Ivan Pepelnjak
Author Archives: Ivan Pepelnjak
- Home → Author's archive:
Ivan Pepelnjak
Let’s build a small network automation solution!
Do you have the feeling that you should know more about network automation, but don't know where to start? I was facing that same problem in 2015, and then started exploring Ansible (plus YAML, Jinja2, Git, Puppet…), creating small playbooks, and finally came to a point where I said "now I know that you can have a small solution solving an actual problem ready in a few weeks even if you know absolutely nothing today".
Read more ...Regional Internet Exits in Large DMVPN Deployment
One of my readers wanted to implement a large DMVPN cloud with regional Internet exit points:
We need to deploy a regional Internet exits and I’d like to centralize them. Each location with a local Internet exit will be in a region and that location will advertise a default-route into the DMVPN domain to only those spokes in that particular region.
He wasn’t particularly happy with the idea of deploying access and core DMVPN clouds:
Read more ...Worth Reading: Security and IoT
A great essay by Bruce Schneier about (lack of) security in IoT and why things won’t improve without some serious intervention.
Few Secrets of Successful Learning: Focus, Small Chunks, and Sleep
One of my readers sent me a few questions about the leaf-and-spine fabric architectures webinar because (in his own words)
We have some projects 100% matching these contents and it would be really useful this extra feedback, not just from consultants and manufacturer.
When I explained the details he followed up with:
Now, I expect in one or two weeks to find some days to be able to follow this webinar in a profitable way, not just between phone calls and emails.
That’s not how it works.
Read more ...Network Testing on Software Gone Wild
Network automation and orchestration is a great idea… but how do you verify that what your automation script wants to do won’t break the network? In Episode 78 of Software Gone Wild we discussed the intricacies of testing network automation solutions with Kristian Larsson (developer of Terastream orchestration softare) and David Barroso of the NAPALM and SDN Internet Router fame.
Read more ...Looking for a Tool to Create Device Configurations from Templates
One of my readers sent me this question:
Other than using Excel (and of course an automation tool) any suggestions for a tool to create device config for some 200 customer VRFs from a standard template?
You need three things to get the job done:
Read more ...Failure Is Inevitable – Deal with It!
Last week a large European financial institution had a bad hair day. My friend Christoph Jaggi asked for my opinion, and I decided not to focus on the specific problem (that’s what post-mortems are for) but to point out something that’s often forgotten: don’t believe your system won’t fail, be prepared to deal with the failure.
Have to choose between VMware NSX and Cisco ACI? You’re Not Alone
I keep getting questions along the lines of “should I go with VMware NSX or should I deploy Cisco ACI” every single week, and as you know it’s hard to answer anything but it depends without spending hours on the topic.
That’s exactly what we plan to do in Zurich next Tuesday (May 16th) in a DIGS workshop that will run in parallel with the Data Center & Cloud Day (part of the SIGS Technology Conference).
Read more ...Follow-up: Nexus-OS Dropping Configuration Commands
Not long after I published the let’s drop some configuration commands rant I got a very nice email from Nicolas Delecroix, Technical Marketing Engineer in Cisco INSBU, effectively saying “Would you have time for a short WebEx call to discuss the root cause of the problem and what we did to fix it?”
Of course I agreed and here’s what they told me:
Read more ...What IPv6 Transition Mechanisms Are Actually Being Used?
An engineer watching my IPv6 Transition Mechanisms webinar sent me this question:
We would appreciate any insight you might have as to which transitional mechanisms the ISPs are actually deploying.
All of them ;)
Read more ...Interim Forwarding Loops in OSPF or IS-IS Networks
One of my readers sent me this question (slightly rephrased):
Assume you have A,B and C connected in a triangle (with an alternate longer path to C). What happens if C loses its links to A and B? Won’t the traffic to C loop between A and B for a while?
As always, it depends.
Read more ...Securing Network Automation Video Is Online
The awesome Troopers crew published conference videos, including my Securing Network Automation presentation (more, including slide deck).
What is VxRail?
One of my readers was considering Dell/EMC hyperconverged solutions and sent me this question:
Just wondering if you have a chance to check out VxRail.
I read the data sheet and spec sheet, but have never seen anyone using it (any real-life experience highly welcome – please write a comment).
Read more ...Salt and SaltStack on Software Gone Wild
Ansible, Puppet, Chef, Git, GitLab… the list of tools you can supposedly use to automate your network is endless, and there’s a new kid on the block every few months.
In Episode 77 of Software Gone Wild we explored Salt, its internal architecture, and how you can use it with Mircea Ulinic, a happy Salt user/contributor working for Cloudflare, and Seth House, developer @ SaltStack, the company behind Salt.
Read more ...Worth Reading: Who Moved My Control Plane?
Jordan Martin published a nice summary of what I’ve been preaching for years: centralized control plane doesn’t work (well) while controller-based network orchestration makes perfect sense.
While I totally agree with what he wrote he got the hype angle wrong:
Read more ...Update: VMware NSX in Redundant L3-only Data Center Fabric
Short update for those that read the original blog post: it turns out that the answer to the question “Is it possible to run VMware NSX on redundantly-connected hosts in a pure L3 data center fabric?” is still NO.
VTEPs from different ESXi hosts can be in different subnets, but while a single ESXi host might have multiple VTEPs, the only supported way to use them is to put them in the same subnet. I removed the original blog post.
A huge thank you to everyone who pushed me with their comments and emails to find the correct answer.
Mini-RSA in Zurich, NSX, ACI, Automation…
I’ll be doing several on-site workshops in the next two months. Here’s a brief summary of where you could meet me in person.
A bit of manual geolocation first: if you’re from Europe, check out the first few entries, if you’re from US, there’s important information for you at the bottom, and if you don’t want to travel Europe or US, there’s an online course starting in September ;)
Read more ...VMware NSX in Redundant L3-only Data Center Fabric
During the Networking in Private and Public Clouds webinar I got an interesting question: “Is it possible to run VMware NSX on redundantly-connected hosts in a pure L3 data center fabric?”
TL&DR: I thought the answer is still No, but after a very helpful discussion with Anthony Burke it seems that it changed to Yes (even through the NSX Design Guide never explicitly says Yes, it’s OK and here’s how you do it).
Read more ...Figure Out What the Customer Really Needs
One of the toughest challenges you can face as a networking engineer is trying to understand what the customer really needs (as opposed to what they think they’re telling you they want).
For example, the server team comes to you saying “we need 5 VLANs between these 3 data centers”. What do you do?
Read more ...Video: Routing on Hosts Deep Dive
Wondering how exactly routing on hosts works? Dinesh Dutt explained the details in this 10-minute video during the Leaf-and-Spine Fabric Designs webinar.