• Human Infrastructure
  • Posts
  • Human Infrastructure 365: DMVPN Deep Dive, A Wireshark Lesson, Iac for Network Engineers, and more

Human Infrastructure 365: DMVPN Deep Dive, A Wireshark Lesson, Iac for Network Engineers, and more

AuthorAuthor

Drew Conry-Murray & Ethan Banks
August 15, 2024

THIS WEEK’S MUST-READ BLOGS 🤓

Ryan Harris delivers another beast mode post, this time about DMVPN. This one is an absolute monster, with an estimate reading time of about 90 minutes. Ryan’s got it well-indexed and illustrated for you, with step-by-step explanations of what’s happening in various DMVPN build phases and protocol exchanges. He also includes Wireshark captures, ladder diagrams, and even has the requisite discussion on MTU and MSS. The hours Ryan must have put into this…oh, my. If you get value from this one, send this human your thanks. - Ethan

Gian Paolo Boarina shares a couple of Python scripts he wrote to pull useful information from the ISE API—get all cluster nodes and get all cluster certificates. You can pull the scripts from his GitHub. - Ethan

Laura Chappell explains why Wireshark might see an ACK for a segment when Wireshark didn’t see the actual segment being ACK’ed. She offers a few explanations which are pretty logical. But then there’s one I wouldn’t have thought of offhand since I’m usually capturing at a low data rate—the capture device being unable to keep up with all the packets. - Ethan

Andres shares the challenges faced in designing a repository structure for their infrastructure-as-code deployed network for a startup that needed to get up and running in a hurry. It was an exercise in tradeoffs. Complexity vs. permissions vs. process. They made a choice and went for it, but then ran into growing pains. The ultimate answer? There isn’t one provided. They are living with their decisions, even though they have turned out to be not perfect. He concludes, “In hindsight, I would’ve liked to take more time to think deeply on all these code-related and process-oriented decisions, but we had to move fast.” Yep. Isn’t that always the way? - Ethan

Matt Ouellette has put together a handy guide of free and low-cost resources for network engineers looking to buff up their skills. He has a list of YouTube sites, technical blogs, and more. Bookmark this one–it’s a good resource. - Drew

TECH NEWS 📣

As data centers and proposals for new data centers grow, California is struggling (depending on who you ask) to meet the power demand. What’s the problem? AI, in part. The GPUs that do the math to build LLMs require more power than CPUs. GPUs also run hot, requiring more cooling…which in turn requires more power to move coolant around the data centers. - Ethan

A variety of new regulations are being proposed or enacted in the US to make being a consumer suck less. One of those is the “click to cancel” policy, “requiring companies to let customers end subscriptions as easily as they started them.” I guess that hasn’t hit my cable company yet. I could sign up online without talking to a human except to coordinate with the installer. To cancel? I’m going to have to talk to a human after fighting through IVR. Then they’re going to read through a script, trying to get me to stick around with special offers. Then I’ll get punted to a supervisor before finally being allowed to cancel. Sorry, cable guys—symmetrical fiber service came to town, and I don’t have to put up with your asymmetric speeds anymore. - Ethan

In case you missed the news, a US federal judge has ruled that Google has a monopoly on search. Assuming Google can’t get the ruling overturned on appeal (not a safe assumption), the next step is to impose remedies. A major point in the judge’s argument is that Google pays Apple and other companies billions of dollars to set Google as the default search on mobile devices and other platforms. An obvious remedy is to bar Google from paying for such default treatment. But that would likely do little to reduce Google’s share of the search market (approximately 95%), nor foster competition and innovation in search.

The post linked above has some interesting ideas on how to think about remedies (i.e. don’t just assume one big change will fix everything and allow a thousand new search options to flourish), and also suggests possible approaches. The big one is to break up Google; that is, to separate search from Chrome and Android and make search a separate company.

Another interesting idea is to separate Google’s index from the search user interface, and then operate the index like a public utility. That means other search engines could also access the index. These search engines could also employ “alternative ranking and filtering” to prioritize results in different ways, or draw on multiple search indexes and use different ranking and prioritization methods—what the authors describe as “multihoming in search.” There’s lots to chew on here. - Drew

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

Trayce - The network tab for Docker containers
https://trayce.dev/

Trayce shows you HTTP and HTTPS calls being made to your container and displays them. Helpful for troubleshooting & testing. How does it work? “The TrayceAgent container runs along side your existing containers. The agent uses eBPF probes to intercept network requests and send them back to the GUI to be displayed.” - Ethan

A lovely, free, fixed-width font. - Ethan

AutoCon2 is coming up fast on November 18-22 in Denver, Colorado and we want to let you know some key dates:Conference Registration is open NOW!

  • You can get super early bird pricing of only $299 until August 28

  • Hotel registration is open now - grab a room SOON!

Call for Speakers closes July 31

  • We already have the most proposals for talks that we've ever had

Workshop Registration opens August 8

  • We're going to have a great slate of workshop options covering a range of topics in network automation and orchestration

  • Note that it's a separate event conveniently preceding AC2

The Full AC2 Conference Agenda will be published by September 9

NAF is a watering hole - a place where we can have harmonious collaboration in network automation: the practice of network automation, orchestration, observability, AI tooling, education, process and standards, and more. Come hear what your peers are doing in their networks (on the stage and in the hallways), what solution providers are bringing to the table, what's happening with open source, and all things network automation.AutoCon is THE Forum for Network Automation. See you in Denver!

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

If you’ve heard about the AutoCon series of in-person conferences discussion network automation, but aren’t sure if attending AutoCon2 would be worth it, this article might help you decide. - Ethan

Dell and Nutanix continue their partnership around hyperconverged infrastructure (HCI) with the announcement of Dell XC Plus, an HCI appliance that runs Nutanix Cloud Platform. Nutanix Cloud Platform, which includes Nutanix’s AHV hypervisor, provides a uniform operational environment for workloads that run on prem, at the edge, and in public clouds. The Dell appliances run Intel Xeon processors and come in 1U and 2U form factors with a variety of configurations for memory and storage. GPUs are also supported in some models. - Drew

Cato Networks has released a threat report for the second quarter of 2024. The report, written by its threat intelligence team, is drawn from the team’s analysis of “1.38 trillion network flows across more than 2,500 customers globally between April and June 2024,” according to the company. Findings include the persistence of Log4J as an exploit mechanism, despite the vulnerability having been disclosed three years ago. Other findings include Amazon as the top spoofed domain, and a very busy threat actor called “IntelBroker” that’s selling stolen sensitive data and source code from companies such as AMD, Apple, and others. As with many security reports, you can read the whole thing in exchange for contact details. - Drew

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

  1. netMeter- A New Network Analyzer Hits the Market [June 2024] - wirednot

  2. Book Review - Building Data Centers with VXLAN BGP EVPN: A Cisco NX-OS Perspective - A Network Artist

  3. EVPN LAG Multihoming in EVPN-VXLAN Cloud Data Center Infrastructures (PDF) [October 2023] - Juniper Networks

  4. Databases on Modern Networks: A Decade of Research That Now Comes into Practice (Academic PDF) - Very Large Data Base Endowment Inc.

  5. Why Your Data Stack Won't Last - And How To Build Data Infrastructure That Will - Seattle Data Guy

  6. Why nobody grows up wanting to be a DevOps engineer [May 2024] - Glasskube

  7. A skeptic's first contact with Kubernetes - Mumbling about computers

  8. Go is my hammer, and everything is a nail - maragu’s blog

  9. How to Flatten Nested Python For Loops - Packet Coders

  10. CrowdStrike accepting the @PwnieAwards for “most epic fail” at @defcon. Class act. - Dominic White on X

LAST LAUGH 😆