Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

6 week online course

Start now!

Virtual Networks: What Users Think They Need

At the very beginning of the Cloud Computing Networking webinar I described typical enterprise IaaS user (application developer) requirements. As always, there’s a “slight” gap between what the users think they need, what they actually need, and how it gets implemented (aka How Projects Really Work).

Add comment

Complex Routing in Hyper-V Network Virtualization

The layer-3-only Hyper-V Network Virtualization forwarding model implemented in Windows Server 2012 R2 thoroughly confuses engineers used to deal with traditional layer-2 subnets connected via layer-3 switches.

As always, it helps to take a few steps back, focus on the principles, and the “unexpected” behavior becomes crystal clear.

2014-02-05: HNV routing details updated based on feedback from Praveen Balasubramanian. Thank you!

read more see 7 comments

Post #2000

When I started blogging in 2006, I had no idea that I’d still be doing it 8 years later… and I never dreamed of writing my 2000th post (this one, according to my blogging platform).


A virtual cake I got from my lovely daughter ;)

read more see 14 comments

Visit my SDN Workshop @ Troopers 2014

Enno Rey (the mastermind behind the Troopers conference) and myself got a cunning plan during one of the Troopers 2013 dinners – we’d have an SDN & Security presentation at Troopers 2014.

As always, Enno exceeded my wildest expectations, and offered me to have a full-day SDN workshop during this year’s conference – an offer I simply couldn’t refuse.

SDN, security, IPv6, Heidelberg, fantastic presenters and audience, great organizers – it can’t get any better … all you have to do is register.

Add comment

Network Monitoring with OpenFlow

You know how hard it is to get the network traffic statistics: interface counters are too coarse, Netflow records are too granular, Sflow is sampling… life is hard for network monitoring Goldilocks.

In the Network Monitoring video (part of Real-Life OpenFlow Use Cases webinar) I explained an interesting alternative: you could get (hardware permitting) traffic counters with ever OpenFlow flow entry, resulting in any granularity you need.

see 1 comments

Redundant Server-to-Network Connectivity

Load-based teaming and other methods of VM-to-uplink pinning used by VMware and other hypervisor vendors might be the best approach in traditional VLAN-based virtual networks. The situation changes drastically in the overlay virtual networking environment where the hypervisor sends all traffic from a single IP address, making multi-chassis link aggregation (MLAG) the best solution.

For more details, read the Redundant Server-to-Network Connectivity Expert Express case study or register for the Building a Small Private Cloud webinar.

see 2 comments

vSphere Does Not Need LAG Bandaids – the Network Does

Chris Wahl claimed in one of his recent blog posts that vSphere doesn't need LAG band-aids. He's absolutely right - vSphere's loop prevention logic alleviates the need for STP-blocked links, allowing you to use full server uplink bandwidth without the complexity of link aggregation. Now let’s consider the networking perspective.

read more see 15 comments

Controller Implementation Choices Affecting OpenFlow Scalability

The first part of the Real-life OpenFlow Use Cases webinar focused on controller design and implementation choices that can significantly impact the scalability of an OpenFlow solution:

You could tell we had great fun with these topics: we spent more than half an hour on five slides.

Add comment

What Exactly Is SDN (And Does It Make Sense)?

When Open Networking Foundation claimed ownership of Software-Defined Networking, they defined it as separation of control and data plane:

[SDN is] The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices.

Does this definition make sense or is it too limiting? Is there more to SDN? Would a broader scope make more sense?

read more Add comment

Source IPv6 Address Selection Saves the Day

My recommendation to use ULA addresses for internal communications within organizations that don’t have their own provider-independent address space resulted in the following comment:

[…] Having ULA for internal company communication and global IPv6 addresses for communication with the Internet will cause lots of issues with application guys since now application has to bind to specific IPv6 address for internal communications and another IPv6 address to go to the Internet.

Numerous aspects of IPv6 may still be broken, but fortunately this is not one of them.

read more see 9 comments

How Did Software Defined Networking Start?

Software-Defined Networking is clearly a tautological term – after all, software defined networking device behavior ever since we stopped using Token Ring MAUs and unmanaged hubs. Open Networking Foundation claims it owns the definition of the term (which makes approximately as much sense as someone claiming they own the definition of red-colored clouds), but I was always wondering who coined the term in the first place.

read more see 3 comments

VMware NSX Gateway Questions

Gordon sent me a whole list of NSX gateway questions:

  • Do you need a virtual gateway for each VXLAN segment or can a gateway be the entry/exit point across multiple VXLAN segments?
  • Can you setup multiple gateways and specify which VXLAN segments use each gateway?
  • Can you cluster gateways together (Active/Active) or do you setup them up as Active/Standby?

The answers obviously depend on whether you’re deploying NSX for multiple hypervisors or NSX for vSphere. Let’s start with the former.

read more see 2 comments

Does uRPF Make Sense in Internet Service Provider Networks?

Every time someone wonders about the viability of unicast reverse path forwarding (uRPF) as source address validation technique at the edge of an ISP network, someone else inevitably claims it can’t possibly work due to asymmetrical routing issues. Is the situation really so black-and-white?

read more see 8 comments

I Say ULA, You Hear NAT

Ed Horley wrote another great post arguing you don’t need Unique Local Addresses in an IPv6 network … and I couldn’t figure out what the problem was until I got the underlying context: it seems many engineers try to transplant their IPv4 mentality into IPv6 world and see ULAs as a nice replacement for RFC1918 with NAT66 or NPT66 on the private network edge. No wonder Ed argues against that.

read more see 3 comments

Is Open vSwitch Control Plane In-Band or Out-of-Band?

A few days ago I described how most OpenFlow data center fabric solutions use out-of-band control plane (separate control-plane network). Can we do something similar when running OpenFlow switch (example: Open vSwitch) in a hypervisor host?

TL&DR answer: Sure we can. Does it make sense? It depends.

read more see 1 comments
Sidebar