Writing OpenFlow controllers that interact with physical hardware is harder than most people think. Apart from developing a distributed system (which is hard in itself), you have to deal with limitations of hardware forwarding pipelines, differences in forwarding hardware, imprecise abstractions (most vendors still support single OpenFlow table per switch), and resulting bloated flow tables.

After I wrote a comment on a LinkedIn discussion in the Carrier Ethernet group (more details here), Vishal Sharma wrote an interesting response, going into more details of distinction between centralized control and centralized control plane.

The first half of 2015 was extremely productive – seven brand new webinars (or 22 hours of new content) were added to the ipSpace.net webinar library.

Most of the development focus was on SDN and network automation: OpenFlow, NETCONF and YANG, Ansible, Jinja and YAML, and Monitoring SDN networks. There was also the traditional Data Center Fabrics Update session in May, IPv6 Microsegmentation webinar in March, and (finally!) vSphere 6 Networking Deep Dive in April.

Do I have to mention that you get all of them (and dozens of other webinars) with the ipSpace.net subscription?

One of the Software Defined Evangelists has declared 2015 as the Year of SD-WAN, and my podcast feeds are full of startups explaining how wonderful their product is compared to the mess made by legacy routers, so one has to wonder: is SD-WAN really something fundamentally new, or is it just another old idea in new clothes?

Geoff Huston published an interesting number-crunching exercise in his latest IPv6-focused blog post: 8% of the value of the global Internet (GDP-adjusted number of eyeballs) is already on IPv6, and a third of the top-30 providers (which control 43% of the Internet value) have deployed large-scale IPv6.

The message is clear: The big players have moved on. Who cares about the long tail?

Christoph Jaggi has just published the third part of his Metro- and Carrier Ethernet Encryptor trilogy: the 2015 market overview. Public versions of all three documents are available for download on his web site:

• Introduction to Metro- and Carrier Ethernet Encryption
• Evaluation Guide for Metro- and Carrier Ethernet Encryptors
• Metro- and Carrier Ethernet Encryptors: 2015 Market Overview

Elisa Jasinska, Bob McCouch and I were scheduled to record a NetOps podcast with a major vendor, but unfortunately their technical director cancelled at the last minute. Like good network engineers, we immediately found plan B and focused on Elisa’s specialty: open-source tools.

Matjaž Straus started the SINOG 2 meeting I attended last week with a great story: during the RIPE70 meeting (just as I was flying home), Amsterdam Internet Exchange (AMS-IX) crashed.

Here’s how the AMS-IX failure impacted ATLAS probes (world-wide monitoring system run by RIPE) – no wonder, as RIPE uses AMS-IX for their connectivity.

One of the potential attendees of my SDN workshop sent me a long list of questions. Almost every networking engineer, team leader or CIO asks the first one:

What will happen, if we don´t follow the SDN hype (in the short term, in the medium term and in the long term)?

Answering this question is the whole idea of the workshop.

The up-to-date list of scheduled SDN workshops is available on my web site.

Every other week I stumble upon a high-level SDN article that repeats the misleading SDN is centralized control plane mantra (often copied verbatim from the Wikipedia article on SDN, sometimes forgetting to quote the source).

Yesterday, I had enough and decided to respond.

A while ago someone working for an IT-focused media site approached me with a short list of high-level questions. Not sure when they’ll publish the answers, so here they are in case you might find them interesting:

What can enterprises do to ensure that their infrastructure is ready for next-gen networking technology implementations emerging in the next decade?

Next-generation networks will probably rely on existing architectures and forwarding mechanisms, while being significantly more uniform and heavily automated.

A few days ago I stumbled upon an interesting blog post by my friend J Metz in my RSS feeds. As with all blog posts published on Cisco’s web site, all I got in the feed was a teaser (I know, I shouldn’t complain, I’m doing the same ;), but when I wanted to read more, I was greeted with a cryptic 404 (not even a fancy page full of images saying “we can’t find what you’re looking for).

What happens when network engineers with strong programming background and focus on open source tools have to implement network automation in a multi-vendor network? Instead of complaining or ranting about the stupidities of traditional networking vendors and CLI they write an abstraction layer that allows them to treat all their devices in the same way and immediately open-source it.

One of my readers wondered whether one still needs traditional firewalls in microsegmented environments like VMware NSX.

As always, it depends.

The proponents of microsegmentation are quick to explain how the per-VM-NIC traffic filtering functionality replaces the traditional role of subnets as security zones, often concluding that “you can deploy as many tenants as you wish in a flat network, and use VM NIC firewall to isolate them.”