Blog Posts in January 2014

Complex Routing in Hyper-V Network Virtualization

The layer-3-only Hyper-V Network Virtualization forwarding model implemented in Windows Server 2012 R2 thoroughly confuses engineers used to deal with traditional layer-2 subnets connected via layer-3 switches.

As always, it helps to take a few steps back, focus on the principles, and the “unexpected” behavior becomes crystal clear.

2014-02-05: HNV routing details updated based on feedback from Praveen Balasubramanian. Thank you!

read more see 7 comments

Visit my SDN Workshop @ Troopers 2014

Enno Rey (the mastermind behind the Troopers conference) and myself got a cunning plan during one of the Troopers 2013 dinners – we’d have an SDN & Security presentation at Troopers 2014.

As always, Enno exceeded my wildest expectations, and offered me to have a full-day SDN workshop during this year’s conference – an offer I simply couldn’t refuse.

SDN, security, IPv6, Heidelberg, fantastic presenters and audience, great organizers – it can’t get any better … all you have to do is register.

add comment

Network Monitoring with OpenFlow

You know how hard it is to get the network traffic statistics: interface counters are too coarse, Netflow records are too granular, Sflow is sampling… life is hard for network monitoring Goldilocks.

In the Network Monitoring video (part of Real-Life OpenFlow Use Cases webinar) I explained an interesting alternative: you could get (hardware permitting) traffic counters with ever OpenFlow flow entry, resulting in any granularity you need.

see 1 comments

Controller Implementation Choices Affecting OpenFlow Scalability

The first part of the Real-life OpenFlow Use Cases webinar focused on controller design and implementation choices that can significantly impact the scalability of an OpenFlow solution:

You could tell we had great fun with these topics: we spent more than half an hour on five slides.

add comment

What Exactly Is SDN (And Does It Make Sense)?

When Open Networking Foundation claimed ownership of Software-Defined Networking, they defined it as separation of control and data plane:

[SDN is] The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices.

Does this definition make sense or is it too limiting? Is there more to SDN? Would a broader scope make more sense?

read more add comment

Source IPv6 Address Selection Saves the Day

My recommendation to use ULA addresses for internal communications within organizations that don’t have their own provider-independent address space resulted in the following comment:

[…] Having ULA for internal company communication and global IPv6 addresses for communication with the Internet will cause lots of issues with application guys since now application has to bind to specific IPv6 address for internal communications and another IPv6 address to go to the Internet.

Numerous aspects of IPv6 may still be broken, but fortunately this is not one of them.

I missed a crucial detail: because RFC 6724 prefers IPv4 addresses over ULA addresses, impossible to use ULA addresses in dual-stack networks. Even this aspect of IPv6 is broken :(
read more see 9 comments

How Did Software Defined Networking Start?

Software-Defined Networking is clearly a tautological term – after all, software defined networking device behavior ever since we stopped using Token Ring MAUs and unmanaged hubs. Open Networking Foundation claims it owns the definition of the term (which makes approximately as much sense as someone claiming they own the definition of red-colored clouds), but I was always wondering who coined the term in the first place.

read more see 3 comments

VMware NSX Gateway Questions

Gordon sent me a whole list of NSX gateway questions:

  • Do you need a virtual gateway for each VXLAN segment or can a gateway be the entry/exit point across multiple VXLAN segments?
  • Can you setup multiple gateways and specify which VXLAN segments use each gateway?
  • Can you cluster gateways together (Active/Active) or do you setup them up as Active/Standby?

The answers obviously depend on whether you’re deploying NSX for multiple hypervisors or NSX for vSphere. Let’s start with the former.

read more see 2 comments