Ivan Pepelnjak

Author Archives: Ivan Pepelnjak

Palo Alto Integration with Cisco ACI and OpenStack on Software Gone Wild

A while ago Christer Swartz explained how a Palo Alto firewall integrates with VMware NSX. In the meantime, Palo Alto announced integration with Cisco ACI and OpenStack, and it was time for another podcast with Christer deep-diving into the technical details of these integrations.

Spoiler: It’s not OpFlex. For more details, listen to Episode 53 of Software Gone Wild

Do You Really Want to Write that Book?

It’s amazing how interesting questions come in batches: within 24 hours two friends asked me what I think about writing books. Here’s a summary of my replies (as always, full of opinions and heavily biased), and if you’re a fellow book author with strong opinions, please leave them in the comments.

Read more ...

Sad News: I’m Not Coming to Interop Las Vegas

Long story short: I burned out last autumn and still haven’t recovered.

I managed to find a replacement instructor for three of my workshops, so I hope they’ll still take place. I’m also working on other ways of delivering them to whoever is interested in an interactive live session.

To all the people who wanted to meet me in Las Vegas: I’m really sorry I’ll miss you. Interop was always a great place for interesting conversations and awesome workshop audiences.

How Hard Is It to Think about Failures?

Mr. A. Anonymous, frequent contributor to my blog posts left this bit of wisdom comment on the VMware NSX Update blog post:

I don't understand the statement that "whole NSX domain remains a single failure domain" because the 3 NSX controllers are deployed in the site with primary NSX manager.

I admit I was a bit imprecise (wasn’t the first time), but is it really that hard to ask oneself “what happens if the DCI link fails?

Read more ...

x86-Based Switching at Ludicrous Speed on Software Gone Wild

Imagine you want to have an IPv6-only access network and transport residual IPv4 traffic tunneled across it. Sounds great, but you need to terminate those tunnels and encapsulate/decapsulate IPv4 traffic at multi-gigabit rate.

There are plenty of reassuringly-expensive hardware solutions that can do that, or you could work with really smart people and get software-based solution that can do 20 Gbps per CPU core.

Read more ...

Table Sizes in OpenFlow Switches

This article was initially sent to my SDN mailing list. To register for SDN tips, updates, and special offers, click here.

Usman asked a few questions in his comment on my blog, including:

At the moment, local RIB gets downloaded to FIB and we get packet forwarding on a router. If we start evaluating too many fields (PBR) and (assume) are able to push these policies to the FIB - what would become of the FIB table size?

Short answer: It would explode ;)

Read more ...