Ivan Pepelnjak

Author Archives: Ivan Pepelnjak

More Layer-2 Misconceptions

My “What Is Layer-2 and Why Do You Need It?blog post generated numerous replies, including this one:

Pretend you are a device receiving a stream of bits. After you receive some inter-frame spacing bits, whatever comes next is the 2nd layer; whether that is Ethernet, native IP, CLNS/CLNP, whatever.

Not exactly. IP (or CLNS or CLNP) is always a layer-3 protocol regardless of where in the frame it happens to be, and some layer-2 protocols have no header (apart from inter-frame spacing and start-of-frame indicator).

Read more ...

New Webinar: vSphere 6 Networking Deep Dive

The VMware Networking Deep Dive webinar was getting pretty old and outdated, but I always managed to get an excuse to postpone its refresh – first it was lack of new features in vSphere releases, then bad timing (doesn’t make sense to do a refresh in June with new release coming out in August), then lack of documentation (vSphere 6 was announced in August 2014; the documentation appeared in March 2015).

Read more ...

Article: Is NFV Relevant for Enterprise Networks?

Network Computing recently published my “Yes, NFV Is Important For The Enterprise” article. Short summary: NFV is (like BGP and MPLS) yet another technology that is considered applicable only to service provider networks but makes great sense in some enterprise contexts.

I’ll talk about enterprise aspects of NFV at Interop Las Vegas, and describe some NFV technical details and typical use cases in an upcoming webinar.

Arista EOS Available on Whitebox Switches

A few months ago Gigamon did the right thing: they figured out that their true value lies not in the hardware boxes, but in the software running on them, and decided to start offering their GigaVUE-OS on whitebox switches.

So far, Arista is the only other networking vendor that figured out it doesn't make sense to resist the tide - Arista EOS is now available on Open Compute Networking whitebox switches.

Update 2015-04-02: If you followed the links in this blog post, you probably figured out that it’s an April Fools’ one. However, that’s not the end of the story…

Read more ...

Too Many Details Can Hurt You (or Why You Need the Fundamentals First)

The IPv6 Security Summit at the Troopers conference always has a few awesome IPv6 presentations (many people claim Troopers is the conference to attend if you’re serious about IPv6), and this year was no exception. A day after the MLD bashing, Enno Rey delivered a great in-depth presentation on DHCPv6 features and shortcomings.

It seems the DHCPv6 intricacies presented in that talk were too much for some of the attendees – that afternoon I accidentally stumbled upon a visibly distressed gentleman who started our chat with “How could anyone expect us to deploy IPv6 in a production environment?

Read more ...

Microsegmentation in VMware NSX on Software Gone Wild

VM NIC firewalls have been around for years (they’re also the reason I got my first invitation to the awesome Troopers conference), but it sounds so much better when you call them Microsegmentation (not the one I talked about @ Troopers this year).

Marketing gimmicks aside, VMware NSX includes an interesting in-kernel stateful firewall, and Brad Hedlund was kind enough to explain the intricacies of that feature in Episode 27 of Software Gone Wild

MLD Considered Harmful

Multicast Listener Discovery (MLD) protocol is well hidden deep in the bowels of IPv6 protocol stack and most of us tend to gloss over it when we discuss IPv6 neighbor discovery process… until MLD raises its ugly head to bite an unsuspecting network administrator.

The problems with MLD are not new (and I wrote exhaustively about them a while ago), but it’s always nice to see other people raise awareness of broken IPv6 features like Enno Rey and his security team did during the IPv6 Security Summit (part of Troopers 15 conference).

Read more ...

Availability Zones in Overlay Virtual Networks

Amazon Web Services was (AFAIK) one of the first products that introduced availability zones – islands of infrastructure that are isolated enough from each other to stop the propagation of failure or outage across their boundaries.

Not surprisingly, multiple availability zones shouldn’t rely on a central controller (as Amazon found out a few years back), and there are only few SDN controller vendors that are flexible enough to meet this requirement. For more details, watch the free Availability Zones video on my web site (part of Scaling Overlay Virtual Networking webinar).

Evaluation Guide: Encryptors for Metro and Carrier Ethernet

Christoph Jaggi, the author of Metro Ethernet and Carrier Ethernet Encryption Market Overview published an awesome follow-up document: an evaluation guide that lists most of the gotchas one has to be aware of when considering encryption gear, from deployment scenarios, network overhead and key exchange details to operational considerations. If you have to deal with any aspect of network encryption, this document is a must-read.