Heavy Networking from Packet Pushers show

Heavy Networking from Packet Pushers

Summary: Join the Packet Pushers for weekly (or more!) conversations about data networking. Continuous professional development. Architecture and design, software defined, cloud, routing, switching, security, wireless, campus, enterprise, and more. Technical discussions with vendors about their products, deep dialog with real people who make networks work.

Join Now to Subscribe to this Podcast
  • Visit Website
  • RSS
  • Artist: Packet Pushers Interactive
  • Copyright: © 2019 Packet Pushers Interactive LLC

Podcasts:

 Heavy Networking 450: Getting To Know The Open-Source VyOS Network OS | File Type: audio/mpeg | Duration: 53:31

Today’s Heavy Networking is all about VyOS, an open-source OS for routing that’s based on Debian GNU/Linux. VyOS “provides a free routing platform that competes directly with other commercially available solutions from well-known vendors. Because VyOS is run on standard amd64, i586 and ARM systems, it is able to be used as a router and firewall platform for cloud deployments.” Here to catch us up on VyOS is Yuriy Andamasov, the project coordinator. We discuss: * VyOS’s origins (it’s a fork of Vyatta Core) * Primary features, including routing, firewalling, NAT, QoS, VPN and more * Routing protocols supported, including FRR * Where it’s being deployed * Use cases Sponsor: ExtraHop ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Sponsor: INE If you’re looking for training, consider INE.com. INE is a training resource for networking and a whole lot more. Visit ine.com/packetpushers to get a free 3-day trial. INE–experts at making you an expert. Show Links: VyOS VyOS blog VyOS docs VyOS Appliance – GNS3 VyOS Project 2019 – March Update – VyOS.io

 Heavy Networking 449: Web Application Firewall Fundamentals | File Type: audio/mpeg | Duration: 1:11:01

On today’s Heavy Networking our topic is Web application firewalls (WAFs). Which, in the traditional sense, are neither web applications nor firewalls. So what are these strange creatures? If my company doesn’t have one, should I go to the pet store and get one? Will they bite me if I’m not careful? What does a web application firewall eat? Helping us understand how to feed and care for our very own web application firewall is Scott Hogg, who you might know from the IPv6 Buzz podcast, part of the Packet Pushers podcast network. We discuss: * How a WAF differs from typical firewalls * The security problems WAFs try to solve (protecting vulnerable Web apps) * How WAFs are deployed * The architecture of a typical WAF * Operational challenges * How attackers bypass WAFs * The role of WAFs in cloud applications * More Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Sponsor: Cumulus Networks If you’re future-proofing your network, why go with legacy infrastructure? Cumulus Networks offers networking software for the open, modern data center, giving you the option to choose the new way every time. Find out more at cumulusnetworks.com/modernize. Show Links: Scott Hogg on Twitter Hexabuild IPv6 Buzz Podcast Scott’s Network World author page Scott’s Infoblox author page Web Application Firewalls and IPv6, Scott Hogg – Network World The Open Web Application Security Project (OWASP) The Web Application Security Consortium (WASC) Web Application Firewall Evaluation Criteria (WAFEC) WAF Criteria – ICSA Labs (PDF)

 Heavy Networking 448: An Inside Look At What’s New In Juniper’s Contrail SD-WAN (Sponsored) | File Type: audio/mpeg | Duration: 48:35

In today’s sponsored Heavy Networking episode, Juniper Networks’ Contrail SD-WAN is on the agenda. We get a detailed look at how Contrail SD-WAN operates, examine key security features and capabilities, and explore new options including Contrail SD-WAN as a cloud service managed by Juniper. We also examine Juniper’s competing differentiators, including scale, a focus on app Quality of Experience (QoE), the ability to customize the solution, and how Contrail SD-WAN can extend into the branch LAN and Wi-Fi networks for management and security. Our guest is Tony Sarathchandra, Director of Product Management at Juniper. We discuss: * How Juniper’s SRX and NFX fit into the solution * The role of Contrail Service Orchestration * Investment protection in the solution * Juniper’s ability to scale to more than 10,000 endpoints with a single SD-WAN controller * Built-in security features and the ability to integrate third-party security software and services * Juniper’s new cloud-hosted solution * Integration with Mist APs and the Mist Cloud for operational visibility in the branch * More Show Links: Contrail SD-WAN – Juniper Networks Contrail SD-WAN: 15 Features In 15 Minutes – Juniper Networks via YouTube Contrail Juniper SD-WAN Solution – EANTC (report) Contrail Service Orchestration (CSO) Deployment Guide – Juniper Networks (PDF)

 Heavy Networking 447: Building A Networking Career Outside The Big City | File Type: audio/mpeg | Duration: 57:12

Building a networking career is challenging under the best of circumstances. Between keeping the packets flowing and lights on, there are certifications to pursue, problems to troubleshoot, and emerging technologies to grok. Those challenges can be compounded by your location. If you live in a small city or outside a major population hub, jobs may be scarce. Mentors and colleagues might be hard to come by. Opportunities to get your hands on new or different technologies and equipment could be limited. We’ve assembled a roundtable of engineers to talk about the challenges of developing a networking career and growing your expertise outside of the bright lights of the big city. Our guests are Phil Gervasi, Ryan Booth, and Eric Stover. We discuss: * How to cope with limited job options * How to make travel or telecommuting work for you * Where to find mentors, training, and community * How community engagement can get you that new opportunity * Potential upsides, including better quality of life, lower cost of living, and opportunities to wear many hats Sponsor: ExtraHop ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Show Links: Phil Gervasi on Twitter Networkphil – Phil Gervasi’s blog Ryan Booth on Twitter Moving Ones and Zeros – Ryan Booth’s blog Eric Stover on Twitter FF:FF:FF:FF:FF:FF – Eric Stover’s blog

 Heavy Networking 446: How Open Systems Integrates Security And SD-WAN As A Service | File Type: audio/mpeg | Duration: 53:36

Today on Heavy Networking, we welcome Open Systems, a new SD-WAN sponsor to the show. Open Systems is among the new breed of SD-WAN solutions emphasizing integrated security and SD-WAN as a service. We’re going to talk about what the Open Systems solution is all about, so that you walk away knowing why they should be part of your upcoming SD-WAN proof of concept. Our guest is Moritz Mann, Head of Product Management at Open Systems. We discuss: * Open Systems’ origins as an MSP and security provider * Its SD-WAN-as-a-service approach * The company’s architecture, including a controller, intelligent edge devices, and the overlay * Security capabilities, including a next-gen firewall, a Web gateway, and monitoring * The service’s threat-hunting capabilities * How Open Systems differentiates itself through customer service and security * Its support for routing protocols To see Open Systems for yourself, request a free assessment at https://www.open-systems.com/packetpushers. You can also get an Open Systems beanie and download a Gartner report on the economics of SD-WAN. Show Links: Open Systems Open Systems on Twitter Open Systems on LinkedIn Moritz Mann on LinkedIn

 Heavy Networking 445: An Introduction To The Nornir Automation Framework | File Type: audio/mpeg | Duration: 56:26

Today’s Heavy Networking introduces Nornir, an automation framework written in Python. Nornir provides a system to manage inventory and data, and provides glue code to tool such as Netmiko and Napalm. We chat with three Nornir developers to explain to us what the heck a framework is, what I’m supposed to do with the Nornir framework, and how Nornir fits in with my other automation tools like Ansible, among other things. Our guests today are David Barroso, a Principal Engineer at Fastly; Kirk Byers, Founder of Twin Bridges Technology; and Dmitry Figol, a Systems Engineer at Cisco. All three guests help maintain Nornir. We discuss: * What the Nornir name means * Nornir’s capabilities * The difference between a framework and a library * What problems it helps solve * How it works with Netmiko and Napalm * How it compares to Ansible * Installation and Nornir basics Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Sponsor: Cumulus Networks Cumulus Linux allows you to affordably build and efficiently operate your network like the world’s largest data center operators, unlocking vertical network stacks. Combined with Cumulus NetQ, an operational management tool, organizations can take advantage of deeper analytics and advanced telemetry to increase visibility across the network and reduce mean time to resolution. Find out more at cumulusnetworks.com/epicpushers. Show Links: Nornir

 Heavy Networking 444: Silver Peak And Zscaler Team Up On SD-WAN Security (Sponsored) | File Type: audio/mpeg | Duration: 1:07:11

Today’s sponsored Heavy Networking episode is a two-part conversation about SD-WAN and security; namely, how SD-WAN vendor Silver Peak has partnered with Zscaler, which operates a cloud-based security service, to give customers more options to inspect their WAN traffic without having to backhaul to a data center. In part one, we talk with Nuffield Health, a U.K.-based healthcare company to get a real-world perspective on how this Silver Peak and Zscaler partnership works in production. We discuss the business drivers for cloud-based security inspection, which traffic gets sent to Zscaler, whether the scanning affects performance, and why Silver Peak’s service chaining and app ID capabilities were key. Our guest is Dan Morgan, IT Infrastructure & Services Director at Nuffield. In part two, we go deeper into the networking and operational impacts of using Silver Peak and Zscaler together, including how the two systems handle encryption, potential latency impacts, where and how incident response happens, and day-to-day management. Our guests for this section are Damon Ennis, SVP of Products at Silver Peak; and Steve House, Vice President of Product Management at Zscaler. Show Links: SD-WAN Demo – Silver Peak Silver Peak on Twitter

 Heavy Networking 443: Architects Vs. Engineers – What’s The Difference? | File Type: audio/mpeg | Duration: 58:11

Today’s Heavy Networking is the result of a listener request. We discuss the differences between network architects and network engineers. What’s different about each role? Where is the overlap? If you are an architect and find yourself doing engineering, is that a bad thing? Should an engineer aspire to be an architect? Are architects so out of touch with reality that engineers rightfully hate them? If an architect and an engineer pass each other in the hall, does the engineer have to kiss the architect’s ring every time, or just the first time? To answer these questions, we’ve gathered guests who’ve held both roles in their careers (as has your host). Our guests are Robin Gilijamse, IT Infrastructure Architect; Oli Elliott, Network Architect at the University of Bristol; and Tom Ammon, Sr. Network Architect at a regional service provider in the United States. We talk about: * The definitions of an engineer and an architect * The path to becoming an architect * The perspective of tactics vs. strategy * Whether you have to give up hand-on networking * Why architects have to get more deeply involved with business requirements and nurture personal relationships * Advice for folks new to the architect role Sponsor: INE If you’re looking for training, consider INE.com. INE is a training resource for networking and a whole lot more. Visit ine.com/packetpushers to get a free 3-day trial. INE–experts at making you an expert. Sponsor: Open Systems Open Systems brings security, automation, and expert management to SD-WAN. Get visibility, flexibility, and control combined with performance, simplicity and security with SD-WAN from Open Systems. To find out more, go to Open-systems.com/packetpushers and get a free beanie and a Gartner report on the economics of SD-WAN. Show Links: Robin Gilijamse’s blog “Interesting Traffic” Tom Ammon’s blog

 Heavy Networking 442: The Source Of Truth Shall Set You Free (To Automate) | File Type: audio/mpeg | Duration: 1:11:24

Today’s Heavy Networking guests make the case that you can’t successfully automate your network unless you start with a source of truth. When embarking on an automation project you can get caught up in tool selection, frameworks, orchestration platforms, product reviews, and organizational responsibilities and nomenclatures. But without a source of truth for the devices you want to automate, you’ll find it hard to get very far. We have two guests to talk about how they built, populated, and manage their own source of truth to underpin a major automation project: Damien Garros, Network Reliability Engineer; and Adam Mills, Principal Engineer. Both work at the gaming platform Roblox. We start by defining a source of truth and how it relates to key device properties including naming conventions, IP addresses, cabling information, VLANs, BGP peering, and more. Our guests share lessons learned, including why you can’t assume homogeneity, why you’ll need to be prepared to manage multiple sources of truth, and the koan-like principle that “you always follow the rule, except when there is an exception, in which case you follow a new rule based on that exception.” Damien and Adam also talk about how to manage network device properties as code, and why they chose the open-source tools Netbox and Git as key repositories. Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Sponsor: Cumulus Networks Cumulus Linux allows you to affordably build and efficiently operate your network like the world’s largest data center operators, unlocking vertical network stacks. Combined with Cumulus NetQ, an operational management tool, organizations can take advantage of deeper analytics and advanced telemetry to increase visibility across the network and reduce mean time to resolution. Find out more at cumulusnetworks.com/epicpushers. Show Links: Network Device Properties As Code – Slideshare Network Device Properties As Code – PDF Managing Network Device Properties as Code – Damien Garros (YouTube) Ansiblefest 2018 Network automation journey at roblox – Slideshare Netbox – GitHub

 Heavy Networking 441: Active Network Testing And Service Assurance With Netrounds (Sponsored) | File Type: audio/mpeg | Duration: 49:52

The expression “There’s more than one way to skin a cat” is a colloquial reminder that there are many ways to solve a problem. That’s demonstrably true when it comes to monitoring networks and network services. From SNMP to flow records to packet capture, engineers have a multitude of choices. On today’s Heavy Networking we talk with sponsor Netrounds about another approach: that of active testing and service assurance. Rather than passively collect metrics, Netrounds software generates synthetic traffic to measure actual performance of critical services. It helps network engineers ensure that key performance indicators are being met, and identify where problems occur. Joining us to talk about active testing and the concept of service assurance are Mats Nordlund, CEO and co-founder of Netrounds; and Stefan Vallin, Director of Product Strategy. We discuss: * The concept of service assurance for measuring network performance and user experience * How active testing differs from traditional monitoring methods such as SNMP or packet capture * Netrounds’ software-driven approach, including its controller and agents * How Netrounds testing informs SLA measurements, KPIs, and troubleshooting * Customer use cases Show Links: Netrounds information resources and free t-shirt offer Netrounds on Twitter Netrounds Blog Netrounds on Facebook Netrounds on LinkedIn Netrounds on YouTube Netrounds presentations at Networking Field Day 20

 Heavy Networking 440: A Wireless Deployment Crash Course | File Type: audio/mpeg | Duration: 1:01:35

You know your frame from your packet. You can explain how bridging tables are populated. Ethernet is your friend from as far back as 100 meg half duplex regularly plagued your life. Wireless? Not so much. You know some stuff, but maybe a big wireless project just landed in your lap and you’re feeling a little overwhelmed. What you need is a crash course. A primer. On today’s episode, we explore how to do a new wireless deployment when you’re a wired, not a wireless, expert. Our guest is Robert Boardman, a solution and sales engineer for Mist Systems. This is not a sponsored podcast, we’re just tapping Robert’s expertise. We roam through a variety of topics including: * Gathering user and technical requirements, including the physical location and clients * Understanding the RF environment * Channel management * How to choose the right APs and whether all your APs should come from the same vendor * Controller and cloud architectures * Post-installation validation and operation Sponsor: Cumulus Networks Cumulus Networks wants you to build something epic. Whether you’re scaling your data center network or designing the next “big thing,” you have your sights set on building something that matters. To do that, you’ll need the best resources. Cumulus offers modern networking software for people like you — who have the vision and plans to build something epic. Get more information at cumulusnetworks.com/epicpushers. Show Links: Robert Boardman on Twitter Robert Boardman’s blog Upgrade Now Or Wait? The Business Case For Wi-Fi 6 – Packet Pushers The Technology Case For Wi-Fi 6 – Packet Pushers Show 381: Inside The Pros & Cons Of 802.11ax – Packet Pushers

 Heavy Networking 439: When Routine Turn-Ups Turn Evil | File Type: audio/mpeg | Duration: Unknown

We do a bit of troubleshooting on today’s Heavy Networking podcast. Turning up a new circuit should be easy. Some IP addressing, maybe a routing adjacency to bring up, or perhaps a default route. Do some pings, run a speed test, check for interface errors, make a few notes in the NMS, and that’s about it. Routine stuff for any network engineer. Except sometimes it isn’t. What happens when all the normal stuff seems okay, but you’ve got weird connectivity problems? How do you fix that issue? Our guest is Chris Parker, a network engineer who works for a London ISP, and is also a Juniper Networks ambassador. Chris blogs at Network Fun Times. He and Ethan start the show talking about certifications, why Chris has earned so many, and his favorite books and blogs that helped him. Then they walk through an issue that Chris encountered with an SRX firewall, the troubleshooting steps he took and why they didn’t help, and then how a “monitor traffic” command finally provided the clue he needed. Chris also shares his personal recommendations on troubleshooting: * More eyes * Say it out loud * Trust no one. Trust nothing. Make no assumptions * Improve your process * Don’t assume all vendor kit works the same * Even “RFC-compliant” doesn’t mean it all works the same * Automation is good because humans suck where robots excel Sponsor: ITProTV Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Sponsor: ExtraHop Networks ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. ExtraHop offers complete visibility with machine learning to help you make quick, confident decisions about your IT environment. Explore the ExtraHop Performance Platform at extrahop.com/packetpushers. Show Links: Chris Parker on Twitter Lessons In JunOS Troubleshooting: Fixing A LAN With A Weird Problem – Network Fun Times “Monitor Traffic” Juniper Documentation – Juniper Networks Cisco IOS Debug Command Reference – Cisco Systems

 Heavy Networking 438: VMware NSX Evolution For Cloud Networking And Security (Sponsored) | File Type: audio/mpeg | Duration: 56:40

On today’s Heavy Networking we explore the evolution of the NSX platform with sponsor VMware. This episode has two parts. In the first, we look at how NSX is expanding from the data center to encompass the WAN via integrations with VeloCloud, and into the public cloud. We also examine new security features and capabilities in NSX-T, including the service-defined firewall and adaptive microsegmentation. Our guest for part one is Tom Gillis, SVP and General Manager in VMware’s Networking and Security Business Unit. In the second segment we hear from an NSX customer. James Cruikshank, Platform Engineer at Sky UK, shares how NSX-T makes it possible for the networking side of the house to enable developers to quickly provision resources such as VLANs, load balancers, and other elements using CI/CD tools. He also talks about how VMware helps remove barriers between infrastructure and developer teams, and what that means for overall operations. Show Links: VMware Network Virtualization Blog – VMware Introducing NSX-T 2.4 – A Landmark Release in the History of NSX – VMware NSX Mindset – VMware VeloCloud by VMware Networking and Security – VMware Radius – Networking – VMware

 Heavy Networking 437: Melding Policy And Technology With The Internet Governance Project | File Type: audio/mpeg | Duration: 54:54

On today’s Heavy Networking we explore the intersection of policy, politics, and technology with the Internet Governance Project (IGP). A non-profit hosted at Georgia Tech’s School of Public Policy, the IGP examines how technology and government policies affect critical Internet issues such as free expression, individual rights, and cybersecurity. The IGP produces research, writes commentary, and participates in global bodies such as ICANN and Regional Internet Address Registries (RIRs). The IGP connects technology experts and policy experts to help bridge gaps in understanding between these two communities, with the goal of influencing outcomes in global governance and standards bodies. Our guests are Milton Mueller, Ph.D., Director of the IGP and a professor at Georgia Tech; and Brenden Kuerbis, a post-doctoral researcher at IGP. We discuss issues such as technology nationalism (think the US vs. Huawei) and its affects on trade and technology development, cyber-attribution of state-sponsored attacks, privacy and GDPR, and more. Show Links: Internet Governance Project Cyber Nationalism and Digital Trade: IGP Workshop Report – IGP Russia tries to double down on a “national” Internet – IGP Research on public attribution of state-sponsored attacks – IGP Whois-Privacy Reform Hits its First Milestone – IGP Another Facebook privacy scandal you have never heard of! – IGP

 Heavy Networking 436: Will QUIC Collapse The Internet? | File Type: audio/mpeg | Duration: 58:48

Today’s Heavy Networking dives into QUIC, a transport protocol originally developed by Google and now an IETF project. QUIC promises advances over TCP and the opportunity for faster innovation, but it also poses a potential problem; developers may try to tune congestion control algorithms such as BBR in their favor, gobbling up available throughput while other connections limp along. If competitors respond with their own tweaks, this could, as our guest writes “trigger a race to the bottom, and potentially break the Internet, unless network providers start deploying adequate Active Queue Management algorithms.” That guest is Christian Huitema, an author and contributor to IETF standards with more than 40 years’ experience with software and Internet protocols. A former Microsoft engineer, he’s founder of the consulting firm Private Octopus, Inc. We discuss how QUICK and BBR function, how they work around traditional gatekeepers and the pros and cons of those workarounds, and how QUIC differs from TCP. We also examine the potential problems that QUIC could unleash, and explore congestion control and Adaptive Queue Management (AQM) algorithms as possible solutions. Show Links: Will Transport Innovation Collapse The Internet? – Christian Huitema Christian Huitema’s Blog Christian Huitema on LinkedIn QUIC BBR Private Octopus, Inc. QUIC, a multiplexed stream transport over UDP – The Chromium Projects Network scheduler – Wikipedia RFC 7567 – IETF Recommendations Regarding Active Queue Management – IETF BBR, the new kid on the TCP block – APNIC Blog TCP and BBR (2018) – Geoff Huston (PDF)

Comments

Login or signup comment.