going-flying.com gemini git repository
48b5c3106030f30d9927514964710ec6490f22aa - Matthew Ernisse - 1615222409
new post
diff --git a/users/mernisse/articles/19.gmi b/users/mernisse/articles/19.gmi new file mode 100644 index 0000000..787de9b --- /dev/null +++ b/users/mernisse/articles/19.gmi @@ -0,0 +1,80 @@ +--- +Title: Sysadmining: A series introduction? +Date: 3/8/2021 11:50 + +## The Idea + +I'm thinking about writing a series of articles on how (and why) I run things +around here. I spent the better part of a decade working for a national ISP +and developed habits and methods for building and caring for systems operating +not only at scale but in an environment where 'move fast and break stuff' was +not only a resume generating event but also potentially a way to get in trouble +with various State and Federal regulators. It seems that in the early days of +the Internet it was expected that anyone other than end-users would be able to +run basic Internet services at their site for themselves, but now the norm +even for technical people is to hand control for all of that away to someone +else. Things like e-mail, news, DNS, web, ftp, file and print services +were all commonly 'self-hosted' and I still prefer the level of control I have +over my Internet experience that comes from 'self-hosting'. + +## What a Long, Strange Journey it has been + +Over the years I have spent a lot of time trying new things and refining +down the processes that knit all this crap together so that my hobby, which +became the doorway to my career wouldn't consume my life. Infrastructure +needs caring for but it shouldn't be all consuming. As it stands today +the choices I have made support what I may describe as a medium-complexity +home network and Internet site. + +### Network Diagram + +``` ++-----+ +------+ +-----+ +| SJC | <-----> | COLO | <-----> | NYC | ++-----+ +------+ +-----+ + ^ ^ + / \ + v v + +--------+ +------+ + | OFFICE | | HOME | + +--------+ +------+ +``` + +The network today looks like this. It is interconnected by IPSec tunnels +over which I run GRE so that I can provide dynamic routing (previously with +BGP but now with OSPF). The three sites across the top provide public and +private services and the two bottom sites are mostly client devices +and internal only services. This demarcation has been the result of changes +in the Internet. When I started this whole journey there was only 1 site, +my home, and all it had was a dial-up connection at a screamingly fast 14,400 +baud. You might think it impossible but I ran my website, e-mail and DNS all +on that dial-up connection with very few problems. The growth of the Internet +and malware based SPAM changed the landscape over the years, requiring me to +move my public-facing infrastructure to a colocation provider to get access +to non-residential IP space. + +## Topics and Audience + +It is the fate of any human system that becomes successful enough so as to +move into the public consciousness as 'infrastructure' to become magic to +the general populous. There was a time when electricity was novel and new +and so nearly anyone that was involved with it knew it intimately but now +all the genius and complexity of the system falls quietly into the background, +hidden behind a wall of standards, specifications, tribal knowledge, and +assumptions that it will Just Work. So too computers are starting to fade +into that realm, layers of abstraction hiding ever more complexity, the +inter-networking of them being largely taken care of as a service. This isn't +for everyone, that is for sure. Many technical people are perfectly content +with opening up their web browser and VSCode and writing some JavaScript, +clicking a button to sending it to GitHub and calling themselves a developer. +That's fine, we will always need those kinds of people; however, if you are +curious about some of the underpinnings that make that workflow function then +you might find a series like this useful. + +## Up Next + +I think the first topic I'll discuss will be DNS. Once you have yourself +layer 3 network connectivity in almost all cases you will need yourself +some DNS. + +Let me know if you find this series idea interesting.