Ivan Pepelnjak
Author Archives: Ivan Pepelnjak
- Home → Author's archive:
Ivan Pepelnjak
Just Published: High-Level Azure Networking Concepts
Last week we started the Microsoft Azure Networking saga that will eventually mirror the AWS Networking materials.
I recorded the hands-on demos in advance so we had plenty of time to discuss Azure API and CLI, geographies, regions and availability zones, high-availability concepts, and deployments models… and spent the second half of the live session focusing on virtual networks, subnets, interface, and IP addresses. The videos are already online and accessible with Standard ipSpace.net Subscription.
Next step (on September 24th): network security and user-defined routes.
If You Travel to Slovenia, You SHOULD NOT Fly with Adria Airways
I apologize to my regular readers for a completely off-topic post, but if I manage to save a single traveller the frustrations I experienced a few weeks ago it was well worth it. Also, please help spread the word…
TL&DR: If you travel to Slovenia, DO NOT even consider flying with Adria Airways (and carefully check the code-share flights, they might be hiding under a Lufthansa or Swiss flight number). Their actual flight schedule is resembling a lottery, and while I always had great experience with the friendly, courteous and highly professional cabin crews, it’s totally impossible to reach their customer service.
2019-09-30: The agony ended sooner than I expected. On September 30th Adria Airways declared bankruptcy, ending the frustration and uncertainty of thousands of passengers they left stranded across Europe for almost 10 days. So long Adria, and thanks for all the good flights (we'll eventually forget all the mess you made in the last year)
2019-09-22: Added updates on what happened during last week. The whole thing is becoming a soap opera
Video: Beyond Two Nodes
In the introductory videos of How Networks Really Work webinar I described the mandatory elements of any networking solution and additional challenges you have to solve when you can’t pull a cable between the adjacent nodes.
It’s time for the next bit of complexity: what if we have more than two nodes connected to the same network segment? Welcome to the world of multi-access networks and data link control.
You need free ipSpace.net subscription to watch the videos in Overview of Networking Challenges section, or a paid ipSpace.net subscriptions to watch the rest of the webinar.
Disaster Recovery Test Faking: Another Use Case for Stretched VLANs
The March 2019 Packet Pushers Virtual Design Clinic had to deal with an interesting question:
Our server team is nervous about full-scale DR testing. So they have asked us to stretch L2 between sites. Is this a good idea?
The design clinic participants were a bit more diplomatic (watch the video) than my TL&DR answer which would be: **** NO!
Let’s step back and try to understand what’s really going on:
Read more ...Updated: Impact of IP Fragmentation on Tunnels and Encryption
The last bits of updated Never-Ending Story of IP Fragmentation were published a few days ago: IP fragmentation and tunnels and summary and related blog posts, RFCs and other articles.
Response: The OSI Model Is a Lie
Every now and then I stumble upon a blog post saying “OSI 7-layer model sucks” or “OSI 7-layer model is a lie”, most recent one coming from Robert Graham.
Before going into the details, let’s agree on the fundamentals.
Most everyone who ever tried to build a network spanning more than one transmission technology and including intermediate nodes came to the conclusion that layered approach to networking makes sense.
Whether you have three, four, five, or seven layers in your model doesn’t matter. What really matters is that your model contains all the functionality you need to implement host-to-host networking in target environment.
Read more ...Supply-Chain Security in Open-Source Software
Last week we started the Autumn 2019 Building Network Automation Solutions online course with an interesting presentation from Matthias Luft focused on open-source supply chain security
TL&DR: Can I download whatever stuff I found as my first Google hit and use it in my automation solution? ****, NO!
Matthias covered these topics:
Read more ...Intent-Based Networking with Batfish on Software Gone Wild
Imagine you would have a system that would read network device configurations, figure out how those devices might be connected, reverse-engineer the network topology, and be able to answer questions like “what would happen if this link fails” or “do I have fully-redundant network” or even “how will this configuration change impact my network”. Welcome to Batfish.
Interested? You’ll find more in Episode 104 of Software Gone Wild.
Measure Twice, Cut Once: Ansible net_interface
As I was preparing the materials for Ansible 2.7 Update webinar sessions I wanted to dive deeper into declarative configuration modules, starting with “I wonder what’s going on behind the scenes”
No problem: configure EEM applet command logging on Cisco IOS and execute an ios_interface module (more about that in another blog post)
Next step: let’s see how multi-platform modules work. Ansible has net_interface module that’s supposed to be used to configure interfaces on many different platforms significantly simplifying Ansible playbooks.
Read more ...Updated: Path MTU Discovery
After describing MTU basics and drawbacks of IP fragmentation, it’s time for more details: Path MTU Discovery (PMTUD) and network implications of using ICMP for PMTUD.
Interested in similar topics? Check out How Networks Really Work webinar.
If You Have to Simulate Your Whole Network, You’re Doing It Wrong
This blog post was initially sent to subscribers of my SDN and Network Automation mailing list. Subscribe here.
Have you ever seen a presentation in which a startup is telling you how awesome their product is because it allows you to simulate your whole network in a virtual environment? Not only that, you can use that capability to build a test suite and a full-blown CI/CD pipeline and test whether your network works every time you make a change to any one box in the network.
Sounds awesome, right? It’s also dead wrong. Let me explain why that’s the case.
Read more ...Just Published: NSX-T Technical Deep Dive Slide Deck
Last year when I was creating the first version of VMware NSX Deep Dive content, NSX-V was mainstream and NSX-T was the new kid on the block. A year later NSX-V is mostly sidelined, and all the development efforts are going into NSX-T. Time to adapt the webinar to new reality… taking the usual staged approach:
- The new slide deck covering NSX-V and NSX-T is ready. It includes early information about NSX-T release 2.5; I’ll fill in the details once the documentation becomes public.
- I’ll use the slide deck in day-long workshop in Zurich on September 10th.
- The live webinar sessions (including updated NSX-T 2.5 content) will start on November 14th.
Video: Introducing Transmission Technologies
After discussing the challenges one encounters even in the simplest networking scenario connecting two computers with a cable we took a short diversion into an interesting complication: what if the two computers are far apart and we can’t pull a cable between them?
Trying to answer that question we entered the wondrous world of transmission technologies. It’s a topic one can spent a whole life exploring and mastering, so we were not able to do more than cover the fundamentals of modulations and multiplexing technologies.
You need free ipSpace.net subscription to watch the video, or a paid ipSpace.net subscriptions to watch the rest of the webinar.
Upcoming Events and Webinars (September 2019)
We’re back from the summer break for real - the first autumn 2019 ipSpace.net event takes place today: I’ll talk about the fallacies of distributed computing.
September will be an intensive month:
- We’re starting the autumn 2019 network automation course on September 3rd;
- A week after that (September 10th) I’ll run a day-long VMware NSX workshop in Zurich;
- Azure Networking webinar series is starting on September 12th and continuing on September 24th;
- Lukas Krattiger will talk about service insertion in leaf-and-spine fabrics on September 17th.
Of course, we’ll keep going… our event calendar is fully packed till mid-November. More about that in a month.
Updated: Never-Ending Story of IP Fragmentation
In mid 2000s I wrote a number of articles describing various TCP/IP features. Most of them are a bit outdated, so I decided to clean up, update and repost the most interesting ones on ipSpace.net, starting with Never-Ending Story of IP Fragmentation.
The first part of that article is already online, covering MTU basics and drawbacks of IP fragmentation.
NETCONF and RESTCONF Overview
Andrea Dainese decided to describe a series of mechanisms and protocols you can use in network automation. He started with Zero-Touch Provisioning and continued with screen scraping. Next one on his list: NETCONF and RESTCONF
Recently Published: Azure Networking Demo Videos
Remember my rant about the glacial speed of Azure orchestration system? I decided I won’t allow it to derail yet another event and recorded the demos in advance of the first live session. The final videos are just over an hour long; it probably took me at least three hours to record them.
If you plan to attend the live webinar session on September 12th, you might want to watch at least the first few videos before the live session - I will not waste everyone’s time repeating the demos during the live session.
Video: Networking Challenges
Whenever you’re discussing a complex topic it’s worth adhering to two principles: (A) identify the challenges you’re trying to solve and (B) start as simple as you can and add complexity later.
We did exactly that in the Introducing Networking Challenges part of How Networks Really Work webinar. We started with the simplest possible case of two computers connected with a cable… and even there identified a plethora of challenges that had to be solved more than half a century ago (and still have to be solved today no matter what magic software-defined technology someone pulls out of their wizard hat).
You need free ipSpace.net subscription to watch the video, or a paid ipSpace.net subscriptions to watch the rest of the webinar.
Must Read: When Redundancy Actually Helps
Stumbled upon an excellent redundancy-focused blog post (HT: High Scalability). Here are just a few important points:
- Don’t make things too complex;
- Don’t add more risk than you take away;
- You’ve got to fail over in the right direction;
- You must be able to return to fully-redundant mode.
I’m guessing that people promoting stretched VLANs, vSphere and/or NSX clusters running across multiple sites, weird combination of EVPN and OTV, and a dozen similar shenanigans never considered any one of these points.
Brief History of VMware NSX
I spent a lot of time during this summer figuring out the details of NSX-T, resulting in significantly updated and expanded VMware NSX Technical Deep Dive material… but before going into those details let’s do a brief walk down the memory lane ;)
We’re running an NSX Deep Dive workshop in Zurich in early September, followed by NSX-T update webinar in mid-November.
You might remember a startup called Nicira that was acquired by VMware in mid-2012… supposedly resulting in the ever-continuing spat between Cisco and VMware (and maybe even triggering the creation of Cisco ACI).
Read more ...