Blog Posts in June 2013
During the recent Data Center Fabrics Update webinar Dan Backman from Plexxi explained how their innovative use of CWDM technology and controller-assisted forwarding simplifies deployment and growth of reasonably-sized data center fabrics.
I would highly recommend that you watch the video – the start is a bit short on details, but he does cover all the juicy aspects later on.
NEC and a slew of its partners demonstrated an interesting next step in the SDN saga @ Interop Las Vegas 2013: multi-vendor SDN applications. Load balancing, orchestration and security solutions from A10, Silver Peak, Red Hat and Radware were happily cooperating with ProgrammableFlow controller.
A curious mind obviously wants to know what’s behind the scenes. Masterpieces of engineering? Large integration projects ... or is it just a smart application of API glue? In most cases, it’s the latter. Let’s look at the ProgrammableFlow – Radware integration.
Andreas was watching my recent Enterasys DCI webinar and got intrigued by the quick hand drawings I made, so he asked me “What kind of tool do you use to make the hand drawings during your presentations? It must be something different than a mouse.”
In case you weren’t watching one of my recent webinars, here’s a sample to get you started:
Greg Ferro published a great blog post explaining why he decided to use node.js to build his cloud automation platform. While I agree with most things he wrote, this one prickled me the wrong way:
In my view, an Application Programmable Interface(API) is the fundamental change that makes Software Defined Networking (SDN) a “thing”. We need to realise that the CLI is a “power tools” for specialist tradespeople and not a “knife and fork” for everyday use.
While I agree with his view on CLI, keep in mind that API is no different.
The next small step in my MPLS/VPN update project: EIBGP load balancing – why is it useful, how it works, why can’t you use it without full-blown MPLS/VPN, and what the alternatives are.
Andrew is struggling with MPLS/VPN providers and sent me the following question:
Is "carriers carrier" a real service? I'm having a bit of an issue at the moment with too many MPLS providers […] Carrier’s carrier would be an answer to many of them, but none of the carriers admit to being able to do this, so I was wondering if it's simply that I'm speaking to the wrong people, or whether they really don't...
Short answer: I have yet to see this particular unicorn roaming the meadows of reality.
In the "Optimal L3 Forwarding with VARP and Active/Active VRRP" blog post I made a remark along the lines of "Things might get nasty [in Arista EOS Virtual ARP world] if you have configuration mismatches", resulting in a lengthy and amazingly insightful email exchange with Lincoln Dale during which we ventured deeper and deeper down the Virtual ARP (VARP) rabbit hole. Here's what I learned during out trip:
The true OpenFlow zealots would love you to believe that you can drop whatever you’ve been doing before and replace it with a clean-slate solution using dumbest (and cheapest) possible switches and OpenFlow controllers.
In real world, your shiny new network has to communicate with the outside world … or you could take the approach most controller vendors did, decide to pretend STP is irrelevant, and ask people to configure static LAGs because you’re also not supporting LACP.
I was reading What Network Virtualization Isn’t from Jon Onisick the other day and started experiencing all sorts of unpleasant flashbacks caused by my overly long exposure to networking industry missteps and dead ends touted as the best possible solutions or architectures in the days of their glory:
In the TCP, HTTP and SPDY webinar I described the web application performance roadblocks caused by TCP and HTTP and HTTP improvements that remove most of them. Google went a step further and created SPDY, a totally redesigned HTTP. What is SPDY? Is it really the final solution? How much does it help? Hopefully you’ll find answers to some of these questions in the last part of the webinar.
A while ago someone asked what the difference between access and prefix lists is on the Network Engineering Stack Exchange web site (a fantastic resource brought to life primarily by sheer persistence of Jeremy Stretch, who had to fight troves of naysayers with somewhat limited insight claiming everything one would want to discuss about networking falls under server administration web site).
The question triggered a lengthy wandering down the memory lane … and here's the history of how the two came into being (and why they are the way they are).
An individual focused more on sensationalism than content deemed it appropriate to publish an article declaring networking engineers an endangered species on an industry press web site that I considered somewhat reliable in the past.
The resulting flurry of expected blog posts included an interesting one from Steven Iveson in which he made a good point: it’s easy for the cream-of-the-crop not to be concerned, but what about others lower down the pile. As always, it makes sense to do a bit of reality check.
Could you run a data center exclusively on IPv6? What would you need to do to interact with the IPv4 side of the Internet? Tore Anderson from Redpill Linpro figured out that IPv4 addresses are better used to enable the service for the servers hosted in their datacenter instead of “wasting” them for network infrastructure and data center connectivity, and he’ll describe how he’s doing it (in production environment) in tomorrow’s free IPv6-Only Data Centers webinar.
Meeting Brad Hedlund in person was definitely one of the highlights of my Interop 2013 week. We had an awesome conversation and quickly realized how closely aligned our views of VLANs, overlay networks and virtual appliances are.
Not surprisingly, Brad quickly improved my ideas with a radical proposal: running BGP between the virtual and the physical world.
Today's Dilbert is dedicated to every networking and security vendor selling us just good enough solutions.
Huge "Thank you!" to Scott Adams for another well-explained documentary!
IPv6 source address spoofing should be old news – it’s no different from its IPv4 counterpart. Neighbor discovery exhaustion attack is an IPv6-only phenomenon, enabled by huge IPv6 subnet sizes.
During the IPv6 Security webinar Eric Vyncke described Cisco IOS mechanisms you can use to cope with both. Enjoy!
The upcoming Data Center Interconnect webinar (register) is sponsored by Enterasys Networks, so it’s obvious that I’ll also mention how you can use their technology to solve particular data center interconnect problems, but that’s not all. The webinar will focus primarily on Whys, Hows and Whats of solving VM- and IP address mobility challenges in multi-data center environments.
Here are a few of the topics we’ll cover:
One of my blogger friends sent me an interesting observation:
After talking to networking vendors I'm inclined to think they are going to focus on a mesh of overlays from the TOR, with possible use of overlays between vswitch and TOR too if desired - drawing analogies to MPLS with ToR a PE and vSwitch a CE. Aside from selling more hardware for this, I'm not drawn towards a solution like this bc it doesn't help with full network virtualization and a network abstraction for VMs.
The whole situation reminds me of the good old SNA and APPN days with networking vendors playing the IBM part of the comedy.
The Optimal L3 Forwarding with VARP/VRRP post generated numerous comments, ranging from technical questions about VARP (more about that in a few days) to remarks along the lines of “you can do that with X” or “vendor Y supports Z, which does the same thing.” It seems I’ve opened yet another can of worms, let’s try to tame and sort them.
Brent Salisbury sent me a link to a fantastic OpenFlow/SDN presentation Scott Shenker did @ Stanford University a few days ago. It’s a perfect introduction to the fundamental ideas behind SDN and therefore a must-see for everyone vaguely involved in networking.
Here are some of the highlights (from my highly biased perspective):