Ivan Pepelnjak
Author Archives: Ivan Pepelnjak
- Home → Author's archive:
Ivan Pepelnjak
Andrew Lerner on Vendorspeak
Andrew Lerner, my favorite Gartner analyst, recently published a hilarious blog post describing what vendors mean when they say “our product is software-defined” or “we’ll make it work”. Enjoy!
Need more vendorspeak? Try eight levels of vendor acceptance (carefully documented during a particularly stressful on-site test in Poland).
The Numerous Levels of SDN Reality
A newbie exploring the mythical lands of SDN might decide to start at the ONF definition of SDN, which currently (November 2015) starts with a battle cry:
The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices.
The rest of that same page is what I’d call the marketing definition of SDN: directly programmable, agile, centrally managed, programmatically configured, open standards based and vendor-neutral.
Read more ...Video: Control Plane Protocols in OpenFlow-Based Networks
One of the typical questions I get in my SDN workshops is “how do you run control-plane protocols like LACP or OSPF in OpenFlow networks?”.
I wrote a blog post describing the process two years ago and we discussed the details of this challenge in the OpenFlow Deep Dive webinar. That part of the webinar is now public: you’ll find the OpenFlow Use Cases: Control-Plane Protocols video on the ipSpace.net Free Content web site.
There’s a Problem with IPv6 Multihoming
In an amazing turn of events, at least one IETF working group recognized we have serious problems with IPv6 multihoming. According to the email Fred Baker sent to a number of relevant IETF working groups:
PI multihoming demonstrably works, but PA multihoming when the upstreams implement BCP 38 filtering requires the deployment of some form of egress routing - source/destination routing in which the traffic using a stated PA source prefix and directed to a remote destination is routed to the provider that allocated the prefix. The IETF currently has no such recommendation, or consensus that it should have.
Here are a few really old blog posts just in case you don’t know what I’m talking about (and make sure you read the comments as well):
Read more ...1000 VM per Rack Is Perfectly Realistic
Last year I claimed that you don’t need more than two switches in your data center (I’ll run a presentation on the same topic in a few days), but focused exclusively on the networking side of the equation.
Iwan Rahabok recently published a great blog post describing the compute- and storage parts of it. His conclusion: 1000 VM per rack is perfectly realistic.
Learn to Speak Your Peer’s Language with ipSpace.net Webinars
One of the reasons I started creating ipSpace.net webinars was to help networking engineers grasp the basics of adjacent technologies like virtualization and storage. Based on feedback from an attendee of my Introduction to Virtual Networking webinar it works:
I am completely on the Network side of the house and understand what I need to build for Storage/Data replication, but I really never thoroughly understood why. This allowed me to have a coherent discussion with my counterparts in DB and Storage and some of the pitfalls that can occur if we try to cowboy the network design.
Recommendation: if you have a similar problem, start with Introduction to Virtual Networking and continue with Data Center 3.0 webinar.
Stretched Firewalls across Layer-3 DCI? Will the Madness Ever Stop?
I got this question from one of my readers (and based on these comments he’s not the only one facing this challenge):
I was wondering if you can do a blog post on Cisco's new ASA 5585-X clustering. My company recently purchased a few of these with the intent to run their cross data center active/active firewalls but found out we cannot do this without OTV or a layer 2 DCI.
A while ago I expressed my opinion about these ideas, but it seems some people still don’t get it. However, a picture is worth a thousand words, so maybe this will work:
Read more ...Optimizing Traffic Engineering with NorthStar Controller on Software Gone Wild
Content providers were using centralized traffic flow optimization together with MPLS TE for at least 15 years (some of them immediately after Cisco launched the early MPLS-TE implementation in their 12.0(5)T release), but it was always hard to push the results into the network devices.
PCEP and BGP-LS all changed that – they give you a standard mechanism to extract network topology and install end-to-end paths across the network, as Julian Lucek of Juniper Networks explained in Episode 43 of Software Gone Wild.
Read more ...Survey: Vendor NETCONF and REST API Support
Time for another fill-in-the-blanks survey: how many vendors support NETCONF and/or REST API in their data center switches, routers, firewalls and load balancers?
Please help me complete the tables by writing a comment – and do keep in mind that it only counts if it’s documented in a public configuration guide on vendor’s web site.
Also, I’m not aware of any vendor using standard NETMOD YANG models. If someone does, please let me know.
Read more ...Is Anyone Using Long-Distance VM Mobility in Production?
I had fun times participating in a discussion focused on whether it makes sense to deploy OTV+LISP in a new data center deployment. Someone quickly pointed out the elephant in the room:
How many LISP VM mobility installs has anyone on this list been involved with or heard of being successfully deployed? How many VM mobility installs in general, where the VMs go at least 1,000 miles? I'm curious as to what the success rate for that stuff is.
I think we got one semi-qualifying response, so I made it even simpler ;)
Read more ...Video: Simplify Network Configurations with Cumulus Linux
Many vendors talk about network automation these days, and almost all of them gloss over an important detail: automation works best when you manage to simplify things to the bare minimum needed to get the job done.
One of the vendors that focus on simplifying the network device configuration is Cumulus Linux.
Read more ...Was CLNP Really Broken?
One of my readers sent me this question after listening to the podcast with Douglas Comer:
Professor Comer mentioned that IP choose a network attachment address model over an endpoint model because of scalability. He said if you did endpoint addressing it wouldn’t scale. I remember reading a bunch of your blog posts about CNLP (I hope I’m remembering the right acronym) and I believe you liked endpoint addressing better than network attachment point addressing.
As always, the answer is “it depends” (aka “we’re both right” ;).
Read more ...Ever Heard of Role-Based Access Control?
During my recent SDN workshops I encountered several networking engineers who use Nexus 1000V in their data center environment, and some of them claimed their organization decided to do so to ensure the separation of responsibilities between networking and virtualization teams.
There are many good reasons one would use Nexus 1000V, but the one above is definitely not one of them.
Read more ...Why Would You Want to Attend a Classroom Workshop?
One of my regular subscribers wondered whether it makes sense to attend a live workshop (like the one we’re running in Miami in a few weeks) instead of listening to my webinars:
I am following your blog posts quite regularly, I’ve been a yearly subscriber for more than 3 years now and I’m even trying to attend as many webinars as I can in real time. Is there a real benefit to participate in this classroom event if we are almost aware of all your slide decks and videos?
Absolutely. Here’s what one of the attendees of a recent SDN workshop wrote when asking me whether I would be willing to do an on-site event for his company:
Read more ...We Need Product Documentation, not just Glitzy Demos
Whenever a vendor approaches me touting the benefits of their new gizmo, they want to give me a product demo, or offer me access to online labs… and I always tell them I’m not interested until I see their design and configuration guides.
Here’s why I think you should take the same approach:
Read more ...More Features, Improved Lock-In
Found an interesting article on High Scalability blog (another must-read web site) on how PostgreSQL improves locking behavior in high-volume transaction environment.
Needless to say, the feature is totally proprietaryrather unique and not available in most other database products. Improved locking behavior ⇒ improved lock-in.
Moral of the story: Stop yammering. Networking is no different from any other field of IT.
Update: Yep, I goofed up on the proprietary bit (it was one of those “I don’t think this word means what you think it means” gotchas). However, if you think open source product can't have proprietary features or you can’t get locked into an open-source product, I congratulate you on your rosy perspective. Reality smudged mine years ago.
SDN Internet Router Is in Production on Software Gone Wild
You might remember the great idea David Barroso had last autumn – turn an Arista switch into an Internet edge router (SDN Internet Router – SIR). In the meantime, he implemented that solution in production environment serving high-speed links at multiple Internet exchange points. It was obviously time for another podcast on the same topic.
Read more ...The Lack of Historic Knowledge Is so Frustrating
Every time I’m explaining the intricacies of new technologies to networking engineers, I try to use analogies with older well-known technologies, trying to make it simpler to grasp the architectural constraints of the shiny new stuff.
Unfortunately, most engineers younger than ~35 years have no idea what I’m talking about – all they know are Ethernet, IP and MPLS.
Just to give you an example – here’s a slide from my SDN workshop.
Read more ...Get Digital Content with the SDN Workshop
Last week I ran two SDN workshops, and in both of them the participants were busy taking notes as I explained the intricacies of concepts like SDN, NFV and network automation, and tools like OpenFlow or BGP.
However, how often did you revisit notes taken at a presentation and kept wondering “what exactly was he trying to say?” … or felt like the training you attended was like drinking from a fire hose and you missed most of the good stuff?
You won’t have that problem during the Miami SDN/NFV/SDDC retreat.
Read more ...Sometimes You Have to Decide How Badly You Want to Fail
Another week, another ExpertExpress session, as is often the case focusing on two data centers with stretched VLANs spanning both of them. However, this one was particularly irksome, as the customer ran a firewall cluster stretched across two locations.
I gave the customer engineers my usual recommendations:
Read more ...