Human Infrastructure 358: The Dead Internet Theory

Also...10 Books For Network Engineeers, Ethanalyzer for CoPP on NX-OS, TextFSM, Free Automation Videos From Ivan P., Wendell Odom's YouTube Channel, Fortinet/Lacework, Prosimo/PAN, Highway 9, and more.

Author

Ethan Banks
June 13, 2024

Nick Russo Has Passed

Only with great sadness do I share that Nick Russo has passed. I suspect he’s impacted a great many of you, as his contributions to the networking community were enormous. His CCIE SP book is widely considered the best ever written on the topic. Many who took his courses considered them second to none.

Nick was 38. We can only assume his passing was unexpected. If Nick’s work impacted you personally as a networking professional or friend, consider sharing that impact publicly as many others already have. We should also remember the family and loved ones Nick leaves behind. Our condolences and deepest sympathies to them.

Nick will be missed. - Ethan

THIS WEEK’S MUST-READ BLOGS 🤓

A great listicle by Phil with ten titles that, indeed, you should read. I’ve read, um, some of them. I aspire to read them all—right after finishing up the trail running books in my queue. - Ethan

CoPP is Control Plane Policing, a way to throttle the traffic making it to the control plane CPU of a network device. An effective CoPP policy makes sure that the control plane CPU isn’t overwhelmed during a network crisis such as a bridging loop, keeping critical processes (like routing daemons) functioning. The trick with CoPP is tuning your policer rates correctly. You don’t want to drop legitimate control plane traffic, which is possible if your CoPP policy is too aggressive for the environment it’s operating in.

Chris tackles this problem. “Troubleshooting drops in a CoPP policy can be a bit challenging in some production environments where the network is very busy. In these environments, the control plane is naturally very noisy, which can make it difficult to identify the source of traffic that may be causing CoPP drops within a specific class. Starting with NX-OS software release 10.1(1), the Ethanalyzer control plane packet capture utility can filter on traffic that matches a specific CoPP class.”

Chris goes on to explain how to set this up and interpret the output. He also recommends several use cases. - Ethan

CCIE candidate Mason thinks through how to automate the configuration of physical network devices, including full reset to bootstrapped state, without losing connectivity to the device being re-configured—using only Ethernet. No serial console ports for Mason. And therein lies the trick. Mason explains how he got it done with OOB management Ethernet ports, Ansible, a TFTP server, and a Raspberry Pi. - Ethan

Suresh Vina writes a practical summary of TextFSM, something you’ll find useful in your network automation work. What is TextFSM? “A tool that helps parse the raw data (semi-structured) we often get from network devices.” This means you can bring in CLI output into Python, use TextFSM to parse out the useful fields, and end up with the information as structured data. Structured data is something you can work with in a script. Unstructured or semi-structured, not so much. - Ethan

TECH NEWS 📣

Using a DIY mobile antenna, the UK-based pair sent thousands of text messages out while impersonating official organizations. The technique was the usual tactic of requesting personal information in the hopes of gaining inappropriate access to people’s accounts. - Ethan

This just in from our boring dystopia. The dead Internet theory suggests that there’s more content on the Internet created by AI than by actual humans. What’s more, the AI accounts appear to be managed by AI as well. So, an AI agent is using AI tools to create social posts owned by AI accounts, which are in turn liked by AI bots. And what purpose does all this artificiality serve? That’s unclear, but the article puts forth some suggestions. - Ethan

FOR THE LULZ 🤣

Shared by Kaj Niemi on the Packet Pushers community Slack.

RESEARCH & RESOURCES 📒

Ivan Pepelnjak says, “You can access the Network Automation 101 videos without registration. Hope you’ll find them useful if you’re just starting your network automation journey.” - Ethan

Jonathan Davis submits, “As Education Director for the the Raleigh Chapter of ISSA, I’ve been co-teaching networking fundamentals. Here is a basic cheat sheet I built and used when learning networking myself, with a few minor recent updates.” Click through for a link to the 2-page PDF. - Ethan

If you’re interested in a career move to Cloud Security Engineering, this book might interest you. I know Marco’s work by reputation, and suspect this self-published title will be a useful addition to the section of your shelf entitled “Career Advice”. - Ethan

Long time trainer and author Wendell Odom has a YouTube channel called Network Upskill. The channel is aimed at CCNA candidates. Worth a sub if you’re coming up to speed on networking fundamentals such as the topic of this video, Ethernet autonegotiation. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Fortinet’s acquisition of Lacework brings a CNAPP into the Fortinet product portfolio. A CNAPP is a cloud native application protection platform. CNAPP is a Gartner-coined term that brings together Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), Cloud Infrastructure Entitlement Management (CIEM) and CI/CD security. We covered these acronyms in Day Two Cloud Episode 211 with Jo Peterson.

The Lacework acquisition allows Fortinet to claim a “complete platform to secure code-to-cloud”. Read more in the FortiBlog explaining how Fortinet and Lacework will fit together. - Ethan

This one goes back a few months, but was brought to our attention by their PR. We’ve requested a briefing, but haven’t got that on the calendar as yet. In the meantime, here’s what I believe Highway 9 is delivering. You know how you don’t have reliable, fast cell coverage everywhere your company needs it? Big annoyance if you’re trying to stand up a factory or require consistent coverage across a massive campus. What if you had a mobile cloud to facilitate that consistent coverage? Highway 9.

“Several advances in private mobile technology including the availability of free spectrum, multi-eSIM support and private 5G, finally make it possible to address the needs of the mobile enterprise.​ Highway 9 Networks has leveraged these technology advances and combined them with a robust set of cloud-based mobile services to build a first of its kind mobile cloud. Highway 9 Mobile Cloud enables smart phones, tablets, computers, new AI-driven devices, and the proliferation of next gen IoT to interconnect with apps, data and each other, as well as cloud services.”

Highway 9 also emphasizes how their platform integrates with standard IT operations. Their post cites a cloud-native delivery model and ease of lifecycle management for their services. They also pitch “high performance and low latency”, going for modern use cases like automated factories & machines as well as next-gen IoT. - Ethan

I did a write-up on this announcement on LinkedIn if you’d like to read the whole thing. If not, here are excerpts so you get the big idea…

Secure multi-cloud networking company Prosimo.io has announced a tight coupling of their software with Palo Alto Networks gear. Prosimo's Full Stack Cloud Transit platform can fully integrate with PAN's VM-Series Virtual Next-Generation Firewall.

In a briefing with Packet Pushers, Prosimo's Mani Ganesan and Mehul Patel demonstrated just how tight the integration is. Within the Prosimo console, a PAN NG firewall is a fully managed object. This goes along with Prosimo's already existing ability to fully manage cloud-native network objects like Transit Gateways or Virtual WANs along with their ability to steer traffic in an application-aware manner.

Prosimo is touting this integrated solution as fitting into both the SASE and Zero Trust buckets, with a cloud emphasis. That is, you're getting a tightly integrated cloud network security solution here. If you're weary of point solutions and looking for something that reduces security operations complexity, you're not alone. Expect to see more entrants to the cloud network security platform category, if we can indeed say this is a category now.

I noticed Prosimo stood up a good landing page on this, and most of their resources are free to explore without having to give up contact information - Ethan

LAST LAUGH 😆

Shared by Kaj Niemi on the Packet Pushers community Slack.