Blog Posts in August 2018
In recent Software Gone Wild episodes we explored emerging routing protocols trying to address the specific needs of highly-meshed data center fabrics – RIFT and OpenFabric. In Episode 92 with Dinesh Dutt we decided to revisit the basics trying to answer a seemingly simple question: do we really need new routing protocols?
One of my subscribers wondered whether it would make sense to build a traditional leaf-and-spine fabric or go for Cisco ACI. He started his email with:
One option is a "standalone" Spine/Leaf VXLAN-with EVPN deployment based on Nexus equipment. This approach could probably be accompanied by some kind of automation like Ansible to ease operation/maintenance of the network.
This is what I would do these days if the customer feels comfortable investing at least the minimum amount of work into an automation solution. Having simpler technology + well-understood automation solution is (in my biased opinion) better than having a complex black box.
What are some of the challenges?
The biggest challenge everyone faces when starting the network automation is the snowflake nature of most enterprise networks and the million one-off exceptions we had to make in the past to cope with badly-designed applications or unrealistic user requirements. Remember: you cannot automate what you cannot describe in enough details.
I had a great chat about the benefits of network automation with Christoph Jaggi a while ago, resulting in 2-part interview published by Inside-IT. As you might prefer to read the English original instead of using Google Translate, here it is (or you could practice your language skills and read the German version).
We migrated the self-study materials for the network infrastructure and services module of the Building Next-Generation Data Centers online course into the new format, and split the largest module of the course into manageable chunks: data center fabrics 101, designing leaf-and-spine fabrics, overlay virtual networking, IPv6 and network services.
Feedback on the new format is obviously highly welcome. Thank you!
Christoph Jaggi, the author of Transport and Network Security Primer and Ethernet Encryption webinars published a high-level introductory article in Inside-IT online magazine describing security deficiencies of SD-WAN solutions based on the work he did analyzing them for a large multinational corporation.
As the topic might be interesting to a wider audience, I asked him to translate the article into English. Here it is…
I stumbled upon an article with an interesting title (and worth reading): To Make Self-Driving Cars Safe, We Also Need Better Roads and Infrastructure… and thought about the claims along the lines of “if they managed to solve the self-driving cars challenge, it’s realistic to expect self-driving networks” made in Self-Driving Networks podcast episode. Turns out the self-driving cars problem is far far away from being solved.
The summer break is over, and we’ve already scheduled a half-dozen events and webinars in August and September:
- We’ll start with Introduction to Software-Defined Data Centers webinar on August 28th.
- There are still a few places left in the Lean Start in Network Automation workshop in Zurich, Switzerland, on August 30th. Register here.
We’ll run an event or webinar in almost every single week in September:
TL&DR: You’re not Google, you don’t have their problems, and so you’re probably not a good match for their tools.
While this shouldn’t come as a surprise to regular readers of my blog (here’s what I wrote on the topic in 2016), it’s refreshing to see it spelled out so eloquently (and by an ex-Googler).
This blog post was initially sent to the subscribers of my SDN and Network Automation mailing list. Subscribe here.
Tom Limoncelli published a must-read article in ACM Queue describing GitOps – the idea of using Pull Requests together with CI/CD pipeline to give your users the ability to request changes to infrastructure configuration.
Using GitOps in networking is nothing new – Leslie Carr talked about this concept almost three years ago @ RIPE 71, and I described some of the workflows you could use in Network Automation 101 webinar.
When I started the Building Next-Generation Data Centers online course, I didn’t have the automated infrastructure to support it, so I had to go with the next best solution: a reasonably-flexible Content Management System, and Mediawiki turned out to be a pretty good option.
In the meantime, we developed a full-blown course support system, included guided self-paced study (available with most ipSpace.net online course), and progress tracking. It was time to migrate the data center material into the same format.
A while ago I stumbled upon Schneier’s law (must-read):
Any person can invent a security system so clever that she or he can't think of how to break it.
I’m pretty sure there’s a networking equivalent:
Any person can create a clever network design that is so complex that she or he can't figure out how it will fail in production.
I know I’ve been there with my early OSPF network designs.
After fixing the Building Network Automation Solutions materials, I decided to tackle the next summer janitorial project: creating standard curriculum pages for Building Next Generation Data Centers online course and splitting it into more granular modules (the course is ~150 hours long, and some modules have more than 40 hours of self-study materials).
In traditional vendor-driven networking world, you might be able to persuade your vendor to implement the knob (you think) you need in 3 years by making it a mandatory requirement for a $10M purchase order. In open-source world you implement the knob, write the unit tests, and submit a pull request.
The materials and descriptions for the Building Network Automation Solutions online course got a slight makeover: all live session recordings are now part of self-study materials, and the module description pages use consistent format for self-study materials and live sessions.
Next on the janitor’s list: a similar makeover for the Data Center online course.
During the last weeks I migrated the whole my.ipspace.net site (apart from the workgroup administration pages) to the new ipSpace.net design. Most of the changes should be transparent (apart from the pages looking better than before ;); I also made a few more significant changes: