can use the same etcd datastore through the Kubernetes API server. This is called a Kubernetes backed datastore (KDD) in Calico. The following diagram shows a block-level architecture of Calico.

Calico-node runs as a Daemonset, and has a fair amount of interaction with the Kubernetes API server. It’s easy for you to profile that by simply enabling audit logs for calico-node. For example, in my kubeadm cluster, I used the following audit configuration

To set the context, this is my cluster configuration.

As we are running Typha already, let us profile the API calls for both Calico and Typha components. I used the following commands to extract the unique API calls for each.

If you ignore the license key API calls from calico-node, you will see that the API calls Continue reading

Juniper QFX10K IPFIX Gotchas

IPFIX is problematic on the Juniper QFX10K switches. Documentation is sparse, and doesn’t have a complete configuration. Behavior changes between versions in undocumented ways. Here’s a couple of things I noticed when upgrading from Junos 17.3 to 17.4. These also apply if you are running 18.4 code. I hit more problems with 18.4, and ended up rolling back to 17.4.

Big Changes in Reported Throughput

Here’s a graph showing total reported throughput for a QFX10K I upgraded:

There’s a few things going on there. First the reported traffic drops to zero after I upgraded. Then it starts coming up, after I fixed the first problem. But then after that the reported traffic is flat, and lower than it should be. Then it starts coming up again after I made the second fix.

First Problem: Chassis Sample Instance

The first configuration change I needed to add was this: set chassis fpc 0 sampling-instance sample-border, where sample-border is the name of the sampling instance I have configured under forwarding-options. This was not required with 17.3. If you don’t do it with 17.4, you won’t get any data.

Second Problem: DDoS-Protection

Some Juniper platforms implement Continue reading

Juniper QFX10K IPFIX Gotchas

Big Changes in Reported Throughput

Here’s a graph showing total reported throughput for a QFX10K I upgraded:

First Problem: Chassis Sample Instance

Second Problem: DDoS-Protection

Some Juniper platforms implement Continue reading

April Customer Newsletter

Welcome to the April 2020 edition of the Tigera Calicommunication newsletter! In the March edition, we discussed context-aware flow logs. This edition covers the next component of logging, the audit logs.

Using Calico Enterprise Audit Logs to Improve Visibility, Security, and Compliance

Watch this short video to see how you can benefit from using Calico Enterprise Audit Logs.

What problems are we solving?

Kubernetes is an API-driven platform. Every action happens through an API call into the kube API server. Consequently, recording and monitoring API activity is very important. While most deployments end up sending these logs to a remote destination for compliance purposes, these logs are often not easily accessible when needed. Moreover, different roles (platform, network, security) have different requirements, and many may not even have access to the logs. Some use cases relevant to log analysis are as follows.

A policy change resulted in a sudden outage of a service. How do you find out which policies have changed in the last 24 hours? [network, security]
You are maintaining a critical namespace and want to monitor every pod that comes up in that namespace. Can you get an alert if a pod is created in that Continue reading

Lenovo intros an edge platform that runs Azure stack

Lenovo is boosting its ties to Microsoft with an edge-to-cloud platform that runs Microsoft’s Azure Stack in a hyperconverged infrastructure (HCI), putting HCI on the edge of the network rather than in a data center.The Lenovo ThinkAgile MX1021 server analyzes data at the edge near where it is gathered, a change in direction for the usual edge strategy. In earlier edge schemes, data collected at an edge endpoint is merely sorted, and only the relevant data is sent up to the main data center where it is analyzed.[Get regularly scheduled insights by signing up for Network World newsletters.] The ThinkAgile MX1021 platform is a ruggedized, half-width, short-depth, 1U compact server that can be installed almost anywhere: hung on a wall, stacked on a shelf, or mounted in a rack. For connectivity, it supports Wi-Fi, 4G and 5G.To read this article in full, please click here

Cisco Emphasizes Need for Modern Network Architecture

“This is a huge innovation cycle we have to go through,” Cisco's Scott Harrell said.

Daily Roundup: Is AT&T Readying More Job Cuts?

The carrier is “sizing our operations to economic activity”; VMware is helping Vodafone cut...

Read More »

How to Protect Your Virtual Meetings from Zoombombing

Imagine, if you will, you’re participating in a Eric Yuan has put a freeze on feature updates, in order to address the security issues. Zoom’s promise was to address the problem within the next 90 days, when Yuan said, “Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.” Another writer for The New Stack, Jennifer Riggins Continue reading

Cumulus content roundup: March 2020

Spring has sprung! With the change of the seasons, we’ve kept busy pumping out new content and useful resources. If you’re looking for a quick mental vacation, get ready to cozy up with this month’s edition of the Cumulus Content Roundup. We’ve got exciting announcements, fresh podcast episodes for your listening enjoyment, as well as blog posts packed with open networking and data center goodness.

From Cumulus Networks
Cumulus Networks launches the industry’s first open source and fully packaged automation solution — making open networking easier to deploy and manage and enabling infrastructure-as-code models: Cumulus Networks announces the release of its production-ready automation solution for organizations moving towards fully automated networks! Read all about how we are taking the next step in network automation in this blog post.

Production-ready automation — the how and why: So we’ve announced the industry’s first open source and fully packaged automation solution– but how exactly did we get there? This blog post dives into the challenges that customers were facing and the reason we wanted to help.

A new era for Cumulus in the Cloud: Can you believe that Cumulus in the Cloud was launched over two years ago? Yeah, we’re also Continue reading

AT&T Hints at COVID-19 Related Job Cuts

It expects "sizing our operations to economic activity" along with its ongoing business execution...

Read More »

Versa Targets SMBs, Pens SD-WAN Deal With Nuvias

Versa Titan promises to simplify the deployment and management of branch offices and make it easier...

Read More »

« Previous 1 … 979 980 981 982 983 … 3,836 Next »