In March 2018, we’ll continue the crazy content producing pace you’ve seen in January and February:

• We’ll have the first part of NSX, ACI or EVPN webinar on March 1st. This session will cover the basics (don’t expect too many details), a follow-up session on April 24th with Mitja Robas will go into design considerations;
• The EVPN Technical Deep Dive series with Dinesh Dutt starts on March 6th;
• Elisa and Paolo will run the final part of Network Visibility with Flow Data on March 8th;
• Last webinar in March: another installment in the leaf-and-spine saga – Multi-Pod and Multi-Site Fabrics with Lukas Krattiger on March 29th;

March is also the Troopers month. I’ll run a Hands-On Network Automation workshop there and have a motivational presentation during the main conference.

One of my readers sent me a vivid description of his interactions with one of the so-called next-generation firewall vendors. Enjoy!

---

We’re using their highly promoted Next Generation Firewall (NGFW) management solution. New cutting edge software, centralized manager… but no CLI for configuration (besides some initial bootstrap commands). "You don't need that because everything is managed from our centralized manager GUI", says $vendor sales managers.

Stumbled upon a great article explaining behind-the-scene details of large analyst firms like Gartner. I guess it nicely explains my mixed feelings: on one hand I hate Gartner quotes, on the other hand I know amazing people working there that I quote all the time.

Mr. Anonymous (my most loyal reader and commentator) sent me this question as a comment to one of my blog posts:

Is there any use case of running EVPN (or PBB EVPN) in DC with MPLS Data Plane, most vendors seems to be only implementing NVO to my understanding.

Sure there is: you already have MPLS control plane and want to leverage the investment.

A while ago I was enjoying a few beers with a longtime friend of mine who happens to be running the networking team for one of the rare companies that understands how infrastructure should be built and operated.

Of course, I had to ask him what he thinks about the imminent death of CLI and all-encompassing automatic provisioning from some central orchestration system. Here’s the gist of his response:

Got an interesting microsegmentation-focused email from one of my readers. He started with:

Since every SDDC vendor is bragging about need for microsegmentation in order to protect East West traffic and how their specific products are better compared to competition, I’d like to ask your opinion on a few quick questions.

First one: does it even make sense?

Not surprisingly, every now and then I get a comment from a pushy $vendor rep who fails to mention that he works for a vendor, or that he happens to be their VP of Marketing. Here’s a gem I got late last year (no, I did not allow that comment to be published):

This is a guest blog post by Carl Buchmann, Managing Solution Consultant at TeraMach. Carl attended the Building Network Automation Solutions online course in 2017.

There is one thing I regret not doing sooner during my automation journey, and that is adopting Git and a proper IDE/text editor that has built-in source control management. I personally use Microsoft Visual Studio Code, as it has Git built in and has many great extensions to validate code syntax.

Gian Paolo Boarina wrote a blog post describing why it’s so ridiculous to see everyone excited about the latest thing Netflix (or Google or Amazon or…) managed to pull off. Absolutely worth reading.

On a similar topic: did you notice that Google started promoting clientless SSL VPN as the next great thing? RFC 1925 anyone?

PowerShell started as a tool to automate Windows servers. It was picked up by VMware (and others) as a platform on which they built their own solutions (PowerCLI and PowerNSX)… but did you know you can use it to configure data center infrastructure, including NX-OS switches, SAN networks, and Cisco UCS?

In the Configuring Data Center Devices with PowerShell video, Mitja Robas described how to do that, and provided source code for all his examples.

You’ll need at least free ipSpace.net subscription to watch the video.

The first car I got decades ago was a simple mechanical beast – you’d push something, and a cable would make sure something else moved somewhere. I could also fix 80% of the problems, and people who were willing to change spark plugs and similar stuff could get to 90+%.

Today the cars are distributed computer systems that nobody can fix once they get a quirk that is not discoverable with level-1 diagnostic tools.

Years ago, I decided to try out another idea: solving real-life challenges with the help of an easy-to-consume online consulting service. When I discussed the idea with my friends during one of the early Networking Field Day events the opinion was pretty unanimous: “this will never work”

Fortunately, they were wrong. Not only did ~100 customers decided to use it in the meantime, the simple idea grew to a point where I couldn’t do it all on my own.

Tiziano Tofoni wrote a lengthy comment on my EVPN in small data center fabrics blog post continuing the excellent discussion we started over a beer last October. Today, I’ll address the first part:

I think that EVPN is an excellent standard for those who love Layer 2 (L2) services; we may say that it is an evolution of the implementation of the VPLS service, which addresses some limits in the original standard (RFCs 4761 and 4762).

I might be missing something, but in my opinion, there’s no similarity between EVPN and VPLS (apart from the fact that they’re trying to solve the same problem).

I always encourage the students attending the Building Network Automation Solutions online course to create solutions for problems they’re facing in their networks instead of wasting time with vanilla hands-on assignments.

Francois Herbet took the advice literally and decided to create a solution that would configure PE-routers and create full-blown device configurations for CE-routers.

From the fantastic Lines, Radios and Cables (a MUST READ if you’re even remotely interested in this thing called latency):

When we put different colours of light, or wavelengths, onto a single fibre, we call it Wave Division Multiplexing (WDM) which is a complicated way of saying a pretty rainbow […] International trading is powered by rainbows, literally.