We're sunsetting PodQuest on 2025-07-28. Thank you for your support!
Export Podcast Subscriptions
cover of episode NB514: Cisco, Juniper Announce New Switches; SolarWinds Goes Private in $4.4 Billion Buyout

NB514: Cisco, Juniper Announce New Switches; SolarWinds Goes Private in $4.4 Billion Buyout

2025/2/18
logo of podcast Network Break

Network Break

AI Deep Dive AI Chapters Transcript
People
A
Andy Laptev
D
Drew Connery-Murray
J
Jonna Johnson
Topics
我关注到本周发布的1250个CVE中,有459个被评为严重漏洞,其中72个评分为满分10分,这些漏洞正在被积极利用。许多评分为10分的漏洞是十多年前发布的,至今仍在被利用,这凸显了及时修补漏洞的重要性。此外,API正在成为一种新的攻击媒介,需要加强API安全性,包括实施充分的授权和访问控制。Shadow Server报告显示,每天有280万个节点参与针对VPN网关、防火墙和其他面向互联网的网络设备的协调暴力破解密码攻击,攻击节点主要位于巴西、土耳其和俄罗斯。

Deep Dive

Chapters
This chapter highlights alarming cybersecurity threats, including 72 critical CVEs with perfect 10 scores and a massive 2.8 million node brute force attack targeting various network devices. The discussion underscores the urgency of addressing these vulnerabilities and adopting robust security practices.
  • 72 perfect 10 CVEs published
  • 2.8 million node brute force attack on VPN gateways, firewalls, and other internet-facing network devices
  • Most attacks originate from Brazil, Turkey, and Russia
  • Importance of updating and securing network devices

Shownotes Transcript

Translations:
中文

Take a network break. I'm Drew Connery-Murray. I'm Jonna Johnson. Jonna, we've got some good crunchy like networking news today. So what's on our list? We've got some scary red alerts, some new switching gear from both Cisco and Juniper, a preview of thousands of sites, traffic insights, and a bunch more.

Before we get into that, just a reminder, we have a Tech Bytes after today's news. We're going to be talking with Nokia about their event-driven automation, or EDA. That's a network automation platform that aims to help network engineers get predictable, error-free operations so you can keep up with all the change tickets coming your way while ensuring the data center is reliable and performant. So we'll dig into that. And by the way, Packet Pushers has a merch store so you can get yourself or someone you love a cozy sweatshirt with the Packet Pushers logo or the logo of your favorite podcast. It's this one, right? It's this one?

You can see everything on offer, including T-shirts, mugs, hats, and more at store.packofpushers.net. Jonna, over to you for red alerts. Okay, and I really hope you think Network Break is your favorite podcast. Oh, even over heavy strategy? Well, on this podcast, that's what I'm going to say. Well played.

Yes. So basically, first and foremost, of the 1,250 CVEs published in the week ending February 12th, 459 were critical, that is scoring 9.5 or higher. And of those, a whopping 72 scored a perfect 10. That is 72 super serious CVEs.

security vulnerabilities. And again, that was 1,250. The number of digits is increasing dramatically on these. It's worth noting. Most of the scary Perfect 10 ones have known exploits in use of the wild also. So in other words, these are not hypothetical vulnerabilities. These are actual vulnerabilities that are being exploited.

All but two of the tens are updates on CVEs that were initially published more than a decade ago and are still being actively exploited in the wild. Come on, people. Don't do this. Ten years? Yeah, right? Maybe it takes a while to roll out the patches, but ten years, that is bad.

Yeah. Of the newest discovered, this week we're highlighting CVE-2025-21415, which warns that an authentication bypass on Azure AI face service allows an authorized attacker to elevate privileges over a network. By the way, that doesn't mean an attacker who has been authorized to attack. That means somebody with authority and who decides to attack can elevate privileges over a network.

Microsoft now says the threat has been fully mitigated. No user action required for this one. But what about the next one? This highlights the need for secure coding practices and programs and products making use of AI APIs and the need for zero trust approaches to the networks and to the services themselves. We got a bunch of links in the show notes if you want to read more on that.

And I'll just note, talking about API security, if you're a subscriber to the Human Infrastructure Newsletter, I linked to an article. Somebody's walking through how to protect your APIs using Microsoft authentication capabilities with Entra. It's assuming you're in Azure, but I think the larger point is APIs are now becoming an attack vector. So you need to be protecting them. That includes making sure you've got sufficient authorization and access control on what the APIs are doing.

Which also means you have to have solid API management in place, which is a whole different discussion, but yes. Yes. Sorry, back to you. Yes, there's a huge universe of worry out there if you haven't been paying attention to your APIs.

But by the way, since we're in the business of generating more worry at this point in the show, Shadow Server reports 2.8 million node brute force attack. The threat monitoring platform, the Shadow Server Foundation, reports that since last month, an attack network that has grown to include 2.8 million IP addresses per day has been involved in a coordinated brute force password attack on VPN gateways, firewalls, and other internet-facing network devices.

The attacking nodes are basically just trying random combinations of passwords, attempting to guess the credentials to get them into appliances from SonicWall, Palo Alto, Ivanti, and others. Currently, most of the tracking addresses are located in Waitfort, Brazil, Turkey, and Russia. What a surprise. And are associated with routers from Microtik, Huawei, Cisco, and ZTE routers and IoT devices. So, yeah, that basically means the bad guys are compromising...

are compromising various networks and going after nodes using the stupidest but most effective possible approach, which is password guessing. Yeah, brute forcing it too. And that makes me wonder if what they are doing is, I mean, I'm sure at the top of their list are the default passwords on these devices and sort of the easy one, two, three, four, XYZ kind of password combos. So if that's you, please go change them.

Yes. Do not call your password password, okay? And by the way, putting zeros instead of the O's is not better. It doesn't count.

Okay, Drew, over to you for the news. All right. We'll start off with Cisco. They're announcing a new line of smart data center switches. They're built around Cisco's own 4.8 terabit per second silicon one chip as its central processor, and it's augmented by a programmable data processing unit, or DPU, from AMD Pensando. The idea is that the DPUs offload some of the data processing grunt work from the silicon one chip, making its resources available for AI and other large workloads. And

Organizations can also deploy services such as firewalling directly onto the switch running on that DPU. So you can do things like add security features faster and easier, and you can enforce policies closer to actual workloads. It also theoretically reduces the need to deploy separate hardware such as a dedicated firewall.

But we'll talk more about that in a bit. I just want to give you a little background. Pensando was started by former Cisco engineers and then was acquired by AMD in 2022 for $1.9 billion. I think Cisco also was an investor early in the Pensando startup, so they're finally getting it back into their platform. Yeah, that's a typical Cisco move is if it looks promising, we'll invest. Yes. Yes.

And I'll also note Cisco isn't the first to put a DPU in a switch. HPE has offered its CX-10000 series switch, which also includes the same AMD Pensando DPU that I think is going into these new Cisco switches. Since 2021, the CX-10000 already supports features like NAT and IPsec encryption,

that are going to still be forthcoming from Cisco. If you know of other switch platforms out there also running the AMD Pensando DPU, let me know, packaprush.net/fu. Yeah, and coming back to the point of these DPUs, Cisco has mentioned that future services would be things like NAT, IPSec encryption, IPS IDS, and others.

Its initial on-switch service offering will be a Layer 4 application of its HyperShield architecture for stateful segmentation. So the importance here is that this is a great platform if you're interested in security and adding security onto these devices, onto these switches. Yeah, I'm trying to read through that. I was like, what is HyperShield? And there's a lot to it, but I think the initial feature you're getting out of the box is essentially Layer 4 firewalling that will run on the DPU.

Yeah, and that stateful segmentation is actually incredibly important because it's another way of saying dynamically deciding where the packets get to go and not go. Yes. Which is very useful in lots and lots of scenarios. The main issue with doing anything dynamically is it can't happen fast enough, but in an architecture like this, it can. Yeah.

I'll note that the DPUs support 800 gig of throughput. John, I'm curious, do you feel like this architecture of having extra processors on a switch to do things like firewalling makes sense?

Absolutely. This is a no-brainer design. I'm surprised that Cisco took this long to develop it. But, in fact, weirdly enough, you see this even in biological systems where you'll have processing pushed off to sort of local but close support. So it's actually a very solid architecture. It's a great way to implement security at scale.

scale and at speed. So delighted to see it here. I ask because, you know, Cisco's rolling this out now in 2025. HP has had this capability since 2021, but it doesn't seem like there's been a lot of market uptake. I don't know if that's because

people are still a little bit wary about this design or just because HP doesn't really have that huge presence in the switch market? I'm going with the latter, absolutely. I suspect Cisco will make great hay with this because A, they have the marketing presence and they will go around and tell everybody why this is a good thing and B, it's coming from Cisco.

So, you know, there's a certain, I actually just read a quote that was fascinating. It was an ancient Greek philosopher who said there was a group of ancient Greeks who refused to do, to follow a good idea proposed by a bad person until a good person had proposed it first.

Not that I'm calling HPE bad in the slightest, but the idea that something has to be validated by a trusted market player is, you know, not nuts. Yes. Not making moral judgments here. Just, yes, there is something to that. Yeah. Interesting.

A couple more details here. Cisco has announced two models so far. The first is the N9-9300 smart switch shipping in the spring of 2025. The switch offers 24 ports of 100 gig and again runs on Cisco Silicon 1 E10 ASIC and the AMD Pensando GPU. Cisco also says it's going to roll out a top-of-rack model with six 400 gig ports, 200 gig ports,

and 48 to 25 gig ports. Look for that in the summer of 2025. We have a ton of links to details about this and other stuff that will be in the show notes that accompany this podcast.

And moving along, Cisco also has news from its acquisition ThousandEyes, where it's talking a little bit about Traffic Insights. Drew, what's going on here? Yeah, so ThousandEyes started off doing internet performance monitoring. They've also started to roll out capabilities to monitor your on-prem networks. They're now announcing a private preview of what they're calling Traffic Insights. Traffic Insights can automatically correlate NetFlow data and synthetic tests.

to help you identify the root cause of a problem more quickly. If you want the service, you need to have ThousandEyes agent software deployed in your network. Agents can be deployed directly on Cisco network devices or as physical or virtual appliances, and the agents conduct synthetic tests and collect flow records. You can also send flows from a third-party collector to these agents. All of this data then gets sent up to the ThousandEyes cloud for analysis, and engineers can use the cloud portal to see what's going on. And again, the private preview is available to current ThousandEyes customers.

Which I think this makes sense. It's a smart extension of the platform and there's a lot of useful data in those flow records, including, well, who's communicating with whom, what protocols they're using, how much bandwidth they're consuming, and so forth and so on. And the ability to blend in those synthetic transactions means you're actually able to do a little bit of what-ifs here and kind of do some predictive planning.

Yeah, I guess one way to think about it is the NetFlow is sort of always running and it's kind of a passive monitoring system with the synthetic tests. If you actually want to go test the performance of something right now, you can just run the test or have the test scheduled to run at regular intervals. And you're getting that like end-to-end and hop-by-hop performance, which I guess when correlated with NetFlow data could be very informational. Yeah.

Ah, so let me correct myself a little bit because with the synthetic test you're actually not able to generate synthetic traffic in this model yet. I was actually assuming, over assuming on this, so for the benefits of those who are listening,

synthetic testing not since synthetic traffic generation just yet right synthetic tests still value still still adds value yeah for sure okay um well moving along on the on the general theme of traffic uh d6 new york is going 400 gig d6 is one of the world's largest ix's internet exchange operators they announced plans to upgrade the background backbone in the new york inter exchange

which is the largest inter-exchange in the US Northeast region to 400 gigabits per second Ethernet. It will be deploying Nokia gear for the project, laying the groundwork for 800 gig upgrades later on. The upgrade is to accommodate increased demand and better meet the large customers who are already deploying 400 gig themselves. So basically, if people are bringing 400 gig traffic already,

we pretty much have to upgrade to handle it they're expecting to finish the upgrade in june according to the cto thomas king i'm guessing uh they starting with new york because there's a lot of financial services who want to process things as quickly as possible is that uh oh

I'm going to go with large customers, including financial services. But if you think about what's going on in New York, there's pretty much everything, including the hyperscalers. Hyperscalers, entertainment, banking. Exactly. It's very interesting when you look at the bandwidth density of various geographies.

And you realize, you know, obviously the Washington, D.C. area is incredibly dense, but so is New York. I'll note that it's like a nice win for Nokia. They've been trying to raise their profile in the Ethernet space. Like people just sort of assume they're just routers, but they do have a pretty good Ethernet portfolio. And just caveat, we do have a sponsored Tech Bytes with Nokia. So that's not why I'm saying this, I do think.

It's true that Nokia does have these products and is trying to raise its profile, particularly in the Ethereum space. Yeah, I mean, I think honestly being able to do stuff that fast is a big deal. Full stop. 400 gigs. This is not hard. Yeah.

Right.

devices connected to the switch will still have that power. So if you have to reboot the switch, you also don't have to reboot the APs connected to it. Juniper's positioning the EX4000 line as an upgrade to its EX2300 family. John, my assumption is here that as Wi-Fi 7 is rolling out, Juniper is also seeing an opportunity to get folks to upgrade their wired switches.

I think that's true. It's also, you know, the timing is actually quite good because there is a bit of a return to office push, which means the demand for campus networking is probably going to spike a little bit compared to what it has been for the past couple of years. So these are all good things. Yeah.

And of course, because this is a Juniper product, it does come with AIOps capabilities that includes things like dynamic packet captures, automated alerts on common networking issues such as misconfigured VLAN tags, cable faults, network performance problems. And if you sign on for Juniper's Marvis network service, that's an additional sign-on, you can interact with the Marvis chatbot using natural language to ask questions, kick off remediations, and get help doing things like searching documentation.

And if you are actually using that, can you please reach out to us at packetpushers.net/followup because I am very curious how useful this truly is. Some of it looks like it could be really, really useful, like getting the help searching the documentation. Other features, not so much. But I could be wrong, so that's why I'm asking. So if you're listening and you are using Marvis and you like it, hate it, we don't have to

say who you are. You don't even have to leave your information, but we would be very curious to hear what you think. Yeah. I know there are a lot of marvelous fans out there, so we may be getting a lot of contacts, but that's fine. I'd love to get it packetpressures.net slash FU. Uh, and John, maybe after the show, I can put you in touch with a couple of folks. Oh yeah. No, that'd be great. Uh, moving on. SolarWinds is once again going private. Uh, folks know SolarWinds as a network monitoring and observability platform. Uh,

It's been sold to a private equity firm, Turn/River Capital, for $4.4 billion in cash. And, Jonna, I guess you're giggling because we also know it for something else. - Oh no, I'm actually giggling because the last time it went private was in 2016, so it's like, ah, well, it's going private again, going public again, going private again. Of course we know it for the massive catastrophic breach that it suffered. So I think I'm actually, my secret suspicion is whether they're gonna try to rename and rebrand it this time around, but who knows.

Yeah, so as you mentioned, SolarWinds went private back in 2016. It was acquired by private equity firms Silver Lake and Toma Bravo for $4.5 billion in an all-cash deal. So in 2016, they got $4.5 billion for it. In 2025, they're only getting $4.4 billion. It did return to the public market in 2018, where they managed to raise $375 million in an IPO. I will note that at present, Silver Lake and Toma Bravo are SolarWinds' biggest shareholders, so they will probably get the majority of the cash coming out of this deal.

And sticking with SolarWinds, they also recently announced their fiscal year 2024 financial results. They had $796 million in revenues for the year, up 5%. Net income was $112 million. 5% growth for the year, not bad, but I guess Silver Lake and Toma Bravo are just looking to recoup their money a little faster. Yeah, I think that's probably the case. And also, you know, reputationally tarnished, obviously, as we know.

Who knows? I mean, it can get turned around, although private equity deals are not necessarily great for investment or growth in technology or employees.

It may just be that the new PE firm is hoping to pull some revenue from SolarWinds as legacy software that's kind of hard to jettison. So it may just be a, you know, continue to milk the customers for a while play. Yeah, we'll see. I mean, all the verbiage coming out of SolarWinds is that it's great and it's an investment and they'll do brand new things with it. But we will have an opportunity to see.

Sticking with financial results, we'll go to Juniper Networks. Their proposed acquisition by HPE is currently being blocked by the U.S. Justice Department. So Juniper's back to reporting financial results. They did their Q4 and fiscal year 2024 financial results. For the quarter, the company had revenues of $1.4 billion, up 3% year over year, and net income of $162 million, up 30% year over year.

For the full year, Juniper revenues were just over $5 billion, down 9% from last year, and a net income of $288 million, down 7% year over year.

I think because of the still pending acquisition, Juniper didn't hold an investor conference call and didn't offer any guidance for Q1 2025. But I did note in the press release that accompanies the results, CEO Rami Rahim is quoted as saying, we saw double digit order growth in our enterprise and service provider verticals complement another quarter of triple digit year over year growth in our cloud vertical. So I guess while full year results were down, they did have a pretty good Q4 and we'll see if the company can maintain that momentum going into 2025 where they also have to fight the Justice Department.

Yeah, and I think, I mean, HPE obviously is going to be putting on a pretty hard fight there. So we'll see how that comes out. Yeah, lots to watch.

Our last story for this episode, security vendor Fortinet also released Q4 and full year 2024 results. For the quarter, Fortinet earned revenues of $1.6 billion, up 17% year over year, and net income of $526.2 million, well up over last year. For the full year, revenues were $5.96 billion, up 12.3% versus last year, and net income of $1.75 billion, also up over the previous year. I

I guess my general takeaway is that these are good results and they sort of align with the overall robustness of the security market. But in looking at the press release a little more closely, I noticed that for

Full year 2024, service revenue was $4 billion, while product revenue was just $1.9 billion. To me, that says Fortinet's doing very well extracting money from existing customers, maybe doing less well in bringing new customers on board or selling them new gear. I don't know. Am I reading into that too much? It depends on how they're defining service revenue, obviously, because there's lots of different ways to define it. It may just simply be that if it's more cloud-based, that could be new customers. Sure, that's true.

So, yeah. And I mean, I went back and sort of a quick and dirty comparison is to look at revenue versus net income. If it's some kind of...

services from the standpoint of professional services or something else, usually net income goes down or doesn't go up as quickly as revenues because the cost is greater. But it seems like they're basically increasing income, increasing revenues, which means their cost structure is great. So whatever they're doing, I think they're doing fine. They are doing fine. Yeah. I wouldn't worry too much about it. I don't think we can extrapolate into new versus existing customers from just that. Okay.

You may be right, but I'm not sure from the data that we have. We can say that. Absolutely fair. Yeah, for sure. All right. Well, that wraps up the news portion. Please do stay tuned for our sponsored Tech Bytes podcast with Nokia. We're going to get a taste of its EDA data center automation software. That's coming right up.

Nokia's Event-Driven Automation, or EDA, is a network automation platform that aims to help network engineers achieve predictable, error-free operations so you can keep up with all the change tickets coming your way while ensuring the data center is reliable and performant. On today's Tech Bytes podcast, sponsored by Nokia, we're going to talk about how EDA uses intent-based networking and Kubernetes to build a digital twin of your production network to help you test changes and run pre- and post-checks so you get a rock-solid, reliable data center network.

Our guest is Andy Laptev, Senior Product Marketing Manager of Data Center at Nokia, and many of our listeners will recognize Andy's voice as he is a co-host of the Art of Network Engineering podcast. Andy, welcome to the show. You recently joined Nokia. I'm just curious, as a network engineer, what was your exposure to the company prior to being employed by them? Hey, guys, thanks for having me. It's awesome to be here. This is like a dream come true. I'm on Packet Pushers. Yay! Yeah.

Listen, I had no idea Nokia was in the networking space, right? Let alone the data center space. I spent a decade managing data center WAN environments, and there's three big names that we all think about. I'm not going to say them out loud, but three vendors pretty much own that market. So I didn't know Nokia was in the space. And my first exposure to Nokia was when Mike Bouchon announced on LinkedIn he was going there. I'm like, huh.

Okay. That's, that's an interesting move, but Mike's a smart guy. So, you know, interested to see how this goes. Um, around the same time of Mike's announcement, I was interviewing for a role at, you know, my dream logo, right. Another company name we won't manage mentioned, but, um,

Tom Hollingsworth around that time invited me to be a delegate at NFD exclusive with Nokia. It was this all day, you know, event where they network field day. Yeah. Yeah. Network field day. I had been there before. It was great. So I'm like, yeah, sure. Let's, let's do this. And, you know, I'm a curious person by nature. So like at that event, they started to say things that were like,

They started to get my attention, right? So like, I'll just walk you quickly through how, like what I learned there. I learned they have a complete hardware portfolio, right? Didn't know that Tomahawk tried and Jericho platforms, like all the speeds and feeds everybody has like, okay, cool. You'd expect that kind of what got my attention was their mission critical network. So I learned that like a lot of the world's mission critical infrastructure is built on Nokia networks.

I think like air traffic control, train signaling, power grids, networks that have to be reliable, right? Like networks whose failures mean people could be hurt or worse. So they got my attention there. I'm like, huh, okay. Nokia, this sounds pretty cool. It did not sound like production networks I've managed, right? Thinking back to my prod days,

No matter how hard we tried, reliability was very hard to create and come by. Another thing they talked about at Network Field Day was their software quality. It is, you know, the most modern NAS. You know, they say it has all this embedded telemetry. It's orders of magnitude better than competition if you look at CVEs as a proxy for quality. So it starts to make sense. Like, okay, you need high-quality hardware, great software to deliver reliable networks, mission critical, okay. And the way they framed the problem I thought was interesting. So...

If you guys will play along for a minute, I'm going to ask you two quick questions. What time of year are networks most stable? Holidays. Christmas. Why are networks most stable during the holidays? No change windows. You don't mess with them. Exactly.

We don't mess with them. Exactly. So as an industry, right, we're complicit in building out a discipline where our stuff works best when everybody goes home and stops touching it. It's a little embarrassing. Okay. There was a report in Uptime Intelligence that they had talked about. They looked at 25 years of data and determined that two thirds of network outages are caused by human error. That's a lot of mistakes. I know I've made plenty of them in production. Exactly.

Again, my friend Mike Bouchon joked there that if we built airplanes like we built networks, he would walk everywhere and he would always be looking up for falling airplanes. That

That man is a wordsmith, right? But this is the problem that they wanted to solve. Nokia decided to address the safety issue. If we want to make networking as safe as the aviation industry, there's a couple lessons we can learn. Redundant everything, right? Two engines, two pilots, checklists. I don't know if you've ever been on a plane, right, walking by the pilot, but they have all these checklists they go through to make sure that the plane is right before they go do the thing. And if you see all the dials and things on the wall in front of them, they...

have real access to fine grain telemetry. Like, how is the system working in real time? What is happening? So kind of where they wrapped up. And again, now I'm completely...

You know, enraptured by the story that they're telling me, they say, if we apply these lessons from the aviation industry to the networking operation space, that is fraught with peril, right? We know this. We can drive safety, remove fragility in networks and make changes to our networks without breaking them. We don't all have to stop touching everything to make our network stable. And if networks aren't fragile...

We can move fast with confidence. I know that's a lot of words, but I had no idea Nokia was in networking. I went to NFD. They told me what I just told you. And I'm like, oh my God, I need to know more.

Yeah, so that's one of the reasons you're here because now you're working for Nokia and you're out to let folks know that yes, Nokia is a player in data center networking. And the specific topic is event-driven automation or IDA. And what is that? Network automation. Hopefully you haven't followed me anywhere publicly and heard me complain about network automation over the years. I know your complaints because you said, I don't want to become a programmer just to automate my network.

Listen, there's probably a reason that, you know, less than 30% of the industry has really adopted network automation. And I know through the network automation forum that, you know, this conversation has been happening and it's really good. So I guess again, at, uh, NFD, when I, when I saw EDA, so, so what is it? Uh, Nokia is event-driven automation or EDA. It's a cloud native automation platform whose goal is to drive human error zero. We talked about two thirds of outages caused by humans, uh,

The problem they wanted to solve, we wanted to solve is let's drive human error to zero. Let's stop, you know, let's create networks that we can touch without them falling over all the time. It's designed to ensure reliability, simplicity. The extensibility part's kind of cool. It's a very open environment.

kind of philosophy where if you are super coder person, you can create your own functionality in there and in an app store they have, it will probably talk about, um, a little later. Um, but it focuses on, you know, predictable and error-free operations. It does things like pre-checks, post-checks, intent automation. There's a built-in digital twin. Um,

Hello. I never was able to test my changes. My tests were hit the return button at two o'clock in the morning and, and, and pray. Right. Um, so confidence was always relative when I was managing networks and we never knew if a change was going to blow up our networks or not. Um, I was the intelligent decision maker and I had little insight into state and I couldn't test changes. So, um,

I love that EDA gives network operators the not only visibility into the state of the network, which again, I never felt like I had. We were very reactive when spectrum would blow up or the phone would ring because customers were mad. That's when we start looking with all this built in rich telemetry that EDA brings in. You can see the state of the network and then the event driven part. You can build in workflow so that if thing happens, do other thing. I could literally sleep through

an event that would be auto mitigated with EDA. So EDA is a system by which I, as a network engineer can implement changes on the network. It's, it feels like a, like a framework. I was thinking it was more like a reactionary system that could do the last bit of what you just said there. Oh, something happened, take this action. And that's in there, but this is way bigger than that.

It is. And something I failed to mention is the natural language ability it has. I know everybody's baking AI into everything, right? But I will tell you that I saw at the demo at Networking Field Day, you can ask your infrastructure in natural language any question you want, just like I talked to my 10-year-old son, and it will respond to me

and give me answers. We were at NFD and they said, you know, just as a joke, show me all interfaces with RIS. Now, I don't know if you know this new fangled terminology the kids are using, but RIS means cool. And EDA...

translated that as up, right? So show me all interfaces with RIS and it showed me, not that any network engineer would ever do that, but you can ask it ridiculous, you know, skibbity whatever RIS and it will know what you're talking about because it's using- I'm not sure this is an advancement, but yes, I see the value of a system you can query with natural language.

You said a couple of things, and I also said cloud native and Kubernetes, but we're talking about my on-prem data center. What is the cloud component? Does this mean data is going somewhere from my switches up to the cloud?

So it is gathering streaming telemetry. And I'll be honest with you. I am not streaming telemetry expert, right? I know it's using GNMI. There's GRPC. These are a lot of things that I'm not aware of. I didn't have access to in my tooling, but it's gathering streaming telemetry. What is it gathering? Faults, TCAM usage, control plane insights, fabric workload, right? Where does it go?

It is a Kubernetes-based environment, so it can be on-prem, it can be in the cloud, anywhere you can run Kubernetes. I have it running on my MacBook, right? Wherever you can run Kubernetes is where this would go. There's a state aggregator that gives you a uniform interface, and you can query, like we talked about earlier, and ask the state of your network what's happening and

It's really compelling when you see it. So this isn't a SaaS service per se. This is something I can run on-prem if I want, but it's using cloud-native constructs like Kubernetes to build this software application. You can run it on-prem. You can run it in the cloud. And there is...

I don't know if it's been officially released and I don't know if my friend on the call will yell at me, but there is a SaaS solution now where it is a fully hosted EDA environment that you can leverage as well. So whether you want to run it in your own cloud environment, on-prem or leverage the SaaS environment, it's all there. What network operating systems are supported? Are we talking about just Nokia's SR Linux or other ones too?

Multi-vendor, right? Every environment I've worked in has been multi-vendor. So what is supported? Nokia's SR Linux, obviously, right? That's their NAS. There is planned support for Sonic soon. And I believe there is one other vendor on the roadmap, either Cisco or Arista. I don't know which, and I don't know when, but that is coming. So this is a...

for hybrid environments. And kind of another cool thing that I think I should mention is because of the open nature, there's an app store. So EDA sees every functionality as an application or an app. So just like you would go in your iPhone or Android app store and grab something, EDA sees a Fabric as an app, right? So if you don't like EDA's opinions on what a Fabric is and you're a coder or guru, you can write your own

Fabric app. I believe it's in Python. I might be corrected. And put it right in the app store and pull it in for yourself. If there is a functionality in a vendor that EDA doesn't support, you can make it yourself and integrate it in there. So I love this kind of like open, extensible Kubernetes, you know, cloud native thing going on because it's all very new to me and

I haven't seen that in other places. Well, give us an example that we talk in like, I want to build a, I don't know, leaf spine network. I can pull an app down that'll hook into EDA and help me create that network.

Yeah, everything's an app and all the state is bubbled up into the apps. So, you know, we'll have to do a demo sometime with you guys in a future one. But it's they should again, I keep going back to NFD, but that's that was my experience, my first experience with it. And it was pretty amazing. Everything that it is doing is is in an app. It's all coded in apps. It's modular. You can pull them in and out. You can create your own, which I just think is really neat.

So in the Nokia ecosystem, then, is this like, this feels like intent-based networking. Does that mean there's like a Nokia language I have to learn to express what I'm looking for?

So there's no language. Like I'm a traditional, what Scott Robon would call a trad net ops person. Again, we started with like, I don't love the coding, right? Listen, I've done a little bit of Python. I've done some things because everyone's telling me I have to, but I don't like it. So like for a trad person like myself, I have a no code solution, the GUI. I can go in, I forget if it's five or six button clicks.

You can click five buttons, fill out a very simple form, create a fabric, thousands of lines of configs are generated, and you have your state instantly and you can see what's happening. If you're one of those Kubernetes cloud native super nerds who want to interact with YAML, have at it. The coders among us can extend the capabilities like we talked about by writing their own apps in the App Store.

But yeah, you don't need coding, but if you're a coder, you can really extend the functionality in the app and import it into the app store. So you mentioned that EDA is creating a digital twin of the production data center. Can you talk more about that? What do you mean by that? Because there's, I think, multiple versions of digital twin floating around the industry. Yeah.

It's something I wish I had in production and never did. We were talking before we recorded about our worst stories and all the fun that we have in maintenance windows as network engineers. So

The digital twin is providing an emulation of your production network, right? Again, something I didn't have. We used to ask for labs to simulate our production network and it just wasn't in the budget. And it was really hard to emulate that in software. The digital twin emulates your production. It'll show you configuration state. It'll show you routing behavior like BGP, VPN, streaming telemetry. It stays synchronized so the telemetry bubbles up.

It tells you what's happening in your environment. And if you want to test a change, I forget what it's exactly called in there, but you can load up your change. It's not a commit. It's probably dry run. I might be messing up the terms, but you click that functionality and it'll

do its magic and let you know whether this is safe or not. Again, much like those checklists we talked about in aviation, it will do all those pre-checks and intent and, you know, all the EDA magic that it does that I don't fully understand because these people are brilliant and I just work here. But yeah, they're allowed there. You're able to test a change before you push it to prod. And man, that sounds really good to me because I didn't have that. And I wish I did.

The idea being you can push a change in this digital twin and see what the results are, see if something breaks, see if something opens that you didn't mean to open or so on. Yeah, like, oh, I pushed that change and my whole fabric disappeared. Again, we're not...

trashing anyone here or telling war stories, but I may have been involved in a maintenance years ago where we pushed a change and all of our fabrics completely disappeared and it was like a seven hour outage. I won't get into why and how, but we didn't have a twin to test what we were doing. We thought it was good and we went through all the change management and the peer reviews and all the things we do for people who don't have digital twins. And then we push the button in a window and oh my God,

Many people were upset. Less dramatic for me was a change window where I couldn't get past bringing this firewall online because I'd forgotten to do something very fundamental. Set the zones. I never set my zones. So no traffic was flowing through this box and I couldn't figure out why for the life of me. Digital twin would have caught that.

Or that silly, you know, add VLAN to a trunk thing that we've all done at least once. I forget what the command is. It's been a while. But if you don't do the syntax exactly right, that's the only VLAN that's on the trunk and everything else is gone. So, yeah, it's really nice to be able to use intelligent systems to...

feed our ideas to them and then let us know whether it's a good idea or not and if we're going to break all the things. So that's the theory behind the digital twin. So Andy, we're going to wrap on this. You sort of touched on it, but if I am a network engineer, a trad engineer who's a little skeptical of network automation or maybe intimidated by what looks more like software development, is Ada for me or do I need to be the Kubernetes, YAML, whatever dude to embrace this? Ada's designed for network engineers first.

not just software developers. Every automation platform I've used prior to this felt like it was built for software people. And I'm like, oh my God, look at all this stuff. So you don't need Kubernetes expertise. It abstracts all those complexities away. Go in the GUI if you want to. You don't need to write YAML or Python. Again, you can go to the GUI if you want. If you want to go crazy, you can. If you're comfortable with

you know, NetConf, JSON, CLI-based workflows, EDA provides familiar interfaces. If you want to go deeper, it supports advanced customization, CI/CD pipelines, GitOps scripting, but I am a TradNetOps guy. I can click buttons in a GUI and I can be happy. And that's my story. Well, that does wrap up our time. Andy, thanks for joining us. Where should folks go if they want to find out more about EDA?

Thanks again for having me. It was fantastic. You can go to nokia.com, search event-driven automation and get all of our information there. All right. We'll also have links in the show notes if you're looking for more specifics, but that's nokia.com and just search event-driven automation.

Andy, thanks for joining us. It's great to talk to you. And thanks to you, the listener, for also being here. If you like this episode, there are many more fine, free technical podcasts and our community blog. It's all at PacketPushers.net. You can follow us now on Blue Sky. That's at PacketPushers. You can hear us on Spotify. And if you would leave us a rating on Apple Podcasts. And last but not least, remember that too much networking, trad or otherwise, would never be enough.