Human Infrastructure 345: Improving Documentation, VPP, Regexl, OpenConfig 10 Years, Multi-Site VXLAN

THIS WEEK’S MUST-READ BLOGS 🤓

How to Improve Documentation Practices in Engineering Teams - Wahl Network
https://wahlnetwork.com/2024/03/12/how-to-improve-documentation-practices-in-engineering-teams/
Documentation is a lot like flossing. You know you should, and you’d be better off if you did it regularly, but…eh. Who has time? Chris Wahl has time. Even more than that, he’s got practical steps to help develop and sustain a documentation practice inside an IT org. This post includes a business rationale, how to make changes to support and encourage documentation, advice on tooling, and ways to align IT interests with a sustainable practice. Good stuff to get you flossing…I mean, documenting.  - Drew

VPP Linux CP - Part1 - Pim van Pelt via LinkedIn Pulse
https://www.linkedin.com/pulse/vpp-linux-cp-part1-pim-van-pelt-c7thf/
Some time ago VPP libraries were open-sourced by Cisco to the Linux Foundation, and it’s been slowly gaining traction for forwarding packets efficiently. This seven part post on LinkedIn provides detailed information on using Linux with VPP to build a high speed forwarding engine. You still need FRR or BIRD as a control plane. - Greg

Speedtest - ifconfig.it
https://www.ifconfig.it/hugo/2024/03/speedtest/
What do you do when your client complains their 10Gbps Internet link is only showing 1Gbps of throughput? You show them that it’s not the network. How? In this case, by using the speedtest-cli tool to fill the pipe. There’s a bash script for you if you click through. - Ethan

A Key Wireshark Display Filter Feature is Improved! - Chappell University
https://www.chappell-university.com/post/a-key-wireshark-column-feature-is-improved
Laura Chappell points out that in WireShark 4, you can drag fields from the packet capture pane to make a filter that you couldn’t before. She cites the Protocol and Info columns as examples. I tried this, and it works as described…but there’s a catch. Laura says, “You will notice a strange filter starting with "_ws.col.protocol". That's new. This is a nice improvement, but be forewarned - using column names as a filter is going to be slower than other filter types. Wireshark needs to build the columns first and then filter on it.” - Ethan

The Future of Network Engineering in the AI/ML era - AboutNetworks.net
https://aboutnetworks.net/the-future-of-network-engineers/
Jerome Tissieres opines that network engineers aren’t going anywhere due to automation, even when that automation evolves with AI/ML capability. His logic is that network engineering is an esoteric, complex discipline, and automation tooling doesn’t make it less so. To design and operate a network, a network engineering team is still required. I hope Jerome doesn’t mind if I try this analogy. Network automation doesn’t obviate network engineers anymore than screwdrivers obviate auto mechanics. Of course, the elephant in the room is whether or not AI & ML eventually become capable enough to replace an engineer. To date, I’ve seen no product demos that even hint this is coming. The AIOps solutions are all about augmenting engineers—helping you become more capable in diagnosing problems, reducing MTTR/MTTI, and similar outcomes. - Ethan

NetBox Enterprise: Self-Managed NetBox + Support + Advanced Features

NetBox Labs is now offering NetBox Enterprise, a self-managed NetBox offering with advanced, enterprise features and 24x7 expert support from NetBox Labs.NetBox Enterprise addresses the needs of organizations that are deeply invested in NetBox within their environments and need enterprise-level support and features. Learn more at netboxlabs.com/netbox-enterprise.

TECH NEWS 📣

Let AI remake the whole U.S. government (oh, and save the country) - Washington Post
https://www.washingtonpost.com/opinions/2024/03/06/artificial-intelligence-state-of-the-union/
This is behind a paywall, so apologies if you’re not a Post subscriber. That said, I think there are some interesting points here about how government projects and services could be streamlined, and how there are lots of regulations and requirements that slow down processes, and that too often large projects are handed off to the same old contractors that have been doing business with government agencies for decades. Those are all things that could be improved.

But this opinion essay is far too credulous about AI as a magic tool of transformation. It doesn’t ask any hard questions about the effectiveness of AI, and breezes past known problems with AI such as algorithmic bias, hallucinations, and sticky issues around data ownership and privacy. It’s also a cheerleading piece for Palantir. It takes at face value stories from Palantir and a Palantir user about how great and effective Palantir is.

And it trots out the old sawhorse of “Wouldn’t it be great if government was run more like a business?”-- in this case, a software company. The author seems to think that if we replaced traditional contractors with AI-powered Big Tech, all would be well. He doesn’t consider Big Tech’s rapacity and willingness to “move fast and break stuff” regardless of who gets hurt along the way. He also doesn’t consider that AI-powered Big Tech might turn out to be just as parasitic as the traditional contractors, albeit with more chrome. We are in a hype cycle with artificial intelligence. Beware AI boosterism. - Drew

INTERESTING VIDEO 📺

Improving Video Encoding System Efficiency @Netflix - InfoQ
https://www.washingtonpost.com/opinions/2024/03/06/artificial-intelligence-state-of-the-union/
It’s a universal truth that there is never enough bandwidth in the network. What’s often not discussed is that applications waste bandwidth like smartphone apps waste power.  For example, video streaming services were at the bleeding edge of wasting bandwidth by offering pointless 4K video to a four inch phone display. At first, this cost them nothing, but over time, network operators found ways to make them pay or restrict streams. Predictably, this led to streaming services cutting back on the stream rates. For example, YouTube streams in 720p by default for subscribers. Higher resolutions have to be selected manually. The obvious reaction was to search for better encoding algorithms to maintain visual quality while reducing bandwidth to spite the nasty, unfriendly telcos. This post looks into recent encoding efficiencies. - Greg

NANOG90 Keynote: Abstract Ponderings: A ten-year retrospective. - NANOG via YouTube
https://www.youtube.com/watch?v=uOWxogW5Ubg
Over a couple of lunch breaks, I watched this presentation by Google’s Rob Shakir. His discussion focuses on abstraction layers that help enable network automation. He also covers how OpenConfig was informed by this view of abstractions, and the lessons learned in ten years of the OpenConfig project. This video got a lot of notice in the network automation community, as relatively few people have nice things to say about OpenConfig. I felt that Rob seemed aware of this, in that his presentation has plenty of caveats along the lines of “this won’t work for everyone” and “we chose use cases to model carefully”. I think his point was that OpenConfig is opinionated and won’t work for everyone, because the OpenConfig designers had to make hard choices while developing it. The OpenConfig team played to a specific sort of user—a hyperscaler with specific networking issues to solve. As most of us don’t work on hyperscaler networks, that could be why OpenConfig doesn’t work so well outside of that world. The second question Rob got during the Q&A section speaks to this point. - Ethan

FOR THE LULZ 🤣

Shared on X by @JenMsft

RESEARCH & RESOURCES 📒

ContainerCVE
https://containercve.com/
ContainerCVE is a security tool that allows you to view the Common Vulnerabilities and Exposures for any public Docker Hub image. ContainerCVE is powered by open source project Trivy. - Ethan

Cisco VXLAN Multi-Site and Service Node Integration - Cisco Nexus 9000 White Papers
https://www.cisco.com/c/en/us/td/docs/dcn/whitepapers/cisco-vxlan-multi-site-and-service-node-integration.html
This whitepaper popped up in one of the networking Slack groups I’m in. I don’t recall which. The stated purpose of this massive document is as follows. “The goal of this paper is to cover the design and deployment considerations for integrating service devices (such as firewalls) in a VXLAN EVPN Multi-Site architecture interconnecting multiple VXLAN EVPN fabrics. Different design options are possible, depending on the chosen service device redundancy model (Active/Standby stretched cluster, Active/Active stretched cluster, independent service nodes in each fabric) and on how the service devices need to be integrated to enforce policy for communication between endpoints connected to the fabrics (East-West traffic flows) or between endpoints and external resources (North-South flows).” As usual for Cisco’s typically excellent documents of this type, the paper includes configuration stanzas, diagrams, and references to other documents that might help you. - Ethan

Regexl: A High Level Language For Regex - bloeys
https://bloeys.com/blog/regexl-a-high-level-language-for-regex/
Regex is a cryptic syntax loaded with symbols, right? What if there were a language that could describe what you want in human-friendly code, and then compile it to regex for you? Enter open source project the Regexl language. In the several examples cited, I found Regexl (for the most part) a more readable and obvious way to express how to find what you’re looking for. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

The secrets of AI networking: Part 1 - Aruba Blogs
https://blogs.arubanetworks.com/solutions/the-secrets-of-ai-networking-part-1/
AI Ethernet is the new ‘must have’ fashion for enterprises because let’s face it--nothing else is really happening. Anyway, vendors are racing to show how they are adding crufty hacks to Ethernet to make Ethernet reliable and predictable. - Greg

Path Quality Part 1: The Surprising Impact of 1% Packet Loss - Cisco ThousandEyes Blog
https://www.thousandeyes.com/blog/path-quality-surprising-impact-one-percent-packet-loss
Using TCP CUBIC, the ThousandEyes crew test the impact of slight lossiness on network throughput. They used iperf3 and tc, linking 5 hosts to a switch, putting them each in different VLANs, and routing the traffic from the iperf client on one end to the iperf server on the other via the three hosts in the middle. On a gigabit network, their results show that a loss of 1% of network traffic resulted in a 70.7% decrease in throughput from the established baseline. Higher loss percentages showed even more substantial impact to throughput. They’re illustrating the point that even 1% loss can impact the throughput of acknowledged protocols far more than you might think. An interesting exercise. - Ethan

New Meter Switch Platform Unlocks Virtualization and Digital Twin Capability - Meter Blogs
https://www.meter.com/product-newsletter/meter-switch-platform
Meter builds their own hardware, codes their own NOS, and offers their network as a service. Meter’s NaaS is aimed at network engineers who want to operate networks without the tedium that comes with things like NOS upgrades. Meter has announced a digital twin capability they are rolling out to their switches and soon to their entire lineup. “Meter customers will have access to a real-time, digital representation of the physical switches on their networks. As part of this release, we are rolling out brand new switch hardware, firmware, and virtualization features, all built from the ground up to work seamlessly with the rest of the Meter Network Operating System (NOS).” I’m not sure what the virtualization features entail yet, but the Packet Pushers team is going to be briefed by Meter soon. - Ethan

DriveNets and Infinera Complete Joint Solution Certification - DriveNets Press Releases
https://drivenets.com/news-and-events/press-release/drivenets-and-infinera-complete-joint-solution-certification/
Disaggregated NOS maker DriveNets has “announced the completion of testing and certification of multiple Infinera ICE-X ZR/ZR+ modules that can be tunable, configurable, and manageable by DriveNets Network Cloud software.” That means if you’re running the DriveNets software with the appropriate Infinera optics in the hardware switch, you can manage the entire platform through the DriveNets management software. Why might you do this? A disaggregated solution like this is likely to save you money over your incumbent vendor. Potentially lots of money. - Ethan

LAST LAUGH 😆

Shared on X by @kwestin