Human Infrastructure 354: A DNS Mystery

AuthorAuthor

Drew Conry-Murray & Ethan Banks
May 16, 2024

THIS WEEK’S MUST-READ BLOGS 🤓

In the form of a parent celebrating a child, Bryan highlights his history with Juniper Mist’s Marvis AI, crediting it with surfacing a number of problems in his wired and wireless environments. He ends with his hope for Marvis’ future accomplishments, encouraging Marvis the “AIndividual” to keep doing what it’s great at, and to avoid becoming lesser by following the trends. - Ethan

Charles dives into challenges a Kubernetes cluster experienced during an upgrade. TL;DR. Order of operations matters highly in this process. Don’t upgrade coredns and kube-proxy at the same time, or you’re likely to break DNS for some amount of time. Charles gets into the details, including exactly what the cluster was experiencing each step along the way. He also lists recommended mitigations. - Ethan

The article observes a discussion in the OpenBSD community about whether or not adding an option to disable Nagle’s algorithm system-wide is appropriate. Individual applications might disable Nagle’s, but not all of an OpenBSD system currently.

While this might seem an especially esoteric item to share in the newsletter, it’s relevant as many of the features we’ve become used to in networking were designed at a time when CPU hardware was far less powerful and links much slower than today. Nagle’s algorithm is one of those features. Another is the old rule of thumb that OSPF networks should be limited to about 50 routers in an area. That “rule” hasn’t been true for a long time, but persists in the minds of some.

Knowing why rules, best current practices, protocols and algorithms came to be informs whether they’re applicable to your situation. Just because you read it in a design guide doesn’t necessarily mean it’s right for you.

For more on Nagle’s algorithm and the things it tends to impact in modern networks, read Marc Brooker’s recent article. - Ethan

Tired of writing technical documents or manuals that get ignored? Matt has some good advice on how to walk interested parties through your carefully crafted documentation. No, you don’t have to sit them down and read it to them, but a walk-through with informative summaries and illustrative stories can help get your message across. I’m a fan of good documentation, so I’m happy to see this advice to make sure good docs don’t go to waste. - Drew

Cut Troubleshooting Time to Zero!

Most solutions for WiFi network monitoring are looking at the situation from the network viewpoint. NetBeez flips the script and lets you see what the end users are experiencing. This proactive monitoring stance helps you find and resolve issues, often before end users even notice them.

The WiFi Monitoring from the Client Perspective Guide will teach you how to remotely detect and troubleshoot WiFi performance issues. This guide covers the following topics:

  • How to leverage real-time WiFi monitoring from the user perspective

  • Quickly tackling remote issues without the need of on-site tech support

  • How to troubleshoot user complaints in large WiFi network environments

TECH NEWS 📣

Are return-to-office policies a good idea? If you want to retain top talent, maybe not so much. The Washington Post describes a case study that looked at resume data to see the effects of RTO on senior executives. “At Microsoft, the share of senior employees as a portion of the company’s overall workforce declined more than five percentage points after the return-to-office mandate took effect, the researchers found. At Apple, the decline was four percentage points.”  - Drew  

Another one bites the dust—this time Hyperscan. “Hyperscan is a high performance regular expression matching library from Intel that runs on x86 platforms and offers support for Perl Compatible Regular Expressions (PCRE) syntax, simultaneous matching of groups of regular expressions, and streaming operations.” An open source alternative to Hyperscan is Vectorscan, a Hyperscan fork. - Ethan

The Utah Telecommunication Open Infrastructure Agency aka UTOPIA is a group of local Utah governments that have banded together to create an open access fiber network. Eighteen network service providers are competing for subscribers across the UTOPIA network with subscriber-friendly prices. Is UTOPIA profitable, or a government disaster? Reportedly, UTOPIA has been profitable for the last fifteen years, with all projects funded by the subscribers, and not taxpayers. Municipal broadband really can work. - Ethan

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

Wi is Fi - Understanding Wi-Fi 4/5/6/6E/7 (802.11 n/ac/ax/be)
https://www.wiisfi.com/

This massive one-page web site by Jerry Jongerius is a crash course in Wi-Fi. The site contains 22 chapters and 25 appendices. The text is composed in a plain-spoken, “just the facts” style engineers tend to appreciate. Jerry also offers practical skepticism about real-world Wi-Fi performance vs. “claimed by marketing” Wi-Fi performance. - Ethan

Mason Reimert built a diagram explaining what routes can and cannot be filtered in a multi-area OSPF network. This is a tricky topic, because OSPF routers in an area must have an identical, synchronized OSPF database, including all of the announced networks. In this way, forwarding paths are calculated identically by each OSPF router—same database, same results. Therefore, filtering routes so that they don’t appear in an OSPF router’s routing table is not a straightforward task, and can’t be done at all in many situations.

Mason’s diagram covers this. Observe his topology, think through the role of each router in that topology, note his color scheme, and track the LSA types he’s using. Then for CML users, you can download his lab topology YAML and fire the lab up to experiment for yourself. - Ethan

Ivan Pepelnjak has released netlab 1.8.2. Ivan reports, “netlab release 1.8.2 contains dozens of bug fixes and minor tweaks to device configuration templates. We also added a few safeguards including:

  • Check for Vagrant boxes or Docker containers before starting the lab and display pointers to build recipes.

  • Check installed Ansible collections before trying to configure the lab devices.

  • Display a warning if the lab topology was modified after the lab was created”

More notes from Ivan on the click. Don’t know what netlab is? Check out Heavy Networking Ep.722. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Got a project in mind that needs funding? ARIN would like a word with you. The organization is in its sixth year of providing funds that support “operational and research projects that improve the overall Internet industry and user environment.” Who’s eligible? ARIN says “Individuals may apply on behalf of organizations pursuing projects that are noncommercial in nature and broadly benefit the Internet community within the ARIN region.” If you meet those requirements, click above for more details and a link to the application.  - Drew 

On May 22, I’m co-hosting a live webinar with Jeff Doyle and Jay Gill of Juniper Networks to talk about 7 habits of highly effective data center engineers. This is a Juniper-sponsored event.

We’ll share the 7 habits and discuss how they apply to network operations and automation. We’ll share real-world examples of how to incorporate these habits into your work. We’ll also talk about Juniper Apstra, an intent-based platform that streamlines data center operations.

There’s also a question-and-answer section so you can pick our brains. (This alone is worth your time. Jeff Doyle literally wrote the books on routing in TCP/IP, IS-IS, OSPF, and other topics. Jay Gill has more than 20 years in networking. Usually it’s my job to ask questions, but this is your opportunity!)

Sign up to attend here. We’re doing two sessions on May 22 to accommodate different time zones. Hope to see you there! - Drew

Your buckets’ budget burden is now less brazen. “With this change, bucket owners will never incur request or bandwidth charges for requests that return an HTTP 403 (Access Denied) error response if initiated from outside their individual AWS account or AWS Organization.” The entire list of S3 response codes AWS doesn’t charge for is here. - Ethan

Multi-cloud networking provider Alkira has landed one of the larger funding rounds I’ve seen in a while. What are they going to do with the money? The press release reports that Alkira will be, ”Expanding its best-in-class multi-cloud networking solution portfolio

  • Delivering new connectivity models for the global Wide Area Network (WAN) network

  • Further simplifying how customers connect to their business partners

  • Increasingly allow customers to stop looking at networking and security in isolation and instead providing them an end-to-end secure network

  • Readying the network for increased A.I. workloads and leveraging A.I. for efficient networking (Networking for A.I. and A.I. for networking)”

We’ll be watching with great interest, as multi-cloud networking and Network-as-a-Service continue to be robust growth areas for the networking industry. - Ethan

VMware is making their Fusion Pro and Workstation Pro desktop hypervisor products for Windows, Mac, and Linux free for personal use, although still licensed for business use. There is no functional difference between the licensed and unlicensed products. The “Player” products will be discontinued.

I’ve been a paying customer of Fusion Pro off and on for years as my lab requirements demanded. If you’ve never used Fusion (or Workstation) Pro, I valued it not only for the ability to run virtual machines on my desktop, but also for some of the remote integrations with ESXi hosts included as well. Glad to see that with all the Broadcom changes to the VMware product set, something’s gotten easier for those of us at home just trying to learn. - Ethan

LAST LAUGH 😆

Shared by Andy Banta in a Tech Field Day Slack group