Moving Workloads to the Clouds

David Spark published 16 tips for moving your workloads to the clouds. Contrary to the usual useless nonsense coming down from hybrid cloud evangelist (you know, the people who moved from “VMs following the sun” to “seamless hybrid cloud workload mobility”) some of the tips actually make sense, starting with “Have a real reason for the migration”. Enjoy!

Open vSwitch Performance Revisited

A while ago I wrote about performance bottlenecks of Open vSwitch. In the meantime, the OVS team drastically improved OVS performance resulting in something that Andy Hill called Ludicrous Speed at the latest OpenStack summit (slide deck, video).

Let’s look at how impressive the performance improvements are.

Network Programmability Phase 2: the Provisioned Network

After describing the current state of affairs in his Network Programmability 101 webinar, Matt Oswald moved to the low-hanging fruits: automating repetitive tasks in baby steps, from VLAN provisioning to consistent device configurations.

Just Published: PCI DSS Videos

The edited videos of the fantastic PCI DSS webinar Michele Chubirka presented in early July have finally been published (yes, there’s a huge backlog that’s getting cleaned up). Enjoy!

Coping with Byzantine Routing Failures

One of my readers sent me an interesting challenge:

We have two MPLS providers sending us default routes and it seems like whenever we have problem with SP1 our failover is not happening properly and actually we have to go in manually and influence our traffic to forward via another path.

Welcome to the wondrous world of byzantine routing failures ;)

Do We Have Too Many Knobs?

The last day of Interop New York found me sitting in the Speaker Center with a few friends pondering the hype and reality of SDN and brokenness of traditional network products. One of the remarks during that conversation was very familiar: “we have too many knobs to configure”, and I replied “and how many knobs do you think there are in Windows registry?" (or Linux kernel and configuration files).

Just Published: Overlay Virtual Networks in Software Defined Data Centers

Overlay virtual networks are one of my favorite topics – it seems I wrote over a hundred blog posts describing various aspects of this emerging (or is it reinvented) technology since Cisco launched VXLAN in 2011.

During the summer of 2014 I organized my blog posts on overlay networks and SDDC into a digital book. I want to make this information as useful and as widely distributed as possible – for a limited time you can download the PDF free of charge.

Learn more about the book

Reinventing the wheel (or RFC 1925 sect 2.11)

Simon Wardley is another old-timer with low tolerance for people reinventing the broken wheels. I couldn’t resist sharing part of his blog post because it applies equally well to what we’re seeing in the SDN world:

No, I haven't read Gartner's recent research on this subject (I'm not a subscriber) and it seems weird to be reading "research" about stuff you've done in practice a decade ago (sounds familiar). Maybe they've found some magic juice? Experience however dictates that it'll be snake oil […]. I feel like the old car mechanic listening to the kid saying that his magic pill turns water into gas. I'm sure it doesn't ... maybe this time it will ... duh, suckered again.

Meanwhile the academics already talk about SDN 2.0.

Viptela SEN: Hybrid WAN Connectivity with an SDN Twist

Like many of us Khalid Raza wasted countless hours sitting in meetings discussing hybrid WAN connectivity designs using a random combination of DMVPN, IPsec, PfR, and one or more routing protocols… and decided to try to create a better solution to the problem.

Viptela Secure Extensible Network (SEN) doesn’t try to solve every networking problem ever encountered, which is why it’s simpler to use in the use case it is designed to solve: multi-provider WAN connectivity.

Just Published: VXLAN 2.0 Videos

Last week I ran the second part of the updated (4-hour) VXLAN webinar. The raw videos are already online and cover these topics:

  • VXLAN-related technologies, including encapsulation, IP multicast use, unicast VXLAN, and VXLAN-over-EVPN;
  • VXLAN implementations, including Cisco Nexus 1000v, VMware vCNS, VMware NSX, Nuage VSP and Juniper Contrail;
  • VXLAN gateways, including Arista, Brocade, Cisco and Juniper;
  • Hardware VTEP integration with OVSDB and EVPN;
  • VXLAN-based data center fabrics, including Cisco’s ACI.

Scaling the Cloud Security Groups

Most overlay virtual networking and cloud orchestration products support security groups more-or-less-statefulish ACLs inserted between VM NIC and virtual switch.

The lure of security groups is obvious: if you’re willing to change your network security paradigm, you can stop thinking in subnets and focus on specifying who can exchange what traffic (usually specified as TCP/UDP port#) with whom.

A Month of SDN

My calendar for the following four weeks is jam-packed with SDN events:

All the travel might affect my blogging frequency, but I still have a few podcasts in the editing queue, so you’ll have something to listen to in the meantime ;)

Handling the Bottom of MPLS Stack

MPLS bottom-of-stack bit confused one of my readers. In particular, he had a problem with the part where the egress MPLS Label Switch Router (LSR) should go from labeled (MPLS) to unlabeled (IPv4, IPv6) packets and has to figure out what’s in the packet.

Response: Midokura Open-Sources MidoNet

Last week Midokura decided to follow Juniper’s lead and make MidoNet an open-source product (after all, a similar move worked really well for Contrail, right?).

I may be too skeptical (again), but I fail to see how this could possibly work.

FlipIT Cloud: Orchestrating IT-as-a-Service on Software Gone Wild

Imagine being an IT administrator running a multi-tenant enterprise environment (example: an SMB business center). How many things would you have to configure to add a new tenant? How about adding a new user for an existing tenant?

The engineers behind the scenes of FlipIT cloud service ended up with a 40-page configuration guide when they started the service years ago… and obviously decided full-blown automation is the only way to go.

So You’re an Open Source Shop? Really?

I carried out an interesting quiz during one of my Interop workshop:

  • How many use Linux-based servers? Almost everyone raised their hands;
  • How many use Apache or Tomcat web servers? Yet again, almost everyone.
  • How many run applications written in PHP, Python, Ruby…? Same crowd (probably even a bit more).
  • How many use Nginx, Squid or HAProxy for load balancing? Very few.

Is there a rational explanation for this seemingly nonsensical result?