So far, the silicon technology at the heart of this revolution has been truly prodigious. The processes of assembling silicon wafers and the superimposition of tracks and gates hs been the subject of continual refinement, and some 75 years after the invention of the transistor we are now able to cram almost a trillion of them onto a silicon wafer not much biggeer than a fingernail. Have we reached the end of this silicon road, or is there more to come?

While team dynamics are messy and can never be fully encapsulated by a model, Tuckman’s four stages of group development offer a vocabulary and structure to help us understand how to move teams forward to more productive work.

The post Team Building And Tuckman’s Stages of Group Development appeared first on Packet Pushers.

Endace has announced a new offering that can capture packets inside your public cloud deployments. Called EndaceProbe Cloud, the offering is available for AWS and Azure public clouds. It can also be deployed in VMware-based private clouds. Why capture packets in the cloud? Endace says the top two customer drivers are security and performance monitoring. […]

The post Endace Debuts Packet Capture Software For Public Clouds appeared first on Packet Pushers.

I’m publishing a link to a free ipSpace.net video several times each month, usually with a notice saying you need free subscription to watch the video. I had to put that limitation in place when I was hosting videos on AWS S3 – unlimited streaming could explode my AWS bill.

Recently I moved the video storage to Cloudflare R2. Cloudflare claims they will never charge egress fees, and as long as that’s true (and they don’t start chasing me for generating too much traffic) I see no reason to bother you with registration and login procedures – starting immediately, you can watch the free ipSpace.net videos without an ipSpace.net account.

Sharada Yeluri (Senior Director of Engineering at Juniper Networks) wrote a long article describing the connectivity requirements of AI workloads and new approaches to Ethernet fabrics. Definitely worth reading if you’re interested in these topics.

I’m no stranger to disagreement with people on the Internet. Most of my popular posts grew from my disagreement with others around things like being called an engineer, being a 10x engineer, and something about IPv6 and NAT. I’ve always tried to explain my reasoning for my positions and discuss the relevant points with people that want to have a debate. I tend to avoid commenting on people that just accuse me of being wrong and tell me I need to grow up or work in the real world.

Buying the Farm

However, I’ve noticed recently that there have been some people in the realm of social media and influencing that have taken to posting so-called hot takes on things solely for the purpose of engagement. It’s less of a discussion and more of a post that outlines all the reasons why a particular thing that people might like is wrong.

For example, it would be like me posting something about how an apple is the dumbest fruit because it’s not perfectly round or orange or how the peel is ridiculous because you can eat it. While there are some opinions and points to be made, the goal isn’t to discuss the merits of the fruit hierarchy. Instead, it’s designed to draw in people that disagree to generate comments about how apples are, in fact, good fruits and maybe if I tried one some time I would understand. In this example, I would reply to the comment with something along the lines of “thanks for your perspective” or maybe even a flippant question about why you think that way to keep the chain going.

I’ve found that this is very prevalent on platforms that reward engagement over content. Facebook and LinkedIn chiefly spring to mind. The content of the message isn’t as important as how people react to it. The reward isn’t a well-reasoned discussion. It’s people sharing your post and telling you how stupid you are for making it. Or trying to change your mind.

Except I know what I’m doing. I may not even have strongly held beliefs on my post. I may even prefer apples to oranges. The point is to get you all in an uproar and make you drive my post to the top of someone’s feed. A contrarian way to look at things for sure. But it works. Because we’ve rewarded people for making a splash instead of making a case.

Crop Rotation

In the 10x engineer post I linked above, I had no intention of it blowing up. I noticed some things that irked me about the culture we’ve created around the people that do a lot and how we worship their aura without examining the downsides. Naturally, that meant that it got picked up on Hacker News and there were a raft of comments about how I was an idiot and how I’d get fired if I worked for a “real” company because I wasn’t pulling my weight.

I was horrified, to say the least. I didn’t want that kind of engagement. I wanted a reasoned discussion. I wanted people to see my points and engage in debate. I certainly wasn’t trying to specifically craft a post with a contrarian viewpoint explicitly designed to incense the community to drive them to my page or blog. Yet that is exactly how I’m seeing some members of the wider community acting today. The clicks are more important than the words. And if you end up being proven wrong? So be it. Whoops. On to the next hot take!

I wish I had a better method for dealing with this new angle other than just ignoring it. If it’s someone with a legitimate bad viewpoint that could use some guidance or education I am happy to chip in and provide a different viewpoint. However the difference between the occasional post and constant engagement farming for arguments in the comments to drive your view counts higher is disingenuous. Disagreeing with something is one thing. Writing 400 words about how it’s the “worst mistake you can make” or “you should think about what that will mean for your career” are a bit heavy handed. And yes, I’ve seen both of those statements in recent months about something as innocuous as a training class.

---

Tom’s Take

Healthy disagreement and debate makes us improve. Honest mistakes happen and can be corrected. I have no issue with either of these, even if both sides will never agree. What I take issue with is people being deliberately disingenuous to manipulate algorithms or manufacture outrage for their own ends. I always come back to a simple question: Are you doing this to solve a problem? Or become popular? If the answer is the latter it might be time to put down the plow and ask yourself if the crop you’re sewing is worth it.

This post originally appeared in the Packet Pushers’ Human Infrastructure newsletter, a weekly mailing of essays, links to technical blogs and IT news, and whatever else think is interesting. Subscribe for free here. Let’s say I invent an autonomous mobile robot. It can lift heavy items for you, wash your dishes, do your grocery shopping, […]

The post Can We Trust Worldcoin’s Aspirin For AI Headaches? appeared first on Packet Pushers.

Broadcom has come up with some interesting mechanisms to address the challenges of building an Ethernet-based fabric that supports AI workloads. These mechanisms, which include a scheduling framework, cells, and credits, are intended to minimize congestion, latency, and dropped frames or packets in the fabric. In this post I talk about what I learned at […]

The post A Look At Broadcom’s Jericho3-AI Ethernet Fabric: Schedules, Credits, And Cells appeared first on Packet Pushers.

The IEPG meets for a couple of hours before each IETF meeting. It's a somewhat eclectic collection of presentations, with some vague common thread of relevance to Internet operations. Here's a summary of my impression from these IEPG session presentations for IETF 117.

After the flurry of work in various aspects of DNS privacy, the IETF’s agenda for DNS has shifted towards more maintenance and update. This does not mean that the volume of work has abated in any way, but it has dropped the more focussed stance of previous meetings to a broader diversity of topics in operating DNS infrastructure.

Approximately 30 years ago I managed to persuade the powers-that-be within Cisco’s European training organization that they needed a deep-dive BGP course, resulting in a 3 (later 5) day Advanced BGP Configuration and Troubleshooting (ABCT) course¹. I was delivering that course for close to a decade, and gradually built a decent story explaining the reasoning and use cases behind most of (then available) BGP features, from simple EBGP sessions to BGP route reflectors and communities².

Now imagine having more than a dozen hands-on labs that go with the “BGP from rookie to hero” story available for any platform of your choice³. I plan to make that work (eventually) as an open-source project that you’ll be able to download and run free-of-charge.

When was the last time you heard a product pitch that included words like paradigm shift or disruptive or even game changing? Odds are good that covers the majority of them. Marketing teams love to sell people on the idea of radically shifting the way that they do something or revolutionizing an industry. How often do you feel that companies make something that accomplishes the goal of their marketing hype? Once a year? Once a decade? Of the things that really have changed the world, did they do it with a big splash? Or was it more of a gradual change?

Repetition and Routine

When children are small they are practically helpless. They need to be fed and held and have their diapers changed. Until they are old enough to move and have the motor functions to feed themselves they require constant care. In fact, potty training is usually one of the last things on that list above. Kids can feed themselves and walk places and still be wearing diapers. It’s just one of those things that we do as parents.

Yet, changing diapers represents a task that we usually have no issue with. Sure it’s not the most glamorous work. But it’s necessary. Children can’t do it themselves. Maybe they can take off a wet or soiled diaper on their own (my kids did on occasion), but they can’t quite put one on. We encourage them to conform to the societal norm of using a bathroom instead of using a disposable diaper.

I use changing diapers as a metaphor for something we do regularly that is thankless but necessary. Kids never thank you for changing their diapers when they get older but it needs to be done. You may not think it’s a life-changing experience at the time but you know it’s one small part of what needs to happen to make them better as people later on. As a company that is trying to change people’s lives with the products you’re selling you often aim toward the sky. You want a utopia of flying cars and automated homes and AI-driven everything. But do your customers want that?

Your customers don’t want self-driving cars. They want to not have to spend their time driving. They don’t want AI-powered dinner ordering. They want to not have to make dinner decisions. Your customers don’t want a magical dashboard that makes automatic configuration changes for them. They want to operate their systems without constant attention to every little detail to keep them from falling apart. They don’t want revolutionary. They want relief.

Aim Small, Miss Small

If your first thought when building a product is “we’re going to change the world!” then you need to stop back because you missed the target. One of smartest things I overheard regarding startups was “Don’t solve a problem. Solve a problem someone has every day.” People are so focused on making an impact a revolutionizing the world they often miss the opportunity to do something that really does change things by simply solving common problems that happen all the time.

When you go back to your vision, think about changing diapers, not lives. Think about solving the problems people have every day. Take network automation, for example. You’re not going to create a paradigm shifting organizational restructuring in a day or a week or even a year. What you can do is automate things like password changes or switch deployments. You can solve that everyday problem so there is more time to work on other things. You can remove errors and create responsiveness where it didn’t exist before. Sure, your Ansible script that provisions a switch isn’t going to get your name etched in stone in Silicon Valley. But it can lead to changes in the organization that create efficiency and make your team happier and more focused on solving other hard problems.

Likewise, if you tell someone your product is going to change their life they will probably laugh at you or shake their head in disbelief. After all, everything promises to change their lives. However, if you tell them your product will solve a specific issue they have then they are very likely to take you up on it. Your target market will identify what you do and respond positively. Rather than trying to boil an ocean with hype you’re providing clear messaging on what you can do and how it can help. People want that clarity over hype.

---

Tom’s Take

If you try to promise me a life-changing experience with an app or a piece of hardware I’m going to make sure you understand what that means and what it takes. On the other hand, if you come to me with a proposal to change something I dislike doing every day or simplifying it in some way I’m more likely to listen to your pitch. Changing lives is hard. Changing diapers is not fun but it is necessary and repetitive. Focus on the small things and make those easier to do before you take on the rest of the world. Your customers will be happier and you will too.

netlab release 1.6.0 has (probably) the longest release notes so far as it contains so many user-visible new features including:

New Commands

Some users were complaining how complex it was to use netlab create command to create graphs, inspect data structures, or create custom reports. They might find the new commands easier to use:

The impulse to move absolute everything to the public cloud is coming to an end. Many companies are re-evaluating their strategies and adopting a hybrid model by bringing or migrating their workloads from the cloud to on-premises, mostly in the IaaS space. The main reasons companies are re-evaluating public cloud are cost, wanting total control […]

The post Options For Connecting Your Private Cloud appeared first on Packet Pushers.

When writing an IETF draft you need to delve into the security considerations of your proposal and contact the IANA--these are mandatory sections. You also need to be precise and clear with your language.

The post Writing An IETF Draft: Mandatory Sections And Language appeared first on Packet Pushers.

Wouldn’t it be nice if your home router (CPE) could use DSL (or slow-speed fibre) and LTE connection at the same time? Even better: run a single TCP session over both links? The answer to both questions is YES, of course it could do that, if only your service provider would be interested in giving you that option.

We solved similar problems with multilink PPP in the networking antiquity, today you could use a CPE with an MP-TCP proxy combined with a Hybrid Access Gateway in the service provider network. For more details, read the excellent Increasing broadband reach with Hybrid Access Networks article by prof. Olivier Bonaventure and his team.

I got several press releases this week talking about the newest program from the US Federal government for cybersecurity labeling. This program is something designed to help consumers understand how secure IoT devices are and the challenges that can be faced trying to keep your network secure from the large number of smart devices that are being implemented today. Consumer Reports has been pushing for something like this for a while and lauded the move with some caution. I’m going to take it a little further. We need to be very careful about this so it doesn’t become as worthless as the nutrition labels mandated by the government.

Absolute Units

Having labels is certainly better than not having them. Knowing how much sugar a sports drink has is way more helpful than when I was growing up and we had to guess. Knowing where to find that info on a package means I’m not having to go find it somewhere on the Internet¹. However, all is not sunshine and roses. That’s because of the way that companies choose to fudge their numbers.

Food companies spent a lot of time trying to work the numbers on those nutrition labels for years. The most common way to do it is to adjust the serving size listed on the box. For example, a 20-ounce soda bottle isn’t a single serving of liquid. It’s 2.5 servings at 8 ounces each. In order to find the true nutritional value of the whole bottle you need to read close enough to do the math and find out it’s more sugar and calories than you were expecting. The whole game was so bad the FDA forced companies to change labeling in 2022.

One of the other ways that labeling guidelines have allowed companies to get away with misinformation is through clever interpretation. Did you know that TicTacs are sugar free? If you look at the nutritional label information they contain zero sugar despite being made of nothing but sugar. How can they accurately say that? Because the serving size is so small it rounds down to zero. You’re probably groaning now but this is what has happened for years unless some group steps in to fix the issue.

The Fine Print

Now let’s look at how this could be adapted to go horribly wrong with IoT devices. One of the simple ways that I could see it being an issue is with something like a baby monitor. These devices are usually low-cost and don’t have much security built in. If you know the address of the device you can often connect to it and watch the video feed. Adding more software controls on top of the hardware is going to increase the price significantly. So are the manufacturers going to add pricey software to meet labeling guidelines? Or are they going to pull a TicTac? Say, for example, labeling the device as secure against remote access with an asterisk saying it’s only secure if you turn off the Wi-Fi and only look at it in the same room?

The label is going to be a valuable thing to add to the box to differentiate the product from competitors. Given the choice between a box without a label and one with a label, which one would you pick Tommy boy? That being said, how far do you think someone would go to put the label on the box? The program is voluntary but it still has requirements that need to be met. Someone could potentially create specific scenarios that allow them to meet the guidelines under specific circumstances and include the label despite not being the most secure device.

If the government wants to ensure that users aren’t getting attacked and have their data stolen, they need to put explicit guidelines in place to specify how the labels need to be created. No creative interpretation. No asterisks or fine print. It needs to be a table that has simple answers. If you don’t meet the guidelines you don’t get the check mark. Don’t let the manufacturers interpret your rules in their favor. It’s a bit more of a pain for those administering the program but a little sweat equity up front is going to be more comforting than the news articles after the fact.

---

Tom’s Take

I want this program to work. I really do. I also know how capitalism works. Companies are going to work this label as much as possible in their favor, including some creative thoughts on the requirements. I’d rather have some fusing now that leads to proper implementation in the future than lots of bad press about how the labels are worthless. If the industry is going to take steps to make things better for consumers let’s make sure it’s really better and not some sugar-free version.

Gerben Wierda published a nice description of common reactions to new unicorn-dust-based technologies:

• Eyes that glaze over
• Eyes like saucers
• Eyes that narrow

He uses generative AI as an example to explain why it might be a bad idea that people in the first two categories make strategic decisions, but of course nothing ever stops people desperately believing in vendor fairy tales, including long-distance vMotion, SDN or intent-based networking.

Whether you run Kubernetes on-prem, in the cloud, or a combination of the two, one thing holds true – there is always a Control Plane element and a Worker Node element. Without them, Kubernetes wouldn’t exist. This post looks at the Control Plane and the Worker Node, including which components are in each, why each […]

The post Kubernetes Components: The Basics appeared first on Packet Pushers.

We’re excited to announce Jennifer Tribe has joined Packet Pushers Interactive as our first-ever CEO! Jennifer’s mission is to help grow the Packet Pushers podcast network, increase our visibility and reach in the tech community, and bring in new listeners and clients. Jennifer’s skill set and experience are ideal for this position. She’s been a […]

The post The Packet Pushers Welcome CEO Jennifer Tribe appeared first on Packet Pushers.

Brian Carpenter published a list of Multipath TCP resources to one of the IETF mailing lists¹:

• Modern Multipath Transport Protocols – an ebook by prof. Olivier Bonaventure describing QUIC, multipath TCP and multipath QUIC.
• Multipath TCP Wiki
• Multipath TCP for Linux
• Multipath TCP Python extension module

You might also want to listen to the Multipath TCP podcast we recorded with Apple engineers in 2019.

This post originally appeared in the Packet Pushers’ Human Infrastructure newsletter. You can subscribe for free and see every back issue here. And we don’t share your contact details with anyone else because we’re selfish like that. Creativity sits among the group of attributes, including teamwork and communication, that employers say they most desire. For […]

The post Do We Really Want Creativity In IT? appeared first on Packet Pushers.

There seem to be two dominant themes in the enumeration of potential perils that face the Internet these days, and oddly enough they seem to me to be opposite in nature.

If you are here for the quick answer to how to kill a process in Linux, the answer is fairly simple. First, get the process ID of the process you want to terminate. Second, use the kill command to kill that process. Example assuming your process id is 1234: kill 1234 Sometimes the kill command […]

I was lucky enough to participate in Tech Field Day Extra at Cisco Live a couple weeks months ago. This event brings independent thought leaders together with a number of IT product vendors that were at Cisco Live to share information and opinions. I was not paid to attend, but the organizers did provide some meals while I was there. There is no expectation of providing any content, so the fact that I’m mentioning it says something. It was a great event and worth a few hours to check out the videos. Thanks to Gestalt IT for getting me involved. OpenGear was there, and it was good to see some new faces and hear some new ideas.

For those that live under a rock don’t know, OpenGear traditionally provides out-of-band (OOB) management solutions via hardware appliances that run independently of your network. They, like other vendors in that space, can connect to the cellular data network of choice and provide access to your gear when something fails (what OpenGear calls “worst day”). Over 99.9% of the time, though, you would never use your OOB devices. They’re just going to sit there doing nothing until that day that something fails catastrophically. No one likes idle resources, – especially those that are paying for it – so how else can you use that thing that has 84729 cables coming out of it?

You can use your OOB gear for provisioning using ZTP or the like. This is what OpenGear was calling “first day” operations. When a new device is connected to the OOB network, that device can be upgraded and configured through the magic of DHCP options. OS image upgrade and config all downloaded automatically. Sounds like a phone, eh?

This will be great for a new network, but this first day operation doesn’t really need to be on the first day of the greenfield. You can use it when you add new switches to you fabric or new edge routers to the Internet. You can even use it to push a config when a device needs to be replaced.

Related: I had a project several years ago that implemented white box switching in an existing data center, and I wound up writing some Ansible playbooks to push configurations to everything. It started off as a way to do VLAN changes and whatnot, but I realized I could use some the playbooks a la ZTP to have the switches boot up and run that same playbook to do the initial config. Man, I wish I could have blogged about that project.

That’s some progress, but we still have devices that sit there doing nothing for 99% of their lives. Can we use our OOB networks to regularly configure or monitor our devices? That is, when we make changes to the configs or get stats for Grafana, can we use the OOB network? Well, sure.

In the simplest form, you can just connect to the console of your devices via the OOB network and make your changes from there. Easy. No one likes the old, clunky interfaces of their OOB gear, though, so let’s try something else. How about a SSH port-forwarding session where you wind up SSHing into the console of your gear? Let’s think fancier.

Another way to use that OOB network on a more-daily basis is to connect management interfaces of everything up to the OOB devices. Some have Ethernet switching built in for such things, so plug your stuff directly into those ports. Your network gear, iDRAC/ILO/CIMC/IPMI, PDUs, UPSes…all that stuff. That sets up your processes for using the OOB network instead of mixing traffic with production.

I mentioned that I had a project that used Ansible playbooks to do config updates, and you can do the same here. I’m sure there’s some Ansible magic to proxy your connections through an OOB device, but OpenGear (and ZPE) has Ansible collections that you can use to configure your stuff through those OOB devices. And I won’t even go into the fact that you can run containers on a lot of the OOB gear; that’s a whole blog post in itself (that I’m probably not qualified to talk about)!

I need to mention some generic benefits of an OOB network before we wrap up. With true OOB connectivity, any changes you make to a device don’t affect your connectivity to the device your destroyed. If you accidentally did a “wri erase; reboot” instead of setting the NTP server, you still have connectivity to that device, which means you can roll back or fix the issues remotely. It also means that you can do things like check the status of your BGP neighbors after your intern swears that only the SNMP community was updated but an entire site went offline.

OOB is worth your time. It’s always been worth the investment for catastrophes, but, with some added functionality, it might be worth the investment for day-to-day operations. A couple companies I know are shrinking offices thanks to WFH benefits, and there’s a concern that that one person who always helps you with problems at the site (we all know the one!) doesn’t come to the office any more. How are you going to troubleshoot those problems now? Well, an OOB device won’t plug in a cable for you, but it will surely help.

Send any LTE data plans questions to me.

#OOB #Management #OpenGear #EveryDay #NetEng

I was lucky enough to participate in Tech Field Day 27 a couple weeks months ago. This event brings independent thought leaders together with a number of IT product vendors to share information and opinions. I was not paid to attend, but the organizers did provide travel, room, and meals while I was there. There is no expectation of providing any content, so the fact that I’m mentioning it says something. It was a great event and worth a few hours to check out the videos. Thanks to Gestalt IT for getting me involved.

One of the companies that presented was Men & Mice. They have a product called Micetro (great name!) that manages your DHCP, DNS, and IPAM for you. The product doesn’t provide DHCP, DNS, or IPAM services; it manages it. That is, it configures and monitors those services for you, whether it’s running on your local network, in cloud, remotely, whatever. This is what they call overlay management.

What does that really mean, though? Since overlay management doesn’t provide endpoint services, your endpoints don’t see anything different. Your DHCP servers stays the same. DNS servers stays the same. IPAM stays the same. The only thing that’s different is the way changes to those systems are made. For example, instead of touching a DNS server (or more than one) to add an A record to a domain, you click around in Micetro and, through some fancy magic, the entry appears in the correct zones on the correct servers.

So, let’s summarize the benefits of using a management overlay like Micetro.

1. Systematic changes : All changes are made from a central point using standard (I hate that word sometime) techniques to make sure it’s done the same way everywhere.
2. Deferred service expertise : You don’t need to be an expert on each server platform – only on the management system.
3. Source of Truth : Because it controls each system, the overlay knows the status of everything and can be used by other tools (or just people clicking) to know what the system looks like right now.
4. Easy Uninstall : Since you’re not changing the server platforms themselves, you can just stop using the overlay and go back to updating things directly.
5. Scalability : If you add 8472928 more servers to the stack, you still only have one update to make.

Do you use a management overlay? Probably. Do those Python scripts your use count? How about those Ansible playbooks? vCenter? NDS Manager (bonus points for knowing what that is!)?

Send any overdue library books questions my way.

#overlay #management #dhcp #dns #ipam #NetEng

Smart engineers were forever using Linux (in particular, its traffic control/queue discipline functionality) to simulate WAN link impairment. Unfortunately, there’s a tiny hurdle you have to jump across: the tc CLI is even worse than iptables.

A long while ago someone published a tc wrapper that simulates shitty network connections and (for whatever reason) decided to call it Comcast. It probably does the job, but I would prefer to have something in Python. Daniel Dib found just that – tcconfig – and used it to simulate WAN link behavior on VMware vSphere.

Are you good at your job? Have you spent thousands of hours training to be the best at a particular discipline? Can you configure things with your eyes closed and are finally on top of the world? What happens next? Where do you go if things change?

It sounds like an age-old career question. You’ve mastered a role. You’ve learned all there is to learn. What more can you do? It’s not something specific to technology either. One of my favorite stories about this struggle comes from the iconic martial artist Bruce Lee. He spent his formative years becoming an expert at Wing Chun and no one would argue he wasn’t one of the best. As the story goes, in 1967 he engaged in a sparring match with a practitioner of a different art and, although he won, he was exhausted and thought things had gone on far too long. This is what encouraged him to develop Jeet Kun Do as a way to incorporate new styles together for more efficiency and eventually led to the development of mixed martial arts (MMA).

What does Bruce Lee have to do with tech? The value of cross training with different tech disciplines is critical for your ability to continue to exist as a technology practitioner.

Time Marches On

A great example of this came up during Mobility Field Day back in May. During the Fortinet presentation there was a discussion about wireless and SASE. I’m sure a couple of the delegates were shrugging their shoulders in puzzlement about this inclusion. After all, what does SASE have to do with SNR or Wi-Fi 6E? Why should they care about software running on an AP when the real action is in the spectrum?

<iframe allowfullscreen="true" class="youtube-player" height="329" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation" src="https://www.youtube.com/embed/XdR2xc9Mt7g?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en&amp;autohide=2&amp;wmode=transparent" style="border:0;" width="584"></iframe>

To me, as someone who sees the bigger picture, the value of talking about SASE is crucial. Access points are no longer radio bridges. They are edge computing devices that run a variety of software programs. In the old days it took everything the CPU had to process the connection requests and forward the frames to the right location. Today there is a whole suite of security being done at the edge to keep users safe and reduce the amount of traffic being forwarded into the network.

Does that mean that every wireless engineer needs to become a security expert? No. Far from it. There is specialized knowledge in both areas that people will spend years perfecting. Does that mean that wireless people need to ignore the bigger security picture? That’s also a negative. APs are going to be running more and more software in the modern IT world because it makes sense to put it there and not in the middle of the enterprise or the cloud. Why process traffic if you don’t have to?

It also means that people need to look outside of their specific skillset to understand the value of cross training. There are some areas that have easy crossover potential. Networking and wireless have a lot of commonality. So do storage and cloud, as well as virtualization and storage and cloud. We constantly talk about the importance of including security in the discussion everywhere, from implementation to development. Yet when we talk about the need to understand these technologies at a basic level we often face resistance from operations teams that just want to focus on their area and not the bigger picture.

New Approaches

Jeet Kune Do is a great example of why cross training has valuable lessons for us to learn about disruption. In a traditional martial arts fight, you attack your opponent. The philosophy of Jeet Kun Do is to attack your opponent’s attacks. You spend time defending by keeping them from attacking you. That’s a pretty different approach.

Likewise, in IT we need to examine how to we secure users and operate networks. Fortinet believes security needs to happen at the edge. Their philosophy is informed by their expertise in developing edge hardware to do this role. Other companies would say this is best performed in the cloud using their software, which is often their strength. Which approach is better? There is no right answer. I will say that I am personally a proponent of doing the security stuff as close the edge as possible to reduce the need for more complexity in the core. It might be a remnant of my old “three tier” network training but I feel the edge is the best place to do the hard work, especially given the power of the modern edge compute node CPU.

That doesn’t mean it’s always going to be the best way to do things. That’s why you have to continuously learn and train on new ways of doing things. SASE itself came from SD-WAN which came from SDN. Ten years ago most of this was theoretical or in the very early deployment stage. Today we have practical applications and real-world examples. Where will it go in five years? You only know if you learn how it works now.

---

Tom’s Take

I’ve always been a voracious learner and training myself on different aspects of technology has given me the visibility to understand the importance of how it all works together. Like Bruce Lee I always look for what’s important and incorporate it into my knowledge base and discard the rest. I know that learning about multiple kinds of technology is the key to having a long career in the industry. You just have to want to see the bigger picture for cross training to be effective.

Disclaimer: This post mentions Fortinet, a presenter at Mobility Field Day 9. The opinions expressed in this post reflect my own perspective and were not influenced by consideration from any companies mentioned.

Bruce Davie collected numerous articles describing various aspects of early Internet history and pre-Internet days, including A Brief History of the Internet and The Design Philosophy of the DARPA Internet Protocols.

Have fun ;)

Justus sent me an email with an interesting link:

---

Since you love to make comparisons to the good ol’ thick yellow cable while I as a mid-30 year old adult have no idea what you are talking about: Computerphile made a video about Ethernet on the occasion of its 50th birthday. The university of Nottingham got the chance to show their museum pieces :-) (about 8:45 min).

---

Thanks a million!

The DNS is a strange and at times surprising environment. One could take a simple perspective and claim that the aim of the DNS is to translate DNS names into IP addresses. And you wouldn’t be wrong, but it's also so much more. Most of the time when we analyse the behaviour of the DNS we look at the way in which names are resolved by the DNS infrasdtructure, but there is also another view of the DNS. What do we see when we look at DNS queries for names that do not exist in the DNS?

AskJJX: “What’s the best way to find and disable rogue APs on the network? We had an audit finding and got our hand slapped.” Ahhh, I love this question for so many reasons. First, because my answer to this today, in 2023, is very different than my answer would have been years ago. You may […]

The post AskJJX: How To Handle Rogue APs Without Getting Arrested appeared first on Packet Pushers.