Building network automation solutions

9 module online course

Start now!

Blog Posts in November 2013

Terastream Part 2: Lightweight 4over6 and Network Function Virtualization (NFV)

In the first Terastream blog post I mentioned Deutsche Telekom decided to use an IPv6-only access network. Does that mean they decided to go down the T-Mobile route and deployed NAT64 + 464XLAT? That combo wouldn’t work well for them, and they couldn’t use MAP-E due to lack of IP address space, so they deployed yet another translation mechanism – Lightweight 4over6.

read more see 2 comments

Layer-3 Forwarding with VMware NSX Edge Services Router

The easiest way of connecting overlay virtual networks implemented with VMware NSX for vSphere to the outside world is NSX Edge Services Router. It’s a much improved version of vShield Edge and provides way more than just layer-3 forwarding services – it’s also a firewall, load balancer, DHCP server, DNS forwarder, NAT and VPN termination device.

read more see 2 comments

Don’t Use ULA Addresses in Service Provider Core

Dan sent me the following question:

I had another read of the ‘Building IPv6 Service Provider Networks’ material and can see the PE routers use site local ipv6 addressing. I’m about to build another small service provider setup and wondered: would you actually use site local for PE loopbacks etc, or would you use ULA or global addressing? I’m thinking ULA would be better from a security point of view?

TR&DR summary: Don’t do that.

read more add comment

Typical Enterprise Application Deployment Process is Broken

As one of their early marketing moves, VMware started promoting VMware NSX with a catchy “fact” – you can deploy a new VM or virtual disk in minutes, but it usually takes days or more before you can get a new VLAN or a firewall or load balancer rule from the networking team.

Ignoring the complexity of network virtualization, they had a point, and the network services rigidity really bothered me … until I finally realized that we’re dealing with a broken process.

read more see 3 comments

Layer-2 and Layer-3 Switching in VMware NSX

All overlay virtual networking solutions look similar from far away: many provide layer-2 segments, most of them have some sort of distributed layer-3 forwarding, gateways to physical world are ubiquitous, and you might find security features in some products.

The implementation details (usually hidden behind the scenes) vary widely, and I’ll try to document at least some of them in a series of blog posts, starting with VMware NSX.

read more see 1 comments

Deutsche Telekom TeraStream: Designed for Simplicity

Almost a year ago rumors started circulating about a Deutsche Telekom pilot network utilizing some crazy new optic technology. In spring I’ve heard about them using NFV and Tail-f NCS for service provisioning … but it took a few more months till we got the first glimpses into their architecture.

TL&DR summary: Good design always beats bleeding-edge technologies

read more see 8 comments

Technical Debt – and How We Can Fix It

In late October I had the closing presentation at our yearly customer event, and decided to talk about one of the most pressing (at least in my opinion) IT problems – the technical debt from the networking/sysadmin perspective.

You can view the presentation on my web site. It’s one of those presentations that look way better on video (which will be published … but it’s in Slovenian), but I’m positive the meme-lovers will enjoy it.

add comment

Make Every Application an Independent Tenant

Traditional data centers are usually built in a very non-scalable fashion: everything goes through a central pair of firewalls (and/or load balancers) with thousands of rules that no one really understands; servers in different security zones are hanging off VLANs connected to the central firewalls.

Some people love to migrate the whole concept intact to a newly built private cloud (which immediately becomes server virtualization on steroids) because it’s easier to retain existing security architecture and firewall rulesets.

read more see 10 comments

Cisco Nexus 9000 and ACI: Promising P+V Architecture

Last week’s Nexus 9000 and Application Centric Architecture launch triggered an avalanche of opinions. Some bloggers focused on the fact that there’s a Linux kernel underneath the NX-OS (So what? What else would make sense?), others tried to make sense of ACI from the marketing materials (good luck with that) … and almost nobody mentioned what might be a crucial piece of the architecture: the Application Virtual Switch (AVS).

read more add comment

Two and a Half Years after OpenFlow Debut, the Media Remains Clueless

If you repeat something often enough, it becomes a “fact” (or an urban myth). SDN is no exception, industry press loves to explain SDN like this:

[SDN] takes the high-end features built into routers and switches and puts them into software that can run on cheaper hardware. Corporations still need to buy routers and switches, but they can buy fewer of them and cheaper ones.

That nice soundbite contains at least one stupidity per sentence:

read more see 16 comments

Finally: Juniper Supports a Leaf-and-Spine Virtual Chassis

The recent Juniper product launch included numerous components, among them: a new series of data center switches (including a badly-needed spine switch), MetaFabric reference architecture (too meta for me at the moment – waiting to see the technical documentation beyond the whitepaper level), and (finally) a leaf-and-spine virtual chassis – Virtual Chassis Fabric.

read more see 4 comments

Are Your Applications Cloud-Friendly?

A while ago I had a discussion with someone who wanted to be able to move whole application stacks between different private cloud solutions (VMware, Hyper-V, OpenStack, Cloud Stack) and a variety of public clouds.

Not surprisingly, there are plenty of startups working on the problem – if you’re interested in what they’re doing, I’d strongly recommend you add to your list of favorite podcasts – but the only correct way to solve the problem is to design the applications in a cloud-friendly way.

read more see 4 comments