rickmur

Author Archives: rickmur

VMware NSX 101 – Components

Today I want to explain the basic components and the set-up of VMware NSX. In this case I’m referring to NSX for vSphere or NSX-V for short. I want to explain what components are involved, how you set them up for an initial deployment and what the requirements are.

Versioning

At time of this writing the latest release is NSX 6.1.4. This version added support for vSphere 6, although you cannot use any vSphere 6 feature in this release, there is support for the platform itself only.

vSphere

The first step is of course deploy your ESXi vSphere cluster with ESXi 5.5 or 6.0 with vCenter 5.5 or 6.0. I recommend using the vCenter Server Appliance (VCSA) instead of the Windows version. You will also need a Windows VM where the vSphere Update Manager is installed, this is not available as virtual appliance, only as Windows application. I also highly recommend installing an Active Directory server to manage all of your passwords. You will be installing a large amount of machines with all different usernames and possibly passwords. I recommend picking a very long and difficult one, as all VMware appliances seem to require Continue reading

EVPN Configuration

In my last blog I explained the features and use cases of the EVPN technology. In this blog I want to show how easy it is to configure, enable and expand EVPN. The configuration is focused on the Juniper MX platform, but as Junos is the single operating system across the entire Juniper portfolio, configuration on other platforms (like EX9200) is equal.

Design

The topology is really simple. I’m using 2 routers in this example, so multi-homing is not in scope. Each router has an Ethernet segment connected that consists of multiple VLANs on each side. There is 1 VLAN ID that is not equal on both sides, so this has to be taken care of.

EVPNtopology

Prepare for EVPN

To make sure we can start creating our VPN, we have to ensure the foundation is in place. This means we need IP reachability to the other Data Center routers loopback address and we need BGP with the EVPN address family enabled. The Junos release I’m testing with needs a special knob to be enabled to ensure packet lookups are done in the right way. Other versions will see this knob disappear as it is default moving forward.

routing-options {
    autonomous-system 64999;
    forwarding-table {
         Continue reading

EVPN (RFC 7432) Explained

EVPN or Ethernet VPN is a new standard that has finally been given an RFC number. Many vendors are already working on implementing this standard since the early draft versions and even before that Juniper already used the same technology in it’s Qfabric product. RFC 7432 was previously known as: draft-ietf-l2vpn-evpn.

The day I started at Juniper I saw the power of the EVPN technology which was already released in the MX and EX9200 product lines. I enabled the first customers in my region (Netherlands) to use it in their production environment.

EVPN is initially targeted as Data Center Interconnect technology, but is now deployed within Data Center Fabric networks as well to use within a DC. In this blog I will explain why to use it, how the features work and finally which Juniper products support it.

Why?

Data Center interconnects have historically been difficult to create, because of the nature of Layer 2 traffic and the limited capabilities to control and steer the traffic. When I have to interconnect a Data Center today I have a few options that often don’t scale well or are proprietary. Some examples:

  • Dark Fiber
  • xWDM circuit
  • L2 service from a Service Provider
  • VPLS
  • Continue reading

Nested Virtualization

A typical Network Virtualization demo is difficult as you need quite some hypervisor hosts to run some VMs on and interconnect them using Overlays. I solve this using nested virtualization. This means that I run a hypervisor running on another. This gives me the flexibility that my physical nodes, or “hypervisor underlay” if you will, can scale easily and I’m independent of them.

My physical cluster consists of 2 nodes running ESXi with vCenter. On top of that I’m running 4 other ESXi hosts divided in 2 “virtual” clusters and 4 KVM hosts as Contrail Compute Nodes.

How does this work?

This technology works using Intel’s VT-x (which is hardware assisted virtualization) and EPT (to virtualise memory allocations). This combination works since the “Nehalem” archnested1itecture (released 2008). The technology is ported to the more “Desktop” oriented CPU’s as well, so there is a good chance your notebook supports it as well. Since the Haswell architecture the nested virtualization works even better as Intel now supports VMCS Shadowing for nested VMs, which creates a data structure in memory per VM (and now supports nested VMs as well, which used to be a software effort).

Memory is the biggest burden in these Continue reading

Using the Junos Space REST API

Automation is going to be fundamental in all networking products. I’ve been working a lot on integrating Juniper products in existing and standard software. There are many different ways to automate something on a network running Junos. Using REST (or RESTful) APIs is one way of doing this. The reason I’m using REST is that it’s fairly easy to understand, but the best thing is that a large amount of existing products supports REST to integrate with it.

The goal of this blog is to explain how Junos products support REST, compatibility with older versions and how it scales.

What is REST?

REST (REpresentational State Transfer) is a simple stateless architecture that generally runs over HTTP. There are 4 commonly supported commands. When you issue a command your input data consists of a URL, HTTP headers and a body holding the data.

HTTP Headers are used for things like Authentication and a Content Type to let the application know what data format the body will contain.
The URL specifies which data you want to receive from the application or you want to change.
The body is empty in a request for data, when you want to change some data this Continue reading

Home Lab Server

Currently I’m doing a lot of testing at home on Network Virtualization solutions, like VMware NSX, Juniper Contrail, etc. Therefore I was stressing my current single home server quite a lot. Which is a custom build Xeon E3-1230 quad core with 32GB of RAM and 128GB SSD. I built this server according to the specifications found at: http://packetpushers.net/vmware-vcdx-lab-the-hardware/ . This has been a great investment as I’m running nested virtualization for both KVM and ESXi hypervisors and run the testing in there. Due to the fact that for a decent Network Virtualization (NV) set-up you need quite some memory, especially if you look at the memory utilisation of the NV Controller VMs, I had to expand my lab. I chose to extend it with an additional server so I would be physically redundant as well, making it easier to run upgrades on the physical machines.

Requirements

My requirements aren’t difficult as I mainly perform feature testing in my lab I don’t need a lot of CPU performance. There are no “Production” VMs running, everything is there to play around, so downtime is not a problem if necessary.
Other requirements:

  • Average CPU performance
  • Nested virtualization support
  • At least 32GB of Continue reading

Passed CCIE Data Center!

After a number of months studying and final 2 weeks full 100% dedicated preparation I passed the CCIE Data Center Lab exam last week on April 25th in Brussels at first attempt!!!

This is my fourth CCIE title and I can honestly say that this is the title means a lot to me! Currently there are so few individuals who passed the CCIE Data Center lab and many have failed it already.

Verification

Preparation

What did I use for preparation?

IPexpert CCIE Data Center Workbook

Of course I used the CCIE Data Center Workbook from IPexpert for my preparation, because I wrote the book. After writing the labs for the past couple months I really had to re-do them all to get a feeling about the entire picture again. This has been an invaluable resource with labs that are a lot harder than the actual lab tasks!

Real life experience

In my work for a Cisco Gold Partner (Telindus) I did a lot of projects with Nexus 7000, Nexus 5000, Nexus 2000, MDS switches and a ton of UCS systems. This is where I found that I learned most of the knowledge that was required for the test.

Focus Focus Focus!

Continue reading

What about 2013?

Happy new year to you all! I truly hope that all your dreams for 2013 may come true and maybe even more.

For the first time I didn’t really made a to-do list for 2013, but in my head I’m still working on things I want to have accomplished by the end of the year. I wanted to discuss in short a few of those topics.

House

Just at the end of December I bought a house in Utrecht, Netherlands. This is going to fill up a lot of time for me in 2013, where I literally need to buy everything and arrange a lot of things.

Of course the fun part of designing my home network, automating my house as much as possible and designing my little office if already in progress :)

CCIE Data Center

The CCIE Data Center is also taking up a lot of time in 2013. Besides that I’m studying to pursue the title myself. I’m also writing the CCIE Data Center Lab Workbook for IPexpert. This is an amazing opportunity and I really love to work on it. I really hope you like using it when you purchase. Otherwise I’m more than happy to Continue reading

Cisco Live 2012 San Diego

That was it! My work life has an absolute peak every year and that’s when I’m again fortunate enough to visit Cisco Live in the US. This year it was held in San Diego, California.
I flew in on Saturday with 2 colleagues on LA and drove to San Diego after a quick tour around Sunset Boulevard ;)

We stayed at the Manchester Grand Hyatt, which is a hotel I can truly recommend when visiting San Diego. Services were good and staff was helpful!

My focus this year was to combine both Datacenter and Service Provider sessions as those are the fields I’m active in. I found that the SP related sessions had a quite smaller crowd attending them. I guess this is related as the SP customers are considered important customers and get a lot more attention from Cisco people, so they already know what to expect in terms of roadmap and technologies. Still I had quite some very good sessions where I learnt about the features (and limitations) about some cool new things :-)

Sunday
On Sunday it’s a special day as you need to purchase additional sessions called Techtorials. This was the first year I took a Continue reading

CCIE Datacenter techtorial notes

The CCIE Datacenter techtorial was a very good session giving a good overview about the contents of the exam. I will not focus on the technologies in this article, but only on the specifics that I wrote down during the session. This means you will only find details about the exam and not about the technologies.
There are enough resources to find details about the technologies, but you are reading this article if you want to know what to find when you step into the testing center or the lab.

The session was presented by 3 guys, I would specifically mention Walid Issa who is the product manager for this particular CCIE track. Walid is a very nice guy and if you want to know something about the lab, ask him!

Written
Over 200 took the written beta already. it’s expected that a lot more people will take the DC written beta during Cisco live San Diego.

The Written is an overview of technologies with a medium to hard level. As all other written exams for CCIE the focus is on theory and not on configuration. When you know the technologies you should be able to pass.

Lab

Sample topology Continue reading

BRAS on Juniper MX

One of the latest features on the Juniper MX-series devices is the BRAS functionality. The first functionality (automatically configuring interfaces) has been available since a long time, but most BRAS features have been introduced last year in JUNOS 11.x releases. With JUNOS 11.4 (also a Long-Term-Support release) the features matured as all major components are now available and (fingers crossed) stable.

This functionality can be named in different ways. BRAS or Broadband Remote Access Server is the most common name. Other names are Broadband Network Gateway (BNG) or Broadband Service Router (BSR).

This functionality is used in Internet Service Provider environments usually where DSL or Cable is used as the last mile access.

The following drawing demonstrates how the end-to-end path looks and where a BRAS/BSR is placed.

The CPE (DSL/Cable modem) is connected to the Multi-Service Access Node (MSAN), this MSAN is either a DSLAM in case of DSL networks or a CMTS in case of Cable networks. The DSLAM and CMTS devices convert the signal to Ethernet (or any other transport) and forward it to the rest of the network. This connection is then terminated on a BRAS device before it enters the rest of the Continue reading

CCIE Data Center

The long rumored, highly expected and very desired has finally been released and it’s a beast!

Since the release of the Nexus platform there has been talk about when these platforms were to be introduced in a CCIE track. With the introduction of UCS in 2009 this became an even higher request especially since UCS really took off in sales. When I started my CCIE Storage studies in 2010 I initially wrote an article for IPexpert about my predictions for the CCIE DC (http://blog.ipexpert.com/2010/01/13/storage-and-datacenter-ccie/). Most of them where very easy guesses, but those also became reality in the track, though with new hardware that is now available (2 years later).

You might have already read most information on other blogs, but I’m trying to consolidate that information. During the coming weeks/months more and more information will become available and during Cisco Live in June there will be a huge amount of information and questions during the 4-hour Techtorial (TECCCIE-9544).

The scope of the exam is pretty much based on the usual suspects, so in summary you should know the:

  • UCS B-series blade systems
  • UCS C-series rackmount systems connected to UCS Manager via FEX
  • Virtual Interface Cards Continue reading

Fast Restoration on IP – MPLS Fast ReRoute

Service providers that have a lot of real-time traffic through their network, like mobile network operators (MNOs), are very keen on a fast restoration of service once a failure occurs in the network. In the past a lot of networks were based on SDH/SONET transport networks, which took care of sub-second (50ms) failovers. Nowadays Ethernet is THE standard for any transport within a service provider network. This introduces an issue, as Ethernet is not built for automatic failover when certain things fail.

Now there are many ways to solve this and I want to dig deeper in these technologies in several posts.  I will discuss various protocols that can solve the fast restoration requirement in different ways. Some are used in local situations (so failover to local neighbor, like a twin sibling) and others can be used in inter-site locations or can be an end-to-end protection for certain traffic.

The posts are broken down as follows:

  1. MPLS Fast ReRoute (this post)
  2. IP Loop Free Alternate
  3. BGP PIC Core/Edge
  4. Hierarchical Forwarding

Please be aware that these technologies are all related to fast restore the layer 3 forwarding path, therefore restoring the MPLS forwarding path. The MPLS forwarding path may be Continue reading

JNCIE-ENT lab set-up

As I’m preparing for the various exams (up to the Expert lab) of the Enterprise Routing & Switching track of Juniper I needed a lab to support this. In this blogpost I would like to explain my choice of hardware and software and how I’m going to use this set-up to prepare for the written exams and the lab exam.

Hardware and Software

Based on the blueprint, available on the Juniper website (http://www.juniper.net/us/en/training/certification/resources_jncieent.html), I needed to select hardware and software. The current software version used in the lab is JUNOS 10.4. On the various communities I heard that they want to upgrade this to a JUNOS 11.x (probably 11.4, which is a long-term-support version) software track somewhere this year, but until that time I chose the latest version of 10.4. At time of this writing this is JUNOS 10.4R9.

On the official blueprint there is no real indication of which hardware is used on the lab exam, but when you find your ways through the community sites and with the help from some community friends (special thanks to Chris ;-) I decided to use the SRX100H as router and EX4200 Continue reading

My certification journey (J-Net)

This blog has also been published to the Juniper J-Net community portal

In 2005, when I was 18 years old, I finished high school I already knew what I wanted to do. I wanted to start a career in IT! The only thing I didn’t know was in what direction I wanted to go. So, I did a little bit of everything. The first important decision I took was to only finish high school and start working without going to university. I figured that, with enough dedication and focus, 4-5 years of work experience added with the right technical certifications would get me further in the IT world than a degree would get me. After 6 years I think I can say that it definitely worked for me!

 

Servers and Programming

I started with passing exams and getting my MCSE on Windows 2003. I had a few small companies where I was managing all IT systems. The largest one was my dad’s company where I was managing 4 servers, 10 workstation and 20 mobile devices (yes even in 2006 we had a custom developed Windows Mobile 5 application and all engineers were carrying smartphones). I was co-developing the custom Continue reading