馬嘶的網路大道

 本來三大只剩azure 沒有network engineer certification 現在也有了 AZ-700

 https://vocus.cc/article/61880cd8fd89780001f06008?fbclid=IwAR24YwnM1LJxhz10LEOX1yaCJgROcQW3dxWPx1DuSoGLtjlgCkaRqR7F5hY 的確，在家工作溝通方面仍會有一些損耗，可是這些都已經用加長工時補齊了。以前下班就走人，人去樓空之後別人也不好意思繼續追殺到家裡。現在沒有下班這件事，那些沒有了結的事也就不知不覺在晚飯後繼續悄悄進行。所以嚴格地說，損耗的代價已經由員工承擔了，只要按時交出成果，只要公司達到預期業績，過去那一套妨礙產能的陳腐理論就不應該再成立。所以你沒有理由要我回來。 自由與彈性 在家上班最大的好處是可以隨時離開工作崗位，照顧平常那些瑣碎的生活面。那天訂了一組床，買的時候家具行問我哪一天送貨方便，我說隨便。他又問我上午還是下午，我還是說隨便。這種彈性在過去是不可思議的奢侈。送來後發現一支床腳折斷了，工人說必須明後天補送，問我選哪天，我說我永遠隨便。當下我為我的俐落灑脫而感到光榮。 上禮拜馬桶漏水，我發現裡面的止水閥無法緊閉。跑了一趟材料行，自己花了30分鐘就把問題解決，回頭又人模人樣跳進下一個Zoom會議⋯⋯我沒有耽誤公事也不必覺得歉疚。這麼簡單的小事，在過去都必須留到周末做，不然就得請假。即使請人修也得在家等著，在修復之前那個馬桶就不能使用。以前的周末其實很可憐，家裡所有的修修補補都得在禮拜六完成。說周末用來休息是騙人的。 不要小看這麼小小的自由，它能夠讓我工作和家庭兩頭兼顧。過去家裡有事必須晚到或早離總會覺得有點罪惡。人坐在辦公桌上的一舉一動，甚至包括電腦螢幕上有哪些畫面，似乎都隨時被人盯著看。有時候實在沒事，很想休息打個盹⋯⋯那種時候還要假裝盯著螢幕專心工作根本是一種折磨。在那個條件下我們沒有不努力工作的自由，裝也得裝出來──儘管矽谷講究的是成果而不是過程，大家仍舊在乎別人怎麼看你。那樣的虛假很令人疲憊。 在辦公室，我們沒有不虛假的自由；在家，我們可以大方做自己。這個差別夠大。

 https://thenewstack.io/duplication-not-consolidation-the-path-forward-for-apps/ 對於既想要性能又想要控制並保護自己免受 DDoS 和其他威脅的公司來說，由 NetOps 團隊控制的經過測試的、穩定的、企業範圍的負載平衡器很有意義。 NetOps 可以像前門安全一樣發揮作用，確保每個人都有進入門的入口徽章。 通過精心製定的策略，NetOps 可以為 DevOps 團隊提供所需的餘地，使他們能夠在外圍負載均衡器後面部署自己的輕量級網絡基礎設施，例如 Kubernetes。 DevOps 使用一個專門的負載平衡器，一個 入口控制器， 然後在他們自己的沙箱中運行，而不會用請求流來打擾 NetOps。 DevOps 可以迭代。 NetOps 可以穩定。 SecOps 可以在與 DevOps（或者更有可能是 DevSecOps）合作的同時維護防火牆的全球安全基礎設施，以創建零信任框架，在服務級別跨應用程序分發安全性，並使 DevOps 團隊能夠滿足其特定應用程序或服務需求。

 https://owasp.org/Top10/zh_TW/?fbclid=IwAR0OoSl-XjsI_E46fHwpSh12p4HD3GxBvfC94WyUF3z_iHNQmWXhYGHEDho&utm_source=pocket_mylist

Ultralearning: Master Hard Skills, Outsmart the Competition, and Accelerate Your Career https://teachyourselfcs.com/ https://mp.weixin.qq.com/s/Lt3X1vP137vTAGYfPJCbqg?utm_source=pocket_mylist https://github.com/izackwu/TeachYourselfCS-CN/blob/master/TeachYourselfCS-CN.md 超速學習：我這樣做，一個月學會素描，一年學會四種語言，完成MIT四年課程 https://www.books.com.tw/products/0010855836?loc=P_br_r0vq68ygz_D_2aabd0_C_2

 https://medium.com/geekculture/why-most-people-fail-to-be-programmers-4bb427e02646 The hidden truth: coding is not for everyone (indeed) 1. Searching for the perfect curriculum 尋找best practice 的企圖 (I am too old to practice and try & error) 3. Trying to reach the advanced level from day 1 9. Not being good at problem-solving skills

 https://www.youtube.com/channel/UCKuDLsO0Wwef53qdHPjbU2Q

 https://www.leonseng.com/

 https://k8syaml.com/

 實 在看的眼睛很痛，FB掛點後，很多人把BGP advertisements翻譯成BGP廣播，廣播在網工眼裡有特別的意義的(broadcast)，字義上的廣播也有持續發送的意思，在BGP路由宣告是不可能這樣的，現在IPv4全球的路由有86萬筆了，BGP路由宣告只有在變動時才會更新給peer(incremental update) https://www.networkworld.com/article/3635811/facebook-outage-was-a-series-of-unfortunate-events.html?utm_medium=social&utm_source=facebook&utm_campaign=organic&utm_content=content&fbclid=IwAR15da3AOdfZX6rAY-ApSOFIbDvbZCiAIHWDnf94OYmT0LZ0vIJpuPNaev8 這篇算是最完整的了，用的術語比較準確 (但還是錯， "DNS, or directory name services" 是 Domain Name System) -自建的DNS在網路裡，整個網路不通 ， DNS 客戶解析不到可以理解 -And when server availability went to zero because the network went down, they decommissioned all their DNS servers.” 但網路不通為何要把DNS server下線(用路由撤回的方式)呢，怕太大量解析搞掛嗎? "DNS was a single point of failure" 我覺得這次事件的重點是DNS，巡檢命令竟然會改設定，審計防錯機制再失效都還是SOP的事， 在架構面上， 內網服務用的DNS和讓外部查詢的DNS是同一個系統，就是很大的問題 "For example, Amazon, whose AWS offers a DNS service, uses two external services—Dyn and UltraDNS—for its DNS, according to Medina." 在AW

 https://tonydeng.github.io/sdn-handbook/ https://wizardforcel.gitbooks.io/network-basic/

 https://aws.amazon.com/tw/blogs/networking-and-content-delivery/ 一再挑戰老網工的直覺

 https://aws.amazon.com/tw/blogs/aws/inspect-subnet-to-subnet-traffic-with-amazon-vpc-more-specific-routing/?utm_source=pocket_mylist Until today, it was not possible because a route in a routing table cannot be more specific than the default local route (check the VPC documentation for more details). In plain English, it means that no route can have a destination using a smaller CIDR range than the default local route (which is the CIDR range of the whole VPC). For example, when the VPC range is 10.0.0/16 and a subnet has 10.0.1.0/24, a route to 10.0.1.0/24 is more specific than a route to 10.0.0/16.

 https://coolshell.cn/articles/20845.html

 https://developers.cloudflare.com/

  #葉郎每日讀報 #娛樂產業國際要聞揀1加2條

 https://www.tenlong.com.tw/products/9787111683919 鳳凰架構：構建可靠的大型分佈式系統

 https://www.computerweekly.com/news/252503267/Putting-cloud-repatriation-into-perspective

 https://cn.nytimes.com/style/20210722/jeff-bezos-space-image/zh-hant/?fbclid=IwAR2uzBAPM4zUww_qkSrlddcPaWwHfXrszN6Of6PtFsyEKkxIwxo9OtcVSh8&utm_source=pocket_mylist "開藍寶堅尼的牙醫，是一位貝佐斯。任何從事商業地產行業的人也是一位貝佐斯，他剛剛開始了他的第一次婚外情，就開始剃掉自己不應該剃光的部位。 在我決定嘗試穿戴腰包和一件盜版Dior短褲的那天，我變成了一位貝佐斯。 假裝自己是一位品酒家，這讓許多人成為了貝佐斯。決定經營一家金融服務公司不足以算是成就，這 也是 一位貝佐斯；一位貝佐斯會認為，人們真正需要的是在週末做一份兼職工作，作為熱帶浩室音樂和電音DJ。 如果你第一次去火人節(Burning Man)旅行回來是在50歲的時候，那麼你正在危險地接近貝佐斯的領地。"

 https://ns1.com/multi-cdn#routing-methods

https://www.youtube.com/watch?v=V14Ia2uwrtk Windows 365 isn’t designed for the consumer market. Instead, it’s for companies and enterprises that need to deploy a network over a large area. It’s also designed to allow businesses to utilize computing power as they see fit. The cloud PC will revolutionize business computing. Companies no longer need to spend on high-end systems to satisfy the needs of their people. They only need a reliable internet connection and an entry-level computer as a client to Windows 365. Best of all, businesses can subscribe to this service monthly. They don’t have to invest large sums to get computers that they might not use 100 percent of the time. With the cloud PC, they can purchase computing power as they need. This allows them to be more efficient with the use of their resources.

 https://open5gs.org/open5gs/

  今天才來細看cilium (和calico) 感覺cilium 背後的商業公司isovalent 沒打算弄一個能讓網路與安全公司都能共榮的生態圈，而是想全吃阿 ( 和NSX套路一樣，CEO 也是前Nicira的人，遲早這兩位也要打一架) - 和istio 整合，但把envoy 廢了 - 支援 external LB Maglev，想吃ADC/LB - 支援L3-L7處理，想把NGFW/ API GW..... - 都在kernel 弄完 - 先和calico 打一架，練習一下

 https://zq99299.github.io/note-book2/http-protocol/ HTTP: The Definitive Guide: The Definitive Guide (Definitive Guides) 1st Edition 就別提了 2009的書 High Performance Browser Networking: What every web developer should know about networking and web performance 1st Edition 也許這本ok 但沒有很細 比較進階

  需要更大的螢幕嗎？彭博社：蘋果正在研發 14、16 吋的 iPad Pro

JavaScript, APIs, and Markup

 https://www.ituring.com.cn/book/2760

  將proxy 運行到底 一個proxy 不夠 來三個 multicloud的網路不只是L3 connectivity 而是上到L4-7 自幹的control plane(不是istio) Data plane是變身的open contrail 加上envoy的翅膀 接著搞一個骨幹加上computing Ingress有proxy 骨幹有proxy egress 有proxy 多雲這麼搞 我這老狗又開了眼界了 F5真的是proxy架構的最忠實擁護者 除了骨灰級的big ip(即將有全新一代軟體 最好的GUI) 無所不在的NGINX service mesh的envoy

  其實老網工不懂Kubernetes 網路的實情是： 連最最變態的MPLS hierarchical VPN (更別提SRv6）都讀的懂了. 那有讀不懂的 老網工的OS是這麼拼裝的東西 這麼不照標準自幹的方案也能用 歐 很不organized 很 OOXX 唉 this is the reason you are not being invited to the party 現在不是標準的世界了 能解決問題才是王道 算是非常實際的

https://www.volterra.io/resources/blog/apps-are-becoming-distributed-what-about-your_infra 這點又要回到技術咖的觀點 Layer 3 (Routing, Firewall)  — we took hardened open source projects.  Tungsten Fabric (formally known as Contrail SDN)  is used by Tier 1 Telcos around the world for delivering key Mobile Packet Core NFV functions. It has a centralized control plane with a distributed data plane for network security and firewalls. We’ve taken  FRRouting  (Free Range Routing) for a rich set of routing protocols needed for traditional CE route exchange. We’ve added additional functionality to be a SaaS-based software stack; zero-touch provisioning (ZTP) and portability across most environments (Public Clouds, Private DCs, Edge Devices, etc.). Layer 7 (load balancer, proxy, WAF, API gateway, app security)  — we built off the great work of the  Envoy project  since it’s highly performant and lends itself to production needs with its modularity and dynamic configuration updates. What we added in addition

 https://theoutsiderstory.com/senior-backpacker-david/

 https://cloud.tencent.com/developer/article/1618577 Openflow 引領SDN的概念無庸置疑，後繼者P4真能大規模使用嗎? Openflow在軟體的實作也許比硬體交換器來的有彈性的多，畢竟是在最邊緣的位置 用BGP的Calico也許會被網路咖青睞，但OVN系的彈性相當值得期待

 https://kubernetes.io/docs/concepts/cluster-administration/networking/ https://cilium.io/ https://docs.projectcalico.org/getting-started/kubernetes/ https://github.com/kubeovn/kube-ovn

"只有集中式控制器才有统一的视角去调度资源，分布式控制器就是扯淡"?? https://mp.weixin.qq.com/s/3r-rKTlmQ-eX_6sIcHLILw https://www.usenix.org/system/files/nsdi21_slides_killian.pdf https://www.usenix.org/system/files/nsdi21-ferguson.pdf

 Cloud Network Architect. Nico Vibert @nic972 The Tech industry is slow to recognize the need for an entire new profession: the Cloud Network Architect. It's somehow expected that Infrastructure engineers become Cloud Architects and somehow learn all aspects of cloud networking - it's not fair on them, just like it wouldn't be fair on me to learn intricacies of storage or database.  Cloud Networking should be a dedicated role. Here are some of the skillsets I expect in a cloud network architect: Understanding of connectivity options to the Cloud or between Clouds (an app created in the cloud (or migrated to the cloud) does not exist in a vacuum) - including VPN, Direct Connect or similar, BGP, etc. Deep expertise on Internet connectivity. By this mean: Internet peering points, content distribution, DNS, global load-balancing, SSL VPN, about CASB platforms like  @zscaler, DMZ, etc... - in summary: accessing the Internet securely and quickly or providing web-facing servic

 https://mp.weixin.qq.com/s?__biz=MzAxMDA1NjMwMQ==&mid=2651770472&idx=1&sn=f1b7dd6569d73f4fb406f697feff94a0&chksm=80ac496ab7dbc07c45ed72cc68a957b5f7f51a365f6cad08f4e8b60cf644f6a2a8c51636e33b&mpshare=1&scene=24&srcid=03233EphjRaVDvTXUPxWh7jL&sharer_sharetime=1616485786092&sharer_shareid=4f0b69694a7991d2da3888a0b82ca43e&key=d8268f3a96f14b5e8e823529ca0c627d7b8f3f33f6d6a8013c2479559e7aa0cb92feb3caeeefb878d4d9a1339e391659083a3327b2ae57df35254bffdafff670351f2d3573102720205a96a1dd93ef3c3ce0fc62bd09f67ba69cd3a0ee59e026bfb096576061305acd5ff9f463534a3c97e49ebdba68b9c9a4eed7de7c3fae16&ascene=14&uin=MTE2MzIwMzY1Ng%3D%3D&devicetype=Windows+10&version=62080079&lang=en&exportkey=CVEmcRnZ%2BBBX8%2FnPVfJngps%3D&pass_ticket=PafrHeFs%2B6JslC0mSG5fIgWaBLy4iX0l%2FIOVyoRIc9pQ6UirsEaJkOez8AdmonIv&wx_header=0 check  SR IS SDN DONE RIGHT! OPENFLOW VS SEGMENT ROUTIN G 》 SR vs Openflow 传统网络出身的我迫于生计跑到网络安全界溜达了一圈 Packet-In 模式的首包延迟、脏 flow 、DDoS、

 https://systemsapproach.substack.com/p/service-mesh-sdn-for-layer-7 所以service mesh也可能有SDN一樣的命運 webscale才玩得動

 https://datacenteroverlords.com/2021/04/14/cut-through-switching-isnt-a-thing-anymore/amp/

 https://packetpushers.net/complexity-of-networking-architecture-in-2020s/

 https://medium.com/polymatic-systems/service-mesh-wars-goodbye-istio-b047d9e533c7 service meshes only reliably support http traffic right now I try to avoid CRDs as they create vendor lock in Istio deprecated Helm deployments in favor of their istioctl command line utilit y <init containers and cronjobs cannot use the service mesh Why? The service mesh proxy container never exits. If it never exits, then the init containers and cronjobs never really “finish”. In the former, your application container will never spin up and in the latter, your cronjob will timeout and be marked as a failure.> ??? your application container’s network calls will fail until the sidecar proxy is running Anyways, there are hacks to get around this, but it means that successfully implementing a service mesh is no longer transparent to the developer as they will need to make some code or deployment modifications.

 https://blog.teliacarrier.com/2021/04/29/rethinking-internet-backbone-architectures/amp/ Radical simplification to make use of routing silicon with very different design trade-offs and implications on operations and forward-looking performance evolutions Partially disaggregate Optical Networks to drive vendor competition and standardize alien wavelengths as the default deployment paradigm – at an acceptable OPEX overhead Convergence of IP and Optical, starting with short-range, point-to-point, deployments covering the full range of operational, organizational, cultural, and technology scope

 https://sdn.systemsapproach.org/index.html

 time to study multicloud networking https://investors.f5.com/news-and-events/news/press-release-details/2021/F5-to-Acquire-Volterra-to-Create-the-First-Edge-2.0-Platform-for-Enterprises-and-Service-Providers/default.aspx https://aviatrix.com/