Category: Tags

LISP is a networking technology that has been searching for a relevant problem for a decade and a half (the LISP IETF working group started in the spring of 2009). Initially, I was cautiously optimistic. However, as LISP pivoted from an IPv6-over-IPv4 solution to a multihoming solution, then VM mobility and IP endpoint mobility solution, until it finally landed in Cisco Campus BU as the foundational technology of Software-Defined Access, I lost all hope.

LISP started as a DNS-like cache-based packet forwarding technology. Eventually, reality intervened, and the LISP believers rediscovered the flaws of cache-based forwarding. It looks like LISP pivoted to become a topology-driven PUB-SUB protocol. Assuming that’s correct, there’s little conceptual difference between LISP and EVPN. It’s just a question of defining a suitable set of policy mechanisms and developing an optimal implementation.

Discussing the benefits and drawbacks of LISP or EVPN thus makes as much sense as debating the number of angels dancing on the head of a pin, but that has never stopped people from doing one or the other.

Just in case you want to know more, you will find some details in the LISP-related blog posts I wrote since 2010:

• Introduction to LISP (2010)
• VXLAN, OTV and LISP (2011)
• We Just Might Need NAT66/NPT66 (and Not LISP) (2011)
• Networking Tech Field Day #3: First Impressions (2012)
• Mobile ARP in Enterprise Networks (2012)
• Hot and Cold VM Mobility (2013)
• VXLAN and OTV: The Saga Continues (2014)
• Why Is Cisco Pushing LISP in Enterprise Campus? (2017)
• When All You Have Are Stretched VLANs... (2020)
• Grasp the Fundamentals before Spreading Opinions (2020)
• Packet Forwarding 101: Header Lookups (2022)
• Cache-Based Packet Forwarding (2022)
• Repost: LISP Is a False Economy (2022)
• Should We Use LISP? (2022)
• So-Called Modern VPNs: Marketing and Reality (2022)
• Multihoming Cannot Be Solved within a Network (2022)
• LISP vs EVPN: Mobility in Campus Networks (2024)
• Repost: The Real LISP Mobility Use Case (2024)
• Repost: State of Lisp Implementations (2024) (2024)

The netlab tool will help you be more proficient once you decide to drop GUI-based network simulators and build your labs using CLI and infrastructure-as-code principles.

ChatGPT trying (and failing) to explain EVPN

What Is EVPN?

Before going into the technical details, let’s start with the basics: What is EVPN, how does it work, and where can you use it?

• What Is EVPN?
• EVPN: The Great Unifying Theory of VPN Control Planes?
• EVPN Is More than VPLS on Steroids
• VXLAN Broadcast Domain Size Limitations
• Active-Active Data Centers with VXLAN and EVPN
• Comparing EVPN with Flood-and-Learn Fabrics
• Simple EVPN/VXLAN Bridging
• Studying EVPN to Prepare for a Job Interview
• Is Dynamic MAC Learning Better Than EVPN?
• Dataplane MAC Learning with EVPN

EVPN Designs

EVPN was designed to be used in an IBGP environment on top of an IGP. With the eruption of EBGP as better IGP hype, many vendors tried to adapt EVPN to an environment running EBGP instead of OSPF. We covered typical EVPN designs in these blog posts:

• BGP in EVPN-Based Data Center Fabrics
• Using EVPN in Very Small Data Center Fabrics
• BGP in EVPN-Based Data Center Fabrics (Updated)
• Typical EVPN BGP Routing Designs
• Implications of Valley-Free Routing in Data Center Fabrics
• VXLAN and EVPN on Hypervisor Hosts
• The EVPN Dilemma
• Pragmatic EVPN Designs
• When EVPN EBGP Session between Loopbacks Makes Sense
• BGP AS Numbers on MLAG Members
• EVPN/VXLAN or Bridged Data Center Fabric?
• Multi-Vendor EVPN Fabrics
• Layer-3 WAN Handoff (L3Out) in VXLAN/EVPN Fabrics
• VXLAN/EVPN Layer-3 Handoff (L3Out) on Arista EOS

EVPN Implementation Details

There are tons of tiny little things that can go wrong when you try to deploy EVPN. I documented them as I stumbled upon them:

• EVPN Route Target Considerations in EBGP Environment
• Using 4-Byte BGP AS Numbers With EVPN on Junos
• Dissecting IBGP+EBGP Junos Configuration
• Private VLANs With VXLAN
• VMware NSX Killed My EVPN Fabric
• EVPN Route Targets, Route Distinguishers, and VXLAN Network IDs
• EVPN Auto-Rd and Duplicate MAC Addresses
• Next-Hop and VTEP Reachability in EVPN Networks
• Duplicate ARP Replies with Anycast Gateways
• More Arista EOS BGP Route Reflector Woes
• Using EVPN/VXLAN with MLAG Clusters
• DHCP Relaying in EVPN VRFs
• Silent Hosts in EVPN Fabrics

Beyond VXLAN

While EVPN is often used with VXLAN today, it was designed to work with the MPLS data plane, resulting in a few quirks:

• EVPN With MPLS Data Plane in Data Centers
• Q-in-Q Support in Multi-Site EVPN
• EVPN/MPLS Bridging Forwarding Model
• EVPN VLAN-Aware Bundle Service
• Does EVPN/VXLAN over SD-WAN Make Sense?

EVPN Rants

Some vendors’ marketing engineers (or Senior Directors) can’t stand anyone telling them their implementation might be suboptimal, going to great lengths to prove to themselves they’re right, and generating beautiful fodder for rants.

• Don’t Sugarcoat the Challenges You Have
• The EVPN/EBGP Saga Continues
• EVPN Control Plane in Infrastructure Cloud Networking
• EVPN/VXLAN Complexity
• On the Viability of EVPN
• Multi-Vendor EVPN Fabrics

Videos

You can watch numerous videos from the EVPN Technical Deep Dive webinar without an ipSpace.net account:

• EVPN Multihoming Taxonomy and Overview
• EVPN Multihoming Deep Dive
• MLAG with EVPN
• vPC Fabric Peering with EVPN Multihoming
• Advantages and Drawbacks of EVPN-based Multihoming

What Others Wrote About EVPN

• EVPN in Data Center
• Arista EVPN-Based Automation Virtual Lab
• Switching to IP fabrics
• ARP Problems in EVPN
• EVPN/VXLAN with FRR on Linux Hosts
• Troubleshooting EVPN Control Plane
• Introduction of EVPN at DE-CIX

Other EVPN Blog Posts

• Why Are We Using EVPN Instead of SPB or TRILL?
• LISP vs EVPN: Mobility in Campus Networks
• Repost: Campus-Wide Wireless Roaming with EVPN

ChatGPT explaining OSPF to a high-school kid

Configuration Tips

This blog started as a collection of (hopefully) helpful configuration tricks, and I documented numerous Cisco IOS configuration tips in the early 2000s.

• Network Statements in the OSPF Process Are No Longer Order-Dependent
• Enhanced OSPF Adjacency Logging
• Network Statements Are No Longer Needed in OSPF Configuration
• Be Smart When Using the OSPF Network Statement
• Increased Number of OSPF processes in MPLS VPN Environments
• OSPF Router-Id Does Not Change When the Interface IP Address Changes
• Subnet Masks in OSPF Network Statements
• OSPF in a VRF Requires a Box-Unique Router ID
• Reverse Lookup of OSPF Router IDs
• Display Interfaces Belonging to a Single OSPF Process
• OSPF Ignores Subnet Mask Mismatch on Point-to-Point Links
• IOS Fossils: OSPF-to-BGP Redistribution
• Limitations of VRF Routing Protocols on Cisco IOS
• IOS Fossils: Classful OSPF Redistribution
• “ip ospf mtu-ignore” Is a Dangerous Command
• OSPF and Connected Networks: To Redistribute or Not?
• Unnumbered OSPF Interfaces in Quagga (and Cumulus)

Implementation Details

Let’s start with the elephant in the room: OSPF areas – a simple concept that got way too convoluted when OSPF started accreting nerd knobs like NSSA areas:

• Primary/Backup Area Border Router Designs
• Do We Still Need OSPF Areas and Summarization?
• OSPF Areas and Summarization: Theory and Reality
• Nerd Knobs Save the Day: NSSA Saga Continues
• Running OSPF in a Single Non-Backbone Area
• OSPF Summarization and Split Areas

OSPF default routes are another confusing topic. You could have inter-area default routes (used in stub areas) or external default routes that could be conditional or unconditional.

• Inserting Default Route Into OSPF
• OSPF Default Route: Design Scenarios
• tested configuration
• OSPF Default Route Based on IP SLA
• Default Routing in NSSA Area

OSPF adjacencies are another fun troubleshooting topic:

• OSPF Neighbors Stuck in EXSTART
• Troubleshooting OSPF Adjacencies
• Challenge: Establish OSPF Adjacency on a LAN Interface
• OSPF LAN Adjacency Challenge: Final Results
• Challenge: Mixing Numbered and Unnumbered Interfaces
• Mixing Numbered and Unnumbered OSPF Interfaces: Solution

The inimitable forwarding address in type-5 LSA will make your head explode when combined with the NSSA areas.

• OSPF Forwarding Address: Yet Another Kludge
• OSPF Forwarding Address YAK: Take 2
• Why OSPF Needs Forwarding Address With NSSA Areas
• The Unintended Consequences of NSSA Kludges
• More Thoughts on OSPF Forwarding Address

Want even more OSPF details? I documented way too many of them since I started blogging, including:

• Type-1 (Router) LSA in OSPF Topology Database
• OSPF Graceful Shutdown
• More Details on OSPF Route Filters
• Common Sense Prevails Over RFC 2328
• OSPFv3 Router ID: the Long Shadow of IPv4
• OSPF Breaks When Faced With Overlapping IP Addresses
• OSPF Router ID Selection Trivia
• SPF Events in OSPF and IS-IS
• OSPF Router ID Selection: the Gory Details
• OSPF Route Selection Rules
• Change in OSPF Designated Router Creates Extra Network LSAs
• Inter-Process OSPF Route Selection Rules
• Why Is OSPF not Using TCP?
• What Exactly Happens after a Link Failure?
• OSPF Inter-Process Route Selection
• LSA/LSP Flooding in OSPF and IS-IS
• OSPF External Routes (Type-5 LSA) Mysteries

Deploying OSPF

Creative networking engineers often forget an unpleasant truth: OSPF is a single security domain. You should never run it with less-trusted peers, be it your customers, data center servers, or virtual machines.

• Do Not EVER Run OSPF or IS-IS With Your Internet Customers
• Don’t Run OSPF with Your Customers
• Why Would I Use BGP and not OSPF between Servers and the Network?

OSPF by itself is complex enough, but the real fun starts when you combine it with other protocols (for example, BGP and LDP):

• MPLS LDP Autoconfiguration
• Use Slow IGP Startup in LDP-only MPLS Environments
• LDP-IGP Synchronization in MPLS Networks
• OSPF Meets EIGRP
• Fixing the FIB Bottleneck
• Synchronizing BGP and OSPF (or OSPF and LDP)
• Unexpected Interactions Between OSPF and BGP
• Why Do We Need BGP-LS?

Running OSPF in large hub-and-spoke networks (for example, large DMVPN networks) is another tough challenge:

• OSPF Flooding Filters in Hub-and-Spoke Environments
• RIP Rocks in Low-End Hub-and-Spoke Networks
• Can You Run OSPF over DMVPN?
• Sometimes You Need to Step Back and Change Your Design
• OSPF Configuration in Phase 1 DMVPN Network
• Configuring OSPF in a Phase 2 DMVPN network
• More OSPF-over-DMVPN Questions
• DMVPN as a Backup for MPLS/VPN
• OSPF-over-DMVPN Using Two Hub Routers
• Redundant DMVPN designs, Part 1 (The Basics)
• Combining DMVPN with Existing MPLS/VPN Network

While you could use OSPF to get unequal-cost multipathing, you might be tripped by numerous caveats; no wonder there are few implementations of this concept.

• Why Is OSPF (Or IS-IS) Afraid of Unequal-Cost Load Balancing
• Unequal-Cost Multipath in Link State Protocols
• Single-Metric Unequal-Cost Multipathing Is Hard

Finally, you can run OSPF over unnumbered interfaces, be it point-to-point serial links or Ethernet segments:

• Configure OSPF on Unnumbered Interfaces
• Packet Forwarding and Routing over Unnumbered Interfaces
• Running OSPF over Unnumbered Ethernet Interfaces
• OSPF and ARP on Unnumbered IPv4 Interfaces
• OSPF ECMP with Unnumbered IPv4 Interfaces

Rants

Now and then, I couldn’t resist writing an OSPF-related rant:

• Routing Protocols: Perfect Example of RFC 1925 Rule 5
• Stop Googling and Start Testing
• Is OSPF Unpredictable or Just Unexpected?
• Link-State Routing Protocols Are Eventually Consistent
• Building a Small Network with ChatGPT
• Why Is OSPF (and BGP) More Complex than STP?

What Others Are Writing About OSPF

• What I've Learned About Scaling OSPF in Data Centers
• Redistributing Full BGP Feed into OSPF
• OSPF Watcher

Other OSPF Blog Posts

• MPLS Traffic Engineering myths
• WAN Routing in Data Centers with Layer-2 DCI
• Implementing Control-Plane Protocols with OpenFlow
• Routing Protocols on NSX Edge Services Router
• BGP or OSPF? Does Topology Visibility Matter?
• Generating OSPF, BGP and MPLS/VPN Configurations from Network Data Model
• Use VRFs for VXLAN-Enabled VLANs
• FRRouting RIB and FIB
• FRRouting Loopback Interfaces and OSPF Costs

ChatGPT explaining application high availability to a high school kid

Before going into the details, it’s worth figuring out what the application (or system) users need as opposed to what they think they need:

• Fifty Shades of High Availability (2020)
• Figure Out What the Customer Really Needs (2017)
• Are Business Needs Just Excuses for Vendor Shenanigans? (2020)
• Redundancy Does Not Result in Resiliency (2017)
• High Availability Planning: Identify the Weakest Link (2016)
• Meaningful Availability (2020)
• Differential Availability (2020)

Not surprisingly, IT vendors sell magic infrastructure solutions as the high-availability panacea based on the assumption that redundant infrastructure cannot fail. Nothing could be further from the truth:

• High Availability Fallacies (2011)
• If Something Can Fail, It Will (2012)
• How Hard Is It to Think about Failures? (2016)
• This Is What Makes Networking So Complex (2013)
• Decide How Badly You Want to Fail (2019)
• Sometimes You Have to Decide How You Want to Fail (2015)
• Some People Don’t Get It: It Will Eventually Fail (2016)
• The Network Is Reliable and Other Stories (2016)
• Circular Dependencies Considered Harmful (2021)

High Availability Concepts, Technologies, and Solutions

You can use a plethora of approaches depending on your availability targets:

• Disaster recovery is the right tool for the job if you’re OK with the system being down for a few hours.
• Automatic restart of application instances combined with disaster recovery is acceptable if you can accept your system to be down ~0.1% of the time (99.9% availability)
• Availability targets higher than 99.9% can only be reached reliably with proper application design supported by well-designed infrastructure.

I wrote over 130 blog posts on these topics. It would be impossible to list all of them on a single page; major high-availability technologies or concepts thus have dedicated pages:

• Disaster recovery and avoidance
• High availability clusters
• Public and private cloud deployments
• Global and local load balancing with IP anycast

One of the prerequisites for highly available services is also redundant networking infrastructure:

• Redundant Data Center Internet Connectivity – Problem Overview (2013)
• Redundant Data Center Internet Connectivity – High-Level Design (2013)
• Coping with Byzantine Routing Failures (2014)
• Site and Host Multihoming (2023)
• High Availability Switching (2024)

Regardless of your approach, the only sustainable way to get highly available services is the correct design of the application stack. For more details, watch the Designing Active-Active and Disaster Recovery Data Centers webinar; I also wrote a few blog posts on the topic:

• Swimlanes, Read-Write Transactions and Session State (2017)
• Solving the Problem in the Right Place (2017)
• Moving Complexity to Application Layer? (2017)
• Optimizing the Time-to-First-Byte (2021)

Notable Outages

Finally, here are a few notable outages. TL&DR: it can happen to the big guys and will eventually happen to you.

• How GitHub Learned How Hard Distributed Systems Are (2023)
• Cloudflare Control Plane Outage (2023)

Other High Availability Blog Posts

2015

• What Happens When a Data Center Fabric Switch Fails?
• Can You Avoid Networking Software Bugs?

2014

• Can We Use IPv6 Router Advertisements for Fast Failover?

2013

• 50 Shades of Statefulness
• Resiliency of VM NIC firewalls
• Does dedicated iSCSI infrastructure make sense?

2012

• Do We Need FHRP (HSRP or VRRP) For IPv6?