With Cisco Live US happening this week, Justin Cohen is thinking back to how the event changed his career. He’s been attending since 2012, and got to know the community after meeting Tom Hollingsworth there. Things changed after 2016, when he got invited to Networking Field Day. Today, Justin is working as an Innovation Architect at Cisco, his dream job. It’s been a long journey centered around the event.
micro-segmentation at scale
Illumio made their return to Networking Field Day earlier this month, and Marina Ferreira was there to take in the presentation. The company took the event to launch their PCE Supercluster enhancement to their Adaptive Security Platform (ASP) solution, which will allow for a federated multi-region micro-segmentation architecture with centralized policy management and global visibility at scale. Marina was fascinated at some of the development potential their platform could enable for advanced analytics.
Brain dump: network visibility
In this post, Brandon Mangold puts his thoughts to paper on the state of network monitoring and visibility. For Brandon, this helps frame the overall point of network management, emphasizing user experience at the end of the day. To this point, monitoring applications need to look at network performance from the perspective of the endpoint and the application. Brandon looks at solutions from ThousandEyes and Cisco’s App Dynamics as examples of this focus.
DPDK Project Moves To The Linux Foundation
Drew Conry-Murray the Data Plane Development Kit being brought into the Linux Foundation as an official project. DPDK was originally developed by Intel before being open sourced as a way to accelerate packet processing in CPUs. Drew highlights that DPDK supports not just x86, but a variety of CPU architectures, as well as being able to run on NICs from Broadcom, Cisco, and Mellanox.
Vault7 Lessons – Zero Trust
Whenever you begin a piece about network trust with a quote from a Nicholas Cage film, you’re doing something right. Justin Cohen uses a quote from Con-Air as a springboard to the benefits of a zero trust network policy. He looks at how increased use of encrypted traffic requires a new methodology to secure networks, as it effectively kills deep packet inspections. Justin looks at solutions from Cisco and Illumio, which can be used as solutions in this new zero trust world.
ThousandEyes – Mean Time to Innocence in minutes
Justin Cohen saw ThousandEyes present at Networking Field Day in August, but wanted to test out their solution before passing judgement. So after mulling on it for a while, what was his verdict? Essentially, it has to be seen to be believed. ThousandEyes differentiates in network monitoring by combining agents within your network with their SaaS model of sensors from all over the Internet. This allows engineers to not just trace a path forward to an endpoint, but also work backwards. Combined with great visualization, they’re able to pinpoint causes outside of an enterprise network, allowing users to save time chasing their tail. Add in flexible licensing, and Justin thinks it’s a great tool to let you drill down to root network slow down problems!
Bringing 2017 To Everyone
Tom Hollingsworth had a busy 2016. He wrote a small book, ran a Networking Field Day event, and worked with the community to encourage them to write their thoughts. For 2017, he plans to be even busier. As he continues to lead Networking Field Day events, he’s diving deep into the technical knowledge base. Plus, he plans on attending Cisco Live, Interop, and Open Networking Summit. On top of that, look for lots of writing from Tom in 2017. Looks like it’ll be a busy year ahead!
Can Teridion Really Boost Internet Throughput?
John Herbert invokes a little Morpheus voice to talk about Teridion. They want to make internet transit faster. Sounds easy right? Doesn’t SD-WAN already do this? John points out that SD-WAN simply lays software over the public internet to replace previously private circuits. But the actual speed can be changed by every service provider in that route. Simply prioritizing by the least amount of service provider hops doesn’t mean it’ll actually be faster. Teridion claims that they have a solution to increase throughput by 5 to 20 times more than current internet speeds, just by accounting for this. They do this by having traffic routed through their Teridion Global Cloud Network, which has servers spread through numerous locations and SPs. They pull latency and speed info constantly to make create an optimized route for traffic. This could be very valuable to any SaaS company.
Generating Maps of Your Traffic
For a network engineer, it sometimes feels impossible to avoid traceroute. Tim Miller thinks it can be a valuable tool to see where traffic is getting dropped, but it’s not without its issues. He’s highlighted some other solutions in previous posts, but the one he’s looking at today is SolarWinds. Their NetPath tool has gone from a lab toy to an official feature of their Network Performance Monitor solution in a little under a year. Tim finds it a really impressive tool. Even though it requires Windows-based polling appliances in a network, a Linux guy like Tim can still be tempted. It gives historical information layer on top of what you would find with a traceroute, and adds multipathing. Overall, Tim sees this as a very practical tool to help disentangle issues in increasingly complex networks.
Introduction to StackStorm
Automation is east, but autonomy is hard. Matt Oswalt thinks the answer to making it a little easier is event-driven automation. This allows an engineer to eliminate the weakest part of any system, human error. Instead, by setting up automation event conditions ahead of time, the system can step in when needed. Matt goes through how StackStorm makes this happen. StackStorm has a wide range of support, and a number of different sensors and triggers to make this kind of setup possible.
Year in Review – 2016
The year is rapidly winding down, and as 2016 comes to a close, Dustin Beare gives it a look back. It’s a year that found him welcome a new son into the world, attend Networking Field Day, get a promotion at work, and pass his CCIE written exam. It’s a really great look back at how in just a year, a lot of things can change. Dustin clearly put in a lot of hard work to change the course of his career. It was a pleasure to have him as a delegate.
Forward Networks – Extraordinary Stuff!
Before November’s Networking Field Day, I was trying to find out anything I could about Forward Networks. They were in stealth until the week of the event, but I still thought I could find a few leaks or details about what they were up to, other than that they were a networking startup. Sadly, my Google-fu failed me, leaving me a blank slate for their presentation. As a delegate at the event, David Varnum was in much the same boat. To say he came away excited is an understatement. What Forward Networks does is make a complete and constantly updating model of your network. They do this by mathematically predicting every single location a packet can travel within a given network configuration. David goes into full details about why this is amazing, but the Forward Networks elevator pitch is pretty good: They’re doing for network mapping what Google did to web indexes.
Learning “better SD-WAN” from a Non SD-WAN vendor!
After attending Networking Field Day in August, Faisal Khan came away impressed by ThousandEyes. He thought their network monitoring solution was more impressive when considered with SD-WAN, even though the company isn’t exactly pitching the solution that way. ThousandEyes can monitor a router to router span, as opposed to most SD-WAN vendors which only do end to end. Faisal runs down some of the use cases where this proves to be a superior solution. A really interesting take on what ThousandEyes is offering!
Container-based ThousandEyes Enterprise Agent…
Tim Miller tried out a Docker container install of a ThousandEyes image. While there were some issues with the actual Docker configuration, Tim was impressed with the service and support by Thousand Eyes, he had a customer service representative install Fedora over the phone just to try to replicate the issue. Tim got the ThousandEyes container up and running and is looking forward to trying it out in a longer trial.
Rethinking Micro-segmentation
Matt Haedo runs down the change in network security from focusing on rigid perimeter boundaries to micro-segmentation, which eliminates implied trust on all devices. He then looks at current solutions for micro-segmentation, which mostly either enforce policy in the network device, or in the hypervisor kernel. Finally, he looks at what makes Illumio’s approach to micro-segmentation different, which pushes enforcement to the endpoint, relying on its native enforcement policy. Matt seemed impressed by what he saw from Illumio at Networking Field Day in August. Check out the rest of the piece for his full rundown!
Drill Baby, Drill! (into NetFlow with Kentik)
After being introduced to Kentik at Networking Field Day in August, Dustin Beare got some hands-on time with the tool. Now that he’s had a chance to use Data Explorer, what does he think? Overall, Dustin came away impressed, citing Data Explorer’s simplicity in viewing traffic flowing into a network. Kentik made it easy to pull specific queries out of NetFlow data.
Ask Me About My Beez! A Look at NetBeez, 18 Months On.
Ask Me About My Beez! A Look at NetBeez, 18 Months On.