Blog Posts in June 2018
Network Infrastructure as Code in Network Automation Online Course
In mid-May, I ran an onsite network automation workshop, and the manager organizing the workshop for his team invited me to a dinner with his peers. Not surprisingly, they wanted to hear about the topics covered in the workshop, and as soon as I mentioned Network-Infrastructure-as-Code several of them said “yes, that definitely needs to be covered.”
Book: EVPN in Data Center
The EVPN in the Data Center book by Dinesh Dutt, the author of EVPN Technical Deep Dive webinar and member of ipSpace.net ExpertExpress team has finally been published. It’s kept safe behind NVIDIA regwall; you can also access it through the O’Reilly website.
Time for a Summer Break
So many things have happened since I wrote “this is what we’re going to do in 2018” blog post. We ran
- An automation course and a data center course, resulting in three new modules in the automation course, and over 20 hours of fresh content
- Three workshops, two of them brand new and resulting in material for VMware NSX Deep Dive and AWS Networking webinars (both coming in early autumn).
We also did a ton of webinars:
Upcoming Webinars and Events: Autumn 2018
On Tuesday I had the last webinar in spring 2018. One more online course session and it will be time for long summer break. In the meantime, we’re already planning the autumn events:
- We’ll start with Lean Start in Network Automation workshop in Zurich, Switzerland, on August 30th. Register here.
- Building Network Automation Solutions online course starts on September 20th.
We also have the first webinars scheduled:
- We’ll start with two introductory webinars: SDDC 101 on August 28th and SD-WAN Overview on September 4th.
- The first session of technical deep dive into VMware NSX will be on September 11th.
- Amazon Web Service Networking workshop was a huge success, and we’ll turn it into a webinar in early October.
- There will be an interesting math-focused webinar on October 8th;
- Dinesh Dutt will talk about fabric troubleshooting in mid-November;
You can attend all these webinars with an ipSpace.net webinar subscription.
Worth Reading: Fake News in IT
Stumbled upon “Is Tech News Fake” article by Tom Nolle. Here’s the gist of his pretty verbose text:
When readers pay for news, they get news useful to readers. When vendors pay, not only do the vendors get news they like, the rest of us get that same story. It doesn’t mean that the story being told is a lie, but that it reflects the view of an interested party other than the reader.
High-quality content is not cheap, so always ask yourself: who’s paying for the content… and if it’s not you, you may be the product.
Full disclosure: ipSpace.net is funded exclusively with subscriptions and online courses. Some of our guest speakers work for networking vendors, but we always point that out, and never get paid for that.
Presentation: Three Paths of Enterprise IT
During last week’s SIGS Technology Conference I had a keynote presentation about the three paths of enterprise IT.
Unfortunately, the event wasn’t recorded, but you can view the presentation here. Contact me if you have any questions, or Irena if you'd like to have a similar keynote for your event.
Vertical Integration Musings
One of my readers asked me a question that came up in his business strategy class:
Why did routers and switches end up being vertically integrated (the same person makes the hardware and the software)? Why didn't they go down the same horizontal path as compute (with Intel making chips, OEMs making systems and Microsoft providing the OS)? Why did this resemble the pre-Intel model of IBM, DEC, Sun…?
Simple answer: because nobody was interested in disaggregating them.
Worth Reading: Discovering Issues with HTTP/2
A while ago I found an interesting analysis of HTTP/2 behavior under adverse network conditions. Not surprisingly:
When there is packet loss on the network, congestion controls at the TCP layer will throttle the HTTP/2 streams that are multiplexed within fewer TCP connections. Additionally, because of TCP retry logic, packet loss affecting a single TCP connection will simultaneously impact several HTTP/2 streams while retries occur. In other words, head-of-line blocking has effectively moved from layer 7 of the network stack down to layer 4.
What exactly did anyone expect? We discovered the same problems running TCP/IP over SSH a long while ago, but then too many people insist on ignoring history and learning from their own experience.
What Is Intent-Based Networking?
Whenever someone mentions intent-based networking I try to figure out what exactly they’re talking about. Not surprisingly, I get a different answer every single time. Confused by all that, I tried to find a good definition, but all I could find was vendor marketing along the lines of “Intent-based networking captures and translates business intent so that it can be applied across the network,” or industry press articles regurgitating vendor white papers.
Start with Business Requirements, not Technology
This is the feedback I got from someone who used ExpertExpress to discuss the evolution of their data center:
The session has greatly simplified what had appeared to be a complex and difficult undertaking for us. Great to get fresh ideas on how we could best approach our requirements and with the existing equipment we have. Very much looking forward to putting into practice what we discussed.
And here’s what Nicola Modena (the expert working with the customer) replied:
As I told you, the problem is usually to map the architectures and solutions that are found in books, whitepapers, and validated designs into customer’s own reality, then to divide the architecture into independent functional layers, and most importantly to always start from requirements and not technology.
A really good summary of what ipSpace.net is all about ;) Thank you, Nicola!
Avoid Summarization in Leaf-and-Spine Fabrics
I got this design improvement suggestion after publishing When Is BGP No Better than OSPF blog post:
Putting all the leafs in the same ASN and filtering routes sent down to the leafs (sending just a default) are potential enhancements that make BGP a nice option.
Tony Przygienda quickly wrote a one-line rebuttal: “unless links break ;-)”
Snabb Switch Update on Software Gone Wild
In 2014, we did a series of podcasts on Snabb Switch (Snabb Switch and OpenStack, Deep Dive), a software-only switch delivering 10-20 Gbps of forwarded bandwidth per x86 core. In the meantime, Snabb community slowly expanded, optimized the switching code, built a number of solutions on top of the packet forwarding core, and even forked a just-in-time Lua compiler to get better performance.
To find out the details, listen to Episode 91 of Software Gone Wild in which Luke Gorrie explained how far the Snabb project has progressed in the last four years.
Automation Win: Document Cisco ACI Configuration
This blog post was initially sent to the subscribers of my SDN and Network Automation mailing list. Subscribe here.
A while ago I complained how the GUI- or API-based orchestration (or intent-based) systems make it hard to figure out what exactly has been configured because they can’t give you a single text configuration file that you could track with version-control software.
Dirk Feldhaus found the situation so ridiculous that he decided to create an Ansible playbook that collects and dumps tenant parameters configured on a Cisco ACI tenant as a homework assignment in the Building Network Automation Solutions online course. As he explained the problem:
Integrating 3rd Party Firewalls with Amazon Web Services (AWS) VPC Networking
After figuring out how packet forwarding really works within AWS VPC (here’s an overview, the slide deck is already available to ipSpace.net subscribers) the next obvious question should be: “and how do I integrate a network services device like a next-generation firewall I have to use because $securityPolicy into that environment?”
Please don’t get me started on whether that makes sense, that’s a different discussion.
Christer Swartz, an old-time CCIE and occasional guest on Software Gone Wild podcast will show you how to do it with a Palo Alto firewall during my Amazon Web Services Networking Deep Dive workshop on June 13th in Zurich, Switzerland (register here).
Is EBGP Really Better than OSPF in Leaf-and-Spine Fabrics?
Using EBGP instead of an IGP (OSPF or IS-IS) in leaf-and-spine data center fabrics is becoming a best practice (read: thing to do when you have no clue what you’re doing).
The usual argument defending this design choice is “BGP scales better than OSPF or IS-IS”. That’s usually true (see also: Internet), and so far, EBGP is the only reasonable choice in very large leaf-and-spine fabrics… but does it really scale better than a link-state IGP in smaller fabrics?
From the Trenches: Rampant MacGyver-ism
Here’s a response I got from Simon Milhomme on my Why Is Network Automation So Hard article: