NETCONF Agent(s) on Cisco IOS XE 16.x

Evgeny made an interesting observation while testing the NETCONF client on IOS XE 16.x (see also this comment on my blog):

The most interesting part: for unknown reason IOS-XE gives different answers about capabilities on ports 830 and 22.

Einar quickly explained the mysterious behavior:

Worth Reading: Legacy software and Evolution

In case you’re wondering why we’re stuck with old stuff like TCP, IPv4, OSPF, and a few other bits and pieces that were invented decades ago when we could be using the glitzy controller-based software-defined whatever, read the blog post by Martin Sustrik. He talks about software, but we’re facing the same challenges in networking.

Video: Overlays in Data Center Fabrics

Lukas Krattiger (Cisco Systems) was the guest speaker in Layer-2+3 fabrics part of the Leaf-and-Spine Fabric Design webinar, and he started his presentation with an overview of how we use overlays in data center fabrics.

Network Automation Is Much More than Configuration Management

Most network automation presentations you can find on the Internet focus on configuration management, either to provision new boxes, or to provision new services, so it’s easy to assume that network automation is really a fancy new term for consistent device configuration management.

However, as I explained in the Network Automation 101 webinar, there’s so much more you can do and today I’d like to share a real-life example from Jaakko Rautanen, an alumni of my Building Network Automation Solutions online course.

Practice Your Wireshark-Fu with PCAP Challenges

Johannes Weber built a CCNP practice lab, configured 22 different protocols in it, and took packet captures of all of them happily chatting. To make things more interesting he created 45 challenges that you can solve with Wireshark using the pcap file he published.

Let’s Drop Some Random Commands, Shall We?

One of my readers sent me a link to CCO documentation containing this gem:

Beginning with Cisco NX-OS Release 7.0(3)I2(1), Cisco Nexus 9000 Series switches handle the CLI configuration actions in a different way than before the introduction of NX-API and DME. The NX-API and DME architecture introduces a delay in the communication between Cisco Nexus 9000 Series switches and the end host terminal sessions, for example SSH terminal sessions.

So far so good. We can probably tolerate some delay. However, the next sentence is a killer…

2017-04-05: The wonderful information disappeared from Cisco's documentation within 24 hours with no explanation whatsoever. However, I expected that and took a snapshot of that page before publishing the blog post ;)

Follow-up: Load Balancers and Session Stickiness

My Why Do We Need Session Stickiness in Load Balancing blog post generated numerous interesting comments and questions, so I decided to repost them and provide slightly longer answers to some of the questions.

Warning: long wall of text ahead.

NETCONF on Cisco Campus Switches on Software Gone Wild

During Cisco Live Europe (huge thanks to Tech Field Day crew for bringing me there) I had a chat with Jeff McLaughlin about NETCONF support on Cisco IOS XE, in particular on the campus switches.

We started with the obvious question “why would someone want to have NETCONF on a campus switch”, continued with “why would you use NETCONF and not REST API”, and diverted into “who loves regular expressions”. Teasing aside, we discussed:

Q&A: What Is a Hyperconverged Infrastructure?

I’m running a hyperconverged infrastructure event with Mitja Robas on April 6th, and so my friend Christoph Jaggi sent me a list of interesting questions, starting with:

What are hyperconverged infrastructures?

The German version of the interview is published on inside-it.ch.

Railroads and Cars: a Fairy Tale

Imagine a Flatworld in which railways are the main means of transportation. They were using horses and pigeons in the past, and experimenting with underwater airplanes, but railways won because they were cheaper than anything else (for whatever reason, price always wins over quality or convenience in that world).

As always, there were multiple railroad tracks and trains manufacturers, and everyone tried to use all sorts of interesting tricks to force the customers to buy tracks and trains from the same vendor. Different track gauges and heptagonal wheels that worked best with grooved rails were the usual tricks.

Securing Network Automation: Troopers 17 Presentation

Niki Vonderwell kindly invited me to Troopers 2017 and I decided to talk about security and reliability aspects of network automation.

The presentation is available on my web site, and I’ll post the link to the video when they upload it. An extended version of the presentation will eventually become part of Network Automation Use Cases webinar.

Cisco and Apple Agree: QoS Marking Is an Application Problem

The last presentation during the Tech Field Day Extra @ Cisco Live Europe event was a Cisco-Apple Partnership presentation, and we expected an hour of corporate marketese.

Can’t tell you how pleasantly surprised we were when Jerome Henry started his very technical presentation explaining the wireless goodies you get when using iOS with IOS.

Update: Virtual Switches in vSphere Environment

Just FYI: a week after I wrote this (don't forget to go through the comments), VMware made it official:

…we’ve found that VMware’s native virtual switch implementation has become the de facto standard for greater than 99% of vSphere customers today. … Moving forward, VMware will have a single virtual switch strategy that focuses on two sets of native virtual switch offerings – VMware vSphere® Standard Switch and vSphere Distributed Switch™ for VMware vSphere, and the Open virtual switch (OVS).

Video: SPB Deep Dive

During the Leaf-and-Spine Fabric Designs webinar Roger Lapuh from Avaya explained how Avaya uses SPB technology to build a L2+L3 fabric.

Updated: User Authentication in Ansible Network Modules

Ansible network modules (at least in the way they’re implemented in Ansible releases 2.1 and 2.2) were one of the more confusing aspects of my Building Network Automation Solutions online course (and based on what I’m seeing on various chat sites we weren’t the only ones).

I wrote an in-depth explanation of how you’re supposed to be using them a while ago and now updated it with user authentication information.

Why Do We Need Session Stickiness in Load Balancing?

One of the engineers watching my Data Center 3.0 webinar asked me why we need session stickiness in load balancing, what its impact is on load balancer performance, and whether we could get rid of it. Here’s the whole story from the networking perspective.

Two Switches Saga: Now in Text Format

Remember the All You Need Are Two Switches saga? Several readers told me they’d like to have in text (article) format, so I found a transcription service, and started editing what they produced and publishing it. The first two installments are already online.

On a related topic: we’ll discuss the viability of this approach in April DIGS event in Zurich, Switzerland.

Why Didn’t We Have Leaf-and-Spine Fabrics a Decade Ago?

One of my readers watched my Leaf-and-Spine Fabric Architectures webinar and had a follow-up question:

You mentioned 3-tier architecture was dictated primarily by port count and throughput limits. I can understand that port density was a problem, but can you elaborate why the throughput is also a limitation? Do you mean that core switch like 6500 also not suitable to build a 2-tier network in term of throughput?

As always, the short answer is it depends, in this case on your access port count and bandwidth requirements.

TCP in the Data Center and Beyond on Software Gone Wild

In autumn 2016 I embarked on a quest to figure out how TCP really works and whether big buffers in data center switches make sense. One of the obvious stops on this journey was a chat with Thomas Graf, Linux Core Team member and a founding member of the Cilium project.

Running vSphere on Cisco ACI? Think Twice…

When Cisco ACI was launched it promised to do everything you need (plus much more, and in multi-hypervisor environment). It was quickly obvious that you can’t do all that on ToR switches, and need control of the virtual switch (the real network edge) to get the job done.