Background According to Wikipedia : …the CAP theorem, also named Brewer’s theorem after computer scientist Eric Brewer, states that any distributed data store can provide only two of the following three guarantees: Consistency — Every read receives the most recent write or an error… Availability — Every request received by a non-failing node in the system must result in a response… Partition tolerance — The system continues to operate despite an arbitrary number of message

Dealing with Clashing CIDRs Note — I am not by trade a “networking guy”. However, I’ve seen my fair share of network designs. Take this with a grain of salt, but also ignore this at your own risk. Sometimes, despite all efforts otherwise, it’s not possible to create perfectly segmented, non-overlapping networks (like if you have a need for 18M private IP addresses[1]). Other times, it is deemed convenient to reuse ranges (one thing that I’ve encountered more than once is the

Note — I am not by trade a “networking guy”. However, I’ve seen my fair share of network designs. Take this with a grain of salt, but also ignore this at your own risk. How do network architects develop the private network schema (the CIDRs organized to not overlap nor waste IP space) for an organization of sufficient size? The answer is certainly qualified, especially since organizations and products can make large and rapid changes over time, whereas networks have a certain

The Problem As I shared in my previous post The Network Overlap Problem there are many ways an organization can find themselves entangled in so many CIDR ranges that it becomes tedious to track and maintain. Decentralized teams managing product-specific network components, or disparate networks becoming joined together through mergers and acquisitions all are subject to this risk. With all the competing agendas and expectations, the last thing we want to worry about is how t

The Problem At a previous client, I was on a team tasked with moving all on premises assets (including network) to a popular cloud provider. The specific client team was part of a wholly owned subsidiary of the actual contracted client and the project involved moving the contents of their data center into the parent company cloud. The network ranges were extremely segmented and there was little obvious rhyme or reason for address packing or range banding. During the project,

While Terraform is primarily a configuration language that abstracts the APIs of another platform, there are logic expressions available in Terraform allowing developers to introduce inferences and abstractions, improving the flexibility (or general accessibility) of a solution, without introducing repetitive code or requiring deep technical knowledge on behalf of a module’s consumer. However, the tendency to see each of the world’s problems as a nail once one’s hammer is mas

As presented in the previous post, Infrastructure as Code has 3 major components (which I refer to as the state triplet ) that comprise a known state : the codebase, the live, instantiated resources (or state domain ), and the recorded state object (stored in a Terraform state file). In this post, we will begin by establishing the common characteristics and constraints regarding state management, including how to approach the shape of the state tree . Then, we will consider

Infrastructure as Code as we know it today has 3 major components that comprise a known state: the codebase that is applied (or the IaC tool’s interpretation thereof), the resulting live, instantiated resources (which is accurate only to the point in time when it was last read by the IaC tool), and the recorded state object (definitions of terms used in this article are below, in an appendix section) which is stored in a Terraform state file. I refer to this as the “state tr

Teams and organizations (i.e. software engineering business units within a larger bureaucratic entity e.g. a corporation) target Terraform to provision and maintain their infrastructure. Because Terraform primarily acts as an abstraction layer over the APIs already exposed by the service provider in which the resources will be built, there are few structural standards imposed by the tool itself. Moreover, while there is a recommended standard for individual modules, there doe

All Terraform code included in the execution of a plan is contained in at least one module. Oftentimes, a single plan includes multiple modules, especially those supporting large (or complex), automated implementations. I will begin this series by presenting different types of Terraform modules to provide context for later narratives. I’ll also provide some general observations regarding the application of each module type. Finally, I’ll close this post with a comparison of t

Image Generated by DALL-E There is a dwindling effort put into collective code reviews. Instead, we have a couple of senior developers designated as “approvers” to give their blessing or redline the effort. Sometimes this works extremely well right up until one approver goes on vacation, gets promoted, or leaves the firm. Most likely, we need more stringent oversight, and perhaps even government-enforced regulation. We need to treat code reviews as a security best practice, n

I’m climbing up on the soap box, so prepare your eyes for rolling. We don’t take tech debt seriously enough. If we did we would pay it off, but because it typically affects us at such a small scale, we take it for granted. Rather than clean up the mess, we learn to ignore it. I don’t anticipate anyone experiencing enlightenment with this essay. In many ways, it’s simply a rant. After all, monetary debt seems to be held leisurely and a certain amount might even be considered h

Or at least stop calling whatever it is you’re actually doing a test. A test (unit, integration, etc.) suggests that you are testing the code by giving it known inputs that produce expected outputs. Testing is extremely useful in software development and I truly hope the code behind every framework (API, CLI, IaC framework) is tested by its development team. Either way, we should NOT test THEIR code (unless we are developing FOR the project e.g. as an OSS contributor). Undeni

AI Generated Image Agile methodologies (especially sprint-oriented) are the wrong approach for delivering software infrastructure. Typical implementations introduce inefficiencies in the name of an unnecessary prospect of adaptation to rapid change. Moreover, they favor small, cross-functional teams that are expected to be highly autonomous and sized & organized in reflection of the modular functionality we expect from modern, cloud-native architectures. But software infrastr

AI Generated Image CI/CD stands for Continuous Integration & Continuous Deployment (or, less commonly[1], Continuous Delivery). It is a common practice for managing the Software Delivery Lifecycle (SDLC) of decoupled workload architectures. It implies that different components of a software workload are organized into disparate codebases (grouped by function, scope, domain, etc.), each with a distinct lifecycle (and, hopefully, version) that, at least generally, does not impa