Articles & Blog Posts
SONiC - Don't use split-mode, use frr-mgmt-framework!!!
There is a better solution than using split-mode configuration when the default integrated configuration mode doesn’t have the capabilities needed for your configuration, use frr-mgmt-framework. Instead of managing at least 5 configuration files using two different configuration mechanisms, keep your configuration in a single config_db.
Declarative Linux - NixOS. The server management solution you have been waiting for!
If you have been faced with building a system to fully automate the installation of bare metal servers in bulk and providing ongoing infrastructure management, you will know it’s challenging. NixOS offers a different solution to Server Management simplifying the process of installation and ongoing operations.
SONiC, FRR split configuration, a step backwards?
Browsing the YANG files in the SONiC source code I found that it is now possible to enable a new split configuration mode. Instead of using the integrated SONiC configuration, this mode splits the configuration of SONiC and the routing component FRR into two configuration mechanism on the same switch.
EPIC Gateway is Open Source - Not what we wanted, but...
In 2020 we began the development of an external Gateway for Kubernetes. Application access was a difficult problem to solve. The EPIC Gateway project was born. We chose to trade higher initial complexity for lower operating complexity.
Platform in API Security & Management?
The platform used to implement API Security and Management is arguably as important as the features Security and Management features offered. The platform provides the dataplane, managing requests is the primary purpose for implementing an API Security or Management system.
Visualize the k8s Gateway API
The Gateway API does not specify how the Gateway is implemented, therefore figuring out how the resulting gateway is configured and if it is operating as desired can be difficult. One of the most common requests we received is a better way to view the resulting gateway including target cluster context.
SNMP for Kubernetes?
Although this might seem like an odd request, there is a trend for Network Equipment vendors to replace fixed function hardware with servers running Kubernetes for network infrastructure tasks.
Why are SONiC Tutorials wrong?
There is a problem with the majority of SONiC tutorials. Have you searched the Internet for tutorials on SONiC only to find rehashed Free Range Routing tutorials and found following them was a waste of time?
Building an external k8s API Gateway & LoadBalancer
The access infrastructure used by Cloud Providers for k8s differs from the access solutions used in on-premise deployments. While on-premise deployments use in-cluster mechanisms, cloud providers LoadBalancers and API Gateways run outside of the cluster directing traffic to clusters deployed within their cloud complex.
5 things to consider before trying SoNiC
SoNiC unlocks countless opportunities for innovation, especially in operational automation, but before getting started, there are a few things worth considering.
Creating a SoNiC NOS Virtual Lab
If you follow networking and cloud infrastructure, you have heard of SoNIC. If you don’t have switches, you can try SoNIC or test a configuration using the SoNIC VM image.
Bias in Technology
As an entrepreneur I am aware of the risks of Confirmation Bias, surrounding yourself with opinions that match your own and using that to justify a position. Present Bias, where a decision is made that has significantly higher future costs based upon immediate benefit is another common bias in technology.
Is Namespace-as-a-Service the evolution of Cluster-as-a-Service
Choosing a Namespace-as-a-Service strategy will incur cost and development time upfront, Cluster-as-a-Service defers operational complexity and cost until cluster count grows. However as cluster counts grow in large organizations, perhaps Namespace-as-a-Service is an evolution of Cluster-as-a-Service?
Are all Kubernetes Ingresses the Same?
The simple answer is yes and no, the real answer is more complicated. There has been lots written on this topic, including some of my earlier posts. I am taking a shot at making this area more understandable, only you judge if I’m successful?
Istio with Gateway API - unlock Multi-mesh access redundancy
Recently Istio added support for the Gateway API to their in-cluster ingress paving the way for non-istio API gateways to be used in conjunction with the Service Mesh.
Google re-invents Avici - Aquila
This morning I read a paper on Googles new data-center fabric Aquila, the similarities are striking.
How the k8s Gateway API enables Multi-cluster Backend development
Kubernetes is a great environment to run backends for modern mobile and single page applications, but it presents some challenges for ongoing development. The production environment contains the released versions of backends, what about development and test versions?
Gateway = Ingresses & LoadBalancer?
The Gateway API is a new construct for providing access to application resources in k8s clusters. It will make the provisioning and management of access to applications and application components hosted in Kubernetes clusters more simple, transparent and secure.
k8s IPv6 Dual Stack is Important - A uniform Service Layer realized...
Freedom from address/port management, the associated tunnels and address translation is right in-front of you, its IPv6.
Kubernetes v1.22 ends Cloud Provider LoadBalancer lock-in
Users of Cloud Provider provisioned Kubernetes have been locked into using the Cloud providers LoadBalancers for external access to their applications. This changed in v1.22, with a new feature called LoadBalancer class
Confused by eBPF?
Here we will try to split the difference and provide a high level view in an effort to assemble the jigsaw, focusing on eBPF for networking.
The Network Inside the POD
Have you ever wondered how networking inside the POD is constructed. I was forced to learn how this worked recently when I needed to figure out which veth-pair is associated with a POD without “execing” into the POD.
Comparing k8s Load Balancers?
In this article we discuss three open source load-balancer controllers that can be used with any distribution of Kubernetes.
What is a k8s Load Balancer?
Load balancer has become a confusing term in Kubernetes. There is a lot of load-balancing going on in k8s and lots of components doing it kube-proxy, ingress controllers and of course the service resource type called LoadBalancer.
How to choose a k8s CNI plugin
The CNI is a plugin that configures network interfaces in Linux containers. CNIs are used by k8s but are not part of k8s upstream distribution.
Establishing a k8s network perimeter
This may seem a little obvious however one of the most important decisions you can make in the design of a k8s system is identifying the need for a system perimeter.
5 elements in building a Remote Work Team
During 2018-2019 I worked on a project where we planned and assumed a global remote workforce from inception, we built the organization around these 5 key elements.
A day in the life of a k8 application packet
Understanding the routing and packet forwarding is key to correct configuration and understanding of failure modes.
Building a k8s External Gateway
This design for an external k8s Routed Gateway can provide a high level of security from outside access when combined with a Service LoadBalancer.
Exposing k8s applications — The components of k8s networking
Still coming to terms with k8s networking, you are not alone? The automation simplicity offered by public cloud providers and workstation versions hide the network complexity.
Tips on writing a k8s ansible operator
k8s Ansible Operators promise to provide a simple way to automate infrastructure management by bringing Ansible into the k8s complex and using k8s custom resources as well as other information contained in the k8s api.
MultiCloud - Can I have it all?
Choosing infrastructure, Cloud, Vendor or Opensource presents a complex problem.
Last week, two signficant things in Networks
Due to the complexity and intensity of the project I’m currently engaged I haven’t written much lately, however last week two things occurred signaling a change in the business of networking.
Quantum & AI
If your like me and like to understand how things work, not just how to use them, Quantum computing takes a significant investment in time. Its hard to figure out whats real, how it works and how to use it.
3 Kool things from Kubecon 2018 & an ongoing challenge
I am currently engaged by a large European company building a Multi-tenant, Containerized, Service Mesh on bare metal using Open Source for Mobility applications, so I thought attending KubeCon was a good idea.
Public Cloud, Fast but not Cheap
When I mean fast I don’t mean network, storage or processor speeds, I am talking about a comparison of internal infrastructure time-to-availability. Analysis clearly identifies that the Cloud is not cheaper for large scale, day-to-day operational life cycle applications.
Adopting White Box Switches - 3 key considerations
White Box Switching (wbS) is radically changing the network equipment ecosystem, providing the opportunity to reduce port costs by two orders of magnitude. At my previous employer, I managed a project where we went “in deep”, sourcing hardware from Original Device Manufacturers (ODM), working with the Switch silicon vendors and developing our own in-house Network Operating System.
Experience in Developing a Full Stack NFVi Platform - Presentation
Cisco ITX - New York - May 2018 - Read More for slides…
4 measures for picking Digital Transformation winners & losers?
If you believe as I do that Tech will be 100% of GDP and that every company will be a Tech company, Digital Transformation is the way to pick winners and losers.
VNF Orchestration - Does everyone have it wrong?
Orchestration is the hottest topic in the Telco world today, however after looking closely I have found myself asking “has everybody got this wrong”. If you have been following the technology, Orchestration is an extension of automation.
Fearless in Business - What does it mean?
Ask the hard questions you have been avoiding so you can operate in the present. It’s been a year since we sold the business that I started and led for almost 10 years, I have been reflecting on lessons learned.
Overwhelmed CEO? Here's 3 things
Being a CEO, especially in tech, of a small or large, startup or established company is at times overwhelming. It’s been a year since we sold the company that I started and managed for almost 10 years and I have been reflecting lessons have I learned.