Build the Next-Generation Data Center
6 week online course starting in spring 2017

Quick link: User-Space Network I/O on x86 Servers

Robert Graham published another great blog post explaining why you need user-space handling of network traffic for multigigabit performance on x86 servers. A must-read if you’re interested in performance of software-based packet forwarding.

Want more? Listen to Snabb Switch Deep Dive and PF_RING Deep Dive podcasts.

Need product details? I collected some performance data points in the NFV webinar.

Free Webinar: Introduction to SDN

Almost exactly two years ago I ran an Introduction to SDN webinar trying to explain what SDN might be. The landscape has changed significantly in the meantime (for example, software/hardware disaggregation is becoming a reality), but SDN remains as meaningless as Cloud and wrapped in many layers of marketing nonsense.

It was clearly time to do a second version of the webinar, and it’s still free thanks to my sponsor NIL Data Communications. All you have to do to attend it is to fill in the registration form.

Dell OS10 and Cumulus Linux

A few days ago Dell announced their next-generation network OS based on Debian Linux, and bloggers (like my good friend Tom Hollingsworth) started wondering what’s going to happen with Cumulus Linux.

Let’s get into prognostication mode…

On a totally unrelated note, I love the picture Dell marketing put on the OS10 page. Linux distro in a binder? Really? When was the last time they checked the calendar?

Docker Networking on Software Gone Wild

A year and a half ago, Docker networking couldn’t span multiple hosts and used NAT with port mapping to expose container-based services to the outside world.

Docker is the hottest Linux container solution these days. Want to know more about it? Matt Oswalt is running Introduction to Docker webinar in a few days.

In August 2014 a small startup decided to change all that. Docker bought them before they managed to get public, and the rest is history.

Disabling SLAAC in Data Center Subnets

Continuing the IPv6 address selection discussion we have a few days ago, Luka Manojlovič sent me a seemingly workable proposal:

I think we were discussing a borderline problem. In a server environment there won’t be any SLAAC, and we could turn off DHCPv6 client on servers with fixed IP addresses.

Sounds great, but as always, the reality tends to be a bit harsher.

Whatever Happened to “Do No Harm”?

A long time ago in a podcast far, far away one of the hosts saddled his pony unicorn and started explaining how stateful firewalls work:

Stateful firewall is a way to imply trust… because it’s possible to hijack somebody’s flows […] and if the application changes its port numbers… my source port changes when I’m communicating with my web server - even though I’m connected to port 80, my source port might change from X to Y. Once I let the first one through, I need to track those port changes […]

WAIT, WHAT? Was that guy really trying to say “someone can change a source port number of an established TCP session”?

IPv6 Microsegmentation in Data Center Environments

The proponents of microsegmentation solutions would love you to believe that it takes no more than somewhat-stateful packet filters sitting in front of the VMs to get rid of traditional subnets. As I explained in my IPv6 Microsegmentation talk (links below), you need more if you want to have machines from multiple security domains sitting in the same subnet – from RA guard to DHCPv6 and ND inspection.

IPv6 Address Allocation Is Operating System-Specific

The breadth of address allocation options available in IPv6 world confuses many engineers thoroughly fluent in IPv4, but it also gives operating system developers way too many options… and it turns out that different operating systems behave way differently when faced with the same environment.

2016-01-21: In the meantime, Luka got further details on Windows behavior, and Enno Rey provided a few additional links.

Spanning Tree (STP) on Virtual Switches

One of my readers sent me this question:

I'm researching NFV/SDN and wonder if the software L2 switches support spanning tree.

TL&DR: Some do, some don’t.

Upcoming Events: Data Center Fabrics Workshop in Zurich

Online webinars are great, but many engineers still prefer live workshops – they’re an excellent opportunity for unrestricted 2-way communication and exchange of ideas – so I decided to turn a few of my best webinars (or webinar tracks) into workshops, and Gabi Gerber, the wonderful organizer of Data Center days in Switzerland took over the logistics, resulting in the first-ever Data Center Fabrics workshop in Zurich in late March.

Network Node Shutdown Is a Process, not an Event

In theory, you should shut down a network device with a well-defined procedure:

  • Drain the traffic from the device;
  • Verify the device is no longer forwarding traffic;
  • Turn off the device.

In practice, network devices don’t have a shutdown command, and reload typically just restarts the network OS.

OpenSwitch Deep Dive on Software Gone Wild

A while ago I watched a Networking Field Day Extra video in which Chris Young and Michael Zayats talked about HP’s open source initiative – they decided to build yet another open networking operating system.

Obviously I wanted to know more, reached out to Chris, and we quickly managed to set up an online chat resulting in Episode 48 of Software Gone Wild podcast.

Upcoming Events: Troopers 2016

Last autumn’s SDN roadtrip left me totally exhausted – at the moment it’s so bad that I can’t push myself to work on non-urgent things – but there are some conferences are that so awesome that I wouldn’t skip them no matter what.

Troopers 16 (March 14th – 18th in Heidelberg, Germany) is a must-go-to security conference. Past events were fantastic, and when Enno Rey asked me what I’d like to talk about this year it wasn’t hard to come up with three interesting topics:

Are Unnumbered Interfaces Harmful?

A few weeks ago I got into an interesting discussion about the potential harm caused by unnumbered IPv4/IPv6 interfaces.

Ignoring for the moment the vendor-specific or media-specific implementation details, these two arguments usually pop up in the first 100 milliseconds (assuming engineers involved in the discussion have some hands-on operational experience):

The Sad State of Enterprise Networking

John wrote an optimistic comment to my fashionable designs rant:

Nobody in their right mind does "fashionable" things when dealing with infrastructures that are required to be solid, dependable and robust.

Unfortunately many enterprises aren’t that prudent – the last Expert Express engagement I had in 2015 was yet another customer who lost two major data centers due to a bridging loop spilling over a stretched VLAN infrastructure.

A Quick Look Back: Webinars in 2015

As you know I always promise my loyal subscribers at least 6 new webinars per year. Well, 2015 was a bit more fruitful. Let’s start with the easy ones:

However, I spent most of my time developing the SDN and network automation curriculum:

New Webinar: BGP-LS and PCEP

I was often asked about two emerging technologies that enable standard controller-based WAN traffic engineering: BGP-LS to extract the network topology and PCEP to establish end-to-end tunnels from a controller.

Unfortunately, I never found time to explore these emerging technologies and develop a webinar. However, after Julian Lucek from Juniper did such a great job on the NorthStar podcast, I asked him whether he would be willing to do a deep dive technology webinar on the two technologies and he graciously agreed to do it.