Blog Posts in February 2018

Single-Image Systems or Automated Fabrics

In the Network Automation 101 webinar and Building Network Automation Solutions online course I described one of the biggest challenges the networking engineers are facing today: moving from thinking about boxes and configuring individual devices to thinking about infrastructure and services, and changing data models which result in changed device configurations.

The $1B question is obviously: and how do we get from here to there?

read more see 8 comments

Upcoming Events

In March 2018, we’ll continue the crazy content producing pace you’ve seen in January and February:
  • We’ll have the first part of NSX, ACI or EVPN webinar on March 1st. This session will cover the basics (don’t expect too many details), a follow-up session on April 24th with Mitja Robas will go into design considerations;
  • The EVPN Technical Deep Dive series with Dinesh Dutt starts on March 6th;
  • Elisa and Paolo will run the final part of Network Visibility with Flow Data on March 8th;
  • Last webinar in March: another installment in the leaf-and-spine saga – Multi-Pod and Multi-Site Fabrics with Lukas Krattiger on March 29th;
March is also the Troopers month. I’ll run a Hands-On Network Automation workshop there and have a motivational presentation during the main conference.
read more add comment

Anti-Automation from the Antimatter Universe

One of my readers sent me a vivid description of his interactions with one of the so-called next-generation firewall vendors. Enjoy!

We’re using their highly promoted Next Generation Firewall (NGFW) management solution. New cutting edge software, centralized manager… but no CLI for configuration (besides some initial bootstrap commands). "You don't need that because everything is managed from our centralized manager GUI", says $vendor sales managers.

read more see 15 comments

Big Red Button for Network Automation

A while ago I was enjoying a few beers with a longtime friend of mine who happens to be running the networking team for one of the rare companies that understands how infrastructure should be built and operated.

Of course, I had to ask him what he thinks about the imminent death of CLI and all-encompassing automatic provisioning from some central orchestration system. Here’s the gist of his response:

read more see 2 comments

Automation Isn’t About Building a Button to Press

This is a guest blog post by Carl Buchmann, Managing Solution Consultant at TeraMach. Carl attended the Building Network Automation Solutions online course in 2017.

There is one thing I regret not doing sooner during my automation journey, and that is adopting Git and a proper IDE/text editor that has built-in source control management. I personally use Microsoft Visual Studio Code, as it has Git built in and has many great extensions to validate code syntax.

read more add comment

[Video] Configure Data Center Devices with PowerShell

PowerShell started as a tool to automate Windows servers. It was picked up by VMware (and others) as a platform on which they built their own solutions (PowerCLI and PowerNSX)… but did you know you can use it to configure data center infrastructure, including NX-OS switches, SAN networks, and Cisco UCS?

In the Configuring Data Center Devices with PowerShell video, Mitja Robas described how to do that, and provided source code for all his examples.

You’ll need at least free subscription to watch the video.

add comment

How Self-Sufficient Do You Want to Be?

The first car I got decades ago was a simple mechanical beast – you’d push something, and a cable would make sure something else moved somewhere. I could also fix 80% of the problems, and people who were willing to change spark plugs and similar stuff could get to 90+%.

Today the cars are distributed computer systems that nobody can fix once they get a quirk that is not discoverable with level-1 diagnostic tools.

read more see 3 comments

ExpertExpress Evolved into a Team of Experts

Years ago, I decided to try out another idea: solving real-life challenges with the help of an easy-to-consume online consulting service. When I discussed the idea with my friends during one of the early Networking Field Day events the opinion was pretty unanimous: “this will never work”

Fortunately, they were wrong. Not only did ~100 customers decided to use it in the meantime, the simple idea grew to a point where I couldn’t do it all on my own.

read more add comment

EVPN Is More than VPLS on Steroids

Tiziano Tofoni wrote a lengthy comment on my EVPN in small data center fabrics blog post continuing the excellent discussion we started over a beer last October. Today, I’ll address the first part:

I think that EVPN is an excellent standard for those who love Layer 2 (L2) services; we may say that it is an evolution of the implementation of the VPLS service, which addresses some limits in the original standard (RFCs 4761 and 4762).

I might be missing something, but in my opinion, there’s no similarity between EVPN and VPLS (apart from the fact that they’re trying to solve the same problem).

read more see 1 comments

Automation Win: MPLS/VPN Service Deployment

I always encourage the students attending the Building Network Automation Solutions online course to create solutions for problems they’re facing in their networks instead of wasting time with vanilla hands-on assignments.

Francois Herbet took the advice literally and decided to create a solution that would configure PE-routers and create full-blown device configurations for CE-routers.

read more see 3 comments

Video: What Is PowerNSX?

One of the beauties of VMware NSX is that it’s fully API-based – you can automate any aspect of it by writing a script (or using any of the network automation tools) that executes a series of well-defined (and well-documented) API calls.

To make that task even easier, VMware released PowerNSX, an open-source library of PowerShell commandlets that abstract the internal details of NSX API and give you an easy-to-use interface (assuming you use PowerShell as your automation tool).

read more see 1 comments

Automation Win: Cleanup Checkpoint Configuration

Gabriel Sulbaran decided to tackle a pretty challenging problem after watching my Ansible for Networking Engineers webinar: configuring older Checkpoint firewalls.

I had no idea what Ansible was when I started your webinar, and now I already did a really simple but helpful playbook to automate changing the timezone and adding and deleting admin users in a Checkpoint firewall using the command and raw modules. Had to use those modules because there are no official Checkpoint module for the version I'm working on (R77.30).

Did you automate something in your network? Let me know!

see 1 comments

Using EVPN in Very Small Data Center Fabrics

I had an interesting “how do you build a small fabric without throwing every technology in the mix” discussion with Nicola Modena and mentioned that I don’t see a reason to use EVPN in fabrics with just a few switches. He disagreed and gave me a few good scenarios where EVPN might be handy. Before discussing them let’s establish a baseline.

The Setup

Assume you’re building two small data center fabrics (small because you have only a few hundred VMs and two because of redundancy and IT auditors).

read more see 5 comments

Machine Learning and Network Traffic Management

A while ago Russ White (answering a reader question) mentioned some areas where we might find machine learning useful in networking:

If we are talking about the overlay, or traffic engineering, or even quality of service, I think we will see a rising trend towards using machine learning in network environments to help solve those problems. I am not convinced machine learning can solve these problems, in the sense of leaving humans out of the loop, but humans could set the parameters up, let the neural network learn the flows, and then let the machine adjust things over time. I tend to think this kind of work will be pretty narrow for a long time to come.

Guess what: as fancy as it sounds, we don’t need machine learning to solve those problems.

read more see 1 comments

First Speakers in Building Next-Generation Data Center Online Course

Although it’s almost three months till the start of the Building Next-Generation Data Center online course, we already have most of the guest speakers. Today I’d like to introduce the first two (although they need no introduction).

You might have heard about Russ White. He was known as Mr. CCDE when that program started and recently focused more on data centers, open networking and whitebox switching. He’s also an authority on good network design and architecture, network complexity, and tradeoffs you have to make when designing a network.

read more add comment