Re: (Slightly OT?) K8S Platform As A Service Recommendations
You could look at the combo of Tinkerbell and CAPI (ClusterAPI). Happy to chat more off list. -matt On Wed, Apr 7, 2021, 10:42 AM Charles N Wyble wrote: > Hello all, > > > I know this is primarily a networking list, but I know lots of server > admins hang out here. > > Does anyone have a recommendation for a self-hosted, on premise, platform > as a service layer for k8s (specifically k3s)? > > I have written up some context here: > > > https://github.com/TSYSGroup/docs-techops/blob/master/Applications/AppRuntimeLayerTodo.md > > tl:dr : I have about 70 to 200 apps / (micro) services that will need to > run across a handful of k3s servers . I already have HA > database/networking/certificate/application load balanacer/authentication > stacks in production use, I am currently running the actual > websites/applications on a single Ubuntu LAMP server and want to build out > an HA runtime layer for all the properties/applications and need a way to > orchestrate k3s/metallb > > Rancher rio has come up a few times in my research: > https://bram.dingelstad.works/blog/finding-the-right-paas-for-k8s/ > In addition to the web apps , I will also will be running a number of r&d > applications and CUDA enabled containers (across a mix of physical > x86/jetson/tegra machines with k3s workers). > > Suggestions/comments/questions/flames welcome :) > > On or off list as you prefer. >
Re: (Slightly OT?) K8S Platform As A Service Recommendations
On 4/7/21 11:38 PM, Raymond Burkholder wrote: On 4/7/21 9:16 AM, Charles N Wyble wrote:> Does anyone have a recommendation for a self-hosted, on premise, > platform as a service layer for k8s (specifically k3s)? FWIW: Maybe you don't need kubernetes: https://endler.dev/2019/maybe-you-dont-need-kubernetes/ I have considered not running k8s. I didn't run it for a long time. I kept an eye on developments and waited for it to mature. However the amount of applications and services I am now needing to support and the HA requirements and need for standardization etc I don't know of a better option. Manually install a single node Kubernetes cluster on Debian http://meta.libera.cc/2021/03/manually-install-single-node-kubernetes.html Or run Salt or something and spin up LXC containers. Sure and how do I manage IP addresses? Ports? HA? Containers (LXC/docker) is the easy part (on a relative basis anyway!) . It's the meta stuff around it that gets messy. The orchestration piece of the containers is the difficult part. As I mentioned, we already have a mature stack outside the app runtime layer (for certs/LDAP/database etc). We just want applications/services on k8s. Minimize the complexity/blast radius! :)
My First BGP-Hijacking Explanation
Sam 'Half As Interesting' Denby actually did a surprisingly good job explaining this for the average only-vaguely-technical viewer... https://www.youtube.com/watch?v=K9gnRs33NOk [ For all the bad dad jokes he tells on HAI, he's got really good research skills/staff, and his long-form stuff on Wendover Productions is excellent ] Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Comcast Business packet loss in LA
Can someone from Comcast business contact me off list about resolving heavy packet loss that runs through the below hop? I'm seeing >40% loss when coming at it from other ISP's or other Comcast connections. IP: 75.65.163.20 Name: c-75-65-163-20.hsd1.la.comcast.net Thank you, Spencer
Spoofer Report for NANOG for Mar 2021
In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes. This report summarises tests conducted within usa, can. Inferred improvements during Mar 2021: ASNName Fixed-By 395092 SHOCK-12021-03-10 11650 PLDI 2021-03-11 5078 ONENET-AS-12021-03-16 32489 AMANAHA-NEW2021-03-16 Further information for the inferred remediation is available at: https://spoofer.caida.org/remedy.php Source Address Validation issues inferred during Mar 2021: ASNName First-Spoofed Last-Spoofed 6939 HURRICANE 2016-02-22 2021-03-17 209CENTURYLINK-US-LEGACY-QWEST 2016-08-16 2021-03-30 7459 GRANDECOM-AS1 2016-09-26 2021-03-08 20412 CLARITY-TELECOM 2016-09-30 2021-03-31 6181 FUSE-NET 2016-10-10 2021-03-29 11427 TWC-11427-TEXAS 2016-10-21 2021-03-19 30036 MEDIACOM-ENTERPRISE-BUSINESS 2016-11-16 2021-03-29 22898 ATLINK2016-12-16 2021-03-28 63296 AWBROADBAND 2017-09-01 2021-03-31 546PARSONS-PGS-1 2017-11-20 2021-03-31 393564 SPOKANE 2018-06-05 2021-03-23 33452 RW2018-09-19 2021-03-29 20448 VPNTRANET-LLC 2018-09-20 2021-03-30 5078 ONENET-AS-1 2020-04-06 2021-03-27 53356 FREE RANGE CLOUD 2020-05-19 2021-03-13 6391 URBAN-15 2020-05-29 2021-03-30 11814 DISTRIBUTEL-AS11814 2020-11-22 2021-03-12 208188 PUGET-SOUND-NETWORKS 2020-12-04 2021-03-27 53703 KWIKOM2021-01-17 2021-03-11 54527 ASTUTEHOSTING 2021-02-21 2021-03-22 398836 NP-NETWORKS 2021-03-12 2021-03-12 56207 Converge 2021-03-26 2021-03-26 20150 ANYNODE 2021-03-26 2021-03-26 Further information for these tests where we received spoofed packets is available at: https://spoofer.caida.org/recent_tests.php?country_include=usa,can&no_block=1 Please send any feedback or suggestions to spoofer-i...@caida.org
Re: Comcast Business packet loss in LA
We are finding the routes through Atlanta that use 50.248.116.42 are having ussies. Not sure if the problems are related. --- Regards, David Funderburk GlobalVision 864-569-0703 For Technical Support, please email gv-supp...@globalvision.net GlobalVision is a communications company that provides services which includes Internet, internal and external networks with over 25 years experience. With our Zero Downtime strategies we help companies increase up-time and decrease lost productivity and costs. On 2021/04/08 12:59, Spencer Coplin wrote: > Can someone from Comcast business contact me off list about resolving heavy > packet loss that runs through the below hop? I'm seeing >40% loss when coming > at it from other ISP's or other Comcast connections. > > IP: 75.65.163.20 > > Name: c-75-65-163-20.hsd1.la.comcast.net > > Thank you, > > Spencer > -- > This message has been scanned for viruses and > dangerous content by MAILSCANNER [1], and is > believed to be clean. Links: -- [1] http://www.mailscanner.info/
Re: My First BGP-Hijacking Explanation
On Thu, 8 Apr 2021 at 17:51, Jay R. Ashworth wrote: > Sam 'Half As Interesting' Denby actually did a surprisingly good job > explaining > this for the average only-vaguely-technical viewer... > >https://www.youtube.com/watch?v=K9gnRs33NOk > > [ For all the bad dad jokes he tells on HAI, he's got really good research > skills/staff, and his long-form stuff on Wendover Productions is > excellent ] > Indeed, with the exception of getting the expansion of BGP incorrect, he's simplified it and explained it in a way that the average viewer can understand... He's really good at that, and has done a great job with this! Matthew Walster
Re: My First BGP-Hijacking Explanation
- Original Message - > From: "Matthew Walster" > On Thu, 8 Apr 2021 at 17:51, Jay R. Ashworth wrote: > >> Sam 'Half As Interesting' Denby actually did a surprisingly good job >> explaining >> this for the average only-vaguely-technical viewer... >> >>https://www.youtube.com/watch?v=K9gnRs33NOk >> >> [ For all the bad dad jokes he tells on HAI, he's got really good research >> skills/staff, and his long-form stuff on Wendover Productions is >> excellent ] > > Indeed, with the exception of getting the expansion of BGP incorrect, he's > simplified it and explained it in a way that the average viewer can > understand... He's really good at that, and has done a great job with this! He sure is. I did point up the definition bobble in a comment. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: My First BGP-Hijacking Explanation
Very well done , especially for a layman. His snark level is excellent too. I've definitely shared this around to some people, pointing out that he seems to know BGP better than they do, and they get paid for it. MY snark is going over about as good as you might expect. :) On Thu, Apr 8, 2021 at 12:53 PM Jay R. Ashworth wrote: > Sam 'Half As Interesting' Denby actually did a surprisingly good job > explaining > this for the average only-vaguely-technical viewer... > >https://www.youtube.com/watch?v=K9gnRs33NOk > > [ For all the bad dad jokes he tells on HAI, he's got really good research > skills/staff, and his long-form stuff on Wendover Productions is > excellent ] > > > Cheers, > -- jra > > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC > 2100 > Ashworth & Associates http://www.bcp38.info 2000 Land > Rover DII > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 > 1274 >
Re: My First BGP-Hijacking Explanation
If one follows the social media accounts of the Pakistan version of the FCC, nowadays they're just banning anything they find insulting or illegal in the local legal system, and ordering ISPs to null route big chunks of IP space. As an anecdotal data point, the only effect this has had is teaching random 14 year olds how to use ordinary consumer grade VPNs, which work just fine. https://www.pta.gov.pk/en On Thu, Apr 8, 2021 at 9:52 AM Jay R. Ashworth wrote: > Sam 'Half As Interesting' Denby actually did a surprisingly good job > explaining > this for the average only-vaguely-technical viewer... > >https://www.youtube.com/watch?v=K9gnRs33NOk > > [ For all the bad dad jokes he tells on HAI, he's got really good research > skills/staff, and his long-form stuff on Wendover Productions is > excellent ] > > > Cheers, > -- jra > > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC > 2100 > Ashworth & Associates http://www.bcp38.info 2000 Land > Rover DII > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 > 1274 >
Re: My First BGP-Hijacking Explanation
On 4/8/2021 12:19 PM, Eric Kuhnke wrote: As an anecdotal data point, the only effect this has had is teaching random 14 year olds how to use ordinary consumer grade VPNs, which work just fine. - That's a silver lining in the dark cloud. They're learning networking; sort of. :) scott
