Curiefense is a new, open source Web application firewall designed for cloud-native environments. Currently a "sandbox" project in the Cloud Native Computing Foundation, Curiefense is now generally available.

The post Curiefense, A New Open Source Web App Firewall, Tackles Cloud-Native Security appeared first on Packet Pushers.

Martez Reed, Director of Technical Marketing at Morpheus Data, joins the Day Two Cloud podcast for a discussion. To hear this entire conversation, GO HERE. And hey, have a great day. You’re doing an outstanding job. 👍 You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a […]

The post What Is Technical Marketing?😳🧐 – Video appeared first on Packet Pushers.

A few months ago I described how you could use JSON Schema to validate your automation data models, host/group variable files, or even Ansible inventory file.

I had to use a weird toolchain to get it done – either ansible-inventory to build a complete data model from various inventory sources, or yq to convert YAML to JSON… and just for the giggles jsonschema CLI command requires the JSON input to reside in a file, so you have to use a temporary file to get the job done.

<style type="text/css">.fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link) , .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):before, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):after {color: #f2b310;}.fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:before, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:after {color: #f2b310;}.fusion-fullwidth.fusion-builder-row-1 .pagination a.inactive:hover, .fusion-fullwidth.fusion-builder-row-1 .fusion-filters .fusion-filter.fusion-active a {border-color: #f2b310;}.fusion-fullwidth.fusion-builder-row-1 .pagination .current {border-color: #f2b310; background-color: #f2b310;}.fusion-fullwidth.fusion-builder-row-1 .fusion-filters .fusion-filter.fusion-active a, .fusion-fullwidth.fusion-builder-row-1 .fusion-date-and-formats .fusion-format-box, .fusion-fullwidth.fusion-builder-row-1 .fusion-popover, .fusion-fullwidth.fusion-builder-row-1 .tooltip-shortcode {color: #f2b310;}#main .fusion-fullwidth.fusion-builder-row-1 .post .blog-shortcode-post-title a:hover {color: #f2b310;}</style>

The post AI Series Part 1: Introduction to the Modern Threats of AI appeared first on Netragard.

One of my readers sent me this question:

My job required me to determine if one IP address is unicast or anycast. Is it possible to get this information from the bgp dump?

TL&DR: Not with anything close to 100% reliability.

If you’re not familiar with IP anycast: it’s a brilliant idea of advertising the same prefix from multiple independent locations, or the same IP address from multiple servers. Works like a charm for UDP (that’s how all root DNS servers are built) and supposedly pretty well across distant-enough locations for TCP (with a long list of caveats when used within a data center).

In-person events will return some day. In the meantime, a huge crop of tech companies and investors are betting that virtual events can thrive not just during a pandemic, but beyond.

The post Betting On Virtual Events In A Post-Covid World appeared first on Packet Pushers.

One aspect of networking is that some understanding of the protocols using the network is required. As HTTPS replaces nearly all other protocols I would suggest that everyone needs a working understanding of how a web page is fetched by a web browser. WebPageTest is a community tool that reads web pages and then displays […]

Now that you know all about regions and availability zones (AZ) and the ways AWS and Azure implement subnets, let’s get to the crux of the original question Daniel Dib sent me:

As I understand it, subnets in Azure span availability zones. Do you see any drawback to this? You mentioned that it’s difficult to create application swimlanes that way. But does subnet matter if your VMs are in different AZs?

It’s time I explain the concepts of application swimlanes and how they apply to availability zones in public clouds.

Up to a year to patch a modest Linux kernel vulnerability

A while ago Antti Leimio wrote a long twitter thread describing his frustrations with Cisco ACI object model. I asked him for permission to repost the whole thread as those things tend to get lost, and he graciously allowed me to do it, so here we go.

---

I took a 5 days Cisco DCACI course. This is all new to me. I’m confused. Who is ACI for? Capabilities and completeness of features is fantastic but how to manage this complex system?

Juniper Networks is rebuilding its enterprise SD-WAN strategy around the Session-Smart Router (SSR) from 128 Technology, which Juniper acquired in October 2020. The Session-Smart Router integrates with Juniper's Mist AI platform and will replace Contrail Service Orchestration as its enterprise SD-WAN play.

The post Juniper Rebuilds Its Enterprise SD-WAN Strategy With The Session-Smart Router appeared first on Packet Pushers.

We all know that building snowflake networks is bad, right? If it’s not a repeatable process it’s going to end up being a problem down the road. If we can’t refer back to documentation to shows why we did something we’re going to end up causing issues and reducing reliability. But what happens when a snowflake process is required to fix a bigger problem? It’s a fun story that highlights where process can break down sometimes.

Reloaded

I’ve mentioned before that I spent about six months doing telephone tech support for Gateway computers. This was back in 2003 so Windows XP was the hottest operating system out there. The nature of support means that you’re going to be spending more time working on older things. In my case this was Windows 95 and 98. Windows 98 was a pain but it was easy to work on.

One of the most common processes we had for Windows 98 was a system reload. It was the last line of defense to fix massive issues or remove viruses. It was something that was second nature to any of the technicians on the help desk:

1. Boot from the Gateway tools CD and use GWSCAN to write zeros to the hard drive.
2. Reboot from the CD and use FDISK to partition the hard disk.
3. Format the drive.
4. Insert the Windows 98 OS CD and copy the CAB installation files to a folder on the hard drive.
5. Run setup from the hard drive and let it complete.
6. When Windows comes back up, insert the driver CD and let install all the drivers.

The whole process took two or three phone calls to complete. Any time you got to something that would take more than fifteen minutes to complete you logged the steps in the customer trouble ticket and had them call back when it was completed. The process was so standard that it had its own acronym in the documentation – FFR, which stood for “FDISK, Format, Reload”. If you told someone where you were in the process they could finish it no problem.

Me, Me, ME

The whole process was manual with lots of steps and could intimidate customers. At some point in the development process the Gateway folks came up with a solution for Windows ME that they thought worked better. Instead of the manual steps of copying files and drivers and such, Gateway loaded the OS CD with a copy of the image they wanted for their specific model type. The image was installed using ImageCast, an imaging program that just dropped the image down on the drive without the need to do all the other steps. In theory, it was simple and reduced call times for the help desk.

In practice, Windows ME was a disaster to work on. The ImageCast program worked about half the time. If you didn’t pick the right options in the reload process it would partition the hard drive and add a second clean copy of WinME without removing the first one. It would change the MBR to have two installations to choose from with the same identifiers so users would get confused as to which was which. And the image itself seemed to be missing programs and drivers. The fact that there was a Driver CD that shipped with the system made us all wonder what the real idea behind this “improved” process was.

Because Windows ME was such a nightmare to reload, our call center got creative. We had a process that worked for Windows 98. We had all the files we needed on the disks. Why not do it the “right” way? So we did. Informally, the reload process for Windows ME was the same as Windows 98. We would FFR Windows ME boxes and make sure they looked right when they came back. No crazy ImageCasting programs or broken software loads.

The only issue? It was an informal snowflake process. It worked much better but if someone called the main help desk number and got another call center they would be in the middle of an unsupported process. The other call center tech would simply start the regular process and screw up the work we’d done already. To counter that, we would tell the customer to call our special callback voicemail box and not do anything until we called them back. That meant the reload process took many more hours for an already unhappy customer. The end result was better but could lead to frustrations.

Let It Snow

Was our informal snowflake process good or bad? It’s tough to say. It led to happier customers. It meant the likelihood of future support calls was lower because the system was properly reloaded instead of relying on a broken image. However, it was stressful for the tech that worked on the ticket because they had to own the process the whole way through. It also meant that you had to ensure the customer wouldn’t call back and disrupt the process with someone else on the phone.

The process was broken and it needed to be fixed. However, the way to fix the broken process wasn’t easy to figure out. The national line had their process and they were going to stick to it. We came up with an alternative but it wasn’t going to be adopted. Yet, we still kept using our process as often as possible because we felt we were right.

In your enterprise, you need to understand process. Small companies need processes that are repeatable for the ease of their employees. Large companies need processes to keep things consistent. Many companies that face regulatory oversight need processes followed exactly to ensure compliance. The ability to go rogue and just do it the way you want isn’t always desired.

If you have users that are going around the process you need to find out why. We see it all the time. Security rules that get ignored. Documentation requirements that are given the bare minimum effort. Remember the shutdown dialog box in Windows Server 2003? Most people did a token entry before rebooting. And having eighteen entries of “;lkj;kljl;k” doesn’t help figure out what’s going on.

Get your users to tell you why they need a snowflake process. Especially if there’s more than one person relying on it. The odds are very good that they’ve found hiccups that you need to address. Maybe it’s data entry for old systems. Perhaps it’s problem with the requirements or the order of the steps. Whatever it is you have to understand it and fix it. The snowflake may be a better way to do things. You have to investigate and figure it out otherwise your processes will be forever broken.

---

Tom’s Take

Inbound tech support is full of stories like these. We find a broken process and we go around it. It’s not always the best solution but it’s the one that works for us. However, building a toolbox full of snowflake processes and solutions that no one else knows about is a path to headaches. You need to model your process around what people need to accomplish and how they do it instead of just assuming they’re going to shoehorn their workflow into your checklist. If you process doesn’t work for your people, you’d better get a handle on the situation before you’re buried in a blizzard of snowflakes.

Responding to Eyvonne's piece on escalation

I concluded the Focus on Business Challenges First presentation (part of Business Aspects of Networking Technologies webinar) with a few technology guidelines starting with:

• Be vendor-agnostic (always look around to see what others are doing);
• Try to understand how the technology you’re evaluating really works (it will help you spot the potential problems before they crash your network);
• Always select what’s best for your business, not for the sales quota of your friendly $vendor account manager.

For more guidelines, watch the video (available with Free ipSpace.net Subscription).

Browsers keep users safe from excessive user tracking

Every now and then I’m getting questions along the lines “why doesn’t X support unequal-cost multipathing (UCMP)?” for X in [ OSPF, BGP, IS-IS ].

To set the record straight: BGP does support some rudimentary form of unequal-cost multipathing with the DMZ Bandwidth community, but it only works across multiple egress points from a single autonomous system. Follow-up nerd knobs described how to use the same community over EBGP sessions; not sure whether anyone implemented that part (comments welcome).

One of my readers was “blessed” with the stretched VLANs requirement combined with the need for inter-VLAN routing and sub-par equipment from a vendor not exactly known for their data center switching products. Before going on, you might want to read his description of the challenge he’s facing and what I had to say about the idea of building stackable switches across multiple locations.

Here’s an overview diagram of what my reader was facing. The core switches in each location work as a single device (virtual chassis), and there’s MLAG between core and edge switches. The early 2000s just called and they were proud of the design (but to be honest, sometimes one has to work with the tools his boss bought, so…).

Now that we know what regions and availability zones are, let’s go back to Daniel Dib’s question:

As I understand it, subnets in Azure span availability zones. Do you see any drawback to this? Does subnet matter if your VMs are in different AZs?

Wait, what? A subnet is stretched across multiple failure domains? Didn’t Ivan claim that’s ridiculous?

TL&DR: What I claimed was that a single layer-2 network is a single failure domain. Things are a bit more complex in public clouds. Keep reading and you’ll find out why.

As the pandemic continues, the network operational community continues to meet online. NANOG held its 81st meeting on February 8 and 9, and these are my notes from some of the presentations at that meeting.

A few weeks ago Adrian Giacometti described a no-stretched-VLANs disaster recovery design he used for one of his customers.

The blog post and related LinkedIn posts generated tons of comments (and objections from the usual suspects), prompting Adrian to write a sequel describing the design requirements he was facing, tradeoffs he made, and interactions between server and networking team needed to make it happen.

The next time you’re about to whimper how you can’t do anything to get rid of stretched VLANs (or some other stupidity) because whatever, take a few minutes and read How To Put Faith in UX Design by Scott Berkun, mentally replacing UX Design with Network Design. Here’s the part I loved most:

[… ]there are only three reasonable choices:

• Move into a role where you make the important decisions.
• Become better at influencing decision makers.
• Find a place to work that has higher standards (or start your own).

Unfortunately the most common choice might be #4: complain and/or do nothing.

Andy Jassy, the top executive at AWS, will step into the role of  CEO of Amazon some time in 2021. Who will take over at AWS? It doesn’t really matter. Here’s why: 1. The operating model and corporate culture are in place Amazon spent years developing an effective way to share infrastructure within the organization. […]

The post 4 Reasons The Next CEO Of AWS Doesn’t Really Matter appeared first on Packet Pushers.

In this Day Two Cloud podcast clip, we discuss whether the code we use to manage our infrastructure and the code we use for our applications should be stored in different repositories. To hear the entire episode, go to Day Two Cloud 085: Hosting Your Infrastructure Code In The Cloud. Hosts Ned Bellavance and Ethan […]

The post Should App Code & IaC Be In Separate Repositories? – Video appeared first on Packet Pushers.

It’s amazing to me that it’s been ten years since I attended by first Tech Field Day event. I remember being excited to be invited to Tech Field Day 5 and then having to rush out of town a day early to beat a blizzard to be able to attend. Given that we just went through another blizzard here I thought the timing was appropriate.

How did attending an industry event change my life? How could something with only a dozen people over a couple of days change the way I looked at my career? I know I’ve mentioned parts of this to people in the past but I feel like it’s important to talk about how each piece of the puzzle built on the rest to get me to where I am today.

Voices Carry

The first thing Tech Field Day did to change my life was to show me that I mattered. I grew up in a very small town and spent most of my formative school years being bored. The Internet didn’t exist in a usable form for me. I devoured information wherever I could find it. And I languished as I realized that I needed more to keep learning at the pace I wanted. When I finally got through college and started working in my career the same thing kept happening. I would learn about a subject and keep devouring that knowledge until I exhausted it. Yet I still wanted more.

Tech Field Day reinforced that my decision to start a blog to share what I was learning was the right one. It wasn’t as much about the learning as it was the explanation. Early on I thought a blog was just about finding some esoteric configuration stanza and writing about it. It wasn’t until later on that I figured out that my analysis and understanding and explanation was more important overall. Even my latest posts about more “soft skill” kinds of ideas are less about the ideas and how I apply them.

Blogging and podcasting are just tools to share the ideas that we have. We all have our own perspectives and people enjoy listening to those. They may not always agree. They may have their own opinions that they want to share. However, the part that is super critical is that everyone is able to share in a place where they can be discussed and analyzed and understood. As long as we all learn and grow from what we share then the process works. It’s when we stop learning and sharing and try to protest that our way is right and the only way that we stop growing.

Tech Field Day gave me the platform to see that my voice mattered and that people listened. Not just read. Not just shared. That they listened and that they wanted to hear more. People started asking me to comment on things outside of my comfort zone. Maybe it was wireless networking. It could have been storage or virtualization or even AI. It encouraged me to learn more and more because who I was and what I said was interesting. The young kid that could never find someone to listen when I wanted to talk about Star Wars or BattleTech or Advanced Dungeons and Dragons was suddenly the adult that everyone wanted to ask questions to. It changed the way I looked at how I shared with people for the better.

Not Just a Member, But the President

The second way Tech Field Day changed my life was when I’d finally had enough of what I was doing. Because of all the things that I had seen in my events from 2011 to 2013, I realized that working as an engineer and operations person for a reseller had a ceiling I was quickly going to hit. The challenges were less fun and more frustrating. I could see technology on the horizon and I didn’t have a path to get to a place to implement it. It felt like watching something cool happening outside in the yard while I was stuck inside washing the dishes.

Thankfully, Stephen Foskett knew what I needed to hear. When I expressed frustration he encouraged me to look around for what I wanted. When I tried to find a different line of work that didn’t understand why I blogged, it crystallized in me that I needed something very different from what I was doing. Changing who I was working for wasn’t enough. I needed something different.

Stephen recognized that and told me he wanted me to come on board without him. No joking that my job offer was “Do you want to be the Dread Pirate Roberts? I think you’d make an excellent Dread Pirate.”. He told me that it was hard work and unlike anything I’d ever done. No more CLI. No more router installations. In place of that would be event planning and video editing and taking briefings from companies all over the place about what they were building. I laughed and told him I was in.

And for the past eight years I’ve been a part of the thing that showed me that my voice mattered. As I learned the ropes to support the events and eventually started running them myself, I also grew as a person in a different way. I stopped by shy and reserved and came out of my shell. When you’re the face of the event you don’t have time to be hiding in the corner. I learned how to talk to people. I also learned how to listen and not just wait for my turn to talk. I figured out how to get people to talk about themselves when they didn’t want to.

Now the person I am is different from the nerdy kid that started a blog over ten years ago. It’s not just that I know more. Or that I’m willing to share it with people. It has now changed into getting info and sharing it. It’s about finding great people and building them up like I was built up. Every time I see someone come to the event for the first time I’m reminded of me all those years ago trying to figure out what I’d gotten myself into. Watching people learn the same things I’ve learned all over again warms my heart and shows me that we can change people for the better by showing them what they’re capable of and that they matter.

---

Tom’s Take

Tech Field Day isn’t an event of thousands. It’s personal and important to those that attend and participate. It’s not going to stop global warming or save the whales. Instead, it’s about the people that come. It’s about showing them they matter and that they have a voice and that people listen. It’s about helping people grow and become something they may not even realize they’re capable of. I know I sound biased because the pay the bills but even if I didn’t work there right now I would still be thankful for my time as a delegate and for the way that I was able to grow from those early days into a better member of the community. My life was changed when I got on that airplane ten years ago and I couldn’t be happier.

In January, Jason Edelman kindly invited me for a chat about the state of (software defined) networking and network automation in particular. The recording was recently published on Network Collective.

Not content with having dug the Northbound Networks Zodiac FX out of a pile of overlooked technology in my office, I thought that the poor thing desperately needed to have a case to sit in. When I originally received the switch, I did not have a 3D printer and had no idea what it would take to make a case; now though, I do have a 3D printer … and no idea what it would take to make a case. Sounds like a plan to me!

Measuring the Zodiac FX

The most important tool I bought to go with my 3D printer (a Creality CR6-SE) was some digital calipers. I discovered early on how important it was to ensure that if I was going to screw up, I should be able to screw up accurately.

<figure class="wp-block-image size-large"></figure>

These calipers are made by RexBeti, and if you’ve never heard of that company that’s ok, because before I purchased this I hadn’t either. The calipers claim to be accurate to 0.01mm, but I don’t have any way to validate that claim, so let’s just assume that they are. I do know that it beats using a ruler. A few minutes of careful mismeasurement later and I had a page of diagrams showing all the critical dimensions of the switch board from which I could use to create sketches in Fusion360 and hopefully generate some kind of 3D model.

Modeling a Case

In the end I went with a pretty simple design; purely functional, no chamfering or filleting of the edges, and a simple clip system on the side to close the case. The base and lid are shown here in Cura (preparing to be printed):

<figure class="wp-block-image size-large"></figure>

Holding the board in place without screws was achieved in part by making the base a close fit to the size of the board and designing it so that the board would sit inside it, then using a combination of rigid components on the lid which would press down on the board to hold in in place. There are small pieces in each corner which sit against the board, and there is also a bar running across the top the ethernet ports.

Printing the Zodiac FX Case

The Zodiac FX has a power LED, but it’s on the board at the back left hand side which is not ideal unless you fancy making some kind of light pipe to bring that light to the front of the switch, which I do not. Therefore I decided to print the case in crystal PLA which is translucent enough to allow the green LED to diffuse through the case and be visible from the outside. A regular, opaque PLA would not have done this and would not be as pretty. This decision also meant that I printed with 100% infill, because seeing the cubic infill pattern at 40% infill is cute, but not great. The results were pretty acceptable, all things considered:

<figure class="wp-block-image size-large"></figure> <figure class="wp-block-image size-large"></figure>

Assembly

I then added the board to the base, and ensured that it fit correctly.

<figure class="wp-block-image size-large"></figure>

Then I added the lid, clicked the clips into place, and plugged in the power!

<figure class="wp-block-image size-large"></figure>

Not bad for a quick job. The tolerances are quite tight, so may need tweaking depending on the materials and printing environment, but this worked well for me and my set up (Creality CR6-SE, IIID+ Crystal PLA+ filament, 0.2mm layer height, 80mm/s fill, 40mm/s walls, 200degC hot end, 65degC base, no supports). I got a very small bit of elephant’s foot in one corner of the base, but it wasn’t significant enough to consider reprinting.

Thingiverse

I know that there are literally thousands of you who have been waiting for this, so of course my Zodiac FX Case is on Thingiverse. I’ve posted the STL files there as well as a STEP file for those who really hate themselves. Believe it or not, there’s another case design on Thingiverse from 2016, as it turns out; so now there are two.

Ok, that was fun. Does that mean I have to do something with it now?

If you liked this post, please do click through to the source at Zodiac FX Gets a 3D Printed Case and give me a share/like. Thank you!

Bandwidth map of global internet

Last year I wrote an article describing data model optimization going from a simple this is what we need to configure individual devices to a highly polished high-level network nodes and links model. Not surprisingly, as Jeremy Schulman was quick to point out, the latter one had Jinja2 templates you wouldn’t want to debug. Ever. You can’t run away from complexity… but you can manage it.

Many successful network automation solutions (example: Cisco NSO) solve the “we’d love to work with high-level data models but hate complex templates” challenge with data transformation: operators work with an abstracted data model describing services, nodes and links, and the device configuration templates use low-level data derived from the abstracted data models through a series of business logic rules or lookups (aka network design).

The following post is aimed for photographers and other digital hoarders. Those of us that want to keep various digital assets not just for a few years, but a lifetime, and even multiple lifetimes (passed down, etc.)

There are three levels of data protection: Data resiliency, data backup, and data archive.

Data Resiliency (Redundant Disks, RAID, NAS/DAS)

Data resiliency is when you have multiple disks in some sort of redundant configuration. Typically this is some type of RAID array, through there are other technologies now that operate similar to RAID (such as ZFS, Storage Spaces, etc.) This will protect you from a drive failure. It will not, however, protect you from accidental file deletion, theft, flood/natural disaster, etc. The drives have the same file system on them, and thus have a lot of “shared fate”, where if something happens to one, it can happen to the other.

To put it simply, while there are some scenarios where your data is protected by data resiliency (drive failure), there are scenarios where it won’t (flood, theft).

RAID is not backup.

Data Backup

One of the maxims we have in the IT industry in which I’ve worked for the past 20 years is RAID is not backup. As stated in the previous section, there are scenarios where RAID will not keep your data safe. What will make it safer in the short term is to have a good backup solution. Data backup is not generally a long-term solution, but it is something that’s good to have.

A data backup is a mechanism where files are copied from your active environment to a non-active environment. Probably the best general backup mechanism I’ve seen is Time Machine from Apple. You can designate a drive, typically an external one, and the system automatically backs up files to that drive. You can browse the history of your file and file systems and retrieve something you deleted months ago.

There are lots of cloud solutions now, where your data is backed up to a cloud service like Dropbox, Backblaze, etc. Short term, I like these solutions. I do not like them for long term solutions.

I don’t like them for archive.

Backup is not archive.

Archive

Archive is probably what most of us really want long term. Our treasured photos, memories, projects, etc., we want to keep them forever. Not only do we want them to last our entire lifetime, we want to be able to pass them to our heirs.

Over the years and decades, your data will have different homes. Multiple drives or even arrays, copied from one to the other.

I don’t like any backup solutions for archive, as backup solutions are too tied to a particular platform. The best backup solution is putting your files in a file structure.

For photos, I prefer having the JPEGs, raw files, HEIFs, etc., just in file systems. I don’t like them stored in photo management systems like Apple Photos or Adobe Lightroom. These systems change/evolve over time, and it can make accessing them a decade from now difficult. I’ve run into this with Apple iPhotos, which transitioned to Photos a few years ago. Photos will convert an older iPhotos repos into Photos, but it’s not always perfect. It’s just much easier to have the basic files in a basic file structure.

These files will be copied onto multiple hard drives so there are multiple copies, and moved every few years (about 5 years or so) since hard drives have a limited life span.

Archive can often be associated with backup, but I like to keep the two distinct, as I feel there are different strategies between them.

Conclusion

There’s a lot more details that go into these three concepts of course, but I hope this will get you thinking about your long term plan for your treasured files.

The network was definitely up, and had been up. There was nothing in the logs indicating link flaps, spanning-tree convergence events, or routing process adjacency changes. The packets had been, were presently, and presumably would forever be flowing. Flowing like a river. I was pondering this inaccurate version of reality because of an annoying ticket that wouldn’t go away...

The post Preempting Gray Failures With AI/ML appeared first on Packet Pushers.

One of my readers sent me this interesting question:

Assuming we are running a very large OSPF area with a few thousand nodes. If we follow the chain reaction of OSPF LSA flooding while the network is converging at the same time, how would all routers come to know that they all now have same view of area link states and there are no further updates or convergence?

I have bad news: the design requirements for link state protocols effectively prevent that idea from ever working well.

Recent versions of firmware (after v0.80) running on the Northbound Networks Zodiac FX can be updated directly from the web interface, or using XMODEM via the serial console. But what if, say, you had sat one your Zodiac FX for a while and are running firmware earlier than v0.81 and have a sudden, unexpected desire to upgrade the firmware? Say you are, for example, me?

The process turned out to be less straightforward than I had hoped, so I am documenting the successful steps I followed in case it’s of use to somebody else.

My (Brief) Zodiac FX Background

Back in 2015 I backed a Kickstarter project for this awesome-sounding four-port FastEthernet SDN switch with OpenFlow support. It sounded so cool that I even ordered a two-pack as I thought it would be more fun to have two OpenFlow switches to mess around with). The project was funded successfully, but embarrassingly when the beautifully-made boards arrived in early 2016, for some reason I never quite got around to playing with them. I think it was in part because it was just a printed circuit board without a case and without easy access to 3D printing I was turned off trying to use them. In retrospect I realized that have very kind friends who have 3D printers and while I couldn’t reasonably ask them to actually design the case for me, somebody else did eventually put up a Zodiac FX case on Thingiverse (although to be honest it doesn’t look great and I intend to design my own, hopefully better case).

Either way, the boards languished in my office/lab space at home until this week when I stumbled across one of them again and thought “Oh, I wonder what’s going on with Northbound” and discovered the unfortunate reality of what 2020 did to Paul Zanna’s creation. Nonetheless, the hardware still works, so there’s no time like the present to upgrade the firmware, right? And that’s where you join me in my journey.

The (Legacy) Upgrade Process

The most important thing to have in this process will turn out to be a working USB to MicroUSB cable connecting a host PC to the Zodiac board. The USB cable powers the board and also offers a serial console connection to the host. In order to upgrade the firmware, the host computer must be able to see and use the serial console connection over the USB.

Testing The Serial Connection (macOS)

In my case, I am running macOS Catalina and when I plugged in the Zodiac FX, a new device appeared in /dev, tty.usbmodem1412401. This turned out to be the Zodiac switch, as a quick test was able to validate. After entering screen, hit ENTER a couple of times to trigger a response:

~$ screen /dev/tty.usbmodem1412401

 _____             ___               _______  __
/__  /  ____  ____/ (_)___ ______   / ____/ |/ /
  / /  / __ \/ __  / / __ `/ ___/  / /_   |   /
 / /__/ /_/ / /_/ / / /_/ / /__   / __/  /   |
/____/\____/\__,_/_/\__,_/\___/  /_/    /_/|_|
            by Northbound Networks


Type 'help' for a list of available commands

Zodiac_FX# show status

----------------------------------------------------------------
Device Status
 Firmware Version: 0.57
 CPU Temp: 27 C
 Uptime: 00:00:50
----------------------------------------------------------------

Zodiac_FX#

Bingo bingo, it’s alive and it’s running an old firmware version! To disconnect from the screen session, use Ctrl-A then Ctrl-D. Linux users should have a similar experience, but Windows users may need to install a USB driver before they see the USB device as a COM port; I have only tested it in macOS so far.

The Base Firmware Update Steps

The full procedure can be found in section 2.3 of the Northbound Networks Zodiac FX User Manual, a copy of which I am mirroring here just in case the original becomes unavailable.

In brief, the steps are to download the “full install” firmware file (currently v0.86), then:

1. Power down the board and set the ERASE jumper
2. Power up the board for 5 seconds
3. Power down the board and remove the ERASE jumper
4. Power up the board; it’s now ready to accept firmware
5. Run the Atmel “SAM-BA Programmer” software to load the full firmware file to the board.
6. Power the board off, then power it back on (i.e. reboot the board)
7. Profit!

Steps 1 to 4 went just fine and the board flash was erased successfully, ready to be programmed just in time for me to discover that the link to the Atmel SAM-BA Programmer software from the Northbound Networks update page no longer works (I won’t include it here since it’s broken). The next problem was that when I located a download for Atmel SAM-BA (now Microchip SAM-BA since Microchip acquired Atmel), I found that it was only available for Windows and Linux, but since I had a Windows device available I decided to use that. Unfortunately, despite the February 2020 release date, the software simply did not seem to work in Windows 10 and left complaints about DCOM permissions in the event log. I would have used linux, but I did not have a suitable host on which to map a USB device through to the guest OS.

Shumatech BOSSA

In the end I discovered Shumatech’s BOSSA, an open-source replacement for Atmel’s SAM-BA which is available for Windows, Linux and macOS. Installation was slightly tricky, in that the installer not only requires the application to be dragged on an Applications folder shortcut, but also requires two CLI tools (bossac and bossash) to be dragged on to a folder shortcut to /usr/local/bin and macOS apparently does not like doing that. However, double clicking on the bin icon opens up the folder in Finder, and the two CLI tools can then be dragged from the installer to the Finder window instead:

<figure class="wp-block-image size-large"></figure>

With that minor annoyance resolved, it was time to go to the shell and see if BOSSA worked as advertised.

Using BOSSA

With the Zodiac board plugged in and powered up on USB, I tried the bossash utility first to confirm if it could communicate with the device, and was delighted to see that it could:

~$ bossash
bossa> connect tty.usbmodem1412401
Connected to device on tty.usbmodem1412401
bossa> info
Device       : ATSAM4E8
Version      : v1.0 May 10 2012 18:12:25
Address      : 0x400000
Pages        : 1024
Page Size    : 512 bytes
Total Size   : 512KB
Planes       : 1
Lock Regions : 64
Locked       : none
Security     : false
Boot Flash   : false
bossa>

That’s good news, so then I tried using the bossac tool to install the “full install” binary. I selected the command line options based on comments in the user manual like:

When the “Lock region(s)” pop-up window appears select ”No”

I converted that to the option --unlock. Similarly:

Under the “Scripts” section, select “Boot from Flash (GPNVM1)” from the drop down list

…became --boot=1 (0 is ROM, 1 is flash). It’s actually the default, but I prefer setting an explicit option for clarity. The final result was as follows:

~$ bossac --erase --verify --port=tty.usbmodem1412401 --write ZodiacFX_v86_Full_Install.bin --unlock --boot=1
Unlock all regions
Erase flash

Done in 4.777 seconds
Write 499284 bytes to flash (976 pages)
[==============================] 100% (976/976 pages)
Done in 16.924 seconds
Verify 499284 bytes of flash
[==============================] 100% (976/976 pages)
Verify successful
Done in 13.204 seconds
Set boot flash true
~$

No Profit Quite Yet

With a successful write showing, I powercycled the board and connected to the serial power expecting to see the Zodiac FX prompt, but it was not to be:

[Connected]

Zodiac FX BIOS 1.10

No firmware installed, please type 'upload' to install new firmware.

If there is no firmware installed then what exactly did I just do with BOSSA? It took me a moment to realize, but there’s a subtle clue here. The option to upload a firmware update via the serial port was added in v0.81, and the BIOS seems to be offering me the option to upload a firmware update, which means that I must be running a newer version of the firmware, or at least enough of it to get into the BIOS. With that in mind I downloaded the ‘update’ firmware and used XMODEM to transfer the file to the board.

Ok, Boomer; XMODEM?

Yes, kiddo; XMODEM. Back when I was a child, it was possible to recover seemingly unrecoverable Cisco routers from ROMMON by loading a new IOS image over the serial port using the XMODEM protocol. If I felt brave, I would up the ante and use YMODEM. The update file for this board is only 200KB; now imagine how it felt transferring an IOS image over a serial port. Anyway, the point is, it’s possible to transfer a file over the serial port, and XMODEM is one way to do it. Unfortunately, screen does not support XMODEM, but I do have a serial terminal emulator app called Serial which connects to just about anything which looks like a serial port and it supports XMODEM, so:

Bootloader# upload
Please begin firmware upload using XMODEM
signature padding 1 found
signature padding 2 found
signature padding 3 found
signature padding 4 found
[Disconnected]
[Connected]

 _____             ___               _______  __
/__  /  ____  ____/ (_)___ ______   / ____/ |/ /
  / /  / __ \/ __  / / __ `/ ___/  / /_   |   /
 / /__/ /_/ / /_/ / / /_/ / /__   / __/  /   |  
/____/\____/\__,_/_/\__,_/\___/  /_/    /_/|_| 
            by Northbound Networks


Type 'help' for a list of available commands

Zodiac_FX# 
Zodiac_FX# show version
Firmware version: 0.86

Zodiac_FX#

There may be other ways to XMODEM in macOS rather than using Serial (indeed, I’ve seen a way to do it using screen, and screen doesn’t cost a pile of money), but that’s the tool I had to hand, so I used it. Windows users with HyperTerm may now laugh because they have that tool available for free.

Don’t Forget To Reset!

Just one, tiny little note which is easily overlooked:

If you are upgrading from 0.57 or below you must run the “factory reset” command (in config mode) after updating the firmware and then restart the switch to re-align the config ROM

After the upgrade, the board did not respond on its default IP address of 10.0.1.99 any more, which seemed odd. Thankfully, that was easily fixed:

Zodiac_FX(config)# factory reset
Writing Configuration to EEPROM (198 bytes)
Zodiac_FX(config)# restart
Restarting the Zodiac FX, please reopen your terminal application.
[Disconnected]
[Connected]

Set a Management IP

The Northbound Networks Zodiac FX was now ready to be configured:

Zodiac_FX# config
Zodiac_FX(config)# set ip-address 192.168.2.238
IP Address set to 192.168.2.238
Zodiac_FX(config)# set netmask 255.255.255.0
Netmask set to 255.255.255.0
Zodiac_FX(config)# save
Writing Configuration to EEPROM (198 bytes)
Zodiac_FX(config)# restart
Restarting the Zodiac FX, please reopen your terminal application.
[Disconnected]
[Connected]

The IP address configured above will only be accessible on port 4. This interface is configured by default to be the management interface (and the one which should face the OpenFlow controller), as can be seen when viewing the port status, where Port 4 has a VLAN type of “Native” rather than “OpenFlow”:

Zodiac_FX# show ports

----------------------------------------------------------------

Port 1
 Status: DOWN
 VLAN type: OpenFlow
 VLAN ID: 100

Port 2
 Status: DOWN
 VLAN type: OpenFlow
 VLAN ID: 100

Port 3
 Status: DOWN
 VLAN type: OpenFlow
 VLAN ID: 100

Port 4
 Status: UP
 VLAN type: Native
 VLAN ID: 200

----------------------------------------------------------------

So with an ethernet cable connected to port 4, the web interface was finally visible!

<figure class="wp-block-image size-large"></figure>

Future Firmware

Should a future firmware be released, it can be uploaded using the “Update f/w” option in the web interface, which sounds significantly simpler than the process above. That said, based on the dates of the last file updates of the Northbound Networks Zodiac FX firmware in GitHub and the recent news about Northbound Networks, I’m not honestly expecting any further updates.

I hope that was useful and/or of interest. If you have a Zodiac FX, please let me know if you used it and what you got up to with it!

If you liked this post, please do click through to the source at Upgrading Firmware on Northbound Networks Zodiac FX and give me a share/like. Thank you!

My friend Daniel Dib sent me this interesting question:

As I understand it, subnets in Azure span availability zones. Do you see any drawback to this? Does subnet matter if your VMs are in different AZs?

I’m positive I don’t have to tell you what networks, subnets, and VRFs are, but you might not have worked with public cloud availability zones before. Before going into the details of Daniel’s question (and it will take us three blog posts to get to the end), let’s introduce regions and availability zones (you’ll find more details in AWS Networking and Azure Networking webinars).

Digging through my office looking for some other technology which I had misplaced, I stumbled across a small box containing a Northbound Networks Zodiac-FX, a small 4-port FastEthernet OpenFlow SDN switch which I had picked up after backing a 2015 kickstarter campaign.

These were a pretty cool idea, and at the time OpenFlow (OF) was the hottest thing around, everything was being SDN-washed, and the idea that a regular user like myself could afford actual hardware with OF capabilities to toy with in the home lab was beyond belief. Of course, it was possible to virtualize OF with Mininet, but there’s something about using a real switch that goes beyond that. Even though, as you’ll in a future post, I ended up wasting that opportunity, I am still honored to have backed it, and my hat is off to Northbound Networks’ founder Paul Zanna for what he has accomplished.

Paying My Respects

With that in mind, I’m sad to note that when I went to the Northbound Networks website, I discovered that some time around August 2020 the company stopped manufacturing SDN hardware.

Since the original Zodiac FX campaign, Paul had expanded the available products to include an 802.11ac Wireless AP (Zodiac WX) and a 5-port gigabit switch (Zodiac GX).

Of course, discovering this news just as I have rediscovered my Zodiac FX is ironic and rather bitter timing. Nonetheless, I intend to wake the Zodiac up and put the latest firmware on it, the process for which I’ll cover in a subsequent post. Meanwhile, late to the party though I may be, I wanted to offer up a tip of the hat to Mr Zanna, to send my regrets that after four years of hard work this is how it ended up, and to wish him well in whatever he ends up doing next. I sincerely hope that you have another Zodiac line of products in you!

If you liked this post, please do click through to the source at Farewell to Northbound Networks and give me a share/like. Thank you!

If you are not negotiating your salary, you are almost certainly leaving money on the table.  Negotiation is an important career skill and activity because it provides a very nice upside in overall career earnings. Preparation is important because the person you are negotiating with probably has a lot more experience in salary negotiations than […]

The post Negotiating your maximum salary appeared first on Packet Pushers.

Here’s a recent tweet by my friend Joe Onisick that triggered this blog post:

My favorite people are the ones that start with “how could we make that work?” Before jumping into all of their preconceived bs on why it won’t work.

I couldn’t agree more with that sentiment. The number of people who would invent all sorts of excuses just to avoid turning on their brains and keep to their cozy old methods is staggering. Unfortunately, someone immediately had the urge to switch into what I understood to be a heroic MacGyver mode (or maybe it was just my lack of caffeine, in which case I apologize for the misquote… but you might still like the rest of the rant):

I love the recent Internet of Trash article by Geoff Huston, in particular this bit:

“Move fast and break things” is not a tenable paradigm for this industry today, if it ever was. In the light of our experience with the outcomes of an industry that became fixated on pumping out minimally viable product, it’s a paradigm that heads towards what we would conventionally label as criminal negligence.

Of course it’s not just the Internet-of-Trash. Whole IT is filled with examples of startups and “venerable” companies doing the same thing and boasting about their disruptiveness. Now go and read the whole article ;)

Just in case you were recently promoted to be a team leader or a manager: read these somewhat-tongue-in-cheek advices:

• How do I feel worthwhile as a manager when my people are doing all the implementing? by Charity Majors
• The Non-psychopath’s Guide to Managing an Open-source Project by Kode Vicious.

Need more career advice? How about The Six Year Rule by Bryan Sullins… or you could go and reread my certifications-related blog posts.

During a few recent chats with my friends in the industry, I’ve heard a common refrain coming up about technologies or products being offered for sale. Typically these are advanced ideas given form that are then positioned as products for sale in the market. Overwhelmingly the feedback comes down to one phrase:

This is a solution in search of a problem.

We’ve probably said this a number of times about a protocol or a piece of hardware. Something that seems to be built to solve a problem we don’t have and couldn’t conceive of. But why does this seem to happen? And what can we do to fix this kind of mentality?

Forward Looking Failures

If I told you today that I was creating software that would revolutionize the way your autonomous car delivers music to the occupants on their VR headsets you’d probably think I was crazy, right? Every one of the technologies I mentioned in the statement is a future thing that we expect may be big down the road. We love the idea of autonomous vehicles and VR headsets and such.

Now, let’s change the statement. I’m working on a new algorithm for HD-DVD players to produce better color accuracy on plasma TVs that use PowerPC CPUs. Hopefully that statement had you giggling a little no matter what your tech level. What’s the difference? Well, that statement was loaded with technology that no one uses any more. HD-DVD lost a format war against Blu-Ray. Plasma TVs are now supplanted by LCD, LED, and even more advanced things. PowerPC has been replaced with RISC architecture and more modern takes on efficient CPUs in mobile devices.

If you’d have bet on the second combination of things back in the heyday of those technologies you might have made yourself a bit of money. You’d ultimately find yourself without a product to sell now, though. Because technology always changes. Even the dominant form of tech eventually goes away. Blu-Ray may have beat HD-DVD but it couldn’t stop streaming services. LCD replaced plasma but now we’re moving beyond that tech into OLED and even more advanced stuff. You can’t count on tech staying the same.

Which leads to the problem of trying to create solutions for problems that haven’t happened yet or are so far out on the horizon that you may not be able to create a proper solution for it. Maybe VR headsets will have great software that doesn’t need a new music match algorithm. Maybe the passengers in your autonomous vehicle won’t wear VR headsets. Perhaps music as we know it will change and not even be as relevant in the future. There’s no telling which butterfly effects will impact what you’re trying to accomplish.

Solve the Easy Things

Aside from the future problems you hope to be solving with your fancy new product you also have to take into account human behavior. Are people more likely to buy something to solve an issue they don’t currently have? Or are they more apt to buy something to solve a problem they have now? Startups that are looking five years into the future are going to stumble over the problems people have today on their way to the perfect answer to a question no one has asked yet.

I wanted a tablet because it was cool when they first came out. After using one for a few weeks I realized that it was a solution that didn’t address my pressing issues. I didn’t need what it offered at the time. Today a tablet solves many other issues that have come up since then, such as note taking or having quick access to information away from my desk. However, those problems needed to develop over time instead of hoping that my solution would work for something I couldn’t anticipate. I didn’t need a word processor for my tablet because I wouldn’t by typing much with an on-screen keyboard. Today I write a lot on my tablet because of the convenience factor. I also take notes because I have a pencil to write with instead of my fingers.

Solving problems people have right now is a sure fire way to make your customers happy and give you the breathing room to look to the future. How many times have you seen a startup with a great idea that ends up building something mundane because they can’t build the first thing right or they realize the market isn’t quite there yet?

I can remember specifically talking to Guardicore when they were first out of stealth and discussing how their SDN-based offensive security systems worked. It was amazing stuff with very little market. When they looked around and realized they needed to switch it up they went full-on into zero trust security and microsegementation. They took something that could be a great solution later on and pivoted to solving problems that people have right now. The result is a healthy company that makes things people want to buy instead of trying to sell them a solution for a problem they may never have.

If you are looking at the market and thinking to yourself, “I need to build X because it will revolutionize the way we do things” stop and ask yourself how we get there. What steps need to be taken? Who will buy it and when? Are there problems along the way? If the answer to the last question is anything other than “no” you need to focus on those problems first. You may find that you don’t need to build your fancy new vision of perfect future success because you solved all the other problems people needed fixed first. Your development efforts will be rewarded with customers and income instead of the perfect solution no one wants to buy.

---

Tom’s Take

Solutions without problems to solve are a lot like one-off kitchen gadgets. I may have a use for an avocado slicer twice a year. I also have a knife that does the exact same thing a little slower that I can use for many other problems around my house. I don’t need the perfect avocado slicing solution for the future when I’m making guacamole and avocado toast every day. I need a solution that gets my problems of slicing, chopping, dicing, and cutting done today. Technology is no different. Build what solves problems now and you’ll be a success. Build for the future if and only if you have the disposable time and income to get there.

The second part of the Cisco SD-WAN webinar focused on design considerations and trade-offs in several scenarios. David Penaloza briefly reviewed the types of policies and their capabilities before discussing what to keep in mind when designing the solution.

In this Day Two Cloud podcast clip, we discuss consulting and MONEY. To hear the entire episode, go here. Hosts Ned Bellavance and Ethan Banks are joined by Michael Jenkins, Sr. Systems Reliability Engineer at Managed Kaos; and Anthony Nocentino, Enterprise Architect at Centino Systems and Pluralsight author. If you like engineering discussions like this, […]

The post What Should A Consultant Charge Clients? – Video appeared first on Packet Pushers.