Show 182 – The Future of Networking Part 1 As Inspired By #NFD7

At Networking Field Day 7, the delegates were treated to vendor demonstrations that challenged our thinking about the future of networking. Perhaps the industry is not agreed on just how we’ll implement and operate our networks in the coming years, but one thing is for certain. The landscape will be different. In this and the […]

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 182 – The Future of Networking Part 1 As Inspired By #NFD7 appeared first on Packet Pushers Podcast and was written by Ethan Banks.

NAT saves the day!

Introduction NAT is bad, it breaks end to end connectivity. It’s misused as a security tool. Using NAT kills kittens. Yes yes, we all know that. That doesn’t mean that there aren’t valid use cases for NAT and when NAT can save the day. What was the problem? Imagine that you have a device that […]

Author information

ddib

Daniel Dib is a network engineer and CCIE #37149. He mainly works with enterprise networks and network design. You can find his original content at lostintransit.se and on Twitter @Danieldibswe

The post NAT saves the day! appeared first on Packet Pushers Podcast and was written by ddib.

Blogs of Interests 2014-03-14

Working from home? Thinking about VXLAN for your Datacenter? Or how about a DMVPN as WAN technology? Read on...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Coffee Break – Show 4

This week Andrew & Greg are joined Howard Marks whose abundance of commentary leads to a surfeit of opinions on the lack of anything happening at Mobile World Congress. Show Notes MWC – Wearable computing on the rise? Netflix and Comcast: Is this the first Network Neutrality domino to fall? Frontier customer complaints drop nearly […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break – Show 4 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Network Syntax Highlighting in Sublime Text

Sublime Text 2/3 Syntax Definition for Cisco / Junos router/switch/firewall configurations. This package will highlight Cisco configuration and commands within Sublime Text 2/3. This package contains...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

INTER-AS VPNs and Carrier Supporting Carrier (CSC) Part-2

In the first article of this series I mentioned from Inter AS VPN Option A only. This article will be about Option B , C and Carrier Supporting Carrier VPNs. I assume from the readers basic knowledge of these VPNs.Only design points will be highlighted here since my intended audiences are the network designers and […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post INTER-AS VPNs and Carrier Supporting Carrier (CSC) Part-2 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

What’s the difference between SDN, NV, and NFV?

As many of you know, or newcomers to IT see, we love our acronyms.  For whatever reason, IT is littered with two, three or four letter acronyms.   SDN seems to have accelerated this phenomenon.   As this title suggests I will describe SDN, NV and NFV in this blog.  All of them in our opinion (at Pica8) are software driven schemes that will forever change the way we think about service and application delivery.  Each is a different approach to network programmability. Let’s look into the latest acronyms.

Network Virtualization (NV)

NV is for anybody who’s using virtual machine technology. One data center challenge is to move VMs across different logical domains. NV attacks this problem. NV creates logical segments in an existing network by dividing the network at the flow level (similar to partitioning a hard drive). The goal is to allow people to move VMs independently of their existing infrastructure and not have to reconfigure the network.

NV is an overlay. Rather than physically connecting two domains in a network, NV creates a tunnel through the existing network to connect two domains. NV saves administrators from having to physically wire up each new domain Continue reading

Utilizing LLDP instead of CDP

In the last years, many vendors of network devices made available in the market equipments with interesting prices and quality that ended transforming the network environment of companies on a scenario that share different models and devices. Despite the fact that there is a seducing cost, unfortunately some property protocols (despite being interesting)  create a barrier of integration among many services or replacement of Switches, Routers,etc.

In order to mapping and discovering neighbor devices in a network with controlled environment  and with IP telephony, the Cisco suggest the CDP utilization, but unfortunately the protocol is property of  Cisco, limiting its utilization with other models and equipment.

The LLDP protocol is an open standard to discovery devices that are neighbors, with similarly as CDP, including the utilization of features for the VLAN voice.

With the tests below, we activate the LLDP in a Cisco 3750 Switch and a HPN 12500 Switch.

LLDP-Cisco-x-HPN

Configuring

Cisco3750(config)# lldp run
!Run LLDP on Cisco Switch 

[HPN12K] lldp enable
! Run LLDP on HP Comware-based Switch

To visualize the mapping of neighbors with Cisco we can use:

Cisco3750#show lldp neighbors
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P)  Continue reading

Installing KVM, Libvirt and Open vSwitch on Fedora

In my NetOps to DevOps Training Plan I mentioned installing KVM, Libvirt and Open vSwitch. I did this a few weeks ago and documented it to produce this tutorial. My motivation was to replace my VMware environment at home with something Open Source. I am also a strong believer in "eat your own dog food" and as a lot of the work I am doing in the Open Source community centers around these 3 technologies, I should get used to using them every day...

Installing KVM, Libvirt and Open vSwitch on Fedora

In my NetOps to DevOps Training Plan I mentioned installing KVM, Libvirt and Open vSwitch. I did this a few weeks ago and documented it to produce this tutorial. My motivation was to replace my VMware environment at home with something Open Source. I am also a strong believer in "eat your own dog food" and as a lot of the work I am doing in the Open Source community centers around these 3 technologies, I should get used to using them every day...

Prerequsites

Before we get started, I'll assume that you already have a Fedora Minimal Installation that you are ready to work on...

Installing the packages

sudo yum install -y @standard @virtualization openvswitch

That was easy wasn't it!

@standard installs some useful utilities and @virtualization installs libvirt + KVM

I'm sure you can guess what openvswitch does.

Configuration

Now here comes the fun part!

Configure the services

# Disable NetworkManager
sudo systemctl stop NetworkManager.service
sudo systemctl disable NetworkManager.service

# Enable "Proper" Networking
sudo systemctl enable network.service
sudo systemctl start network.service

# Enable the Open vSwitch service
sudo systemctl enable openvswitch.service
sudo systemctl start openvswitch.service

Setting up Networking with Open vSwitch

Our Continue reading

Setting Up Overlays on Open vSwitch

Most “SDN” solutions involve overlays or at the least HW overlay gateways/ToR of some type. Some sell overlays terminating in hardware, others sell overlays terminating in the server. The encaps include standards like GRE, VXLAN and soon to be Geneve (Generic Network Virtualization Encapsulation: basically the good parts of the other encaps evolved). While none of these overlay networks should ...

...

Packet Capture in Diverse / Tunneled Networks?

(With the usual caveats that I am just a hick from Colorado, I don't know what I'm talking about, etc.)

I just read Pete Welcher's superb series on NSX, DFA, ACI, and other SDN stuff on the Chesapeake Netcraftsmen blog, and it helped me think more clearly about a problem that's been bothering me for a long time: how do we do realistically scalable packet capture in networks that make extensive use of ECMP and/or tunnels? Here's a sample network that Pete used:






Conventionally, we place packet capture devices at choke points in the network. But in medium-to-large data center designs, one of the main goals is to eliminate choke points: if we assume this is a relatively small standard ECMP leaf-spine design, each of the leaf switches has four equal-cost routed paths through the spine switches, and each spine switch has at least as many downlinks as there are leaf switches. The hypervisors each have two physical paths to the leaf switches, and in a high-density virtualization design we probably don't have a very good idea of what VM resides on what hypervisor at any point in time.

Now, add to that the tunneling features present in hypervisor-centric Continue reading

Packet Capture in Diverse / Tunneled Networks?

(With the usual caveats that I am just a hick from Colorado, I don't know what I'm talking about, etc.)

I just read Pete Welcher's superb series on NSX, DFA, ACI, and other SDN stuff on the Chesapeake Netcraftsmen blog, and it helped me think more clearly about a problem that's been bothering me for a long time: how do we do realistically scalable packet capture in networks that make extensive use of ECMP and/or tunnels? Here's a sample network that Pete used:






Conventionally, we place packet capture devices at choke points in the network. But in medium-to-large data center designs, one of the main goals is to eliminate choke points: if we assume this is a relatively small standard ECMP leaf-spine design, each of the leaf switches has four equal-cost routed paths through the spine switches, and each spine switch has at least as many downlinks as there are leaf switches. The hypervisors each have two physical paths to the leaf switches, and in a high-density virtualization design we probably don't have a very good idea of what VM resides on what hypervisor at any point in time.

Now, add to that the tunneling features present in hypervisor-centric Continue reading

Networking is a Service, and you are the Service Provider

The status quo approach to Networking is the biggest barrier to realizing the full potential of Virtualization and the private, public, or hybrid cloud. We must re-think how Networking Services are delivered, in a way that comports with automation, decoupling, pooling, and abstractions. I would argue, the solution is a more software-centric approach – Network Virtualization. But more importantly, we must re-think how we view Networking as a career skill set and the value we bring to an organization.

This was the message of two keynote talks I recently gave at the Sydney & Melbourne VMUG user conferences. The title of the talk was Three reasons why Networking is a pain in the IaaS, and how to fix it. I will share the slides and a brief summary of that talk in a subsequent post. But before I do that, please indulge me in a heart-to-heart chat from one long time Networking professional (me) to another (you):

I emphasize the word services because if you really think about it, that is what Networking really is – Networking is a Service. It always has been, and will always continue to be a service – a service that will always be needed. Continue reading

Networking is a Service, and you are the Service Provider

The status quo approach to Networking is the biggest barrier to realizing the full potential of Virtualization and the private, public, or hybrid cloud.  We must re-think how Networking *Services* are delivered, in a way that comports with automation, decoupling, pooling, and abstractions.  I would argue, the solution is a more software-centric approach — Network […]

Wi-Fi Tools

A good engineer takes pride in his tools.

As with many things in IT, there are many options to choose from and most work equally well provided the engineer has a thorough understanding of how to use them. I happen to use and prefer the following tools, but your taste may be different. Use what you like and know as long as it gets the job done.

Items with an asterisk are my preferred tools for each category.

Information Gathering:
*AirMagnet Wi-Fi Analyzer Pro
*MetaGeek inSSIDer
  Fluke AirCheck
  Ekahau HeatMapper (Free)
  Xirrus Wi-Fi Inspector
  WiFi Scanner (Mac)
  Kismet (Linux)

Predictive Site Surveys:
*Cisco Wireless Control System (WCS)
  AirMagnet Planner
  Ekahau Site Survey
  Motorola LANPlanner
  Aerohive Wi-Fi Planner (online - Free)

Post-Installation Site Surveys:
*AirMagnet Survey Pro
  Ekahau Site Survey
  TamoSoft TamoGraph Site Survey
  Veriwave WaveDeploy

Protocol & Roaming Analysis:
*WildPackets OmniPeek
*MetaGeek Eye P.A. (protocol visualization)
*Wireshark with CACE AirPcapNx and Wi-Fi Pilot (now Riverbed Cascade Pilot Personal Edition)
  Wireshark with Atheros Adapter (Linux)
  AirMagnet Wi-Fi Analyzer Pro with multi-adapter kit
  AirMagnet VoFi Analyzer
  TamoSoft CommView for Wi-Fi

Spectrum Analysis:
*MetaGeek WiSpy DBx Continue reading

Weighing AWS VPN Options

Earlier this week, a client asked for some assistance in building a VPN from their corporate office to Amazon Web Services for a project they were doing. I’ve done this a few times before, a few different ways, so I proceeded to give my client some pros and cons of the two most common methods I’ve used. After putting that analysis together, I realized it could be helpful for others so here it is (with the addition of a few snazzy diagrams!).
This post is not meant to be a treatise on AWS connectivity, just a quick analysis with some (maybe) little-considered effects of a given design choice. Amazon documents several other recipes which are, of course, valid in various circumstances. Note that I don’t have any examples of configuration. The AWS documentation pages have very thorough configuration examples for each design.

 Option 1

Build the VPNs off the Internet routers themselves. Route AWS traffic in to the corporate network through the firewall. In an ideal world, you’d probably dedicate some routers for this purpose, but I’ve never had anyone do that. We’re talking about a LAN-to-LAN VPN, here; one doesn’t commonly deploy totally dedicated infrastructure for each new Continue reading

HP Comware-based Switches – Configuring filters for BPDU (bpdu-filtering)

The Spanning-tree protocol sends messages every two second in order to keep the LAN stability, protecting the topology from physical loops (blocking the logical loop) and providing high availability in case of any switch fail.

For that matter, the Switches exchange messages called BDPUs which are utterly important for the correct functioning of the network described as above.

There are scenarios when is necessary to deactivate the protocol within a specific interface, utilizing other protocols and features of high availability such as RRPP, Smart-Link, Monitor-Link, etc or when also the Switch needs to transport the information in tunnel form (transparent), for example, QinQ.

In client-sharing environments, it is not recommended that the network alteration be advised for all  Swtiches that do not belong to that particular network and have the same Switch in common, for example, Service Provider and Data Center.

The main question in this scenario of BPDU filtering is to certify that the network does not have any sort of loop that can cause a disaster for the Network Engineer’s project.

Certifying those questions, the HP Comware based Switches carry the following commands, that may help  finding a solution:

Interface gigabitethernet 1/0/1
stp disable
! Deactivating  STP only on  Continue reading