Tuesday, January 15, 2019

Networking Part V: Azure Networking Foundations - VNet, Subnet, Security, and Connectivity

Posted on Tuesday, January 15, 2019 by
This is part 5 of a series of networking posts:
Azure Networking Overview
Azure data centers manage the physical hardware for you. You configure virtual networks through software, which enables you to treat a virtual network just like your own network. For example, you can choose which other networks your virtual network can reach, whether that's the public internet or other networks in the private IP address space.

Azure Foundation Networking
Image result for vnet subnet diagram

  • Virtual Network: logically isolated network on Azure that enables the flow of communication between different resources/subnets/VMs, other VNets, or to on-premises (depending on how you set it up). This is the foundation of Azure Networking and it is a Layer-3 overlay. Virtual networks are segmented into one or more subnets. Limitation of VNets: VNets cannot span regions or subscriptions.  VNet Peering, ExpressRoute, or VNet-to-VNet can connect regions or subscriptions together, however.
  • Address Space: usable IP addresses within your virtual network. Mainly an IPv4 environment. Public and private available.
      • VNets are isolated by default. If you deploy two or more VNets in the same address space, it is fine as long as you do not intend to ever try to connect them. 
      • If you need to add multiple address spaces, go to your VNet resource > Settings > Address Space and add more. As you add more, you can make subnets from all added address spaces.
      • Azure Reserved Addresses are needed for Azure core connectivity.  /29 is the smallest and /9 is the largest you can use in Azure. Typically x.0.0.4 will be the first usable address space. 
    • Subnet:  Subnets can help you organize and secure your resources.
      • In the Portal when you create a VNet it has  you define your first subnet, you can add more later  or delete/modify the one you created initially.
      • Network Security Group: controls ingress and egress traffic (allows or denies) to your Azure resources such as a NIC or subnet. Think of a network security group as a cloud-level firewall for your network. Prioritized set of rules based on a 5-tuple rule-set: source + destination IP, source + destination port, and protocol.  Can expose only certain ports of a subnet or NIC to the Internet as well as secure the flow of traffic between subnets/NICs on the same subnet.  Stateful rules and will keep track of your requests.
      • Route Tables: A route table contains a set of rules, called routes, that specifies how packets should be routed in a virtual network. Route tables are associated to subnets, and each packet leaving a subnet is handled based on the associated route table. Each route table can be associated to multiple subnets, but a subnet can only be associated to a single route table.
    • DNS Servers: References to DNS servers that will be assigned to the VMs or cloud server instances in the VNet. DNS resolution service is provided by default out of the box with your VNet in Azure. 
      • You can specify a custom DNS service
    • User Defined Routes (UDR): control traffic to a much finer degree. 
      • Send traffic to/from IPS or IDS for monitoring/auditing.
Security
1. Policies - Azure Policies can be setup for general security to ensure that your company/team follows rules that you setup.  Below are some good practices for networking specific policies:

  • Keep resources within a specific region
  • Prevent resources from being provision with Public IPs
  • Force resources location to match their resource group
  • Force certain users/prefixes to be deployed only to certain subnets (like dev/qa/prod networks)
  • Constrain the Azure regions that is allowed to be deployed to (whitelisting)

2. Setup RBAC for user access.
3. Setup a User Defined Route (UDR).
4. Setup a Network Security Group (NSG).

IPSec Tunnels
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data sent over an internet protocol network. It is used in virtual private networks (VPNs). In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications (e.g. private chat). - https://en.wikipedia.org/wiki/IPsec#Tunnel_mode

 Connectivity Within Azure Options
  1. VNet Peering within Region - Connects two VNets in the same region via the backend network in Azure.  No extra overhead with this and almost no latency. 
  2. Global VNet peering - connecting VNets across Azure regions
  3. VNet to VNet via VPN Gateway - Leverages the Azure VPN gateway in each VNet to make the IPSec tunnel across regions or within the same region. Can also span to other customers or subscriptions easily.
  4. VNet to VNet via ExpressRoute - Associate multiple VNets to the same circuit.  Behind the scenes, Azure will enable routing between these VNets and their different regions to all connect to each other easily.  Could cause security concerns with default behavior, but can be controlled. 
Hybrid Connectivity from On Premises to Azure Options
  1. Internet Connectivity - resources are public facing directly to Internet and you can connect from anywhere.  While possible, not usually preferred by companies. 
  2. Secure point-to-site connectivity - IPSec based tunnel that based from a client machine. Really good for individuals traveling and outside of the corp network and need to access private resources. Individual developers can use this.
  3. Secure site-to-site VPN connectivity - Most enterprises start here, simple IPSec tunnel over public Internet connectivity from your on-premises gateway and Azure.  Connect to private IaaS and PaaS resources seamlessly, should just feel like an extension from your network. 
  4. ExpressRoute private connectivity - Enterprise solution geared towards customer who need high throughput (~10GB range) / low latency connections. Dedicated direct connection from your datacenter to Azure (pretend there's a big cable going from your datacenter to Azure datacenter).  Backed by SLA.

Monday, January 7, 2019

Azure Containers Offerings Comparison

Posted on Monday, January 07, 2019 by
Updates: This was last updated 1/7/2019. Azure Containers offerings are constantly changing and services are moving from PREVIEW to GA all the time.
  • *GA = Generally Available, backed by SLAs and guaranteed up-time. Meant for production workloads
  • *PREVIEW = available for beta use/early access use, but not backed by SLA or guaranteed up-time, not meant for production workloads yet
  • *SLA = Service Level Agreement
Note: Price estimates are for average workloads on the service and could be less than or exceed the estimate depending on how you utilize the service.

Service Ease of Use / Cost / OS Support Scalability General Use Case
Azure Container Instances (PaaS) Easiest and quickest Container solution to setup.

Very cheap price for most workloads ($0-10, or under $100 per month on average for most workloads). More on pricing here.

Windows and Linux in GA		 It is not possible to vertically scale a specific ACI instance to have more CPU/Memory, you would need to redeploy that container in order to get more. You can horizontally scale by adding more containers, however, ACI does not support load balancing so you would need to manage it yourself. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to provision any virtual machines or learning new tools—it's just your application, in a container, running in the cloud. With Azure Container Instances, you can easily run containers with a single command. Wide spectrum of scenarios including batch processing, continuous integration, and event-driven computing. We hear consistently from customers that ACI is uniquely suited to handle their burst workloads. ACI supports quick, cleanly packaged burst compute that removes the overhead of managing cluster machines. Some of our largest customers are also using ACI for data processing where source data is ingested, processed, and placed in a durable store such as Azure Blob Storage. By processing the data with ACI rather than statically provisioned virtual machines, you can achieve significant cost savings due to ACI’s granular per-second billing.

Can also be used in conjunction with AKS to elastically burst from your Azure Kubernetes Service (AKS) cluster into ACI.
App Services: Containers (PaaS) Free option available for test workloads. Moderate price for most workloads (10's to 100's per month on average for most workloads. 1000's for Isolated Service Plan Tiers). More on pricing here.

Linux fully supported in GA. Windows supported in PREVIEW mode.		 Built-in auto-scaling (vertically and horizontally) and load balancing available. Just pull container images from Docker Hub or a private Azure Container Registry, and Web App for Containers will deploy the containerized app with your preferred dependencies to production in seconds. The platform automatically takes care of OS patching, capacity provisioning, and load balancing. Can be used for simple Web Apps that require scaling, do not require orchestration, and have great cost savings.
Azure Container Service (ACS) (IaaS) To be depreciated in 2020 - Do not create new applications on ACS anymore. Azure Container Service Will Retire on January 31, 2020 -- --
Azure Kubernetes Service (AKS) (PaaS) Difficult. Need to learn to use Docker and command line, Kubernetes architecture and kubectl command line, and most likely Azure command line. More on pricing here.

AKS the service has no cost. AKS master nodes also have no cost. Cost is from the VMs utilized for the worker/minion nodes. Expensive for most workloads (100's to 1000's per month on average).

Linux fully supported in GA. Windows supported in PREVIEW mode.		 The cluster autoscaler (CA) (PREVIEW 01/2019) can scale your agent nodes based on pending pods. It scans the cluster periodically to check for pending pods or empty nodes and increases the size if possible. By default, the CA scans for pending pods every 10 seconds and removes a node if it's unneeded for more than 10 minutes. When used with the horizontal pod autoscaler (HPA), the HPA will update pod replicas and resources as per demand. If there aren't enough nodes or unneeded nodes following this pod scaling, the CA will respond and schedule the pods on the new set of nodes.

Currently you can setup autoscale on Kubernetes itself on AKS without worry about the PREVIEW mode cluster autoscaler (CA).		 Best suited for: large enterprise micro-service architectures that need to be able to be scaled on demand quickly and need as close to 100% up-time as possible and want to be able to have rolling updates with no downtime. Usually front-facing customer applications. At the moment, best for .NET Core (cross platform) on Linux containers or other general Linux container workloads.
Reference: https://azure.microsoft.com/en-us/overview/containers/

Additional Notes and Resources
  • Container Security in Microsoft Azure - August 2018
  • AKS FAQ
  • Azure automatically applies security patches to the nodes in your AKS cluster on a nightly schedule. However, you are responsible for ensuring that nodes are rebooted as required.
  • You can connect AKS to ACI, and use Kubernetes to handle orchestration and scale.
  • Docker Swarm and DC/OS will no longer supported as orchestrators on Azure and will be depreciated in Jan 2020.

Monday, December 31, 2018

Networking Part IV: Scenario based understanding of the 7 layers of the OSI Model

Posted on Monday, December 31, 2018 by
This is part 4 of a series of networking posts:
What is the OSI model?
OSI stands for Open Systems Interconnection and it was developed in 1974 by the International Organization of Standardization (ISO).  It is a 7 layer architecture with each layer having specific functionality to perform in order to transmit data from one server to another.

What does it look like?
Image Reference: https://www.geeksforgeeks.org/layers-osi-model/

tl;dr Google Request Scenario
Part 1 (on your local laptop): When you request Google from a browser: The browser creates a GET request. The Presentation layer encodes it to HTTP/S.  Session layer opens a connection from you and the server. The GET request gets put into a TCP packet. Then the Network layer figures out the next IP it needs to send it to, in this case your router.  The Data link (my computer's Network Interface Card = NIC) converts it to electrical signals.  The Physical layer transmits the TCP packet over the air from my computer to the router over WiFi (or to your router via a physical wire if you set that up).

Part 2 (on your router):When the router receives the TCP packet, it's over the WiFi Physical layer (most routers today have WiFi built it, however it used to be a separate box).  Then it has to translate this Physical layer from electrical signals (Physical) into bits (Network) with the router's NIC.  Then the Network layer (router) figures out based on the destination IP address where to send it to next.  It transfers the data back into electrical signals and sends it out the physical cable to your cable company and onwards.


Long Explanation of Scenario and Layers:
There are apps an end-user can utilize that will work at the Application layer.  As an end-user you only see the interface Edge. The app itself, such as Edge, can utilize for example .NET Framework's HttpClient in order to work with the networking Application layer. (other browsers and things have other development frameworks that can work with the Application layer).

I want to access https://www.google.com from Edge so this sends a GET request. All GET/PUT/POST/PATCH/DELETE requests are at the Application layer and are HTTP protocols. 

You need to download the HTML for the page google.com, so Edge opens a Session and requests and start downloading the HTML page in chunks.

Presentation layer converts chunks of data from a network format to an application format, and vice versa. The Presentation layer takes care of encryption/decryption of the file, and combining chunks of the file as it comes through.

There are multiple cycles of going through the software layers.

The Transport layer is a connection between two servers, so in this case, your computer to Google's servers. Transport layer protocols are Transmission Control Protocol (TCP), User Datagram Protocol (UDP). TCP provides apps a way to deliver (and receive) an ordered and error-checked stream of information packets over the network.  TCP is slower due to its error checking and needed if you want to ensure things (like files) are delivered without issues/errors. The User Datagram Protocol (UDP) is used by apps to deliver a faster stream of information by doing away with error-checking. This is used more often for video streaming or gaming where you need faster speed/performance and can handle a little bit of errors.

The Network layer is IP and handles routing packet. A packet is a chunk of data.  It will route data based on logical addressing.  Routers are part of the Network layer because when you send something, there are multiple hops it must make, so the network layer handles determining which path the data should take (which hops to do) based on network conditions, service priority, and more.  if there are traffic issues it can also handle switching and re-routing packets.

The Data Link layer will translate the Physical to the Network layer (Network layer = electrical representation of data like bit patterns, encoding, and tokens). The Network Interface Card (NIC) works at this layer.

The Physical Layer is entirely hardware over a physical medium and connects computers via a physical link.  It defines how a cable can attach to a  Network Interface Card (NIC) by determining the number of pins a connector will have and the functionality. This can either be wired or wireless (Wi-Fi).

Monday, December 10, 2018

Networking Part III: Networking 101

Posted on Monday, December 10, 2018 by
This is part 3 of a series of networking posts:
If you know nothing or very little about networking, here are the basics! I am coming from a developer background and needed to learn this, so wanted to share from my perspective a 101 level breakdown of networking.

 What is a computer network?
A computer network is 2 or more computers that communicate with each other via some medium-- this medium can be anything (radio waves, wires, infrared, optical fibers, or others!).

 A network interface card (NIC) allows you to connect to a computer network.

 What is a Network Interface Card (NIC)?

A NIC is a piece of hardware that connects to a motherboard, and will connect the computer to a network.  The CPU will hand it data.  The NIC takes the data from the computer, translates the CPU's parallel data into a linear form that can be sent via cables, and vice versa from data coming from the cables into the CPU.  A NICs can connect to several different networks at the same time and manage which data goes to which network.

Network Interface Cards have a lot of other names, but they are are describing the same piece of hardware:

  • Network Interface Controller (NIC)
  • Network Card
  • Network Adapter
  • Network Adapter Card (NAC)
  • LAN Card
  • LAN Adapter
  • Physical Network Interface
Each Network Interface Card (NIC) gets an IP addressed assigned to it, which is the identifier of that device.

What is an IP Address (IPv4)?
4 numbers (each between 0-255), separated by periods. The lowest IP address is 0.0.0.0 and the highest is 255.255.255.255.

What does binary have to do with IP addresses (IPv4)?
Each of these decimal numbers is called an octet (127, 16, 254, and 1 as shown below). There are 4 octets in an IP address.  Each octet contains 8 bits and can be represented in binary. Take note that there are 32 bits, as we will talk about this more in subnetting.


There is a network portion and a host portion of an IP address. There are different options for how much of a network/host ratio that you would like which depends on how many IP addresses you need to have available, we will talk more on this later.

The network portion identifies a group of devices.  The host portion is the individual device on that specific network.

  • You can have a zipcode 11111 and address 345 Cave Stone Road, you have identified one specific house.  If you go to another zip code 22222, there may be another yet different specific house at 345 Cave Stone Road.  The zip code is the network portion of an IP address.  The actual house's address is the host portion of an IP address.
The amount of the IP address that is network or host portion depends on the subnet mask...

 What is a subnet mask (netmask)?
The subnet mask separates the network and host portions of an IP address an determines how many total addresses we have internally to use (# of host addresses).

Subnet mask (netmask) shorthand:

  1. We have an IP address of 201.0.10.10 (or any other IP address, the value of this is irrelevant and just used as an example)
  2. Let's say our subnet mask is 255.255.255.0
  3. In binary, this would be converted to 11111111 11111111 11111111 00000000
  4. In all IP addresses, we have 32 bits that could be changed, because there are 4 sets of 8 bits, as seen above. 
  5. Wherever there is a 1 in our subnet mask in binary, this is our network portion.
  6. This means that the network portion is the first 24 bits
  7. Using CIDR (Classless Inter-Domain Routing), we could say this is a /24 length of the network prefix. 
  8. We can now write this IP address and subnet mask as 201.0.10.10/24
If we were to look at the photo below where the IP address is 16.1.1.1, let's solve for the CIDR subnet value. Remember that in 255 in decimal is 11111111 in binary and 0 is 0.  If we have 255.0.0.0 as our subnet, this converts to 11111111 00000000 00000000 00000000.  The network portion is 8 bits.  So it would be /8.  What are the other two IP addresses CIDR values? See below the photo for the solution. 
  • For the IP address 16.1.1.1, our subnet is /8
  • For the IP address 132.147.1.1, our subnet is /16
  • For the IP address 221.138.62.1, our subnet is /24
How does this relate to how many IP addresses I get?
Let's go through a scenario where my network is 210.10.10.0/24

  1. If my subnet is /24, then I have 24 bits as my network portion and 8 bits that are my host portion. 
  2. 8 bits can hold 2^8 values. 
  3. There are 256 total addresses in my network. 
  4. To get the total usable addresses you subtract 2 because there are 2 "special" addresses that cannot be used.  To be specific in this example: 210.10.10.0 cannot be used because it is the zero address and 210.10.10.255 cannot be used because it is the broadcast address. 
    1. The zero address cannot be used because it is used to specify a network without specifying a host.  The broadcast address is to s used to broadcast a message to every host on a network.
  5. For a subnet of /24, the total usable addresses now becomes 254.
Let's go through a scenario where my network is 210.10.10.0/8
  1. If my subnet is /8, then I have 8 bits as my network portion and 24 bits that are my host portion. 
  2. 24 bits can hold 2^24 values. 
  3. There are 16,777,216 total addresses in my network. 
  4. To get the total usable addresses you subtract 2 because there are 2 "special" addresses that cannot be used.  To be specific in this example: 210.0.0.0 cannot be used because it is the zero address and 210.255.255.255 cannot be used because it is the broadcast address. 
    1. The zero address cannot be used because it is used to specify a network without specifying a host.  The broadcast address is to s used to broadcast a message to every host on a network.
  5. For a subnet of /8, the total usable addresses now becomes 16,777,214.
The higher the number for your subnet, the less IP addresses you get.  A /24 will have much less IP addresses than a /8, as seen above.

What if the subnet isn't a nice number like 255 or 0?
If you network IP address is: 210.10.10.0/23. 

We have 23 bits in the network and 9 bits in the host.  
/23 in binary is (twenty-three 1's):
11111111 11111111 11111110 00000000

/23 in decimal is:
255.255.254.0

  1. If my subnet is /23, then I have 23 bits as my network portion and 9 bits that are my host portion. 
  2. 9 bits can hold 2^9 values. 
  3. There are 512 total addresses in my network, minus the 2 "special" addresses you get 510 as the total usable addresses. 
  4. To get the values of the usable addresses, see below:
    • 210.10.10.0 converted to binary is below.  The first 23 digits (due to /23 subnet) are the network and the last 9 are the network:
      ‭11010010‬ 00001010 00001010 00000000
      network portion                   host portion
      "The unusable zero address is where the host portion (yellow highlight) is all 0's.  The unusable broadcast address is where the host portion (yellow highlight) is all 1's."

      11010010‬ 00001010 00001010 00000000 = host address = 210.10.10.0
      ‭11010010‬ 00001010 00001011 11111111 =broadcast address =  210.10.11.255
    • To be specific in this example: 210.10.10.0 cannot be used because it is the zero address and 210.10.11.255 cannot be used because it is the broadcast address. 

Here are some more subnets and examples:

Big Picture: What is IPv4 vs. IPv6?
IPv4 stands for Internet Protocol version 4 and what we have been talking about above in this article (everything above related to IPv4 only).  IPv4 uses 32 bits for its Internet addresses (which we mentioned), and can allow for 2^32 IP addresses total (4.29 billion).  However, all of these 4.29 billion are assigned and we have run out.  IPv6 is the sixth revision to the Internet Protocol and the successor to IPv4, and it is 128-bit addresses so 2^128 addresses (a lot more than 4.29 billion).  IPv6 is based on the hexadecimal system.

Why don't we all just go do IPv6 now?
Only a small fraction of the web has switched over to the new protocol, Azure and other cloud providers are still mostly utilizing IPv4.  Also, exchanging data between IPv4 and IPv6 requires special gateways which makes it hard to support only partially moving over to the new protocol, and most companies have legacy systems, software, and networking-- so it could be awhile.

Checkout these news articles to see the progress so far:


What is a reserved IP address?
There are some IP addresses that you cannot use because they are not allowed to be used by the Internet Engineering Task Force (IETF) and the Internet Assigned Numbers Authority (IANA).  See a list of reserved IP addresses and what they are each set is reserved for on Wikipedia here.

Recommended Networking PluralSight Course:
If you do happen to own a PluralSight subscription about 6 hours, this course is very in depth and well made:

Networking Part II: Hexadecimal

Posted on Monday, December 10, 2018 by
This is part 2 of a series of networking posts:

Binary is base 2, where base 2 means that and can only hold the values of 0 or 1 for a digit.

Hexadecimal is base 16. Base 16 means that up to 16 different values in any given placeholder. The values 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F are the potential values for a digit in hexadecimal. Notice the pattern below between binary, decimal, and hexadecimal.

Reference: https://slideplayer.com/slide/5870246/19/images/24/Binary+Decimal.+Hexadecimal.jpg

The benefit of hexadecimal is that 4 binary bits can always be expressed in 1 hexadecimal value. Hexadecimal makes it easier to read and write large binary numbers.

Where is hexadecimal used?

  • MAC addresses (on your router!)
  • Error codes on Windows blue screens in the older days (STOP codes specifically)
  • HTML color codes (#33CCFF)
Fun fact: Four bits is called a nibble.

 If you want to see a cool article I like a lot that has more info, go here!

Tuesday, December 4, 2018

Networking Part I: Binary

Posted on Tuesday, December 04, 2018 by

Wednesday, April 25, 2018

A year at Microsoft & what I've been up to & travel tips

Posted on Wednesday, April 25, 2018 by
I crossed my one-year mark at Microsoft a couple of months ago, and it's been a fun time! 

I work as a Premier Developer Consultant, so we typically take on short-term work where we help a customer out with something small like a proof of concept, code review, or workshop on specific technologies we choose to specialize in.  We can choose any technology to specialize in (keeping in mind, certain technologies are more in demand than others and we do have to spend a certain amount of hours a year working with customers). I ended up choosing Blockchain, Containers, Azure App Services, and VSTS/DevOps as my main areas.

I swear I haven't disappeared, I have been doing some posts to MSDN and you can see my blog posts here: https://blogs.msdn.microsoft.com/premier_developer/tag/crystal-tenn/ (some of these are replicated on my blog, some are not!)

I created on a full tutorial for Azure App Services.  This is a step by step, with screenshots, tutorial of how to create a Web App, API App, and Azure SQL DB in Azure and to deploy each piece.. plus how to do the CI/CD (Build and Release) from VSTS to your Azure resources (full blog post on this to come soon): https://github.com/catenn/ToDoList

Also really cool, Michael Crump helped bring some folk to the ToDoList tutorial by posting on his blog Azure Tips and Tricks: https://www.michaelcrump.net/azure-tips-and-tricks101/ Thanks Michael!!!

And lastly, I worked on a Blockchain project with my colleague here, if you want to see a full step by step on setting up a Blockchain app that keeps track of Wikipedia changes go here: https://github.com/razi-rais/eth-wikipedia-changetracker

Now, talking about travel: I've been to so many places as a traveling Consultant, and eaten as much food as I could get my grubby hands on in each city.  This year, for onsite work visits I have been to: Alpharetta, Las Colinas, Minneapolis, Philly, Phoenix, Seattle, Burbank, NYC, DC, Ottawa, Miami, Austin, Orlando, Lake Mary, and Portland. 

Travel tips:


  • If you hate cold, buy an electrically heated jacket! Mine is called: "Ororo Heated Jacket" and it was from Amazon, they have it for both men and women. TSA is okay with it as long as you tell them ahead of time what it is or can explain it if they ask about it.. wired jackets, I'm sure, look a little scary under the scanner. 
  • If you hate dealing with luggage, buy an Underseater.  I bought this one, it fits under every seat (aisle, middle, window) on Southwest, United, Delta, and American Airlines as long as you only pack it 80% full.  I can get 2 laptops (MSI gaming + surface), tablet, 4 days of clothes, and all toiletries into this: http://a.co/3BYqnmH 
  • Airline rewards are a joke.  You'll be lucky if you can take 20 trips and get 1 free one for vacation out of it, buying airline tickets from work are severely discounted (half what you pay for personal flights), and don't add up to much.  Better seats are kinda worth it, maybe, if you need to bring luggage.  If you get an "underseater" bag like mentioned above, you never need to worry about overhead space anyways.  You are probably better off taking different airlines to get non-stop flights than trying to get rewards out of one airline taking you a long roundabout way.  I think my time is worth more than their terrible rewards points that net very little. 
  • Renting a car is a pain, it takes 30 minutes sometimes to take a tram/walk from the airport gate to the rental car center.  Take uber/lyft/cabs to save time. 
  • Hotel rewards are baller, and my goodness you can rack up points fast. If you get the credit card too, oh my gosh, hello free hotels for every vacation!
  • Hotel points go on sale and you can catch them on Slickdeals sometimes.  These are worth buying when you can get them 30% off.  You can also use hotel points to get hotels that are priced at a premium due to an event because while the $ amount goes up, the points value always stays the same.  
  • Marriott has the best Wi-Fi speeds, period, hands down.  I've gotten so many Marriotts (ranged from low budget to nicer ones) with 10-80mb/s down and up speeds and played DOTA 2 on it happily on the free Wi-Fi, not even paying for the "good" Wi-Fi.  Hyatt's Wi-Fi sucks, forget playing games online you usually get .1-2mb/s up and down. Crowne Plaza Wi-Fi ain't bad. I don't know about Hilton, never really stay there, but I think that is the only chain that allows pets.  
  • Airport food sucks 95% of the time.  Same for the food in hotels. Local food tastes the best.  Chain food is the safest and least likely to mess up your stomach. 



Subscribe to: Posts (Atom)