Human Infrastructure 340: New Podcasts Are Coming!

Author

Drew Conry-Murray
February 08, 2024

New Podcasts Are Coming To Packet Pushers

by Drew Conry-Murray

Two new podcasts coming to the Packet Pushers network! Packet Protector and Network Automation Nerds will launch in just a few weeks.

Packet Protector covers topics at the intersection of networking and security, including wired and wireless networks, cloud security, access control, pen testing, and security hardware and software. Jennifer “JJ” Minella co-hosts with me. Jennifer’s a security consultant, instructor, and author (check out her book Wireless Security Architecture). Packet Protector debuts February 13th and we’ll publish new episodes every Tuesday.

We’re also excited to welcome Network Automation Nerds to the platform. Host Eric Chou has been running this podcast independently for more than 50 episodes, and we’re delighted to bring him aboard. He combines his expertise in network engineering and automation with guest interviews and technical discussions on tools and techniques geared toward automating the network. Eric has written several books on Python for network engineers. He also has a video tutorial series on YouTube. Network Automation Nerds will debut on Packet Pushers on March 6th, with new episodes on Wednesdays.

If you’re already Fat Pipe subscriber, these podcasts will show up automatically in your feed. You can also subscribe to them individually, or find them on Spotify, Apple Podcasts, or your fav podcatcher.

Our ability to produce new podcasts is thanks to all of you. We value the time and attention you give us. Our commitment is to honor your attention with solid technical content and engaging conversations. As always, if there’s things we can do better, hit us up with feedback.

THIS WEEK’S MUST-READ BLOGS 🤓

What is XDP after all? - Pavel's blog about underlying Internet technologies
https://pavel.network/what-is-xdp-after-all/

Pavel Odintsov explains what eXpress Data Path in Linux is and is not. XDP is a tool for developers to write high performing network-related software. It uses eBPF as the instruction set. Pavel adds, “In some contexts XDP can be referenced as Kernel bypass technology. It has meaning that Linux network stack is not involved in processing packets when XDP handles them.” He rounds out his XDP description with various code examples that help to illustrate XDP’s use cases. - Ethan

Sticking with XDP and eBPF, this post looks at how one might use XDP and eBPF to create flow logs for observability. Note that you need a Medium account, or have to sign up for one, to see the whole post. I haven’t done that, so I haven’t read the whole thing. But if the topic seems of interest to you, maybe it’s worth the sign-up.  - Drew

David Hayden points out that cloud computing has resulted in a generation of infrastructure engineers who don’t know much about physical system architecture. That can be a problem when operating at scale. It’s one thing to deploy an app on your laptop, and quite another to deploy to serve thousands of users in a distributed fashion. David advocates for basic computing architecture to be taught as a core computer science competency, lest the knowledge become too scarce. - Ethan

Martin Fowler has helped describe and promote the concept of Continous Integration (CI), a software development process that aims to produce robust code with minimal errors while reducing integration efforts and delivering updates and features more quickly. CI principles have been widely adopted in the cloud arena, and CI concepts are finding their way into other displicines, including network operations and network automation. Fowler originally wrote the above article back in 2001 and updated it a few years later. Now he’s back with a more extensive update. Why? He writes: 

There are many people who say that they are doing Continuous Integration, but once they describe their workflow, it becomes clear that they are missing important pieces. A clear understanding of Continuous Integration helps us communicate, so we know what to expect when we describe our way of working. It also helps folks realize that there are further things they can do to improve their experience.”

It’s a long post, so be prepared to set aside some time to dig in. And thanks to Chris Wahl for the tip that this had been posted. - Drew

This is an older post that Matt Alley wrote for this newsletter a few years ago, but I thought it was worth re-surfacing, particularly for folks at early stages of their careers. It’s got great advice on technical skills you can build as a help desk employee. Matt also describes the human skills you can learn, and how those skills will make you a valuable member of a team and help advance your career. If you didn’t catch this post the first time, don’t miss it now. - Drew

Have you ever wanted to just talk to your IP router or data center switch to find out what’s going on? Now you can!

Nokia has released a new application for its SR Linux NOS that integrates with ChatGPT. The app is accessible right inside the CLI. With the simple prompt of “askai” you can type in natural language queries and get answers in seconds about device and network state, logs, configurations, and troubleshooting. You can also quickly and accurately search through technical documentation right from the CLI–no need to swivel to another window or screen and sift through reams of online content.

TECH NEWS 📣

SWATing is when someone falsely calls emergency services with the intent of provoking a response from law enforcement. The goal is to get heavily-armed police to arrive at the address of an innocent and unsuspecting person as a “prank” or for revenge. But it’s not harmless, as jumpy armed responders may injure or kill innocent victims of the hoax. It also wastes time and resources. Now the FBI believes it has caught a teenager who is alleged to be behind many such incidents.  - Drew

Google Fiber is an ISP offering service in various states in the US. GFiber wants to expand their footprint, and is raising money via sale of stock to fund the expansion. Why doesn’t Alphabet fund this out of their own deep pockets? Because GFiber is a standalone business under the Alphabet “Other Bets” umbrella. Other Bets companies (including Waymo) are meant to push the technology envelope and hopefully survive on their own someday. It seems Alphabet would rather other investors absorb the risks of Other Bets while the concepts prove themselves. - Ethan

TL;DR. When a ground station is too far away, a Starlink satellite can form laser links with other Starlink satellites to transmit data. This laser mesh helps keep latency down. I’m really curious to understand the path determination algorithm in play here. I assume it is more complex than SPF (or similar) and brings in real-time link characteristics, but maybe not. No matter how it works…lasers in space! We are living in the future! - Ethan

Possibly the best example of IOT-as-vulnerability to use when talking to senior executives. Even they should be able to understand what a toothbrush is. There are questions about the truth of this story among cyber-persons but don’t let that stop you from quoting it. In cyberwar, truth is the first casualty. - Greg

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

Apple has open sourced Pkl (Pickle), a programming language for configuration. I read through a Hacker News thread where several ex-Applers responded enthusiastically to the news. The love for Pkl from these folks was (mostly) effusive. Considering the ways device configurations are generated in the world of network automation today, I’m wondering if Pkl has a use case. That’s an open question. I don’t live enough in that world to have an opinion, but as I read through Pkl’s characteristics, it feels like perhaps there’s something there for network automation. Or maybe solutions like Pydantic obviate the usefulness of Pkl for network automation. Thoughts? Let me know on the Packet Pushers Slack or LinkedIn. - Ethan

By installing Tshark on your Containerlab host, you can pipe traffic coming from any network device interface in your lab into the Wireshark UI. Wizard Roman Dodin teaches you the magical incantations so that you can wield this dark power. - Ethan

From right in your browser, go hands-on to build a Docker bridge network in this tutorial. Ivan Velichko says the tutorial answers the following questions.

  • How to virtualize network resources to make containers think they have individual network environments?

  • How to turn containers into friendly neighbors and teach to communicate with each other?

  • How to reach the outside world (e.g. the Internet) from the inside of a container?

  • How to reach containers running on a Linux host from the outside world?

  • How to implement Docker-like port publishing?

Enjoy! - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Traffic generator and packet crafting tool Ostinato can generate 100Gbps of traffic now. This support comes via the Turbo Transmit add-on to the core Ostinato package. Srivats pulled off this feat by coding a way to use multiple queues and cores per network port. He goes into all the challenges & details. If you’re running Ostinato on your own box, Turbo Transmit performance is supported with “just 8 CPU cores to generate 100Gbps traffic at 64 bytes on a AF_XDP zero-copy supported NIC such as the [Intel] E810!” Srivats reports that Turbo Transmit also allows for 10Gbps on the public cloud. Srivats is a solopreneur, and Ostinato is his creation. Check out Srivats’ Ostinato images for lab platforms like GNS3, EVE-NG, CML, and Containerlab even if 100G isn’t a need you’ve got. - Ethan

Disaggregated network operating system provider Arrcus has announced Egress Cost Control (ECC), a new feature for their FlexMCN multi-cloud networking solution. TL;DR. Data egress charges run up your cloud bill. The Arrcus FlexMCN ECC feature dynamically routes traffic to the cloud egress point with the lowest charges. How much will this save you? Everyone’s traffic patterns are different, but I suspect Arrcus will be happy to help you compute an ROI. Check out more Arrcus coverage on Packet Pushers. - Ethan

Microsoft wants to better understand what technologies the community is using in their IPv4 to IPv6 transitions. Dual-stack? Tunneling? They say the survey is short and anonymous. Help ‘em out, as it might help you out. Microsoft is going to use the information to decide what to focus on going forward. - Ethan

This piece serves as a reminder that you’re paying for public IPv4 addresses you use in AWS now. Not a lot--$0.005 per IP per hour. The author, Andree Toonk, did the math and says that’s $43.80 per year. Andree goes on to point out some basic architecture changes to reduce your public IPv4 consumption as well as using his company’s product, Border0. What does Border0 do? “Frictionless secure access to your infrastructure so you can build, code, deploy, and manage without security risk and compliance worries.” - Ethan

In a transparent blog, CloudFlare documents a security breach resulting from the Okta system compromise of October 2023. The detailed piece discusses how they reacted to the breach discovery and the steps they took to make certain that the threat actors no longer had access. These steps were extensive and arguably over the top, including complete replacement of hardware that had been staged for a data center not yet in production. If you’re looking for a model of how to handle a breach, you could do worse than use CloudFlare’s process outlined here. They were thorough. - Ethan

Cisco ThousandEyes has announced several feature enhancements from CiscoLive EMEA this week. TL;DR.

  • Cisco Secure Access Experience Insights. Monitoring down to the end user so you can quickly determine why their performance is hot garbage. File under “digital experience monitoring”.

  • System Process Metrics for ThousandEyes Endpoint. Detailed metrics down to individual app use on an end user’s workstation so you can tell which app is killing their box.

  • Enhanced API Monitoring. Build an API query. Use it to measure performance from multiple locations. Scream loudly if the API is getting slow. Includes special sauce for AWS APIs.

  • Endpoint Enhancements - Test Settings 2.0. There’s now a wizard to help you build synthetic tests on endpoint agents. Abracadabra!

  • Dashboard Enrichment. You can filter in fancier ways now.

No word (at least in that blog) of when these new features will be available, licensing impacts, etc. - Ethan

LAST LAUGH 😆