Human Infrastructure 339: Can AI Help Decipher Vendor Licensing?

Author

Drew Conry-Murray
February 01, 2024

Can AI Help Decipher Vendor Licensing?

by Drew Conry-Murray

If you scroll down to the RESEARCH & RESOURCES section of this newsletter, you’ll find an item called Network Buddy - Licensing, created by Kapil K. Pathak.

This utility uses ChatGPT to help you figure out Cisco licensing. You need ChatGPT Plus to use it. I haven’t tried it so I can’t vouch for its efficacy, but I saw it promoted on X by John Capobianco, whom I trust, so maybe it’s worth a roll? In any case, I have feelings about this.

First, it tells you how insane vendor licensing has become that someone felt a need to build this tool.

Second, we may be on the cusp (or through the looking glass, or down the rabbit hole, or across the event horizon) where LLMs become useful for tightly-focused applications when trained on narrow, well-defined data sets. In other words, instead of trying to build one galaxy-brained AI that tries to do everything, we’re more likely to benefit from a constellation of small-brained, purpose-built bots, each of which is pretty good at one thing.

That said, always regard any output from an LLM as a starting point, not the final word. When it comes to AI, as Ben Affleck said in Good Will Hunting,You’re suspect.”

THIS WEEK’S MUST-READ BLOGS 🤓

If you think Kubernetes is just for the developer side of the house, think again. Lots of networking and networking-adjacent stuff goes on inside those Kubernetes clusters: load balancing, DNS, proxying, policy enforcement, performance monitoring, etc. Containers spring to life and need to talk to other containers, and a bunch of services have to run correctly to make sure the right connections occur. This post from Karim El Jamali offers a peek inside ClusterIP, a service that exposes pods inside a cluster. He provides a detailed explanation and diagrams for how ClusterIP manages these connections.  - Drew

In light of the recent HPE acquisition, Juniper Networks co-founder, Pradeep Sindhu, reflects on the origins of Juniper. Why did Juniper come to be? What problems were they trying to solve? I found the context of Internet routers falling over in the mid-90’s to be fascinating. Pradeep’s LinkedIn post sharing his PDF has gathered a huge number of comments. Perhaps you’ve got some of your own to add. - Ethan

Gian Paolo Boarina walks through how to configure Meraki MX firewalls to solve the following issue. “The customer request is to route all the traffic from some of the VLANs of the remote sites to a central site. There is a 3rd party firewall in the central site, so we cannot take advantage of the AutoVPN feature, which is a proprietary technology of Meraki.” He walks through the design, configuration, testing, and then adds a recommendation for redundant tunnels. - Ethan

Day Two Cloud podcast co-host Ned Bellavance shares the differences between Terraform and fork OpenTofu. Differences so soon? Why, yes. Terraform does all the things, and OpenTofu doesn’t (yet). Do you care? It depends. - Ethan

With his trademark humor, Chris Parker shares a simple command to augment your Junos CLI output with timestamps. He also offers insights on discovering government secrets via your Juniper box and building an army of Super Frogs.  Always be you, Chris. I’m here for it. - Ethan

Daniel Dib continues his series on VXLAN/EVPN with a look at the forwarding constructs in Cisco’s NX-OS. Specifically, he walks through the process of how devices learn a MAC address and then advertise it into BGP. Daniel provides a lot of detail, with diagrams and configs. If Daniel’s blog isn’t in your RSS feed, now might be a good time to rectify that. - Drew

TECH NEWS 📣

File under “no good deed goes unpunished.” As the title suggests, an IT consultant discovered a plaintext password stored in an executable. The credentials would expose a database containing hundreds of thousands of customer records, reportedly including personal information. The consultant raised the issue publicly. The company guilty of the poor security went after the consultant under German law. The consultant has been charged with unlawful data access, and the matter has been bouncing around Germany’s judicial system since. - Ethan

Shut up and take my money! Okay, maybe not. This Starlink offering isn’t intended for consumers, but for ISPs who would like to bring broadband Internet to remote areas. If you’re interested, Starlink is asking for $1.25M in startup costs. For that money, they’ll help you stand up a satellite uplink/downlink facility offering symmetrical 10Gbps service. Reselling the bandwidth from there is up to you. May your ROI calculations be ever in your favor. - Ethan

Michael Larabel reports, “Beyond the usual new wired/wireless network hardware support and the other routine churn in the big Linux networking subsystem, the Linux 6.8 kernel is bringing some key improvements to the core networking code that can yield up to a ~40% improvement for TCP performance when encountering many concurrent network connections.” I suspect these kernel improvements are interesting mostly for server traffic. For folks leveraging Linux networking approaches like DPDK, the 6.8 improvements are, I believe, less impactful. If you live in this world and I’m not getting it, let me know via LinkedIn or the Packet Pushers community Slack. - Ethan

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

An LLM to help you figure out vendor licenses? This is both an interesting use case for AI, and sad that it had to come to this. - Drew

From the README.md on Flent’s GitHub page. “Flent is a Python wrapper to run multiple simultaneous netperf/iperf/ping instances and aggregate the results. It was previously known as 'netperf-wrapper'.” The Flent website expands on this. “Flent is a network benchmarking tool which allows you to:

  • Easily run network tests composing multiple well-known benchmarking tools into aggregate, repeatable test runs.

  • Explore your test data through the interactive GUI and extensive plotting capabilities.

  • Combine and aggregate data series and produce publication quality graphs.

  • Capture metadata from local and remote hosts and store it along with the plot data.

  • Collect secondary data series such as CPU usage, WiFi, qdisc and TCP socket statistics and plot it with the main dataset.”

One of the significant network issues the author wanted to diagnose is buffer bloat. - Ethan

My inbox is crammed with more and more AI-generated emails from companies with pointless pitches and useless products. I’m fairly sure that the only reason these almost-scammers exist is that AI makes it possible to harass people so cheaply. The reverse of this is using AI to look awesome in job interviews. If you can use AI in an interview, you probably should to show that you know how to get the job done. While there are exceptions, a lot of work done with AI is good enough. Why not have an AI testing component? Don’t be hostile to AI, use it. - Greg

speedbump - kffl via GitHub     
https://github.com/kffl/speedbump

Speedbump is a “TCP proxy with variable latency” written in Go. The keyword is variable. With speedbump, the amount of delay varies over time, as explained in README.md. This is a great way to see how an application behaves in the face of ever-changing network conditions. - Ethan 

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Aviatrix, which provides multi-cloud networking and security services, has released its 2024 Secure Cloud Networking Field Report. It gathers survey results from more than 400 respondents on issues including outage causes, a skills gap, cloud costs, and more. A couple of highlights jumped out to me. First, a variety of cloud skills are in demand, including platform expertise, cloud networking, and cloud security. If you’re looking to skill up for new opportunities, cloud may be fertile ground. Second, only a third of respondents are “very confident” that they are aware of all their cloud instances. That means basic visibility into public cloud usage continues to be a challenge. The report is free, but you have to trade contact details to get it. - Drew 

What does it take to write a password cracking utility in 2024? Not a question I asked myself until I started reading this and learned rather a lot. Unexpected. - Greg

Versa Networks, which offers SASE services, has released two new hardware gateways to get your traffic into their cloud. One option is a branded hardware appliance, the Versa CSG5000; and the other runs Versa software on a Dell PowerEdge R7515. Versa claims either platform will get you over 100G of throughput. - Drew  

Network automation platform BackBox’s ZTNO is about bringing network environments into compliance with NIST’s 800-207 Zero Trust Architecture. The ZTNO framework stands on six pillars that enforce zero trust for network administrators as well as network devices. BackBox claims that ZTNO is not merely a framework, but pairs closely with the BackBox platform to help implement ZTNO. Check out more BackBox coverage on Packet Pushers. - Ethan

IP Maestro is a point and click web UI to manage IP Infusion OcNOS-powered whitebox switches, most often found in service provider and data center networks. The press release doesn’t offer too many IP Maestro details, but it seems to me that if you’re running OcNOS, you should be giving IP Maestro a look. There’s a short marketing video that doesn’t tell you much more than the press release, but you can see some screen captures if you’re curious about the UI. - Ethan

LAST LAUGH 😆