The Fat Pipe Of The Packet Pushers Podcasts

Oct 28 2020 41 mins 2.4k

The most popular shows from the Packet Pushers Podcast Network in one feed. 1-The Weekly Show (network engineering). 2-Priority Queue (even more network engineering). 3-Datanauts (the full IT stack including cloud). 4-Network Break (IT news and analysis from the week). 5-Briefings In Brief (interesting vendor stories in 15 minutes or less).





Heavy Networking 547: Building And Monitoring A User-Centric Digital Experience With Catchpoint (Sponsored)
Oct 30 2020 50 mins  
Today’s Heavy Networking show dives into Digital Experience Monitoring (DEM) with sponsor Catchpoint. DEM describes a modern version of network monitoring and visibility. By taking a fresh look at the network APIs for data, and considering what can be achieved with modern software, we can do things we couldn’t do before. Like what? Network monitoring is conventional enough, but Catchpoint’s DEM adds synthetic testing to help you isolate the problem (i.e. the network or the application), while endpoint agents provide details on device state such as CPU, memory, and WiFi strength. The result is visibility across multiple domains (applications, the WAN, the local network, and the device), with correlated information served up in a single interface. This kind of visibility is always useful, but it’s especially compelling when employees are working from anywhere, and network engineers and IT admins have to maintain network and application performance across systems they may not own or control. Joining us today from Catchpoint are Nik Koutsoukos, CMO; and Tony Ferelli, VP Operations. We discuss: * How Catchpoint integrates synthetic transactions with network telemetry * Measuring end point performance as well as global testing of SaaS and premises applications * Using Digital Experience Monitoring (DEM) to enhance troubleshooting and establish MTTI * The role of DEM for supporting a distributed workforce * How Catchpoint differentiates itself from competitors * More Show Links: Catchpoint.com/packet-pushers



Day Two Cloud 072: VMworld 2020 Analysis And Roundup – Project Monterey And More
Oct 28 2020 47 mins  
If you think VMware is in trouble because of public cloud, you’re missing one of the largest boats in the IT ocean make a massive course change. Don’t call it a pivot. Call it a series of acquisitions, partnerships, and integrations, all aimed at helping VMware customers transition to the cloud—while keeping them in VMware’s warm embrace. Our topic today is VMworld 2020 and the most interesting announcements and presentations from VMware and folks in the VMware ecosystem that came out during the virtual event. That includes Project Monterey and the partnerships with nVidia and Pensando, an an announcement from analysis tool vendor Runecast, and highlights from Pure Storage. We conclude today’s episode with Day Two Cloud’s very first Tech Byte, a 15-minute sponsored conversation we had with Mike Wookey, CTO and VP of Cloud Management at VMware where we get real with AI and ML, because VMware is actually doing something with artificial intelligence for vSAN environments. Mike explains in the Tech Byte at the conclusion of the episode. Sponsor: BMC Is your business on its A-Game? It’s when systems are intelligent, automation is effortless, and when technology and people work as one. The A-Game is your business at it’s best. BMC calls this the Autonomous Digital Enterprise. Find out more at bmc.com/agame. Show Links: Project Monterey at VMworld 2020 – Ned In The Cloud (YouTube) vSphere arrives on ARM, but not for the reason most admins are thinking – Disco Posse VMware Unveils Project Monterey: Re-Imagining Hybrid Cloud Architecture to Support Next-Generation Applications – VMware VMware and Pensando Introduce Project Monterey – Tech Field Day Runecast Presents at Tech Field Day Extra at VMworld 2020 – Tech Field Day Pure Storage Presents at Tech Field Day Extra at VMworld 2020 – Tech Field Day Pensando Presents at Tech Field Day Extra at VMworld 2020 – Tech Field Day

Heavy Networking 546: Making Zero Trust Remote Access Work (Sponsored)
Oct 27 2020 46 mins  
Let’s talk about trust–or more accurately, the lack of it. Zero trust is the notion that just because someone has tunneled a VPN to your front door, you shouldn’t have to give them full access to everything on the network. A zero trust model is supposed to give you more fine-grained control around who gets access to what, based on criteria you choose, including the user, the device, location, application type, whether that app is on premises or in the cloud, and so on. The problem is that while zero trust may sound good, it can be difficult to implement. In this episode we dive into the tricky bits of zero trust, and figure out ways to make it feasible in your environment. Our guest is Jay Klauser, VP of Worldwide Sales Engineering & Alliances at NetMotion. NetMotion is our sponsor for today’s show. We discuss: * NetMotion’s heritage with session persistence * The limits of the traditional remote access VPN * How the NetMotion client provides visibility & policy flexibility * Bringing a zero-trust approach to a traditional remote access environment * Blending performance monitoring with security * Adapting access policies for hybrid work environments * More Show Links: Download the NetMotion SDP Report to see how a zero trust architecture could fit into your organization. Go to netmo.io/packetpushers to register and get your copy. The Enterprise Mobility Blog – NetMotion NetMotion on LinkedIn @NetMotion – NetMotion on Twitter @netmotionsoftware – NetMotion on Instagram NetMotion on Facebook


Network Break 307: Cisco Launches Catalyst 8000 Edge Routers; Juniper Spends $450 Million For 128 Technology
Oct 26 2020 55 mins  
Take a Network Break! Cisco is rolling out a new Catalyst line of SD-WAN routers, Juniper Networks spends $450 million to buy a technologically interesting software router, and Extreme Networks updates its wireless IPS capability to include Bluetooth and BLE devices. The US Department of Justice has filed an anti-trust lawsuit against Google for anti-competitive behavior in search and search advertising, Korean semiconductor company SK Hynix will buy Intel’s NAND business for $9 billion, and Microsoft announces a new modular data center offering. Intel reports a rocky Q3 financial quarter, and Nokia wins a NASA deal to provide 4G wireless gear for a forthcoming Moon mission. Sponsor: Nokia Did you know that Apple is using Nokia’s Data Center Fabric solution? If you want to know more, and learn about Nokia SR Linux and Fabric Services Platform, check out nokia.com/networks/dc-fabric. Sponsor: Ping Plotter PingPlotter’s CloudConnect is remote network monitoring as it should be, without the typical multi-year contracts or SaaS bloat. Test internal and external endpoint connectivity and track performance metrics with a solution that deploys in minutes. Schedule a free 15-minute overview at pingplotter.com/packetpushers to see how CloudConnect makes remote IT suck less. Tech Bytes: Silver Peak & Rogers-O’Brien Construction Stay tuned after the news for a sponsored Tech Bytes conversation on SD-WAN. We talk to Silver Peak customer Rogers-O’Brien Construction, which uses SD-WAN from Silver Peak to enable high-performance connectivity at remote construction sites, handle massive file transfers, and securely segment partner traffic. Show Links: Cisco Accelerates Secure Cloud Adoption with Launch of New WAN Edge Platform – Cisco Systems Introducing the Catalyst 8000 Edge Family, Cisco’s New SD-WAN Platform – Cisco Systems Juniper Networks Announces Intent to Acquire 128 Technology – Accelerating the Industry Transformation from Network-Centric SD-WANs to User-Centric AI-Driven WANs – Juniper Networks 128 Technology Takes A Unique Approach To Routing. Should You Care? – Packet Pushers Packet Walking Through A 128 Technology Network – Packet Pushers Extreme First to Offer Bluetooth and BLE Intrusion Prevention and Wi-Fi Security within a Single Wireless Intrusion Prevention System – Extreme Justice Department Sues Monopolist Google For Violating Antitrust Laws – United States Department of Justice

Heavy Networking 545: Achieving Automated Network State Validation
Oct 23 2020 86 mins  
Configuring the network isn’t the hard part of networking. You write commands. You commit them. Sure, some of the commands are esoteric, and nuance matters, so you feel like you did a hard thing when you finally get the command or API call or playbook or however you’re jamming config into your devices correct. The hard part is proving that the configuration you put in has created the desired state on the network. For example, you jam in a bunch of OSPF config into one or several devices. What is now the state of the network? Do you have the neighbor relationships you expect? Do you also have neighbor relationships you don’t expect? Oops… How would you check network state to prove this one way or the other? In ye olden days of the CLI, you’d run a bunch of show commands. And I don’t mean “show running-config”. I mean you’d show the state of the OSPF processes on the box with “show ip ospf” blah blah and similar. You were harvesting network state to determine that the network reality matched your intent. In the brave new world of automation, we don’t verify network state with show commands. I mean…we could using Python, netmiko, and parsing libraries…but that’s only if we had no other choice. With modern network models and telemetry, can we do better? The answer is yes, but it’s not easy. In fact, our guest John Capobianco thinks automated state validation is an advanced automation technique. Automated state validation is our topic today on Heavy Networking. Sponsor: InterOptic Today’s show is sponsored in part by InterOptic. Fortune 500 companies choose InterOptic optical transceivers to minimize the risk of network failures and maximize IT savings. InterOptic’s transceivers are 100% guaranteed compatible with Cisco, Juniper, Extreme, Arista and others, and available at a fraction of the cost. Work with the optics experts at InterOptic! Go to interoptic.com/packet-pushers to find out more. Sponsor: Unimus Unimus is an easy to use network automation and configuration management solution. Discover how to start automating your network in under 15 minutes at unimus.net/packetpushers. Show Links: Automate Your Network: Introducing the Modern Approach to Enterprise Network Management – John Capobianco John Capobianco on Twitter John Capobianco on GitHub John Capobianco on LinkedIn A Next Generation Internet State Management Framework (PDF) Using pyATS and Genie with Ansible – The Network Engineer pyATS – Cisco DevNet Cisco Test Automation – GitHub Cisco Te...

Day Two Cloud 071: It’s Not Too Late To Make DevOps Work
Oct 21 2020 58 mins  
Technology is accelerating like crazy, with new tools, services, open-source projects, and processes. If you’re trying to make DevOps work in your organization, the pace of change can make you feel like you’re perpetually behind. This Day Two Cloud episode is here to say: The DevOps clock has not struck midnight. You’re going to be OK. You can still engage with DevOps to move your career and your organization forward. Our guest for your DevOps decompression is April Edwards, a Senior Software Engineer at Microsoft. We discuss: * Essential DevOps concepts * Organizational and cultural challenges to the DevOps model * How to reduce tensions between Ops and Dev teams * Whether it’s possible, or even valuable, to keep up with everything * Working with organizations at different stages of their DevOps development * Applying DevOps principles to security Takeaways: * DevOps requires people, process and tooling to be successful – there isn’t a magic bullet * DevOps is about delivering value * DevOps never stops, it’s a constant cycle of improvement Sponsor: Linode Simplify your cloud infrastructure with Linode’s Linux virtual machines and develop, deploy, and scale your modern applications faster and easier. Linode has 11 global data centers and provides 24/7/365 human support with no tiers or hand-offs regardless of your plan size. Get started on Linode today with a $100 in free credit for listeners of Day 2 Cloud podcast. You can find all the details at linode.com/day2cloud. Sponsor: Hexabuild Started by IPv6 experts who literally wrote the books on IPv6, HexaBuild is the premiere IT training, education, and consulting company. If your projects include cloud, IoT, security, or networking, you’ll need IPv6. HexaBuild is here to help you deploy and manage IPv6 successfully. Find out more at hexabuild.io to learn more. Show Links: @TheAprilEdwards – April Edwards on Twitter April Edwards on LinkedIn April’s Blog April’s Videos Channel9 Show – DevOps Lab – YouTube


Network Break 306: Cloudflare Launches Secure NaaS Offering; SonicWall Vulnerability Affects Nearly 800,000 Devices
Oct 19 2020 52 mins  
Take a Network Break! Cloudflare has announced a new Network as a Service offering that includes secure remote access and security services, a SonicWall OS vulnerability affects nearly 800,000 of its Network Security Appliances, and a Dutch telco chooses Ericsson to build its core 5G network. Verizon pulls ads related to 5G after being challenged about the veracity of some of their claims, thread networking emerges as a popular option among home IoT device makers, the startup Alkira raises $54 million in a series B round for its network cloud offering, and SpaceX gets FCC approval for its Starlink satellite broadband service to bid for federal funds to provide broadband in rural areas of the United States. Adspot: Service Express Service Express lets you lower your post-warranty support costs, take control of your hardware refresh cycle, and extend the life of your server, storage, and network equipment. Visit serviceexpress.com/packetpushers to learn how you can win a $100 Amazon gift card. Adspot: AppNeta Live Event Join the Packet Pushers team and AppNeta for a live virtual breakfast/brunch on November 10th where we’ll discuss how to tackle your biggest hurdles to ensuring network performance. Sign up at appneta.com/pplive/. Tech Bytes: Apstra Stay tuned after the news for a sponsored Tech Bytes podcast with Apstra, where we dive into Apstra’s integration between Apstra’s AOS data center automation platform and the SONiC Enterprise distribution, which is a Dell-supported version of the open-source SONiC network OS. Get more details at apstra.com/packetpushers/. Show Links: Introducing Cloudflare One – Cloudflare 800,000 SonicWall VPNs vulnerable to new remote code execution bug – ZDNet SonicWall VPN Portal Critical Flaw (CVE-2020-5135) – Tripwire Dutch telco KPN goes its own Huawei, picks Ericsson for its 5G core network – The Register Verizon forced to pull ad that claimed firefighters need Verizon 5G – Ars Technical NAD Finds Certain Verizon 5G Speed Claims Supported; Recommends Modification or Discontinuation of Others – NAD HomePod Mini Supports Low-Power Thread Networking Technology – MacRumors Threadgroup Alkira Raises $54M Series B for Network Cloud Offering Fo...




Network Break 305: NVIDIA Unfolds DPU Roadmap; IBM Spins Off Managed Infrastructure Biz
Oct 13 2020 52 mins  
Take a Network Break! NVIDIA introduces new versions of the BlueField family of SmartNICs, which NVIDIA is calling Data Processing Units (DPUs). IBM announces plans to spin out its Managed Infrastructure Services unit as it tightens its focus on hybrid cloud and AI, and Juniper Networks rolls out new security features including a remote access VPN. Pluribus Networks says its software can support a thousand-node SDN fabric, Extreme Networks’ share price gets a boost from better-than-expected revenue, and a U.S. court orders Cisco to pay nearly $2 billion for patent violations. A significant round of layoffs are anticipated at Cisco, and Cisco acquires Portshift to secure Kubernetes environments. Sponsor: Hexabuild Started by IPv6 experts to drive worldwide adoption of IPv6, HexaBuild is “the” IPv6 training, education, and consulting company. If your projects include Cloud, IoT, Security or networking, you will need IPv6. HexaBuild is here to help you deploy and manage it successfully. Head over to training.hexabuild.io and use the discount code PacketPushers to get a 10% discount! Sponsor: AppNeta Virtual Event With The Packet Pushers Mark your calendars for Tuesday, November 10th for alive event “Solving Your Top 5 Performance Pain Points with the Packet Pushers Team.” Sponsored by AppNeta, this event will be a fast-paced, informative, and fun experience with multiple sessions to help you identify and troubleshoot application and network performance problems. Register now at AppNeta.com/pplive/. Tech Bytes: Zscaler Stay tuned after the news for a sponsored Tech Bytes conversation with Zscaler about to provide your workers with a safe, high-performance remote access experience, and download a free e-book “Securing Remote Work.” Show Links: NVIDIA Introduces New Family of BlueField DPUs to Bring Breakthrough Networking, Storage and Security Performance to Every Data Center – NVIDIA NVIDIA GTC October 2020 Keynote Part 5: BlueField and DOCA – Data Center Infrastructure on a Chip – YouTube IBM shares soar on plans to spin off its IT infrastructure unit and focus on the cloud business – CNBC IBM TO ACCELERATE HYBRID CLOUD GROWTH STRATEGY AND EXECUTE SPIN-OFF OF MARKET-LEADING MANAGED INFRASTRUCTURE SERVICES UNIT – IBM (PDF) Juniper Networks Answers Who and What is On the Network with Risk-Based Access Control Capabilities and New VPN Application – Juniper Networks

Heavy Networking 543: What 2020 Internet Outages Teach Us About Managing Remote Work (Sponsored)
Oct 09 2020 51 mins  
Stuff breaks all the time. With so many people working from home, most of the stuff that’s breaking isn’t yours, but that doesn’t mean it’s not your problem. What’s a network engineer to do? Learn how to troubleshoot smarter and design better. On today’s episode of Heavy Networking, that’s precisely what we aim to do. We’re going to review some of the outages we noticed in 2020 and consider some network design tips for Internet and VPN. Along the way, we’ll discuss some tools you can use to help you figure out what’s really broken. That matters, because going to management and saying, “Not us boss!” really isn’t good enough. You need to be able to say not just what it isn’t, but also what it is and what the business can do about it. Our sponsor today is ThousandEyes. They study the Internet deeply, and have lots of insights to offer about what’s really happening when the Internet is broken. Angelique Medina and Archana Kesavan who’ve been on the Packet Pushers podcast network several times before, join us for the discussion. Show Links: The Internet Report, where Angelique and Archana uncover what’s working and what’s breaking on the Internet—and why. The 2020 Internet Performance Report: COVID-19 Impact Edition – ThousandEyes @thousandeyes – ThousandEyes on Twitter ThousandEyes on LinkedIn @archana_k7 – Archana Kesavan on Twitter @bitprints – Angelique Medina on Twitter




Network Break 304: The VMworld 2020 Roundup; Arista Acquires Awake Security
Oct 05 2020 60 mins  
Take a Network Break! Keith Townsend joins us as a guest analyst for today’s episode. We start with a couple of FUs on the programability of a Trident ASIC on a new Juniper switch, and on Cumulus and Broadcom. Then it’s ‘Apres VMworld, le deluge‘, in which we highlight several of the biggest announcements from VMware including Project Monterey, the SaltStack acquisition, and a new professional development track at the show. We also discuss whether virtual events have the same impact as live events, and then pivot to Juniper Networks’ acquisition of service assurance vendor Netrounds, and Arista’s acquisition of network detection and response company Awake Security. Arista also announces new capabilities for CloudVision and new wireless APs, Google joins LF Networking as a platinum member, the U.K. government dings Huawei for software quality, and the U.S. Labor Department offers $150 million for workforce training. Sponsor: Service Express Service Express is a leader in third-party data center maintenance. Lower your post-warranty support costs, take control of your hardware refresh cycle, and extend the life of your server, storage, and network equipment. Visit serviceexpress.com/packetpushers to learn how you can win a $100 Amazon gift card. Tech Bytes: NetMotion Software Stay tuned after the news for a sponsored Tech Bytes podcast with NetMotion Software, where we discuss how NetMotion integrates the traditional remote access VPN with a software-defined perimeter and zero-trust access. Download the NetMotion SDP Report to see how a zero trust architecture could fit into your organization. Go to netmo.io/packetpushers to register and get your copy. Show Links: The CTO Advisor – Keith Townsend’s blog @CTOAdvisor – Keith Townsend on Twitter How to integrate packet core firewall in the user plane – Ericsson Project Monterey at VMworld 2020 – Ned In The Cloud (YouTube) vSphere arrives on ARM, but not for the reason most admins are thinking – Disco Posse VMware Unveils Project Monterey: Re-Imagining Hybrid Cloud Architecture to Support Next-Generation Applications – VMware Reinventing virtualization with the AWS Nitro System – All Things Distributed Advancing VMware’s Cloud Automation Capabilities with Intent to Acquire SaltStack – VMware






Network Break 303: Ericsson Acquires Cradlepoint For WAN Connectivity; HPE/Silver Peak Deal Closes
Sep 28 2020 52 mins  
Today’s Network Break starts with some follow up, and then examines Ericsson’s Cradlepoint acquisition and the official closing of Silver Peak by HPE. Kentik adds synthetic monitoring to its visibility platform, Barracuda Networks extends its Azure partnership to include secure remote access, and a potential Chinese blacklist may close the Chinese market to Cisco. Russia moves to block security protocols such as TLS 1.3, Cisco is sending “Save the date” emails for a Cisco Live in Australia in December 2021, and wireless engineers solve an 18-month outage mystery in rural Wales. Get links to all these stories below. Sponsor: HexaBuild Started by IPv6 experts, HexaBuild is “the” IPv6 training, education, and consulting company. If your projects include cloud, IoT, security or networking, you’ll need IPv6 and HexaBuild is here to help you deploy and manage it successfully. PacketPushers listeners can get a 10% discount on any training. Just go to https://training.hexabuild.io and use the discount code PacketPushers to get your 10% discount! Tech Bytes: Fortinet SD-WAN After the news we talk with Fortinet customer PM Pediatrics about its nation-wide deployment of Fortinet’s Secure SD-WAN. PM Pediatrics is replacing MPLS links with broadband and DIA connections while also supporting critical voice and healthcare applications. Our guest is John Tabako, Director of IT Infrastructure for PM Pediatrics. Show Links: FU: 1. RISC Five: A listener wrote in to let us know RISC V is pronounced “five”, not “v”. Yes it’s picky, but we appreciate the correction. 2. Mellanox Spectrum: Cumulus Linux has all the same features on both a Broadcom Trident 3 and Mellanox Spectrums 3. Juniper QFX5130 has redundant AC and DC options. It is not only DC-powered: This is not correct, there are redundant AC and DC powered switches in the portfolio. “First platform introduced on Broadcom Trident 4 programmable merchant silicon” Uses Broadcom Trident 4 silicon one of the first products to come to market with a 32 ports of 400G The choice of AC and DC power supplies means it work for both service providers and enterprises. My apologies for the error, I’m not sure how I made this mistake and can only apologise. A lot. News Links: Ericsson accelerates 5G for Enterprise with acquisition of Cradlepoint – Ericsson HPE closes deal for Silver Peak valued at $925M (NYSE:HPE) – Seeking Alpha Kentik Adds Integrated Synthetic Monitoring to Deliver Next-Gen Network Observability – Kentik Barracuda’s global SD-WAN service built natively on Azure gains traction with customers and partners – Barracuda Networks Investors Shouldn’t Worry About Cisco’s Blacklist Risks in China – Motley Fool

Heavy Networking 541: An Update On Free Range Routing
Sep 25 2020 67 mins  
Free Range Routing (FRR) is an open source routing protocol suite you can run on Linux. Armed with nothing more than a basic understanding of Linux and the FRR docs, I was able to get a BGP session nailed up quickly. The CLI has a familiar vibe if you’ve been working on networking gear for a while. Today we jump into updates on Free Range Routing and see where the project is at. Our guest is Donald Sharp, a longtime FRR contributor and Principle Engineer at NVIDIA. We discuss: * Who’s deploying FRR and its common use cases * The throughput you can expect * Project goals and community growth * Highlights of the 7.4 release * What’s coming in future releases * FRR and automation * More Sponsor: Unimus Unimus is an easy to use network automation and configuration management solution. Discover how to start automating your network in under 15 minutes at unimus.net/packetpushers. Sponsor: Dell Technologies If you’re interested in an enterprise-ready, open source NOS for your data center, Dell Technologies’ Enterprise SONiC Distribution is open source networking made real. It brings together the innovation and scalability of open source SONiC with the trusted enterprise expertise of Dell Technologies with its family of open networking PowerSwitch platforms, enterprise-ready features, and global support. Visit packetpushers.net/dellsonic for more details. Show Links: FRRouting.org – Linux Foundation Donald Sharp on LinkedIn @menotyousharp – Donald Sharp on Twitter Show 401: A Deeper Understanding Of Free Range Routing (FRR) – Packet Pushers PQ Show 112: Free Range Routing At IETF 98 – Packet Pushers History Of Networking Podcast – Rule11.tech


Day Two Cloud 067: Choosing The Right Applications For The Cloud With SolarWinds (Sponsored)
Sep 23 2020 48 mins  
Does your app belong in the cloud? Of course it does, because cloud! Uh, no. Most companies have gotten away from that sort of thinking, as the “because cloud” approach has resulted in some bad architecture and unexpectedly large bills. These days we know that cloud adoption requires thought, care, analysis, and a plan. So what apps do belong in the cloud? How do you figure that out? To help us answer these questions, Dave Wagner, Senior Manager, Product Marketing at SolarWinds, has joined us to help us come up with a strategy for determining what apps should be in the cloud, and what apps are better left on traditional infrastructure. SolarWinds is our sponsor for this episode, and has tools to help organizations decide whether on-prem or cloud is the best home for an application. We discuss: * Features that make an application suited to public cloud * Problems with forklifting an application * Whether hybrid cloud is a transitional strategy * Tools for assessing workloads * Cloud migration issues such as dependencies * More Takeaways: * User experience is king – it’s about performance. * Performance is limited by capacity. There’s always a bottleneck. Cloud doesn’t make this untrue – just moves the bottleneck. * Cost impacts everything. Overprovisioning, moving data, underprovisioning. It all has a price. Show Links: SolarWinds.com/APMsolutions SolarWinds Application Performance Management: Server & Application Monitor – Infrastructure and application performance monitoring for commercial off-the-shelf (COTs) and SaaS applications. AppOptics – SaaS-based infrastructure and application performance monitoring, tracing, profiling, and custom metrics for hybrid and cloud-custom applications. Pingdom – Synthetic and real user monitoring for visibility and troubleshooting of web applications from outside the firewall.


Network Break 302: Nvidia Bids Billions For Arm; VMware Melds Kubernetes With vSphere
Sep 21 2020 60 mins  
Take a Network Break! We begin with FU on DNS Flag Day and Samsung’s multi-billion 5G contract with Verizon, and then dive into Nvidia’s $40 billion bid for Arm. We report on Broadcom revoking access to its SDK from Cumulus Networks, and examine new features in vSphere 7 Update 1. Palo Alto launches its first SD-WAN appliances since its CloudGenix acquisition, Extreme debuts a new universal hardware strategy for wired and wireless switching, and Juniper rolls out a new 400GbE switch. CenturyLink rebrands as Lumen Technologies in hopes you’ll forget about CenturyLink, Equinix says it has contained a ransomware incident, Microsoft tests the ability to beam satellite data directly to Azure, and Microsoft concludes an experiment with an underwater data center. Get links to all these stories below. Sponsor: VMworld Today’s show is sponsored in part by VMware’s VMworld, taking place September 29th to October 1st as a live virtual event. Register now for keynotes, deep-dive technical sessions, and more at vmworld.com. Sponsor: TeamViewer In the age of remote work, how can distributed workforces keep their IT systems running smoothly while ensuring stability and security? TeamViewer Remote Management lets organizations of all sizes monitor business critical aspects of their IT, centralize important device information, patch vulnerabilities, and more. Learn more about TeamViewer Remote Management at teamviewer.com/networkbreak. Show Links: FU: Infoblox Is Supporting DNS Flag Day 2020 – Infoblox DNS Flag Day: Guidance for BlueCat Users – Bluecat News Links: NVIDIA to Acquire Arm for $40 Billion, Creating World’s Premier Computing Company for the Age of AI – NVIDIA UK tech giant Arm Holdings to be sold to US company Nvidia in $40bn deal – The Guardian Nvidia buys ARM Holdings from SoftBank for $40 billion [Updated] – Ars Technica Will Geopolitics Block Nvidia + Arm? – GestaltIT Enterprise Open Networking Musical Chairs is Over — Who’s Still Sitting? – Pica8 What’s New and Different in Cumulus Linux 4.0.0 – Cumulus VMware Unlocks the Power of Kubernetes for 70 Million-Plus Workloads Running on vSphere – VMware

Heavy Networking 540: Sinefa Blends Network Data, Synthetics To Measure End User Experience (Sponsored)
Sep 18 2020 41 mins  
Network monitoring has been around for a long time, but the explosion of software in networking means that monitoring is practical and, dare I say, it easier than ever. More importantly, people are finding that network monitoring in 2020 actually works. In today’s sponsored show, we talk with Sinefa about its Digital Experience Monitoring capabilities. Sinefa brings together multiple domains including network traffic, DPI, end point monitoring, and synthetic transactions to get clear, accurate, and actionable information on how network performance affects the end user experience with applications. Sinefa says it can also speed up the resolution of front-line troubleshooting. Sinefa relies on software and hardware probes at branch locations, the data center, and in cloud VPCs; as well as synthetic transaction capabilities; an end user agent; and a SaaS platform to ingest and analyze data. Our guests from Sinefa are Chris Siakos, CTO; and Alex Henthorn-Iwane, VP of Product Marketing. We discuss: * Observability for understanding end user application performance * Making operations and troubleshooting as easy as possible * Combining network traffic and synthetics for a more full picture of the end user experience * Benefits of the end user agent, including the ability to identify Wi-Fi issues on home networks * Customer use cases * More Show Links: Sinefa.com/packetpushers @Sinefa_Inc – Sinefa on Twitter

Day Two Cloud 066: Cloud Computing At The Edge(s)
Sep 16 2020 60 mins  
The “edge” is one of the latest buzzwords to emerge in IT. Like “cloud” before it, edge can mean a lot of things depending on who’s trying to sell you something: a branch office; the base station of a cell tower; an IoT sensor; a cloud or telco outpost of compute, storage, and networking. On today’s Day Two Cloud we try to get our arms around the edge and what it means for your IT infrastructure, your operations, and your business. Our guest is Mark Thiele, CEO and founder of Edgevana. We discuss: * What “edge” really is and why it’s distinct * The growth potential and opportunities in edge computing * Compute, storage, and networking challenges * Operational issues in deploying and supporting edge infrastructure * More Takeaways: * There is an Edge for most every enterprise * Differentiation with the customer is key and it can come from unusual places * There isn’t one provider that will solve all you edge requirements and even within the enterprise there is unlikely to be just one deployment/business model for Edge Sponsor: VMworld VMworld takes place September 29th to October 1st as a live, virtual event. You can attend for free! Register now for interesting and informative keynotes, deep-dive technical sessions, and more at VMworld.com. Sponsor: HexaBuild Started by IPv6 experts who literally wrote the books on IPv6, HexaBuild is the premiere IT training, education, and consulting company. If your projects include cloud, IoT, security, or networking, you’ll need IPv6. HexaBuild is here to help you deploy and manage IPv6 successfully. Find out more at hexabuild.io to learn more. Show Links: Edgevana Edgevana Blog Edge Industry Review – EdgeIR.com The Cloud 2030 Linux Foundation Edge – Linux Foundation Mark Thiele on LinkedIn Mark Thiele’s LinkedIn Blog @mthiele10 – Mark Thiele on Twitter Day Two Cloud 030: The Gnarly Challenges Of Edge Computing – Packet Pushers


Network Break 301: Samsung Dials Up A 5G Contract; Broadcom Announces Fast, Power-Efficient New Jericho Chip
Sep 14 2020 46 mins  
Take a Network Break! We start with an FU from a previous episode on CDNs and serverless, and then dive into the news. Samsung signs a multi-billion dollar contract to provide 5G gear and services to Verizon, Broadcom announces a new version of its Jericho ASIC that promises performance and power efficiency, and a rash of DDoS attacks in Europe show that this tried-and-true criminal tool isn’t going away. DNS Flag Day 2020 is fast approaching, a new study says most Zoom bombing is facilitated by insiders, the Blurtooth vulnerability is causing aches in Bluetooth, and Equinix grapples with a ransomware attack. Links to all these stories are below. Tech Bytes: AppNeta Stay tuned after the news for a sponsored Tech Bytes conversation with AppNeta on getting performance visibility on end users over that critical last mile. Sponsor: VMware’s VMworld VMware’s VMworld takes place September 29th to October 1st as a live virtual event. Register now for keynotes, deep-dive technical sessions, and more at vmworld.com. Sponsor: TeamViewer TeamViewer Remote Management lets organizations of all sizes monitor business critical aspects of their IT, centralize important device information, patch vulnerabilities, and more. Learn more about TeamViewer Remote Management at teamviewer.com/networkbreak Show Links: Samsung’s Massive Verizon 5G Contract Spells Doom for Nokia – SDX Central Is Samsung’s star rising in the West as Huawei’s fades? – MobileEurope Samsung Wins $6.6 Billion 5G Verizon Deal as Huawei Stumbles – Bloomberg Verizon Wireless Selects Samsung LTE Solutions for Indoor Use – Samsung Business Global (from 2014) Public Disclosures – Samsung Global Broadcom Samples Industry’s Highest-Performing Routing Chip at 14.4 Terabits per Second – Broadcom Broadcom Unveils Industry’s First Gen 7 64Gb/s Fibre Channel Switching Platforms Enabling an Autonomous SAN – Broadcom Broadcom Next-Gen Jericho Chip Gains Speed, Security – SDxCentral European ISPs report mysterious wave of DDoS attacks – ZDNet

Heavy Networking 539: Preventing The 4poKalypse With Inter-Domain Multicast
Sep 11 2020 69 mins  
The 4poKalypse is coming, and service providers need more tools in their toolbox to combat congestion in eyeball networks. Local content caches close to the eyeballs (pretty much how we do it today) isn’t going to be quite enough. Multicast to the rescue. You mean, like on the public Internet? Multicast? For reals? Didn’t we, uh, try that once? I thought that didn’t work out so well…why will it work this time? Jake Holland of Akamai is here to tell us just why inter-domain multicast is important, and why…this time…we can make it work. We discuss: * Why content caches aren’t good enough in a 4K world * The nitty-gritty on “inter-domain” * What’s different about inter-domain multicast this time around? * Relevant IETF proposals * Potential drawbacks in hardware, software, and networks * How listeners can prepare and participate * More Sponsor: Apstra Today’s episode is sponsored in part by Apstra. Apstra enables continuous automation and validation of your data center network architecture and operations. Find out more at apstra.com/packetpushers. Sponsor: DriveNets DriveNets offers a network cloud: a hugely scalable network on a disaggregated platform. Get higher capacity at a lower cost. FInd out more at drivenets.com/resources. Show Links: Why Inter-Domain Multicast Now Makes Sense – APNIC Blog MulticastReceiver Explainer – GitHub RFC 8777 – IETF Discovery Of Restconf Metadata for Source-specific multicast – IETF Asymmetric Manifest Based Integrity – IETF Circuit Breaker Assisted Congestion Control – IETF Multicast Source Discovery Protocol (MSDP) Deployment Scenarios – IETF Jake Holland on LinkedIn GrumpyOldTroll – Jake Holland’s GitHub repo

Day Two Cloud 065: Building Your Cloud On-Ramp With SD-WAN
Sep 09 2020 58 mins  
Cloud access is a critical part of any network design, especially considering the number of business applications that run in the sky. The challenge is finding the best way to provide robust, secure, and measurable connectivity. One option is SD-WAN, which creates a fabric of multiple WAN links and can direct traffic based on a combination of policy and performance requirements. SD-WAN vendors offer a variety of mechanisms to connect end users to SaaS and public cloud applications. Day Two Cloud co-host Ethan Banks interviewed many of these vendors to understand the architectural nitty-gritty of different approaches. On today’s show, Ethan plays the role of consultant while Ned Bellavance plays the role of a company looking for a cloud access solution. Ethan shares what he learned from his research and presents the pros and cons of several SD-WAN cloud on-ramp options. They discuss: * How SD-WAN works and how it’s different from traditional WAN networking * Different vendor architectures for SD-WAN, including outsourced and DIY options * Pros and cons of each architecture * Questions to ask when putting together a POC * Why visibility is essential * How to integrate with zero-trust and security services * More Key Takeaways: * SD-WAN cloud on-ramps are going to cost you money. What’s the ROI? Will you have one? * Evaluate WAN optimization carefully against your own traffic mix. It’s not free, and your mileage WILL vary. * Think about visibility. These are complex solutions. When they break or underperform, do they offer the tooling to troubleshoot? Sponsor: VMworld VMworld takes place September 29th to October 1st as a live, virtual event. You can attend for free! Register now for interesting and informative keynotes, deep-dive technical sessions, and more at http://bit.ly/d2cvmworld. Show Links: List Of SD-WAN Vendors – Packet Pushers “Dynamic Path Networking: SDWAN’s Better Way To Choose The “Best Path” – Whitepaper – Packet Pushers Ignition Ned Bellavance on Twitter Ethan Banks on Twitter NedInThe Cloud – Ned’s blog

Network Break 300: Cisco Mixes Microservices And SD-WAN; Broadcom Rolls Out Gen7 Fibre Channel Switches
Sep 08 2020 48 mins  
Take a Network Break! We start with a quick acknowledgement of our 300th episode, and then dive into the week’s news. That includes a new Cisco initiative to incorporate microservices applications with SD-WAN, a CenturyLink outage, and multiple vulnerabilities in IOS-XR. Broadcom announces new Gen7 Fibre Channel switches, an IT director gets jail time for stealing and reselling Cisco switches from his employer, and SpaceX has launched more satellites for its orbiting broadband service while speed tests show there’s work to be done. Sponsor: VMware’s VMworld VMware’s VMworld takes place September 29th to October 1st as a live virtual event. Register now for keynotes, deep-dive technical sessions, and more at vmworld.com. Sponsor: TeamViewer In the age of remote work, how can distributed workforces keep their IT systems running smoothly while ensuring stability and security? TeamViewer Remote Management lets organizations of all sizes monitor business critical aspects of their IT, centralize important device information, patch vulnerabilities, and more. Learn more about TeamViewer Remote Management at teamviewer.com/networkbreak. Tech Bytes: NetMotion Software Stay tuned after the news for a sponsored Tech Bytes conversation with NetMotion, where we discuss how to achieve secure remote access without compromising user experience. Show Links: Cloud-Native SD-WAN: The WAN Your Kubernetes Applications Deserve – Cisco Blogs Cloud-Native SD-WAN (CNWAN) – GitHub CenturyLink / Level 3 Outage Analysis – ThousandEyes August 30th 2020: Analysis of CenturyLink/Level(3) Outage – Cloudflare Blog Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities – Cisco Systems Broadcom launches first Gen 7 Fibre Channel switches – Blocks and Files Former IT director gets jail time for selling government’s Cisco gear on eBay – ZDNet SpaceX launches 12th Starlink mission, says users getting 100Mbps downloads – Ars Technica StarLink Speed Tests are Disappointing – POTs and PANs Starlink Speed Tests Are Disappointi...


Heavy Networking 538: Running An Open, Automated Data Center Fabric With Nokia (Sponsored)
Sep 08 2020 46 mins  
Data center fabrics seem like they’ve been talked to death in the networking industry. Lots of products. Some protocol work. Various reference models. We’ve got intent based networking that will stand up your data center fabric for you. We’ve had an explosion in network OS choices that can be paired with a variety of whitebox platforms. We know how to build leaf-spine fabrics. We can handle standing up and tearing down new pods and interconnecting them with other pods. We can run processes in containers, isolate them from one another, and create exactly the forwarding environment we need. It seems like we’ve got this data center fabric thing nailed. But do we? The answer is…it’s complicated. Maybe we have the capabilities, but we don’t have the operations. Maybe we can scale out, but aren’t so good at visibility. Maybe we can do ECMP really well, but troubleshooting gray failures is a struggle. Why is building a massive fabric almost a trivial exercise, while operating that fabric is not? Our sponsor today is Nokia. If you’re of the Cisco/Juniper/Arista mindset, maybe Nokia isn’t top of mind for you. But perhaps they should be. Nokia has been a mainstay in IP networking for a very long time, and have thought deeply about the challenge of operating data center fabrics. And they’re here to explain to us what they’ve built and why it will improve networkers’ lives. In today’s discussion, we cover Nokia’s SR Linux and Fabric Services Platform. These products are key to helping improve your data center fabric operations. Joining us is Steve Vogelsang, CTO for IP and Optical Networks at Nokia. We discuss: * Why Nokia is entering the data center switching business * Highlights of SR Linux * Details of Nokia’s Fabric Services Platform * Using the Fabric Services Platform for intent-based networking * Whitebox switches * More Show Links: Nokia Data Center Fabric Nokia Service Router Linux (SR Linux) Nokia Hardware Platforms For Data Center Fabrics Nokia Fabric Services Platform Data Center tour launch video SR Linux Tech Video SR Linux Product Description Fabric Service Platform Tech Video Fabric Services Platform Product Description Nokia on Twitter


Day Two Cloud 064: Bringing Ansible Into A Windows Shop
Sep 02 2020 55 mins  
There’s a strong association between Ansible and Linux, but Ansible can also work really well with Windows. On today’s Day Two Cloud, guest Josh Duffney comes aboard to make the case for bringing Ansible into your Windows world. Josh is Site Reliability Engineer at Stack Overflow and a Microsoft MVP. He’s also written a book on Ansible. We discuss: * Key elements of Ansible * Automation in a Microsoft shop, and how Ansible can fit in * Ansible’s value for orchestrating tasks * Using Ansible with the Chocolately package manager * Bringing Ansible to Azure * More Sponsor: VMworld VMworld takes place September 29th to October 1st as a live, virtual event. You can attend for free! Register now for interesting and informative keynotes, deep-dive technical sessions, and more at http://bit.ly/d2cvmworld. Sponsor: ThousandEyes Get your copy of the ThousandEyes’ Internet Performance Report: COVID-19 Impact Edition, which measures the performance and availability of ISPs, CDNs, and DNS across North America, EMEA, and Asia-Pacific. If you’re planning what your cloud and IT infrastructure should look like in this time of remote access, check out the report to help you benchmark key Internet networks. You’ll find the report at https://www.thousandeyes.com/research/internet-performance. Takeaways: * Using Ansible with Windows is a thing * Get out of your OS camp * Love to learn Show Links: become Ansible – Josh Duffney Josh Duffney on Twitter: @joshduffney Duffney.io – Josh’s Web site and blog Getting Started with Ansible on Windows – Pluralsight Ansible for DevOps – Jeff Geerling (via LeanPub)


Network Break 299: Cisco Acquires Audio Filter BabbleLabs; Apple Update Hits Facebook In The Ads
Aug 31 2020 52 mins  
Take a Network Break! We start with listener follow-up on last-mile competition (or the lack thereof) in the United States, and the robustness of Meraki’s SD-WAN. On the news front, Cisco acquires a set of machine-learning PhDs that came bundled in an audio company called BabbleLabs, a former Cisco employee is charged with the destruction of Cisco cloud assets, and the IETF re-forecasts its budget due to lost revenue from in-person meetings. Facebook warns advertisers that a forthcoming Apple iOS update will hamstring its Audience Network offering; and we review financial results from HPE, VMware, and Nutanix. Sponsor: VMware’s VMworld VMware’s VMworld is happening September 29th to October 1st as a live virtual event. Register now for keynotes, deep-dive technical sessions, and more at vmworld.com. Sponsor: Team Viewer In the age of remote work, how can distributed workforces keep their IT systems running smoothly while ensuring stability and security? TeamViewer Remote Management lets organizations of all sizes monitor business critical aspects of their IT, centralize important device information without relying on end-user input, detect and patch software vulnerabilities, and protect devices against external threats and human error. Learn more about TeamViewer Remote Management at teamviewer.com/networkbreak. Tech Bytes: Silver Peak Stay tuned after the news for a sponsored Tech Bytes conversation on SD-WAN with Silver Peak customer Quantum Clean. We talk about how the company reduced downtime and boosted the performance of its global WAN. Show Links: Cisco acquires BabbleLabs to help users control unwanted noise in meetings – HelpNet Security Cisco Announces Intent to Acquire BabbleLabs to Improve Video Meeting Experience – Cisco Systems Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts – Threatpost IETF Administration LLC 2020 Budget Reforecast – IETF Preparing Our Partners for iOS 14 – Facebook iOS 14 privacy settings will tank ad targeting business, Facebook warns – Ars Technica HPE reports Q3 results – HPE HPE finances tangled up by cabling concerns, but Q3 revenue and profit rose regardless – The Register Hewlett Packard Enterprise Co...

Heavy Networking 537: Ansible Vs. Terraform For Network Automation
Aug 28 2020 64 mins  
Ansible & Terraform seem the same…ish? You give the tool some instructions, and the tool makes something happen out there in the infrastructure. And yet, it seems the networking community has coalesced around Ansible for network device automation, and Terraform for the cloudy stuff. Why this seeming divide? Are the two tools really that different? Is each one fit for just one purpose? We examine this subject with Ned Bellavance, speaking on behalf of Terraform; and Josh VanDeraa, speaking on behalf of Ansible. We cover: * Similarities and differences in Ansible and Terraform * Ansible’s affinity with network devices * Terraform’s hold on cloud infrastructure * Whether you can use either for each use case * Is one tool good enough? * More Sponsor: ITProTV ITProTV helps you make your heavy networking skills–and others–even heavier. Get a 7-day free trial and 30% savings off of any plan you choose! Visit ITPro.TV/packetpushers and use promo code PACKETPUSHERS at checkout. Sponsor: Dell Technologies If you’re interested in an enterprise-ready, open source NOS for your data center, Dell Technologies’ Enterprise SONiC Distribution is open source networking made real. It brings together the innovation and scalability of open source SONiC with the trusted enterprise expertise of Dell Technologies with its family of open networking PowerSwitch platforms, enterprise-ready features, and global support. Visit packetpushers.net/dellsonic for more details. Show Links: Day Two Cloud Podcast Cloud Networking With Terraform – YouTube Ansible For Network Automation Course – Packet Pushers Ignition Network to Code Slack Sign Up Ned Bellavance on Twitter – @Ned1313 Josh VanDeraa on Twitter – @vanderaaj

Day Two Cloud 063: The How And Why Of Migrating Databases To The Cloud
Aug 26 2020 48 mins  
This episode of Day Two Cloud dives into the minutia of database migrations to the cloud. If you’re going to do it right, prepare to dig in because you have many options and many trade offs to consider, including I/O, whether to go with IaaS or PaaS, security and monitoring issues, and much, much more. Our guide to the inner workings of database migration is Joey D’Antoni, Principal Consultant at Denny Cherry & Associates and an expert on cloud databases with the scars and stories to prove it. We discuss: * How moving a database to the cloud differs from moving an application * Pros and cons of IaaS vs PaaS as a home for your database * Choosing among a plethora of database options, including non-relational * Where to start with a database migration * Security concerns * More Takeaways * Understand cloud storage * Understand cloud networking * Consider PaaS for your database Sponsor: ThousandEyes Get your copy of the ThousandEyes’ Internet Performance Report: COVID-19 Impact Edition, which measures the performance and availability of ISPs, CDNs, and DNS across North America, EMEA, and Asia-Pacific. If you’re planning what your cloud and IT infrastructure should look like in this time of remote access, check out the report to help you benchmark key Internet networks. You’ll find the report at https://www.thousandeyes.com/research/internet-performance. Sponsor: VMworld VMworld takes place September 29th to October 1st as a live, virtual event. You can attend for free! Register now for interesting and informative keynotes, deep-dive technical sessions, and more at http://bit.ly/d2cvmworld. Show Links: Joey D’Antoni’s blog Joey D’Antoni on Twitter

Network Break 298: Arista Launches CloudVision As A Service; Cisco, Megaport Partner On SD-WAN
Aug 24 2020 44 mins  
Take a Network Break! Arista announces a SaaS version of its CloudVision management software, Cisco Systems and Megaport partner on SD-WAN, and China has reportedly begun blocking TLS 1.3 traffic. Lumina Networks, which provided commercial support for OpenDaylight, is winding down the company. Secure remote access startup Ananda Networks comes out of stealth, and Apstra announces new features in its Intent-Based Networking software. A former Uber security executive has been charged with allegedly covering up a 2016 security breach at the ride-hailing startup, Apple raises the ire of global wireless companies over MAC randomization, and users leak Starlink speed test data to the Internet. Get links to all these stories after our sponsor messages. Sponsor: Apstra Today’s episode is sponsored in part by Apstra. Apstra enables continuous automation and validation of your data center network architecture and operations. Find out more at apstra.com/packetpushers. Sponsor: VMware VMworld VMworld takes place September 29th to October 1st as a live virtual event that’s entirely free. Register now for keynotes, deep-dive technical sessions, and more at vmworld.com. Show Links: Arista Joins The Cloud-Managed Infrastructure Pack With SaaS Version Of CloudVision – Packet Pushers The CloudVision Journey – Arista Transforming the Network Edge with MVE – Megaport China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI – ZDNet Exposing and Circumventing China’s Censorship of ESNI – Great Firewall Report China now blocking ESNI-enabled TLS 1.3 connections, say Great-Firewall-watchers – The Register Research Paper from University of Massachusetts – On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention – USENIX (PDF) Heavy Networking 488: Using Genetic Algorithms To Avoid Internet Censorship – Packet Pushers Open source vendor Lumina Networks pulls the plug – FierceTelecom Lumina Networks to Wind Down – Lumina Networks Ananda Networks Comes Out of Stealth to Help Companies Connect Their Distribut...


Heavy Networking 536: Arrcus Reimagines The Chassis Router With Its Virtualized Distributed Router (Sponsored)
Aug 21 2020 49 mins  
Today’s Heavy Networking podcast, sponsored by Arrcus Networks, explores Arrcus’s recently launched Virtualized Distributed Router (VDR). It’s clear that building Ethernet networks with 1RU switches is a cost-effective and open design, particulary when compared with expensive and complicated chassis hardware. But the question becomes, how do we scale? The use of ECMP network architectures is identical to the chassis architecture internally. If we treat each switch as a line card and synchronize the operational state among switches, we can treat an ECMP network as a single logical entity. Enter Arrcus’s Virtualized Distributed Router (VDR): Arrcus’s VDR is software that runs on your preferred whitebox platform, with support for a variety of ASICs. The control plane unifies an ECMP fabric to turn thousands of ports into a single logical unit. It’s the chassis to use when you don’t want a chassis. In today’s show, we dive into details about VDR with Arrcus guests Keyur Patel, CTO; Murali Gandluru, VP, Product Management and Marketing; and Nalin Pai, Technical Staff. We discuss: * The need for a virtualized distributed router and how it works * Scaling the data center with VDR * What day-to-day operations look like * Available whitebox and ASIC support * More Show Links: Arrcus Arrcus Virtualized Distributed Router (VDR) Arrcus on Twitter: @arrcusinc Blogs by Keyur Patel – Arrcus Heavy Networking 531: Hyperscale Multi-Cloud Networking With Arrcus (Sponsored) – Packet Pushers

Day Two Cloud 062: What Do Words Mean?
Aug 19 2020 47 mins  
The IT discipline you work in informs your understanding of particular terms. But a term used in security may have a different interpretation when used in storage. Complicating matters even more, vendors often twist the meaning of words to suit their own ends. Are we in a post-truth era of IT? Today’s Day Two Cloud podcast aims to bring clarity to the language IT pros use. Our guest and guide is Karen Lopez, Data Evangelist at InfoAdvisors. We discuss: * How various disciplines use the same terms differently * Why precision in language matters in IT * Vendors playing loose with terms * The Data Management Body Of Knowledge * Structured vs. unstructured data * Confusion around data management * More Takeaways: * It’s really hard, risky, and costly to collaborate when we have wildly different definitions for terms. * It’s not just semantics, but it’s not rocket surgery, either. * We as a profession should be pushing back when vendors overly-market tech terms and there’s nothing behind them. Sponsor: ThousandEyes Get your copy of the ThousandEyes’ Internet Performance Report: COVID-19 Impact Edition, which measures the performance and availability of ISPs, CDNs, and DNS across North America, EMEA, and Asia-Pacific. If you’re planning what your cloud and IT infrastructure should look like in this time of remote access, check out the report to help you benchmark key Internet networks. You’ll find the report at https://www.thousandeyes.com/research/internet-performance. Show Links: @datachick – Karen Lopez on Twitter Data Management Body of Knowledge – DAMA Datamodel.com – Karen’s blog

Network Break 297: Juniper Rolls Out New WiFi 6 APs; Security Spending Is Pointless (Mostly)
Aug 17 2020 56 mins  
Take a Network Break! This week’s news analysis includes new WiFi 6 APs from Juniper, a discussion about whether security spending is actually worth it, and the launch of a new brokerage service for edge and cloud computing. We discuss a new access and authorization startup called Elisity, examine a new service mesh offering from Microsoft, track the Mozilla Foundation’s woes, and review Cisco’s latest financial results. As always, links to all these stories are provided for your perusal. Sponsor: Apstra Today’s episode is sponsored in part by Apstra. Apstra enables continuous automation and validation of your data center network architecture and operations. Find out more at apstra.com/packetpushers. Tech Bytes: NetMotion Stay tuned after the news for a sponsored Tech Bytes conversation with NetMotion. We talk secure remote access during a pandemic, and how companies are wrestling with security and employee privacy in a WFH environment. Download the NetMotion Software Defined Perimeter Report to see how a zero trust architecture could fit into your organization. Show Links: Juniper Networks Expands Reach of AI-Driven Enterprise with New Wi-Fi 6 Access Points – Juniper Networks Capital One to pay $80 million fine after data breach – Reuters Travelex Forced into Administration After Ransomware Attack – Infosecurity Magazine Edgevana Unveiled – A soft Launch of a Huge Idea – Edgevana Edgevana Official Launch – Daily Check-In for August 13, 2020 – Ned Bellavance Introducing Edgevana – The CTO Advisor Podcast Startup Elisity Puts Identity At The Core Of Its Access/Authorization Offering – Packet Pushers Open Service Mesh Microsoft introduces Open Service Mesh for Kubernetes, plans quick donation to CNCF – The Register SMI – A standard interface for service meshes on Kubernetes – SMI Google’s Management of Istio Raises Questions in the Cloud Native Community – The New Stack Open Usage Commons – Open Usage


Heavy Networking 535: The ‘What’s On Your Mind?’ Roundtable
Aug 14 2020 65 mins  
Today’s Heavy Networking is a roundtable show. We’ve invited a bunch of engineers to rock up to the mic to tell us what’s on their minds. Topics include why EVPN/VXLAN is useful even for small data centers, how to get automation going when internal processes slow you down, the pros and cons of unique network designs, and tales of how working from home has affected projects, teams, and priorities. Our guests are Chris Cummings, Nash King, Oliver Elliott, Tobi Metz, and Justin Seabrook-Rocha. Sponsor: InterOptic Fortune 500 companies choose InterOptic to maximize IT savings and minimize the risk of network failures. InterOptic devices are 100% compatible with Cisco, Juniper, Extreme, Arista, and other switches, and we spend thousands of hours testing devices to insure they work seamlessly in your environment. As your network gets more complex, you want to work with the optics experts at InterOptic! Find out more at interoptic.com/packet-pushers. Sponsor: ThousandEyes How’s the Internet holding up during this age of the distributed workforce, and what does it mean for your business going forward? Inform your plans and strategy with insights from ThousandEyes in its latest Internet Performance Report: COVID-19 Impact Edition. Download it for free at thousandeyes.com/research/internet-performance. Show Links: Chris Cummings on Twitter Tobi Metz on Twitter Frequencyshifter.tech – Tobi’s blog Justin Seabrook-Rocha on Twitter Oliver Elliott on Twitter Nash King on Twitter Packet Pushers Slack Channel – Join us!

Day Two Cloud 061: Using Public Cloud For Disaster Recovery
Aug 12 2020 59 mins  
Disaster recovery is a complex mix of planning, policy, technology, and testing. The public cloud has emerged as an option for disaster recovery, and today’s episode explores what that might look like. We dive into different approaches to using the cloud, examine costs and benefits, discuss recovery times, and more. We’ll draw on co-host Ned Bellavance’s experience working on DR projects for a variety of customers during his VAR days. We discuss: * If you’re already in the cloud, do you need DR? * Drawing up a cost/benefit analysis * Benefits of public cloud vs. a physical site * DR approaches including cold DR, pilot light, warm sites, and hot sites * Differences between RPO and RTO * How to plan and practice * DR products * More Key Takeaways * Plan. Without a plan you don’t know your requirements * Test. Once you have a plan, you have to test it regularly * Get application owners, users, and executives on board Sponsor: Datadog Datadog is a monitoring platform for cloud-scale infrastructure and applications. Datadog provides dashboarding, alerting, application performance monitoring, and log management in one platform. It integrates with AWS, so you can start monitoring EC2, RDS, ECS, and all your other AWS services in minutes. Try it yourself with a free, 14-day trial and get a free Datadog T-shirt! Visit datadog.com/daytwocloud to get started. Show Links: Ned’s Daily Check-In – YouTube Packet Pushers Human Infrastructure Magazine Packet Pushers Slack Community @ecbanks – Ethan Banks on Twitter @ned1313 – Ned Bellavance on Twitter @daytwocloudshow – Day Two Cloud on Twitter

Heavy Networking 534: Managing Automated Networks With vCenter And Dell SmartFabric Services (Sponsored)
Aug 11 2020 39 mins  
Welcome to Heavy Networking, the original recipe Packet Pushers podcast running weekly for over 10 years. Adding to our decade-long conversation is sponsor Dell Technologies with a discussion of SmartFabric Services. What is it? It’s an automated spine-leaf network for pods designed to be practical, cost-effective and aimed at making your life as an engineer easier. Maybe even easy. Could that be? To help us figure it out is Saleem Muhammad, Director of Product Management and Marketing at Dell Technologies. In case you think Saleem is going to read bullets off of a slide because “marketing” is in his title, fear not! We had a long planning call for this show with Saleem, and he’s a fellow nerd with information and answers. We discuss: * Key details of SmartFabric Services * Problems it aims to solve * Automation and provisioning capabilities * The infrastructure underlay and software overlay (VxLAN and EVPN) * Interconnects for hyperconverged infrastructure * Pod sizes * More Show Links: Dell Networking Dell Blog Dell on Facebook @DellNetworking – Dell Networking on Twitter SmartFabric Services with ESXi on PowerEdge Servers – Dell EMC Solution Brief SmartFabric Services with PowerStore storage – Dell EMC Solution Brief ESXi on PowerEdge with SmartFabric Services – Dell Webinar on-demand, PWD: 5v%G9Ed1 SmartFabric Services for VxRail in 3 minutes​ – Dell Technologies Video SmartFabric Services for VxRail – The Toast!​ – YouTube 3 Ways to Automate Your Data Center Network Fabric from Dell – YouTube The Benefits of Automated Fabric Interconnects for Scaling SDDC – Webinar August 20, 2020 at 1:00 pm ET / 10:00 am PT @SaleemMuhammad – Saleem Muhammad on Twitter

Network Break 296: Cisco Acquires Video Analytics Company; F5 Gear Targeted By Botnet
Aug 10 2020 38 mins  
Take a Network Break! We start with an FU (Follow Up) on Greg’s comparison of Gartner to Fox News, and then dive into tech news. Cisco acquires Modcam for video analytics, the Mirai botnet is targeting a vulnerability in F5 load balancers, and Forescout and Arista Networks partner on network access control and device visibility. Vodafone announces its first use of OpenRAN equipment at a site in Wales, the U.S. State Department announces new efforts to protect American telecommunications networks, Extreme Networks and Arista Networks announce quarterly financials, and SpaceX asks the FCC for a bigger license for space networking. Sponsor: ThousandEyes Get the latest research on how on the Internet and key application delivery networks are performing, and the impacts of the COVID-19 pandemic on global networks and what it means for your business. Check out the ThousandEyes Internet Performance Report. And register for a free Webinar on August 13th to get even more insights and information. Show Links: Cisco Announces Acquisition of Modcam – Cisco Blogs Modcam – Turning Computer Vision into Business Value – Modcam Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 – TrendLabs Security Intelligence Blog Patch Now: F5 Vulnerability with CVSS 10 Severity Score – Trend Micro K52145254: TMUI RCE vulnerability CVE-2020-5902 – F5 Forescout and Arista Networks Join Forces to Deliver Zero Trust Security – Forescout The Total Campus Switch Market Forecast to Decline at 1 Percent CAGR from 2019 to 2024 – Dell’Oro Group Vodafone UK switches on its first OpenRAN 4G site – Vodafone Arm and Vodafone flex their muscles to show Cisco they’re fighting fit on the edge – The Register NXP, Telco Systems, and Arm Introduce New uCPE Offering – NXP Semiconductors Telco Systems Develops uCPE Proof-of-Concept with Arm and Vodafone Group – Telco Systems



Day Two Cloud 060: Charting Global Internet Performance With ThousandEyes (Sponsored)
Aug 05 2020 45 mins  
If your idea of the Internet is to draw a generic cloud icon on the whiteboard, this is the episode for you. We all know that the Internet is important, and bandwidth is a big deal. We sort of have a notion that regions matter depending on where our customers are. But what’s really going on inside of that generic cloud you just drew? Shining some light on the mysterious tubes filled with cat memes is Angelique Medina, Director, Product Marketing at ThousandEyes. ThousandEyes is our sponsor for today’s episode. ThousandEyes has just released its inaugural Internet Performance Report, which tracks the performance and availability of ISPs, public clouds, CDNs, and DNS across multiple geographical regions. The report measures performance over time and also looks at the current impact of COVID-19 on Internet usage. In this episode we discuss: * Essentials of Internet communication including BGP, DNS, and public cloud connectivity * Key findings from ThousandEyes’ research * How changes in traffic patterns due to COVID-19 affect network availability * ISP performance by region * More ThousandEyes is hosting a Webinar on August 13th on how the pandemic impacts Internet performance and what it means for your business. You can sign up here. Key Takeaways: * Cloud networks demonstrate greater stability and more consistent performance than ISPs * Not all outages are disruptive to user experience * Not all ISPs are created equal – performance and stability varies by region and operator Show Links: Internet Performance Report: COVID-19 Impact Edition – ThousandEyes Download the Internet Performance Report – ThousandEyes Five Data-driven Insights About Internet Performance and Resilience – ThousandEyes Webinar: How the Internet Responded to a Pandemic — and What it Means for Your Business – ThousandEyes A Tale of Two Internets: Internet Performance Pre and Post COVID-19 – ThousandEyes blog ThousandEyes on Twitter ThousandEyes on LinkedIn Angelique Medina on Twitter


Network Break 295: Arista CloudEOS Edge Joins Multi-Cloud Portfolio; Juniper Announces AI-Powered WAN Assurance
Aug 03 2020 59 mins  
Take a Network Break! Arista extends its multi-cloud networking portfolio with CloudEOS Edge; Juniper announces WAN Assurance, plus its Marvis digital assistant can accept natural language queries; and Google shares plans for a new undersea fiber optic cable. Marvell touts its line of Ethernet ASICs; Juniper, A10, and F5 share their quarterly financials; and the FCC approves Amazon’s plans to put thousands of satellites in orbit for space-based broadband services. Packet Pushers Audience Survey Once a year we ask you to take a few minutes to provide feedback on how we’re doing, and to tell us who you are. This survey gives us a snapshot of what’s working and what’s not. It helps us decide where to put resources. More videos? Different kinds of podcasts? Gluten-free virtual donuts? You tell us! Here’s the survey link. Thanks in advance for your time and support. Tech Bytes: Fortinet Stick around after the news for a sponsored Tech Bytes conversation with Fortinet about its Secure Access Service Edge, or SASE, offering and how Fortinet differentiates itself in this newly competitive market. Show Links: Arista Delivers Production Multi-Cloud at High Scale with CloudEOS – Arista Juniper Networks Will Deliver Fourth Generation AI-Driven Enterprise with New WAN Assurance Service and Marvis VNA Conversational Interface – Juniper Networks Virtual Network Assistant – Juniper Networks Say Hi to Marvis, The Virtual Network Assistant You Deserve – Juniper Networks Blogs Marvell Launches Industry’s Most Complete Networking Portfolio Optimized for the Borderless Enterprise – Marvell Announcing Google’s Grace Hopper subsea cable system – Google Cloud Blog Google Announces New Subsea Cable Running Between U.S., U.K. And Spain – CircleID Juniper Networks +3.1% as Q2 maintains recovery – Seeking Alpha Juniper Networks Reports Preliminary Second Quarter 2020 Financial Results ̵...

Heavy Networking 532: Scrapli Is A Netmiko Alternative
Jul 31 2020 60 mins  
We talk about APIs so often you might feel like something’s wrong with you if you keep logging into the CLI to get things done. Of course, there are reasons you’re interacting with the CLI, and it’s not just that you’re resistant to change. Sometimes the CLI is really the best way to accomplish configuration tasks to gather important information. Fair enough. But… What if you want to automate those interactions with the CLI? Is there a way? Historically, maybe we’ve used TCL paired with expect. Or more on trend lately, netmiko or NAPALM. And now a new Python-based CLI scraper has been born…scrapli, as in, “scrape CLI”. See what they did there? Our guests are Carl Montanari and Dmitry Figol to talk to us about the joys of CLI scraping with scrapli. Sponsor: ITProTV ITProTV helps you make your heavy networking skills–and others–even heavier. Get a 7-day free trial and 30% savings off of any plan you choose! Visit ITPro.TV/packetpushers and use promo code PACKETPUSHERS at checkout. Sponsor: Dell Technologies If you’re interested in an enterprise-ready, open source NOS for your data center, Dell Technologies’ Enterprise SONiC Distribution is open source networking made real. It brings together the innovation and scalability of open source SONiC with the trusted enterprise expertise of Dell Technologies with its family of open networking PowerSwitch platforms, enterprise-ready features, and global support. Visit packetpushers.net/dellsonic for more details. Show Notes: Scrapli Project Scrapli on GitHub carlmontanari/scrapli – GitHub Carl Montanari on LinkedIn Dmitry Figol on LinkedIn


Network Break 294: Fortinet, Arrcus Target Multi-Cloud Networking; Innovium Rakes In More ASIC Funding
Jul 27 2020 37 mins  
Take a Network Break! Multi-cloud networking gets two new competitors as Fortinet extends its SD-WAN capabilities to link up public clouds, while startup Arrcus announces new multi-cloud networking software as well as a virtual distributed router. Fortinet also acquires cloud-based security provider OPAQ to bolster its SASE offering. ASIC maker Innovium scoops up an additional $170 million in venture funding to drive production of its Teralynx switching silicon, Canadian SD-WAN provider Adaptive buys Elfiq Networks from Martello, and U.S. telecom carriers are shutting down older 2G and 3G networks. Intel reports its second-quarter 2020 fiscal results, and Greg and Drew discuss whether the Internet has morphed from a proper to a common noun and should therefore be lower-cased. Sponsor: ThousandEyes Get the latest research on Internet performance from the State of the Internet, a virtual event from sponsor ThousandEyes. The research covers public clouds, CDNs, and DNS providers. You’ll also hear from experts sharing their insights about the health and future of the Internet, including Geoff Huston from APNIC, Roger Barranco from Akamai, and David Belson of the Internet Society. Sign up at thousandeyes.com/state-of-the-internet-2020 to register and watch. Show Notes: Fortinet Unveils Cloud-to-Cloud SD-WAN Solution to Simplify and Enhance Multi-Cloud Applications – Fortinet Fortinet Acquires Cloud Security and Networking Innovator OPAQ Networks – Fortinet Say Hello to SASE (Secure Access Service Edge) – Gartner Arrcus Launches Multi-Cloud Networking Platform, Delivering Hyperscale Cloud Connectivity – Arrcus Arrcus Delivers Hyperscale Economics with the Industry’s First Virtualized Distributed Router (VDR) – Arrcus One Network Operating System To Rule Them All – The Next Platform Innovium Secures $170M in New Funding to Accelerate Product and Customer Momentum Worldwide – Innovium Data Center Switch Silicon Evolves – Data Center Knowledge Adaptiv Networks Acquires ELFIQ Networks – Adaptiv Networks TELoIP is Now Adaptiv Networks – Adaptiv Networks




Network Break 293: HPE Acquires Silver Peak; Dell Teases VMware Sale
Jul 20 2020 35 mins  
Take a Network Break! HPE ponies up $925 million to acquire SD-WAN Silver Peak, Dell Technologies floats the idea of selling VMware, and VMware adds new features to its VMware Cloud on AWS offering. Kentik adds synthetic monitoring to its service, the United Kingdom says all Huawei gear must go from its 5G networks, and foreign students can remain in the United States even if university classes go online. Last but not least, NIST wants to standardize an incorrect pronunciation of “giga.” Packet Pushers Audience Survey Once a year we ask listeners and readers to take our Audience Survey. We like to get feedback on how we’re doing, and to collect general information about our audience’s job titles, roles, industries, and other data points that help us with sponsors. If you have a few minutes, we’d really appreciate your time and input. Take the survey here. Show Links: HPE to accelerate Edge-to-Cloud strategy with acquisition of SD-WAN leader Silver Peak – HPE HPE announces intent to acquire Silver Peak: Accelerating the deployment of secure, integrated WAN connectivity from Edge-to-Cloud – Aruba HP Enterprise to buy Silver Peak for about $925 million – Reuters HPE Buys Silver Peak: Where Does That Leave Everyone Else? – Packet Pushers Dell considers VMware spin-off to boost share price – FT Schedule 13D VMware – SEC What’s New With VMware Cloud on AWS – New Instance Type and More Capabilities for Automation and Ease of Operations – VMware Availability of i3en.metal instances for VMware Cloud on AWS – VMware VMware Cloud on AWS – 2-Host Cluster Capability now available! – VMware Introducing vRealize Automation Cloud Add-On for VMware Cloud on AWS customers! – VMware Kentik Launches the Industry’s First Synthetic Monitoring Solution to Provide Autonomous Testing for Cloud and Hy...

Heavy Networking 530: Everything You Need To Know About Wireless ISPs
Jul 17 2020 66 mins  
Today’s Heavy Networking dives into wireless Internet Service Providers, or WISPs. WISPs are used for both last-mile access and as transport to reach IP transit points. WISPs typically serve rural areas that have limited access to fiber or copper, but they also serve metro and urban areas where fiber is prohibitively expensive or complex, and in multi-dwelling units to serve building tenants. WISPs also work with clients in the energy industry. Our guests are Kevin Myers, Senior Network Architect at IP ArchiTechs; and Cory Steele, Senior Consultant at STIGroup. We discuss: * The different types of WISPs * Essential tools for deployment and management * FCC concerns and the use of licensed and unlicensed spectrum * How 5G can tie into to a WISP design * Appropriate CPE in a WISP network * The use of mesh technologies * Drones and solar * More Sponsor: ThousandEyes Check out ThousandEyes’ State of the Internet presentation, which shares brand-new research on Internet Performance — a measurement-based study of the availability and performance of the Internet and key app delivery networks, including public clouds, CDNs, and DNS providers. You’ll hear from experts and leaders in Internet and application delivery including Geoff Huston from APNIC and David Belson of the Internet Society. Watch the on-demand recording by signing up at thousandeyes.com/state-of-the-internet-2020. Sponsor: InterOptic Fortune 500 companies choose InterOptic to maximize IT savings and minimize the risk of network failures. InterOptic devices are 100% compatible with Cisco, Juniper, Extreme, Arista, and other switches, and we spend thousands of hours testing devices to insure they work seamlessly in your environment. As your network gets more complex, you want to work with the optics experts at InterOptic! Find out more at interoptic.com/packet-pushers. Show Links: Kevin Myers on Twitter: @StubArea51 Cory Steele on LinkedIn

Day Two Cloud 057: See Your Data With Grafana
Jul 15 2020 58 mins  
Day Two Cloud gets into data visualization with Grafana, which is free, open-source software. With Grafana you can visualize, alert on, and query all kinds of data and metrics. There are also commercial options available from Grafana.com, but this is not a sponsored episode. On today’s episode we look at how Grafana works, how it manipulates and stores data, and common use cases. Our guest is Ryan McKinley, VP of Applications at Grafana. Takeaways: * Grafana is open source so you can easily get it and use it * Grafana works with whatever technology stack you have * Contributions are welcome Sponsor: Datadog Datadog is a monitoring platform for cloud-scale infrastructure and applications. Datadog provides dashboarding, alerting, application performance monitoring, and log management in one platform so you can get end-to-end visibility quickly. It integrates seamlessly with AWS, so you can start monitoring EC2, RDS, ECS, and all your other AWS services in minutes. Try it yourself with a free, 14-day trial and get a free Datadog T-shirt! Visit datadog.com/daytwocloud to get started. Show Links: Grafana Grafana on Github Grafana Documentation Grafana Release Notes – GitHub Visualize data from Azure Data Explorer in Grafana – Microsoft Grafana Labs and AWS add optimizations and new features to Amazon CloudWatch data source – AWS Visualize Google Kubernetes Engine and Istio metrics with Grafana – Google Cloud Ryan McKinley on GitHub Ryan McKinley on LinkedIn

Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored)
Jul 15 2020 46 mins  
Today’s Heavy Networking explores a partnership between Juniper Networks and Anuta Networks to bring low-code network automation to service providers and enterprises. In this sponsored show, we dive into how Anuta’s ATOM platform integrates with Juniper’s NorthStar SDN controller and HealthBot diagnostic software to automate and orchestrate common networking tasks. We also look at how Anuta’s simple-to-assemble workflows help engineers get quick automation wins without the steep learning curve of scripting or programming. Our guests are Peter Weinberger, Principal Product Manager at Juniper Networks; and Kiran Sirupa, Head of Marketing at Anuta Networks. We discuss: * Juniper and Anuta’s new partnership * Workflow automation’s modular, graphical approach to automation * How workflow automation differs from Python, Ansible, and other approaches * Integrations between Anuta’s ATOM platform and Juniper NorthStar and HealthBot * Real-world use cases * Issues such as scaling, rollback, checkpoints, and so on * More Show Links: Juniper.net/automation AnutaNetworks.com/packetpushers Anuta Networks and Juniper Networks Partner to Deliver Advanced Network Automation – Anuta Networks Anuta ATOM: Assurance, Telemetry, and Orchestration for Multi-Vendor Networks (Sponsored) – Video – Packet Pushers Anuta NCX: An Orchestration Platform For Networks – Packet Pushers

Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN
Jul 13 2020 56 mins  
Take a Network Break! Nokia has developed a new network OS, called SR Linux, and the Nokia Fabric Service Platform. AT&T and Cisco partner on a managed SD-WAN service, and Google cancels a cloud venture in China. A new video codec and image compression format promise big bandwidth savings, Harvard moving online for the 2020-2021 academic year may change perceptions of online learning, and Uber’s Postmates acquisition raises questions about VC funding. Sponsor: ThousandEyes Join ThousandEyes on July 16th for the State of the Internet, a virtual event where ThousandEyes will unveil its latest research on Internet Performance that covers public clouds, CDNs, and DNS providers. Hear from experts and leaders in Internet and application delivery, including Geoff Huston and David Belson. Sign up at thousandeyes.com/state-of-the-internet-2020 to save your spot, or register for the on-demand recording to watch later. Tech Bytes: Apstra Stay tuned for a sponsored Tech Bytes conversation with Apstra, where we talk about how Intent-Based Networking is an evolution of automation. Get more details at apstra.com/packetpushers. Show Links: Nokia announces generational step in data center networking; new OS and tools give cloud builders unprecedented ability to adapt, automate and scale – Nokia Nokia Service Router Linux Release 20 Data Sheet – Nokia Nokia Data Center Fabric Solution – Nokia Show a little spine? Nokia whips out SR Linux, a new routing network OS for cloud clients – The Register Make way Cisco, Arista and Juniper: Nokia enters the data center switching fray – Fierce Telecom Nokia accelerates availability of Open RAN technology to lead the open mobile future – Nokia AT&T Expands its SD-WAN Offering with Cisco To Help Businesses With Distributed Workforces Digitize Faster, With Advanced Security – Cisco SD-WAN Service Provider – Software Defined Wide Area Network at AT&T Business. – AT&T Google Cloud cancels planned Chinese venture – The Register




Day Two Cloud 056: (Not) Streaming Telemetry
Jul 08 2020 52 mins  
Streaming telemetry is all the rage, and for good reason–it gives you immediate data that can inform your monitoring and analysis for performance, operations, and more. However, today’s show dives into an architecture that forgoes streaming telemetry. Our guests looked at it, considered it, and decided it wasn’t a fit. We’ll talk about why they went in a different direction, the problems they’re trying to solve, and how it’s working out. Our guests are Kevin Landreth, Director, Service Reliability; and Carl Montanari, Network Reliability Engineer, both at Packet Fabric. We discuss: * What we mean by streaming telemetry * Pros and cons of streaming telemetry * Why polling still has value (based on your requirements) * The need for context * How they get visibility and granularity * Data volume and scale * More Takeaways: * Polling isn’t *just* about time-series type data — we poll ALL kinds of data and use that data to inform operations across our network — context!!! * Streaming tends to be much less resource intensive, but is not necessarily a panacea — CONTEXT!!! * Easier to scale *out* polling — scale it out closer to actual devices (geographically) as well as just scaling out worker nodes (our middle-ware tier for example) in a relatively easy fashion Sponsor: ThousandEyes Join ThousandEyes on July 16th for the State of the Internet, where ThousandEyes will unveil its latest research on Internet Performance — a measurement-based study of the availability and performance of the Internet and key app delivery networks, including public clouds, CDNs, and DNS providers. Hear from experts and leaders in Internet and application delivery including Geoff Huston from APNIC and David Belson of the Internet Society. Sign up at thousandeyes.com/state-of-the-internet-2020 to save your spot, or register for the on-demand recording to watch at a later date. Show Links: @carlrmontanari – Carl Montanari on Twitter Day Two Cloud 053: Effectively Monitoring Cloud-Native Applications – Packet Pushers

Network Break 291: F5 Patches Severe Vulnerability; Senate Bill Aims To Weaken Encryption
Jul 06 2020 31 mins  
Take a Network Break! F5 patches a severe vulnerability in its Big-IP ADC, Palo Alto Networks also fixes a critical PAN-OS flaw, and VMware acquires Datrium for SaaS-based disaster recovery. Three Republican US Senators have proposed a bill that would compel service providers and device makers to assist law enforcement in decrypting data, Silver Peak and Kentik partner on network visibility, Amazon Web Services launches the Aerospace and Satellite Solutions business unit, and Apple continues to stake out privacy as a competitive differentiator. Sponsor: Service Express Service Express are leaders in third-party data center maintenance. Lower your post-warranty support costs, take control of your hardware refresh cycle, and extend the life of your server, storage, and network equipment. Visit serviceexpress.com/packetpushers to learn how you can win a $50 Amazon gift card. Show Links: PoC exploits released for F5 BIG-IP vulnerabilities, patch now! – Bleeping Computer CVE-2020-5902 – NIST K52145254 – TMUI RCE vulnerability CVE-2020-5902 – F5 K43638305 – BIG-IP TMUI XSS vulnerability CVE-2020-5903 – F5 CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication – Palo Alto Networks Breaking: VMware Announces Intent to Acquire Datrium to Provide Disaster Recovery-as-a-Service for Hybrid Cloud Environments – VMware Datrium to be Acquired by VMware – Datrium VMware to Acquire Datrium – Architecting IT Graham, Cotton, Blackburn Introduce Balanced Solution to Bolster National Security, End Use of Warrant-Proof Encryption that Shields Criminal Activity – United States Senate Committee on the Judiciary ‘Lawful access’ bill would allow feds to legally bust into encrypted devices – NBC I’m Concerned For The Future Of An Open Internet – Packet Pushers Kentik and Silver Peak Partner on Advanced SD-WAN Visibility for Optimized Network and Business Performance – Silver Peak

Heavy Networking 527: New Ideas For A Network Certification Program
Jul 03 2020 63 mins  
Today’s Heavy Networking explores ideas for designing a new networking certification program. The concept is built around a network design challenge that focuses on broad, systems-oriented knowledge. The general idea is that a small team of testers would design a challenge, which is presented as a scenario-driven concept. Candidates would solve the challenge, and be scored based on a rubric. The challenge would include a written response and perhaps diagrams. This program isn’t intended to replace traditional vendor certifications, but rather develop a new approach to testing an engineer’s capabilities and problem-solving ability. The goal is to encourage networkers to develop a deeper understanding of key protocols and networking concepts. Our guests are Russ White, a network architect, author, and instructor; and Scott Morris, a 4x CCIE, consultant, and trainer. We discuss: * Whether the industry needs yet another cert * Limitations of current certification programs * Who this certification targets and why * Preparation and study issues * Governance and implementation of the certification * Questions around test design, implementation, and scoring * More Sponsor: ThousandEyes Join ThousandEyes on July 16th for the State of the Internet, where ThousandEyes will unveil its latest research on Internet Performance — a measurement-based study of the availability and performance of the Internet and key app delivery networks, including public clouds, CDNs, and DNS providers. Hear from experts and leaders in Internet and application delivery including Geoff Huston from APNIC and David Belson of the Internet Society. Sign up at thousandeyes.com/state-of-the-internet-2020 to save your spot, or register for the on-demand recording to watch at a later date. Sponsor: InterOptic Fortune 500 companies choose InterOptic to maximize IT savings and minimize the risk of network failures. InterOptic devices are 100% compatible with Cisco, Juniper, Extreme, Arista, and other switches, and we spend thousands of hours testing devices to insure they work seamlessly in your environment. As your network gets more complex, you want to work with the optics experts at InterOptic! Find out more at interoptic.com/packet-pushers. Show Links: Rule 11 – Russ White’s blog Russ White on LinkedIn Scott Morris on LinkedIn


Day Two Cloud 055: Securing Cloud Infrastructure And Applications
Jul 01 2020 54 mins  
Welcome to Day Two Cloud. Security is difficult and tricky, but we’ve got an amazing guest to help you improve your security posture and manage your cloud risk. Our guest is Tanya Janca, Founder, Security Trainer, and Coach at She Hacks Purple. We discuss: * Key cloud security areas including the network, identity, and application security * Whether to approach security from an infrastructure or application view * Managing identity in the public cloud * Getting visibility without getting overwhelmed * API security * Security considerations for SaaS applications * Building processes to manage risk across a growing number of cloud applications * The intersection of security and DevOps * More Takeaways: * Multi Factor Authentication for anything you care about. “This messes attackers UP!” * When you go to cloud, ZERO TRUST. The edge matters, but it’s not enough. * Use the security tools your cloud provider is giving you. You’re paying for them. Sponsor: Datadog Datadog is a monitoring platform for cloud-scale infrastructure and applications. Datadog provides dashboarding, alerting, application performance monitoring, and log management in one platform so you can get end-to-end visibility quickly. It integrates seamlessly with AWS, so you can start monitoring EC2, RDS, ECS, and all your other AWS services in minutes. Try it yourself with a free, 14-day trial and get a free Datadog T-shirt! Visit datadog.com/daytwocloud to get started. Show Links: Shehackspurple.dev Tanya Janca @shehackspurple (Twitter, YouTube, Twitch)



Network Break 290: HPE Unveils Edge-To-Cloud Strategy; Anuta, Juniper Partner On Automation
Jun 29 2020 49 mins  
Take a Network Break! Ethan Banks brings the virtual bagels while Drew is on PTO. Today’s show reviews HPE Discover, the latest virtual tech event to take place during the pandemic. Greg and Ethan discuss HPE’s messaging around its edge-to-cloud strategy. HPE also unveils HPE Ezmeral. Startup Pensando lands on HPE servers, and LiveAction introduces cloud monitoring to its portfolio. Juniper agrees to resell Anuta Networks’ network automation software, VMware announces a private beta that runs VMware Cloud on Oracle Cloud, and Expereo acquires Comsave. Comcast deploys DNS over HTTPS servers, and the Trump administration adds restrictions on H-1B visas over objections from the tech industry. Sponsor: Unimus Unimus is an easy-to-use Network Automation and Configuration Management solution. More on how you can start automating your network in under 15 minutes at unimus.net/packetpushers. Human Infrastructure Newsletter Get the Packet Pushers’ weekly email chock full of links to technical and community blogs, the latest podcast episodes, and commentary on being a human in the world of IT. It’s free, fun, and we don’t share your email because we hate spam. Sign up and see back issues here. Show Links: Hewlett Packard Enterprise helps customers accelerate transformation with breakthrough HPE GreenLake cloud services – HPE Hewlett Packard Enterprise introduces channel programs and new HPE GreenLake cloud services to help partners deliver the cloud experience everywhere – HPE Hewlett Packard Enterprise unveils HPE Ezmeral, new software portfolio and brand to fuel data-driven transformation – HPE Startup Pensando’s edge compute platform finds a home on HPE’s servers – Fierce Telecom Cloud Monitoring Made Simple with New LiveNX Capabilities – LiveAction Anuta Networks and Juniper Networks Partner to Deliver Advanced Network Automation – Anuta Networks Anuta Juniper Automation Portfolio – Anuta Networks VMware and Oracle together – A brave World – Oracle Cloud Days, 2020 – Virtualize Applications


Heavy Networking 525: Gluware Automating Terracon’s Network (Sponsored)
Jun 26 2020 56 mins  
Some of our favorite Heavy Networking discussions are with folks deep in the hot aisle (right there behind rack ZZ-42) making technology work. No slide decks. No vague promises. Just engineers doing the thing. From their experience, the rest of us can learn. What went right? What went wrong? What do you wish you had done differently? What’s worked out better than you expected? We have one of these discussions today. Jamie Hughes is an Infrastructure Architect at Terracon, and he’s rolled out many complex network changes by using Gluware’s network automation platform. How Terracon Is Using Gluware In our chat with Jamie, we talk about aspects of network operations that Terracon has successfully automated. The context here is that of headcount. Jamie & his team needed to get a lot of things done, some of them tied to pandemic-related traffic patterns, and do them without any additional humans to help. And of course, “don’t screw it up” was right near “get it done fast” on the priority list. Jamie discusses using Gluware for… * Network inventory and assessment. * Standardization of NOS versions. * Configuration drift monitoring. * Configuration audits, covering both NIST recommendations for security and their own corporate standards. * Configuration drift remediation. * QoS deployment. * Upgrading US circuits and fixing related QoS policies at the same time. * Configuring site-to-site Internet VPN as failover for private MPLS. * Updating access control lists to mitigate a cable modem vulnerability. * Migrating from SNMP v2 to v3. Mike Haugh, VP of Product Marketing at Gluware, joins in the conversation to add in specifics about Gluware capabilities–what it can do, can’t do, or will do in the future. For More Information 30-Day Free Pilot-To-Production Trial Offer for qualified customers. Kickstart your network automation journey now as we invest in customers during the pandemic. https://gluware.com/business-continuity-offer/ Take The Gluware Test Drive We spin up a real environment and enable you to run through several use-cases. http://gluware.com/test-drive Request A Demo https://gluware.com/request-demo/ Gluware On The Interwebs * LinkedIn – https://www.linkedin.com/company/gluwareinc/ * Twitter – @gluwareinc https://twitter.com/gluwareinc * YouTube – https://www.youtube.com/user/gluware Intent 19’ Hosted by the Packet Pushers https://gluware.com/intent19-podcasts/ Blog Series By Terry Slattery (the first non-Cisco CCIE) from NetCraftsman https://gluware.com/resources/blog/ Videos https://gluware.com/resources/videos/ Webinars https://gluware.com/resources/webinars/ Whitepapers & More https://gluware.com/resources/collateral/



Network Break 289: Cisco Live 2020, Palo’s ML, HPE Edge Telco and more
Jun 22 2020 36 mins  
Take a Network Break! We look at Cisco Live Virtual topics so its SecureX, Webex Collaboration and the “Connected Experience” (even if we don’t really know what that is). Palo Alto gets machine learning features into the latest PAN-OS release for malware scanning, automated rule creation and more. HPE get Edgey with Telco plus more on Zoom security tradeoffs. Sponsor: Service Express Service Express is a leader in third-party data center maintenance. Lower your support costs, extend the life of your hardware and save up to 70% on server, storage and network maintenance! Visit serviceexpress.com/packetpushers to learn more, and find out how you can win a $50 Amazon gift card. Show Links Cisco Launches Portfolio of Solutions to Boost Business Resiliency | The Network – https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2081601 Cisco Webex Helps Customers Stay Remotely Connected and Reimagine Work | The Network – https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2079576 Cisco Radically Simplifies Security for Today’s Accelerated IT Agenda | The Network – https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2079649 SecureX – https://www.cisco.com/c/en/us/products/security/securex/index.html Cisco Welcomes Jeetu Patel to Lead Security and Apps https://blogs.cisco.com/news/cisco-welcomes-jeetu-patel-to-lead-security-and-apps Palo Alto Networks Launches World’s First ML-Powered NGFW – Palo Alto Networks https://www.paloaltonetworks.com/company/press/2020/palo-alto-networks-launches-worlds-first-ml-powered-ngfw Paradigm Shift: The World’s First ML-Powered NGFW with PAN-OS 10.0 – Palo Alto Networks https://blog.paloaltonetworks.com/2020/06/network-pan-os-10-0/ Announcing IoT Security: No Organization Is Protected Without It – Palo Alto Networks https://blog.paloaltonetworks.com/2020/06/network-iot-security/ Announcing CN-Series: The Industry’s First NGFW for Kubernetes – Palo Alto Networks https://blog.paloaltonetworks.com/2020/06/network-cn-series/ Link: Hewlett Packard Enterprise unleashes new revenue streams for telcos with one click deployment of apps at the edge of 5G networks and telco clouds | HPE – https://www.hpe.com/us/en/newsroom/press-release/2020/06/hewlett-packard-enterprise-unleashes-new-revenue-streams-for-telcos-with-one-click-deployment-of-apps-at-the-edge-of-5g-networks-and-telco-clouds.html Link: HPE unveils open, as-a-Service 5G portfolio designed for telcos to speed path to revenue and redefine experiences at the enterprise edge | HPE –

Heavy Networking 524: Network Modeling With Open Source pyNTM
Jun 19 2020 60 mins  
Today on Heavy Networking, network modeling. Oh, you mean like GNS3? No, not like GNS3. Rather, we’re covering the Python Network Traffic Modeler, or pyNTM, an open-source network modeling tool. Creator Tim Fiola explains what network modeling is and how you can use this tool to help you make design decisions and avoid costly mistakes. The pyNTM software lets you create a WAN topology and apply a mix of traffic to it. The modeling engine converges the model to simulate network state based on traffic traversing the topology. That network state reflects details such as traffic paths, interface utilization, RSVP reserved bandwidth, and more. Tim is a network automation and modeling enthusiast. We discuss: * Differences between virtual labs and network simulation/modeling * What pyNTM does and the problems it can solve * What a traffic matrix is * Modeling vs. best practices and rules of thumb * How pyNTM uses Python under the hood * More Sponsor: ITProTV ITProTV helps you make your heavy networking skills–and others–even heavier. Get a 7-day free trial and 30% savings off of any plan you choose! Visit ITPro.TV/packetpushers and use promo code PACKETPUSHERS at checkout. Sponsor: Dell Technologies If you’re interested in an enterprise-ready, open source NOS for your data center, Dell Technologies’ Enterprise SONiC Distribution is open source networking made real. It brings together the innovation and scalability of open source SONiC with the trusted enterprise expertise of Dell Technologies with its family of open networking PowerSwitch platforms, enterprise-ready features, and global support. Visit packetpushers.net/dellsonic for more details. Show Links: pyNTM Repository wiki with training links – GitHub Lock S-Foils.com – Tim Filoa’s blog Open sourcing the network model and unlocking the value of understanding the wide area network–python3 Network Traffic Modeler (pyNTM) – NANOG (PDF) Open sourcing the network model and unlocking the value of understanding the wide area network – NANOG via YouTube Open sourcing the network model – APNIC blog This Week – Deploying MPLS – Book (free PDF)



Network Break 288: Aruba ESP Senses Opportunity At The Edge; Intel Wrestles With New Chip Attacks
Jun 15 2020 55 mins  
Take a Network Break! Aruba announces Aruba ESP (Edge Services Platform) at its ATMDigital event. ESP integrates Aruba’s wireless, wired, and SD-Branch portfolio and layers a new cloud-based AI service over the top. Intel wrestles with new chip vulnerabilities, and MIT walks away from negotiations with an academic publisher over paywalls. IBM walks away from facial recognition products while Microsoft and Amazon pause sales of facial recognition technology to U.S. police forces; the Wi-Fi Alliance denotes FCC chair Ajit Pai a “Wireless Champion”; and Extreme Networks gets a share-price pop when a board member makes a big share purchase. SpaceX gets a second crack at U.S. taxpayer money to fund rural broadband, and an open-source hobbyist gets around a trademark infringement levied by Let’s Encrypt with a clever pun. Tech Bytes: Aruba AIOps Stay tuned after the news for a Tech Bytes conversation with sponsor Aruba. We examine the AI capabilities in Aruba’s new Edge Services Platform with Aruba’s Chief Technologist of AIOps and HPE Fellow Jose Tellado. In particular, we look at how artificial intelligence can improve IT operations. Show Links: Introducing Aruba ESP, the Industry’s First Cloud-Native Platform Built for the Intelligent Edge – Aruba Networking Field Day Experience at Aruba Atmosphere Digital – Tech Field Day Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again – Ars Technica IPAS: Security Advisories for June 2020 – Intel Special Register Buffer Data Sampling Advisory – Intel New SGAxe attack steals protected data from Intel SGX enclaves – Bleeping Computer MIT, guided by open access principles, ends Elsevier negotiations – MIT News Elsevier fact sheet | Scholarly Publishing – MIT Libraries We are implementing a one-year moratorium on police use of Rekognition – Amazon IBM CEO’s Letter to Congress on Racial Justice Reform – THINKPolicy Blog We are implementing a one-year moratorium on police use of Rekognition – Amazon Microsoft bans face-recogniti...




Day Two Cloud 052: Moving Back Home From The Cloud
Jun 10 2020 56 mins  
Today’s Day Two Cloud episode is a frank conversation about cloud migration, multicloud, cloud repatriation, and more. If you’re here for rainbows and unicorns, prepare for disappointment. We talk about what’s real, how expensive it can be to move to cloud, why people bring workloads back on premises, and more. Our guest is Bobby Allen, CTO at CloudGenera. He works with companies on making cloud real. We discuss: * The cost drivers of cloud repatriation * Thinking of cloud migration as a brownfield engagement * The necessity of executive leadership in cloud projects * How hard it is to quantify an application’s value * Ingredients for doing multicloud right * Vetting consultants * More Takeaways: * Technology is the easy part. Think People, process, product or people, process, problem. Solve something for someone, don’t just fall in love with cool tech and get lazy. * Conversations and decisions happen at the application level. Engage solutions and providers that can talk at that level – architecture, change, financials. We talk about wholesale data center moves or transformation but those happen less than tinkering with some old apps or building a few new ones. * Dream like there is a greenfield but act like there is no godfather (to magically foot the bill). Technical curiosity has to ultimately meet financial common sense, but don’t start there. Start with the dream or the vision then pare it back to the resources you have (which aren’t just money). Folks may be willing to trade insights or references for services even when you don’t have money. Sponsor: ITProTV Oh, great people of the cloud, this episode is brought to you by online IT training from sponsor ITPro.TV. And because you, yes you, are so very great, ITPro.TV is offering you a 7-day free trial and 30% savings off of any plan you choose! Visit ITPro.TV/day2cloud and use promo code CLOUD at checkout to exercise your greatness. Show Links: Public Cloud Workload Repatriation – CTO Advisor Virtual Conference (via YouTube) Bobby Allen on Twitter Bobby Allen on LinkedIn CloudGenera Blog

Heavy Networking 522: How CIOs Prioritize Security – Cisco’s CIO Perspectives 2020 Survey (Sponsored)
Jun 09 2020 49 mins  
Welcome to Heavy Networking. Cisco Systems is our sponsor today, and we’re going to talk about the projects you might see coming down your IT pipeline. How do we know? Can we see into the future? Well, of course we can (stare deeply into the optic and see the future…no wait…don’t do that). In this case we look at hard data from a survey of global CIOs, undertaken by Cisco, called CIO Perspectives 2020. We’ll see what that tells us about the probable priorities permeating project planning at your place of productivity impacted by this pesky pandemic. We are joined by Jo Peterson, VP of Cloud & Security for Clarify360, who has partnered with Cisco to bring awareness to challenges facing today’s CIO. The CIO Perspectives 2020 survey gathers insights from 1,300 CIOs across 13 countries. Jo is going to give us a preview of some key survey insights. On June 9th 2020 you can join Jo Peterson, Greg Ferro and other IT experts for a live #CiscoChat. Go to cisco.com/go/ciscochat to participate and view. We discuss: * The impact of Covid-19 on IT and how organizations are responding * Privacy and security as the top CIO challenges * Key leadership priorities including empowering teams, transforming infrastructure, and re-imagining applications * How empowering teams can lead to a competitive advantage * Project prioritization * More Show Links: Jo Peterson Jo Peterson on LinkedIn Join Jo Peterson, Greg Ferro and other IT experts for a live #CiscoChat. Go to cisco.com/go/ciscochat to participate and view.


Network Break 287: Open Compute Infrastructure Makes Its Mark; Cisco Live Postponed
Jun 08 2020 39 mins  
On today’s Network Break we discuss a new IDC report that shows servers and storage systems based on Open Compute specs will generate almost $34 billion in revenue by 2024. Switching and routing revenue fell worldwide, according to Synergy Research. Cisco Systems has delayed its Cisco Live 2020 virtual event because, according to CEO Chuck Robbins “in light of recent events and the turmoil happening across the United States, we feel this is the right thing to do.” Robbins specifically called out the murders of George Floyd, Breonna Taylor, and others. VMware has acquired the malware sandbox maker Lastline, and Cisco has released a long list of bug and vulnerability fixes for IOS and IOS-XE. Telegeography runs models to see if ditching MPLS really can cut 50% of WAN costs, and we ask if technology trade show awards matter to IT professionals. Sponsor: Service Express Service Express is a leader in third-party data center maintenance. Lower your support costs, extend the life of your hardware and save up to 70% on server, storage and network maintenance! Visit serviceexpress.com/packetpushers to learn more, and find out how you can win a $50 Amazon gift card. Tech Bytes: Fortinet Stay tuned after the news for a Tech Bytes conversation sponsored by Fortinet. We discuss an SD-WAN deployment with PAYOMATIC, a lending company. We talk about how PAYOMATIC cut costs by migrating off MPLS, and how Fortinet Secure SD-WAN positioned the company to take advantage of new infrastructure options. Show Links: Worldwide Open Compute Project (Compute and Storage) Infrastructure Market Revenue Forecast to Grow at a 16.6% CAGR through 2024, According to IDC – IDC Worldwide Server and Enterprise Storage Systems Markets Will Decline in 2020, Impacted by the COVID-19 Pandemic, According to IDC – IDC Synergy Research: Ethernet Switch & Router revenues drop to 7 year low in Q1-2020 – Technology Blog Chairman and CEO Chuck Robbins gives statement on Cisco Live 2020 – YouTube VMware Announces Intent to Acquire Lastline – VMware Lastline to be Acquired by VMware – Lastline Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication – Cisco Systems Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities – Cisco Systems Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’ –...

Heavy Networking 521: Diving Into Dell Technologies’ SONiC Network OS For The Enterprise (Sponsored)
Jun 05 2020 44 mins  
Today on Heavy Networking, we explore the SONiC network operating system with our sponsor, Dell Technologies. SONiC is “an open source network operating system based on Linux that runs on switches from multiple vendors and ASICs.” If an open-source NOS sounds like something for hyperscale companies, think again. Dell has invested in SONiC to develop an enterprise-specific distro, and believes it’s now ready for all sorts of enterprises, very possibly yours. How ready? Ready enough that Dell will back SONiC with all the support you’d require to be comfortable deploying it. We dive into the details with Alley Hasan, Director, Product Strategy and Business Development at Dell Technologies. We discuss: * SONiC’s origins * Technical details of Dell’s SONiC distribution * Enterprise value proposition and use cases * Supported hardware * Key routing and switching features * Hooks into automation and telemetry * More Show Links: Enterprise SONiC Distribution by Dell Technologies Enterprise SONiC Distribution by Dell Technologies Specification Sheet (PDF) Dell Technologies Networking Power Up Network Automation With Dell Technologies’ SONiC NOS – Packet Pushers Dell Technologies Delivers the Power of Open Source Networking to Help Automate and Simplify Data Centers – Dell Technologies US Dell Technologies and SONiC: Open Source Networking That Checks All the Boxes – Direct2DellEMC Dell Blogs Dell Technologies on Facebook @DellNetworking on Twitter



Heavy Networking 520: Cloud Architects’ Multi-Cloud Network Adoption With Alkira (Sponsored)
Jun 02 2020 42 mins  
Cloud adoption continues to accelerate. Organizations are increasingly transitioning business critical applications from on-premise data centers to single or multiple public clouds and SaaS environments. At the same time, traditional network and network services architectures have not adapted to the needs of the cloud. Manual provisioning, complicated routing, restrictive cloud limits, fragmented security, and operational visibility blind spots are just a few examples where current architectures fall short of providing a meaningful solution. Alkira takes a new approach to multi-cloud networking. Its Cloud Service Exchange is an on-demand, as-a-service offering that lets customers deploy multi-cloud networks with integrated security services using an intuitive digital design canvas. Network engineers don’t need to learn underlying cloud constructs or fiddle with manual configuration; they can provision the network with one click, and have it ready for use in minutes. Alkira has brought two customers to talk about their experiences with the solution. Our guests are Matt Hoag, Senior Enterprise Architect at Koch Industries; and William Collins, Lead Cloud Architect at a large healthcare company. We also hear from Atif Khan, CTO and Co-Founder of Alkira. We discuss: * The business drivers for cloud adoption * Why traditional do-it-yourself network and security architectures do not work for cloud * The challenges of having to learn the operational and policy quirks of each cloud * How Alkira abstracts the pain of regional and global routing in the cloud * The Alkira solution and the networking and security services it enables * Real-world customer examples of multi-cloud adoption * More Show Links: Alkira CTO Whitepaper: Multi-Cloud Networking Reinvented – Alkira Webinar: Alkira Multi-Cloud Network and Security Architecture – Alkira Cowen Equity Research Report: Alkira – A New Networking Company – Alkira Alkira Solution Video: The Future of Cloud Networking – Alkira




Day Two Cloud 050: Nerding Out On GitHub Actions With Chris Wahl
May 27 2020 46 mins  
Today’s episode gets into the nerdy details of how an infrastructure professional can use GitHub Actions. Actions is a recent feature introduced on GitHub that lets you chain together steps or instructions and trigger them to run as a workflow. Actions lets you automate workflows in a GitHub repository without having to set up a sidecar service to monitor for triggers. For example, you could set up Actions to take specific steps if someone makes a pull request or submits an issue. Our guest is Chris Wahl, Chief Technologist at Rubrik and co-host of the Datanauts podcast (now discontinued, but see the back catalog here). We discuss: * What GitHub Actions are and how they work * The marketplace for Actions * How to set up Actions * Addressing security * Tips for effective use * Documentation * More Takeaways: * The GitHub Learning Lab action on the marketplace is a fun way to get started. * Workshop 1: GitHub Actions: Continuous Integration * Workshop 2a: GitHub Actions: Continuous Delivery with AWS * Workshop 2b: GitHub Actions: Continuous Delivery with Azure * This video is great, too. Advanced GitHub Actions: workflows for production grade CI/CD – GitHub Universe 2019 * Anytime you need to work with sensitive information, such as a key, password, or account, store it in a GitHub secret. Don’t write it down in any of your code or configuration files. * Start with a private repo on GitHub that has fresh data that you can manipulate via Actions without having to worry about torching any of your existing infrastructure or workflows. Spend time getting to know Actions and make your mistakes in a test scenario, first, before rolling out to production. Show Links: Debugging with tmate · Actions – GitHub Marketplace Workflow syntax for GitHub Actions – GitHub Actions Chris Wahl on Twitter Wahlnetwork.com – Chris’s blog Chris Wahl on GitHub Chris Wahl on LinkedIn

Network Break 285: 37,000 Kilometers Of Undersea Cable Coming To Africa; Cisco Announces ACI 5.0
May 25 2020 57 mins  
Take a Network Break! A consortium of telecom operators and Facebook have announced plans to lay 37,000 kilometers of undersea fiber optic cable around Africa, Cisco rolls out version 5.0 of its ACI platform with new features for service providers, and Intel buys Rivet Networks for high-performance Wi-Fi. Google and Apple release software to public health authorities to track Covid-19 exposure, Juniper touts its Mist Wi-Fi as a contact tracer, and Chrome version 83 comes with DNS over HTTPS. The FCC doubts Starlink can meet broadband requirements to get federal funding for rural broadband, Gluware is now available in Azure, and AT&T gets spanked by a U.S. advertising association for misleading consumers about its 5G capabilities. Sponsor: Service Express Service Express is a leader in third-party data center maintenance. Lower your support costs, extend the life of your hardware and save up to 70% on server, storage and network maintenance! Visit serviceexpress.com/packetpushers to learn more, and find out how you can win a $50 Amazon gift card. Tech Bytes: Silver Peak Stay tuned after the news for a Tech Bytes conversation. Silver Peak is the sponsor, and they’ve sent customer SolarWinds to share how the company boosted VoIP performance, improved end user experience, and saved big money on its WAN costs by deploying SD-WAN. Show Links: Building 2Africa, a transformative subsea cable to better connect Africa – Facebook Meet the partners – 2Africacable.com Facebook is Building an Underwater Cable Around Africa to Bolster the Continent’s Internet Access – Grit Daily News Facebook 2Africa – Why Aren’t Telcos Doing This? – Packet Pushers Facebook, telcos plan subsea cable to connect Africa, Middle East and Europe – Reuters Faster Internet Coming to Africa With Facebook’s $1 Billion Cable – Bloomberg Telegeography Submarine Cable Map – Telegeography Cisco Application Centric Infrastructure (Cisco ACI) 5.0 for the Changing World – Cisco Systems ACI Release 5.0 New Features – Michael’s personal Blog Intel Acquires Rivet Networks, Boosting Intel’s Wi-Fi Offerings for PC Platforms – Intel Newsroom


Heavy Networking 518: Learning To Live With SNMP
May 22 2020 52 mins  
Perhaps the most arcane technology in networking is the Simple Network Management Protocol (SNMP), which, despite its name, is one of the utmost confusing pieces of technology to actually use. SNMP is a Cthulu-like figure that is everywhere, but darkness and despair surrounds it. While SNMP is fading away and being replaced with new options, it persists because it’s so widely implemented. On today’s show we’ve enlisted the aid of experienced warriors to stare into the darkness of SNMP to help us master it. Joining me is Michael Lucas, who recently published the book SNMP Mastery which, after reading, inspired this podcast. He’s also the author of “Cisco Routers for the Desperate,” “SSH Mastery” (which I also highly recommend) and “Savaged by SystemD: an Erotic Unix Encounter.” We’re also joined by Allan Jude, a FreeBSD and Open ZFS developer and co-conspirator with Michael. We discuss: * How we got SNMP in the first place * What the protocol gets right * SNMP survival tips * Why MIBs are confusing * More Sponsor: ITProTV ITProTV helps you make your heavy networking skills–and others–even heavier. Get a 7-day free trial and 30% savings off of any plan you choose! Visit ITPro.TV/packetpushers and use promo code PACKETPUSHERS at checkout. Sponsor: Itential Itential is intelligent automation for multi-domain and multi-vendor networks. You can find out more about Itential in Heavy Networking 503, and at itential.com/packetpushers. Show Links: SNMP Mastery – Michael W. Lucas SSH Master – Michael W. Lucas Michael W. Lucas on Twitter Allan Jude on Twitter 2.5 Admins Podcast BSD Now Podcast



Network Break 284: Dell Technologies Announces SONiC Distro; Microsoft Acquires Metaswitch Networks
May 18 2020 34 mins  
Take a Network Break! On today’s show we cover Dell Technologies’ announcement of a supported SONiC network OS distro, a reminder from Mellanox that they’ve been supporting SONiC before it became cool, and Microsoft’s acquisition of Metaswitch Networks. VMware buys Kubernetes security platform Octarine and announces an integration deal with SIEM vendors, U.S. President Donald Trump extends a ban on U.S. companies buying products from Huawei or ZTE (but we can still sell them components), and Cisco reports a tough third quarter. Links to all these stories are below. Sponsor: Unimus Unimus is an easy to use Network Automation and Configuration Management solution. Find out more on how you can start automating your network in under 15 minutes at unimus.net/packetpushers. Show Links: Dell Technologies and SONiC: Open Source Networking That Checks All the Boxes – Direct2DellEMC Dell Technologies Delivers the Power of Open Source Networking to Help Automate and Simplify Data Centers – Dell Technologies Mellanox Integrated SONiC Open Networking Solution – NVIDIA Blog Microsoft has announced an agreement to acquire Metaswitch Networks – Metaswitch Networks Microsoft announces definitive agreement to acquire Metaswitch Networks, expanding approach to empower operators and partner with network equipment providers to deliver on promise of 5G – Microsoft Microsoft has signed a definitive agreement to acquire Affirmed Networks! – Affirmed Networks Microsoft announces agreement to acquire Affirmed Networks to deliver new opportunities for a global 5G ecosystem – The Official Microsoft Blog VMware to Acquire Octarine to Boost Kubernetes Runtime Security – The New Stack VMware Advances Intrinsic Security Strategy at Connect 2020 Announcing Intent to Acquire Octarine to Expand Workload Security Solution into Kubernetes and Creation of Next-Gen SOC Alliance – VMware


Day Two Cloud 048: Migrating Your Data Center To The Cloud
May 13 2020 46 mins  
Today’s Day Two Cloud episode dives into data center migrations. If you’ve got critical applications on premises that you want to move into the cloud, get ready to do a lot of planning. Bringing in an outside party may be a good idea because is a complex task with known and unknown dependencies both in the cloud and on premises. And once the migration is over, what happens to ongoing management of those cloudified applications? You need a well-trained IT staff to keep those applications humming. Our guest is Sarah Lean, Cloud Advocate at Microsoft. Her role is to help customers and Azure engineers align and get along. We discuss: * Business drivers for migrating data center applications to the cloud * What shouldn’t be moved * How IT skills do–and don’t–transfer from on premises to the public cloud * Tips for minimizing migration pain * More Takeaways * Auditing your environment before a migration is essential. * Ensuring your staff have the right level of skill to support your cloud environment is vital to IT’s ongoing success. * Never stop learning. Sponsor: ITProTV Oh, great people of the cloud, this episode is brought to you by online IT training from sponsor ITPro.TV. And because you, yes you, are so very great, ITPro.TV is offering you a 7-day free trial and 30% savings off of any plan you choose! Visit ITPro.TV/day2cloud and use promo code CLOUD at checkout to exercise your greatness. Show Links: Sarah Lean on Twitter Techielass.com – Sarah’s Website Techielass on YouTube Schedule time with Sarah


Network Break 283: NVIDIA Acquires Cumulus Networks; Innovium Announces 25.6 Tbps Switch ASIC
May 11 2020 59 mins  
Take a Network Break! NVIDIA bolsters its Mellanox purchase by adding Cumulus Networks to its shopping list, Innovium announces a 25.6 Tbps ASIC, and Arista says it will support the SONiC network OS on certain switches. The International Space Station gets a space laser for networking, Zoom acquires Keybase to boost its encryption chops, and a new 5G organization forms to lobby the U.S. government to protect its members from Huawei. Last but not least, Arista Networks and Fortinet report Q1 2020 financial results. Sponsor: Service Express Service Express is a leader in third-party data center maintenance. Lower your support costs, extend the life of your hardware and save up to 70% on server, storage and network maintenance! Visit serviceexpress.com/packetpushers to learn more, and find out how you can win a $50 Amazon gift card. Tech Bytes: Megaport Stay tuned after the news for a sponsored Tech Bytes conversation with Megaport. Megaport provides global cloud connectivity, data center interconnect, and Internet exchange peering. We talk about the services Megaport offers and how the company can support your remote-work needs. Show Links: NVIDIA to Acquire Networking Software Trailblazer Cumulus – NVIDIA Blog Innovium Introduces TERALYNX® 8, World’s Highest Performance Programmable Switch for Data Center Networks with 25.6 Tbps throughput and support for 112 Gbps SerDes I/O – Innovium Arista Extends Open Cloud Networking Software Leadership – Arista International space station connects 100Mbps symmetric space laser ethernet using Sony optical disc tech – The Register Small Optical Link for International Space Station (SOLISS) Succeeds in Bidirectional Laser Communication Between Space and Ground Station – Jaxa Zoom Acquires Keybase and Announces Goal of Developing the Most Broadly Used Enterprise End-to-End Encryption Offering – Zoom “Zoom acquiring a failed startup originally doing encryption which pivoted to a crypto currency ponzi scheme and claiming this will make Zoom security better is about as on point for 2020 as ever.” – Kyle Mestery via Twitter Keybase joins Zoom – Keybase Open RAN Policy Coalition Launches To Advance Open And Interoperable Solut...


Day Two Cloud 047: Highlights And Analysis From Cloud Field Day 7
May 06 2020 59 mins  
Today’s Day Two Cloud podcast storms into your podcast player with product news from VMware, SolarWinds, and startup Pensando. In April 2020, Ethan Banks attended a virtual Cloud Field Day event where vendors with cloudy products showcased their wares. Ethan and Ned share highlights from those presentations, discuss pros and cons of the products, and tease out a theme: solving problems related to distributing computing. Cloud Field Day (and other events under the Tech Field Day umbrella) assembles delegate panels of independent tech professionals for presentations from sponsoring vendors. The delegates ask questions, push back on marketing claims, and generally serve as surrogates for the broader IT community to better understand the value and limitations of tech products and services. Topics discussed in today’s show include: * VMware Cloud on AWS * Whether there are advantages of running VMware in the cloud * VMware HCX * VMware Tanzu Kubernetes Grid * Monitoring cloud performance with SolarWinds * The startup Pensando, which makes a SmartNIC to offload a server’s network processing Takeaways: * What is the problem you have? If you can’t articulate the problem, you don’t know which product you need. Explaining your problem is harder than you think. Engineers think about technical problems, but technical problems ARE NOT THE PROBLEM. * Distributed computing is where the world is at or is heading. Understanding distributed application architecture and how to build an infrastructure to support it is a crucial skill. Many of the tools I see are band-aids to handle an application that was not designed to run in a distributed environment. If you really understand distributed computing, you can lead an actual “digital transformation”. * Ask yourself whether Kubernetes is a thing you need to know, or whether it’s a platform you want to use but not care about. What role do you want to play in managing your org’s Kubernetes infrastructure? Do you want to drive the car, or be a mechanic? I can explain the basics of how an internal combustion engine works, but I’m not an auto mechanic. I’m starting to think there’s a balance of knowing “just enough” Kubernetes. Ignorance isn’t good, but do you need to be a CKA? Show Notes: Cloud Field Day 7 video playlist – Tech Field Day VMware Cloud on AWS Networking and Security Documentation – VMware VMware DRaaS – VMware VMware HCX – VMware VMware Tanzu Kubernetes Grid – VMware SolarWinds Pingdom – SolarWinds SolarWinds Loggly – SolarWinds SolarWinds AppOptics – SolarWinds Pensando Distributed Services for the Enterprise – Pensando (PDF) Pensando Distributed Services for Cloud Providers – Pensando (PDF)


Network Break 282: NVIDIA Completes Mellanox Acquisition; SpaceX Sets Date For Satellite Internet Beta Testing
May 04 2020 34 mins  
Take a Network Break! NVIDIA completes its Mellanox acquisition, SpaceX announces dates for private and public beta testing of its satellite-based Internet service, and Cumulus releases version 3.0 of its NetQ management software. Cisco offers replacement ASAs for devices with a faulty hardware component; ICANN squashes the sale of the .org domain to a private equity firm; and Juniper, Microsoft, and Amazon announce financial results. Links to our coverage are below. Sponsor: InterOptic Take control of your optics purchases with InterOptic. You can get the same, if not better-performing optical transceivers, tested and designed by engineers who truly understand the specifications that are critical to your network–at a fraction of typical OEM costs. Get more information at interoptic.com/packet-pushers. Show Links: NVIDIA Completes Acquisition of Mellanox, Creating Major Force Driving Next-Gen Data Centers – NVIDIA SpaceX Applies for a Constellation Re-Design and Announces Beta Test Dates – CircleID Cumulus Networks Moves Beyond Network Visibility With the Addition of Lifecycle Management – Cumulus Networks Modernizing your network has never been easier with Cumulus NetQ Lifecycle Management – Cumulus Networks Field Notice: FN – 70476 – ASA5508 and ASA5516 Security Appliances Might Fail After 18 Months or Longer Due to a Damaged Component – Hardware Upgrade Required – Cisco ICANN Board Withholds Consent for a Change of Control of the Public Interest Registry (PIR) – ICANN Statements in Response to April 30, 2020 Decision from ICANN – Internet Society ICANN finally halts $1.1bn sale of .org registry, says it’s ‘the right thing to do’ after months of controversy – The Register Juniper Networks Reports Preliminary First Quarter 2020 Financial Results – Juniper Networks Earnings Release FY20 Q3 – Microsoft Amazon.

Heavy Networking 515: A Decade of Network Podcasting
May 02 2020 29 mins  
We interrupt our programming to commemorate ten years of podcasting. In this brief chat, Ethan and Greg discuss where we came from and where we are going. Note the retro music we used, and check out outro too. Our complete focus is on the listener. We aim to bring you a package that supports your career and your work. We fill in the gaps that certification and news leaves. We think about the why and when, and present some perspectives for you to think about. You make your own decisions. Links: Human Infrastructure Magazine – https://packetpushers.net/newsletter Send us your followup, feedback and advice – https://packetpushers.net/fu The first episode May 2, 2010 : Show 01 – Lab Scenario – The First Podcast – Packet Pushers   Automated Transcription – Unedited HN 525 10 Years of Networking [00:00:00] Greg Ferro: [00:00:00] you know, you know Ethan, it’s been 10 years since we started. Yes. 10 Ethan Banks: [00:00:07] so I’ve been thinking about this. Okay. So if you look at my resume, uh, typically I’ve, I rotate out jobs every two, three, four years, depending. This is the longest single job I’ve had, not that we did at full time. At the beginning. It took a while, but 10 years that I’ve worked with you as a coworker of all people, Mr. Farrell. Oh my goodness. Greg Ferro: [00:00:24] I’m not sure who needs, who needs a metal, you or me. It’s a little hard to tell it to give each Ethan Banks: [00:00:29] other metals, but you’re fantastic tolerance award. Greg Ferro: [00:00:33] Yeah. So this is the, this is the, um, very odd occasion where you’ll hear Ethan and I actually talking about ourselves to ourselves. So we don’t generally do this. And very rarely, if you’ve been listening to the show regularly, do we ever actually put our personal lives or anything about the packet pushers. As a business on the thing. But this is our 10 year anniversary show. We started in May, 2010 and [00:01:00] it’s been quite a journey. Ethan Banks: [00:01:02] Well, you summed it up nicely, uh, several times here that we’ve been too stupid to quit. That is, there’s a lot of reasons along the way where it’s like, we need to stop doing this for our personal sanity, for time’s sake, for whatever. Um, and we didn’t, we just kind of have kept on going. But of course now we are a little more motivated cause it is our livelihood. Greg Ferro: [00:01:22] Yeah, it is. But in Silicon Valley they call it true grit and the top leaders never given, and I call it being too stupid to quit cause it’s just, that’s actually what it is. Any rational human being would have gone on back to work and done normal jobs, you know, disappeared into the woodwork and not a face up. You know, remember there was a time back there when we would say things and we’d get abused by vendors and. We’d be contacted by senior execs threatening us with various things, and that’s chat. That’s no longer a thing. Obviously as the chain, you know, as, as social media and influencers are now seen as analysts, that’s changed that game a lot. Ethan Banks: [00:01:57] The tone has changed and now we just gotta [00:02:00] be careful that what we say makes good sense and it’s actually benefiting someone that’s, that’s always a balance that we strike it. Greg Ferro: [00:02:06] Well, for those people who don’t know, how does packet pushes think about what we do?




Network Break 281: FCC Opens 6Ghz Band For Unlicensed Use; Arista Boosts WLAN Software
Apr 27 2020 51 mins  
Take a Network Break! The US Federal Communications Commission opens the 6Ghz band to unlicensed use, including Wi-Fi; Arista upgrades its wireless software to enable app ID and enhance performance; and Cisco and Google announce a forthcoming partnership on SD-WAN for Google Cloud. Google launches a remote access product for enterprises, Juniper and T-Systems partner on an SD-WAN and security service, and the multi-cloud networking startup Aviatrix announces a new visibility product. ISC2 still requires in-person exams for the CISSP and other certifications, AT&T undertakes a $6 billion cost-cutting program, Travelex goes up for sale, and Google will put requirements in place for advertiser verification. As usual, you can find links to all these stories below. Sponsor: InterOptic It’s time to take control of your optics purchases with InterOptic. You can purchase the same, if not better-performing optical transceivers, tested and designed by engineers who truly understand the specifications that are critical to your network–and at a fraction of typical OEM costs. Get more information at interoptic.com/packet-pushers. Tech Bytes: AppNeta Stay tuned after the news for a sponsored Tech Bytes conversation with AppNeta on IT accountability in the age of network transformation. In the cloud age, when IT owns less and less of application delivery, we’ll talk about how IT can deliver clear, measurable value to the business. Show Links: FCC Opens 6 GHz Band to Wi-Fi and Other Unlicensed Uses – Federal Communications Commission BIB092 – 6Ghz Wireless Spectrum, Unlicensed Access with US FCC – Packet Pushers The FCC ratified Wi-Fi 6E this morning – Ars Technica Wi-Fi 6E isn’t here yet—but Broadcom is clearly banking on it – Ars Technica Arista Delivers Cognitive WiFi for Collaboration, Video and Chat Applications – Arista Next Generation Cognitive Networking – Arista Cisco and Google Cloud Partner to Bridge Applications and Networks: Announcing Cisco SD-WAN Cloud Hub with Google Cloud – Cisco Modernize Enterprise Networking with Cisco SD-WAN and Google Cloud – Google Keep your teams working safely with BeyondCorp Remote Access – Google





Network Break 280: Nvidia Advances Mellanox Acquisition; Startup Alkira Tackles Multi-Cloud Networking
Apr 20 2020 51 mins  
Take a Network Break! Tech Field Day and GestaltIT founder Stephen Foskett stops by to provide guest commentary and analysis. Nvidia gets clearance to move forward on its Mellanox acquisition, GitHub adjusts its prices, and startup Alkira rolls out a multi-cloud networking offering. Facebook cancels company events until June 2021; the IETF provides assessment criteria on whether to hold its upcoming meeting in Madrid, Spain; Cisco rolls out online testing for networking and DevNet certifications, and Unicode 14.0 gets delayed for half a year. Get links to all these stories below. Sponsor: InterOptic It’s time to take control of your optics purchases with InterOptic. You can purchase the same, if not better-performing optical transceivers, tested and designed by engineers who truly understand the specifications that are critical to your network–and at a fraction of typical OEM costs. Get more information at interoptic.com/packet-pushers. Tech Bytes: Forward Networks Stay tuned after the news for a sponsored Tech Bytes conversation with Forward Networks on network verification, how it differs from legacy networking monitoring, and where the technology is headed. Show Links: Nvidia-Mellanox Deal Finally Gets China’s Approval – EE Times FAQ about changes to GitHub’s plans – GitHub Alkira Introduces First On Demand Multi-Cloud Network, Deployed in Minutes – Alkira Facebook To Cancel Company Events With Over 50 Attendees Until June 2021 – Forbes Assessment criteria for decision on in-person/virtual IETF 108 – IETF Get Cisco certified and Cisco DevNet certified today with new online testing – Cisco Unicode 14.0 Delayed for 6 Months – Unicode

Heavy Networking 512: Production Ready Automation With Cumulus Networks (Sponsored)
Apr 17 2020 53 mins  
In today’s Heavy Networking episode, we talk network automation. That’s a topic we’ve covered before on Packet Pushers, so what wondrous newness does sponsor Cumulus Networks bring to the table? The idea is a system that’s ready for you to use. Why? Because a lot of folks are finding that rolling their own artisanal network automation takes considerable time both to create and maintain. And hey…maybe you didn’t plan it the first time like you would if you could it again. You didn’t know what you didn’t know. Cumulus is now offering the first open source, out-of-the-box, robust, end-to-end automated configuration and testing solution using Ansible. Customers no longer have to piece together their network automation from disparate and untested scripts and proof-of-concept playbooks. Cumulus is offering a framework for an elegant push-button solution for those looking for cutting-edge industry automation while reducing operational overhead. – Production Ready Automation, Cumulus Blog, March 4, 2020. Our guests are Pete Lumbis, Director of Technical Marketing and Rama Darbha, Director of Services at Cumulus Networks. What We Discuss * What network automation problems are being addressed by Cumulus with Production Ready Automation? * What is Production Ready Automation (PRA)? Let’s get into the details. * How is PRA maintained? Why should I care? * Why does PRA leverage Ansible and not my personal favorite automation tool I love so very, very much? * If I’m not a Cumulus customer, how can I test PRA? * What’s on the PRA roadmap? Links Are Life Cumulus Production Ready Automation Blog https://cumulusnetworks.com/blog/first-open-source-automation-solution/ Cumulus Networks Production Ready Automation Repo aka “The Golden Turtle” https://gitlab.com/cumulus-consulting/goldenturtle Cumulus In The Cloud Free Demo https://cumulusnetworks.com/citc Pete Lumbis on Twitter @PeteCCDE Rama Darbha on Twitter @Radar_Bot

Day Two Cloud 044: Dev+Ops, Ops+Dev
Apr 15 2020 46 mins  
Derek Campbell joins Day Two Cloud for a discussion about DevOps. Of course, DevOps has been discussed to death across the IT landscape, so we drill into specifics with Derek to get his unique take, which he delivers with a Scottish accent. Even if you can’t make out what he’s saying, you’ve love listening to him. What We Discuss We ask Derek a lot of questions, such as… * What do you think led to the rise of DevOps now, and what shaped the practices and philosophy behind it? * How did you find yourself beginning to adopt Devops principles? Did you gradually adopt them, or were you thrown into a project that required them? * What skills did you find most useful when starting to adopt DevOps practices? What resources did you find helped you ramp up? * We’ve done a few shows around infrastructure as code. Do you feel that ties closely in with DevOps principles? How would you define IaC? * Let’s say I’m sold and I want to go into my boss’ office and ask for some training, resources, or a group to start the DevOps revolution. They are going to want to know the business benefits of working the DevOps way. What do you say to them? We walk away with the idea that DevOps isn’t a single thing. It’s more like Dev+Ops, but also Ops+Dev. Derek’s Transformational Takeaways * Take your time to learn, learn as you go, and never stop. * Read the documentation. * Help others in the community with technology. * Read The Phoenix Project & The Unicorn Project. Sponsor: ITProTV Oh, great people of the cloud, this episode is brought to you by online IT training from sponsor ITPro.TV. And because you, yes you, are so very great, ITPro.TV is offering you a 7-day free trial and 30% savings off of any plan you choose! Visit ITPro.TV/day2cloud and use promo code CLOUD at checkout to exercise your greatness. Links, Cause You Know You Want ‘Em * Derek on Twitter @DevOpsDerek * [email protected] * The Phoenix Project (book) * The Unicorn Project (book)


Network Break 279: Cisco Acquires Fluidmesh; VMware NSX 3.0; MS Events Virtual Until July 2021
Apr 13 2020 48 mins  
Take a Network Break! Grab a virtual donut, sit back and relax, and take a journey with us through Elysian fields of tech news analysis. We’ve got stories today on Cisco, VMware, a new PCAP appliance, and more! Headlines: Cisco has announced it will acquire Fluidmesh, a privately held company that specializes in wireless backhaul for industrial use cases. Cisco did not disclose the acquisition price. VMware has announced version 3.0 of NSX-T, its SDN software platform. The latest version includes NSX Federation, which allows you to create separate NSX domains within a data center, or from a data center to the public cloud. Startup Cato Networks has secured $77 million in a Series D funding round, bringing total investment in the cloud-based SD-WAN/security company to $202 million. It’s been 51 years since the first IETF RFC was published. The RFC describes some general agreements on how hosts and Interface Message Proccessors, which are proto-routers, would communicate. The 25 Gigabit Ethernet Consortium has put out a press release to announce it is rebranding to become the Ethernet Technology Consortium. It also announced an 800GbE spec. LiveAction has released a new packet capture appliance that can capture up to 40Gbps of packets. The appliance is the LiveCapture 3100, a 2RU appliance with options for 64 or 128TB storage capacity and 192 GB of memory. A Russian telecom provider redirected thousands of Internet traffic routes through its systems last week, affecting traffic from giants such as Google, Amazon, and Cloudflare. Following in the footsteps of other tech events, Microsoft has announced that all of its events will be online only until July 2021. Juniper Networks is extending the expiration date of its professional certifications by six months. Any certification that has expired or is set to expire between March 1st and September 30th of 2020 will automatically be extended by 6 months from its expiration date. Sponsor: InterOptic It’s time to take control of your optics purchases with InterOptic. You can purchase the same, if not better-performing optical transceivers, tested and designed by engineers who truly understand the specifications that are critical to your network–and at a fraction of typical OEM costs. Get more information at interoptic.com/packet-pushers. Tech Bytes: Silver Peak Join us after the news to hear how the country’s largest wholesale grocer is improving application performance and getting happier customers with SD-WAN from sponsor Silver Peak. Show Links: Cisco Announces Intent to Acquire Fluidmesh Networks – Cisco Newsroom VMware Surpasses Major Virtual Cloud Network Milestones – VMware Newsfeed Cato Networks Secures $77 Million Investment in Largest Funding Round Yet – Cato Networks RFC 1 – Host Software – IETF 25 Gigabit Ethernet Consortium Rebrands to Ethernet Technology Consortium; Announces 800 Gigabit Ethernet (GbE) Specification – Ethernet Technology Consortium LiveAction Unveils New 40 Gig LiveCapture,


BiB093: Declare A K8s Stack With Spectro Cloud
Apr 09 2020 4 mins  
The following is a transcript of the audio you can hear in the player. Welcome to Briefings in Brief from the Packet Pushers. I am Ethan Banks, and I had a briefing on April 6, 2020 with a startup called Spectro Cloud. Spectro Cloud recently emerged from stealth mode and announced a $7.5 million dollar seed funding round from Sierra Ventures to get them on their way. Who Is Spectro Cloud? In a nutshell, Spectro Cloud is Kubernetes management. But…that’s really oversimplifying it, especially with the hundreds of offerings out there that have something to with Kubernetes management or Kubernetes as a service. If I’m being more precise, Spectro Cloud is about managing an entire infrastructure stack that’s built around Kubernetes. What Does Spectro Cloud Do? With Spectro Cloud, you define a Kubernetes cluster profile. That profile will describe an OS and version, K8s version, storage, networking, and more. Some intelligence will advise you against silly pairings, although ultimately you can do whatever you like. A Spectro Cloud cluster profile acts as a declarative document, describing how the Kubernetes cluster should be configured. How is that profile brought to life? Via Spectro Cloud’s Pallet Orchestrator. The Pallet Orchestrator monitors the cluster, compares it to the intended cluster profile, and makes certain the cluster is operating as the cluster profile declares that it should be. If that operating model sounds familiar, it should, because that’s how Kubernetes itself operates. The K8s scheduler is constantly comparing YAML definition files to the running state of the cluster and making sure actual state reflects intended state. But rather than having to fuss with YAML files, Spectro Cloud gives you a nice UI you can build out your cluster profiles with. Maybe you want several different profiles, depending on the Kubernetes use case. Could be that for dev, you define storage of OpenEBS 1.5, networking with Calico 3.9, K8s 1.18, running on CentOS 7.6. But then for prod, you add monitoring via Prometheus, security with Twistlock, and running on RHEL. You get the idea. You don’t have to manually build out a complex stack. Let Spectro Cloud do it for you. Devs don’t have to think much about it, as operators can stand up a cluster with defined properties quickly. Spectro Cloud is more than just an initial deployment tool, though. You can perform upgrades to production as well. Update your cluster profile, set your maintenance policy to control how the upgrade is to be performed, and off you go. Okay, But Why Spectro Cloud? If you’ve gotten this far, maybe this sounds nice, but you’re wondering…why? With all the KaaS offerings in the world, why Spectro Cloud? I’ll give you two reasons. * You need more control over your K8s environment than a packaged K8s distro allows you to have. With a K8s distro, you get what you get. If that works for you, great, but you can’t color outside the lines. On the other hand, you don’t want to have to roll your own Kubernetes artisanally by hand, because that’s tedious, boring, error-prone, and adds zero business value. Spectro Cloud is taking away the boring stuff while letting you build the sort of cluster you specifically require. * Spectro Cloud has a long-term vision of multicloud and multicluster mesh. I think this is a big deal, as K8s federation is not a solved problem yet. But, it’s a problem that needs solving if Kubernetes becomes the ubiquitous platform all applications run on top of. In other words, Spectro Cloud is just getting started. Their long-term plans are to makes Kubernetes management easy, no matter what scale your cluster environment might grow to. For More Information My thanks to Tenry Fu, Co-founder and CEO,


BIB092 – 6Ghz Wireless Spectrum, Unlicensed Access with US FCC
Apr 08 2020 17 mins  
The US FCC has announced its intention to release the 6Ghz spectrum for unlicensed use in an upcoming vote. This is surprising since its most often sold to the highest bidder for large sums. I spoke with Keith Parsons who is deeply involved in the process and years of experience on the process to find out more. You can find Keith on the Internet: Twitter @keithrparsons Wireless LAN Professionals – https://www.wlanpros.com/homepage/ Transcript This transcript is automagically generated and is about 90% accurate. Not much we can do about that. Greg Ferro: [00:00:05] Welcome to Briefings In Brief an audio digest of it, news and information from the packet pushers, including vendor briefings, industry research and commentary. I’m Greg Ferro, your host from Packet Pushers. It’s the 7th of April, 2020 and here’s what’s happening. I’m speaking with Keith Parsons, a well known wireless expert and well respected throughout the industry for his awareness and knowledge of what’s going on. To talk about the recent announcement by the U S government regulatory body, the FCC, and releasing the six gigahertz spectrum soon to be voted on, but looking pretty certain to go ahead and what it means for us in the wireless industry. Well, thanks very much for joining us, Keith. Why don’t you introduce yourself to our Keith Parsons: [00:00:39] audience. Hi, my name is Keith Parsons on Twitter. I’m Keith R. Parsons. I run a little company called wireless land professionals. We do wifi. So we, we teach probably two, 250 classes a year on how to design efficient wifi as well as we sponsor and host the wireless and professionals conference. So I kind of [00:01:00] live in the wifi world. Greg Ferro: [00:01:01] You have been for a long time and you’re quite well known in the industry generally because you’ve been, so active in the industry over the years so the reason I asked Keith on the show was that the FCC in the USA, they’ve got the, which is the body and the L of the U S government, which handles the allocators and respect of recently, voted to release the six gigahertz spectrum for use by wifi or wireless networking. Now, this is not something that was expected. This was expected to sort of sit in a purgatory for months and months while there was political battles and processes and to become after. Was it surprising to see this announced so fast or am I on the wrong track there? Keith Parsons: [00:01:36] well, first, just, just a little clarification. They didn’t announce it. The vote, the vote isn’t until April 23rd, so the vote hasn’t taken place. This is not an official FCC thing, but the chairman as well as a couple of other people, on both, on Twitter and they, they did do a public release, a press release saying they want. To have it. So they kind of publicly said, we plan on doing this, [00:02:00] but the official votes not for a couple more weeks. And what they’re talking about is opening up a massive amount of frequency, like close to triple what we have today. That’s a huge amount of more frequency. And in wifi, the, the limiting constraint we have is spectrum. And so the spectrum we’ve been bumping up against for a long time is now open. And we’re looking at a huge change in what we can pull off as wifi professionals. Greg Ferro: [00:02:27] but six gigahertz is way up in the spectrum. Today we’re doing wireless in the, the 2.4 gigahertz spectrum is largely well retired by enlarge. The five gigahertz is where most of the , wifi, five wifi, six action is six gigahertz is what going to be part of wifi. Six wifi seven and at six gigahertz. Keith Parsons: [00:02:46] Yeah. No. So what,

Day Two Cloud 043: Git For Ops People
Apr 08 2020 54 mins  
Day Two Cloud dives into Git for operations people. If you’re an ops professional and you’ve heard of Git but are unfamiliar with it, this is your show. Our guest is Damien Garros, Managing Director at Network To Code. Git is a version-control system widely used among developers to track changes in software. As we’ll learn in this episode, it’s also a collaboration platform and is ideal for text-based files (playbooks, YAML, config files, documentation, etc). In this episode, we discuss: * Commercial flavors of Git, including GitHub and GitLab * Using Git for collaboration * Key concepts including forks, changes, and pulls * A prototypical case study/workflow * How to get started * More Key Takeaways: * Git is hard to get started, but definitely worth it. No dumb questions. * Git is for more than code. Anything text. * Imagine Git for databases and other systems with non-text repositories. Text files aren’t the end of this discussion around Git. The future could be very interesting. Packet Pushers Ignition Ignition is a professional development subscription site for networking and IT pros from the Packet Pushers. Ignition brings you instructional courses, videos, whitepapers, and other content to help you learn skills, provide expert analysis of new and emerging technologies, and help make you a smarter, more informed professional. A $99 annual subscription gets you access to everything on Ignition, including courses on Ansible for Networking and Data Center Fabrics; whitepapers on SD-WAN and Intent-Based Networking; a Service Mesh Buyer’s Guide; and more. Show Links: How To Achieve More Through Collaboration – Damien Garros via Slideshare Infrastructure as Code – Damien Garros via Slideshare GitHub.io Learn Git Branching Version Control with Git – NRE Labs Videos on Git for beginners – Git.scm Advanced Git Tutorial – YouTube Damien Garros on Twitter – @damgarros Damien Garros on LinkedIn Network To Code Slack Channel

Network Break 278: Palo Alto Buys SD-WAN Maker CloudGenix; Zoom Gets Called On Security, Privacy Problems
Apr 07 2020 51 mins  
Take a Network Break! Palo Alto Networks plunks down $420 million to buy SD-WAN vendor CloudGenix, Zoom copes with security and privacy problems, and Cisco Webex announces it will automatically adjust or turn off video based on network quality. Cisco has announced the dates for a virtual version of Cisco Live, BlueCat tracks an increase in DNS over HTTPS (DoH), and Google suffered a short outage due to router issues (not capacity problems). Cloudflare rolls out a free DNS filtering service for families, HPE recommends a firmware upgrade to prevent certain families of SSD drives from bricking, and the space networking startup OneWeb prepares a bankruptcy filing. Finally, AWS announces you can take certification exams from home with an online proctor, and PluralSight makes all of its courses available for free for the month of April. Sponsor: ThousandEyes Today’s show is sponsored by ThousandEyes. TE gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: Oracle Stay tuned for a Tech Bytes conversation on SD-WAN with sponsor Oracle. We’ll discuss how Oracle’s SD-WAN enables and supports multi-cloud management, failsafe network automation, more secure connections, and application fluency. Show Links: Palo Alto Networks Announces Intent to Acquire CloudGenix to Extend The Industry’s Most Comprehensive Secure Access Service Edge (SASE) Platform – Palo Alto Networks Network Break 254: Amazon Develops Wireless Gadget Protocol; Mellanox Gear Harmonizes With SONiC – Packet Pushers Zoom iOS app quietly sending data to Facebook, even if you have no account [Update: Fixed] – 9to5Mac What You Should Know About Online Tools During The COVID-19 Crisis – EFF Ex-NSA hacker drops new zero-day doom for Zoom – TechCrunch Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links – Bleeping Computer A Message to Our Users – Zoom Blog Zoom Privacy Policy – Zoom The Facts Around Zoom and Encryption for Meetings/Webinars – Zoom Zoom Sued f...


BiB091: Rancher Open Source K8s Management Releases 2.4
Apr 03 2020 2 mins  
The following is a transcript of the audio you can hear in the podcast player above. Welcome to Briefings In Brief. I had a briefing with Rancher on March 26th, 2020 about their 2.4 release. Who’s Rancher? Rancher is focused on making Kubernetes easier. Kubernetes management. A Kubernetes control-plane, if you will. Rancher is in the same area as IBM Red Hat’s OpenShift and VMware with the Pacific and Tanzu products. Much of what Rancher does is open source, so you can get your feet wet with the Rancher family for free. Rancher has announced version 2.4, which might seem like…meh…no big deal. Companies publish incremental software releases all the time. Well, I think Rancher 2.4 is interesting because it indicates where Kubernetes is heading. That is…Kubernetes everywhere, running production workloads. In your data center. At the edge. In the public cloud. On installations as small as a single node cluster (let’s pretend that’s not an oxymoron) and as large as you can likely imagine. Rancher 2.4 Announcement That’s a lot of Kubernetes clusters to manage, and Rancher is gearing up for this coming reality in 2.4. The platform has been rearchitected to support 2,000 clusters and 100,000 nodes in this release. Which is just the beginning. Support for a million or more clusters is coming. Another key Rancher announcement is zero-downtime maintenance for RKE, the Rancher Kubernetes engine. You pick the number of worker nodes you’d like to upgrade at once, configure your upgrade strategy, and then off you go upgrading your production environment. Rancher has also enhanced cluster security, which they are terming “production grade security”. The new features allow you to ensure that clusters are secured according to industry best practices. How? Using 2.4’s new CIS Scan feature to see how your RKE cluster is doing against over 100 tests from the CIS Benchmark for Kubernetes. And the final announcement from the Rancher folks is Hosted Rancher. You know…if you don’t want to manage Rancher server yourself, they’ll do it for you. You get a hosted Rancher Server management control plane, and it’s a full-featured Rancher server with a 99.9% SLA for the hosted service itself. I mean, not 99.9% SLA for your application, because hey, that’s still your problem. Remember what I said about Rancher as a company. A lot of what they are offering is open source, but they offer what they call “enterprise grade support”–the same model a lot of companies based on open source follow. For More Information To learn more about Rancher, visit rancher.com, and if you ring them up, tell them you heard about them on the Packet Pushers podcast network. And that was Briefings in Brief, helping you keep up with the vendor announcements we find most interesting.


Tech Bytes: Using HashiCorp’s Terraform Cloud For Collaboration And Governance (Sponsored)
Apr 01 2020 15 mins  
Terraform Cloud, from HashiCorp, is a SaaS-based service that provides governance, auditing, and collaboration for your infrastructure-as-code initiatives. While there are a host of open source tools for infrastructure as code, you can run into problem of configuration conflicts, delivery of changes to production, and security and auditing of who made infrastructure changes. Terraform Cloud creates a collaboration environment that includes CI frameworks, management of infrastructure state or inventory, change audits, and identity and access management. Our guest to walk us through Terraform Cloud is Rosemary Wang, Developer Advocate at HashiCorp. We discuss: * What infrastructure as code means * How to use Terraform for infrastructure automation * Using Terraform Cloud for collaboration, state management, auditing, and other capabilities * More Takeaways: * Scaling and collaborating infrastructure as code practices means building frameworks to support continued development. * These include configuration and include deployment through pipelines, ability to produce, consume, and deploy modules of configuration, and governance through access control and policy as code. * By using Terraform for infrastructure as code configuration and Terraform Cloud for collaboration and governance, you can experiment and practice these patterns for any other infrastructure automation. Show Links: Sign up for Terraform Cloud. Free tier includes state management, remote execution, and private module registry. Team and governance features available for a 30-day free trial. HashiCorp Learn lab environment – HashiCorp Terraform and Terraform Cloud – Terraform.io Rosemary Wang on Twitter @joatmon08) Rosemary Wang on LinkedIn





Network Break 277: Juniper’s Mist Systems Announces Premium Analytics; Cato Launches Clientless Remote Access
Mar 30 2020 52 mins  
Take a Network Break! Juniper Networks rolls out a premium version of its analytics platform for network engineers and lines of business, Cato Networks launches a clientless VPN, and SpaceX gets an FCC license for one million land-based terminals for its satellite broadband network. Equinix and Digtial Realty announce physical access restrictions to co-location sites, Azure customers report performance issues in the United Kingdom, and Facebook struggles under massive increases in messaging traffic. YouTube and Amazon agree to voluntarily step down from high definition to standard definition video streams in Europe, O’Reilly shutters its conference business and Gartner delays live events through August, and travel restrictions hamper the re-signing of DNS root servers. Get links to all these stories below. Sponsor: Itential Itential is intelligent automation for multi-domain and multi-vendor networks. Find out more on the Packet Pushers’ Heavy Networking episode 503 and at itential.com/packetpushers/. Tech Bytes: Viavi Solutions Stay tuned after the news for a conversation with Viavi Solutions. Viavi makes network performance monitoring gear including packet and flow capture and synthetic testing. We talk about the 4 phases of scaling your remote workforce. Find out more at viavisolutions.com/packetpushers. Show Links: Juniper Networks Introduces Mist Premium Analytics Service to Provide Actionable Business Insights Across Network, Security and Location Domains – Juniper Networks Mist Systems’ Premium Analytics Combines Network Visibility And Business Insights – Packet Pushers Cato Networks Rolls Out Clientless Remote Access – Packet Pushers Cato Launches Instant Access: The First SASE-Based Clientless Access Service to Enable Enterprises to Support Work-From-Home at Scale – Cato Networks SpaceX gets FCC license for 1 million satellite-broadband user terminals – Ars Technica FCC Radio Station Authorization – FCC (PDF) Equinix COVID-19 – Equinix COVID-19: Protecting our Critical IBX Data Center Infrastructure – Equinix Coronavirus Statement – Digital Realty ‘Azure appears to be full’: UK punters complain of capacit...


BiB090 – Deploying a 10000 user VPN in a Month
Mar 26 2020 21 mins  
Robin Gilijamse deployed a 10000 user remote working VPN in about 4 weeks. We briefly discuss the design and some lessions learned from the project.   Transcript The following transcript is software (“AI”) generated and is only 80-90% accurate. You are warned. [00:00:00] Greg Ferro: [00:00:05] welcome to briefings in brief, a digest using information from the packet pushers, typically covering information, vendor briefings, industry research and commentary. But today I was recently observing a conversation. In the packet pushers select channel, and Robin popped up to say he had deployed a VPN solution for thousands of people using, AWS as a base layer for that. And I asked Robin if he would be able to come on and just sort of give us a hint. We can’t talk about a lot of the details, but just give us a hint on how he went about it, because that’s something that might be worth hearing if you are in the same situation with the pandemic thing that’s going on around us. So Robin, welcome very much. Well do the packet pushes. And thanks so much for giving us your time. Tell who you are and what you want to say, what you can say in Robin Gilijamse: [00:00:46] public. hi. Thank you for having me. I’m hoping to Williamson, I’m a Dutch network architects and I’m working, for a customer that’s a M. Fairly large globally, operating company [00:01:00] into high tech manufacturing, Greg Ferro: [00:01:01] this customer, I imagine, didn’t really have a system in place for remote working. You know, everybody’s gone home for coven, You know, with the context of the discussion was how are we handling scaling up large-scale VPNs? And you said you worked with a client to actually put a VPN Terminator in AWS, and you’ve scaled it up to several thousand clients. Robin Gilijamse: [00:01:20] that’s true. We did have a remote work solution in place. But it’s well scaled for, well, a couple of hundred users, 250, simultaneously, 200, pretty traditional, in hardware, in four regional data centers worldwide. U S East, West, Europa, ACR, and all of those connected, true MPLS. and at the NPN, wide area network. Greg Ferro: [00:01:44] traditional sort of thing fit, you know, 50 simultaneous users working from home or you know, people traveling, connecting to head office where the VPN concentrators in the data center, I guess. And then, internet through the firewalls and away you go. And now you’ve done something with AWS. So those [00:02:00] on-premise stuff, you know, but I guessing by the time you bought new hardware, it’d be weeks or something like that. So you needed something you do in days. Robin Gilijamse: [00:02:08] yeah, yes, exactly. It was about a couple of weeks ago, management came to us, just, fishing for a solution. We might be considering suspending all travel and having people work from home. Would that be possible with the current setup? No. what would it cost to scale it up? And we did a, a quick sketch. We had to scale up lines in all data centers, order hardware, ship hardware, because we had to replace not only the VPN concentrators, but also the routers and firewalls to be able to cope with the traffic. and then we had to, get some way to, to physically replace everything, including in AACR, which was already more or less looked down at the moment. Greg Ferro: [00:02:46] it becomes clear pretty quickly that it doesn’t, it’s not gonna work. You’re not going to get access to the data centers. You’re not even going to get the gear shipped in, in time no matter how many arms you twisted or how much money you promised. you ended up choosing AWS as a, as a [00:03:00] cloud service. Now, did you use the AWS VPN service or are you doing it some other way?



Network Break 276: Cisco Extends Certification Renewals; EU Asks Streaming Services To Reduce Bandwidth
Mar 23 2020 43 mins  
Take a Network Break. We check in on the health of the global Internet as more and workers go remote, a mobile networking successfully tests sending text messages via satellite using a standard mobile phone, and the EU asks streaming services including Netflix and YouTube to throttle back to standard definition to preserve bandwidth. Cisco extends the deadline for the renewal of professional certifications to accommodate travel restrictions, Cisco issues patches for SD-WAN vulnerabilities, the Electronic Frontier Foundation warns of the potential for government-mandated encryption back doors in new legislation that aims to thwart crimes against children, and the economic downturn hits debt-heavy tech companies. Get links to all these stories below. Sponsor: Cumulus Networks Today’s episode is sponsored by Cumulus Networks. When customers want to build a private cloud environment that is open, modern, and simpler to manage, they choose Cumulus Linux. To learn more about open networking, head to https://cumulusnetworks.com/open Tech Bytes: AppNeta Join us after the news to for a sponsored Tech Bytes conversation with AppNeta on getting better visibility into the end user experience for remote workers. Show Links: DECIX Traffic AMSIX Stats LINX Stats COVID-19 Vendor Offers Tracking Page – Packet Pushers Lynk claims successful test of satellite-to-cell-phone communications, cites potential public-safety value – Urgent Communications Netflix starts 30-day video data diet at EU’s request to ensure network availability during coronavirus crisis – The Register Netflix to slow Europe transmissions to avoid broadband overload – The Guardian YouTube to reduce streaming quality in Europe due to coronavirus – Reuters We’re extending the expiration date for all active certifications – Cisco Systems About online exams – Microsoft Cisco Security Advisories – Cisco Systems The Graham-Blumenthal ...




BiB089 Why Coronavirus Pandemic Could Ignite Cloud Repatriation
Mar 17 2020 13 mins  
I had a quick chat with Mike Dvorkin after we had a twitter interaction about whether the Coronavirus could impact the much touted public cloud transition. I’m not sure we solved the problem but maybe the discussion can provoke some thoughts. Transcription Trial We are trialing an automated transcription service and here is the details. [00:00:00] Greg Ferro: this is Greg Ferro and I’m here with Mike Dvorkin, the @dvorkinista on Twitter. How are you buddy? Mike Dvorkin: Hey man, Greg Ferro: we don’t talk often enough anymore, but you send out a tweet today, which really caught my attention where you actually said, I made a comment and said something along the lines of. should we defy, discuss the impact of covert like that? You know, the coronavirus thing, and then you popped up and said, I think the coven 19 pandemic will trigger the drive for decentralization and will accelerate cloud repatriation. And a whole bunch of the clan rati have gone to apoplectic in mindful to at a timeline going like, this is the true believers. That’s not the narrative, you know, whatever. So tell me, look, how do you come to that logic? Mike Dvorkin: Well to me, it’s sort of like, you know, if you look at the world in general and you look at like how like established supply chain management things are like basically crumbling though. Yeah. everything is very fragile because we sort of like centralize things where example, our manufacturer who are like over-reliant China, for example, like there’s, there’s a [00:01:00] huge shortage issue of drugs now in this country because we imported from China and now China like needs to use them for the domestic market and their production capacities now, and then they cannot provide that to this country. And now we’re in the crisis. So if you start looking at public cloud. It’s basically, kind of like China, right? Where like outsource our data centers and then all of these sort of compute capacity, do them and would pay money to like give it back to us and it’s really sounds wonderful, but like, you know what’s going to happen, look one day. There’s gotta be fanatic and , you know, he mentioned what happens with , let’s say an availability zone disappears because it’s on the area affected by polygenic and everyone’s sick Greg Ferro: so if you have a serious pandemic right close to the area, North Virginia where all the data centers are, you’re going to lose 40% of the cloud capacity in the world when there’s nobody there. Mike Dvorkin: the economy collapse, Greg Ferro: right? Being bad Mike Dvorkin: is going to be devastating. Greg Ferro: Okay. So do you think that people are literally going to evaluate their supply chains and then go this over dependent on the cloud as a weakness? [00:02:00] Mike Dvorkin: I think it needs to be considered what everybody’s going to do. No financials, I guess it makes us, for them to work, actually understand that as one of the risk factors. Greg Ferro: There are some very large banks that have made decisions to be completely out of the cloud. Now their reasons are in two parts. one is the dependency issue. They don’t want to be dependent on a third party supplier because they don’t think it meets their obligations. Now I know that some banks believe differently and that’s okay. A diversity of opinion is fine. And another reason is that they say, if I move into the cloud, every time I make more money, I have to pay more money. I don’t make, I don’t increase my profit margin from Mike Dvorkin: the cost is a very big deal. . I mean, the cloud. And like it’s certain scale. It’s sort of like, Oh my God, it’s so easy. It’s like so easy to consume. So two problems with it.…

Network Break 275: Aruba Bridges 5G And Wi-Fi; VMware Embraces K8s With Tanzu, vSphere 7
Mar 17 2020 65 mins  
Take a Network Break! We start today’s show with a conversation on the impacts of coronavirus on IT, and then jump into tech news. We’re joined by Ned Bellavance, co-host of the Day Two Cloud podcast. On the virus front we discuss COVID-19’s effects on: * Conferences and events * Internet loads * VPNs, remote access, and WFH * Mental and social health * Potential financial impacts If you want to skip the virus talk, our news analysis starts at 27:17. We discuss Aruba’s new Air Pass and Air Slice announcements, VMware’s rollout of Tanzu for Kubernetes and vSphere 7, and WatchGuard’s acquisition of Panda Security. Arista announces 400G optics for data center interconnect, Microsoft releases a patch for a vulnerability in SMBv3, and ISPs react to the virus outbreak by lifting caps, and by cutting prices on broadband services for low-income customers. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: Aviatrix Sponsor Aviatrix discusses how to get operational control over and visibility into your public cloud networks. Our guest is Rod Stuhlmuller, VP of Product Marketing at Aviatrix. Show Links: Ned Bellavance on Twitter Ned In The Cloud Aruba Enables Global Telcos to Seamlessly Extend 5G Cellular Footprint into Enterprises with Passpoint-based Wi-Fi Service – Aruba Networks Aruba Bridges 5G And Wi-Fi 6 With New Air Pass Feature – Packet Pushers VMware Announces Expanded Portfolio of Products and Services to Help Customers Modernize Applications and Infrastructure – VMware VMware Rejuvenates Once AGain With Kubernetes Injection – The Next Platform WatchGuard Technologies to Acquire Panda Security, Extending Simplified Security from Network to Endpoint – WatchGuard Arista Networks Announces Optical Line System for 400G – Arista CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability – Microsoft

Tech Bytes: Aviatrix Tackles Multi-Cloud Networking (Sponsored)
Mar 16 2020 13 mins  
Welcome to Tech Bytes, a quick dose of conversation about what’s new and compelling in networking. Today’s sponsor is Aviatrix and we’re going to talk about multi-cloud networking, including how to get operational visibility and control across your public clouds. Our guest is Rod Stuhlmuller, VP of Product Marketing at Aviatrix. We discuss: * Key elements including the controller, data plane, and APIs * Getting operational control and visibility across public clouds * Creating repeatable designs * How Aviatrix leverages native cloud networking constructs * More Show Links: Aviatrix Aviatrix Altitude 2020 Webinar Aviatrix documentation Aviatrix events Transcript: Editor’s note: We’re experimenting with a new transcription program to see if it’s feasible to provide podcast transcripts. Here’s the lightly-edited output from this Tech Byte. [00:00:00] Drew Conry-Murray: [00:00:00] Welcome to tech bites, a quick dose of conversation about what’s new and compelling and networking. Today’s sponsor is Ava , and we’re going to talk about multi-cloud networking, including how to get operational visibility and control across your public clouds. Our guest is Rod Stuhlmuller. He is VP of product marketing at Aviatrix. [00:00:16] Rod, welcome to the podcast and can you give us some brief context and overview of what Aviatrix does. [00:00:22] Rod Stuhlmuller: [00:00:22] Well, Aviatrix specializes in multicloud networking. We have a software platform that runs in the cloud and gives you the ability to actually control the native constructs in the cloud, but also adds additional functionality, features, advanced capabilities that go across multiple clouds, regardless of the underlying constructs. [00:00:43] Greg Ferro: [00:00:43] Now, this is really interesting to me, rod, because one of the things that we’re being talking about offline when I talk to clients these days is they’re saying that we now have a problem where we’re in Azure and Google and Alibaba, you know, and stitching them all together is hard. The two things that I took away from this, as you’ve got the [00:01:00] controller, you’ve got the SDN platform, which does the orchestration, but your data plane is using those native constructs, which is interesting.[00:01:06] Now, we’re gonna talk about that later on, but I did just want to highlight it, um, before we get started that you’re doing it using the native . [00:01:13] Rod Stuhlmuller: [00:01:13] Yeah. It’s a combination of the native constructs and advanced features that we add to it because the native constructs don’t always provide all of the capabilities that the enterprises want. [00:01:24] They had, they’re used to what they do on prem, and now they want that same kind of visibility and control that they’ve had on prem. They want it in the cloud. It’s just not there. [00:01:35] Drew Conry-Murray: [00:01:35] So we just actually recorded a heavy networking session with a couple of years solution architects. So that show will be coming out soon. [00:01:41] There’s lots of good crunchy technical detail in there. Let’s go a little bit higher level for this episode. What’s the core value proposition for customers? [00:01:50] Rod Stuhlmuller: [00:01:50] Well, you know, customers really like talking with us because we bring them in architecture and we ...

Heavy Networking 506: Where Is The Industry Headed With Intent-Based Networking?
Mar 13 2020 65 mins  
Where is the networking industry with Intent-Based Networking (IBN)? On today’s Heavy Networking show we talk about efforts to come to some agreement on just what constitutes IBN. We also look at an IETF draft that examines concepts and definitions of IBN. Our guests for today’s conversations are Jeff Tantsura, head of networking strategy at Apstra and chair of both the Routing Area and RIFT working groups at the IETF; and Phil Gervasi, a solutions architect for a national VAR. We discuss: * The problems we’re trying to solve with IBN * IBN from the perspective of the IETF * How to express business logic as intent, and the data models that will translate that intent into configurations * The role of graph databases * Why IBN focuses on the data center * Whether IBN has size limitations in the DC * More Sponsor: Cumulus Networks When customers want to build a private cloud environment that is open, modern, and simpler to manage, they choose Cumulus Linux. To learn more about open networking, head to https://cumulusnetworks.com/ Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Intent-Based Networing – Concepts and Definitions – IETF Jeff Tantsura’s IETF profile – IETF An Introduction To Intent-Based Networking (Whitepaper) -Packet Pushers Ignition Intent-Based Networking Part 2: A Deep Dive Into Network Abstraction And Continuous Validation (Whitepaper) – Packet Pushers Ignition Phil Gervasi on Twitter NetworkPhil.com




Network Break 274: Let’s Encrypt Revokes Millions Of Certificates; Microsoft Pitches SMB Over QUIC
Mar 09 2020 54 mins  
Take a Network Break! Let’s Encrypt revokes millions of digital certificates due to a bug that failed to validate domain ownership, Microsoft floats the idea of running SMB over QUIC, and Cisco and Google extend free trials of conferencing tools in the face of COVID-19. Microsoft will pay hourly campus workers their full salary during work slowdowns, the county of Santa Clara asks big tech companies to postpone or cancel public events and cancel public travel*, and Verizon gets 800Gbps on a single wavelength on a fiber optic network. Mellanox acquires Titan IC, a privately held company that makes acceleration hardware; Chinese holding company Geely plans to launch its own satellite network for self-driving cars, Cumulus announces an Ansible-based automated configuration and deployment tool, and HPE announces its Q1 2020 financial results. Get links to all these stories below. *At the time of recording, the SXSW festival was still scheduled to take place. It has since been canceled. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: ThousandEyes Stay tuned after the news for a sponsored Tech Bytes conversation with ThousandEyes about getting performance visibility all the way to user devices with its end point agent, which measures device performance with real-time application session data or synthetic transactions. Get a 90-day free trial of end user monitoring at thousandeyes.com/remote. Show Links: Let’s Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug – Hacker News Revoking certain certificates on March 4 – Let’s Encrypt 2020.02.29 CAA Rechecking Bug – Incidents – Let’s Encrypt Community Support Check whether a host’s certificate needs replacement – Let’s Encrypt SMB over QUIC: Files Without the VPN – Microsoft Helping businesses and schools stay connected in response to Coronavirus – Google Supporting customers during this unprecedented time – Cisco Webex As we work to protect public health, we also need to protect the income of hourly workers who support our campus – Microsoft Atmosphere – Aruba Network...



Network Break 273: Fortinet Pits Deep Learning Appliance Against Malware; Nokia ‘Reviews Options’ As Earnings Struggle
Mar 02 2020 46 mins  
Take a Network Break! Fortinet announces a new appliance that uses deep learning to spot malware on premises, VMware bundles a software security suite and announces a new beta security feature in its Secure State software, and Nokia looks to buy time while it gets its 5G house in order. Let’s Encrypt reaches a one-billion milestone of certificates issued, VMware tops $10 billion in revenue for the first time, and Nutanix announces Q2 2020 financial results. Cisco announces a new rounds of layoffs, and Palo Alto pledges $1 billion to buy back shares after a quarter that saw $73.7 million in net losses. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: Codilime After the news we talk to sponsor Codilime, which provides network engineering services. We’re going to discuss software-defined networking, and whether SDN a total revolution, or just an evolution of the networks you know and love. Would you like to discuss where you’re heading with your network? We offer a free-of-charge consultation to assess the need and feasibility of: * your network’s reliability and robustness, * reducing your network-associated costs, * improving the overall effectiveness of your network (both traditional and SDN-based). This engagement will be short and focused on quick wins in the initial phase. codilime.com/packetpushers Show Links: Fortinet Introduces Self-Learning Artificial Intelligence Appliance for Sub-Second Threat Detection – Fortinet VMware Makes Comprehensive Workload and Network Security More Economical and Easier to Operate Inside Data Centers and Clouds – VMware Winning The Cloud Security Race: Remediate Misconfigurations At Scale With VMware Secure State – VMware Nokia Said to Weigh Strategic Options as Profit Pressure Mounts – Bloomberg Really? Is the White House Proposing to Buy Ericsson or Nokia? – NY Times Let’s Encrypt Has Issued a Billion Certificates – Let’s Encrypt VMware Reports Fourth Quarter and Fiscal Year 20202 Results – VMware

Heavy Networking 504: The State Of Optical Networking In 2020
Mar 02 2020 62 mins  
If you’re new to DWDM and optical networking, this Heavy Networking episode aims to peel back some of the layers of these technologies to help you understand how they work, and whether you have business applications that could use DWDM. My guest is Chris Tracy, a network and systems engineer at ESnet. ESnet, or the Energy Sciences Network, provides networking services for the U.S. Energy Department research labs. We discuss: * Designing a DWDM network * Differences between CWDM and DWDM * The importance of optical cabling performance * Varities of optical networking equipment * Operational challenges * Using DWDM for data center interconnects * More Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Sponsor: WAN Summit Networking professionals are gathering at the WAN Summit in New York City onn March 9th and 10th. Find out how your peers are selecting and deploying SD-WAN. Enterprise registrants get a special rate of only $99 to attend, and Network Break listeners can get an extra 20% off with the code PACKETPUSHERS when they register for New York. Find all the details at WANSummit.com. Show Links: Chris Tracy





Network Break 272: Dell Technologies Sells RSA; Nubeva Cracks TLS 1.3 With Out-Of-Band Decryption
Feb 24 2020 61 mins  
Take a Network Break! Dell Technologies sells RSA for just over $2 billion, sponsors pull out of RSA Conference over coronavirus worries, and ExtraHop adds IoT to its network analysis platform. Nubeva updates an out-of-band decryption solution for TLS 1.3, Spirent adds news features to its CyberFlood Data Breach Assessment product, and Huawei takes its HiCampus solution global. Apple’s Safari browser will reject long-lived certificates, Arista announces its Q4 and full-year financials, and Cradlepoint rolls out a 5G portfolio for the wireless edge. Digi International acquires Opengear, Juniper updates its blog to be more findable, and politics weighs its thumb on tech decisions. Get links to all these stories below. Sponsor: Cumulus Networks Today’s virtual donuts are sponsored in part by Cumulus Networks. When customers want to build a private cloud environment that is open, modern, and simpler to manage, they choose Cumulus Linux. To learn more about open networking, head to https://cumulusnetworks.com/open Sponsor: WAN Summit Networking professionals are gathering at the WAN Summit in New York City onn March 9th and 10th. Find out how your peers are selecting and deploying SD-WAN. Enterprise registrants get a special rate of only $99 to attend, and Network Break listeners can get an extra 20% off with the code PACKETPUSHERS when they register for New York. Find all the details at WANSummit.com. Tech Bytes: Riverbed Visibility is a critical element of security. In this sponsored Tech Bytes conversation with Riverbed, we talk about why visibility is essential to network security, and how Riverbed brings together packets, flows, and logs for a comprehensive infosec view. Show Links: FU: Last week I talked about a new cloud service from Tufin called SecureCloud that can run policy and security checks against cloud services and configurations. I mispoke last week saying that the service didn’t yet integrate with CI/CD pipelines. In fact, you can integrate SecureCloud with your developers’ tools and processes, so that you can make policy and security checks part of the development pipeline. News: Symphony Technology Group Enters Definitive Agreement with Dell Technologies to Acquire RSA – Dell Technologies Dell Sells RSA and Dissolves the Federation – Architecting IT Novel Coronavirus Update – RSA Conference ExtraHop Breaks Down IoT Security Barriers with Device Behavior Profiling and Advanced Threat Detection – ExtraHop Nubeva Announces TLS 1.3 Decryption Capability for Containers and Kubernetes – Nubeva How To Maintain Visi...


Day Two Cloud 036: The Container Contrarian
Feb 19 2020 57 mins  
Here’s something you don’t hear every day: containers are a fad. They aren’t all that. Or maybe containers are the wrong answer depending on the problem you’re trying to solve. Maybe containers won’t even make it to the end of the hype cycle. Who thinks like that? Who dares challenge the clouderati? The kuberati? We must find this heretic and shun the non-believer! Shun!! The thing is, you have to figure out what you’re trying to do, understand your resource constraints, and decide what’s best for you, and not what’s popular with the Googles of the world. Our Day Two Cloud guest is Dave Tucker. A co-founder of SocketPlane, which was acquired by Docker, Dave has many years of experience with containers, networking, and cloud architecture. We discuss: * Why you’d use containers * Reasons not to use containers * Golden images and whether they’re overrated * The relationship between containers and Kubernetes * Understanding the problems containers fix, and the new ones they create * Whether we’ll see a combination of virtual machines and containers that will solve all the things * More Sponsor: Illumio Illumio is a leader in security segmentation. Prevent the spread of breaches and meet regulatory compliance requirements inside your data center and in your cloud environments. Find out more at www.illumio.com. Show Notes: Dave Tucker on Twitter dtucker.co.uk – Dave’s blog Dave Tucker on GitHub Dave Tucker on LinkedIn LinuxKit – GitHub

Network Break 271: Global Espionage Agita Kicks Up A Notch; Forescout Gets Bought For $1.9 Billion
Feb 18 2020 63 mins  
Take a Network Break! Guest analysts Keith Townsend and Ned Bellavance stop by to give Greg a chance to sun himself on a tropical island and re-charge the snark batteries. We discuss a trio of international espionage/security stories including charges by the US government that hackers working for China’s People’s Liberation Army were responsible for the Equifax breach, accusations of back doors in Huawei equipment, and reports that the United States bought and ran a Swiss cryptography company to spy on allies and adversaries. VMware adjusts licensing to a per-CPU pricing, Tufin launches a cloud security policy service, and Arista officially announces its Big Switch acquisition. A private equity firm drops nearly $2 billion for NAC vendor Forescout, Microsoft backpedals on forced Bing adoption, and the FTC takes a hard look at big tech. Get links to all these stories below. Sponsor: Illumio Illumio is a leader in security segmentation. Prevent the spread of breaches and meet regulatory compliance requirements inside your data center and in your cloud environments. Find out more at www.illumio.com. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: Silver Peak Today’s Tech Bytes podcast explores how J-U-B Engineers, Inc., built a better end user experience using SD-WAN from Silver Peak. We look at benefits and outcomes, including improved storage and file share and a stronger security posture. Show Links: The CTO Advisor – Keith Townsend’s Website Keith Townsend on Twitter Ned In The Cloud – Ned Bellavance’s Website Ned Bellavance on Twitter Day Two Cloud Podcast – Packet Pushers US charges 4 members of Chinese military with Equifax hack – CNN Criminal Indictment (PDF) U.S. Officials Say Huawei Can Covertly Access Telecom Networks – Wall Street Journal US finds Huawei has backdoor access to mobile networks globally, report says – CNET Media Statement Regarding WSJ “Backdoor” Story – Huawei U.S.



Heavy Networking 502: Get Off My VLAN! Old Network Engineers On What New Engineers Should Know
Feb 14 2020 57 mins  
I see abstractions. I see automation. I see orchestration. I see people who think that because they can use a fancy management tool, they are an infrastructure expert. For networking, this drives me a little nuts. Technology fundamentals are the foundation of network engineering. By contrast, Ansible and Terraform are tools that help you build a network, but in no way replace those fundamentals. Sometimes I worry that tooling is replacing actual knowledge of how a network works. Abstractions–management layers, web UIs, magical scripts–may be replacing deep knowledge. Welcome to Heavy Networking, grumpy old network engineer edition. I’ve gathered a couple of other grumpy folks to chat about what young networkers should know but don’t. Our guests are Chris Young and Ivan Pepelnjak. We discuss: * The problems that come with a lack of understanding core concepts * What newer engineers do know * Just how deep core knowledge needs to go * Does Spanning Tree matter? * Are network engineers expected to be too multi-disciplinary? * More Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Sponsor: VIAVI Solutions VIAVI Solutions is a network performance management leader enabling IT teams to understand user experience with a patent-pending End-User Experience score. VIAVI delivers outcomes, not just more data. Learn more at viavisolutions.com/packetpushers. Show Links: Chris Young on Twitter Kontrolissues – Chris Young’s site IP Space – Ivan Pelpeljak’s site Ivan Pepelnjak on Twitter





Network Break 270: Google Reports Cloud Revenues; HPE Acquires Cloud Security Startup Scytale
Feb 10 2020 51 mins  
Take a Network Break! Google breaks out its cloud revenues for the first time, Cisco releases a bundle of patches for serious vulnerabilities in its Cisco Discovery Protocol, and HPE acquires the cloud security startup Scytale. Microsoft endures an embarrassing Teams outage due to a certificate that wasn’t renewed, the Trump administration flirts with the notion of an all-American 5G (with maybe a little Ericsson and Nokia), and Huawei sues Verizon for alleged patent infringement. Google announces version 2 of its Enterprise Edition of Google Glass and Twitter gets hit by attackers looking to match users with their phone numbers. Sponsor: WAN Summit Networking professionals are gathering at the WAN Summit in New York, March 9-10. Join your network peers to understand how others are tackling the same challenges as you. Enterprise registrants get a special rate of only $99 to attend. Plus, you get an extra 20% off with the code PACKETPUSHERS when you register for New York. Get details at WANSummit.com. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: Riverbed Stay tuned after the news for a sponsored Tech Bytes conversation with Riverbed, where we talk about how to accelerate the performance of your SaaS applications. Show Links: Google just reported cloud revenue for the first time ever, showing that it’s growing fast but nowhere close to Amazon Web Services – Business Insider Alphabet earnings show Google Cloud on $10B run rate – TechCrunch Cisco Patches Critical CDP Flaws Affecting Millions of Devices – Bleeping Computer Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution – CERT CDPwn – Armis HPE acquires cloud native security startup Scytale – TechCrunch HPE acquires Scytale to advance open, secure, edge to cloud strategy – HPE Microsoft Teams goes down after Microsoft forgot to renew a certificate – The Verge U.S. Pushing Effort to Develop 5G Alternative to Huawei ...





Network Break 269: Apstra Enhances Intent-Based Data Center Capabilities; Cisco Brings Kubernetes To Hyperflex HCI
Feb 03 2020 56 mins  
Take a Network Break! Apstra debuts version 3.2 of its intent-based AOS software with new features including data center rollback, Cisco brings Kubernetes to its Hyperflex HCI platform and rolls out new integrations for application and infrastructure teams, and VMware’s layoffs get social media attention. The United Kingdom sets its rules for a limited amount of Huawei gear in its telecom networks, Ubiquiti Networks gets on our radar, and F5 uses its Q1 financial statement to let the market know that software will become a bigger part of its revenue mix. Juniper and Extreme both announce quarterly results, and IBM gets a new CEO. Get links to all these stories below. Sponsor: VIAVI Solutions VIAVI Solutions is a network performance management leader enabling IT teams to understand user experience with a patent-pending End-User Experience score. VIAVI delivers outcomes, not just more data. Learn more at viavisolutions.com/packetpushers. Sponsor: Illumio Illumio is a leader in security segmentation. Prevent the spread of breaches and meet regulatory compliance requirements inside your data center and in your cloud environments. Find out more at www.illumio.com. Tech Bytes: Forward Networks Stay tuned after the news for a Tech Bytes conversation with sponsor Foward Networks about their Network Query Engine. Forward creates a data model of your network that you can query to verify intent, speed troubleshooting, and check configuration changes. Show Links: Apstra AOS 3.2 Redefines Network Recovery with First and Only Vendor-Agnostic Intent Time Voyager Capability – Apstra Cisco Webex Room USB for Wireless Sharing and Video Meetings – Cisco Cisco Accelerates Applications in a Hybrid Multicloud World – Cisco Introducing the HyperFlex Application Platform – Cisco Systems Cisco ushers in a bright new age of bridges – The Network VMware? VM… now where? It’s that time of the year again when Dell’s virtualization software giant sheds staff – The Register Surviving A Reduction In Force – Packet Pushers Human Infrastructure Newsletter Tough UK Limits on Huawei’s Role in 5G Threaten Telco Plans – Light Reading BT will hope to turn Huawei pain into gain by calling in favours – The Guardian


Heavy Networking 500: The State Of SD-WAN In 2020 And Future Forecasts
Jan 31 2020 70 mins  
On today’s Heavy Networking episode we’re examining the state of SD-WAN. The technology is already being widely adopted to help companies cut WAN costs by trading MPLS for business broadband, and providing better visibility into and policy control over applications and performance in branch and remote offices. Where will SD-WAN go in the coming years? Will it swallow up branch security? How about end point and mobile device management? Could it extend its reach from the branch to become the way you manage your campus network? We’ll discuss all these questions and more. We cover: * The current state of SD-WAN * How SD-WAN affects cloud and security initiatives * The potential evolution of SD-WAN * Identity management and SD-WAN * More Sponsor: Cumulus Networks Cumulus Networks is announcing a brand-new networking certification: the Cumulus Certified Open Networking Professional. Learn Linux networking fundamentals, including essential concepts and commands behind Linux-based open networking, and master the Cumulus Core–everything you need to know to become proficient in Cumulus Linux. Get details at cumulusnetworks.com/cert. Sponsor: WAN Summit Networking professionals are gathering at the WAN Summit in New York, March 9-10. Join your network peers to understand how others are tackling the same challenges as you. Enterprise registrants get a special rate of only $99 to attend. Plus, you get an extra 20% off with the code PACKETPUSHERS when you register for New York. Get details at WANSummit.com. Show Links: A Unified Theory Of SDWAN Futures Part 1 – Greg Ferro via Ignition SDWAN: Get A Managed Service Or Do It Yourself? (Your Incompetence Is My Opportunity) – Greg Ferro via Ignition SD-WAN: Building The Business Case & Understanding Your ROI – Jason Gintert via Ignition SD-WAN Vendor List – Packet Pushers Heavy Networking 490: Lessons Learned From A Large SD-WAN Deployment – Packet Pushers Heavy Networking 483: SD-WAN Incompetence, Myths, And Fallacies – Packet Pushers



Network Break 268: VMware Acquires Nyansa; Microsoft Plans To Hijack O365 Browser Search
Jan 27 2020 53 mins  
Take a Network Break! VMware snaps up visibility and monitoring company Nyansa for an undisclosed amount, Sonos EOLs hardware lines in a manner similar to IT vendors, and US telcos put an expiration date on 3G. A rumor has Arista buying Big Switch but there’s no official confirmation, Microsoft plans to hijack browser search in an upcoming version of Office 365, and Intel and IBM announce Q4 and full year fiscal results. Get links to all these stories after our sponsor messages. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: Riverbed Stay tuned after the news for a Tech Bytes conversation on conquering hybrid network complexity with sponsor Riverbed. We discuss how its SteelConnect EX enables SD-WAN, security, and a full routing stack to smooth your transition from a legacy architecture to a modern hybrid network. Show Links: VMware Announces Intent to Acquire Nyansa – VMware Sonos legacy and modern products – Sonos Starting in May 2020, some of our oldest products will no longer receive software updates or new features. We want to explain why and your options. – Sonos Smart Licensing and Smart Accounts FAQ for Partners, Distributors and Customers – Cisco Killing 3G – POTs and PANs Arista rallies as analysts weigh Big Switch deal reports – Cisco Systems, Inc. (NASDAQ:CSCO) – Seeking Alpha Chrome suddenly using Bing after installing Office 365 Pro Plus… Yeah, that might have been us, mumbles Microsoft – The Register Microsoft to Force Bing Search in Chrome for Office 365 ProPlus Users – Bleeping Computer Intel Reports Fourth Quarter 2019 Financials – Intel IBM 4Q 2019 Earnings Announcement – IBM Did IBM’s Quarter Just Prove their Hybrid Cloud Strategy? – Welcome to CIMI Corporation’s Public Blog




Network Break 267: Equinix Buys Packet For Bare Metal; Google, Verizon Flirt With Privacy
Jan 20 2020 48 mins  
Take a Network Break. Equinix acquires bare metal service provider Packet for an undisclosed amount, Google announces plans to phase out third-party cookies over the next two years, and Verizon releases a privacy-friendly search engine. A Senate proposal would spend $1 billion to drive 5G development in the United States, NetScout loses its long legal battle against Gartner, and we want your follow-up on whether vendor sponsorship of sports means anything to you. Sponsor: ThousandEyes Today’s sponsor is ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: ThousandEyes Stay tuned after the news for a sponsored Tech Bytes conversation with ThousandEyes as we review some of the biggest outages from 2019, what caused them, and why Internet visibility is critical. Show Links: Equinix Acquires Packet for Bare Metal Edge Automation – Light Reading Ping, Power & Processors – Packet Equinix to Acquire Bare Metal Leader Packet – Equinix, Inc. Building a more private web: A path towards making third party cookies obsolete – Chromium Blog Google Chrome towards making third party cookies obsolete – Ethereal Mind Yahoo parent Verizon promises it won’t track you with OneSearch, its new privacy-focused search engine – The Verge Verizon Media launches privacy-focused search engine, OneSearch – Verizon Media Huawei in early talks with U.S. firms to license 5G platform – Huawei executive – Reuters Huawei’s latest US headache: Senate bill would spend US$1 billion on developing a 5G competitor – South China Morning Post Remember when Netscout got so upset at ‘challenger’ label in Gartner Magic Quadrant, it sued? Well, top court just ended all those shenanigans – The Register Cisco Announces Six Professional Golfers As Brand Ambassadors – ...


Heavy Networking 498: Creating A Single Source Of Truth For Network Automation
Jan 17 2020 85 mins  
A major automation challenge is where the information describing your network should live. You might think that your network would be best described by the config files on your switches and routers. Actually, that’s wrong. The configuration on the devices might–or might not–reflect what you intend the network to be. Plus, network device configurations aren’t easy to integrate with the rest of an IT provisioning process. What you require to facilitate network automation is a single source of truth. A source of truth that’s programmatically accessible, reflects intended state, and enables others to stand up infrastructure correctly without you getting in the middle of every provisioning request. Tim Schreyack joins us today to discuss a network automation solution using Ansible and Python, and of course, a single source of truth. Tim is a senior sales engineer at Dell Networking and has a background in network engineering and automation. He’s not here as a Dell spokesperson, and this isn’t a sponsored show. We discuss: * Why repeatability is the goal, and your organization’s size doesn’t matter * The pros and cons of using Ansible and Python as a singe source of truth * Jinja templates * Picking a database, and NetBox pros and cons * Automation differences in greenfields and brownfields * Where to start with automation * More Sponsor: Viavi Solutions VIAVI Solutions is a network performance management leader enabling IT teams to understand user experience so they can solve performance problems fast. Learn more at viavisolutions.com/packetpushers. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Powering Your Automation: A Single Source of Truth – CHINOG – June 27, 2019 – YouTube Powering Your Automation: A Single Source of Truth – NANOG – November 5, 2019 – YouTube Tim Schreyack on LinkedIn Heavy Networking 452: Using NetBox As A Source Of Networking Truth – Packet Pushers


Network Break 266: Accenture Buys Symantec Security Services Biz; Cisco Reorganizes Around Intent-Based Networking
Jan 14 2020 63 mins  
Take a Network Break! HPE strikes a deal with Cumulus Networks to put Cumulus Linux on Ethernet storage switches, the Linux Foundation adopts yet another open-source network OS project, and Accenture acquires Symantec’s security services business from Broadcom. F5 spends $1 billion to acquire fraud detection company Shape Security, a bogus criminal case against NGINX gets dropped in Russia, and ransonware makes Greg change his thinking on whether security actually matters. Cisco re-organizes its enterprise networking businesses around Intent-Based Networking and maps out a vision to integrate the data center, campus, and WAN; Cisco also scolds competitor Poly over a trade secrets lawsuit; and ICANN puts a temporary hold on the sale of the .org domain to a private equity firm. Sponsor: Viavi Solutions VIAVI Solutions is a network performance management leader enabling IT teams to understand user experience so they can solve performance problems fast. Learn more at viavisolutions.com/packetpushers. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: Silver Peak Listen to a sponsored Tech Bytes conversation with global property management company Cushman & Wakefield about how they’re using SD-WAN from Silver Peak to support their cloud-first strategy. Show Links: Cumulus Networks Partners with Hewlett Packard Enterprise to Build Open Storage Networking Platforms for the Modern Data Center – Cumulus Networks Cumulus Gives Its HPE Relationship Another Try – Data Center Knowledge Aruba Debuts New Campus And Data Center Switches, Upgrades Its Network OS – Packet Pushers DENT Launches To Simplify Enterprise Edge Networking Software – Cumulus Networks DENT Accenture to Acquire Symantec’s Cyber Security Services Business from Broadcom – Accenture F5 to Acquire Shape Security, Transforming Application Security – F5 Rambler will drop NGINX criminal case – ZDNet Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless – Threatpost


Heavy Networking 497: Good Reasons To Start Your Tech Blog
Jan 10 2020 62 mins  
If one of your New Year’s resolutions is to blog more, or start a blog, this episode is for you. Technical blogging comes with benefits. For one, writing about a subject helps you understand it better (and also helps you realize the limits of your knowledge). Blogging can raise your profile. When you share information or experiences with a larger audience, you can develop a reputation for expertise. This higher profile may create opportunities to speak at events, get access to conferences or early product releases, and maybe even get a better job. A technical blog can serve as a kind of living resume that potential employers and recruiters can see to get a sense of your capabilities. When you share technical information, troubleshooting tips, study hacks, analysis, and other content, you help other IT pros who may be looking for information. It’s also not uncommon that you’ll help yourself–more than one blogger has run into a problem, hit up Google, and found an old post with a solution. Our guests for today’s show are John Mark Troyer, founder of the Influencer Marketing Council and TechReckoning; and Stephen Foskett, founder of Tech Field Day and GestaltIT. We discuss: * The motivations and purposes for blogging * How to get started * Favorite blogging tools and writing tips * The “small b” approach to blogging (don’t chase metrics, not every post has to be epic, etc.) * Whether to mix personal and professional writing * More Sponsor: Cradlepoint The future of the WAN is wireless, but a wireless connection is only as good as the edge. Cradlepoint unlocks the power of advanced cellular through wireless edge solutions that are delivered the way you consume everything IT: as a service. Reliable. Elastic. Simple to manage from anywhere. Learn more about Cradlepoint’s cloud-managed LTE solutions at cradlepoint.com/packetpushers. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Tech Field Day GestaltIT.com Influencer Marketing Council Techreckoning.com Stephen Foskett on Twitter Jon Mark Troyer on Twitter Arse First Method of Technical Blogging [PDF/iPad/Kindle] – Greg Ferro







Heavy Networking 496: Packet Pushers 2019 Live Audience Q&A
Dec 20 2019 94 mins  
On December 18, 2019, the Packet Pushers hosted a livestream gathering on YouTube where the Packet Pushers and special guests answered audience questions. This podcast episode is the audio capture of that livestream. Our conversation covers: * Cisco’s new ASIC and 8000 router family * Will the multi-cloud ever get a hypervisor, and what role will Kubernetes play? * Cisco’s new certification path and whether certs teach deep knowledge or specialized product operation * Will SDA and ACI merge into a single fabric? * The current state of VNF performance * Zero-trust environments and software-defined perimeters This is our final Heavy Networking show for 2019. Thanks for another year of your attention, support, and conversation. We’ll be back in January 2020 with more nerdy networking and IT shows to keep you company in the car, at the gym, or wherever you listen. Enjoy the holidays and have a Happy New Year! Sponsor: ITProTV Get over in-depth technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up at itpro.tv/packet and save 25%. Use the code PACKET25 when you check out. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Ethan Banks Greg Ferro Tommy McNicholas Ned Bellavance Drew Conry-Murray Russ White Tom Bragg Network Break 265: Cisco Chips At Broadcom With New ASIC; AWS Gives Networking Some Love – Packet Pushers Day Two Cloud 027: Do Enterprises Need Kubernetes? – Packet Pushers The Hedge Episode 5: Geoff Huston on DoH – The Hedge The Hedge Episode 6: Geoff Huston on DoH – The Hedge Packet Pushers Holiday Edition Livestream December 18, 2019 – The Packet Pushers

Day Two Cloud 028: Using Ansible And Cisco NSO To Automate Hybrid And Multi-Cloud (Sponsored)
Dec 18 2019 56 mins  
The network has lagged behind other IT disciplines when it comes to automation. This lag is painfully apparent in the cloud, where resources can be spun up and down with a few clicks, or more likely, a few API calls. But cloud doesn’t make networking go away. In fact, network connectivity, as well as the accompanying policies and controls, are just as critical in the cloud as on premises. On today’s Day Two Cloud podcast, we welcome two guests who are on a mission to get network engineers to delight their application counterparts by making networking something that can be consumed effortlessly, while still enabling the network teams to meet their own demands and requirements. Our guests are Carl Moberg, Senior Director of Product Management at Cisco; and Peter Sprygata, Distinguished Engineer at Ansible by Red Hat. Cisco is our sponsor for this discussion, and Carl and Peter are going to get into details about how Cisco’s Network Services Orchestrator (NSO) integrates with Ansible to help automate hybrid and multi-cloud deployments. We discuss: * Using Ansible and NSO for cloud automation * How these tools work together * Use cases including tying resources from on-prem into public cloud, and linking multiple public clouds * Key takeaways Show Links: Cisco Network Services Orchestrator (NSO) Red Hat Ansible Carl Moberg on Twitter Peter Sprygata on Twitter



Network Break 265: Cisco Chips At Broadcom With New ASIC; AWS Gives Networking Some Love
Dec 16 2019 60 mins  
Take a Network Break! Cisco announced a new multi-platform ASIC and launched the 8000 series router family running the Q100, the first version of Cisco’s new chip. AWS Reinvent dropped a ton of news, including several networking-relevant announcements including the availability of AWS Outposts; a new service targeting edge computing called AWS Wavelength; and new networking features and capabilities for VPNs, network monitoring, and more. Cato Networks adds SIEM capabilities to its secure SD-WAN offering, Silver Peak debuts a new orchestrator to boost scalability of SD-WAN deployments, and NGINX’S Moscow office gets raided by police over a copyright infringement claim. Get links to all these stories after our sponsor messages. Sponsor: Viavi Solutions Our show is sponsored in part by VIAVI Solutions, a network performance management leader enabling IT teams to understand user experience so they can solve performance problems fast. Learn more at viavisolutions.com/packetpushers. Sponsor: ExtraHop Today’s show is also sponsored in part by ExtraHop, the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Tech Bytes: Fortinet Stay tuned after the news analysis for a sponsored Tech Bytes conversation with Fortinet about its SD-WAN solution. We’ll talk about their competitive differentiators such as custom ASICs to boost SD-WAN performance and their ability to inspect TLS 1.3 traffic. Show Links: Quick Take: Cisco Launches New ASIC And Router Series – Packet Pushers Cisco Unveils Plan for Building Internet for the Next Decade of Digital Innovation – Cisco Systems Cisco Virtual Press Room (includes data sheets and videos from the announcement) – Cisco Systems Cisco 8000 Series Routers Data Sheet – Cisco Systems (PDF) Cisco Goes SONiC on New Networking Platforms – Cisco Systems Last Week In AWS – Corey Quinn AWS Wavelength – AWS New for AWS Transit Gateway – Build Global Networks and Centralize Monitoring Using Network Manager – AWS Amazon VPC Ingress Routing Makes it Easy to Insert Virtual Appliances in the Forwarding Path of VPC Traffic – Amazon

Heavy Networking 494: Hybrid Cloud Networking – All The Details
Dec 13 2019 81 mins  
Welcome to Heavy Networking. Joining us is William Collins, lead cloud architect for a large healthcare company, who raised his hand when we asked for folks who wanted to be a guest on the show to volunteer. William volunteered, and we’re going to discuss hybrid cloud networking. Specifically, we’re going to drill into routing complexity. No one operating public cloud networks had “making the network engineer’s life easier” at the top of their list when they came up with things like ExpressRoute and VPCs. William will share his practical and hard-earned experiences connecting applications and services from on premises into the public cloud. We discuss: * A working definition of hybrid cloud * Developing a hybrid cloud strategy * The importance of design and governance * Cloud connectivity pros and cons for VPNs, DirectConnect, ExpressRoute, and Carrier Neutral Facilities (CNFs) * Routing topology scenarios * Why your networking knowledge is relevant–and crucial–when it comes to the cloud * More Sponsor: INE This episode is sponsored in part by INE, the ‘experts at making you an expert’. INE is announcing a new, monthly All Access Pass subscription plan, which provides you with unlimited access to INE’s entire content library of over 14,000 of the best IT and Networking training videos for just $99 a month. Visit INE.com/packetpushers to get started. Sponsor: ExtraHop Today’s show is also sponsored in part by ExtraHop, the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Show Links: William Collins on LinkedIn William Collins on Twitter Heavy Networking 452 – Using Netbox As A Source Of Networking Truth Cloud Certifications AWS Certification Microsoft Azure training Google Cloud certified Cloud Documentation AWS Documentation Microsoft Azure Documentation Google Cloud Documentation


Day Two Cloud 027: Do Enterprises Need Kubernetes?
Dec 12 2019 44 mins  
Kubernetes…you’ve heard the term. You might know loosely what it means, or perhaps you’ve caught wind of some Dev team using it in your organization. Despite all the talk about Kubernetes, actual adoption remains relatively low, particularly in the enterprise. Not everyone is a Netflix or an Uber or a Google. We’re not all trying to solve planet-scale distributed computing platforms, we just want to make sure our website doesn’t go down and that finance can process payroll. As an IT practitioner and curious person, do you actually need to know more about Kubernetes? Does Kubernetes and its ecosystem materially matter to your organization? Is K8s just stepping stone to more advanced technologies, becoming the laser disk of media formats? Those are the questions we are going to try and answer on this episode of Day Two Cloud. Our guests are Keith Townsend, founder and principle at The CTO Advisor; and Justin Warren, a technology analyst and IT consultant at PivotNine. We discuss: * Reasons for the hype around Kubernetes * Whether OpenStack is an apt comparison to Kubernetes * Enterprise adoption of Kubernetes, or the lack thereof * How enterprise vendors are approaching Kubernetes * Key takeaways for listeners Show Links: Justin Warren on Twitter Eigen Magic – Justin Warren’s Blog Keith Townsend on Twitter The CTO Advisor – Keith Townsend’s Blog Day Two Cloud 025: The KubeCon 2019 Wrap-Up – Packet Pushers


Network Break 264: Broadcom’s New Tomahawk 4 Hits 25.6Tbps; Juniper Announces SD-LAN For EX Switches
Dec 09 2019 65 mins  
Take a Network Break! We start with a heap of FU on DNS over HTTPS, IT leadership, and more. On the tech news front, Broadcom ships its fastest-ever ASIC: the Tomahawk 4 reaches 25.6 terabits per second, twice as fast as the previous Tomahawk generation. Juniper Networks announces a new CTO from Google Cloud, and Juniper rolls out cloud control of its EX switches and new CPE gear. Palo Alto Networks reports its Q1 2020 financial results. Sponsor: Pilot Fiber Pilot Fiber is an ISP that actually cares about customers. Pricing is all-inclusive, no contracts, fast setup and installation, local support and construction teams. Friendly neighborhood internet experts. And by the way, Pilot’s looking for technical pros who share their passion for driving an unprecedented end-to-end experience. Find out more at pilotfiber.com/packetpushers. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Tech Bytes: Silver Peak Stick around after the news for a sponsored Tech Bytes conversation with Silver Peak. We’ll talk SD-WAN with customer, the Vitec Group, about their global SD-WAN rollout, how they’re migrating off MPLS, and the changes they’re getting in application performance. Show Notes: FU: Packet Pushers Holiday Edition December 18, 2019 UK ISP group names Mozilla ‘Internet Villain’ for supporting ‘DNS-over-HTTPS’ – ZDNet Why big ISPs aren’t happy about Google’s plans for encrypted DNS – Ars Technica DNS Queries over HTTPS (DoH) Section 9 – IETF DNS Queries over HTTPS (DoH) Section 3 – IETF DNS over HTTPS – Publicly Available Servers – GitHub News: Broadcom Ships Tomahawk 4, Industry’s Highest Bandwidth Ethernet Switch Chip at 25.6 Terabits per Second – Broadcom Juniper Networks Appoints New Chief Technology Officer – Juniper Networks Newsroom Bikash Koley – LinkedIn Juniper Networks Expands Enterprise Portfolio with Cloud-Managed SD-LAN and New CPE Devices – Juniper Networks



BiB084 – Public Clouds Are Proprietary and Dont Care About You
Dec 06 2019 5 mins  
I was hosting a panel for ONUG London this week and this was the topic of discussion. Enterprise are signalling that they believe in multi-cloud. It is a problem that multi-cloud means different things to different people e.g. Infrastructure vs Developers, Pre-pack vs DIY, On-prem vs Off-prem cloud and so on. The marketing fog surrounding this market does create some confusion about what exactly multi-cloud is. Perhaps the most substantial challenge of multi-cloud is the lack of interoperability and divergence of public cloud services. This is further compounded by aggressive addition of new services to clouds that are internally developed with zero consideration for customer interoperatibility. Perhaps the most visible aspect of this is that AWS continues its corporate branding that there is only one cloud. Its not public, multi or hybrid. AWS is THE CLOUD and the small number of salary slaves who are permitted to speak in public must toe this line or become un-salary slaves. Each cloud vendor has fully incompatible network plans. From the models of their virtual networks, to their private APIs and total lack of transparency into upcoming plans, there is not The conclusion is that the future of public cloud interoperability is none. Customers are on their own and face hostile suppliers who are truly uncaring what the customer wants. Lets face it, Azure, Google are AWS are bigger than any their customers and they have very few reasons to listen to you.


Heavy Networking 491: Real-Life Segment Routing & PCE
Dec 03 2019 69 mins  
Segment routing is a mechanism for sending packets over a specific path through the network. There are several ways to do segment routing and multiple elements that go into the technology. On today’s Heavy Networking podcast we explore segment routing as it’s used in a production network; specifically, ESnet, an international network that moves science data all over the world, including data from the Large Hadron Collider in Europe to scientists in the United States. Our guest is Nick Buraglio, a network engineer at ESnet and a regular guest on Packet Pushers. We discuss: * The flavor of segment routing that ESnet went with and why (SR-MPLS vs. SRv6) * The problems ESnet was trying to solve * Whether segment routing reduces complexity * The role of IS-IS in the network * Path Computation Element (PCE) and how forwarding decisions are made * More Sponsor: Cradlepoint The future of the WAN is wireless, but a wireless connection is only as good as the edge. Cradlepoint unlocks the power of advanced cellular through wireless edge solutions that are delivered the way you consume everything IT: as a service. Reliable. Elastic. Simple to manage from anywhere. Learn more about Cradlepoint’s cloud-managed LTE solutions at cradlepoint.com/packetpushers. Sponsor: Cumulus Networks Today’s show is sponsored by Cumulus Networks. Build a private cloud environment that is open, modern, and simpler to manage with Cumulus Linux – the Linux-based open network OS that gives you total interoperability, and NetQ – which gives you end-to-end actionable insight from the host to the switch. To learn more about open networking, head to https://cumulusnetworks.com/open. Show Links: Heavy Networking 477: Segment Routing Boot Camp With Juniper Networks (Sponsored) – Packet Pushers A Glimpse At Two Approaches To Segment Routing – Ethan Banks Show 370: Cisco & IPv6 Segment Routing (Sponsored) – Packet Pushers Yet another blog about Segment Routing-Part 1 – Diptanshu Singh via Packet Pushers Yet another blog about Segment Routing-Part 2 : TI-LFA – Diptanshu Singh via Packet Pushers Yet another blog about Segment Routing-Part 3: SR-TE – Diptanshu Singh via Packet Pushers Nick Buraglio on Twitter Forwardingplane.net – Nick Buraglio’s blog



Network Break 263: The Holiday Analyst Party Episode
Dec 02 2019 80 mins  
Take a Network Break! Today we’re hosting a special Analyst Holiday Party to welcome the start of the holiday season. So put on an ugly Christmas jumper, grab a glass of virtual eggnog, and join us for some deep thoughts, erudite pontification, and HR-approved revelry. Our party guests are Eric Hanselman, Chief Analyst at 451 Research; Brad Casemore, Research VP of Data Center Networks at IDC; and Keith Townsend, founder of The CTO Advisor. We discuss: * Whether Kubernetes is for real, and who in the enterprise should care * What multi-cloud means, and whether cloud interoperability is possible or desirable * How much to read into a string of poor financial results from legacy networking vendors. Are these short-term macroeconomic tribulations, or are cloud and white box eating away revenue? * The potential for satellite-based networking services, hurdles to overcome, and use cases Sponsor: ExtraHop Today’s show is also sponsored in part by ExtraHop, the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Sponsor: VIAVI Solutions Today’s show is sponsored in part by VIAVI Solutions. VIAVI focuses on end-user experience, providing products that optimize performance and speed problem resolution. Viavi helps network teams manage new initiatives and daily operations, mitigate performance and security risks and solve performance issues and security problems. Learn more at viavisolutions.com/packetpushers. Tech Bytes: Arista Networks Stay tuned after the news for a sponsored Tech Bytes conversation with Arista Networks. We learn about Arista’s new CloudEOS; that means you can run Arista’s network OS in public clouds on a VM or as a container. Show Links: Packet Pushers FU: Survey Questions AWS Ground Stations – AWS Eric Hanselman on Twitter Brad Casemore on Twitter Keith Townsend on Twitter The CTO Advisor

Heavy Networking 490: Lessons Learned From A Large SD-WAN Deployment
Nov 29 2019 60 mins  
Heavy Networking visits with Snehal Patel. A global network architect for a brand-name retailer, Shehal has been deploying SD-WAN since before it became the biggest buzzword to bet your business’s behind on. With one of the largest active enterprise SD-WAN deployments in the world, we asked him if he’d be willing to come on the show and let us know how it’s going. How large? More than 2,800 retail locations in North America alone, all live and in production on an SD-WAN fabric. His WAN connections are a mix of Internet broadband, LTE, and MPLS. Snehal joins us to discuss his experiences, both good and bad, with deploying and running SD-WAN at scale. We explore: * The general environment he’s rolling out SD-WAN for * How branches connect to HQ and cloud services * Security and compliance requirements that have to be met * How ZTP isn’t quite Zero Touch, but still an improvement * The cutover process and how it’s been refined * The good and bad of centralized management * Much more Sponsor: ITProTV Get over in-depth technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up at itpro.tv/packet and save 25%. Use the code PACKET25 when you check out. Sponsor: ExtraHop ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Show Links: Snehal Patel on Twitter ProSDN – Snehal’s blog Snehal Patel on LinkedIn


Heavy Networking 489: Is BBR Too Unfair An Algorithm For The Internet?
Nov 27 2019 54 mins  
BBR is a congestion control algorithm (CCA) designed for low latency. Backed by Google, BBR’s use is growing on the Internet, including as the default CCA for YouTube. However, an element in BBR’s design means that the 1.0 version of the algorithm crowds out other commonly used CCAs, such as Cubic and Reno. As today’s guests discovered in their research, when BBR and Cubic flows share a link, a single BBR flow will take up as much as 40% of the link’s bandwidth, leaving 16 Cubic flows to divide the rest among themselves. This leads to questions about how BBR will interact with the legacy algorithms that are the status-quo today. Our guests for today’s show are Ranysha Ware, a Ph.D. student in Computer Science at Carnegie Mellon University; and Justine Sherry, Assistant Professor of Computer Science at Carnegie Mellon. Ranysha recently presented her findings on BBR at the Internet Measurement Conference in October 2019 in the Netherlands. Ranysha and Justine come on the podcast to discuss: * How BBR works, including differences with legacy loss-based CCAs * Research comparing BBR, Cubic, and Reno * Why BBR behaves the way it does * Potential impacts for the Internet * Using harm, rather than fairness, as a measure for new algorithms * More Ranysha has also created a Congestion Control Evaluation Survey for network engineers and operators to get feedback on a proposed testbed for evaluating the impact of CCAs on applications and networks. She’d appreciate your input! Sponsor: Tufin Tufin has pioneered a policy-based approach to network security management using automation and analytics. As a result, you can make network changes in minutes instead of days, reliably and securely. Tufin. The Security Policy Company. Get details at www.tufin.com. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Modeling BBR’s Interactions withLoss-Based Congestion Control (PDF) Ranysha Ware – Carnegie Mellon University Congestion Control Evaluation Survey Ranysha Ware on Twitter Dr. Justine Sherry Justine Sherry on Twitter BBR Congestion Control Work at Google – IETF Employing QUIC Protocol to Optimize Uber’s App Performance – Uber Engineering Blog



Network Break 262: Extreme Announces Fabric Automation And New Switches; Google Rolls Out Smarter Cloud Networking
Nov 25 2019 64 mins  
Take a Network Break! Extreme Networks announces new Fabric Automation software to make it easier to add and remove switches to a fabric, and also announced two new switches in its SLX line. Google acquires CloudSimple to make it easier to move vSphere workloads into Google Cloud, and Google also announced the beta release of new modules to simplify the management and monitoring of cloud networking. Vodafone selects Google Cloud on which to run a data analytics project, Microsoft announces support for DNS over HTTPS (DoH) to enable privacy in DNS queries, and Slack releases its network overlay technology as open-source software. And last but not least, HPE targets monolithic apps with its new HPE Container Platform, and Cisco undertakes an internal reorganization to address the growing role of cloud. One quick note: Greg is interested in creating a survey to tackle questions you’d be interested in asking. If you have suggestions, please leave them at packetpushers.net/fu/. Thanks! Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Sponsor: InterOptic InterOptic is your reliable data interconnect company. Stop paying OEM prices for optics, and get brand-equivalent transceivers at a fraction of the cost. Find out more at Interoptic.com/packet-pushers. Tech Bytes: SolarWinds Stay tuned after the news for a sponsored conversation on Application Performance Monitoring with SolarWinds, including details on their SaaS-based suite of APM tools that include Web app and user experience monitoring and log analysis and management. Find out more at Solarwinds.com/packetpushers. Show Links: Extreme Fabric Automation (Datasheet) – Extreme Networks Extreme Networks Brings Simplicity to Data Center Operations with New Fabric Automation Capabilities – Extreme Networks Helping our customers migrate to the cloud: Google acquires CloudSimple – Google Vodafone Chooses Google Cloud as Strategic Cloud Platform for Infrastructure, Data Analytics, and Machine Learning – Vodafone Vodafone Puts Its Faith in Google Cloud for Big Data Analytics – Light Reading Google emits Network I...


BiB083 – Forescout – Visibility For Segmentation
Nov 22 2019 6 mins  
Forescout is a Network Access Control company that has been successful in the large US companies. Its not a company that has come to my attention in the last 10 years so I’m fresh to the whole thing. Its large vendor, 1200 staff with 400 engineers and 3500 customers. Key features – Agentless, non-disriptve to endpoints, uses network as a source of truth – Flows, taps, packets capture, sensors, device polling: WMI, SSH:, – Claims of 20 different method or techniques of data collection leading to 100% visibility – Allows consumption of encrypted data and data analysis can get signal out of that – Real time discovery leading to continuous posture assessment – Operates at scale, they claim up to 2M endpoints/devices – NAC – Discovering unknown devices. – Trace data flows in the network, e.g. who is using telnet, identify the source, track it down and prevent that somehow. – NAC is not access through authentication but enforcement in network but using the existing control points in your networks aka firewalls, routers, switches etc. Control is the keyword. – This constant monitoring delivers visibility into constant compliance and for audits, you can show current state but also easily prove that you have future issues managed. – By analysing the data, they can find out of date systems. – The need to collect data is key to this type of solution and this means you must have control of the network and the ability to deploy taps, flow agents and collectors, span pots and so forth. This is much easier than attempting to deploy endpoint agents on the current software we have. – This process can support existing segmentation technologies and its usefulness. They have a newer product called eyeControl which will deploy configuration changes to the network for certain cases. This seems to be in the early stages and now that SDN is accepted I suspect customers will expect this functionality. What I felt was missing Authentication – a key part of µset is identity. Action as Configuration – this is visibility only derived from analytics. . Its doesn’t configure the control points. Once you have derived a conclusion from the data, you need to act manually. This isn’t a bad thing, SDN across multiple vendors is not a solved problem, and often at odds with your existing IT functions. But you kind of what automation or orchestration to do the thing. So get out your preferred solution for that. Forescout believes that they can address this over time. Over the last five years, we have seen Cisco and Aruba bundle their NAC products into the campus portfolio which is changing that market. NAC is one method of segmentation, and perhaps a part of a microsegmentation strategy. What stands out is that Forescout is different type of campus microsegmentation from Cisco’s SD-Access or Aruba’s Clearpass NAC. 1. Uses existing technology and requires no upgrades, although it might work better with some. 2. Doesn’t change the user experience or the end points in the network 3. Provides information so your existing processes can handle the change. If that works for you, then it might be worth a closer look.     Forescout Company Introduction with Pedro Abreu https://youtu.be/t7ViKHhMolo Forescout Transforming Network Segmentation https://youtu.be/yLGbeD2pahs

Heavy Networking 488: Using Genetic Algorithms To Avoid Internet Censorship
Nov 22 2019 70 mins  
Today on Heavy Networking, we’re going to evolve using genetic algorithms. You heard me right. Researchers at the University of Maryland in the United States have developed a project called Geneva that uses genetic algorithms to automatically figure out the best way to, in this use case, avoid Internet censorship. Essentially, we’re going to discuss how to get through the Great Firewall of China with about 6,000 lines of Python. So put on your propellor beanie, and let’s introduce our guests: David Levin, Assistant Professor, Computer Science and Co-Chair, CS Undergraduate Honors Program at the University of Maryland; and Kevin Bock, a graduate student at the University of Maryland who did much of the work on this project. We discuss: * Common techniques state censors use to detect and stop traffic, including encrypted traffic * Limits to these approaches that Geneva can exploit * How genetic algorithms work * Training genetic algorithms against censorship techniques * Testing mechanisms, including against real-world censors * Could Geneva be used to thwart legitimate security controls * More Sponsor: ITProTV Get over in-depth technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up at itpro.tv/packet and save 25%. Use the code PACKET25 when you check out. Sponsor: ExtraHop ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Show Links: Geneva: Evolving Censorship Evasion – University of Maryland Geneva – GitHub Dave Levin on Twitter PQ 58: Alibi Routing With UMD’s Dave Levin – Packet Pushers

Day Two Cloud 024: Why IT Operations Needs A Cloud Strategy And How To Form One
Nov 20 2019 44 mins  
“Strategy” seems like one of those words that executives get all excited about and deliberate over for months, while real work actually gets done every day by technical people. But when it comes to the cloud, don’t dismiss strategy in favor of “Let’s just build it now and figure it out as we go.” That’s an excellent way to create problems for yourself, and the organization, including technical debt, unexpected costs, security and compliance trouble, and other bedevilments. IT needs a cloud strategy that aligns high-level business goals with more nitty-gritty operational details Today on Day Two Cloud we have a frank discussion about developing and refining a cloud strategy with IT operations in mind. Our guest is Ed Horley. You may recognize his voice from the IPv6 Buzz podcast, which he co-hosts. He’s also co-founder and CEO of HexaBuild, an IT consultancy. Ed is also an author and a recognized expert on IPv6. We discuss: * Why a strategy is important beyond the C-Suite * The risks of not having a strategy, including shadow IT, technical debt, the need to refactor later on, and others * How to incorporate general goals along with more specific operational requirements and objectives, particularly around identity and access management * Using discovery and documentation as you develop the strategy * Suggestions for getting the ever-elusive “buy-in” from various stakeholders * What happens when strategy runs into what people actually do Key Takeaways: * Start early and often because someone already deployed something into the cloud from your company – you just don’t know which department, what cloud, and if they did anything with best practices. * Strategy isn’t hard – consensus is. Use RACI to help move the project and decision making forward. * Learn by doing – it is really hard to do strategy and architecture and never used, deployed or run any cloud infrastructure. Start with things like the AWS Well Architected Framework and other best practices. * Do NOT underestimate how important identity and secrets are in the strategy – it can break your entire strategy and project if you get it wrong! Show Links: Responsibility Assignment Matrix (RACI) – Wikipedia Ed Horley on Twitter HowFunky.com – Ed Horley’s blog IPv6 Buzz Podcast – Packet Pushers IPv6 Buzz on Twitter HexaBuild.io


Network Break 261: Juniper EX Switches Get Misty; Cisco’s Tough Day On Wall Street
Nov 19 2019 61 mins  
Take a Network Break! We start with FU on SD-WAN interoperability and standards, plus on on Pica8 and Cisco DNA Center. On the news front, we discuss Juniper Networks’ new Mist Wired Assurance subscription offering for EX campus switches, Docker’s sale of its enterprise business to Mirantis, and Untangle’s debut of new SD-WAN appliances for SMBs. IP Infusion releases a commercial version of AT&T’s DANOS-Vyatta network OS for whiteboxes, Cisco’s Q1 earnings and Q2 forecast disappoints Wall Street, Vodafone dials up a plan for OpenRAN in Europe, and the Internet Society sells management of the .org domain to a for-profit private equity firm–what could go wrong? Get links to all these stories just below our sponsor messages. Sponsor: INE This episode is sponsored in part by INE, the ‘experts at making you an expert’. INE is announcing a new, monthly All Access Pass subscription plan, which provides you with unlimited access to INE’s entire content library of over 14,000 of the best IT and Networking training videos for just $99 a month. Visit INE.com/packetpushers to get started. Sponsor: ExtraHop Today’s show is also sponsored in part by ExtraHop, the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Tech Bytes: ExtraHop Speaking of ExtraHop, stay tuned after the news for a sponsored Tech Bytes conversation with ExtraHop on traffic decryption and why it’s essential for security operations. We’ll also dig into how ExtraHop decrypts traffic, how it handles decryption keys, and more. Show Links: FU: POSIX News: Juniper Networks Brings AI-driven Simplicity and Reliability to Enterprise Networks with New Mist Wired Assurance Service and Marvis™ Actions – Juniper Networks Two Giant Leaps for IT-Kind – Juniper Networks Mirantis Acquires Docker Enterprise Platform Business – Mirantis Docker Restructures and Secures $35 Million to Advance Developer Workflows for Modern Applications – Docker Mirantis acquires Docker Enterprise – TechCrunch Untangle Extends the Network to the Edge with the Release of Untangle SD-WAN Router and New eSeries Appliances – Untangle IP Infusion Announces DANOS-Vyatta Edition, a Commercial Version of DANOS, Is Ready for Customer & TIP 5G Cell Site Router Evaluations – Business Wire


Heavy Networking 486: Measuring Global Performance Of The Big 5 Cloud Providers (Sponsored)
Nov 15 2019 52 mins  
Understanding how the Internet carries your traffic is no longer optional. The Internet is much of your WAN, and the Internet can have problems just like any wide area network. Beyond the Internet, the public cloud providers have their own networks. Guess what? You need to understand how those are behaving as well. Sponsor ThousandEyes is here to explain how you can understand Internet performance more deeply. Before we get into that part of the discussion, we’ll review the data turned up by their research arm in the second annual Cloud Performance Benchmark report. The report covers AWS, Azure, GCP, AliCloud, and IBM. That is, how do the public clouds perform from a networking perspective? And what does that mean for you as you work with application architects placing workloads in the cloud? Our guests are Archana Kesavan, Director, Product Marketing; and Angelique Medina, Director, Product Marketing at ThousandEyes. We discuss: * Why ThousandEyes decided to develop this annual report * How it measures cloud provider performance * What’s new in the second report, such as the inclusion of performance details on AliCloud and IBM * Result highlights and comparisons of cloud performance across geographical regions * The introduction of Internet Insights, a real-time view of global Internet health * More Show Links: Cloud Performance Benchmark – ThousandEyes Internet and Cloud Intelligence Research – ThousandEyes



Heavy Networking 485: Understanding Edge Exchanges
Nov 12 2019 64 mins  
Internet Exchanges (IXs) perform a core function of allowing provider networks to exchange traffic and data. IXs are key to the functioning of the Internet. However, there are relatively few physical locations in the United States where those exchanges exist. That means traffic may have to trombone or take non-optimal routes to get from one network to another. Thus, the emergence of edge exchanges. An edge exchange is a micro-data center positioned at the network operator side of a last-mile networks. That network can be wired or mobile. The goal of an edge exchange is to provide direct interconnection and traffic exchange between provider networks closer to end users and mobile towers. Our guest to walk us through the ins and outs of edge exchanges is Alex Marcham, Technical Marketing Manager at Vapor IO. We discuss: * The role of IXs in moving Internet traffic * How edge exchanges differ from Internet exchanges (IXs) * Why edge exchanges have emerged and the problems they are meant to address * The Linux Foundation’s LF Edge project * More Sponsor: Ixia Today’s show is sponsored in part by Ixia. Join Ixia for The Network Makeover, a unique event featuring >50 giveaways and tips & tricks designed to help you turn network data into dynamic network intelligence. Register now and then tune in December 2-13 for daily chances to win. Go to www.ixiacom.com/packetpushers to sign up. Sponsor: Pilot Fiber Pilot Fiber is hiring network engineers for support and infrastructure roles! With hundreds of happy customers in NYC, we’re out to prove that a happy team means happier customers. Pilot is looking for technical pros who share a passion for driving an unprecedented end-to-end experience. Find out more at pilotfiber.com/packetpushers. Sponsor: Tufin Tufin has pioneered a policy-based approach to network security management using automation and analytics. As a result, you can make network changes in minutes instead of days, reliably and securely. Tufin. The Security Policy Company. Get details at www.tufin.com. Show Links: Alex Marcham on Twitter Network Architecture 2020 – Alex’s Blog LF Edge – Linux Foundation Datanauts 135: An Introduction To Edge Computing – Packet Pushers PQ Show 105: Will 5G Improve Rural Broadband? – Packet Pushers


Network Break 260: Pica8 Launches Campus Automation Framework; VMware Adds IPS To NSX
Nov 12 2019 61 mins  
Take a Network Break! Brad Casemore, Research Vice President, Datacenter Networks at IDC joins us as guest commentator and virtual pundit. We start with follow-up on SD-WAN standards, Gigamon Insight, and a correction from Extreme/Aerohive to note that their software development takes place almost entirely in San Jose. Then we pivot to the tech news, including a brand new campus architecture from Pica8 that targets Cisco’s DNA Center, VMware’s announcement that it will add IDS/IPS capabilities to NSX, and VMware’s announcement that it’s making beta versions of its Tanzu Mission Control software available to select customers. Infloblox acquires SnapRoute, maker of network operating systems; and Barracuda announces a new cloud-based security service including a Web application firewall. Last but not least, thanks to everyone who responded to our question about whether our coverage of financial news is valuable. The great majority said yes, so we’ll carry on. Thanks for the feedback! Sponsor: ExtraHop Today’s show is also sponsored in part by ExtraHop, the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Sponsor: Ixia Today’s show is sponsored in part by Ixia. Join Ixia for The Network Makeover, a unique event featuring >50 giveaways and tips & tricks designed to help you turn network data into dynamic network intelligence. Register now and then tune in December 2-13 for daily chances to win. Go to www.ixiacom.com/packetpushers to sign up. Tech Bytes: Tufin Today’s Tech Bytes sponsor is Tufin, and we dig into the concept of agility in the enterprise, particularly as organizations adopt cloud services and container-based applications. Show Links: Pica8 Launches Threshold™, Achieving Five Industry Firsts to Deliver the Only End-to-End Open Networking Replacement Architecture for Legacy Campus Networks – Pica8 VMware Announces New Security Solutions to Bring Intrinsic Security to the Modern Distributed Enterprise – VMware VMware Advances VMware Tanzu Portfolio to Accelerate Adoption of Kubernetes in the Enterprise – VMware Infoblox Announces Acquisition of SnapRoute to Accelerate Delivery of Cloud-Native Network Services – Infoblox BiB 071: SnapRoute CN-NOS For Whitebox Focuses On ...


Heavy Networking 483: SD-WAN Incompetence, Myths, And Fallacies
Nov 05 2019 68 mins  
Managed Service Providers (MSPs) are trying to sell SD-WAN services by convincing you that you don’t have the staff, training, or competence to operate an SD-WAN. On today’s Heavy Networking, Greg Ferro and Ethan Banks pick this argument apart to see if there’s anything to it. Short answer? There really isn’t. Greg and Ethan discuss: * Why SD-WAN is well-suited to being operated in house * Why MSPs are not well-suited to managing a dynamic technology such as SD-WAN * The mistaken notion that MPLS circuits are a must-have in your WAN * Why it’s bad for your business to outsource a developing technology to a provider * More This discuss is based around the whitepaper “SDWAN: Get A Managed Service Or Do It Yourself? (Your Incompetence Is My Opportunity” by Greg Ferro. The whitepaper is available for Ignition subscribers. Membership is $99 per year. Sponsor: Tufin Tufin has pioneered a policy-based approach to network security management using automation and analytics. As a result, you can make network changes in minutes instead of days, reliably and securely. Tufin. The Security Policy Company. Get details at www.tufin.com. Sponsor: Ixia Join Ixia for The Network Makeover, a unique event featuring more than 50 giveaways, plus tips and tricks designed to help you turn network data into dynamic network intelligence. Register now and then tune in December 2-13 for daily chances to win. Go to www.ixiacom.com/packetpushers to sign up. Show Links: Packet Pushers Ignition SDWAN: Get A Managed Service Or Do It Yourself? (Whitepaper – Subscription required)


Network Break 259: Fortinet Buys Endpoint Security Company; Arista Shares Squashed By Cloud Titan
Nov 04 2019 45 mins  
Take a Network Break! Fortinet buys endpoint security company EnSilo for an undisclosed amount, Gigamon rolls out a network detection and response product based on a previous acquisition, and Extreme Networks re-brands Aerohive’s HiveManager. *Please note that in this episode, Greg says the majority of Aerohive’s development is done in China. Extreme Networks wrote in to say “The development takes place almost entirely in San Jose and China is not a significant development site for Aerohive/Extreme.” Reports of IPv4 exhaustion at RIPE are greatly exaggerated, Arista Networks sees its share price plunge due to reduced spending by a cloud titan, Fortinet racks up a respectable third quarter, and a former German submarine base in France is getting new life as a data center. Get all these links below. Sponsor: Cumulus Networks Today’s show is sponsored by Cumulus Networks. Build a private cloud environment that is open, modern, and simpler to manage with Cumulus Linux – the Linux-based open network OS that gives you total interoperability, and NetQ – which gives you end-to-end actionable insight from the host to the switch. To learn more about open networking, head to https://cumulusnetworks.com/open. Tech Bytes: AppNeta After the news, you can learn about how to monitor performance on 100G links in a sponsored conversation with AppNeta in our Tech Bytes series. Show Links: Follow Up Some folks in the network automation community are running a NetDevOps survey to get a sense of how network automation is being adopted and used. This is a follow-up to a 2016 survey. It’s anonymous and not vendor-driven. If you’d like to check it out, go to http://bit.ly/netdevops-survey-2019. News Links Fortinet Acquires Endpoint Security Innovator enSilo – Fortinet Gigamon Announces ThreatINSIGHT, the Industry’s Fastest Cloud-Native NDR Solution – Gigamon Extreme Networks Unveils ExtremeCloud IQ Cloud Management Application – Extreme Networks This Time, There Really Are NO IPv4 Internet Addresses Left – ISPreview UK RIPE Has Not Exhausted IPv4 Addresses yet. Plenty to go. – Packet Pushers Arista Networks, Inc. Reports Third Quarter 2019 Financial Results – Arista Networks Fortinet Reports Third Quarter 2019 Financial Results – Fortinet German WW2 U-boat base in France reboots as data center – Reuters



Network Break 258: Aruba Stacks Up New Switches; SpaceX Promises Satellite Broadband In 2020
Oct 28 2019 49 mins  
Take a Network Break! Guest Ed Horley stops by to pitch in on this week’s commentary. We address a couple of FUs on Cisco NAE and Microsoft Teams, and then dive into new Aruba switches and an upgrade to Aruba’s network OS, and a new SD-WAN appliance from Riverbed. Teridion debuts new PoPs in China to enable SD-WAN services on the mainland, SpaceX pledges to make satellite-delivered broadband available next year, and a US appeals court slaps down Ajit Pai’s order forbidding states and local municipalities from regulating broadband. Mozilla’s latest version of Firefox reduces the power draw on Macs, Juniper posts a weak quarter in its latest financial results, and AWS gets punished by the stock market for only growing by 35%. US mobile carriers band together to ditch SMS, AT&T promises to send its DANOS project to the Linux Foundation by November 15th, and a Defense Department leader steps aside from the JEDI contract to avoid the appearance of impropiety. Microsoft acquires yet another cloud migration company, Google hires an ex-Microsoft exec to head up its GSuite business, and SoftBank and WeWork shower founder Adam Neumann with a golden parachute to get him to fly away. We’ve got links to all these stories below. Sponsor: Ixia Join Ixia for The Network Makeover, a unique event featuring more than 50 giveaways, plus tips and tricks designed to help you turn network data into dynamic network intelligence. Register now and then tune in December 2-13 for daily chances to win. Go to www.ixiacom.com/packetpushers to sign up. Sponsor: CDN77 CDN77 is trusted by the European Space Agency. It supports the latest tech innovations and provides fast, secure and reliable content delivery all around the world. Learn more at cdn77.com/packetpushers. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: FU: Cisco NAE: Cisco ACI for Data Center Networking Subscription Offers – Cisco Systems (PDF) News Links: Aruba CX 6300, CX 6400 And ArubaOS CX Briefing Deck – October 2019 – Packet Pushers Ignition Aruba Debuts New Campus And Data Center Switches, Upgrades Its Network OS – Packet Pushers Riverbed Sets New Standard for SD-WAN, Delivering to Organizations High Scalability and Performance for the World’s Most Complex and Secure Networks – Riverbed SteelConnect EX – Riverbed

Heavy Networking 481: Enhancing Cloud Security With Network Detection And Response From ExtraHop (Sponsored)
Oct 25 2019 48 mins  
Today on Heavy Networking we talk security, both on premises and in the public cloud. The network you build and run on premises and in the cloud are expressly designed to connect users and customers to applications and data, but they’re also a vehicle for malware, exploits, and intruders. The network is being asked to do more filtering, more scanning, more blocking, more decision-making to try keep out the bad stuff, but we’ve also seen the limits of anti-virus, anti-malware, intrusion prevention, and Next-Gen Firewalls; even if these products are 99.999 percent effective, one mistake is all an attacker needs to get a toehold. On today’s sponsored show we’re going to talk with ExtraHop about network detection and response (NDR), with a focus on public cloud. Our guest is ExtraHop founder and CTO Jesse Rothstein. He’s here to talk about how NDR differs from prevention, how to use it in the cloud, ExtraHop’s ability to take advantage of native cloud traffic mirroring, and more. We discuss: * The shift in security from prevention to detection * How to leverage the network as a source of ground truth for security investigations * Getting useful visibility in hybrid environments * The benefits of cloud-native traffic mirroring * Dealing with information overload * Behavioral modeling and analysis * Traffic decryption challenges and solutions * More Show Links: ExtraHop ExtraHop Reveal(x) Cloud – ExtraHop Cloud-Native Network Detection & Response – ExtraHop Tech Bytes: How ExtraHop Leverages Cloud-Native Traffic Mirroring For Security (Sponsored) – Packet Pushers

Datanauts 173: Goodnight, Datanauts
Oct 23 2019 19 mins  
This is, sadly, the final episode of the Datanauts podcast. Chris Wahl and I had an extraordinary adventure busting IT silos, comparing notes, lobbing things over the wall at each other, and trying to sort out what the new IT stack looks like. Why? We’ll get there. Read on. But There Was So Much More To Talk About! For all of us in IT, the changes over the last five years have complicated our lives and introduced us to new tradeoffs. * Automation abstracts away important details while speeding configuration. * Orchestration enables application elasticity, but only if the app has been architected to function that way. * Cloud postulates that you don’t need infrastructure design anymore, but very public outages, along with common sense, have busted the #noops myth. In other words, we’re still figuring it out. All of us. Engineers. Architects. Developers. End users. Vendors. Open source groups. Standards bodies. Consortiums. Training companies. Resellers. The Datanauts mission isn’t really over, at least not in principle. Chris and I could keep podcasting indefinitely, having great conversations with people from all over the industry. There is much silo busting yet to be done. Reality’s Cold, Fishy Slap To The Face Reality sometimes gets in the way of what we’d like to do, though. That reality has, in the best possible way, intruded on Chris’ world. He’s got new opportunities both personal and professional that make it impossible for him to keep going as the Datanauts co-host. And so, that’s it. We’re aiming our infrastructure rocket into the IT universe and heading “out there.” That-a-way. Chris explains more in the recording for those who want the details. Filling The Void In Your Heart Over the years, many of you told us that Datanauts was a favorite. And now, we’re taking that favorite away from you. Perhaps you’re angry…or weeping uncontrollably. Maybe you just threatened a pet. A coworker cubicles away might have felt your stress ball land on their head as you hurled it over the top. Don’t be like that. Sure, Datanauts is leaving a void in your heart, but we hope to fill that void with the Day Two Cloud podcast. Author and PluralSight course creator Ned Bellavance has been running this show on the Packet Pushers network since the start of 2019, and I have now joined him as co-host. Day Two Cloud will be a weekly podcast starting in November 2019, and we’re covering cloud operations of all kinds. Private. Hybrid. Multi. And of course, public. IaaS, PaaS, SaaS, serverless. Automation. Orchestration. Security. Conversations with vendors, engineers, and industry friends–all with a healthy dose of humor and cynicism. Datanauts Forever! We won’t be taking the catalog of Datanauts shows away. The archive of published shows will remain available here. And of course, Chris is still a social human you can interact with! If you want to keep up with Chris, you can follow him on Twitter or check out his blog at Wahl Network. Our deepest thanks to all of you that subscribed and listened. Datanauts was one of the most downloaded channels on the Packet Pushers podcast network. We’ll miss it as much as you will.

Heavy Networking 480: WTF Is Digital Transformation?
Oct 22 2019 65 mins  
Welcome to Heavy Networking from the Packet Pushers Podcast network. Today’s show is all about Digital Transformation. CIOs, executives, analysts, and product managers talk about digital transformation the way exercise junkies talk about CrossFit: as the way and the truth and the blueprint for…what, exactly? Businesses already use technology. Things are pretty well digitized. Employees have laptops and mobile devices, and IT teams build and run elaborate systems to move and process data. Does digital transformation just mean adopting the latest gadget and moving data faster, or is there something more? That’s the question we’ll explore on today’s episode. We’ve brought on several guests to help puncture the hot air balloon of digital technology and see if there’s anything useful inside: Paul Beyer, Infrastructure Architect; Tobias Metz, Consultant Network Engineering & Training Coordinator; and Emma Cardinal-Richards, Senior Network Architect. In our conversation we: * Try to assemble a working definition of digital transformation * Explore how the idea of digital transformation differs from previous eras of technology adoption * See if we can tie the notion of transformation to particular technologies * Discuss the impacts of digital transformation on engineers Sponsor: ExtraHop ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Sponsor: ITProTV Get over in-depth technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up at itpro.tv/packet and save 25%. Use the code PACKET25 when you check out. Show Links: Paul Beyer on LinkedIn Paul Beyer’s blog Tobias Metz on LinkedIn Emma Cardinal-Richards on LinkedIn Emma Cardinal-Richards on Twitter






Heavy Networking 477: Segment Routing Boot Camp With Juniper Networks (Sponsored)
Oct 11 2019 57 mins  
Today on Heavy Networking we go deep on segment routing. Segment routing is way to encode into a packet the path it should take through the network. And why would you want to do that? Lots of reasons, including traffic engineering and service chaining. Sound scary? Step all over everything you think you know about dynamic routing and path selection? To make sure you leave this podcast with a head full of segment routing knowledge is our guest, Ron Bonica, Distinguished Engineer at Juniper Networks, our sponsor for today’s detailed look into SR, SRv6, SRv6+, path computation, recovering from failure states, and more We discuss: * An overview of segment routing and its use cases * Ingress, transit, and egress nodes in an SR domain * Key differences among segment routing options, including SR-MPLS, SRv6, and SRv6+ * How segment routing works with nodes that aren’t in an SR domain * Hardware and software requirements to use segment routing * More This is deep, detailed show, so grab a stack of virtual donuts and a pot of coffee, and let’s go down the rabbit hole. And if you want even more information, check out the list of resources below. Show Links: Juniper Networks Segment Routing Segment Routing (SR) and Traffic Engineering (TE): Part One – Juniper Forums Segment Routing (SR) And Traffic Engineering (TE): Part Two – Juniper Forums SRv6+ Segment Routing Headers – Why We Want Them – Juniper Forums A Segment Routing Renaissance – Juniper Forums Segment Routing: Policies, Paths, and Segments – Juniper Forums Segment Routing (SR) With Multiprotocol Label Switching (MPLS) – Juniper Forums The IPv6 Compressed Routing Header (CRH) – IETF

Heavy Networking 476: Running ACI And NSX In The Same Data Center
Oct 08 2019 65 mins  
Today on Heavy Networking, a network transformation. OK, that sounds like marketing, but it isn’t. This is a discussion about a migration to Cisco ACI and VMware NSX technologies, paired with some automation, by a network engineer who was new to both products. It wasn’t all beers and cheers on the way to success. There were rocks and pitfalls. Joining us for detailed conversation about running ACI and NSX in the same data center is Derek Wilson, a Principal Network Consultant at a big company you’ve heard of but we won’t mention. We discuss: * The impetus for a hardware refresh that led to ACI * Why he chose a spine-leaf design * How ACI simplified the physical infrastructure * Why the organization chose NSX for the overlay * How ACI and NSX interact (and don’t) * The learning curves on each product * How the team decided between Terraform and Ansible for automation tooling * More Sponsor: Cumulus Networks Cumulus Networks is announcing a brand-new networking certification: the Cumulus Certified Open Networking Professional. Learn Linux networking fundamentals, including essential concepts and commands behind Linux-based open networking, and master the Cumulus Core–everything you need to know to become proficient in Cumulus Linux. Get details at cumulusnetworks.com/cert. Sponsor: InterOptic InterOptic is your reliable data interconnect company. Stop paying OEM prices for optics, and get brand-equivalent transceivers at a fraction of the cost. Find out more at Interoptic.com/packet-pushers. Show Links: Setting the Record Straight: Confusion about ACI on VMware Technologies – Cisco Systems Heavy Networking 438: VMware NSX Evolution For Cloud Networking And Security (Sponsored) – Packet Pushers PQ 137: WhiteSpider & Real-World Cisco ACI Deployments (Sponsored) – Packet Pushers


Heavy Networking 475: Anticipating 5G’s Impact On Enterprise Wi-Fi
Oct 04 2019 59 mins  
Greg and Ethan are here today. Hi. Just us. We wanted to speculate on what the impact of 5G and private LTE might be over the next several months & years on enterprise wireless. That is, Wi-Fi. As in, will you need a private Wi-Fi network with APs you lovingly hang from the ceiling after a careful site survey and artisanally painted heat maps, along side of clever SSIDs with their accompanying policies? Or will you be at the point where you can just dump much of that responsibility on your telco, and let them do all of that for you? This is a thought exercise. We don’t have all of the answers here, but there’s a lot to think about, both from the telco and enterprise side. Greg and I will take both sides of the argument and roll these ideas around in our head. 5G is coming. Private LTE is real. Companies are coming out of stealth with offerings in this space, so it seemed like a good time to chinwag about this. We discuss: * Risks and benefits for telcos of 5G * Risks and benefits for enterprises of 5G * If 5G does take over for Wi-Fi, what does that transition look like? * Where might you want to retain Wi-Fi? * More Sponsor: Cradlepoint The future of the WAN is wireless, but a wireless connection is only as good as the edge. Cradlepoint unlocks the power of advanced cellular through wireless edge solutions that are delivered the way you consume everything IT: as a service. Reliable. Elastic. Simple to manage from anywhere. Learn more about Cradlepoint’s cloud-managed LTE solutions at cradlepoint.com/packetpushers. Sponsor: ExtraHop ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Show Links: 5G And Enterprise IT Whitepaper – Packet Pushers Ignition (Membership required)


Tech Bytes: The Value Of Software Quality With Arista Networks (Sponsored)
Sep 30 2019 16 mins  
You’re listening to Tech Bytes, a short, sharp sponsored conversation where we grab a technology or concept and see how much juice we can squeeze out of it in about 15 minutes. Our sponsor today is Arista Networks and we’re going to talk about how software quality and product integrity deliver value to customers. Our guest is Doug Gourlay, VP and General Manager of Cloud Networking at Arista. We discuss: * Why software is more important than hardware in networking * The operational and security issues that arise from software vulnerabilities * How code quality affects patches and upgrades * More The following section from Doug Gourlay is included to provide context on the numbers discussed in the podcast: A CVE is a Common Vulnerability or Exposure where a vulnerability is a ‘weakness in the code found in software that, when exploited, results in a negative impact to confidentiality, integrity, OR availability” and an exposure is a “mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network.” CVEs are maintained in an authoritative list by MITRE, under contract to the US Government through the Department of Homeland Security at https://cve.mitre.org. The data discussed in this podcast was compiled from the MITRE CVE database. The CVSS scores were compiled from the Forum of Incident Response and Security Teams (FIRST) CVSS scoring database. As of this posting on 26 September 2019, since 1 January 2014 there have been: * 137 CVEs on Cisco NX-OS * 217 CVEs on Cisco IOS * 203 CVEs on Cisco IOS-XE * 72 CVEs on Cisco IOS-XR * 5 CVEs on Arista EOS


Heavy Networking 473: Synthetic Transactions, SD-WAN Readiness, And Internet Outage Autopsies With ThousandEyes (Sponsored)
Sep 24 2019 45 mins  
Welcome to Heavy Networking, a uniquely nerdy podcast that puts the network at the center of the universe where it belongs. Today is a sponsored show with ThousandEyes and we’re going to feast on a smorgasbord of topics: first, a new synthetic transaction monitoring tool from ThousandEyes. Second, we’ll discuss why performance monitoring is critical to your SD-WAN readiness and ongoing operations. Third, we’ll explore postmortems on a couple of 2019’s Internet outages, including a major route leak that affected CloudFlare, and what that means when you’re relying on the Internet for critical business applications. Our guests from ThousandEyes are Alex Henthorn-Iwane, VP of Product Marketing; and Angelique Medina, Director of Product Marketing. Show Links: ThousandEyes Browser Synthetic Monitoring – ThousandEyes Introducing Internet-Aware Synthetic Transaction Monitoring – ThousandEyes Blog ThousandEyes Addresses Critical Enterprise Application Performance Visibility Gap With Internet-Aware Synthetics – ThousandEyes ThousandEyes for Application Delivery – ThousandEyes (PDF) Visibility for Your Hybrid WAN and SD-WAN Traffic – ThousandEyes Cloudflare Users Burned by Internet Routing Pile-Up – ThousandEyes WhatsApp Disruption: Just One Symptom of Broader Route Leak – ThousandEyes Internet Outage Reveals Reach of China’s Connectivity – ThousandEyes





Heavy Networking 470: Why Does Networking Evolve So Slowly?
Sep 11 2019 66 mins  
In a discussion on the Packet Pushers’ Slack channel, Greg shared some slides from 1999, where some of the same points he raised 20 years ago are still true today. Why is networking so slow to change? That’s the focus of our discussion today. Joining us is Emma Cardinal-Richards, Senior Network Architect at University College in London. This is her first time appearing on Heavy Networking. Also joining us is Jeremy Filliben. Jeremy is the Owner/Consultant/Instructor at Pristine Packets. You might know him as a CCDE trainer. Please welcome both Emma and Jeremy into your earbuds, and let’s get into our discussion on what it is about networking that makes it slow to change. Here’s the slides that spurred this episode: Sponsor: Tufin Tufin has pioneered a policy-based approach to network security management using automation and analytics. You can make network changes in minutes instead of days, reliably and securely. Tufin. The Security Policy Company. Find out more at tufin.com Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Emma Cardinal-Richards on Twitter @emsk1g Jeremy Filliben’s Blog Jeremy Filliben on Twitter Ignition – Packet Pushers Premium The 2019 Accelerate State of DevOps: Elite performance, productivity, and scaling – Google Cloud Blog








Heavy Networking 466: Securing The Network That’s Everywhere With Open Systems (Sponsored)
Aug 16 2019 46 mins  
As your network perimeter expands into public cloud and mobile, how do you secure it? The answer has been some combination of endless firewalls, host agents, and VPNs, maybe from a variety of vendors. How’s that working out for you? Getting a little hard to keep up with it all? Our sponsor is Open Systems. Open Systems offers an integrated solution that combines a secure cloud access security broker with cloud integrated SD-WAN and a DevOps mentality that gives you a new way to design your increasingly complex perimeter security. Moritz Mann, Head of Product Management, joins us from Open Systems for our security chat. What We Discuss In our conversation with Moritz, we chat through the following big ideas: 1. Open Systems as an SD-WAN company with integrated security. 2. Whether or not security is table stakes for SD-WAN solutions. 3. The components of the Open Systems security offering, including a firewall, web gateway, DNS filter, and security monitor. 4. The architecture of the appliance delivering these services. 5. Open Systems’ role in securing hybrid and multi-cloud environments. 6. How Open Systems secures mobile users. 7. Why inline firewall approaches struggle in the cloud era. 8. The Open Systems approach to securing cloudy conversations, including their Cloud Access Security Broker (CASB) service. For More Information * Website: https://open-systems.com/ * Twitter: https://twitter.com/securesdwan * LinkedIn: https://www.linkedin.com/company/open-systems * Moritz Mann: https://www.linkedin.com/in/moritz-mann-34b24/

Datanauts 171: The Joy Of Engineering With William Lam
Aug 14 2019 54 mins  
In the Hitchhiker’s Guide To The Galaxy, the phrase “Don’t Panic” is written across the front to help the reader keep a cool head when facing the dangers of galactic hitchhiking. This may sound like dealing with IT problems–especially when the root cause is a cryptic error or unexpected failure. Turning to technical folks and their blogs is a good way to “not panic” when it comes to dealing with the trough of woe. In this episode, we’ll talk to prolific technical blogger & VMware employee William Lam to get an insider’s view of what happens to generate such delightful content. Sponsor: Tufin Tufin has pioneered a policy-based approach to network security management using automation and analytics. As a result, you can make network changes in minutes instead of days, reliably and securely. Tufin. The Security Policy Company. Find out more at tufin.com. Just Some Of The Questions We Discuss 1. Most of your written content looks at things you’ve learned or dealt with (workarounds, hacks, unique takes on features or technology). How do you prioritize your technology focus areas? 2. How do you engage with your community and customers? What information do you suggest gathering to help make a case back to your product and engineering teams? 3. You have a reputation as someone who listens to the community and customers, and then champions their needs internally. What is this experience like? What advice can you share with folks on how to communicate their needs to a vendor? 4. Do certifications play a role in your career? Have they played a role in the past? Do you feel that certifications are a necessary evil, learning blueprint, or something in between? 5. Describe your current lab environment to the audience. What devices, software, clouds, and platforms are you consuming or considering? 6. How would you advise an an engineer building out a lab with today’s options? Should they build a low wattage home lab? A cloud lab? What about simulated learning environments such as Codecademy? Links, Links, Links! * William’s Blog: VirtuallyGhetto.com * William’s Twitter: @lamw * William’s Home Lab Page – a collection of articles to help you with your own home lab builds * More of William’s excellent articles we referenced in the show… * 64GB memory on the Intel NUCs? * Thunderbolt3 to 10GbE NICs * Update on running ESXi on Intel NUC Hades Canyon (NUC8i7HNK & NUC8i7HVK)

Heavy Networking 465: Looking Backward and Forward with Harry Quackenboss
Aug 13 2019 68 mins  
Harry Quackenboss is long time veteran of infrastructure technology. In networking he was a VP of Sales of Crescendo for FDDI networking (to the desktop) which was acquired by Cisco. He later founded Woven Systems as a high speed Ethernet company of the time and more lately CEO of cPlane, a SDN company now relaunched as CPLANE NETWORKS, . Today, Harry is investor and advisor to a number of companies in the infrastructure space. Harry talks with Greg about the state of networking based on his experiences. Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Topics Covered * Ethernet, FDDI and did we make the right choice and why ? * Bundling and unbundling of products * The invisible cost of product evangelisation. * Should customers be smarter about demanding free sales effort ? * Can the WAN / LAN / Campus converge into a single unit of operation ? * Why SDWAN is taking off ? Permission-less connectivity, Internet is good enough. * Open Source isn’t free and the cost of software isn’t directly less than hardware. * The emergence of co-processors for off-load and what that might mean for NFV * Service Function Chaining or Microsegmentationsomewhat   You can find Harry on LinkedIn at https://www.linkedin.com/in/harryquackenboss/  



BiB 081: 128 Technology Rethinks The WAN Router
Aug 01 2019 7 mins  
Ethan Banks and Drew Conry-Murray were delegates at a recent Networking Field Day Extra to hear from 128 Technology. 128 Technology makes a software router that runs on x86. There are a variety of software-based routers on the market. What sets 128T apart is how it does the routing. For example: * The 128T router is session-based and stateful * It’s secure via policy, with a zero-trust posture * Operators can set policies to determine the network path depending on SLAs and changing network characteristics * The router relies on packet metadata and NAT to direct packets * The router uses AES-256 or 128 to encrypt metadata in the first packet, and the payload in every packet in a session Use Cases The speakers from 128 Technology outlined several use cases for their software router: * Routing/connectivity in locations with significant bandwidth constraints, such as satellite * SD-WAN (including cloud traffic optimization) * VoIP/call centers * L4 firewall (not an NG or UTM platform, but you can do service chaining for the fancy stuff) * “We’re going after the routing market. Not just the SD-WAN market.” NAT Vs. Tunneling The 128 Technology presentations go to great pains to explain that they don’t rely on tunneling or encapsulation to get packets from source to destination. By eschewing tunnels, 128 Technology claims several benefits: * Efficiency gains of ~ 30% demonstrated (i.e. more throughput due to less tunnel overhead, matters more when bandwidth-constrained) * Reduced risk of fragmentation / having to tweak TCP MSS or MTU * If there is fragmentation required (metadata adds ~150-200 bytes of overhead depending on policy complexity), they will fragment/reassemble within their own fabric Show Links: 128 Technology.com Networking Field Day Exclusive with 128Technology – TechFieldDay Networking Field Day Videos on YouTube Event playlist 128 Technology Networking Platform Overview 128 Technology Service Centricity via the 128T Networking Platform Data Model 128 Technology Routing Protocols: SVR 128 Technology Routing Protocols: STEP 128 Technology Why Tunnel Free is Better and How We’re Different from Legacy Overlays


Datanauts 170: NRE Labs – A First Step For Network Automation Training
Jul 31 2019 56 mins  
There’s a flurry of activity around network automation, lots of discussion about its impacts, and a host of open-source and commercial tools available. But actual adoption? Not so much. Today’s Datanauts podcast explores NRE Labs, a free site to train network engineers in basic automation concepts and tools. NRE stands for “Network Reliability Engineering”. As guest Matt Oswalt describes it, the goal of NRE Labs is to help network engineers take that first automation step, get unstuck, and get started. Matt is an “engineer in marketing clothing” at Juniper Networks. While NRE Labs is a Juniper-sponsored project, you don’t have to be a Juniper customer. You don’t even have to sign up and hand over any information to use it. The site is entirely free. You just go to the homepage, find a lesson or topic that looks interesting, and get started. The site is designed to work within a browser so there’s no software to download and no complicated virtual environment to configure. The code that powers NRE Labs is open-source so you can grab it for yourself. The project also welcomes contributions and lessons from the community. In today’s podcast, Matt walks Chris Wahl through NRE Labs, describes how it works, explains a couple of lessons, and shares how the community can get involved. Sponsor: Quest Software Quest Software is your go-to for everything Microsoft. Migrate to a new SharePoint or Office 365 environment, move to OneDrive for Business, consolidate Active Directory and Exchange, secure your AD from insider threats, and much more! Learn more at Quest.com/DatanautsPod, and join Quest at The Experts Conference this August for Active Directory and Office 365 training and earn up to 7 CPEs. Get details here. Show Links: NRE Labs NRE Labs on GitHub Introduction To Antidote Antidote Platform Architecture Network Reliability Engineering Community Network Reliability Engineering Meetup UK – MeetUp.org NRE Labs Curriculum – GitHub Working with Network APIs – GitHub PQ 158: Introducing NRE Labs For Network Automation Training – Packet Pushers Matt Oswalt on Twitte...


Heavy Networking 462: You’re Not A Coder, But You Need A Coder
Jul 26 2019 68 mins  
Today on Heavy Networking, we talk about what an ops team looks like when adopting automation. Network automation seems to be driving many of you towards Python. You’re learning to code, or least trying to. If you could just get that tool written, it would help so much. It’s hard though, what with projects going on, not enough people to do all the work, a huge network maintenance event on the horizon, and on and on. And dare I say technical debt? You gotta maintain that tool if you ever get it written. Maybe writing your own automation tools isn’t your job as a network engineer. Maybe you need someone to come alongside of you…like a software developer. Our guests today are Brian Gleason and Jeremy Schulman. Brian has recently started a new job where network automation is really important and handled in a forward-thinking way. Jeremy‘s been in the world of network automation for as long as we’ve been talking about it on Heavy Networking. He’s worked for vendors, his own startup, and now for Major League Baseball. We discuss: * Whether an Ops team needs a dedicated developer * The different types of automation projects and their blast radii * How to calculate ROI for having a developer dedicated to infrastructure tooling * The differences between scripting and programming * How much time you should dedicate to learning to develop, and where to start * The pros and cons of buying vendor tools vs. building your own Sponsor: ExtraHop ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Show Links: Interactive Python Jupyter Notebooks – Jupyter.org Brian Gleason on Twitter Bytes of Cloud – Brian’s blog Jeremy Schulman on Twitter

Heavy Networking 461: Key Concepts Of Intent-Based Networking
Jul 24 2019 58 mins  
Intent-based networking is the latest in a long string of dreams and schemes to get meaningful, wide-scale automation into data center networks. In broad strokes, intent-based networking, or IBN, sounds like magic: take high-level, human comprehensible business goals, run them through some abstraction layers, click your heels three times, and out comes the low-level configurations that are automatically programmed into the requisite devices. For any network engineer who’s been burned by automation schemes in the past, this might sound too good to be true. On today’s Heavy Networking, we peer behind the curtain of intent-based networking to find out if we’re actually dealing with a wizard this time, or just another pretender blowing smoke. Our guest is Phil Gervasi, a network engineer and solutions architect. You may know him at Network Phil on Twitter or his blog networkphil.com. Phil wrote two in-depth white papers on IBN for the Packet Pushers Ignition site. He did a lot of research and analysis, and today we’re going to pick his brains as we follow the yellow brick road to intent-based networking. In particular, we dive into three main areas of IBN: * Network abstraction * Continuous validation * Autonomous remediation Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Packet Pushers Ignition Phil Gervasi on Twitter Network Phil Intent-Based Networking – Concepts and Overview – IETF




Heavy Networking 459: Ignition Relaunch And Ethan’s New QoS Course
Jul 12 2019 45 mins  
It’s been about a year since the Packet Pushers debuted Ignition, our membership site for professional development and as a way to support the Packet Pushers directly. In that time we’ve learned a few things about running a paid membership site. I won’t say Ignition has been a failure. It’s also fair to say Ignition hasn’t been a roaring success. It’s been…meh. And “meh” isn’t what we want. So, a redo is in order. Today’s podcast marks the official relaunch of Ignition. We talk about changes we’ve made to the site’s design, a new subscription scheme, new content, and what we plan to do going forward. Big changes include getting rid of the free tier. Going forward, Ignition content will only be available for paid members ($99 a year). Free access is no longer available. We’re also decoupling the Human Infrastructure newsletter from Ignition. Human Infrastructure is now a free, standalone newsletter. If you’re already a subscriber, you don’t have to do anything; you’ll continue to get each issue in your inbox. If you’d like to get the newsletter, the sign-up page now lives on PacketPushers, along with an archive of every issue. Last but not least, we’ve debuted a brand new course on QoS by Ethan Banks. This course, available only for paid Ignition members, contains more than three hours of instructional material on practical QoS. Ethan covers practical information on the ToS byte, DSCP marketing strategies, shaping, policing, and more. The goal is to help you understand how to use QoS to solve network problems. It’s presented in a modular format so you can consume it in manageable bites, and track your progress over time. Ignition is still a work in progress. Over time we’ll continue to build our content library, including more instructional courses, new whitepapers, analytical blog posts, and more. As always, we are truly thankful for the support we get from you, whether as a listener, reader, or Ignition member. Sponsor: ExtraHop ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Show Links: Ignition Subscribe To Human Infrastructure Magazine


Heavy Networking 458: SDN Federation – One Controller To Rule Them All?
Jul 09 2019 70 mins  
Today’s show dives into the notion of SDN federation. Any organization running a sufficiently-sized infrastructure is going to have a variety of software controllers for automation and orchestration. You may have one in the data center, one for SD-WAN, one for security, one for wireless, and so on. How do these software controllers federate? That is, how do they organize and coordinate to act in a unified manner to ensure that operational, policy, and security goals are met? My guest is Rob Sherwood, an Internet researcher and open source enthusiast. The former CTO of the SDN startup Big Switch, Rob is currently a software engineer at Facebook. We discuss: * Whether all these controllers can and should be federated * The technical and organizational barriers * How to find a common language for each network silo * How vendors are approaching the problem * Whether a master controller can work * How do we get interoperability? What’s the protocol? * The role of analytics and visibility Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Rob Sherwood on LinkedIn


Datanauts 168: Why Design Process Matters For Data Centers And The Cloud
Jul 03 2019 53 mins  
Hello, IT architect. Business person here. We have this huge new project for you. We have an idea for this new system that’s going to make us all sorts of money. It can never go down, because it’s going to be SO IMPORTANT. It’s got to be super secure, too, obviously. Your budget is…three dollars! Right. Okay, that’s a somewhat silly scenario, but it represents a problem many of us in IT face. The organization needs a technology solution to a business problem. There are objectives and constraints. How do you design the solution? If your answer was “on a napkin at the bar!” Hey, not a bad idea, but we’re going to discuss a more formal approach today on the Datanauts podcast. Our guest is Adam Post, a principal consultant at IT Partners, with a focus on virtualization and cloud technologies. We discuss: * The bad things that can happen without a design or design process * The absolute necessity of information-gathering from stakeholders * Similarities and differences when designing for the data center and the cloud * VMware’s recommended design process and its general principles * The AWS Well Architected Framework and general principles * The role of documentation * More Sponsor: Quest Software Quest Software is your go-to for everything Microsoft. Migrate to a new SharePoint or Office 365 environment, move to OneDrive for Business, consolidate Active Directory and Exchange, secure your AD from insider threats, and much more! Learn more at Quest.com/DatanautsPod, and join Quest at The Experts Conference for Active Directory and Office 365 training and earn up to 7 CPEs. Get details here. Show Links: Adam Post on Twitter Semi-Technical.com – Adam’s blog Adam Post on LinkedIn Breaking down the conceptual design, RCARs and AMPRS …. VCDX style (Primer on the VMware-recommend design process) – JeffreyKusters.nl Virtual Design Master: Conceptual, Logical, Physical – Technicloud The 5 Pillars of the AWS Well-Architected Framework – AWS



BiB 079: Edgeworx Gives Kubernetes Edge Computing Awareness
Jun 28 2019 5 mins  
Drew Conry-Murray and Ethan Banks had a briefing with a startup called Edgeworx on June 24th, 2019. You can read their highlights of the Kubernetes-related news Edgeworx shared below, or listen to the audio version in the player above. What Does Edgeworx Do? As you might guess from the name, Edgeworx focuses on the network edge; that is, on security cameras, or local compute at a cell tower base station or on an offshore oil rig, for example. The startup’s big idea is to make it easy for organizations to re-use applications they’ve written for other platforms and run those applications on edge devices. If you want to do local processing on edge devices, Edgeworx wants to provide the platform to run applications on those devices. Edgeworx says it can run on almost anything: security cameras and other IoT devices, IoT gateways, Wif-Fi routers, cars, etc. The company does have minimum hardware & software specs. Edgeworx needs some distro of Linux, a minimum of a 32-bit ARM processor, and 128MB of RAM. If the device meets those minimums, Edgeworx can run. The startup also makes an agent that runs on IoT and edge devices to manage and control devices, provision devices, monitor health, set policies and get alerts. Mesh Networking And AMQP Edgeworx enables devices to connect to one another using AMQP 1.0, or the Advanced Message Queing Protocol. This is the basis for edge-to-edge, edge-to-cloud, and cloud-to-edge networks–whatever is required for a given edge computing environment. Kubernetes Customized For Edge Computing The big news from this briefing is that Edgeworx now gives Kubernetes specific intelligence about the edge computing environment: the device capabilities, GPS geolocation, etc. This means that edge computing environments can enjoy the scheduling benefits of Kubernetes, while at the same time getting workload placements in a way that works well with edge computing environments’ unique needs. For More Information For more information, go to edgeworx.io. For more IT podcasts, blogs and news created for engineers, visit packetpushers.net where you can subscribe for free. And for even more great information, become a member at ignition.packetpushers.net.







Heavy Networking 454: Analyzing Encrypted Traffic In The TLS 1.3 Era With ExtraHop (Sponsored)
Jun 07 2019 45 mins  
Deep packet analysis at line rate is a complex claim. What do we mean when we say, “Deep”? Assuming we mean layer 7 payloads…which protocols? Some of them? All of them? What if the packet is encrypted? What if we’re a dual-stacked IPv4 and IPv6 network? And what do we mean when we say, “Line rate”? We’re at speeds of 400Gbps now. So, which lines are we talking, and how many of them? By the way, if we’re analyzing packets at line rate, where are we keeping them? Do we have to build a massive storage array? None of these problems are new, and the more data we put on the network, the more challenging line rate deep packet inspection becomes. Today we take a stab at it with our sponsor ExtraHop. Our guest is Mike Ernst, VP of Sales Engineering at ExtraHop. Mike has promised to put his engineering hat on today and keep his inner salesperson in the background. We discuss: * Commercial tools vs. Wireshark * The packet capture architecture required to get “every packet and transaction” * ExtraHop’s appliance family * How ExtraHop gets packets from the public cloud * Real-time analysis vs. investigating stored packets * Differences among flow data, telemetry, and full packet capture * How ExtraHop deals with encrypted traffic * Why an agent is required to decrypt TLS 1.3 traffic Show Links: ExtraHop ExtraHop.com/packetpushers Follow ExtraHop on Twitter

Datanauts 166: Can You Hire ‘DevOps’?
Jun 05 2019 66 mins  
I hear about companies that create net new DevOps roles and hire “DevOps Engineers” to fill them. And then those DevOps people fail in their roles, because no one wants to deal with the additional processes they tend to create. I’ve wondered if hiring specific DevOps roles is doing it wrong. Is a transformative approach a better idea? That is, take the people you’ve got and retrain, retool, and reorganize. Foster a different culture that’s DevOps-ian in nature. Then, you might be successful. Am I right? We explore this idea of hiring DevOps on the Datanauts podcast with guest Matt Stratton. Matt is a DevOps advocate at PagerDuty. We discuss: * Core DevOps principles and how to separate out marketing nonsense * Why every IT professional in an organization needs to understand the business * Whether there are costs to an IT team to moving to DevOps, and costs for not moving * DevOps success stories * Dealing with the inevitable people problems * Iterative steps you can take to creating a DevOps culture Sponsor: Tufin Tufin has pioneered a policy-based approach to network security management using automation and analytics. As a result, you can make network changes in minutes instead of days, reliably and securely. Tufin. The Security Policy Company. Find out more at tufin.com. Sponsor: Quest Software Quest Software is your go-to for everything Microsoft. Migrate to a new SharePoint or Office 365 environment, move to OneDrive for Business, consolidate Active Directory and Exchange, secure your AD from insider threats, and much more! Learn more at Quest.com/DatanautsPod. Show Links: Matt Stratton on Twitter Matt Stratton on LinkedIn Arrested DevOps Podcast The “Matt’s hair” tweet Old Geeks Yell at Cloud with Andrew Clay Shafer & Bryan Cantrill – Arrested DevOps DevOps Culture Change With Bill Joy – Arrested DevOps Principal Engineering With Silvia Botros – Arrested DevOps Matt’s Favorite DevOps Definitions “DevOps is the union of people, process, and products to enable continuous delivery of value to our end users.” – Donovan Brown http://donovanbrown.com/post/what-is-devops “A culture where people, regardless of title or background, work together to imagine, develop, deploy and operate a system.” – Ken Mugrage https://kenmugrage.com/2017/05/05/my-new-definition-of-devops/ “A cultural and professional movement, focused on how we build and operate high velocity organizations, born from the experiences of its practitioners.” – Adam Jacob https://github.com/chef/devops-kungfu Matt’s Favorite DevOps Resources



Heavy Networking 452: Using NetBox As A Source Of Networking Truth
May 31 2019 62 mins  
Today’s Heavy Networking looks at sources of network truth. Specifically, with NetBox. What is NetBox? To quote netbox.readthedocs.io: “NetBox is an open source web application designed to help manage and document computer networks. Initially conceived by the network engineering team at DigitalOcean, NetBox was developed specifically to address the needs of network and infrastructure engineers.” NetBox is growing in popularity among networkers. Here to talk to us about why NetBox is so great is John Anderson. He’s a network automation engineer at NetworkToCode, and a NetBox contributor. We discuss: * What NetBox is – IPAM and DCIM (Data Center Infrastructure Management) software * What NetBox is not – a network management system, a network discovery tool, or DNS/DHCP server * How to deploy NetBox * How you model the intended state of your network and import data to it * The kinds of information it can contain and what you can do with it * Its support for IPv6 * More Sponsor: Open Systems In the crowded SD-WAN market, don’t overlook Open Systems. Open Systems brings security, automation and expert management to let you focus on other aspects of your network. Get visibility, flexibility and control combined with performance, simplicity and security with SD-WAN from Open Systems. To find out more, go to www.open-systems.com/packetpushers. Sponsor: Tufin Tufin has pioneered a policy-based approach to network security management using automation and analytics. As a result, you can make network changes in minutes instead of days, reliably and securely. Tufin. The Security Policy Company. Find out more at tufin.com. Show Links: NetBox John Anderson on GitHub NetworkToCode



Datanauts 165: IT Roundtable – Chaos Engineering And More From Google Next 19
May 23 2019 36 mins  
Greg Ferro, Packet Pushers podcast network co-founder, has commandeered the Datanauts bridge to take over today’s episode. At the recent Google Next 19 conference, Greg sat down for a far-ranging roundtable conversation with three IT professionals who shared their expertise on chaos engineering, why cloud networking is hard, and cloud migration, among other topics. Ethan Banks beams in after the fact to introduce the show and provide the takeaways. Greg’s guests are Ana Medina, Chaos Engineer at Gremlin; Leticia Kemp, Head of Business Intelligence at Crunch Simply Digital; and Marisabel Rodriguez, Tech Director at Globant. They discuss: * The pros and cons of breaking things on purpose (chaos engineering) * How business intelligence tackles metrics and reporting * Lift-and-shift vs. incremental movement to the cloud * Whether there’s a skills gap in enterprise IT * Service meshes * More Sponsor: Open Systems Open Systems brings security, automation, and expert management to SD-WAN. Get visibility, flexibility, and control combined with performance, simplicity and security with SD-WAN from Open Systems. To find out more, go to Open-systems.com/packetpushers and get a free beanie and a Gartner report on the economics of SD-WAN. Sponsor: Quest Software Quest Software is your go-to for everything Microsoft. Migrate to a new SharePoint or Office 365 environment, move to OneDrive for Business, consolidate Active Directory and Exchange, secure your AD from insider threats, and much more! Learn more at Quest.com/DatanautsPod. Show Links: Ana Medina on Twitter Ana Medina on LinkedIn Leticia Kemp on Twitter Leticia Kemp on LinkedIn Marisabel Rodriguez on Twitter Marisabel Rodriguez on LinkedIn



BIB 078 Solo.io and Super Gloo
May 16 2019 6 mins  
Solo is building a group of abstractions on service mesh to make them useful. You see, the problem with cloud is that you lose the control of the networking. The abstraction of the network in AWS or Azure means that you have a few problems, incompativluty But the real problem is that you lose control of the network, so you want to build a new one so that you get control of the traffic and insert L7 fucntionality. So using a service mesh overlay gives you back your visibility and control but also offers opportunities that aren’t possible with traditional networking. Solo.io starts with Using Envoy as a an L7 Load Balancer – its called an API Gateway in cloud speak, but its a L7 proxy that does rate control, decryption etc. To make it specifically useful Solo Gloo is container aware and built with tools for knowing what’s in containers. So far, it’s a good idea. But you can build apps on the API gateways to automate various functions. examples apps are a inline debugger tool. Super Gloo: the assumption is that you will have more than one service mesh because, well, Kubernetes doesn’t work so well at hosting many apps. Smaller K8S is currently the way forward instead of one big one. Now operating istio service mesh is not a simple thing. SSL certificate management, enforced sidecar deployment, Super Gloo aims to make this smoother. – * SuperGloo takes charge of launching and managing key mesh functionalities, including encryption, telemetry, and tracing * installation process of all supported service meshes, bypassing the often-complicated implementation-specific installation process. * SuperGloo provides a f * SuperGloo makes it easy to connect multiple service meshes across namespaces, across clusters, or across clouds, providing flat networking and policy.

Heavy Networking 449: Web Application Firewall Fundamentals
May 15 2019 71 mins  
On today’s Heavy Networking our topic is Web application firewalls (WAFs). Which, in the traditional sense, are neither web applications nor firewalls. So what are these strange creatures? If my company doesn’t have one, should I go to the pet store and get one? Will they bite me if I’m not careful? What does a web application firewall eat? Helping us understand how to feed and care for our very own web application firewall is Scott Hogg, who you might know from the IPv6 Buzz podcast, part of the Packet Pushers podcast network. We discuss: * How a WAF differs from typical firewalls * The security problems WAFs try to solve (protecting vulnerable Web apps) * How WAFs are deployed * The architecture of a typical WAF * Operational challenges * How attackers bypass WAFs * The role of WAFs in cloud applications * More Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Sponsor: Cumulus Networks If you’re future-proofing your network, why go with legacy infrastructure? Cumulus Networks offers networking software for the open, modern data center, giving you the option to choose the new way every time. Find out more at cumulusnetworks.com/modernize. Show Links: Scott Hogg on Twitter Hexabuild IPv6 Buzz Podcast Scott’s Network World author page Scott’s Infoblox author page Web Application Firewalls and IPv6, Scott Hogg – Network World The Open Web Application Security Project (OWASP) The Web Application Security Consortium (WASC) Web Application Firewall Evaluation Criteria (WAFEC) WAF Criteria – ICSA Labs (PDF)




Datanauts 164: When Is It Time To Walk Away?
May 08 2019 53 mins  
Today’s Datanauts episode springs from a deeply personal blog post written by our guest, Al Rasheed. Al talks about the costs of an IT career; how the long hours and the stress can eat away at your personal and family life, negatively affect your health, and make you feel like a failure. We discuss regrets for the good jobs that got away, the bad jobs we stayed in too long, and how to decide when it’s time to walk away. Al also shares his experiences about how he’s coped with the ups and downs of life in IT, how his passion for technology and learning continues to drive him, and the vital role that community plays. We explore why the human connections of community can be more vital than the tech tips and goofy means that get passed around. If you’ve ever sat at your desk and wondered “What am I doing here?” then this episode is for you. Sponsor: Quest Software Quest Software is your go-to for everything Microsoft. Migrate to a new SharePoint or Office 365 environment, move to OneDrive for Business, consolidate Active Directory and Exchange, secure your AD from insider threats, and much more! Learn more at Quest.com/DatanautsPod. Show Links: You Can Call Me Al – Al Rasheed’s blog post Al Rasheed – A personal Blog about IT related subjects – Al Rasheed My trudge through IT Burnout and the fight to keep it at bay – Eric Lee Let’s Talk About ‘Imposter Syndrome’ – Cody De Arkland Al on Twitter Al on LinkedIn


BiB 076: Versa Titan: SD-WAN As A Service, Or Do It Yourself
May 01 2019 2 mins  
You’re listening to Briefings in Brief from the Packet Pushers, an audio digest of IT news and information, including vendor briefings, industry research, and commentary. I’m Drew Conry-Murray, It’s April 30th 2019 and here’s what’s happening. Earlier this month Versa Networks announced Versa Titan, an SD-WAN and security offering that can be consumed in two ways: as a service from MSPs, VARs, or system integrators; or as a product to be deployed and operated directly by customers. Whichever approach customers take, Versa’s goal is to make deployment dead simple through pre-configured branch appliances, a cloud-based controller, and a mobile app for activating appliances and monitoring the system. Versa operates the controller infrastructure, or a head-end in Versa’s parlance, in its own data centers on behalf of providers and do-it-yourself customers. Service providers can brand the customer interface if they so choose. Cloud Services Gateway As part of the solution, Versa is announcing the Cloud Services Gateway, a branded appliance for branch and remote offices or retail locations that runs Versa’s SD-WAN and security software, including a next-gen firewall and UTM. The appliance, which supports PoE, can also provide Wi-Fi for branch locations. The appliance comes pre-configured with dynamic path selection policies already in place, but customers or providers can access a portal to change those policies as they like. The SD-WAN component provides table-stakes functionality including support for broadband, MPLS, and LTE links; dynamic path selection based on applications and policies; traffic conditioning using techniques such as forward error correction and packet replication; and analytics. Aiming To Stand Out In case you hadn’t noticed, the SD-WAN market is now more crowded than a Florida beach during spring break, so SD-WAN vendors are putting significant effort into differentiating themselves. By emphasizing ease of use and fast deployment, Versa aims to lure MSPs looking for quick wins, as well as customers who have connectivity needs but may not have a large IT staff to manage a stand-alone SD-WAN deployment. On the security front, Versa isn’t the only vendor that touts integrated security functions. Cato Networks, for example, offers native security features such as a next-gen firewall as well as a private network backbone. Open Systems, which recently sponsored a Packet Pushers Heavy Networking episode, also offers a service-based SD-WAN solution with security baked in. Meanwhile, Foritnet, which makes appliances, is essentially putting SD-WAN features into its firewall and UTM boxes. Other SD-WAN vendors will happily regale you with tales of partnerships, integrations, and home-grown security capabilities. With all that said, if Versa Networks sounds like it’s worth further investigation or might earn a spot on your shortlist, you can go to versa-networks.com to get more details. That was Briefings in Brief from the Packet Pushers. For more IT podcasts, blogs and news created for engineers, visit packetpushers.net where you can subscribe for free. And for even more great information, become a member at ignition.packetpushers.net.

BiB 075 : Looking at Cumulus NetQ 2 Announcements
Apr 30 2019 6 mins  
NetQ Platform * NetQ platform is the central platform that receives real-time telemetry data, providing visibility, network validation and trouble-shooting. The platform can run in a Virtual Machine or on the Cumulus NetQ hardware appliance. * Intended for the data centre. Not an end to end automation solution (although possibly that is under development) * NetQ 1 focussed on configuration and validation for such activities as BGP and EVPN configuration. And tracking IP addresses, VLANs and server status etc other general operational tasks. * Cumulus claims that NetQ performs 3 primary functions: * DATA COLLECTION – Real-time and historical telemetry and network state information * DATA ANALYTICS – Deep processing of the data * DATA VISUALIZATION – Rich Graphical User Interface (GUI) for actionable insight * Agent driven – install agent onto Linux hosts including your Cumulus Linux devices. * Integration with some third parties – Slack, syslog-ng, pagerduty. More to come I suspect Larger Issues ? * It’s pretty. Seriously, its visually nice. * SDN is much more than deployment and configuration of network devices. * In many ways, its more important to have analytics and monitoring tools to improve your knowledge about what is actually happening on the network and improving the mean time to innocence aka its not the network. * Smaller companies can easily compete with bigger companies when making software. Mid-sized enterprises with modest networking requirements in the data centre, do not need the more complex products from Cisco which would require Cisco ACI with NAE, or Tetration to have an equivalent solution.

Datanauts 163: Hybrid Cloud DNS Design With AWS Route 53
Apr 24 2019 52 mins  
If you operate an IT environment where some of your resources live in AWS and some live on-premises, you’ve had to face the hybrid cloud DNS problem. What problem is that? The Route 53 service isn’t a name server like you’re used to, but AWS has enhanced Route 53 to make hybrid cloud DNS easier for enterprises to deal with. Today, the Datanauts help you understand integrating the Route 53 Resolver with the rest of your DNS environment. Our guide to this integration is Matt Adorjan, Cloud Engineering Manager at Balyasny Asset Management. In part 1, Matt and the Datanauts discuss how cloud influences and changes traditional IT roles, and then talk about CloudPing.co, a utility Matt created that runs in each AWS region and pings all the other regions to track latency among them. Part 2 dives into cloud DNS and the challenges that AWS’s Route 53 presents for hybrid cloud deployments. They talk about how Route 53 differs from traditional DNS, why you can’t route to the Route 53 resolver IP across VPN or DX connections, and how to address those limitations. Part 3 examines the inbound and outbound endpoint feature that AWS added to Route 53, how it works, what it costs, and the pros and cons of this solution vs. other workarounds. Sponsor: Quest Software Quest Software is your go-to for everything Microsoft. Migrate to a new SharePoint or Office 365 environment, move to OneDrive for Business, consolidate Active Directory and Exchange, secure your AD from insider threats, and much more! Learn more at Quest.com/DatanautsPod. Sponsor: Open Systems Open Systems brings security, automation, and expert management to SD-WAN. Get visibility, flexibility, and control combined with performance, simplicity and security with SD-WAN from Open Systems. To find out more, go to Open-systems.com/packetpushers and get a free beanie and a Gartner report on the economics of SD-WAN. Show Links: CloudPing.co Matt Adorjan on Twitter Hybrid DNS for the Enterprise in AWS – Matt Adorjan On Medium An Update to Hybrid DNS for the Enterprise on AWS — Introducing Route 53 Resolver for Hybrid Cloud! – Matt Adorjan On Medium Amazon Route 53 Resolver for Hybrid Clouds – AWS Blog Matt’s blog

Datanauts 162: From Tech Support To Cloud Architect – An Opinionated Career Path
Apr 10 2019 51 mins  
Looking to elevate your skills from on-prem hardware monkey to cloudy diva? In this episode, we explore one person’s career path from tech support to cloud architect, and get his opinions on key cloud issues. Our guest is Bill Gurling, Cloud Solutions Architect at Rubrik. In part one of the show, we review Bill’s career journey, which includes stints at GeekSquad, end user support, the army, and a converged infrastructure architect. We talk about what drove Bill to move into different roles, and why scripting and automation have been key throughout his journey. In part two, we pivot to Bill’s cloud expertise and dig into his opinions on tools such as Terraform and AWS CloudFormation, including ease of adoption and what it’s like to work with these tools at scale. In part three, Bill shares his insights on whether the industry will achieve the dream of multi-cloud applications, getting beyond lift-and-shift as organizations move to the cloud, and what it means to be a distinguished engineer. Sponsor: Quest Software Quest Software is your go-to for everything Microsoft. Migrate to a new SharePoint or Office 365 environment, move to OneDrive for Business, consolidate Active Directory and Exchange, secure your AD from insider threats, and much more! Learn more at Quest.com/DatanautsPod. Show Links: Bill Gurling on Twitter Bill Gurling’s Blog Which do you use – Terraform or CloudFormation? – Reddit CloudFormation / Terraform real world use cases? – Reddit Defining a Distinguished Engineer – Jessie Frazelle


BiB 074: Replace iSCSI With NVMe/TCP From Lightbits Labs
Mar 28 2019 5 mins  
The following is a transcript of the audio file you can listen to in the player above. Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. I’m Ethan Banks, it’s March 28, 2019, and here’s what’s happening. I had a briefing with Lightbits Labs earlier this month. Why? Because I believe NVMe over TCP is going to make major inroads into enterprise environments over the next months and years, and Lightbits Labs employs many of the folks who wrote the spec. These folks are at the heart of all that is NVMe over TCP, and I wanted to hear about their product and what they’ve been doing with customers, as that might be you in the near future. Network As Directly Attached Storage Lightbits Labs has announced a software defined storage with hardware acceleration product. In a nutshell, the product is a global flash translation layer that decouples SSDs and compute. Put your compute wherever, mount a box full of fast storage via Lightbits using the NVMe over TCP protocol, and get storage latency that performs like directly attached storage, but without the waste of space. Lightbits is aiming this offering at folks who are looking for hardcore storage performance. These folks are operating private clouds and large enterprises. Usually, these companies have their own composable stack. What they want from Lightbits is an API and speed. Lightbits Is Different If you’re thinking that this is essentially distributed storage and nothing new, you’re sort of right. Abstracting disk from compute isn’t new. But Lightbits cites four differentiators that we’ll talk through. First, Lightbits works with the server hardware you bring dedicated to storage, provided it’s x86 with standard NVMe SSDs…nothing fancy. You can load the server with 8, 16, or even 32 SSDs. The NIC can be a standard Ethernet NIC. TCP offload is not required. TCP windowing is optimized by the NVMe over TCP stack to get a consistent latency profile for the storage server traffic. If you want your rev up your stock x86 hardware a little, Lightbits will sell you an optional acceleration card for SSD management and data services. The LightField Card is a PCIe add-in that offloads data reduction, data protection, NVMe/TCP, and the global flash translation layer functions. Second, Lightbits claims that the global flash translation layer, something you typically find at the host level, is unique. As I dug around the Internet, I couldn’t find anything to dispute that claim. Lightbits calls their global FTL LightOS. LightOS is the operating system software layer that virtualizes pools of SSDs. Lightbits claims that LightOS can improve the endurance of SSDs up to 4x, especially with compression and thin provisioning. And if that’s true, there’s an ROI calculation you perform, because the physical flash disk is going to last longer with LightOS sitting on top of it. LightOS doesn’t offer de-duplication today, but it’s on the roadmap. Third, NVMe over TCP is, as the name implies, TCP. You can run this over your existing IP network. You can run it multi-hop, not a given in storage protocols. You don’t have to build a special network to handle special storage protocol magic. NVMe over TCP works with what you’ve got. That said, I will point out that NVMe over TCP might ask a little bit of that network you’ve got, and you should do some homework. Dr. J Metz did a dense, detail-filled presentation on NVMe over fabrics for network engineers, and you can find that presentation on our Ignition.PacketPushers.net website for free. But the point stands that NVMe over TCP doesn’t need a special network, which probably means it’s coming to your network at some point. Fourth, Lightbits points out that t…



BiB 073: HammerSpace Data-as-a-Microservice For Kubernetes
Mar 26 2019 4 mins  
The following is a transcript of the audio file you can listen to in the player above. Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. I’m Ethan Banks, it’s March 26, 2019, and here’s what’s happening. I had a briefing with HammerSpace earlier this month. HammerSpace describes themselves as, “a storage and protocol agnostic cloud data control plane, abstracting data from the infrastructure for self-service hybrid cloud data management, driven by machine learning and metadata management to deliver Data-as-a-Service.” That mouthful does a pretty good job at getting to the heart of HammerSpace, which is to layer policy on top of your existing storage, moving data around to wherever you need it to be automatically. And if that happens to include hybrid cloud, that’s just fine with HammerSpace. Data-As-A-Microservice In this briefing, HammerSpace announced the ability to provide a global namespace for persistent storage in Kubernetes environments. As containers were originally conceived to be stateless and ephemeral, that is you should be able to stand them up and tear them down at will with essentially zero application impact, the idea of persistent storage seemed a bit wrong. Why do we need persistent storage for stateless containers? As container use cases have expanded, stateful containers have become normal, and the need for persistent storage has grown right along side. But presenting that storage to a container in an automated way hasn’t been all that easy. HammerSpace has tackled this issue with what they are calling data-as-a-microservice. This is not a new type of K8s specific storage, which HammerSpace thinks is about the last thing the Kubernetes world needs. Therefore don’t think of this as being just about getting data to a container. More importantly, HammerSpace is trying to answer the question, “How do we get storage to evolving workloads?” Data Is Declarative The answer to this question is to make data declarative. That is, describe what is needed from storage, and it just happens. At least, from a devops perspective, it looks like “it just happens.” In other words, policy drives the automation without admins having to pay too much attention. Once the policies are in place, snapshots are put where they are needed for access or resilience. You might be accessing storage that’s on prem. You might be accessing storage that was burst to public cloud if policy dictated. You can also turn off HammerSpace in the public cloud when you need to save some dollars in your cloud provider’s bill, although global de-dupe to reduce the amount of data transiting cloud is part of the package. Of course, nothing here is actual magic. What’s really going on is that K8s is talking to HammerSpace DSX Data Services Nodes as well as the Container Storage Interface as presented by HammerSpace. Kubernetes workloads are getting local file type performance via NVMe-level IOPS even though they are talking to HammerSpace and not storage directly. Use Cases HammerSpace cited a couple of key use cases for this technology that will be familiar to folks who have run into stateful containers. The first use case is databases. For example, noSQL, MySQL, Elastic, Redis, Cassandra, mongoDB, and MS SQL Server. HammerSpace described this scenario as helpful to folks who need low latency access for their builds to go fast. The second was for transparent dev/test to production. For example, you could take a snapshot of data living on your on-premises NetApp, present it into the cloud read-write, a benefit of a Kubernetes global namespace according to HammerSpace. For More Information This is a complex product and announcement, and lots more to the…


Datanauts 160: The Hitchhiker’s Guide To IT Travel
Mar 13 2019 58 mins  
Do you know where your towel is? Today’s Datanauts episode offers travel advice for IT pros who spend a lot of time on the road. Our three guests have logged millions of miles parachuting in to remote sites, driving to data centers, and flying all over the world to make customers happy. They share their experiences on how to stay connected, how to maximize space in luggage and equipment cases, and how to get from point A to point B as smoothly as possible. Our guests also discuss how to get work done when on the road, and how they manage time and tasks when they don’t know where they’ll be next week. Last but not least, they share tips on maximizing travel programs, and recommend their favorite travel gear, clothing, and cherished accoutrements. In this three-part show we interview travel veterans Ron Fuller, an NSX specialist with VMware; Tony Bourke, an IT instructor; and Greg Shipley, who works at InQTel. Show Notes: Bonus Tips From Greg Shipley: PACKING: GEAR I started off with bags that have a lot of compartments, but I could never remember which compartment I put things in. I eventually moved to having one big open bag (with few compartments) and then using smaller organizers to keep things separate. This accomplishes two things: * I stopped needing to unzip and open a gazillion pockets to find something * I can keep the smaller things near the object they store. Example: small (computer) cable bag stays near my laptop on the hotel desk, toiletry bag stays in the bathroom, etc. So when it’s time to go, everything goes into the (nearby) little bags, little bags go into the big bag. I can usually clear out of my hotel room in 5 minutes or less now. Northface basecamp duffel bag – small https://www.thenorthface.com/shop/base-camp-duffel-s-nf0a3eto * Practically indestructible – mine has been in dozens of countries and logged 100s of thousands of miles * Does not scream “luggage” / is low profile * Fits in overhead * In a pinch, fits UNDER many airplane seats, too * Toss it on your back or throw it over your shoulder and go Clothing cubes https://www.amazon.com/AmazonBasics-4-Piece-Packing-Cube-Set/dp/B014VBHNDU/ref=asc_df_B014VBHNDU/ Toiletry bag https://www.workbygravel.com/products/the-explorer-slim-the-best-toiletry-bag-for-traveling * Was originally a kickstarter. * A little pricey, but so worth it; you will never again be plagued by a toothpaste explosion Laptop sleeve https://www.amazon.com/gp/product/B00ICV5E28/ref=oh_aui_search_asin_title?ie=UTF8&psc=1 * Protects the laptop while it is packed * Doubles as a light-weight item to carry your laptop on days you don’t need all of your gear. (shoulder strap included) Baubax jacket https://www.baubax.com/ * I like having my passport physically on my person, but without advertising it * I’d recommend the sweatshirt or vest; soft-shell might be too much for a flight (Computer) Cable bag * Apple’s approach to international power adapters is superior to everything else I’ve seen

BiB 072: Automate Cloud Native Monitoring With Instana
Mar 09 2019 5 mins  
The following is a transcript of the audio you can listen to in the player above. Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. I’m Ethan Banks, it’s March 8, 2019, and here’s what’s happening. I had a briefing with Instana a few weeks ago. Old School APM The Instana folks reached out to me, because as a guest on the CloudCast earlier this year, I lamented that there are no application performance monitoring tools that correlate infrastructure with app performance in the cloud native era. Instana thought that wasn’t quite fair, and wanted to walk me through what they could do. What is Instana, then? Maybe it’s key to look at what Instana is not. Instana is not old-school application performance management or APM. Many of the Instana folks came from that world, but traditional APM tools function most effectively with infrastructure that’s static. That is, you build out a network and servers and storage, and it’s likely to sit there for years. Applications aren’t likely to change much, either, with only occasional releases. In that sort of environment, you can set up monitoring, and it works fine for a long time. You can build dependency trees, knowing they aren’t going to change much. And, you can keep up with the tweaks needed to the monitoring as infrastructure slowly evolves or new apps are rolled out. Cloud Native Monitoring Challenges Cloud native applications are not like this. Instead of a few large apps, you have many small apps (microservices) talking to each other to deliver a larger app to the business. These microservices are built programmatically, probably spun up by an orchestrator, and there’s a decent chance that orchestrator is Kubernetes. And why is all of this happening? Because instead of quarterly or even annual software releases, application updates are being released all the time. Small changes are deployed to minimize risk, and done in a way that can be rolled back if there are problems. Therefore, new app instances are being spun up constantly. That means there’s new infrastructure to be monitored…constantly. No human can keep up with this infrastructure consumption model. This is why old-school APM products don’t work effectively in a cloud-native environment. Meet Instana Enter Instana. Instana is modern, automated application performance management. How do they do this? An agent sits on a host or in a container, and performs continuous real-time discovery and monitoring of all components. “But wait,” you say. “I have to install an agent? That doesn’t sound very automatic.” Right. Agent installation can be automated, too–when Kubernetes spins up a new instance, the Instana agent installs along with it. What does this agent do? It monitors over 100 different technologies such as Docker, Java, Tomcat, Kafka, Cassandra, MongoDB, nodeJS, RabbitMQ, Lambda functions, and much more. The focus is on modern application stacks, and there’s a support matrix on Instana’s website. One the agent is running, it starts discovery and data collection automatically. In the briefing, Instana showed me an agent installation. The agent then discovered Kubernetes and started monitoring a pod. That led to the discovery of Docker containers. Container monitoring led to discovery of processes. Monitoring processes led to discovery of JVM. That led to monitoring of Spring Boot App. And no human had to do anything to make all of that happen. The data that is gathered by the agent is sent to a centralized spot for analysis, which is where the Instana magic happens. You get… * Automatic distributed tracing. A user makes a request to an app,








BiB 070: Cisco Calls for US Privacy Laws
Feb 11 2019 8 mins  
It strikes me as unusual for Cisco to make social activist statements around privacy laws as a company (1). What would be Cisco’s motivation to call for social justice publicly.  Logically there must be reasons.  To start, Cisco is calling on the U.S. government to develop a US federal privacy law that assures customers their data is protected. The American system should not just look to solve for today’s privacy discussions around monetization of customer data; it should aim to solve for the complex privacy needs of a world where tens of billions of devices are connected to the internet. Its a great thing that Cisco is adding to the debate on privacy. The lack of direction from government and social forums is astonishing as tech companies eg. Facebook make huge profits by exploiting the lack of controls.  As Cisco becomes a data company by operating cloud services and holding large amounts of personal and corporate data, its business has new risks to face.  Woke marketingHaving your brand associated with social activism can be a winner. (2)Legal Clarity Cisco has a number of products that collect large amounts of customer and corporate data. For example, Cloudcenter has complete visibility of customers business, Cisco’s WiFi Analytics are tracking people through retail spaces. Cisco licensing collects more than just asset data. Intersight has so much data it can make recommendations on configuration and operations.  If the law is unclear, Cisco could face legal risks  Law EnforcementsWe have examples of law enforcement using data from smart assistants, fitness monitor and watches. It seems likely that law enforcement will use data from cloud services when pursuing financial crimes. Divergent LawsToday, Europe is leading in privacy policy and US companies are generally not welcome to influence the process and profits might be reduced. Further, if privacy laws vary widely between countries then it may become difficult and expensive to maintain compliance.ChinaLots of noise about Chinese companies and industrial espionage. Privacy laws could be useful for better protections and prosecutions I would note that most of these reasons would apply to many US companies operating globally.  The EtherealMind View Making a public statement calling for privacy is nice. Free, ineffective and makes good marketing. What we should be looking is genuine action to demonstrate commitment.  Resources and Notes Cisco Calls for Privacy to be Considered a Human Right | The Network : https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1965781 * I recognise that John Chambers did some community stuff to reduce boredom but it wasn’t aligned with Cisco.* When Nike make the ad with a controversial sports person (Kapernick) they appealed to their customers. 

BiB 069: Plixer’s FlowPro Shines A Light On Network Darkness
Feb 08 2019 5 mins  
The following is a transcript of the audio podcast you can listen to in the player above. Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. I’m Ethan Banks, it’s February 7, 2019, and here’s what’s happening. I had a briefing with Plixer today. Plixer Scrutinizer, Flow Records, And Context Plixer is in the world of flow record analysis, solving issues for both network and security operations folks. “Oh, so they’re a netflow collector?” Yes, that’s how Plixer started back in 1999, but there’s much more to the story than just collection of flow records now that they’ve got nearly 20 years of software development under their belt. Plixer’s Scrutinizer platform doesn’t simply collect netflow records. Rather, Plixer grabs all sorts of flow records, including netflow, sflow, IPFIX, and more. How much more? Thousands. Plixer has made a point to integrate with several different industry vendors to be able to parse not just the standard flow records, but also many of the proprietary record types that are out there, for example, from Gigamon and Ixia. The big idea is to, as a first step, collect a bunch of records from a bunch of sources–all the sources you have on your network. Collection is good and needful, but the real issue (and one we’ve been harping on in the Packet Pushers world) is how that data is interpreted. Records aren’t interesting by themselves. Context is. Software that collects flow records and parses through them so that you have transactional context up and down the stack is what operations folks need. You don’t have the bandwidth to be providing context yourself. And that’s the next step Scrutinizer takes–providing context to help you make sense of all the flow records being collected from the network. Ahhhh…”Scrutinizer” – I see why they called it that now. While a standard netflow record might give you 12 data points (IP address, ports, and so on), Plixer with all of the integrations they’ve done with other platforms, can tap into as many as 5,000 data points around a transaction. Plixer describes it as a “massively contextual database” containing L2-L7 information. The context stitches together all of the data you might care about when troubleshooting a problem or performing a forensic investigation. Metadata like application, user name, jitter, latency, SSL cert details, geo IP location, etc. are all examples of elements Plixer understands to help clarify what’s really going on and why. The FlowPro Network Probe For Those Hard-To-Reach Network Segments Flow records from sources all over your network including the funky proprietary ones are good, but what if you’ve got some dark spots on your network? Areas where the network equipment in play doesn’t have good flow information to send to Plixer Scrutinizer? Plixer has announced the FlowPro network probe to shine some light on these dark areas. Available both as hardware and virtual appliances, FlowPro observes network packets via SPAN or ERSPAN and can, based on its observations, create and export flow records to Scrutinizer. But that’s not all that FlowPro can do. There’s a bunch of analytical capability baked into the tool. For example, Plixer described rich DNS security functionality to me. FlowPro can inspect DNS via domain reputation checking, look and inspect for DNS tunneling, monitor queries for A and AAAA records, note hits on “whatismyip.com”, and then detect behavior indicating that malware folks are trying to get paid based on lookups against the public IP address of a compromised host. All of that work is done locally on the FlowPro, with anomalous events kicked up to Scrutinizer. The virtual FlowPro runs on VMware, KVM, or Hyper-V. The hardwa…






BiB 068: Aporeto’s Identity Based Workload Segmentation
Jan 14 2019 6 mins  
The following is a transcript of the audio file you can listen to in the player above. Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. I’m Ethan Banks, it’s January 14, 2019, and here’s what’s happening. I had a briefing with Aporeto in December 2018. Aporeto is a security startup. “Oooh, another security startup?!?” you might say, rolling your eyes dismissively. I wouldn’t roll my eyes, as I believe there’s something very interesting here. The Aporeto solution has an eye to modern infrastructure security’s future, and not the past. A Microsegmented Context Before I explain Aporeto, I need to explain microsegmentation. In a nutshell, microsegmentation is centralized management of whitelists applied on a workload by workload basis. Filtering at the workload gives you the “micro” and the whitelisting gives you the “segmentation.” Writing individualized workload whitelists and maintaining them would be too hard for a human to do, especially at scale, and therefore solutions like Cisco Tetration, Illumio, and VMware NSX handle this for you. Each of the solutions I just mentioned all do what they do differently under the hood, but the end result is roughly the same. A small whitelist pushed to or very close to a workload, segments that workload from every other workload, the big idea being to keep malware out, or at least prevent malware from spreading, as well as help prevent data leaks. It’s a divide and contain strategy using central management and a policy engine to deploy at scale. There is more we can talk about here, because it’s possible to bolt on higher level scanning and so forth depending on the microsegmentation solution, but none of that changes my point that microsegmentation is merely an evolution of the same old firewall filtering we’ve all been doing for decades in one form or another. Is Network-Based Microsegmentation The Proper Security Approach? Microsegmentation assumes that the network is where security should be applied. And that’s fair enough. Assuming a defense-in-depth strategy, the network is one part of the security paradigm at least. Should sticking filter lists into highly distributed firewalls be the primary security for a modern, cloud-based application with diverse workloads, though? Aporeto argues, “No.” Aporeto sees workload security not as a network problem. If you view the network as an increasingly complex transport, which it is especially when considering hybrid and multi-cloud architectures and orchestration platforms, then securing workloads is a security problem of its own, not one to dump onto the network infrastructure in the Aporeto view. Introducing Aporeto Aporeto is an identity-based security solution. I don’t only mean user identity. I also mean workload identity. That is, when using Aporeto, workloads can only talk to each other when their identity is authenticated by fingerprint and authorized by policy. Aporeto decouples the network infrastructure from security on the assumptions that the network is distributed and probably not wholly managed by a given organization, that workloads are ephemeral, that all actions should be authorized, and that security lifecycle should be decoupled from the application lifecycle. I just said many words there, so let me give you a more concise focal point. Aporeto is an identity and access management security solution that expects essentially nothing of developers and little of operators to provide deep, context-aware security for workloads no matter if they are hosted locally or in the public cloud, and it does it in a form-factor agnostic way. Hosts, containers, processes, functions, and users all get a unique cryptographic identifier …





Datanauts 153: Understanding Metadata For IT Operations
Dec 12 2018 42 mins  
Metadata is data about data, and metadata matters to your company’s business. Getting your metadata correct means you have more power and control over the information that drives your organization. For example, metadata influences where data gets stored, and at what performance tier; or when data should be moved to optimize a business process. It tells you who’s accessing the data, and how often the data is being accessed, which has implications for security, compliance, and legal discovery. Yep, that’s all tied up in metadata, the topic of our discussion on the Datanauts. Our guest is Karen Lopez, Senior Product Manager and Architect at InfoAdvisors. We work through a definition of metadata, examine why it’s essential across IT, and why you might want to think about metadata as a love note to yourself in the future. We also examine different metadata storage models and the associated tradeoffs and benefits, and dive into metadata use cases in enterprise storage. Sponsor: Packet Pushers Virtual Design Clinic 3 Register now for the Packet Pushers’ Virtual Design Clinic on December 19th. This live, online event includes deep-dive technical presentations for network engineers, Ask Me Anything sessions with expert panelists, and a sponsored presentation from Apcela. It’s free to sign up. Register here. Show Links: Karen Lopez on Twitter Karen Lopez on LinkedIn Data Model.com – Karen Lopez’s Blog InfraGeeks.com Datanauts 074: Understanding Data Models & Why They Matter – Packet Pushers Parallel NFS Home Page



BiB 067: Custom APIs For Business Logic With BlueCat Gateway
Dec 07 2018 5 mins  
The following is a transcript of the audio report you can listen to in the player above. Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. I’m Ethan Banks, it’s December 7, 2018. Automation and sources of truth are on my mind. Sources Of Truth In Weekly Show 402, Ken Celenza from NetworkToCode came on to discuss network automation frameworks. In that conversation, he shared the idea of sources of truth, where automation tools need to go to a single source of truth for any aspect of the infrastructure we needed to know about. You might have several truth sources, one for each kind of information, but for a given kind of information, there’s only going to be one truth source. BlueCat Networks, DDI, And Automation In the last month, I’ve chatted with BlueCat Networks a couple of times. You can see some of those sessions by searching for BlueCat and Tech Field Day on YouTube. They are a DDI company. That is, DNS, DHCP, and IPAM services combined into a unified platform. DDI by itself isn’t exciting, but BlueCat grabbed my interest because of the capabilities they wrap around their DDI information. The platform is automation-friendly, making BlueCat a great candidate to be one of the sources of truth that automation tooling needs. BlueCat is an API-capable product. That is, there’s a full API that developers can leverage to get information in and out of BlueCat. That’s good and even necessary for a modern IT shop, but BlueCat has gone ever further. BlueCat Gateway For Customized Business APIs BlueCat offers a free add-on product to their DDI platform called Gateway. Gateway is a platform customers can use to create their own custom APIs that make sense for their business. Put another way, Gateway provides a REST API endpoint for other applications within the business to talk to. The full BlueCat API is heavy and capable–lots of features and parameters, requiring a decent understanding of how DNS, DHCP, and so on actually work. Gateway enables a business-centric interaction with BlueCat DDI data, streamlining the process. Figure out how your company executes a process, and use Gateway to build an API that exposes just the parameters required to get the BlueCat-related part of that process done. For example, you might create an API called “MoveServer” that might do a bunch of different things within BlueCat like free up the old IP, assign a new IP, and update the DNS hostname. The custom Gateway API shares just the minimum number of parameters required to kick off a process that will get those steps done. You might think of Gateway as an abstraction between business intent and specific execution. I wouldn’t call it intent based networking, but there are comparisons we could make. Building Business Workflows Upon the foundation of customized, business logic driven APIs, Gateway builds workflows. That is, as information flows into and out of BlueCat via the Gateway APIs, Gateway can also populate other systems. For instance, it’s possible to integrate with ServiceNow so that steps of the process can be reviewed and approved if needed. That workflow can also include validation–querying the infrastructure to be certain that the request was fulfilled as intended. BlueCat mentioned that auditing is a use case frequently cited by customer–sanity checking that deployments are compliant to a set of business rules. Enabling Automation Adoption For many engineers, APIs & business logic sounds intimidating. BlueCat recognizes this and offers several resources to help folks get started with Gateway.

BiB 066: Why Cloud Visibility Matters
Dec 06 2018 6 mins  
The following is a transcript of the audio recording you can listen to in the player above. Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. I’m Ethan Banks, it’s December 6, 2018, and cloud visibility is on my mind. Application Architecture Complexity Imagine a complex application. There are multiple parts to it. A web farm behind a load balancer on the front end. A firewall or two. Probably some database calls. And then the stuff we tend to forget about like authentication and domain name services. Okay, you’re with me so far. Now let’s make this more complex by splitting the web app into elastic microservices living in the public cloud. At least, part of the app lives in the public cloud, because an AWS bill shows up every month. Part of the app also lives on-premises. You think. Which is the problem. It’s actually getting hard to tell what is going on with this app, as the developers aren’t always in lock step with the operations team about what they’ve deployed where, and the architecture team just points you to a reference document…that is full of lies. You shake your head that no one seems to know what’s going on. Business as usual. And then on a fateful day, the help desk tickets start piling up. The app performance has gone down the toilet, much like your hopes for a lunch outside the office, and no one seems to know why. Must be the network. Or the cloud. Or that Kubernetes thing. Or something. Data Visualization With Kentik What’s an infrastructure engineer to do? You need visibility. A few weeks ago, I had a briefing with Kentik. Their mission in life is to collect infrastructure data and help you gain meaningful insights from it. I’m not talking about stacks of RRD graphs that look cool while communicating almost nothing. Rather, Kentik shows how data relates to other data in an intuitive way that helps you make decisions or solve problems. Let me give you an example. One of their core use cases has been helping service providers and Internet exchange points understand how data is flowing through their network. Who sent them this data? Where is this data going next? Oh, AS 12345 is sending us data for AS 54321, but it’s costing us a ton of money because it’s traversing our link to AS 31416. Maybe we should create a peering relationship with AS 54321 directly and stop running up our bill to AS 31416. That’s just one example. In the latest demo I’ve seen, Kentik has applied their visualization and analysis to cloud traffic, helping IT teams understand the flows that are happening between services that make up an application. Kentik Cloud Visibility Kentik works by ingesting data. Massive amounts of netflow and other sorts of records from your network and endpoints. For cloud visibility use cases, Kentik is able to absorb AWS & GCP flow logs, with Azure support coming soon. Kubernetes for container orchestration and Istio for service mesh control are also data providers to Kentik, among many other data providers. These are added to the host level instrumentation and network device data Kentik has been able to gather since it came on the scene a few years back. In the briefing I attended, Crystal Li, Senior Product Marketing Manager with Kentik pointed out, “We consume the tag and label information which contains the information about your infrastructure, your service mapping, and your user information.” Which is quite granular indeed. When Kentik has ingested & analyzed the information, results, alarms and actions can be handed off to third party providers as complex as ServiceNow or PagerDuty, and as simple as JSON you bring into a tool of your choosing. Let’s bring this back to our opening hypothetical situ…


BiB 065: Barefoot Networks Announces A New 12.8Tbps Tofino ASIC
Dec 05 2018 4 mins  
Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. Ethan Banks and Drew Conry-Murray discuss the new Tofino 2 ASIC from Barefoot Networks. This ASIC boasts 12.8Tbps total throughput, which puts it on par with silicon from providers such as Broadcom and Innovium. Barefoot’s compelling differentiator is that Tofino offers a fully programmable packet-processing pipeline. Using the open-source P4 language, Tofino customers can customize how the ASIC processes packets, add or remove features, and create their own programs to run on the switch. Small Is Beautiful The Tofino 2 is made with the 7nm process, giving it more transistors in the same die area and greater power efficiency compared to Tofino 1, which uses the 16nm process. Barefoot says the new chip offers a 50% improvement in packets per second per watt. Port options include 32X400GbE, 128x100GE, or 256×10/25/50GE on a single chip. Barefoot Tofino is available through ODMs. Version 1 of the ASIC is also available from Cisco (the Nexus 34180YC) and Arista (the 7170). Barefoot says the Tofino 2 will sample to customers in the first half of 2019. Learn More Tofino 2 – Barefoot Networks BiB 017: Barefoot Networks Introduces Deep Insight – Packet Pushers Barefoot Releases P4 Studio To Streamline Tofino ASIC Programming – Packet Pushers Barefoot Networks At Network Field Day (videos and blogs) – Tech Field Day Increase Flexibility with Cisco’s Programmable Cloud Infrastructure – Cisco


PQ 159: The SATCOM Primer For Network Engineers
Nov 22 2018 74 mins  
In Priority Queue 154, we chatted with PC Drew about the challenges of standing up a fully operational network in the middle of nowhere. That’s standard operating procedure for the military as they fulfill their combat and humanitarian missions around the world. In this episode, we’re going to go deeper on one facet of that conversation, satellite communications. PC Drew is back, and he brought along a colleague, Evander Cook, to educate us on SATCOM. PC is Chief Technology Officer at SchoolBlocks, and Evander is Director of Network Operations at the United States Marine Corps. We discuss basic concepts including frequency bands, TDMA vs. FDMA, satellite coverage areas, and the relationship between signal quality and signal power. PC and Evander also explain how different satellite orbits affect network design, the different kinds of military and commercial services available, and how to account for moving vehicles in satellite communications. Sponsor: Packet Pushers Virtual Design Clinic Join the Packet Pushers for our next Virtual Design Clinic on December 19th, 2018. This live, free virtual event includes presentations on continuous integration and continuous testing for networking, and the impact of NVMe over Fabrics to network design. We’ll also have a panel of experts to partipate in“ask me anything” segments. Celebrate the holiday change freeze by registering at packetpushers.net/vdc. Show Links: PQ 154: Design Challenges In Military Networks – Packet Pushers Orbital Altitudes of many significant satellites of earth – Wikipedia (jpg)


PQ 158: Introducing NRE Labs For Network Automation Training
Nov 08 2018 43 mins  
One problem with learning networking technology is all the work it takes to set up your lab. Creating a virtualization environment, fighting with images, tweaking performance, building out the connections, and so on. What if there was a tool that handled the set up burden for you? A tool where you could jump right in and start learning? Our guests today tell us about a new online tool that does just that. Called NRE Labs, this Web site provides education and training for network automation. You can learn the basics of YAML, Git, and working with APIs, try out automation tools, walk through lessons, or simply experiment with virtual instances of real networking interfaces. Developed and supported by Juniper Networks, NRE Labs is free and open source, and welcomes contributions to the project. You don’t have to register or even log in to use the site; just show up and jump in. Matt Oswalt and Derick Winkworth, both Product Marketing Managers and Juniper, are two of NRE Labs’ creators. They join us on the podcast to walk us through the site. Sponsor: Packet Pushers Virtual Design Clinic 3 Join the Packet Pushers and special guests on December 19th for a live, online Virtual Design Clinic. See presentations on network design for NVMe fabrics, CI/CD for networking, and get your networking questions answered by our panel of experts. Sign up now for this free event. Show Links: NRE Labs Antidote (NRE Labs OSS) – GitHub Antidote Docs Juniper Engnet – Juniper Networks Keeping It Classless – Matt Oswalt’s blog


Datanauts 150: Living Outside Your Technology Comfort Zone
Oct 31 2018 45 mins  
Lead? Or follow? Get involved? Or watch from the sidelines? The answer depends a lot on your personal career goals. Want more opportunities? That special job? Then most likely you have to put yourself out there by learning something new and trying something different, even if it makes you uncomfortable. Today on the Datanauts we talk about the risks and rewards of getting outside your tech comfort zone. Our guest is Ken Nalbone, Tech Field Day Event Lead at Gestalt IT. He blogs at FullStackKengineer. Ken and the Datanauts talk about how, after 10 years in the same job, Ken decided it was time for a change. That meant some investment of time and effort into acquiring new skills. It also meant getting out into the world, including attending a local VMUG. They discuss internal barriers to change, including both imposter syndrome and smart kid syndrome, as well as having to overcome introversion. Sponsor: VMware Virtual Cloud Network Deep Dive Join VMware live and in person at the Virtual Cloud Network Deep Dive coming to your city. You’ll hear from VMware NSX® product experts on how you can grow your skills to create an agile, programmable network infrastructure that can meet the business and security demands of the multi-cloud world. Visit www.vmware.com/go/VCNDeepDive to register. Show Links: Live Outside Your Comfort Zone. It Will Be Worth It – FullStackKengineer (Ken Nalbone’s blog) Episode of the Nerd Journey podcast where Ken first heard the term “Smart Kid Syndrome” Ken Nalbone on Twitter Tech Field Day





Datanauts 147: What’s Your Private Cloud Strategy?
Sep 19 2018 49 mins  
Everyone talks about cloud and a lot of people are rushing to the public cloud, in part because cloud providers make it so easy to spin up resources and get started. But you can build a private cloud and have the same benefits–ease of use, self-service, and accountability–within your own data center. On today’s Datanauts podcast, we break down what it takes to build out a private cloud on your premises. Our guest is Rita Younger, National Practice Lead SDDC / SDN and Technical Innovation Group at CDW. You can find her on Twitter as @SDN_GIRL. Our three-part show covers the following: Part 1: Changes To Physical Infrastructure * Why you need to understand traffic flows * The importance of network analytics * Three-tier vs. leaf-spine architectures * How hyperconverged affects infrastructure Part 2: Private Cloud Benefits * What are the characteristics of a private cloud: orchestration, automation, APIs? * Dealing with operational complexity * Intent-based networking * Whether applications need to be changed to run in an elastic environment Part 3: Breaking Down the Silos * How does cloud reorganize traditional IT roles? * Why cross-silo collaboration is essential * Who’s responsible for automation and orchestration? * How to do analytics right Sponsor: Linux Academy No matter where you are in your career, train with Linux Academy and develop the in-demand skills businesses are looking for. Linux Academy does training differently. New training content launching in November. Don’t let the cloud leave you behind. For a limited time save $150. Get more details at Linux Academy. Show Notes: Total Packets.com Rita Younger’s Blog On CDW


PQ 154: Design Challenges In Military Networks
Sep 06 2018 87 mins  
Imagine you’ve got to build a network that delivers data no matter what, because the mission is critical. And not just “mission critical” in the business sense–sometimes actual lives are at stake. However, the constraints are enormous. All you’ve got to work with are satellite links with high latency and low throughput, no terrestrial infrastructure unless you provide it yourself, the very highest imaginable security requirements, and a limited budget. This scenario is normal for the military. Here to chat with us about networking in this highly specialized environment is PC Drew. We discuss issues such as working with bandwidth constraints, hostile environments, training and skills development, and more. Drew is a major in the Marine Corps Reserve and was on active duty for ten years. He’s currently CTO at SchoolBlocks, and has a background in network and software engineering. There’s a lot of interesting points in this show, so we’ve pasted the entirety of our show notes below. Show Notes: * We did a show with Peter Wohlers on the future of networking, which was also a bit of a look back at some evolution…QoS, SDN, etc. Some of that conversation had you both agreeing and disagreeing with us. Explain. * Snowflake networks * Unique configurations vs unique requirements/constraints vs unique networks * Often, a “snowflake network” is a sign that it is misconfigured (not always…there are some actual unique requirements!) * “QoS is the devil’s work” and “just get a bigger pipe”. * It is the devil’s work–it’s hard, but necessary * Many people can’t “just get a bigger pipe”–need to understand how to maximize what you have * Overlaying networks adds significant complexity to an already complex environment (avoid tunnels!) * Although we need tunnels, they make our lives harder. Sometimes they’re required and other times they’re an indicator of an architecture that was not designed appropriately. * Path MTU issues that Peter described also happen on overlay networks, where <1500 byte frames are common. * MSS and TCP Windowing also play a role here * Commoditization of network skills. Deep technical experience is hard to come by in public AND private sectors. How do you run global operations with less experienced people? * Military networks are rather specialized. Can you describe some of the common constraints? * Running military communications is often like someone walking into a field in the middle of nowhere and telling you: “I want all the capabilities that I have in my office….right here…in a few hours.” * We’re often given very little requirements and asked to just “build it.” Sometimes with very little notice. * In practice, everything is limited by survivability, logistics, and bandwidth. * Survivability * Elements such as sand, water, heat/cold, unstable power, etc * Mobility challenges (a force on the move) * A thinking enemy (kinetic and cyber attacks) * Physical security (concertina wire, barriers, being able to inspect cables for tampering, etc) * Cyber security (evaluating your own posture, understanding the enemy’s capabilities and limitations, having tools that detect and potentially respond to network anomalies) * Logistics * In many cases, you have to pack up everything you need and take it with you.




Datanauts 145: Microservice Meshes With Istio And Envoy
Aug 22 2018 51 mins  
Welcome to a cloud native architecture discussion on the Datanauts podcast. Today we blast off into the microservices galaxy and orbit the binary star system of Istio and Envoy. That’s right. A proxy for every microservice instance. What’s that you say? Too hard to manage? Infinite points of failure? Will we orbit successfully, or crash into the fiery cores of these burning stars? Hang in there, and we’ll find out. Our guide to this galaxy is Christian Posta, Chief Architect, Cloud Application Development at Red Hat. We start with an overview of Envoy (an application-level proxy) and Istio (management software or the control plane for service meshes). Envoy and Istio were developed to help solve the problem of how to get various service elements to talk to each other to provide a fully-functioning application. We also look at how Envoy, Istio, and an orchestrator such Kubernetes work together in a microservices architecture. In part two, we dive into the main use cases or capabilities of Istio, including traffic management, observability, policy enforcement, and service identity and security. In part three, Christian walks us through day-two operations of running Envoy and Istio in production. Sponsor: ITProTV Join ITProTV to learn the skills to pass the most in-demand IT certs. It’s binge-worthy learning! ITProTV’s extensive course library includes CEH v9, CISA, CompTIA A+, Mac Certified Support Professional, and more! Visit itpro.tv/data and use code DATANAUTS to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription. Show Links: Envoy Project Home Istio Project Home Microservices Patterns With Envoy Sidecar Proxy, Part I: Circuit Breaking – Christian Posta’s blog Microservices Patterns With Envoy Proxy, Part II: Timeouts and Retries – Christian Posta’s blog Microservices Patterns With Envoy Proxy, Part III: Distributed Tracing – Christian Posta’s blog Deep Dive Envoy and Istio Workshop – Christian Posta’s blog Istio Deep Dive with Dan Berg and Zack Butcher (video) – YouTube Introducing Istio Service Mesh for Microservices (free e-book, regwall) – RedHat Building Service Meshes With Avi Networks (Sponsored) – Packet Pushers Full Stack Journey 018: Istio, Envoy & Service Meshes – Packet Pushers Chri...

Datanauts 144: Managing Work Stress And Cognitive Biases
Aug 08 2018 46 mins  
Stress is a fairly constant feeling when it comes to piloting a galaxy class battle cruiser around the galaxy. From dealing with personnel requests to battling evil lizard droids in sector 8, the job can weigh you down. What might be done about it? That’s the topic of today’s Datanauts episode. Our guest is Eric Shanks, a senior solutions architect at Ahead. He also blogs at The It Hollow. Eric has blogged recently about his own efforts to understand why he’s stressed, and a few things he dug up in researching the subject. These include a pernicious phenomenon called the Zeigarnik Effect, in which people remember uncompleted tasks better than finished ones. They also discuss cognitive and memory biases and how they affect recall, and look at techniques to help you manage complex tasks, which can help reduce the Zeigarnik Effect, and, we hope, get your stress levels down. Sponsor: ITProTV Join ITProTV to learn the skills to pass the most in-demand IT certs. It’s binge-worthy learning! ITProTV’s extensive course library includes CEH v9, CISA, CompTIA A+, Mac Certified Support Professional, and more! Visit itpro.tv/data and use code DATANAUTS to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription. Show Links: The Dark Side of Stress – The IT Hollow Zeigarnik Effect – Wikipedia Memory errors and biases – Wikipedia My trudge through IT Burnout and the fight to keep it at bay – Eric Lee

PQ 152: An IETF Update On RIFT, BIER, SD-WAN And More
Aug 06 2018 38 mins  
Today, an update on some compelling projects at IETF 102. Ours guest are Jeff Tantsura and Russ White. We review the following projects to see what’s new and understand what problems they’re solving: * RIFT (Routing In Fat Trees) * BIER (Bit Indexed Explicit Replication) * PPR (Preferred Path Routing) * YANG data modeling We also look at the state of SD-WAN, which is a bit of the Wild West, to look at standards and interoperability efforts underway. Jeff is the Head of Technology Strategy at Nuage Networks. He’s also deeply involved with the IETF as the Chair of Routing Area Working Group, the Chair of Routing In Fat Trees, a Member of Internet Architecture Board, and a Member of IP Stack Evolution. Jeff has recorded with us several times before, most recently on Priority Queue 126, where Greg chatted with Jeff about the future of data center fabrics. Jeff, welcome back to Packet Pushers. Russ White is a network architect, author, and blogger. Rush also chairs the Interface to Routing System and the Babel routing protocol efforts at the IETF, and is a reviewer in the IETF’s Routing Area Directorate. Show Links: Jeff Tantsura IETF work – IETF Russ White’s IETF work – IETF RIFT NANOG presentation – NANOG via YouTube RIFT Working Group – IETF BIER Working Group – IETF Preferred Path Routing (PPR) drafts – IETF SD-WAN service model draft – IETF YANG Explorer – Cisco DevNet Priority Queue 126 – The Future of Data Center Fabrics from IETF 99 – Packet Pushers Rule11.tech – Russ White’s blog Computer Networking Problems and Solutions: An innovative approach to building resilient, modern networks – Russ White and Ethan Banks





Datanauts 141: Managing Cloud-Native Applications
Jul 11 2018
“Cloud native applications are designed to be managed by software in all stages. This includes ongoing health checks as well as initial deployments. Human bottlenecks should be eliminated as much as possible in the technology, processes, and policies.” That quote is from the O’Reilly book Cloud Native Infrastructure. On today’s Datanauts episode, we talk to Justin Garrison, one of the authors and a senior systems engineer. We dive into the chapter about managing cloud native applications, including a general conversation about the definition of a cloud-native app–that is, an application managed by software rather than humans. Then we discuss the challenges of managing a microservices architecture, explore the concept of sidecar proxies, and walk through the process of deploying a new cloud application into production. We also look at troubleshooting tools and techniques, and examine the necessity of service discovery and resource scheduling. Sponsor: Linux Academy Linux Academy offers the most hands-on training content in AWS, Azure, OpenStack, Linux, DevOps, Containers, security, and Google Cloud. Beginners and advanced learners alike will find up-to-date courses in skills development and certification prep. Hands-on labs let you work in actual cloud environments. Find out about the newest courses available online–including free courses–here. Show Links: Cloud Native Infrastructure – O’Reilly Justin Garrison on Twitter




PQ 150: HCI Networking With Big Switch’s Big Cloud Fabric (Sponsored)
Jun 07 2018
One promise of hyperconverged infrastructure (HCI) is ease of management. Break down the silos, put all the components into a unified whole displayed on a single pane of glass, and voila! Apps are served. But networking hasn’t been integrated as effectively into HCI as the other components of the IT stack. Networking, even in an HCI world, tends be difficult. And with the dynamic needs of HCI, networking just isn’t keeping up. The days of standing up the network and letting it run are past, because a best effort, rough approximation of how the network should behave isn’t something you have to settle for anymore. Discussing integration of HCI with networking is Big Switch Networks, our sponsor for today’s Priority Queue. Prashant Gandhi, Chief Product Officer at Big Switch, is our guest. We talk about why “best-effort” networking isn’t suited for HCI, and look at HCI-specific operational issues and use cases including container networking and multi-tenancy. For hands-on experience with Big Cloud Fabric, register for BSN Labs, a demo environment in the cloud that lets you experience the technical differentiation, management CLI, and GUI of Big Cloud Fabric. Show Links: Solution Brief: Scale Out Networking for Scale Out HCI Tech Demo video: BCF Nutanix AHV Integration Deployment guide: BCF + vSAN Deployment guide: BCF + ScaleIO Demo Video: vSAN Blog: Big Cloud Fabric, the Ideal SDN Fabric for Nutanix HCI, Achieves Nutanix-Ready Core Validation Big Switch on YouTube Big Switch on Twitter Big Switch on LinekdIn Big Switch on Facebook Big Switch on Instagram


Datanauts 136: ChatOps Using PoshBot With Brandon Olin
May 30 2018
On this episode of Datanauts, we chat with Brandon Olin, the creator of PoshBot, a PowerShell based chatbot for ops teams. What does PoshBot do? How was PoshBot built? How do chatbots impact Brandon’s delivery model? ChatBots? Bots have been around for a long time. They’re really handy, too, often being able to answer simple questions by submitting a special command that has some sort of prefix or identifier associated with them. Especially if you’re on Twitch and want to know how long your favorite streamer has been online. Maybe that isn’t the most helpful thing in the world, but what if we changed the narrative to be all about operations and how talking to a bot (with your peers watching) could actually up-level your day-to-day enjoyment of IT? That’s our conversation today. What is PoshBot? “PoshBot is a chat bot written in PowerShell. It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands. PoshBot currently supports connecting to Slack to provide you with awesome ChatOps goodness.” For More Information About PoshBot PoshBot on GitHub, Home of the PoshBot Project https://github.com/poshbotio PoshBot Documentation http://docs.poshbot.io/en/latest/ PoshBot Demo – PDX PowerShell User Group 2017-05-31 https://www.youtube.com/watch?v=36fkyKYq43c Follow Brandon Olin https://devblackops.io https://twitter.com/devblackops  















PQ 144: Engineer Roundtable: Encryption, Code Style, Tech Over 40
Apr 05 2018
Today on the Priority Queue we have a roundtable show. We’ve gathered a few engineers around the microphone to talk about their experiences and what’s on their minds. We often hear this format is an audience favorite, so we plan to record more of these in the Priority Queue and Weekly channels, so keep an eye out. Today we welcome Alex Clipper, Eric Gullickson, Matt Elliott, and Stafford Rau to the podcast. We discuss encryption, code styles to ensure that code written by networkers is up to snuff, and what it’s like to work in technology after a certain age. Sponsor: Paessler AG Paessler AG is the maker of PRTG Network Monitor. PRTG monitors your entire IT infrastructure 24/7 and alerts you to problems before users notice. Find out more about the monitoring software that helps system administrators work smarter, faster, better by visiting paessler.com today. Show Links: Understanding Media Access Control Security (MACsec) – Technical Documentation – Support – Juniper Networks Layer 2-Encryptors For Metro And Carrier Ethernet WANs And MANs – Inside-IT (PDF) Thales L2 Encryption – Thales Senetas – Senetas.com What Is Optical Encryption? – Ciena Certes Networks Google Style Guides – GitHub Python PEP 8 Style Guide – Python.org PEP 8 — The Style Guide for Python Code – PEP8.org Online PEP 8 Compliance Checker – PEP8 Online.com Sublime Text Editor – Sublimetext.com Atom.io Text Editor – Atom.io VSCode – VisualStudio.com Cutting ‘Old Heads’ at IBM – Pro Publica Go Past The Resume,



Datanauts 126: Stephen Foskett On Storage, Containers & Cloud
Mar 21 2018
Today the Datanauts have beamed aboard a smart and insightful guide to help us navigate the swirling maelstroms of cloud, containers, and storage. That guide is Stephen Foskett, founder of Tech Field Day and Gestalt IT, and long-time consultant and writer covering storage, networking, mobility and pretty much everything else in tech. We explore the current state of storage and what’s new and interesting in the industry, including NVME; Stephen’s love of ZFS; and why we’ll always have spinning disk. We also look at Rook, an open-source storage project that’s been adopted by the Cloud Native Computing Foundation; Kubernetes and storage; and how far down you can go with abstractions. The Datanauts and Stephen also discuss careers, professional development, and how the tech industry is evolving and changing. Show Links: Stephen Foskett on Twitter GestaltIT Tech Field Day On Premise IT Podcast – Gestalt IT Datanauts 118: The Whitebox & Enterprise Networks – Packet Pushers ZFS Is the Best Filesystem (For Now…) – Stephen Foskett Add a Mirror to an Existing ZFS Drive – Stephen Foskett Rook.io – Cloud Native Computing Foundation And yet another: Rook voted in as a CNCF project – Diversity.net 7 Ways Kubernetes Avoids an OpenStack-Like Hype Cycle – The New Stack You need SRE skills to thrive in a serverless world — Kelsey Hightower – A Cloud Guru An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience – CloudFlare
































Datanauts 108: Building Service Meshes With AVI Networks (Sponsored)
Nov 01 2017
How do you provide highly available, scalable services to a cloud-native app that’s been architected with microservices? Just stand up a whole lot of virtual IPs and pools? Not exactly. You need both more capability and more automation. You need a service mesh. And today on the Datanauts podcast we’re joined by sponsor AVI Networks to find out what a service mesh is and how it supports cloud-native applications. We’re joined by Ashish Shah, Senior Director of Products at AVI Networks. Broadly speaking, a service mesh ensures that the various components and services that make up a widely distributed application can reach each other using techniques such as service discovery, load balancing, and handling failures. The Datanauts and Ashish drill into the major concepts of a service mesh, examine critical components and the architectural approaches, and explore the AVI Networks platform. Find out more at AVI Networks and check out this special offer for Datanauts listeners: you can claim a free backpack here.   Show Links: What is a Service Mesh and how Istio fits in – IBM developerWorks What’s A Service Mesh? And Why Do I Need One? – Buoyant AVI Networks Service Mesh – AVI Networks Application services for OpenShift-Kubernetes clusters – White paper Tutorial 1: Deploying Production-Ready Container Apps – AVI Networks Tutorial Part 2 Tutorial Part 3 AVI Networks on Twitter AVI Networks on LinkedIn Ashish Shah on Twitter Ashish Shah on LinkedIn




Datanauts 106: Controlling AWS Costs
Oct 18 2017
Tracking cloud costs seems like it should be pretty straightforward: you pay X cents per time unit per resource used. But as cloud customers quickly learn, costs can get complicated pretty quickly. It can be hard to predict costs month by month, you may get billing surprises, and organizations can spend more than they need to. Today on the Datanauts starship we’ve beamed aboard Corey Quinn, a cloud economist and consultant who helps customers understand their AWS bills and how to manage their spending. He’s the founder of Quinn Advisory Group, and also writes a free newsletter called Last Week In AWS. We start the conversation by drilling into how AWS bills for its services, and then talk about how costs and billing tie back to business decisions. You have to understand why you’re moving into the cloud, and how you’re factoring your applications, to really understand what you’ll be spending. We also explore reasons why bills grow unexpectedly, learn how to set alerts to catch overages, and discuss why the lowest bid for your cloud business shouldn’t be your primary decision point. While our conversation focuses mostly on AWS, it applies to any public cloud offering. Sponsor: ITProTV ITProTV brings you the most current IT training with over 2,000 hours of content and more than 125 hours added weekly. ITProTV is the resource to keep you and your IT team’s skills up to date. Visit itpro.tv/datanauts​ ​and use code DATANAUTS30​ ​to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. Sponsor: LiveAction Join LiveAction and Ethan Banks for a live Webinar on Thursday, October 26th to learn how to reduce the complexity of SD-WAN technology adoption, provide service assurance governance with proactive insights, and deliver the promised performance enhancement for a better application experience. Register here today and mark your calendar to join us on October 26th at 2:00 pm Eastern. Show Links: Quinn Advisory Group Last Week In AWS Dealing with a nasty AWS Billing Surprise: Beware the defaults. – HackerNoon Ryan Hellyer’s AWS Nightmare: Leaked Access Keys Result in a $6,000 Bill Overnight – WP Tavern



























Datanauts 093: Erasure Coding And Distributed Storage
Jul 19 2017
Today on Datanauts, we look under the hood of distributed storage systems to explore erasure coding. Is erasure coding just a fancy name for RAID? What happens if we lose a storage node and have to recreate the missing pieces? Holy east-west traffic, Batman! It’s erasure coding today on the Datanauts podcast. Our guest is J Metz, Research & Development Engineer for Advanced Storage at Cisco Systems. You can follow J on Twitter and read his blog, which includes technical content, political musings, and lots of pictures of Jeeps, at jmetz.com. The Datanauts and Dr. J discuss the general concept of distributed storage, offer common examples, and explain the similarities and differences between distributed storage and RAID. They drill into how erasure coding works and then explore issues around bottlenecks, performance, and repair. Go full storage nerd with this show, and then check out the links with additional information. The links are posted just below our sponsor message. Sponsor: FutureNet VMware’s FutureNet is a networking-focused, invitation-only event being held during VMworld this August. You’ll hear from industry leaders and expert practitioners about new and emerging technologies that will transform the network. Request your invitation at vmware.com/futurenet. Show Links: Basics Everything You Wanted To Know About Storage But Were Too Proud To Ask: Part Chartreuse – Webinar Erasure Coding Wiki Storage Performance Benchmarking: Introduction and Concepts – Webinar Intermediate Modern Erasure Codes for Distributed Storage Systems. Presentation at the 2016 Storage Developer Conference – PDF Erasure Codes for Large-Scale Distributed Storage – YouTube (oldie but a goodie) Advanced Network Coding for Distributed Storage Systems – PDF













Datanauts 086: AWS Identity & Access Management Policies
May 31 2017
This episode of the Datanauts examines Identity and Access Management (IAM) in the context of AWS. A proper IAM framework is essential to ensure that the right people access the right resources in AWS, but setting up and managing policies can be…daunting. The Datanauts are joined by Cole Morrison, a lead engineer at Fieldboom, who wrote a detailed series of posts on how to get a handle on IAM in AWS. They talk about why you want IAM in the first place, how it works, and then drill into setting up policies for AWS infrastructure. Sponsor: ManageEngine Firewall Analyzer ManageEngine Firewall Analyzer is agentless log analytics and configuration management software that supports up to 50 different firewall appliances. It helps network administrators to centrally collect, archive, and analyze their security device logs, and generate forensic reports. For more information and a free 30-day trial, check out www.fwanalyzer.com/packetpushers. Sponsor: Incapsula Incapsula is a cloud-based service from Imperva that protects and accelerates your Web sites with services including DDoS and bot protection, traffic inspection, load balancing, and CDN. Incapsula protects over 4 million Web properties, from individual bloggers to the Fortune 50. Datanauts listeners can try Incapsula free! Just go to incapsula.com/packetpushers. Show Links: Available Global Condition Keys – AWS AWS Service Actions and Condition Context Keys for Use in IAM Policies – AWS AWS IAM Policies in a Nutshell – Cole Morrison AWS IAM Policies in a Nutshell: The Principal – Cole Morrison AWS IAM Policies in a Nutshell: The Action – Cole Morrison AWS IAM Policies in a Nutshell: The Resource – Cole Morrison AWS IAM Policies in a Nutshell: The Condition – Cole Morrison

Datanauts 085: Understanding In-Memory Databases
May 24 2017
Today on the Datanauts we’re talking about in-memory databases. The idea is that you can load up a host with lots of RAM, cram your database in there, and get more transactions due to the lower latency. But if the system is distributed, you’ve strewn database parts across multiple hosts, so you lose some of that CPU-to-RAM latency advantage. Or do you? It’s an interesting design problem with some complex constraints, and it’s the focus of today’s podcast. Our guests are Swapnil Bawaskar, principal engineer at Pivotal; and Jim Bedenbaugh, Advisory Data Engineer at Pivotal. Swapnil, Jim, and the Datanauts define in-memory databases, describe how they differ from traditional databases, and talk about use cases. They drill into the system architecture for in-memory DBs, including hosts, distributed systems, and failure scenarios. They also discuss practical issues including general operations, metrics, and backup and restoration. Sponsor: Liquid Technology Liquid Technology purchases decommissioned IT hardware, provides secure on and off-site data destruction, as well as fully compliant and green e-waste recycling solutions for your organization. Visit liquidtechnology.net/podcast today for a chance to win a $300 Amazon gift card. Sponsor: Illumio Illumio’s breakthrough adaptive segmentation technology stops lateral threats inside of any data center or cloud. Illumio works seamlessly between any data center and the public cloud and keeps policies in place as applications move between environments and locations, or auto-scale up/down. Check out their website for details at illumio.com/datanauts.







Datanauts 082: The Path To Automation & Coding For Ops Teams
May 03 2017
The Datanauts rocket returns to the automation solar system for another detailed survey of the whys and hows of automation and coding in operations. Our intrepid host for this voyage is Lauren Malhoit, a technologist, Cisco employee, and co-host of Cisco’s Techwise TV. She also blogs at AdaptingIT. We talk with Lauren about APIs, scripting and coding (particularly in Python), and the debate about whether network engineers and other non-developer IT pros need to learn to program. Lauren also offers tools and tips for folks who want to get started with automation and programming. Sponsor: Liquid Technology Liquid Technology purchases decommissioned IT hardware, provides secure on and off-site data destruction, as well as fully compliant and green e-waste recycling solutions for your organization. Visit liquidtechnology.net/podcast today for a chance to win a $300 Amazon gift card. Sponsor: Illumio Illumio’s breakthrough adaptive segmentation technology stops lateral threats inside of any data center or cloud. Illumio works seamlessly between any data center and the public cloud and keeps policies in place as applications move between environments and locations, or auto-scale up/down. Check out their website for details at illumio.com/datanauts. Show Links: Lauren’s Pluralsight courses: * Cisco ACI Programmability * Using Cisco ACI with VMware vSphere Integration * Fundamentals of Using Cisco ACI Cisco Open Source Projects for the Data Center – GitHub Programming and Automating Cisco Networks – Ryan Tisher and Jason Gooley (Amazon) Cisco DevNet


Datanauts 081: Building Secure Email Infrastructure
Apr 26 2017
Today on the Datanauts it’s email security. Lots of organizations have outsourced their email to the cloud, and for good reasons: Web access is ubiquitous, email infrastructure can be a pain to manage and secure, and email can take up lots of storage. But there are also good reasons for keeping email in-house, including privacy and retention requirements, specific security needs, and the ability to maintain control over your infrastructure destiny. On today’s episode we’ll discuss how to build a robust and secure in-house email infrastructure, talk about the importance of IPv4 and IPv6 support, explore technologies and protocols to validate email servers and thwart spammers, and explain the role of DNS in supporting secure email. Our guest is Jacob Evans, Sr. Systems Engineer at WebstaurantStore.com. You can follow him on Twitter and check out his blog at www.jacobdevans.com. Sponsor: ITProTV ITProTV is an easy, entertaining approach to online IT Training. With ITProTV, you’ll gain access to the most important tools needed to prepare you for IT certification. For a free 7-day trial–and for a limited time get 50% off a monthly membership for the lifetime of your active subscription–visit itpro.tv/datanauts and use code DATANAUTS50. Show Links: Sender Policy Framework – OpenSPF.org Sender Policy Framework for Authorizing Use of Domains in Email, Version 1 – IETF 7208 Domain-based Message Authentication, Reporting & Conformance (DMARC) DMARCian – A DMARC Deployment Tool DomainKeys Identified Mail – DKIM.org DomainKeys Identified Mail Signatures – IETF 6376


Datanauts 080: The Current State Of Network Automation & Telemetry
Apr 19 2017
Automation is the key to speed and scale, but networking has been slower to adopt automation tools and processes than other IT disciplines. Today’s Datanauts episode explores the current state of network automation to try to understand the challenges and limitations in networking, and how the industry is shifting. Our guest is Ryan Booth, a senior data center engineer at a large financial services company. He blogs at Moving Ones & Zeros. Ryan and the Datanauts talk about why the majority of networking equipment is still managed by the CLI; the emerging sets of tools, APIs, data models, and community projects that are emerging for network automation, and how network engineers can tackle configuration management and code management. Sponsor: Interop ITX Interop ITX, May 15 – 19 in Las Vegas, is the only independent conference for technology leaders. Get a year’s worth of objective IT education in one week. And don’t miss the Packet Pushers’ Future Of Networking Summit at Interop. Visit interopitx.com and use promo code PacketPushers for a 20% discount. Sponsor: Incapsula Incapsula is a cloud-based service from Imperva that protects and accelerates your Web sites with services including DDoS and bot protection, traffic inspection, load balancing, and CDN. Incapsula protects over 4 million Web properties, from individual bloggers to the Fortune 50. Datanauts listeners can try Incapsula free! Just go to incapsula.com/packetpushers. Show Links: Network To Code Moving Ones & Zeros Current Trends in DC Networking – Ansible Basics







Datanauts 077: Transitioning To A Less Technical Role
Mar 29 2017
If you’re a technology professional, you likely take pride in your mastery of intricate and complicated systems, software, and hardware. And as you invest time and effort to acquire skills and expertise, your technical savvy becomes part of your identity. But as your career advances, you may find yourself spending less time on nerd knobs and more time on issues such as strategy, management, or communications. And sometimes your career might take you in interesting, if less technical, directions than you’d anticipated. On today’s Datanauts episode, we talk about how to cope with moving into less technical roles, how to balance keeping your technical knowledge sharp against the new demands of your role, whether you should continue to pursue certifications, and how to embrace and excel in the different competencies that your new work requires. Our guest is Tom Hollingsworth, a CCIE and network engineer who’s now an organizer at Tech Field Day, which connects IT vendors and tech bloggers for presentations and discussions. He’ll share his experiences as he’s transitioned from an in-the-weeds engineer to helping build a technology events and media company. You can read his blog at Networking Nerd and follow his Twitter alter-ego CCIE Coffee. Sponsor: Incapsula Incapsula is a cloud-based service from Imperva that protects and accelerates your Web sites with services including DDoS and bot protection, traffic inspection, load balancing, and CDN. Incapsula protects over 4 million Web properties, from individual bloggers to the Fortune 50. Datanauts listeners can try Incapsula free! Just go to incapsula.com/packetpushers.



Datanauts 075: AWS Warts And All
Mar 15 2017
Today the Datanauts peer inside AWS. Amazon has created a powerful suite of cloud services and built a online empire by renting compute, storage, and other services to enterprises and startups alike. But just because everything lives in the cloud doesn’t mean practical design considerations go away. If you’re considering AWS, the Datanauts and guest Alex Galbraith examine the pros and cons of storage, networking, and scaling so you can get the best design for the least amount of money within the capabilities that Amazon provides. Alex is a solutions architect for a global service provider. He also blogs at Tekhead.it. It was a series of blogs by Alex that spurred this conversation. They discuss issues such as IOPS limits in EBS, write and read limitations in S3, how Amazon Direct Connect and VPCs work, and how to make the most of auto-scaling groups. *Please note that during the storage discussion, Alex mentioned that you had to dismount the volume when resizing elastic block storage volumes. But after this podcast was recorded, Amazon announced that this isn’t the case anymore. Sponsor: Incapsula Incapsula is a cloud-based service from Imperva that protects and accelerates your Web sites with services including DDoS and bot protection, traffic inspection, load balancing, and CDN. Incapsula protects over 4 million Web properties, from individual bloggers to the Fortune 50. Datanauts listeners can try Incapsula free! Just go to incapsula.com/packetpushers. Show Links: AWS Tips And Gotchas Series – Alex Galbraith Elastic Block Store (EBS) – Amazon Elastic File System (EFS) – Amazon Amazon EC2 Instances – Amazon EC2 Spot Instance Termination Notices – Amazon Virtual Private Cloud (VPC) – Amazon Placement Groups – Amazon Request Rate and Performance Considerations – Amazon














PQ Show 97 – Inside Three Real-World SD-WAN Deployments (Sponsored)
Nov 01 2016
Recorded live in New York, network engineers talk candidly about their process of deciding to buy and deploy a Viptela SD-WAN solution. This live, face-to-face discussion, sponsored by Viptela, gave us one of best podcasts of 2016. We were joined by: * Eric Murray and Kyle Alexander from Kindred Health Group * Gant Estes and Jarin Dykstra from 77 Energy * Nick Phelps from FreedomPay Here’s a few key points that grabbed my attention. We kick off talking about features that mattered most to our guests. Getting “free” from the telcos and carriers was a fun concept, and being able to negotiate from a position of strength puts smiles on peoples’ faces. The ability to identify and isolate traffic flows as “micro-segmentation” and the use of traffic engineering for both SLA and encryption really do solve business problems. For Kindred Healthcare, IT is a shared service and locations may or not be fully under their control. SD-WAN means moving the trust boundary closer to the network edge (not normally possible for a WAN). Importantly, they were able to implement traffic steering without implementing MPLS and to use a centralized point of control to reduce configuration time. For 77 Energy, a key feature is that just two people can operate their 500 WAN locations, and they don’t expect that number to increase as they roll out more sites during planned expansion. As a recent spin-out from a larger company, the ability to scale up/down their exploration sites on short notice has been a success. FreedomPay has unique requirements as a payment provider. Encryption and device security are critical, but a surprise was the Viptela SEN feature, which let them build arbitrary network topologies in partial or full mesh depending on the application. One more thing that I haven’t heard previously is that operation of Viptela devices using a CLI can be reassuring, especially when configuring IP routing protocols for integration with the legacy WAN. A final standout was hybrid cloud connectivity, where it turns out that AWS and Azure don’t have enough features for connecting your SD-WAN. Both 77 Energy and FreedomPay built unique solutions that deliver much more flexible outcomes while still connecting the WAN directly to public cloud. Thanks to Viptela for sponsoring this show and making a live podcast possible in New York.