Heavy Networking

Today’s Heavy Networking examines a bunch of hot topics in networking and IT to see what’s hype and what’s reality. The tech industry is full of buzzwords and emerging technologies that attract media attention, spur speculation, and get engineering brains spun up. But is anyone actually using this stuff? That’s what we aim to find out today. We’ll do our best to separate the sensational from the substantial on topics including: * Software-defined X * DevNetOps and Cloud Native * Streaming telemetry * Container networking and service meshes * Microsegmentation * Formal verification * AI, blockchain for IT, and more Joining us to share their own perspectives and what they’re hearing from customers are Avi Freedman, CEO and Co-founder of Kentik; and Jon Mendoza, Field CTO at Technologent.

Today’s Heavy Networking episode dives into gaming networks. Our guest is Tim Raphael. He volunteers for Red Flag LAN Fest(Rflan), a non-profit that runs Bring Your Own PC (BYOPC) gaming events. Players show up with a computer, and Tim and his team provide the desk, chair, power and network. It’s like your college LAN parties of old, but way bigger. The event has hosted up to 800 to 900 people at a single event. Tim and Ethan discuss how Rflan builds networks for these events and why automation is essential to make it feasible. They dive into details on the core network gear, what they monitor during games (capacity, link quality, uptime, service monitoring, and more) and how they troubleshoot. In his day job, Tim is a peering engineer at the Internet Association of Australia. Sponsor: ExtraHop Today’s episode is brought to you in part by ExtraHop. ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. Visit extrahop.com/packetpushers for an interactive demo to find out more. Show Links: Rflan.org Tim Raphael on Twitter Timraphael.com

On today’s Heavy Networking we discuss some of the advanced features related to zero touch provisioning (ZTP) on IOS-XR in this Cisco-sponsored episode. Why advanced? Because we hit ZTP fundamentals in episode 378. In this episode we’ll review a few ZTP basics to refresh your memory, and then talk through tooling to help with golden image creation and model-driven ZTP automation. We also dive into the unique challenge of using ZTP to stand up access networks with lots of devices, and review ZTP security mechanisms. Our guest is Akshat Sharma, a Technical Marketing Engineer at Cisco and a returning Packet Pushers guest. Show Links: Working with Zero Touch Provisioning IOS XR Device Lifecycle – @xrdocs (Cisco) Show 378: Cisco Zero Touch Provisioning (Sponsored) – Packet Pushers Golden ISO build tool – GitHub IOS-XR ZTP python library and samples – GitHub IOS-XR ZTP Learning through Packet captures – @xrdocs (Cisco)

Today’s Heavy Networking continues a conversation we started back in Weekly Show 410, where we discussed the transition the broadcast industry is making to IP. In that episode, we covered the technical legacy of the broadcasting industry, how IP is starting to be used, and the impact to network engineering as a whole. Today, we consider the challenges IP networks face when implemented in a broadcasting environment, but why IP is moving ahead anyway. Our guests are Ricki Cook, a solutions architect who specializes in broadcasting (and also edits Packet Pushers audio); and Cyrus Hira, Customer Success Manager at Densify who also has experience with broadcast networks (and also edits Packet Pushers audio). We examine the particular challenges of transitioning broadcast networks to IP from their legacy transport mechanisms, key technical standards for broadcast media such as SMPTE ST2110, interoperability challenges, and more. We also discuss real-world projects that Ricki and Cyrus have worked on. Sponsor: ExtraHop Today’s episode is brought to you in part by ExtraHop. Think analytics, folks. ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. Visit extrahop.com/packetpushers for an interactive demo to find out more. Show Links: Weekly Show 410 – Broadcast Media Using IP Networks – Packet Pushers Joint Task Force on Networked Media – Advanced Media Workflow Association (PDF) IP Solutions: Innovation Around the World – The Andrews Hubs RickiCook.com

Welcome to the Packet Pushers Heavy Networking show. No, this isn’t a new show in our line-up. It’s the Weekly Show you’ve known since 2010, now with a new name. Why the name change? One reason is to reflect our growth. When Packet Pushers first launched, this was the only show we did. The podcast was published once a week, so voila–the Weekly Show. Over the years, we’ve grown into a network of technical podcasts across multiple channels, so we thought it was time to freshen up the name on the podcast that started it all. Second, it’s a reflection of how the industry has changed. Ten years ago, you could nestle into your technical silo and not worry too much about what was happening in other areas. That’s not the case any more. IT engineers need to have knowledge in many disciplines. Our podcast network reflects that: shows like IPv6 Buzz, Datanauts, and Full Stack Journey delve into all kinds of IT infrastructure, and aim to help your professional development. Of course, you still need deep expertise, so when you want to focus on networking technology, Heavy Networking is our main channel. We’ve changed the name, but if you’re subscribed to the Weekly Show you don’t need to do anything. You’ll still get this show in your favorite podcatcher. Not Just Navel-Gazing Don’t worry, the whole show isn’t just about us. We also analyze some trends and issues we think will have an impact in 2019. They include: * How SD-WAN will disrupt traditional telco business * Whether a managed SD-WAN service makes sense * What skills and expertise will be of value in 2019 and beyond * How much should you be learning about the cloud * Why deep networking knowledge still matters

In October 2018, Bloomberg published an article making unsubstantiated claims about a supply chain breach in servers. The story, which Bloomberg stands by but is widely regarded as wrong, draws attention to a significant issue: our technology infrastructure is undergirded by a global supply chain that could be compromised by malicious actors. This got me thinking about hardware secure enclaves such as: * Intel Trusted Execution Technology (Intel TXT ) * Intel Software Guard Extensions (Intel SGX) * ARM Cryptoisland, which includes features for secure manufacturing, implemented as  Cryptocell Today’s show dives into issues around supply chain security and related technologies. My guests are Greg Shipley, Deputy Director at Cyber Reboot, an In-Q-Tel Lab; and Justin Wilder, Vice President at In-Q-Tel. Our conversation aims to: * Provide a high-level overview of TXT, SGX, etc., and why they matter * Explore how the market has (attempted) to implement some of these approaches, what has worked, and what hasn’t * Examine what trusted execution or similar measures look like in the routing and switching world * Propose some ideas on how to move the whole thing forward Sponsor: InterOptic InterOptic offers high-performance, high-quality optics at a fraction of the cost. If you’re not doing optics correctly, you’re going to pay for it upfront (and then later too). Don’t be fooled by lesser optics. The difference between generic third-party and brand-equivalent optics matters. Go to InterOptic.com to learn more. Sponsor: Cumulus Networks By building innovative data center products with Linux, Cumulus offers unprecedented interoperability, agility and scale, and makes integrating your open source software with your proprietary software seamless and efficient. To learn more about Cumulus’ open source philosophy and contributions, head to cumulusnetworks.com/openpod. Show Links: Intel® Trusted Execution Technology (Intel® TXT) Overview – Intel Intel® Software Guard Extensions (Intel® SGX) – Intel Cryptoisland Family – ARM Cyber Reboot Cyber Reboot blog Cyber Reboot on Twitter

When it comes to data center security, gigantic middlebox firewalls can be problematic. You have issue with scale and workload placement, latency challenges, and the potential for pain when you need to upgrade. A big firewall also isn’t the best tool to deal with east-west traffic inspection, and has limited utility for containing a breach. Microsegmentation is a relatively new architecture that defines by host or subnet who can talk to whom about what. And it does it with a centralized policy and distributed firewalls. You get manageability, scale, and a reduced attack surface with microsegmentation. On today’s Weekly Show we dive into microsegmentation with our sponsor, Illumio. We discuss how Illumio works, how it can limit the impact of a breach, and how to deploy and run a microsegmentation architecture at scale. Our guest is Matt Glenn, VP of Product Management. In this episode we cover: * Illumio’s two core elements: the policy compute engine and the virtual enforcement node * How Illumio builds a live application dependency map to create security policies * How the platform leverages existing host controls such as IP tables to enforce security policies * How the product works on premises and in public clouds * Running Illumio in a brownfield environment * How Illumio can help you clean up your CMDB Show Links: Illumio Adaptive Security Platform (ASP) Documentation Center Illumio Blog Illumio Presents At Network Field Day 19 – Tech Field Day

Today’s Weekly Show episode returns to the University of Idaho, where we continue the real-world network design session we started in Weekly Show 418. Guests Brian Jemes, Network Manager; and Mike Rusca, Network Engineer are back. We’ve also invited Jake Snyder, a mobility solutions architect. Today’s episode focuses on the university’s wireless architecture and design. We discuss how wireless has gone from a best-effort, don’t-count-on-it medium to an absolute requirement for faculty, staff, and students. In fact, wireless accounts for approximately 80% of devices on campus. The conversation touches on the role of 5Ghz and small cell sizes, PoE, how the next generation of APs will affect WLAN design and operations, and more. Sponsor: InterOptic InterOptic offers high-performance, high-quality optics at a fraction of the cost. If you’re not doing optics correctly, you’re going to pay for it upfront (and then later too). Don’t be fooled by lesser optics. The difference between generic third-party and brand-equivalent optics matters. Go to InterOptic.com to learn more. Sponsor: Cumulus Networks By building innovative data center products with Linux, Cumulus offers unprecedented interoperability, agility and scale, and makes integrating your open source software with your proprietary software seamless and efficient. To learn more about Cumulus’ open source philosophy and contributions, head to cumulusnetworks.com/openpod.

When you choose among the Big 3 public cloud providers, is network performance all the same? No. Public cloud and multi-cloud buyers need to be aware of network performance characteristics before they start spinning up workloads because the end user impact is measurable. Sponsor ThousandEyes joins us to explain public cloud network performance. We discuss the company’s new multi-cloud monitoring service, and then review the “2018 Public Cloud Performance Benchmark Report” that breaks down the network latency and jitter numbers for AWS, Azure, and GCP. Our ThousandEyes guests are Archana Kesavan, Senior Product Marketing Manager; and Ameet Naik, Senior Technical Marketing Manager. *Please note that at the time we recorded the podcast, Google was the first of the big three public cloud providers to offer a tiered network service that leveraged its own private backbone. After the recording, AWS announced Global Accelerator, an add-on service that uses AWS’s own network to “intelligently route traffic to the endpoint that provides the best application performance.” Show Links: 2018 Public Cloud Performance Benchmark Report – ThousandEyes ThousandEyes on Twitter ThousandEyes Network Intelligence Blog

Network design is a popular listener topic. On today’s Weekly Show, we have two guests from the University of Idaho to talk about their current network design, new ideas and initiatives they’re considering, and a conversation/consultation on how to address their challenges. The University of Idaho has 12,000 students and 3,000 residents across one main campus and 18 small campuses. As many as 30,000 hosts attach to the network. We dive into current network design issues, including around firewalling and microsegmentation, identity management in the wireless network, and a home-grown network management system. Our guests are Brian Jemes, Network Manager; and Mike Rusca, Network Engineer, both at the University of Idaho. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Sponsor: ITProTV Whether you’re just starting out or you’re a seasoned IT professional, ITProTV is the only source you’ll need to learn the skills to pass the most in-demand IT certs — from entry level to advanced — with engaging hosts and a talk-show style format. Visit itpro.tv/packetpushers and use code PACKETPUSHERS to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.

5G will create new demands on service provider networks. The existing MPLS network infrastructures of service providers won’t be adequate by themselves. In today’s sponsored episode, we discuss exactly what 5G is asking of the network. We also examine how Cisco’s 5G xHaul Transport solution can meet those requirements. Our guests are Simon Spraggs, Distinguished Consulting Engineer; and Dennis Hagarty, Technical Marketing Engineer with Cisco Systems. We cover the technologies that 5G is bringing into service provider networks, including virtualization functions, network slicing, edge computing, and IoT. Our guests explain why existing MPLS cores can’t handle 5G demands, and explain the main requirements for 5G networks. We also look at how Cisco’s Converged xHaul Transport can help service providers address their 5G challenges and requirements. Show Links: Cisco Converged 5G xHaul Transport – Cisco Systems (Whitepaper)

Network engineers have lots of ways to officially measure how quickly they respond to changes or fix problems. There’s also lots of informal ones: How soon can I go back to bed? Can I leave the office in time for dinner with the family? How long will it take to prove to the Dev team that no, it’s not the network? On today’s Weekly Show we talk with our sponsor Cisco about its Network Assurance Engine (NAE), a software product designed to answer those important questions. NAE uses a mathematical concept called formal verification to build a real-time model of the network. The model is derived from the continuous collection of each device’s state and configuration. This provides an accurate and dynamic representation of the network, as opposed to a static diagram or an engineer’s best recollection. NAE uses this model to assess the impact of changes, prevent outages, get deep visibility into network state, and move network operations from a reactive to a proactive stance. Our guests are Navneet Yadav, Sr. Director Product Management, Head of Product – Cisco Network Assurance Engine; and Vishal Soni, Sr. Engineer, Cisco IT DC Network. We discuss how NAE works, the concepts of formal verification and how they’re applied to networking, how NAE improves Day 2 (and beyond) operations, and customer use cases. We also get a real-world perspective from Vishal, who uses NAE in production in Cisco’s own internal IT organization. He’ll offer his perspective on the product, and share concrete details about NAE’s impact on operations including change management, troubleshooting, and incident handling. Show Links: Network Assurance – Cisco Systems Cisco Network Assurance Engine (NAE): Customer testimonial by Cisco IT – Cisco Systems via YouTube Verify, Or Die Trying: Observations on Change Management – Gestalt IT Assure Network Security Policy and Compliance in the Data Center with Cisco Network Assurance Engine – Gestalt IT Change Doesn’t Have To Be a Four Letter Word – Gestalt IT Configuration and Hardware Assurance in the Datacenter with Cisco Network Assurance Engine – Gestalt IT Hands On with Cisco Network Assurance Engine – Gestalt IT Cisco Network Assurance Engine: From Download to Value in 60 Minutes (or less) – Gestalt IT Networking Has Changed, Have You? – Gestalt IT

You have a network. It has anywhere from dozens to thousands of switches, routers, and so on. What happens when you need to make a global change, where every network device has to be touched to bring the network up to snuff? Do you put on a pot of coffee, crack your knuckles, log in to device 1, and start typing? Probably not. You need to automate. Our guest today is Sal Rannazzisi, a director-level network geek at a big pharma company. Sal needed to update around 25,000 devices. He’s got experience with many different automation tools, but settled on Gluware, who is our sponsor for this episode. Also joining us is Mike Haugh, VP of Product Management at Gluware. We talk with Mike to level-set on the state of network automation and get a high-level overview of Gluware’s automation suite, including multi-vendor support. Then we drill down on Sal’s experiences with automation tools and products. Sal describes his network (one of everything from Cisco), reviews the problems he was trying to solve, and then shares how he tested Gluware and  brought it into production to provision devices and standardize configurations. Show Links: Gluware Config Modeling with Gluware Global Pharma Real-World Automation – Gluware blog ONUG POC: Automating Networking In AWS – Vimeo Gluware on Twitter Gluware on LinkedIn Gluware on YouTube

Home automation and the proliferation of IoT devices that live inside your house means that home networking matters more and more. When your IoT devices need to talk to the cloud to turn on the lights, the network needs to work. It also brings to mind the question of security–or lack of it. Our guest is Chris Young, no stranger to the Packet Pushers community. He’s Global Product Manager, Networking at HPE, but he’s on the podcast today solely as a home networker. In this episode we probe into Chris’s passion for home automation, and we go deep down the rabbit hole. We talk about Chris’s experience building and running his home automation network, the various wired and wireless protocols he works with (including WiFi, Zigbee, Bluetooth, and ZWave), how to reverse-engineer undocumented APIs, and the security implications of home automation and IoT. Sponsor: InterOptic InterOptic offers high-performance, high-quality optics at a fraction of the cost. If you’re not doing optics correctly, you’re going to pay for it upfront (and then later too). Don’t be fooled by lesser optics. The difference between generic third-party and brand-equivalent optics matters. Go to InterOptic.com to learn more. Sponsor: ITProTV Whether you’re just starting out or you’re a seasoned IT professional, ITProTV is the only source you’ll need to learn the skills to pass the most in-demand IT certs — from entry level to advanced — with engaging hosts and a talk-show style format. Visit itpro.tv/packetpushers and use code PACKETPUSHERS to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription. Show Links: Chris Young On YouTube Home Kit Geek.com Home Kit Geek on Twitter Charles HTTP Proxy

Today we’re diving into disaggregation with sponsor Juniper Networks. Much of the current discussion about disaggregation focuses on decoupling software from hardware, but disaggregation can occur across the network stack. We’ll look at the different layers of disaggregation, and the business drivers for this trend, including speeding innovation, enabling operational efficiency through automation, and reducing costs. We  discuss Juniper’s own efforts, from making its Junos network OS available on whitebox switches to supporting P4 to directly program ASICs. Disaggregation has operational impacts, and we dig into what it means for networking teams to embrace this trend. We also look at Juniper’s latest initiatives to make training tools and materials easily available for engineers. Last but not least, we talk about how all these disparate components get re-bundled into consumable packages. Our guest is Guru Shenoy, Senior Director of Product Management at Juniper Networks. Show Links: Juniper EngNet – Juniper Networks NRE Labs – Juniper Networks Juniper EngNet and New Automation Offerings: Bringing Automation to the Masses – J-Net Community Junos Product Page – Juniper Networks Use Cases On Network Automation And Analytics – Juniper Networks Network Automation And Services With Guru Shenoy – YouTube Guru Shenoy on Twitter Guru Shenoy on LinkedIn