Blog Posts in May 2013

Simplify Your Disaster Recovery with Virtual Appliances

Regardless of what the vendors are telling you, it’s hard to get data center disaster recovery right (unless you’re running regular fire drills), and your job usually gets harder due to the intricate (sometimes undocumented) intertwining of physical and virtual worlds. For example, do you know how to get the firewall and load balancer configurations from the failed site implemented in the equipment currently used at disaster recovery site?

Imagine a simple application stack with a few web servers, app servers and two database servers. There’s a firewall in front of the web servers and a load balancer tying all the segments together.

read more see 6 comments

BGP Best External Explained

Loads of niche features got crammed into (MP)BGP and MPLS since I wrote my MPLS books, most of them trying to tweak BGP (a scalable and reasonably slow routing protocol dealing with behemoth tables) to behave more like an IGP would.

It looks like we’ll never see updated versions of the books, so I’ll try to cover the new features with short videos. The first one on the list: BGP Best External – a mechanism that speeds up MP-IBGP convergence in primary/backup PE-CE scenarios using EBGP.

read more see 8 comments

Optimal L3 Forwarding with VARP and Active/Active VRRP

I’ve blogged about the need for optimal L3 forwarding across the whole data center in 2012 when I introduced it as one of the interesting requirements in Data Center Fabrics webinar. Years later, the concept became one of the cornerstones of modern EVPN fabrics, but there are still only a few companies that can deliver this functionality in a more traditional environment.

read more see 14 comments

Hyper-V 3.0 Extensible Virtual Switch

It took years before the rumored Cisco vSwitch materialized (in the form of Nexus 1000v), several more years before there was the first competitor (IBM Distributed Virtual Switch), and who knows how long before the third entrant (recently announced HP vSwitch) jumps out of PowerPoint slides and whitepapers into the real world.

Compare that to the Hyper-V environment, where we have at least two virtual switches (Nexus 1000V and NEC's PF1000) mere months after Hyper-V's general availability.

read more see 9 comments

Celebrating 40 years of Ethernet ... at south pole

Did you know Ethernet turned 40 today? I didn't (I was never good at tracking anniversaries), but Kris Amundson (the engineer keeping his network up and running in pitch dark Antarctica) quickly brought it to my attention with wonderful photos of South Pole Ethernet network built @ -69C (that's -92F if you're still ignoring the metric system).

Even better, they still have a thick coax cable with transceiver screwed into it!

Thanks for sharing, Kris! Really appreciated ;)

see 3 comments

The Dangers of Ignoring IPv6

I was sitting next to a really nice security engineer during the fantastic dinner-in-a-wine-cellar @ Troopers 13 and as we started talking about security implications of ignoring IPv6, I was quickly able to persuade him that it's dangerous to pretend IPv6 doesn't exist and that even though you might choose not to deploy it, you still have to acknowledge it exists and take protective measures.

It’s always great fun to explain the dangers of ignoring IPv6 to a networking or security audience, and see some people muttering “oh, ****”

read more see 1 comments

Multi-Vendor OpenFlow – Myth or Reality?

NEC demonstrated multi-vendor OpenFlow network @ Interop Las Vegas, linking physical switches from Arista, Brocade, Centec, Dell, Extreme, Intel and NEC, and virtual switches in Linux (OVS) and Hyper-V (PF1000) environments in a leaf-and-spine fabric controlled by ProgrammableFlow controller (watch the video of Samrat Ganguly demonstrating the network).

Does that mean we’ve entered the era of multi-vendor OpenFlow networking? Not so fast.

read more see 2 comments

Troopers 13 – a must-visit security conference

If you live in Europe and happen to be interested in security, make sure you put Troopers on the list of must-attend events. Like many things coming from Europe it’s a boutique event (limited to 200 attendees even if it means it’s sold out – that would never happen in some other parts of the world) with some great content.

Enno Rey, the mastermind behind the event, was kind enough to invite me to talk about virtual firewall architectures – you can view my presentation or watch the video – and of course I used the opportunity to visit a not-so-well-known Heidelberg attraction ;)

add comment

Tail-f Network Control System – the First Impressions

One of the most pleasant surprises of the recent Interop show was the Tail-f's Network Control System (NCS). I “knew” Carl Moberg (of the NETCONF and YANG fame) for a long time and had the privilege to meet him in person just before the SDN Buyer's Guide panel that I co-hosted with Kurt Marko (who did an excellent job putting the buyer's guide together). Anyhow, what Carl presented during the panel totally blew me away.

read more see 7 comments

Data Has Mass and Gravity

A while ago, while listening to an interesting CloudCast podcast (my second favorite podcast - the best one out there is still the Packet Pushers), I stumbled upon an interesting idea “Data has gravity”. The podcast guest used that idea to explain how data agglomerates in larger and larger chunks and how it makes sense to move the data processing (application) closer to the data.

read more see 3 comments

Are stateless ACLs good enough?

In one of his Open Networking Summit blog posts Jason Edelman summarized the presentation in which Goldman Sachs described its plans to replace stateful firewalls with packet filters (see also a similar post by Nick Buraglio).

These ideas are obviously not new – as Merike Kaeo succinctly said in her NANOG presentation over three years ago “stateful firewalls make absolutely no sense in front of servers, given that by definition every packet coming into the server is unsolicited.” Real life is usually a bit more complex than that.

read more see 8 comments

Update: TRILL on HP Data Center Switches

A few days after I published the Interop Product Launch Craze post, Jason Edelman told me HP claims they have running TRILL implementation. Time to read their release notes.

Results: No mention of TRILL in latest release notes for 12500, 9500 or 58xx. 5900 switches support TRILL, EVB and FCoE since release 2207 (January 2013).

More about changes in the data center switching market in the Data Center Fabrics Update webinar. Now I have to catch the next plane on the way home.

see 9 comments

Server Guy’s Guide to Virtual Networks

I was asked to do a short virtual networking presentation during this year’s Microsoft NT Conference in Slovenia. Most of the audience were server and virtualization administrators, having anywhere from zero to pretty decent networking knowledge; getting the right balance of basics and interesting features was a struggle.

They told me the end result wasn’t that bad. It’s a bit Microsoft-biased, but applies equally well to VMware (be it vSphere/VXLAN or Open vSwitch/NVP combo).

see 5 comments

Plexxi’s Dan Backman Presenting in the Data Center Fabrics Update Webinar

Plexxi has a really interesting data center fabric solution that combines CWDM optics with L2+L3 switching. They briefed me on their product just before their public launch; I like their approach, particularly the combination of robust traditional forwarding with controller-based network optimization that you can influence from the outside, but somehow I never quite found the time to blog about them … although I did manage to solve the hard part of the problem: write a Perl script that generates Graphviz graph description to generate schematics of their CWDM inter-switch links.

read more add comment

TCP and HTTP Improvements

In previous videos from the TCP, HTTP and SPDY webinar I described the network-related performance challenges experienced by web applications and did a deep dive into TCP and HTTP mechanisms underlying them.

Today’s video describes numerous TCP and HTTP enhancements – from increased initial congestion window (recently published as RFC 6928) and TCP fast open to persistent HTTP sessions and pipelining.

see 1 comments

Attending Interop Las Vegas? Drop by!

If you’re attending Interop Las Vegas next week, do drop by my Network Infrastructure for Cloud Computing workshop on Monday or one of the networking track sessions on Wednesday: Overlay Networking Explained in late morning and IPv6 – It’s High Time to Get Started in the afternoon. I’ve reserved plenty of time after each one for follow-up questions and discussions.

Other fine sessions you shouldn’t miss: Beware the Firewall, My Son! by Network Security Princess, Chopping Down the Fat Tree by venerable Ethan Banks, Death to Spanning Tree by Data Center Overlord Tony Bourke and How to Keep Video from Blowing Up Your Network by the very first CCIE Terry Slattery.

add comment