Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

6 week online course

reserve a seat

Articles I wrote for TechTarget

Another year-end cleanup action: I wrote lots of articles for SearchTelecom in the last few years. You can find links to all of them (together with those I wrote for SearchNetworking and SearchEnterpriseWan) on this page. Enjoy!

You have to register with TechTarget to be able to view them, but they do respect your settings (you can decide not to subscribe to any of their mailing lists).

Add comment

Most commented posts written in 2010

These posts generated more than 20 comments (they are sorted by date, not by the number of comments):

Year after year, I’m amazed by the amount of information you contribute in your comments and the previously unexplored paths you’re showing me. Thank you all!

Add comment

Most popular posts written in 2010

Most of my 2010 top hits were written years ago. How did the posts written in 2010 fare? Google Analytics claims these were the most popular:

Only the first three made it into the top-30, the rest of them are at the head of a very long tail (which starts at approximately 3000 unique pageviews per article).

Add comment

2010 top-10 posts

According to Google Analytics, these posts got the most pageviews in 2010:

... and yet I’m stubbornly writing about stupid things nobody cares about like MLAG or CLNP.

see 1 comments

Another year (almost) gone by

It’s hard to believe it’s another Christmas Eve, but obviously there must be some truth in the old wisdom that time flies by as you get older. I know some of you have holiday maintenance windows in the next days; I can only wish you hiccup-free experience. But regardless of what’s waiting for you in the near future, if the days around Christmas are a holiday season for you, don’t forget that it all started with a loving family having pretty hard times, not with the Three Wise Men going to a shopping mall to buy gifts.

I’ll try to follow my own advice for a change; you won’t find me on Twitter during the rest of the year and the only blog posts I’ll publish will be the yearly statistics. As this is the last “real” post in 2010, I would like to wish you Merry Christmas and a fantastic 2011 (where fantastic includes happy, successful, healthy, and everything else you want it to be).

see 4 comments

Cleaning the Inbox: generic IT

Last gems found in dusty corners of my cluttered Inbox:

see 2 comments

Cleaning the Inbox: Internet-related links

Every Internet-related post is a great opportunity to increase comment count. I’ll pass this time, here are the articles I found interesting with little or no comments from my side. First the generic Internet:

And then my favorite controversy:

read more see 2 comments

Yearly webinar subscription – interesting questions

I received several questions about my yearly webinar subscription package. It started with a CCIE who was interested in buying it:

I just wanted to clarify: if I buy the yearly subscriptions I have access to 3 up and coming webinars PLUS all the archived material you have? That’s absolutely correct. Even more, if you decide you’d like to attend more than three live webinars in the 12 months after buying the subscription, you’ll get a 30% discount on all subsequent ones But even better (the terms have changed in the meantime), you get unlimited access to all live webinar sessions for the duration of your subscription.

Do you have a list of what is available in the archive material? Of course. You can view the list of all recordings (multiple recordings are available for some of the sessions) and the list of all PDF documents and router configuration sets.

read more see 1 comments

Cleaning the Inbox: data center, storage, virtualization

Links to great data center, storage and virtualization articles found in the depths of my bloated Inbox:

Technology short takes by Scott Lowe. A must-read.

Keys to Virtualization Success – this is how you do it right. Great job, Bob!

Virtualizing databases: too big to fail? – a common sense approach to “what should I virtualize” question.

read more Add comment

Cleaning the Inbox: networking links

I must have inherited some hamster (or pack rat if you're across the pond) genes: I’m collecting too many links to interesting blog posts and articles in my inbox, Delicious bookmarks and blog notes. Time to do some serious cleanup; let’s start with networking-related links (in no particular order)

Some Internet Architectural Guidelines and Philosophy – a must-read for people inventing crazy schemes like load balancing based on unicast flooding or MAC-over-MAC proprietary network virtualization (you know who you are but I doubt you read RFCs or my blog).

Real-Time Network Failure Detection – Terry Slattery describes how you can use BFD, UDLD, IP SLA and routing protocols to detect failures in your network. Read also my BFD IP Corner article for in-depth BFD details.

read more see 2 comments

Can you run OSPF over DMVPN?

Ian sent me a really good OSPF-over-DMVPN question after watching the recording of my DMVPN webinar (register here for a live session):

In the DMVPN webinar you discuss OSPF design and configuration. However, Cisco design guide says you should use a different routing protocol from what you use on your LAN but you seem to suggest it is okay to extend your OSPF network out to the DMVPN edge by continuing to use OSPF albeit in a different area.

The main issue you face when running OSPF over DMVPN is scalability: OSPF does not scale as well as other routing protocols when used over DMVPN.

read more see 3 comments

MLAG and load balancing

FullMesh added an excellent comment to my Multi-Chassis Link Aggregation (MLAG) and hot potato switching post. He wrote:

If there are two core routing switches and two access switches which are MLAGged together in both directions, and hosts that are dual-active LAGged to the pair of access switches, then the traffic would stay on whichever side the host places it.

He also opened another can of worms: load balancing in MLAG environment is dictated by the end hosts. It doesn’t pay to have fancy switches that support L3 or L4 load balancing; a stupid host implementing destination-MAC-address-based load balancing can easily ruin your day.

read more see 5 comments

MPLS VPN in enterprise networks

There are numerous reasons you might want to implement MPLS/VPN technology in your enterprise WAN; in most cases you have to provide local or end-to-end layer-3 isolation between different groups of users.

The “When should companies consider building MPLS networks into their WANs?” article I wrote for SearchEnterpriseWan lists a few of the scenarios (Himawan Nugroho’s blog describes another case study). If you’re looking for in-depth use cases, technology overviews and sample (working & tested) configurations, register for my Enterprise MPLS VPN Deployment webinar.

Add comment

Internet-related links (2010-12-19)

GigaOm published two interesting articles by Joe Weinman: in the first one, he describes why pay-per-use residential broadband Internet is probably inevitable, in the second one he predicts changes in user behavior if the service providers decide to implement it. I would also suggest you take time and read his in-depth Market for Melons article.

Obviously, collecting money costs money and the pay-per-use model is no exception (not to mention that most people would pay less), so the service providers prefer usage caps. There are numerous ways to implement usage caps, but implementing usage cap as an acceptable use policy and calling exceeding the cap policy violation is not the way to do it. Some people are truly trying to alienate the users.

read more see 4 comments

Yearly subscription to my webinars

A while ago I got an interesting challenge from one of my readers: “I would like to attend a few of your webinars, but the problem I have is that I’m interested in most of them. Is there something we can do?” After a few e-mails, we nailed down the concept I had been playing with for quite a while: yearly subscription package. It gives you three unlimited access to all live webinars and year-long access to all the materials and all the recordings I ever made for a fixed price. You can find a detailed description, list of all recordings and list of all available materials on my web site.

Buying the yearly subscription is easy: select the first webinar you’re interested in (the list of upcoming webinars is also on my web site) and buy the Yearly subscription ticket when registering; you can also buy directly from my web site. You’ll get access to the recordings and PDF materials a few minutes after the registration.

see 4 comments

Where would you need GRE?

In a recent tweet from @Neelixx following my duct tape of networking joke I became a GRE lover. Jokes aside, let’s see where it makes sense to use GRE.

Whenever you want to transport your data over a third-party IP infrastructure without exposing your addressing and routing structure (example: building a VPN across a public IP infrastructure), you need a mechanism that allows you to encapsulate your IP packets (which are not routable by the third-party IP infrastructure) into routable IP envelopes.

read more see 12 comments

HP Virtual Connect: every vendor has its own dinosaurs

I was listening to the HP Virtual Connect (VC) PPP podcast recently and got the impression that HP VC is a weirdly convoluted product. I started wondering what exactly they were thinking when they were designing it ... and had the epiphany when Ken Henault took a step back and explained the history leading to the current complexity (listen to the Packet Pushers podcast to get the whole story)

read more see 6 comments

DHCPv6 IA_PD relaying works with 12.2SRE2

Last week I ran numerous lab tests while preparing router configurations for the Building IPv6 Service Provider Core webinar (register here or buy a recording). One of the fantastic test results: DHCPv6 relaying works correctly on a 7200 running 12.2(33)SRE2, even when the client requests IA_PD option.

read more see 6 comments

How much IPv6 address space should a residential customer get?

A while ago I wrote about IPv6 addressing challenges some ISPs face and recommended what I thought was agreed-upon practice of giving residential customers a /64 or a /56. Not long after, I received an e-mail from an IPv6 guru saying:

[Worse] is when people start claiming to have expertise in IPv6 and promulgate this idea of residential /56s and /64s as immutable fact. The reality is that it is becoming more and more apparent that /56s and especially /64s to residential customers are going to be harmful to future innovation in IPv6.
read more see 35 comments

Remote access section added to the IPv6 service provider webinar

Due to extreme student interest, I’ve added a whole new remote access section to my Building IPv6 Service Provider Core webinar (register here or buy a recording). It covers PPPoE and Carrier Ethernet access methods (PPPoE configuration can be used in any dial-up environment; Carrier Ethernet configuration is probably applicable to cable as well) and describes the following topics:

  • SLAAC on access networks for hosts connecting to the IPv6 Internet;
  • DHCPv6 prefix delegation required by IPv6-enabled CPE routers;
  • Prefix allocation (SLAAC and DHCPv6) from local pools;
  • DHCPv6 relays and SLAAC/DHCPv6-RADIUS integration.

As always, attendees of past webinars can download the updated materials immediately and will get access to the new recording after the next week’s session.

Add comment

Multi-Chassis Link Aggregation (MLAG) and hot potato switching

There are two reasons one would bundle parallel Ethernet links into a port channel (official term is Link Aggregation Group):

  • Transforming parallel links into a single logical link bypasses Spanning Tree Protocol loop avoidance logic; all links belonging to the port channel can be active at the same time (see also: Multi-Chassis Link Aggregation basics).
  • Load sharing across parallel links in a port channel increases the total bandwidth available between adjacent L2 switches or between routers/hosts and switches.

Ethan Banks wrote an excellent explanation of traditional port channel caveats (proving that 1+1 sometimes does not equal 2); things get way worse when you start using Multi-Chassis Link Aggregation due to hot potato switching (the switch tries to forward packets toward destination MAC address as soon as possible) used by all MLAG implementations I’m familiar with.

read more see 13 comments

CLNP and the multihoming myths

When IESG decided to adopt SIP, not TUBA (TCP/UDP over CLNP) as IPv6, a lot of people were mightily disappointed and some of them still propagate the myths how CLNP with its per-node addresses would fare better than IPv6 with its per-interface addresses (you might find the writings of John Day on this topic interesting and Petr Lapukhov is also advocating this view in his comments).

These views are correct when considering small-scale (intra-network) multihoming, but unfortunately wrong when it comes to Internet-scale multihoming, where CLNP with TCP on top of it would be as bad as IPv4 or IPv6 is (routing table explosion due to multihoming is also one of the topics of my Upcoming Internet Challenges webinar).

read more see 4 comments

Can we go back to CLNP?

Paulie, a frustrated enterprise IPv6 early adopter summarized his pains in a comment to my “Small-site multihoming in IPv6: mission impossible?” post saying “[IPv6/IPv6 support] is a mess and depressing” and asked “Is it too late to go to CLNS?”

Quite a few old-timers (I’m definitely one of them) lament the glory days of VMS, DECnet Phase V and CLNP, but while CLNP was a viable alternative for the next-generation IP in 1993, it would fare worse than IPv6 today.

read more see 3 comments

Another security product killed

We all knew MARS is becoming a dead end (Cisco first removed third-party support and then stopped developing the product), now it’s official. MARS is dead.

Just in case you haven’t noticed, this is the third security product (after WAF and XML Gateway) Cisco has killed this year. Are they implementing borderless networks or trimming down to core competences while preparing for onslaught of market adjacencies?

see 8 comments

Interesting links (2010-12-04)

A medley of technology links harvested from my inbox:

Add comment

Chinese BGP incident: was it a traffic hijack?

You’re probably familiar with the April fat fingers incident in which Chinanet (AS 23724) originated ~37.000 prefixes for about 15 minutes. The incident made it into the annual report of US Congress’ U.S.-China Economic and Security Review Commission (page 243 of this PDF) and the media was more than happy to pick it up (Andree Toonk has a whole list of links in his blog post). We might never know whether the misleading statements in the report were intentional or just a result of clueless technical advisors, but the facts are far away from what they claim:

read more see 2 comments

Small-site multihoming in IPv6: mission impossible?

Summary: I can’t figure out how to make small-site multihoming (without BGP or PI address space) work reliably and decently fast (failover in seconds, not hours) with IPv6. I’m probably not alone.

Problem: There are cases where a small site needs (or wants) to have Internet connectivity from two ISPs without going through the hassle of getting a BGP AS number and provider-independent address space, and running BGP with both upstream ISPs.

read more see 10 comments

Internet peering disputes: follow the money

You’ve probably heard about the recent peering dispute between Level-3 and Comcast ... and might have enjoyed the frenzy with which the blogging pundits have followed the false net neutrality scent left by Level-3 spin doctors.

Facts first: Level-3 is trying to dump huge amount of data into Comcast’s network for free.

read more see 26 comments

Requirements for IPv6 in ICT equipment

Greg Ferro reached an interesting conclusion after going through my Content over IPv6 presentation: we won’t see IPv6 for a few years, so why bother. Although I disagree with his approach, he may be right ... but if you decide to ignore IPv6, you might be forced to implement it in a hurry, at which point you’ll be stuck if your equipment won’t support IPv6. The very minimum you need to do today is to buy IPv6-ready gear (and yell at the vendors if they try to charge extra for IPv6 support).

read more see 4 comments
Sidebar