Blog Posts in September 2017
my.ipSpace.net outage: fixing broken libraries
An update of PERL libraries broke a number of my scripts (don't ask). Here's the current status:
- Fixed: credit card processing. It was impossible to buy products from ipSpace.net with credit cards (the credit card form didn't appear at all)
- Fixed: Google+ login
- Unrelated and fixed: blog search
Anything else not working? Please write a comment or send me an email. Thank you!
… updated on Tuesday, November 2, 2021 15:57 UTC
Redundancy Does Not Result in Resiliency
A while ago a large airline had a bad-hair day claiming it was caused by a faulty power supply. Not surprisingly, I got a question along the lines of “is that feasible?”
Short answer: Yes. However, someone should be really worried if that wasn’t made up.
Collect SSH Keys with Ansible
Here’s a common scenario I’m encountering on Ansible-related forums:
Q: I cannot connect to network devices with my Ansible network modules. I keep getting these weird error messages…
Me: Are you sure you have the device SSH keys in known_hosts file?
Q: How did you know?
Coming Full Circle on IPv6 Address Length
In the Future of Networking with Fred Baker Fred mentioned an interesting IPv6 deployment scenario: give a /64 prefix to every server to support container deployment, and run routing protocols between servers and ToR switches to advertise the /64 prefix to the data center fabric preferably using link-local addresses.
Let’s recap:
Worth Reading: Blogging Toolkit and Processes
Joel Knight published his blogging toolkit and processes he uses to write blog posts. Definitely worth reading even if you never plan to blog as he nicely documents how to sync creative process across multiple platforms.
Self-Driving Networks with Kireeti Kompella
A while ago I got a kind email from Kireeti Kompella, CTO @ Juniper Networks, saying “A colleague sent me an email of yours regarding SDN, the trough of disillusionment, and the rise of automation. Here's a more dramatic view: the Self-Driving Network -- one whose operation is totally automated.”
Even though Software Gone Wild podcast focuses on practical ideas that you could deploy relatively soon in your network, we decided to make an exception and talk about (as one of my friends described it) a unicorn driving a flying DeLorean with a flux capacitor.
Are VXLAN-Based Large Layer-2 Domains Safer?
One of my readers was wondering about the stability and scalability of large layer-2 domains implemented with VXLAN. He wrote:
If common BUM traffic (e.g. ARP) is being handled/localized by the network (e.g. NSX or ACI), and if we are managing what traffic hosts can send with micro-segmentation style filtering blocking broadcast/multicast, are large layer-2 domains still a recipe for disaster?
There are three major (fundamental) problems with large L2 domains:
Start Your Network Automation Journey by Mastering Fundamentals
If you’re a long-time reader of my blog you probably know that I believe in learning the fundamentals before trying to do anything else (like Google-and-Paste spaghetti wall approach), so you could imagine my delight when I got this feedback from an engineer watching (free) Network Programmability 101 webinar:
I was expecting a technical webinar, so I was a little bit disappointed at first with a “meta” webinar, but as I got through I was more than happy; learning such a meta sphere or getting to know other mindsets is very useful for me. The webinar pushed me to think outside of my little world and to open my mind.
That's exactly what I'm trying to achieve with the high-level webinars. So glad to hear it worked ;))
Improving BGP Convergence without Tweaking BGP Timers
One of the perks of my online courses is the lifetime access to course Slack team, and you’d amazed by the variety of questions asked there. Not so long ago I got one on BGP timers:
The BGP timers I’m using in my network are 5 and 15 seconds, and I am not sure if it's a good practice to reduce them even more.
You should always ask yourself this set of questions before tweaking a nerd knob:
Upcoming Events and Webinars
You might have noticed the “upcoming webinars” blog widget is gone and I’ll write a blog post every two weeks or so to keep you updated on upcoming webinars and other events.
Here’s what’s coming in September and October 2017:
- Does Docker (and containers) make sense with Cumulus Networks on September 21st in Zurich;
- Docker workshop on September 21st in Zurich;
- DevOps and Security for Enterprise Environments on September 28th;
- Second part of Network Visibility with Flow Data webinar on October 5th;
- Network automation workshop in Rome on October 18th.
NFD16 First Impressions
Getting bored sitting at San Jose airport waiting for Vagrant to update guest additions in my Ubuntu VM (first item on my to-do list: prepare final version of material for next week’s Docker workshop), so here are my very first impressions of Networking Field Day 16 presentations we’ve seen in the last three days.
As always, there were great presentations, good presentations, … and a few that are best forgotten. I won’t mention those.
Network Automation with Ansible for Undergraduate Students
Long story short: I’m offering a few free seats in my Ansible for Networking Engineers online course to undergraduate or master’s students.
Interested? Check out the details, and apply before October 1st.
Too old? Please spread the word ;)
Video: Using REST API with PowerShell
PowerShell is a great scripting environment if your vendor provided PowerShell libraries to control their software or devices… but what if all you got is REST API (example: Nexus switches)?
We’ll conveniently ignore the challenges of managing devices that use 30-year-old non-scriptable CLI.
Open-Source Networking Textbook
A month ago I told you how dr. Olivier Bonaventure starts his networking course with IPv6. But there’s more: the full textbook for the undergraduate course (Computer Networking: Principles, Protocols and Practice) is open-sourced and available (in source form) on GitHub.
You might wonder why I’m so enthusiastic, so let me tell you another story…
Featured webinar: Ansible for Networking Engineers
The featured webinar in September 2017 is the Ansible for Networking Engineers webinar, and in the featured videos you'll learn what Jinja2 is and how you can use it to generate network device configurations with Ansible.
If you already have an trial subscription, log into my.ipspace.net, select the Ansible webinar from the first page, and watch the videos marked with star. To start your trial subscription, register here.
Why Is Cisco Pushing LISP in Enterprise Campus?
I got several questions along the lines of “why is Cisco pushing LISP instead of using EVPN in VXLAN-based Enterprise campus solutions?”
Honestly, I’m wondering that myself (and maybe I’ll get the answer in a few days @ NFD16). However, let’s start at the very beginning…
Networking Trends Discussion with Andrew Lerner and Simon Richard
In June 2017, we concluded the Building Next Generation Data Center online course with a roundtable discussion with Andrew Lerner, Research Vice President, Networking, and Simon Richard, Research Director, Data Center Networking @ Gartner.
During the first 45 minutes, we covered a lot of topics including:
Rant: VMware Cloud on AWS Marketing and Reality
VMware started talking about VMware Cloud on AWS a while ago, and my first response was “yeah, it’s just vCloud Air but they wanted to get rid of CapEx, so it’s running on someone else’s servers”
Last week Frank Denneman published a technical overview of the solution and I was mostly correct.
New in Ansible for Networking Engineers Online Course
Plenty of new stuff was added to the Ansible for Networking Engineers online course and webinar since the last update.
Fun things first: I needed adjustable check mode behavior and change tracking in some playbooks, and documented these features in two new videos (online course and webinar).
Intent-Based Hype
It all started with a realistic response I got to my automation and orchestration blog post (here’s a unicorn-driving-a-DeLorean one in case you missed it):
Maybe you could also add the “intent-based network” which is also not so far from orchestration?
It got me thinking. The way I understand intent-based whatever, it’s an approach where I tell a system what I want it to do, not how to do it.
Video: Building Data Center Fabrics with SPB
There are two reasonable ways of building a layer-2 leaf-and-spine fabric: use VXLAN (the direction almost everyone in the industry is taking at the moment), or routing-on-layer-2 technology like TRILL or SPB.