Building Network Automation Solutions
6 week online course starting in September 2017

That’s it for 2013

12 months, 260 blog posts, and a dozen of webinars … and it’s time for another end-of-year post. It’s amazing how quickly a year goes by when you have fun.

I’d like to thank you for your insightful comments, great questions you asked, and wonderful challenges you keep sending me … and special thanks to all of you who trusted me enough to buy my webinars or decided to rely on my professional judgment.

Don’t forget to shut down your pagers and smartphones (if at all possible), and enjoy the simpler (and less stressful) life with the loved ones. Have a great holiday season and all the best (including plenty of SDN fun) in the coming year!

Webinars in 2013

As you know, I’m promising my subscribers 4-6 new sessions a year. 2013 definitely wasn’t a bad year in that respect ;)

The year started with IPv6 Transition Mechanisms, and virtual firewalls.

There was a deep dive into scale-out architectures and load balancing in April, and the mandatory Data Center Fabrics Update session in May.

Does It Make Sense to Build New Clouds with Overlay Networks?

TL&DR Summary: It depends on your business model

With the explosion of overlay virtual networking solutions (with every single reasonably-serious vendor having at least one) one might get the feeling that it doesn't make sense to build greenfield IaaS cloud networks with VLANs. As usual, there's significant difference between theory and practice.

You should always consider the business requirements before launching on a technology crusade. IaaS networking solutions are no exception.

Overlay Virtual Networking Solutions Overview

2013 was definitely the year of overlay virtual networks, with every major networking and virtualization vendor launching a new product or adding significant functionality to an existing one. Here’s a brief overview of what they’re currently offering:

Focus on Your Business, Not Fancy Technologies

After my Clouds, Overlays and SDN: What really matters keynote presentation @ MENOG 12 a few attendees asked me for a recording; one of them said “I want everyone in my organization to watch it.” Alas, wishes don’t always come true: the video team was streaming the presentations, but not recording them.

Fortunately I had the same presentation @ PLNOG 11 and like always the PLNOG organizers did a marvelous job. The video has just been posted on YouTube. Enjoy!

IGMP and PIM in Multicast VXLAN Transport Networks

Got a really interesting question from A. Reader: “When and how does VXLAN use IGMP and PIM in transport (underlay) networks?

Obviously you need IGMP and PIM in multicast environments only (vCNS 5.x, Nexus 1000V in multicast mode).

SDN 101 Webinar is Free – Register Now

In late November I got a perfect excuse for visiting South Africa – I was invited to be a guest speaker at CCIE Club Africa meeting talking about the obvious topics: SDN, OpenFlow and Network Function Virtualization (NFV).

In the end, I delivered three SDN presentations in two days, all of them for engineers focusing primarily on Cisco, and got pleasantly surprised by their keen interest in the basics of these new technologies.

Control Plane in OpenFlow Networks

It’s easy to saySDN is the physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices,” handwave over the details, and let someone else figure them out. Implementing that concept in a reliable manner is a totally different undertaking.

Internet Traffic Gets MPLS Labels When You Deploy MPLS/VPN

A good friend of mine sent me an interesting question:

When I configure mpls ip on an interface, will all packets on that interface be labeled, or just the MPLS/VPN packets received through VRFs? I always assumed that stuff in the global routing table just got forwarded as IP packets without any labels.

Well, that’s not how MPLS works (at least not in its default incarnation on Cisco IOS).

Packet Forwarding in Amazon VPC

Packet forwarding behavior of VMware NSX and Hyper-V Network Virtualization is well documented; no such documentation exists for Amazon VPC. However, even though Amazon uses a proprietary solution (heavily modified Xen hypervisor with homemade virtual switch), it’s pretty easy to figure out the basics from the observed network behavior and extensive user documentation.

Still Waiting for the Stupid Network

More than 15 years ago the cover story of ACM netWorker magazine discussed the dawn of the stupid network – an architecture with smart edge nodes and simple packet forwarding code. Obviously we learned nothing in all those years – we’re still having the same discussions.

Here are a few juicy quotes from that article (taken completely out of context solely for your enjoyment).

Layer-2 Gateways in VMware NSX

Gateways between overlay virtual world and (VLAN-based) physical reality are a crucial component in every design using overlay virtual networks. Ideally one could use virtual appliances, but sometimes the users keep asking for layer-2 gateways.

The VMware NSX Layer-2 Gateways video from the VMware NSX Architecture webinar describes the use cases for layer-2 gateways and the VMware NSX implementations.

Hyper-V Network Virtualization Packet Forwarding Improvements in Windows Server 2012 R2

Initial release of Hyper-V Network Virtualization (HNV) was an add-on to the Hyper-V Extensible Switch, resulting in an interesting mixture of bridging and routing. In Windows Server 2012 R2 the two components became tightly integrated, resulting in a pure layer-3 solution.

OMG, Who Will Manage All Those Virtual Firewalls?

Every time I talk about small (per-application) virtual appliances, someone inevitably criesAnd who will manage thousands of appliances?” Guess what – I’ve heard similar cries from the mainframe engineers when we started introducing Windows and Unix servers. In the meantime, some sysadmins manage more than 10.000 servers, and we’re still discussing the “benefits” of humongous monolithic firewalls.

BGP Routing in DMVPN Networks

Once you decide to use BGP as the routing protocol in your DMVPN network, you face a few more design choices:

  • Should you use IBGP or EBGP?
  • Should you use a unique AS number for every DMVPN site, or the same AS number on all spoke sites?

The BGP Routing in DMVPN Access Networks ExpertExpress case study describes these dilemmas in more details; if you face a similar problem and would like me to review your design, get in touch.

Virtual Packet Forwarding in Hyper-V Network Virtualization

Last week I explained how layer-2 and layer-3 packet forwarding works in VMware NSX – a solution that closely emulates traditional L2 and L3 networks. Hyper-V Network Virtualization (HNV) is different – it’s almost a layer-3-only solution with only a few ties to layer-2.