Francesco made an interesting comment to my Virtual Appliance Performance blog post:

Virtual Appliance Performance is comparable to the equivalent Physical Appliance until the latter use its own ASICs (for a good reason), e.g. Palo Alto with its new generation Firewall...

Let’s do a bit of math combined with a few minutes of Googling ;)

I was asked to do a short virtual networking presentation during this year’s Microsoft NT Conference in Slovenia. Most of the audience were server and virtualization administrators, having anywhere from zero to pretty decent networking knowledge; getting the right balance of basics and interesting features was a struggle.

They told me the end result wasn’t that bad. It’s a bit Microsoft-biased, but applies equally well to VMware (be it vSphere/VXLAN or Open vSwitch/NVP combo).

Plexxi has a really interesting data center fabric solution that combines CWDM optics with L2+L3 switching. They briefed me on their product just before their public launch; I like their approach, particularly the combination of robust traditional forwarding with controller-based network optimization that you can influence from the outside, but somehow I never quite found the time to blog about them … although I did manage to solve the hard part of the problem: write a Perl script that generates Graphviz graph description to generate schematics of their CWDM inter-switch links.

As expected, we’ve experienced a product launch craze just prior to Interop Las Vegas. I try to avoid marketing announcements, but the blogosphere exploded in hard-to-ignore posts ... and as always, it was great fun separating marketing fluff from reality. Here’s a grumpy take on the above-mentioned press releases.

In previous videos from the TCP, HTTP and SPDY webinar I described the network-related performance challenges experienced by web applications and did a deep dive into TCP and HTTP mechanisms underlying them.

Today’s video describes numerous TCP and HTTP enhancements – from increased initial congestion window (recently published as RFC 6928) and TCP fast open to persistent HTTP sessions and pipelining.

If you’re attending Interop Las Vegas next week, do drop by my Network Infrastructure for Cloud Computing workshop on Monday or one of the networking track sessions on Wednesday: Overlay Networking Explained in late morning and IPv6 – It’s High Time to Get Started in the afternoon. I’ve reserved plenty of time after each one for follow-up questions and discussions.

Other fine sessions you shouldn’t miss: Beware the Firewall, My Son! by Network Security Princess, Chopping Down the Fat Tree by venerable Ethan Banks, Death to Spanning Tree by Data Center Overlord Tony Bourke and How to Keep Video from Blowing Up Your Network by the very first CCIE Terry Slattery.

Hatem Naguib claimed that “the NSX controller cluster is completely out-of-band, and never handles a data packet” when describing VMware NSX Network Virtualization architecture, preemptively avoiding the “flow-based forwarding doesn’t scale” arguments usually triggered by stupidities like this one.

Does that mean there’s no packet punting in the NSX/Open vSwitch world? Not so fast.

I was talking about virtual firewalls for almost an hour at the Troopers13 conference, and the first question I got after the presentation was “who is going to manage the virtual firewalls? The networking team, the security team or the virtualization team?”

There’s the obvious “silos don’t work” answer and “DevOps/NetOps” buzzword bingo, but the real solution requires everyone involved to shift their perspective.

The 45 minute virtual firewalls presentation I had at Troopers 13 is now available online. The virtual firewalls webinar is an in-depth 2,5 hour version that includes numerous product architectures.

You can get all my recent public presentations and a list of upcoming events on my web site.

More than four years ago one of my friends wrote about uselessness of UMTS connections (the page has decayed into digital wasteland in the meantime) for inter-router backup links and although I got numerous comments trying to explain the issues I never found a good explanation that a simplistic networking engineer like me could understand.

Ilya Grigorik fixed that. His Breaking the 1000 msec Time-to-Glass Mobile Barrier talk has some real-world statistics, and a fantastic description of how 3G/4G networks work and what causes the enormous latencies. His High Performance Browser Networking book has even more details. Enjoy!

Dmitry Kalintsev left a great comment on my security paradigm changing post:

I have not yet seen redundant VNIC-level firewall implementations, which stopped me from using [...] them. One could argue that vSwitches are also non-redundant, but a vSwitch usually has to do stuff much less complex than what a firewall would, meaning chances or things going south are lower.

As always, things are not purely black-and-white and depend a lot on the product architecture and implementation.

Almost exactly two years ago I wrote an article describing the benefits and drawbacks of virtual appliances, where I listed virtualization overhead as one of the major sore spots (still partially true). I also wrote: “Implementing routers, switches or firewalls in a virtual appliance would just burn the CPU cycles that could be better used elsewhere.” It’s time to revisit this claim.

With all the Puppet buzz I’m hearing and claims that “compute and storage orchestration problems have been solved” I wanted to check the reality of those claims – is it (for example) possible to create a LUN on a storage array using a standard well-defined API.

Stephen Foskett, Simon Gordon and Scott Lowe quickly pointed me in the right direction: SMI-S. Thank you!

One of my readers wanted to receive my RSS feed as daily email messages. There’s no obvious way to do it, but (as always) there’s a kludge:

• Select Subscribe to ... Posts on any page of my blog;
• Selecting Atom as the subscription format brings you to my Feedburner feed (unless you’ve installed RSS/Atom browser extensions);
• Select Get ipSpace.net delivered by email in the Subscribe Now! Box

The deep dive into TCP and HTTP mechanisms that impact web application performance triggered numerous questions during the live webinar session – it took me almost 10 minutes to answer them all.