Blog Posts in September 2017
An update of PERL libraries broke a number of my scripts (don't ask). Here's the current status:
- Fixed: credit card processing. It was impossible to buy products from ipSpace.net with credit cards (the credit card form didn't appear at all)
- Fixed: Google+ login
- Unrelated and fixed: blog search
Anything else not working? Please write a comment or send me an email. Thank you!
A while ago a large airline had a bad-hair day claiming it was caused by a faulty power supply. Not surprisingly, I got a question along the lines of “is that feasible?”
Short answer: Yes. However, someone should be really worried if that wasn’t made up.
Here’s a common scenario I’m encountering on Ansible-related forums:
Q: I cannot connect to network devices with my Ansible network modules. I keep getting these weird error messages…
Me: Are you sure you have the device SSH keys in known_hosts file?
Q: How did you know?
In the Future of Networking with Fred Baker Fred mentioned an interesting IPv6 deployment scenario: give a /64 prefix to every server to support container deployment, and run routing protocols between servers and ToR switches to advertise the /64 prefix to the data center fabric preferably using link-local addresses.
Joel Knight published his blogging toolkit and processes he uses to write blog posts. Definitely worth reading even if you never plan to blog as he nicely documents how to sync creative process across multiple platforms.
A while ago I got a kind email from Kireeti Kompella, CTO @ Juniper Networks, saying “A colleague sent me an email of yours regarding SDN, the trough of disillusionment, and the rise of automation. Here's a more dramatic view: the Self-Driving Network -- one whose operation is totally automated.”
Even though Software Gone Wild podcast focuses on practical ideas that you could deploy relatively soon in your network, we decided to make an exception and talk about (as one of my friends described it) a unicorn driving a flying DeLorean with a flux capacitor.
One of my readers was wondering about the stability and scalability of large layer-2 domains implemented with VXLAN. He wrote:
If common BUM traffic (e.g. ARP) is being handled/localized by the network (e.g. NSX or ACI), and if we are managing what traffic hosts can send with micro-segmentation style filtering blocking broadcast/multicast, are large layer-2 domains still a recipe for disaster?
There are three major (fundamental) problems with large L2 domains:
If you’re a long-time reader of my blog you probably know that I believe in learning the fundamentals before trying to do anything else (like Google-and-Paste spaghetti wall approach), so you could imagine my delight when I got this feedback from an engineer watching (free) Network Programmability 101 webinar:
I was expecting a technical webinar, so I was a little bit disappointed at first with a “meta” webinar, but as I got through I was more than happy; learning such a meta sphere or getting to know other mindsets is very useful for me. The webinar pushed me to think outside of my little world and to open my mind.
That's exactly what I'm trying to achieve with the high-level webinars. So glad to hear it worked ;))
One of the perks of my online courses is the lifetime access to course Slack team, and you’d amazed by the variety of questions asked there. Not so long ago I got one on BGP timers:
The BGP timers I’m using in my network are 5 and 15 seconds, and I am not sure if it's a good practice to reduce them even more.
You should always ask yourself this set of questions before tweaking a nerd knob:
You might have noticed the “upcoming webinars” blog widget is gone and I’ll write a blog post every two weeks or so to keep you updated on upcoming webinars and other events.
Here’s what’s coming in September and October 2017:
- Does Docker (and containers) make sense with Cumulus Networks on September 21st in Zurich;
- Docker workshop on September 21st in Zurich;
- DevOps and Security for Enterprise Environments on September 28th;
- Second part of Network Visibility with Flow Data webinar on October 5th;
- Network automation workshop in Rome on October 18th.
Getting bored sitting at San Jose airport waiting for Vagrant to update guest additions in my Ubuntu VM (first item on my to-do list: prepare final version of material for next week’s Docker workshop), so here are my very first impressions of Networking Field Day 16 presentations we’ve seen in the last three days.
As always, there were great presentations, good presentations, … and a few that are best forgotten. I won’t mention those.
PowerShell is a great scripting environment if your vendor provided PowerShell libraries to control their software or devices… but what if all you got is REST API (example: Nexus switches)?
We’ll conveniently ignore the challenges of managing devices that use 30-year-old non-scriptable CLI.
A month ago I told you how dr. Olivier Bonaventure starts his networking course with IPv6. But there’s more: the full textbook for the undergraduate course (Computer Networking: Principles, Protocols and Practice) is open-sourced and available (in source form) on GitHub.
You might wonder why I’m so enthusiastic, so let me tell you another story…
The featured webinar in September 2017 is the Ansible for Networking Engineers webinar, and in the featured videos you'll learn what Jinja2 is and how you can use it to generate network device configurations with Ansible.
If you already have an trial subscription, log into my.ipspace.net, select the Ansible webinar from the first page, and watch the videos marked with star. To start your trial subscription, register here.
I got several questions along the lines of “why is Cisco pushing LISP instead of using EVPN in VXLAN-based Enterprise campus solutions?”
Honestly, I’m wondering that myself (and maybe I’ll get the answer in a few days @ NFD16). However, let’s start at the very beginning…
You might have noticed that my blog looks a bit different than it did a few hours ago thanks to fantastic work by Nils & Mathias from Strandrover.Agency (and a bit of homegrown blogger template hacking). We tested all functionality we could think of, if we missed something, please write a comment (they still work ;).
When reporting a problem, please tell me what browser (and browser version) you're using and whether you're using a web proxy (like Cisco Web Security Appliance).
In June 2017, we concluded the Building Next Generation Data Center online course with a roundtable discussion with Andrew Lerner, Research Vice President, Networking, and Simon Richard, Research Director, Data Center Networking @ Gartner.
During the first 45 minutes, we covered a lot of topics including:
VMware started talking about VMware Cloud on AWS a while ago, and my first response was “yeah, it’s just vCloud Air but they wanted to get rid of CapEx, so it’s running on someone else’s servers”
Last week Frank Denneman published a technical overview of the solution and I was mostly correct.
Fun things first: I needed adjustable check mode behavior and change tracking in some playbooks, and documented these features in two new videos (online course and webinar).
Maybe you could also add the "intent-based network" which is also not so far from orchestration?
It got me thinking. The way I understand intent-based whatever, it’s an approach where I tell a system what I want it to do, not how to do it.
There are two reasonable ways of building a layer-2 leaf-and-spine fabric: use VXLAN (the direction almost everyone in the industry is taking at the moment), or routing-on-layer-2 technology like TRILL or SPB.