• Human Infrastructure
  • Posts
  • Human Infrastructure 390: Ethernet Fellowship, Entry-Level Switches, Bad Arguments, and More

Human Infrastructure 390: Ethernet Fellowship, Entry-Level Switches, Bad Arguments, and More

THIS WEEK’S MUST-READ BLOGS 🤓

Steinn, aka Steinzi, has some thoughts on Juniper’s recently announced EX4000 access switches. Steinzi provides a balanced overview, highlighting good features (fast boot times, amped-up PoE, multi-gig support at a reasonable price) and not-so-good (no MACsec, no EVPN-VXLAN). He writes “If you're still nursing a fleet of aging EX2300s and basic connectivity is what you need, this is probably your jam.” But if you were hoping for advanced features at this price point, you’re out of luck. - Drew

Jennifer Minella takes apart the Justice Department’s case for blocking the HPE/Juniper acquisition. Her dismantling draws on her experience operating and supporting many of the Wi-Fi products raised in the case. She gives the DoJ’s argument a D-. I give her post an A+. - Drew

The post shares a Python script to help you clean up firewall rules in Palo Alto Networks firewalls. Suresh writes “Have you ever found yourself in a situation where you've decommissioned a server or maybe even an entire subnet, and now you're faced with the task of cleaning up your firewall? If you're using Palo Alto, you probably know that you can't just remove an address object; you first need to eliminate all its references from address groups and rules.”

He provides a script that can help, but more than that he also provides a list of prerequisites and a point-by-point explanation of what the script actually does. It’s an informative post that goes well beyond just sharing a script. - Drew

Dan Massemeno has written a multi-part series on MTU in the Packet Pushers community blog. The URL above has links to all three parts of the series. In part 3, Dan looks at “practical network interface configuration and also talk about one technology that allows for much better interoperability.” It’s a good series. Dan’s also been a guest on Heavy Networking to talk about managing OT networks and RADIUS load balancing. And by the way, if you’ve got some technical blogs you want to get out but don’t feel like setting up your own site, our community blog is open. Just hit me up on the Packet Pushers Slack and I can get you set up. - Drew 

Zoe Rose digs into a proposed use case for Cisco’s Hypershield, which is Cisco’s latest AI wiz-bang security solution that promises to use AI to “automate security policy lifecycle and security infrastructure upgrades.” In this proposed use case, Hypershield would provide distributed exploit protection by using eBPF to mitigate, in real time, at the kernel level, any known vulnerabilities that might exist in an application or service you’re running. It’s an ambitious proposal, and Zoe looks at how it might work, and where things could break down. - Drew  

MORE BLOGS

Browse Bravely.
In a brave new world of AI and the cloud, your secure browser is the new edge. Meet the Secure Browser from Prisma® Access that's designed for the future. Want to learn how Prisma® Access Browser can enable your team to browse bravely? Contact Palo Alto Networks today and experience the secure browser.
https://start.paloaltonetworks.com/contact-us-pab.html

TECH NEWS 📣 

The startup Optifye.ai is pitching AI-powered surveillance cameras to monitor worker productivity in factories. The startup took criticism after a demo video, in which the founders role-played as factory boss and factory worker, showed how the product could be used to micro-manage and dehumanize workers. Y Combinator, which is backing the startup, pulled the video.

If you think this type of surveillance product will only be used in factories and warehouses, think again. The manager that wants you back in the office five days a week wouldn’t hesitate to deploy this. - Drew

Salesforce CEO Mark Benioff said the CRM giant won’t hire any new engineers in 2025 thanks to a productivity boost from AI agents and productivity tools. The Register reports that Benioff made this assertion during Salesforce’s quarterly earnings call with investors.

Is this the first sign of a hiring apocalypse, or just some, let’s say, verbal exuberance from a Chief Executive that may change as circumstances warrant? I’m inclined to think the latter, given that The Register also reports that Salesforce missed Wall Street targets in part because of the slow uptake of Salesforce’s own AI offering to customers. - Drew

MORE NEWS

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

This monster doc from Cisco walks through BGP algorithm fundamentals, how to manipulate next hop in a variety of ways, filtering, matching and route maps, aggregation, confederation and route reflectors, and concludes with a practical design example that walks through configurations and show command output. Bookmark this one. - Ethan

From their website. “Putting your APIs online shouldn't be hard. So we made it easy. ngrok is the flexible API gateway for instant, secure connectivity anywhere—public or private. Ditch the infrastructure headaches and enjoy building software again.” Basically, securely expose an API on your laptop hiding behind a firewall to the public Internet with ngrok in the middle.

There’s a free-forever tier for development. Pay-as-you-go for production use. - Ethan

From the README. “WinCse is an application that integrates AWS S3 buckets with Windows Explorer, allowing you to treat S3 buckets as if they were part of your local file system.” - Ethan

Subtrace: Wireshark for Docker Containers - subtrace via GitHub
https://github.com/subtrace/subtrace

From the README. “Subtrace is Wireshark for your Docker containers. It lets developers see all incoming and outgoing requests in their backend server so that they can resolve production issues faster.” This isn’t a packet dissector. Looks like an HTTP request parser. But I get what they mean with the Wireshark comparison. Quickstart guide here. - Ethan

The venerable ad-blocking DNS server that runs on a Raspberry Pi has the following new features in v6.

  1. Embedded web server & REST API

  2. Advanced filtering & allowlists

  3. Consolidated configuration files

  4. Completely overhauled UI

  5. Native HTTPS support

  6. Docker image based on Alpine now

I’ve been meaning to try Pi-hole again. I ran it several years back, and so many website flat out broke that it wasn’t worth the fight. Maybe it’s easier now? - Ethan

Meet the Packet Pushers at DCD Connect!
Join Ethan Banks and Drew Conry-Murray at DCD Connect in NYC this March! DCD Connect brings together more than 3,500 senior leaders working on some of the largest data center projects in North America. Register here and use the code PACKET and we’ll see you in New York! Ethan and Drew will be on site March 24th. Come say hello and collect your free virtual donut!

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

It’s easy to take Ethernet for granted. Peter Jones reminds us that Ethernet is a living standard that continues to evolve thanks to the hard work of a lot of people. Peter includes a Tolkein-esque map to illustrate all the various organizations involved in maintaining and advancing the standard, and describes the role of the Ethernet Alliance. - Drew 

SASE vendor Cato Networks is tapping AWS’s Bedrock as the foundation for generative AI features in its SASE offering. Bedrock is a managed service that essentially lets you choose pre-existing foundational models to build genAI apps on top of.  By going with Bedrock, Cato can choose different models for different use cases, and get access to new models easily, while also keeping its AI processing within a single cloud to simplify governance. - Drew

SonicWall has dropped a new threat report. Among the bad news: attackers are getting faster, with 61% of threat actors using exploit code within 48 hours of it going public. And IoT attacks jumped 124% between 2023 and 2024. You can see other highlights (or lowlights) in the link above. - Drew 

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆