10 posts tagged with "AWS"

I like to point out to people that it's easier to train a network person on cloud than it is to train a cloud person on networks. It's a glib generalisation but it holds true for the most part because there is so much to networking that comes from history and quite a lot of grounding that a seasoned network engineer or architect will already understand. A big chunk of the AWS and Azure networking certification covers BGP and that's one of the reasons they are considered quite hard for some but quite easy for others. BGP is a topic that many very experienced network engineers in enterprise networking can get through their entire career without touching, but for those who operate at scale or work with MSP and telco networks it's bread and butter.

I have a lingering fear that I'll break my site due to the somewhat precise nature of Docusaurus. It's compounded by my decision to open the site up for others to submit pull requests; while I run live rendering during updates I can't guarantee others will. I have added a simple action on top of the existing one which is triggered when a pull request is created. The action builds the site and captures the output from npm run build --verbose and adds it as a comment to the pull request.

When you create a VNet in Azure or a VPC in AWS you have to allocate a CIDR range from which you subnets will be allocated. There are some nuances between the different service providers as you try to expand your networks which can lead to some challenges. Knowing the different rules from the start can help you plan your CIDR ranges appropriately. We'll start with what's the same across AWS and Azure and then look at the differences.

There seems to be an obsession over on Reddit about the Mandela Effect which was named after a collective but strongly held false memory that the eponymous Nelson Mandela had died in prison in the '80s. It seems that our minds can play tricks on us and sometimes things which we clearly remember turn out to be a shared fantasy. I feel a little like this about those weird two weeks in about April 2021, in midst of the 'rona years, where everyone on LinkedIn got Aviatrix certification for free and then shared it with their contacts so that they too could benefit from a free certification in an emerging technology vendor's product. The reason I am not sure if it's a Mandela Effect is that I don't really think I have heard of anyone since who has actually used that certification for anything other than to pad out their Credly.

I took a look at egress security a little while ago and advocated for the 'less is more' approach for most organisations due to the proliferation of VPCs and vNets and the risk of either having a very large amount of very expensive firewalls providing very little value or, perhaps worse, another pet in the form of centralised internet egress. There may be another way.

Introduction​

When working with Azure cloud networking, certain limitations become apparent, particularly around DNS capabilities for private networks. In this post, I'll explore an unconventional approach: using Amazon Route 53 to address some of Azure's DNS limitations. While this might seem controversial, it offers interesting solutions to two specific challenges: cross-region failover for private resources and closest-instance routing within private networks.

My Perspective​

Over two decades of experience implementing network and cloud infrastructure across financial services, retail, healthcare, and public sector organisations has shown me a clear pattern: the success of cloud initiatives correlates strongly with an organisation's readiness for cloud adoption. Yet surprisingly few organisations conduct thorough readiness assessments before embarking on their cloud journey.

I've now extended the github action for those who want to create their sites in Docusaurus and then have the commited and pushed changes automagically get built and synced to their S3 bucket. Static S3 sites are a great way to host static sites and Docusaurus is a great tool for rendering sites out of simple markdown content.

The problem​

I used to run a hosted linux web server, which was great for stuff like all those weird little scripts and things I wanted to run 'always on'. After a while I put a few websites on it, and some websites for friends, and my little brother, and the local residents association, and next thing I knew I was running a load of instances of Wordpress. I was also constantly fending off the advances of hackers who were forever finding exploits in the famously insecure blogging platform.

I went down the AWS Gateway Load Balancer rabbit hole recently and it's an interesting solution to some quite specific problems. There are use cases for it on ingress and egress where regulatory requirements, or more likely legacy skillsets, dictate that traffic passes through NVA based network security appliances. The problem with NVAs is often the difficulty scaling them in AWS. You need to distribute traffic and typically you need a loadbalancer but you can't use an ALB or a NLB because unlike Azure the load balancers in AWS do not allow for traffic routing so they cannot be targets for route tables in the same way Azure loadbalancers can be targets for UDRs.