BGP, EVPN, VXLAN, or SRv6?

Daniel Dib asked an interesting question on LinkedIn when considering an RT5-only EVPN design:

I’m curious what EVPN provides if all you need is L3. For example, you could run pure L3 BGP fabric if you don’t need VRFs or a limited amount of them. If many VRFs are needed, there is MPLS/VPN, SR-MPLS, and SRv6.

I received a similar question numerous times in my previous life as a consultant. It’s usually caused by vendor marketing polluting PowerPoint slide decks with acronyms without explaining the fundamentals¹. Let’s fix that.

MUST READ: Making Segment Routing User-Friendly

Dmytro Shypovalov wrote a fantastic article explaining the basics of MPLS-based Segment Routing. It’s pretty much equivalent to everything I ever wrote about SR-MPLS but in a much nicer package. Definitely a must-read.

CCIE Preparation with netlab

Ben asked an interesting question:

Do you think, realistically in 2024, netlab would suffice to prepare the CCIE lab exam? Particulary for the SP flavor, since netlab supports a lot of routing protocols. Thanks!

TL&DR: No.

netlab would be a great tool to streamline your CCIE preparation studies. You could:

Worth Reading: AI Is Still a Delusion

Here’s another AI rant to spice your summer: AI Is Still a Delusion, including an excellent example of how the latest LLMs flunk simple logical reasoning. I particularly liked this one-line summary:

The real danger today is not that computers are smarter than us but that we think computers are smarter than us and consequently trust them to make decisions they should not be trusted to make.

It might be worth remembering that quote when an AI-powered management appliance messes up your network because of a false positive ;)

EBGP Load Balancing with BGP Link Bandwidth

The first BGP load balancing lab exercise described the basics of EBGP equal-cost load balancing. Now for the fun part: what if you want to spread traffic across multiple links in an unequal ratio? There’s a nerd knob for that: the BGP Link Bandwidth extended community that you can test-drive in this lab exercise.

Worth Reading: GitHub Copilot Workspace Review

In Matt Duggan’s blog post, you’ll find a scathing review of another attempt to throw AI spaghetti at the wall to see if they stick: the GitHub Copilot Workspace.

He also succinctly summarized everything I ever wanted to say about the idea of using AI tools to generate networking configurations:

Having a tool that makes stuff that looks right but ends up broken is worse than not having the tool at all.

Worth Reading: Why Do We Have Native VLANs?

Daniel Dib went on another deep dive: Why Do We Have Native VLANs? What I loved most was that he went through the whole 802.1 standard (quite an undertaking) and explained the reasoning that VLAN-aware switches behave the way they do.

You should also read the follow-up post: what happens if a VLAN-unaware switch receives an 802.1Q-tagged frame?

MUST READ: ChatGPT Is Bullshit

Bogdan Golab sent me a link to an (open access) article in Ethics and Information Technology arguing why ChatGPT is bullshit. Straight from the introduction:

Because these programs cannot themselves be concerned with truth, and because they are designed to produce text that looks truth-apt without any actual concern for truth, it seems appropriate to call their outputs bullshit.

Have fun!

Master New Platforms and Technologies with netlab

One of my readers sent me this remark (probably while trying to work on the EBGP Sessions over the IPv6 LLA Interfaces lab):

I did attempt some of your labs, like IPv6 link-local-only BGP with FRR hosts, but FRR seemed not to play ball, or I was just doing it wrong.

As he was already using netlab, I could send him a cheat code:

Running Arista cEOS in GitHub Codespaces

Yesterday, I explained how you can run netlab examples in GitHub codespaces and mentioned that they work best with vendors who understand the value of frictionless downloads. But what if you’d like to use a device from one of the good guys who provide the container images but require a registration?

It turns out the solution is trivial:

Netlab Examples in GitHub Codespaces

A few days ago, someone asked me about the IPv4 next-hop details of running interface EBGP sessions. I pointed him to a blog post explaining them, adding, “And of course, you can test that in netlab.” A few minutes later, it hit me: instead of asking him to set up netlab locally, I could enable him to do that in a minute with GitHub codespaces.

Setting that up was easy: copy the .devcontainer directory from the BGP labs repository into the netlab examples repository and commit the change. After a short yak-shaving exercise (writing README files and rearranging a few folders), I successfully started the codespace and was ready for this blog post. There was just one gotcha…

Worth Reading: The Evolution of Network Security

Sharada Yeluri published an interesting overview of the evolution of network security, from packet filtering firewalls to GenAI and Quantum Computing (yeah, she works for a networking vendor ;). Definitely worth reading if you’re looking for an intro-level overview.

Worth Reading: Don’t Use Excel as a Source of Truth

Some people insist on using Excel as the ultimate source of user-supplied data (including network automation source of truth).

If you agree with me that that’s not necessarily the best idea out there, you might enjoy this rant by Nikhil Suresh.

Explore and Fix BGP Wedgies

RFC 4264 defines BGP wedgies as “a class of BGP configurations for which there is more than one potential outcome, and where forwarding states other than the intended state are equally stable.” Even worse, “the stable state where BGP converges may be selected by BGP in a non-deterministic manner.”

Want to know more? You can explore a real-life BGP wedgie and fix it in the latest BGP lab exercise.

Looking for a Simple Multihop EBGP Use Case

I plan to add several challenge labs using multihop EBGP sessions to the BGP labs project, including:

1. Running BGP between VMs and central BGP route servers
2. Using multihop EBGP session to send full Internet routing table to a customer without overloading the PE-router
3. Running EBGP EVPN session between loopbacks advertised with EBGP IPv4 session (🤢)

However, I would love to start with a simple use case to help engineers unfamiliar with BGP realize when they might have to use multihop EBGP sessions. Unfortunately, I can’t find one, and the scenarios where I used multihop EBGP in the past (EBGP load balancing and using a low-end router in the EBGP path, where I was effectively using the reverse application of #2 as a customer) are mostly irrelevant.

Would you have an easy-to-understand use case that is best solved with a multihop EBGP session? Please share it in the comments. Thanks a million!

Running BGP Labs in GitHub Codespaces

I love open-source tools (and their GitHub repositories). Someone launches a cool idea, and you can dig through their source code to figure out how it works. It beats reading documentation or fixing AI hallucinations every day of the week ;)

Not too long ago, the containerlab team launched the ability to run containerlab within a free¹ container² running on GitHub, and that seemed like a perfect solution to run the BGP labs (Jeroen van Bemmel pointing me in the right direction was another significant step forward).

netlab 1.8.4: vrnetlab Containers, Catalyst 8000v

I don’t think I ever created two netlab releases in a week, but last week, I stumbled upon a motherlode of goodies, and it would be a shame not to make them available.

Someone tried to use netlab with vrnetlab containers for CSR 1000v and Nexus 9300v. We got it to work, but when I started integrating his changes into the development branch, I wanted to test them, so I installed vrnetlab to create my own container images. vrnetlab is an excellent tool, and building containers is a breeze (running them is a different story), so I added support for vrnetlab containers for every device supported by that tool and netlab for which I happened to have a disk image.

Worth Reading: You Probably Don’t Need AI

Here’s another rant to spice up your weekend: focus on fixing your company’s problems instead of chanting the AI mantra. Have fun ;)

Automated Validation of BGP Labs

In late 2023, I started playing with the idea of having automated validation in netlab. The early implementation was used in BGP labs, and a user liked it so much that he opened an issue saying:

I would suggest providing netlab validate for each lab.

Numerous rounds of yak-shaving later, I merged a humongous commit that adds automated validation to these lab exercises:

netlab 1.8.3: RIPv2, BGP Route Servers

During the ITNOG8 netlab presentation, I jokingly said something along the lines “all that’s missing is RIPv2 and Babel.” That’s no longer true; someone asked me how hard it would be to add RIPv2 to netlab, and I said, “give me a few days 😎”

Other new features in netlab release 1.8.3 include support for BGP route servers (and route server clients), BGP Link Bandwidth community, and OSPF/BGP validation plugins for Arista EOS, Cumulus Linux and FRR. We also fixed the installation scripts to work with Ubuntu 24.04 and Debian Bookworm.

For more details, read the release notes.