Human Infrastructure 376: Bringing New Engineers Into Networking

Author

Drew Conry-Murray
October 31, 2024

Bringing New Engineers Into Networking

At a recent PA NUG event, I participated in a panel discussion about how to bring the network engineering profession into the future. Young engineering talent—or the lack of it—drove a lot of the discussion. Attendees worry about how to find talent, and are frustrated by the lack of fundamental knowledge in the newbies they interview and hire. The kids might be conversant with Linux and Python, but subnetting and BGP are mysteries beyond their ken.

I don’t know the average age of the attendees, but it tilted toward the crustier side (myself included). And sometimes it’s hard for the crusties to remember we were once awkward foals, prone to bumble around the paddock and sometimes topple over (and not the majestic stallions galloping across the WAN that we are now). 

A second point of discussion was that the networking profession is at a transition point. Most of the attendees came of age in an environment where CLI mastery was valued and vendor certs carried weight. Certs still carry weight, but CLI mastery is being replaced by the need to understand and work with APIs, repositories, pipelines, automation tools, and [gritting my teeth here] AI.

However, the mastery of network fundamentals won’t be replaced. Essential knowledge about routing, switching, addressing, encapsulation, protocol and packet analysis, and so on is what you rely on when automation and AI breaks down and someone needs to figure out what happened, why, and how to fix it.

I think both these issues are intertwined. How do we bring a new generation of wobbly foals into the paddock, and how do we ensure that the modern skills they develop are built on a strong foundation of network fundamentals?

Four Ideas 

1. Look to build, not hire, experts. We’ve all seen the job ads that want someone with a career’s worth of credentials for an entry-level position. And I understand why: everybody’s busy, and it would be ideal to hire someone who can contribute on day one with no need for hand-holding. But that’s not realistic, especially for entry-level hires. 

I’d love to see organizations intentionally develop an apprenticeship model, where newbies are paired with more experienced practitioners. Sometimes this happens organically, but I think organizations would be smart to adopt this approach, or something like it, on purpose.

2. Don’t gatekeep. As a profession, networking is mostly white and male. We need to broaden the base of people coming into this discipline. There are folks like Lexie Cooper, Alexis Bertholf, and Du’An Lightfoot who promote networking as a fascinating, compelling, and rewarding career. Inevitably, they are attacked by gatekeeping dipshits. Don’t tolerate the dipshits online or on your team. (And if you are a dipshit, get counseling. You don’t need to go through life resentful, afraid, and hostile.)

3. Be open to multiple avenues into the profession. After the event, several people mentioned to me that they came into networking without traditional credentials such as a college degree. And that’s great! Organizations looking for engineers should consider sources such as community colleges, people who trained as programmers but think networking looks more fun, people considering a career change, and so on. There’s a lot of talent out there!

4. Emphasize the fundamentals. Teach and preach the fundamentals to your team. Point them to resources that helped you. Give them time, space, and opportunities to learn. Tie fundamentals back to the work being done every day in your organization. Use online resources, including YouTube, courses, and podcasts. (Case in point: we just launched N Is For Networking, a podcast that teaches fundamentals to networking newcomers.)

Shape The Future

The networking discipline of the future is being developed right now. Which means right now is your opportunity to influence its development. Think about what got you excited about networking. Think about what piques your interest in packets, what makes you want to crack open a networking book, or fire up a lab. Then communicate that excitement and interest to others. Write a blog. Post on LinkedIn. Talk to a Girl Scout troop or a youth group. Help shape the future you want to see. - Drew

THIS WEEK’S MUST-READ BLOGS 🤓

Pierre Bourdon dug into some strange TCP RSTs he was seeing, as he wasn’t initiating the connections he was receiving the resets for. That took him on a journey of discovery where it wasn’t backscatter or spoofing. But it was related to the fact he operates a Tor relay. - Ethan

Many of us have side projects in a folder on a desktop, or in the public cloud app, or down in a basement. And whether it’s a tech project, a business idea, or a creative work, the more we put them off (or add new ones) the more they haunt us. This post aims to make those of us with unfinished side projects feel a little better about these orphans. The big idea is to regard unfinished projects as learning experiences that advance us along our journey. The post notes “...incomplete projects aren't failures; they're the building blocks of greater understanding and mastery in your craft.” I like that perspective. - Drew

Phil Gervasi provides a good overview of how Large Language Models (LLMs) can be applied to network operations tasks. He describes two use cases that you can experiment with today using existing LLMs, and looks ahead to the coming of AI agents that will tie into automation workflows. The first use case is to turn an LLM on a large dataset such as logs or network metrics. He writes  “Some practical uses for this method are summarizing syslog messages, identifying related events in a log file, or reviewing code for you that you include in your prompt.”

He also describes how to integrate an LLM into a network operations workflow. This second use case is more complicated, but his post outlines the steps you can take and tools you can play with.

While I’m wary of AI hype, I’m becoming more convinced that LLMs can be applied to the networking domain. That said, you have to understand their limitations and drawbacks, which this post also outlines. If you’re on the fence, Phil suggests that now is a good time to start experimenting with these tools to see what they can–and can’t–do for you. - Drew

This post has everything you’d expect from Ivan Pepelnjak: Technical detail, a bit of a history lesson, and some sharp criticism for vendors foisting oddball designs on the world to “look cool.” He concludes with this: “I understand that some people love trying out EBGP as a better IGP, but if your vendor tells you to run EVPN AF over an EBGP session between loopback interfaces, it’s time to change your vendor or your design (and go for IBGP-over-IGP).” - Drew 

Lindsay expresses some frustration with Juniper’s new release process, which went from quarterly software releases to twice-a-year. He appreciates the simplified release process, but he feels like Juniper still isn’t following through. He writes “But here’s the thing with a simplified release process: you’ve got no excuses for not delivering. I have no issue with 6-monthly feature releases. But it feels like they’re doing annual releases these days.” He goes on to site some problems he’s run into on different Juniper platforms that should’ve been addressed with a simplified release schedule. The culprit ? Lindsay thinks it’s the pending acquisition by HPE. Hard not to agree with that one. - Drew 

Chart Industries: Enabling Innovation and Business Performance with Alkira

See how Chart Industries, a global manufacturer of industrial gas and energy products was able to reduce latency by 6X, instantly spin up new locations and provision its networks in days rather than months. Go to www.alkira.com

TECH NEWS 📣

Steven J. Vaughan-Nichols defines “open washing”, where a company will say their product is open source…when it really isn’t once you peer into the license closely enough. Why would companies do this? He reports, “Open washing enables companies to capitalize on the positive perception of open source and open practices without actually committing to them. This can help improve their public image and appeal to consumers who value transparency and openness.” There are other reasons Steven outlines as the piece goes on. - Ethan

The title of this piece implies we’ll have eBPF on Windows like we do on Linux, and it turns out…yes, but the implementation will be different.

“Like the Linux eBPF, Windows eBPF will execute small eBPF bytecode programs within the kernel itself.

Unlike the Linux version, however, the Windows build only uses an interpreter for debugging non-production builds. For production use, it will rely on native code generation, which “involves loading Windows drivers that contain signed eBPF programs,” wrote Microsoft Principal Software Engineer Alan Jowett, in a 2022 blog post.

“Due to the risks associated with having an interpreter in the kernel address space, it was decided to only enable it for non-production signed builds.”

The project Microsoft is building “will bring bytecode compatibility with Linux eBPF, [Thomas] Graf said. But the hook points where eBPF connects to the kernel may differ, given the differences with the Windows system calls.”

Still. eBPF for Windows is coming, and it’s driving standardization in the eBPF world. - Ethan

IBM spent $34B in Red Hat back in July 2019. According to Timothy Prickett Morgan’s calculations, it was worth it. He reports…

“There is little question that IBM’s market capitalization has grown from $104.9 billion at the end of October 2018 to more than $200 billion, growth largely been powered by the Red Hat acquisition. Assuming market capitalization grows at the pace it now has along with the Red Hat business for the next three quarters, and assuming the “Telum II” System z17 mainframes come out in early 2025 and the Power11 systems come out in May or June, there is reason to believe that IBM’s market capitalization will grow to $233 billion if current trends persist, and the incremental gain in market cap since Red Hat merged into IBM will be 3.8X the cost of buying Red Hat. So, in essence, Red Hat will have paid back the cash for its cost in revenues and nearly four times that acquisition cost over the same time in market cap gains.”

Time will tell if the HashiCorp acquisition will work out similarly. - Ethan

FOR THE LULZ 🤣

Selector Webinar: The Incredible Automation Journey at Lumen

Discover how AIOps plays a crucial role in mechanizing network operations at Lumen, a global telecommunications service provider. Watch Selector's on-demand webinar, "The Incredible Automation Journey at Lumen," where host and network engineering expert Dave Siegel welcomes Lumen VP of Network and Customer Transformation Greg Freeman to explore how Selector’s powerful AI/ML helps automate hundreds of workflows within the Lumen ecosystem, improving network resiliency as well as customer experience.


Gain valuable insight into automation technology and techniques. Plus, find out how your organization can accelerate productivity and enhance customer outcomes by taking the first steps towards automation. Watch the on-demand event today!

RESEARCH & RESOURCES 📒

The lite version of wireless tool vendor Hamina’s Planner is free in exchange for your contact info.

What is this thing? “Hamina Network Planner is a web-based Wi-Fi and IoT design tool! Some people call it a "predictive modeling" tool, since you draw walls and buildings to create a model of a wireless network. Predictive modeling tools make network design super fast.”

What can do you with the free version? “Hamina Planner Lite is totally free, and includes several sample projects to explore and edit. You can also start a new project, and place up to three access points to design your home wireless network.”

The non-lite versions are non-free, but the point of the lite version is to show off this tool…which I hear from wireless nerds is pretty wonderful. - Ethan

dn42 - A global networking lab environment…sort of
https://wiki.dn42.us/home

What’s dn42 all about? “dn42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in dn42 is fun!

Participating in dn42 is primarily useful for learning routing technologies such as BGP, using a reasonably large network (> 1500 AS, > 1700 prefixes).

Since dn42 is very similar to the Internet, it can be used as a hands-on testing ground for new ideas, or simply to learn real networking stuff that you probably can't do on the Internet (BGP multihoming, transit). The biggest advantage when compared to the Internet: if you break something in the network, you won't have any big network operator yelling angrily at you.”

Plenty more to know about dn42 if you click through. BTW if you try this out or are already connected, let me know your impressions. - Ethan

btop is a handsome CLI-based resource utilization monitor for Linux. The piece walks you through getting it installed and explains some use cases. - Ethan

From the README.md. “LTESniffer is a tool that can capture the LTE wireless messages that are sent between a cell tower and smartphones connected to it. LTESniffer supports capturing the messages in both directions, from the tower to the smartphones, and from the smartphones back to the cell tower.

LTESniffer CANNOT DECRYPT encrypted messages between the cell tower and smartphones. It can be used for analyzing unencrypted parts of the communication between the cell tower and smartphones.”

Have fun! - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

You might recall that SaltStack was acquired by VMware back in 2020. And I’m pretty sure people who know nothing about IT have heard the despairing cries regarding Broadcom’s acquisition of VMware. Here’s yet more fallout. The Salt Project Team reports…

”This week, packages from repo.saltproject.io will be migrated to packages.broadcom.com. This means a variety of disruptive changes are being implemented around installing, upgrading, and pinning/locking Salt. Why the change? In order to integrate with Broadcom infrastructure and policies, we are migrating off of AWS public cloud infrastructure and consolidating services used by Salt Project by end of October 2024.”

Other changes are afoot as well, including a migration to GitHub pages for some resources. This is a must-read if you are a Salt Project consumer. Breaking changes ahead. - Ethan

Apple goes into copious detail explain how, when your Apple Intelligence request must go into the cloud, it’s still secure. While this is no doubt a marketing exercise on some level, that’s not primarily how this document from Uncle Tim comes across. Rather, the tone of the pages I sampled from the doc is serious-yet-readable, with plenty of facts, diagrams, and documentation. - Ethan

EnGenius is reaching out to SMBs with a price-sensitive network product bundle that includes a VPN router for site-to-site and client-to-site connectivity, a 24-port switch, two Wi-Fi 6 APs, and two PoE injectors for an MSRP of $799. Called the SecuPoint Triad, EnGenius says the products can be managed from the EnGenius cloud. The company says the VPN router also includes an L7 firewall and supports application-based policy routing. - Drew

Invariant is a startup that lets you model your network based on device configurations and routing information. Network engineers can then use this model to test changes and updates in a safe environment that mirrors your production network. Invariant recently posted an example of how to use this model to check for exposure to vulnerabilities. It uses the Linux CUPS vulnerability as a test case. Check out the post linked above, and if you want more details about Invariant, I blogged about them here. - Drew 

Extreme Networks has added some modest new capabilities to its Zero Trust Network Access (ZTNA) offering. They include being able to automatically identify private applications accessed within the company, and to track when and where they are being accessed by users. Also new is the ability to enforce policies across the entire Extreme portfolio, plus third-party switches and APs. - Drew

Aviatrix, which provides a cloud-based Network as a Service offering, has added enhancements to its cloud firewall with the ability to set policies based on geolocation and threat groups. From the press release: “Many organizations struggle with two major challenging use cases in their cloud networking strategy: secure cloud egress and secure hybrid-cloud connectivity. Aviatrix’s new software release and enhancements are designed to address these challenges—simplifying network architecture and improving security while reducing complexity and cost.” - Drew 

SonicWall has released its latest threat report. From the press release: “SonicWall released its latest threat brief focused exclusively on governments, reporting a staggering 236% year-over-year increase in malware-related attacks against government organizations globally during the first quarter of 2024. This alarming trend coincides with a notable 27% rise in attacks in the month leading up to the upcoming election, underscoring the urgent need for enhanced security measures.” You can read the report here without having to sacrifice your contact details. - Drew

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆