Human Infrastructure 352: Rethinking The OSI Model

AuthorAuthor

Ethan Banks & Drew Conry-Murray
May 02, 2024

ANNOUNCEMENT!

The Fat Pipe Is Going On A Diet!

We created the Fat Pipe podcast feed for listeners who wanted ALL THE PODCASTS. It was useful when we had just three or four shows. Now that we’re up to nine podcasts on the network (and counting), we’ve realized the Fat Pipe has become a little overwhelming.

Starting this June, we’ll slim down the Fat Pipe. By September, this feed will carry Heavy Networking, Network Break, and Day Two Cloud. We encourage you to subscribe individually to all the other shows you want to hear so you don’t miss an episode. You can subscribe at Packetpushers.net or via your favorite podcatcher.

Here’s the schedule for the Fat Pipe diet:

THIS WEEK’S MUST-READ BLOGS 🤓

In the early 90s, I refinanced my car to go to Novell school to make something of my computer science degree that, by itself, wasn’t enough to land a real job. In Novell school, I learned about Ethernet, IPX, IP, file & print, how computers really worked, and a whole lot more. A Novell cert translated into a consulting job, and for years I earned a living installing and maintaining Novell NetWare 3, 4, and 5 servers, as well as GroupWise. I stopped paying attention by the time NetWare 6 was released, having moved on to Windows NT and 2000. Why did Microsoft eclipse Novell? Novell was ubiquitous, and you could measure a network engineer’s seriousness by the number of red books on the shelf above their desk. But instead of remaining an IT powerhouse dominating the industry even today, Novell faded into obscurity. Read this cautionary tale chronicling Novell’s implosion. - Ethan

Eddie Harmoush tackles the thorny problem of using the OSI model to teach networking. He’s run into the problem many teachers and students of networking have found—that the seven layer OSI model doesn’t map especially well to the Ethernet + TCP/IP stack that’s the defacto standard for transporting data in packet-switched networks. And yet, the OSI model is one of the building blocks in networking education. How should we use the OSI model to understand networking, then? Eddie has opinions. - Ethan

Daniel Dib describes how to use a virtual port channel (vPC)--not to be confused with an AWS VPC–in a VXLAN EVPN network. He also shows how to configure leaf switches to support vPCs. He includes helpful diagrams and config. It’s the first of a multi-part series, so there will be more to come from Daniel. - Drew

This is a deep-dive post on setting network policies to isolate workloads from one another in a Kubernetes environment. Karim notes that without these policies, “Kubernetes lets Pods communicate freely with each other, no matter if they are on the same or different node or within the same namespace or in different namespaces. But here's the catch: while it might seem convenient for Pods to enable free communication among pods, it's like leaving your front door wide open… .” Never a great idea. Karim provides the details on how to isolate namespaces.  And if you want more on Kubernetes networking, we recorded a Heavy Networking episode with Karim that breaks down all the essentials. - Drew

For the second straight year, Palo Alto Networks was named a Leader in the 2024 Gartner® “Magic Quadrant™ for Security Service Edge. Find out more here.

TECH NEWS 📣

Josh Chessman linked to this article on LinkedIn. Here’s most of what I commented back.

BASIC was my first programming language. I learned it on a Commodore 64, and did well enough with it to create a simple payroll program as part of an assignment my school was wondering if they could actually use. The thought of supporting such a thing scared me to death (I think I was 13), and I backed away from that.

But BASIC stuck with me for years after as the PC revolution took over and 8088s and soon after 80286 CPU based Intel machines became commonplace. QuickBasic and eventually VisualBasic were mainstays in my world as Windows became everyone's UI. I never stuck with VB, though. Didn't quite get the hang of it, and moved on to Perl in my personal work as I recall.

BASIC was even a course in my CS program in the late 80s and early 90s, IIRC, although it was overshadowed by the heavy hitters (at the time) like C, Pascal, and (of course) COBOL.

Thanks for starting so many of us on our coding journeys, BASIC. You mattered. - Ethan

I feel the headline somewhat misstates what’s happening. The two giants referred to are SES and Intelsat—SES is buying Intelsat for $3.1B. They are mostly known for geostationary (GEO) satellites which, while covering more of the earth’s surface with a single spacecraft, fly much higher, resulting in 600ms latency. Starlink satellites fly in low earth orbit (LEO) with latencies around 25-60ms. Different latencies, different use cases. That said, GEO sats are not all SES and Intelsat have in their portfolios. They also have medium earth orbit (MEO) as well as LEO offerings via their relationship with OneWeb. Do any of these offerings compare to Starlink’s direct-to-consumer Internet business? Not as yet. SES & Intelsat mostly do business with militaries and video media companies. - Ethan

US government agencies including CISA, the FBI, and the NSA, have released a joint advisory warning that Russian-associated actors are targeting OT systems at US water facilities, including water distribution and water treatment plants. Attacks include configuring equipment to exceed normal parameters, suppressing alarms, and locking out operators by changing passwords.

At present, effects have been minimal. In Texas this January, attackers claimed to have caused a water tower to overflow, spilling tens of thousands of gallons of water from the tower, though the spill didn’t harm anyone or cause property damage. In Indiana, a wastewater treatment plant said it was attacked, but its systems weren’t breached.

CISA has released a fact sheet with more details of the attack activity and recommendations for hardening OT systems. The recommendations are basic: Disconnect OT systems from the public facing Internet, or put a firewall between the Internet and OT systems. Remove default passwords. Use strong passwords and multi-factor authentication. Establish an allow list to only allow connections from approved devices. Here’s the link to a PDF of the CISA recommendations. - Drew

FOR THE LULZ 🤣

New Hopper/Tarantino mashup just dropped. Shared on X by @AlyssaM_InfoSec

RESEARCH & RESOURCES 📒

From the website, “pyinfra automates infrastructure using Python. It’s fast and scales from one server to thousands. Great for ad-hoc command execution, service deployment, configuration management and more.” Why try pyinfra? The site suggests super fast execution, instant debugging, idempotent operations, extendable, agentless, and integrations. Install this open source package with pip install pyinfra, and check out the documentation here to get started. - Ethan

Over 6,000 pages long (really), this AWS PDF provides, “step-by-step instruction, architecture, tools, and code for implementing specific cloud migration, modernization, and deployment scenarios. These patterns, which are vetted by subject matter experts at AWS, are meant for builders and hands-on users who are planning to, or are in the process of, migrating to AWS. They also support users who are already on AWS and are looking for ways to optimize or modernize their cloud operations.” This single PDF is a massive collection of many different guidance patterns, each of which you can download separately. But why do that when you can have a singular PDF so weighty it actually makes your laptop heavier? - Ethan

Popular and well-established network labbing platform EVE-NG has officially released v6. The release notes speak of much that is new, latest, added, or improved. If you’re an EVE-NG user, click through for all the details. On LinkedIn, CTO Alain Degreffe highlighted a few things. “EVE-NG Team is proud to announce the release of the EVE-NG V6 Professional Edition (PE) and Community Edition (CE). The base OS moved from Ubuntu Focal 20.04 to Jammy 22.04. Note that this edition is provided on Full ISO format only. Upgrade from V5 requires online access for your server. Upgrade is possible for both Edition (PE and CE).” May your upgrades go smoothly, and the odds be ever in your favor. - Ethan

John Capobianco and Daniel Wade authored this book about Cisco’s pyATS, available now for pre-order at a discounted price. John posted about how this book came to be on LinkedIn. The book is expected to be released in July 2024. John has appeared on the Packet Pushers network a number of times, including Ep.78 of Full Stack Journey. That might be just the thing to whet your appetite for this book. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Ubuntu has been my goto Linux distro for many years now. It’s far from the only option, but it’s worked well for my use cases. (The primary one being…I don’t want to tinker with Linux, I want a stable server platform to run software on. 😊) I pay attention to the long term support (LTS) releases, because in my experience, they tend to have had the beta bugs beaten out of them, plus have the advantage of having five years of support (or more if you pay for support). Behold, Ubuntu 24.04 LTS. Click through for all the details in case they matter to you. I’m aware that people have opinions about things Canonical has changed in Ubuntu recently. - Ethan

NetBox Labs is working on a series of posts about building a network automation practice. This installment focuses on the design stage, and addresses essential components of this stage including requirements, deliverables, ensuring a correct design, the benefits of reusing designs and validated designs, testing, and more. It’s a thoughtful look at the design process, and doesn’t read like a commercial for NetBox. There’s good stuff in here. - Drew

LAST LAUGH 😆