Ivan Pepelnjak
Author Archives: Ivan Pepelnjak
- Home → Author's archive:
Ivan Pepelnjak
Zero-Touch Provisioning with Patrick Ogenstad
Zero-touch provisioning is always one of the big topics in the Building Network Automation Solutions online course, so we decided to invite Patrick Ogenstad (the author of excellent ZTP tutorial) to be a guest speaker in Spring 2019 course (register here).
In the meantime, enjoy his interview with Christoph Jaggi.
Read more ...Using Math in Networking on Software Gone Wild
We love to claim that we’re engineers and yet sometimes we have no clue how technology we use really works and what its limitations are… quite often because understanding those limitations would involve diving pretty deep into math (graphs, queuing and system reliability quickly come to mind).
Read more ...Can I Replace a Commercial Load Balancer with HAProxy?
A networking engineer attending the Building Next-Generation Data Centers online course sent me this question:
My client will migrate their data center, so they’re not interested in upgrading existing $vendor load balancers. Would HAProxy be a good alternative?
As you might be facing a similar challenge, here’s what I told him:
Read more ...Building Your Own Virtual Lab
Last week we published Matt Oswalt’s thoughts on using virtual labs in training and testing. In the second part of his interview with Christoph Jaggi he talked about building a virtual lab.
Matt will cover the same topic in way more details in his guest speaker presentation in Spring 2019 Building Network Automation Solutions online course. Register here.
Read more ...Segment Routing Anyone?
One of my readers listened to a podcast where a $vendor described how they found another use case for source routing IPv6 segment routing (SR): 5G networks… and wondered whether SR made a comeback or is about to.
To figure out what segment routing is, watch the webinar we did with Jeff Tantsura a while ago.
I don’t know nearly enough about mobile networks to have an opinion, however…
Read more ...Using Virtual Labs When Developing Network Automation Solutions
One of the fundamentals I always emphasize in introductory parts of my network automation workshops and online courses is the fact that we’re about to develop software that will control the most-mission-critical part of IT infrastructure, and should therefore use software development methodologies like version control, testing…
However, there’s a “small” glitch. While it’s perfectly possible to test most software in some virtual environment you can spin up on-the-fly using Vagrant, Docker, Jenkins, Travis, or some other CI/CD tool, testing a network automation solution requires access to network devices.
Read more ...Video: What Problem Are We Solving with SDDC?
Remember the Software-Defined Data Centers hype? While I covered SDDC concepts and technologies for years in my webinars and workshops, I never created an introductory webinar on the topic.
That omission has been fixed in late August – SDDC 101 webinar is available as part of free subscription, and as always I started with the seemingly simple question: What problem are we trying to solve?
Odd Number of Spines in Leaf-and-Spine Fabrics
In the market overview section of the introductory part of data center fabric architectures webinar I made a recommendation to use larger number of fixed-configuration spine switches instead of two chassis-based spines when building a medium-sized leaf-and-spine fabric, and explained the reasoning behind it (increased availability, reduced impact of spine failure).
One of the attendees wondered about the “right” number of spine switches – does it has to be four, or could you have three or five spines. In his words:
Read more ...Bifurcation of Knowledge
My friend Andrea Dainese (of the Route Reflector Labs fame) sent me this observation:
Because of lack of fundamental skills, I see two groups forming: junior guys with low salary (the bigger group), and a few experts (hopefully with higher salary). The middle group is disappearing. Intermediate-level engineers are either moving to the entry level (because the complexity is increasing and they are not keeping up with it) or to the upper level.
I call this phenomenon bifurcation of knowledge (I’m positive it has a formal name – would appreciate a comment with a set of pointers), and it’s a direct result of commoditization and the changing shape of the learning curve.
Read more ...David Gee on Security of Network Automation
One of the points David Gee, a guest speaker in Spring 2019 Building Networking Automation Solutions online course, and Christoph Jaggi touched on in their interview was the security of network automation solutions (see also: automated workflows and hygiene of network automation).
What are the security risks for automation?
Security is an approach, not an afterthought.
Read more ...Worth Reading: Back to Basics
I’m not the only one ranting about the need to get a firm grasp on fundamentals before doing the sexy stuff. Found an old blog post by Joel Spolsky (of the Law of Leaky Abstractions fame) on the exact same topic from programming perspective.
If you ever had to deal with a programming language, it’s definitely worth reading… but some of the details might make your head explode. You’ve been warned ;)
Interview: Active-Active Data Centers with VXLAN and EVPN
Christoph Jaggi asked me a few questions about using VXLAN with EVPN to build data center fabrics and data center interconnects (including active/active data centers). The German version was published on Inside-IT, here’s the English version.
He started with an obvious one:
What is an active-active data center and why would I want to use an active-active data center?
Numerous organizations have multiple data centers for load sharing or disaster recovery purposes. They could use one of their data centers and have the other(s) as warm or cold standby (active/backup setup) or use all data centers at the same time (active/active).
Read more ...Upcoming Webinars and Events: December 2018
December will start with three on-site events:
- We’ll run Using VXLAN and EVPN to Build Active-Active Data Centers workshop in Zurich on December 5th;
- I’ll talk about making SDN better with IPv6 on December 6th;
- Next day (December 7th) I’ll talk about Real-life SDN in Rapperswil (a lovely medieval town at the tip of Lake Zurich).
On the webinar front, December will be a storage month:
Read more ...OMG, VXLAN Is Still Insecure
A friend of mine told me about a “VXLAN is insecure, the sky is falling” presentation from RIPE-77 which claims that you can (under certain circumstances) inject packets into VXLAN virtual networks from the Internet.
Welcome back, Captain Obvious. Anyone looking at the VXLAN packet could immediately figure out that there’s no security in VXLAN. I pointed that out several times in my blog posts and presentations, including Cloud Computing Networking (EuroNOG, September 2011) and NSX Architecture webinar (August 2013).
Read more ...Hygiene of Network Automation
David Gee decided to talk about hygiene of network automation in the Spring 2019 Building Network Automation Solutions online course, and (not surprisingly) Christoph Jaggi wanted to know more:
You highlight the hygiene of automation. What is it and why does it matter?
Hygiene is the important but boring bit of automation most beginners and amateurs pass by.
Read more ...From Excel to Network Infrastructure as Code with Carl Buchmann
After a series of forward-looking podcast episodes we returned to real life and talked with Carl Buchmann about his network automation journey, from managing upgrades with Excel and using Excel as the configuration consistency tool to network-infrastructure-as-code concepts he described in a guest blog post in February 2018
Read more ...Using VXLAN and EVPN to Build Active-Active Data Centers
Some (anti)patterns of network industry are way too predictable: every time there’s a new technology marketers start promoting it as the solution for every problem ever imagined. VXLAN was quickly touted as the solution for long-distance vMotion, and now everyone is telling you how to use VXLAN with EVPN to stretch VLANs across multiple data centers.
Does that make sense? It might… based on your requirements and features available on the devices you use to implement the VXLAN/EVPN fabric. We’ll cover the details in a day-long workshop in Zurich (Switzerland) on December 5th. There are still a few places left, register here.
David Gee on Automated Workflows
David Gee is coming back to Building Network Automation Solutions online course – in early March 2019 he’ll talk about hygiene of network automation. Christoph Jaggi did an interview with him to learn more about the details of his talk, and they quickly diverted into an interesting area: automated workflows.
Automation is about automated workflows. What kind of workflows can be automated in IT and networking?
Workflows most often fall into categorizations of build, operations and remediation.
Read more ...Bitcoins Will Buy BGP Security? Come On…
Here’s another interesting talk from RIPE77: Routing Attacks in Cryptocurrencies explaining how BGP hijacks can impact cryptocurrencies.
TL&DR: Bitcoin is not nearly decentralized enough to be resistant to simple and relatively easy BGP manipulations.
Read more ...Don’t Let the Automation Snowflakes Stop You
You know that time of year when snowflakes mean more than description of uniqueness of your networking infrastructure? Some people love to complain about that season and how the weather hinders them, others put on sturdy winter boots and down jackets, change tires on their car, and have tons of fun.
Network automation is no different. Sometimes you can persuade your peers that it makes sense to simplify and standardize the infrastructure to make it easier to abstract and automate (consider that an equivalent of going to a tropic island with shiny beaches and everlasting summer), other times you have to take out your winter boots and make the best out of what you got.
Read more ...