A friend of mine working for a mid-sized networking vendor sent me an intriguing question:

We have a product using an old ASIC that has 12K forwarding entries, and would like to extend its lifetime. I know you were mentioning some useful tricks, would you happen to remember what they were?

This challenge has no perfect solution, but there are at least three tricks I’ve encountered so far (as always, comments are most welcome):

Erik Auerswald sent me a pointer to a blog post by Dave Taht: The state of fq_codel and sch_cake worldwide. It’s so nice to see what a huge impact Dave made since he started the Bufferbloat project.

Hint: if you have no idea what Bufferbloat or fq_codel are, you REALLY SHOULD explore Dave’s web site.

Most large content providers use some sort of egress traffic engineering on edge web proxy/caching servers to optimize the end-user experience (avoid congested transit autonomous systems) and link utilization on egress links.

I was planning to write a blog post about the tricks they use for ages, and never found time to do it… but if you don’t mind watching a video, the Source Routing on the Edge presentation Oliver Herms had at iNOG::14v does a pretty good job explaining the concepts and a particular implementation.

Christopher Werny has tons of hands-on experience with IPv6 security (or lack thereof), and described some of his findings in the Practical Aspects of IPv6 Security part of IPv6 security webinar, including:

• Impact of dual-stack networks
• Security implications of IPv6 address planning
• Isolation on routing layer and strict filtering
• IPv6-related requirements for Internet- or MPLS uplinks

netlab started as a simple tool to create virtual lab topologies (I hated creating Vagrantfiles describing complex topologies), but when it morphed into an ever-growing “configure all the boring stuff in your lab from a high-level description” thingie, it gave creative networking engineers an interesting idea: could we use this tool to do all the stuff we always hated doing in our physical labs?

My answer was always “of course, please feel free to submit a PR”, and Stefano Sasso did just that: he implemented external orchestration provider that allows you to use netlab to configure IPv4, IPv6, VLANs, VRFs, VXLAN, LLDP, BFD, OSPFv2, OSPFv3, EIGRP, IS-IS, BGP, MPLS, BGP-LU, L3VPN (VPNv4 + VPNv6), EVPN, SR-MPLS, or SRv6 on supported hardware devices.

Nicola Modena created an interesting presentation describing IBGP designs using BGP Additional Paths and Optimal Route Reflection functionality

Hope you’ll enjoy the presentation as much as I did… and make sure you understand potential circular dependencies you might be introducing when running a route reflector as a virtual machine.

Continuing the what happened to old technologies saga, here’s another question by Enrique Vallejo:

Are FabricPath, TRILL or SPB still alive, or has everyone moved to VXLAN? Are they worth studying?

TL&DR: Barely. Yes. No.

Layer-2 Fabric craziness exploded in 2010 with vendors playing the usual misinformation games that eventually resulted in totally fragmented market full of partial- or proprietary solutions. At one point in time, some HP data center switches supported only TRILL, and other data center switches from the same company supported only SPB.

Now for individual technologies:

It’s time for the bad part of AI/ML in Networking: Good, Bad, and Ugly webinar. After describing the potential AI/ML wins, Javier Antich walked us through the long tail of AI/ML problems.

Two week ago I described how to create a simple VRF Lite lab with netlab VRF configuration module. Adding MPLS/VPN to the mix and creating a full-blown MPLS/VPN lab is a piece of cake. In this blog post we’ll build a simple topology with two VRFs (red and blue) and two PE-routers:

Enrique Vallejo asked an interesting question a while ago:

When was X.25 official declared dead? Note that the wikipedia claims that it is still in use in parts of the world.

Wikipedia is probably right, and had several encounters with X.25 that would corroborate that claim. If you happen to have more up-to-date information, please leave a comment.

One of my readers has to deal with a crappy Network Termination Equipment (NTE)¹ that does not drop local link carrier² when the remote link fails. Here’s the original ASCII art describing the topology:

PE---------------NTE--FW---NMS 
  <--------IP-------->

He’d like to use interface SNMP counters on the firewall to detect the PE-NTE link failure. He’s using static default route toward PE on FW, and tried to detect the link failure with ifOutDiscards counter.

In the Building a BGP Anycast Lab I described how you could use custom configuration templates to extend the netlab functionality.

That example used Cisco IOS… but what if you want to test the same functionality on multiple platforms? netlab provides a nice trick: the custom configuration template could point to a directory with platform-specific templates. Let me show you how that works…

Straight from the “Bad Ideas Never Die” (see also RFC 1925 Rule 11) department: Geoff Huston described a proposal to use hop-by-hop IPv6 extension headers to implement Path MTU Discovery. In his words:

It is a rare situation when you can create an outcome from two somewhat broken technologies where the outcome is not also broken.

IETF should put rules in place similar to the ones used by the patent office (Thou Shalt Not Patent Perpetual Motion Machine), but unfortunately we’re way past that point. Back to Geoff:

It appears that the IETF has decided that volume is far easier to achieve than quality. These days, what the IETF is generating as RFCs is pretty much what the IETF accused the OSI folk of producing back then: Nothing more than voluminous paperware about vapourware!

Pods are a basic building block of any Kubernetes-based deployment… but what exactly are they and how are they related to Kubernetes networking? Stuart Charlton unraveled that mystery in the Understanding Pods video (part of Kubernetes Networking Deep Dive webinar)

I already mentioned the netsim-tools Easter Egg, here are the other cool features shipping in release 1.2.1:

• Dell OS10 on libvirt (including BGP, OSPFv2, OSPFv3 and VRF Lite) by Stefano Sasso
• VRFs, MPLS, and MPLS/VPN support on Mikrotik RouterOS and VyOS by Stefano Sasso
• Containerlab support for Cumulus 5.0 with NVUE including Simple VRF-Lite by Julien Dhaille