Building network automation solutions

9 module online course

Start now!

Firewalls on End Hosts

In September 2020, Matthias Luft wrote an introductory article describing host-based firewalls (traffic filtering functionality deployed on end-hosts). His article triggered numerous questions including:

  • Why don’t we have dynamic firewall policies where the end-hosts could specify which TCP/UDP ports they need?
  • Can we use traffic flow analysis to reverse-engineer firewall rules?
  • Is there any chance of fixing this problem?
read more

High Availability Switching

Networking vendors love promoting novel overly complex technologies instead of solving their customers' challenges with good network design. High-availability switching (the ability to continue packet forwarding during a control plane failure) is no exception.

read more

Multi-Chassis Link Aggregation

Multi-Chassis Link Aggregation (MLAG) is a solution that allows you to terminate a link aggregation group (sometimes also known as etherchannel) on multiple devices.

It’s often used to implement redundant server connections; it was also popular in the days of layer-2 fabrics built with Spanning Tree Protocol (STP). The latter use case is mostly obsolete in the VXLAN/EVPN world.

What Is Multi-Chassis Ling Aggregation?

Technology Deep Dive

Coming soon

  • Replacing Peer-Link with VXLAN Fabric

Design Guidelines

MLAG Implementations


read more

OpenFlow Basics

Based on exorbitant claims made by the industry press you might have concluded there must be some revolutionary concepts in the OpenFlow technology. Nothing could be further from the truth – OpenFlow is a very simple technology that allows a controller to program forwarding entries in a networking device.

Did you ever encounter Catalyst 5000 with Route Switch Module (RSM), or a combination of Catalyst 5000 and an external router, using Multilayer Switching (MLS)? Those products used architecture identical to OpenFlow almost 20 years ago, the only difference being the relative openness of OpenFlow protocol.

The blog posts in this section answer a number of basic OpenFlow questions, including:

  • What is OpenFlow?
  • What can different versions of OpenFlow do?
  • How can a controller implement control-plane protocols (like LACP, STP or routing protocols) … and does it have to?
  • Can we deploy OpenFlow in combination with traditional forwarding mechanisms?

For more details, watch OpenFlow Deep Dive and other SDN webinars.

What Is OpenFlow?

Using OpenFlow

Does OpenFlow Make Sense?

read more

The OpenFlow/SDN Hype

Academic researchers were working on OpenFlow concepts (distributed data plane with centralized controller) for years, but in early 2011 a fundamental marketing shift happened: major cloud providers (Google) and Internet Service Providers (Deutsche Telekom) created Open Networking Foundation (ONF) to push forward commercial adoption of OpenFlow and Software Defined Networking (SDN) – or at least their definition of it.

Since then, every networking vendor started offering SDN products. Almost none of them come even close to the (narrow) vision promoted by the Open Networking Foundation (centralized control plane with distributed data plane), the only commercialized exceptions were NEC’s ProgrammableFlow and Big Switch Network’s Big Cloud Fabric.

Most vendors decided it’s easier to SDN-wash their existing products, branding their existing APIs Open, and claiming they have SDN-enabled products.

Initial SDN Hype

Looking Back

It's Hard to Fight Large Marketing Budgets

read more

What Is SDN?

Open Networking Foundation (ONF – launched in March 2011) quickly defined Software Defined Networking (SDN) as architecture with centralized control plane that controls multiple physically distinct devices.

That definition perfectly matched the needs of the ONF founding members (Google), but is it relevant to the networking community at large? Or does it make more sense to focus on network programmability and automation, or using existing protocols (BGP) in novel ways?

This section contains my introductory posts on the SDN-related topics, musings on what makes sense, and a few thoughts on career changes we might experience in the upcoming years. You’ll find more details in subsequent sections, including an overview of OpenFlow, in-depth analysis of OpenFlow-based architectures, some real-life OpenFlow and SDN deployments, and alternate approaches to SDN.

For even more details, watch the SDN webinars, including:

What Exactly Is SDN?

Tangential Thoughts

read more