Perfect security, if such a thing exists, probably involves a Faraday cage and no Internet connectivity. Increasing security usually comes at the cost of usability and if a computer system is so cumbersome to use that it isn’t used at all, then it serves no purpose. One must strike a balance between the two. I recently did, when I got myself a set of Yubikeys, a hardware authentication device. This is my setup for perfectly reasonable security.
Some time ago I wrote an introductory post on how to validate data using YANG. A simple example as it were, it can be difficult to apply to the real world as there are some blanks to fill in. This time around we’ll follow up and use the same tools to validate if the NETCONF / YANG interface of a Huawei router is sound and adheres to standards.
Git is super useful for anyone doing a bit of development work or just trying to keep track of a bunch of text files. However as your project grows you might find yourself doing lots of boring repetitive work just around git itself. At least that’s what happened to me and so I automated boring git stuff using our CI system.
Every now and then I hear about how difficult it is to use YANG to actually validate any data (we call this instance data). Since we in the TeraStream team do this quite a lot I thought I’d share how it can be done. This is using a process that we also employ in our CI pipeline.
This is the story of interoperable 100G DWDM - what we have accomplished and how we got here.
YANG comes with a fairly strict set of rules for allowed modifications between model revision, so how do you make changes to your API while abiding to these rules?
Cisco IOS XR virtual routers support something called CVAC which allows passing the initial configuration of the router via a virtual drive. It’s rather similar to Cloud-init, if you are familiar with that, or with what Juniper calls config-drive.
The number of DDoS attacks and the size of those attacks are ever-increasing and poses a threat to the Internet and in extension, our society. Without in-depth knowledge or prior experience, anyone can rent a DDoS botnet for tens of dollars an hour and attack anyone they wish with enough traffic to bring down the vast majority of potential targets on the Internet.
IOS XR has featured a NETCONF interface for quite some time but it was only with the 5.3.0 release that Cisco coupled it with proper YANG modeled configuration and operational data. Before that they used XML Schema Definition (XSD) to describe the data transported over the XML agent / NETCONF interface.
Ok, trying out this GitHub+Jekyll powered blog thing. Maybe it will help me write a bit more often than I previously have. I do enjoy working with git after all :)
My employer arranged for a hack day last month. It meant anyone participating was free to hack on anything they wanted and at the end of the day we got to present our work during a 2 minute flash presentation to our colleagues as well as a number of students from KTH’s (Royal institute of technology) computer science program.