Lessons Learned in Cloud Networking – AWS vs Azure
I’ve been working a lot with cloud networking lately. I will share some of my findings as this is still quite new and documentation around some topics is poor. Especially on the Azure side. Let me just first start with two statements that I have seen made around cloud networking:
Cloud networking is easy! – Not necessarily so. I’ll explain more.
We don’t need networking in cloud! – Wrong. You do but in basic implementations it’s not visible to you.
This post will be divided into different areas describing the different components in cloud networking. You will see that there are many things in common between AWS and Azure.
System Routes
Within a VPC/VNET, there are system routes. If 10.0.0.0/22 was assigned to the VPC/VNET, there will be a system route saying along the lines of “10.0.0.0/22 local”. Subnets are then deployed in the VPC/VNET and there is full connectivity due to the system route. This route will point to a virtual router which is the responsibility of AWS/Azure. Normally this router will have a “leg” in each subnet, at the first IP address of the subnet, for example 10.0.0.1 for Continue reading
Interview with Joe Onisick
With this blog, I try to inspire and mentor. One person I have a lot of respect for is Joe Onisick. I had the pleasure of interviewing Joe. Joe has really transformed himself and everything about him lately and I thought it would be nice to give you readers some more insight to his journey. Here is Joe’s story:
Q: Hi Joe, welcome to the blog! Please give the readers a short introduction of yourself.
A: I’m a technology executive who’s been in the field for 23 years, with the exception of a five-year break to serve as a US Marine. I started in network/email administration and have spent most of my career in the data center space on all aspects of delivering data center resources, up to IaaS and private-cloud.
Q: Many people probably know you best from your time at Cisco, working for the Insieme BU, responsible for coming up with ACI. What was your time at Cisco like? How were you as a person at that time?
A: I joined a startup called Insieme Networks that was in the early stages of developing what became Cisco ACI and Nexus 9000. When the product was ready to launch, Continue reading
SDN Ate My Hamster
I posted a Tweet the other day which gained a lot of attention in the networking community:
As SDN gains more traction, people start fearing for their jobs. Some jobs will decrease in demand and some will disappear entirely. However, we can’t stop progress just to keep those jobs hanging around. In the Twitter thread I made what could be seen as an elitist comment:
If you are replaceable by a script or controller, you were never a Network Engineer to begin with.
This was not meant to insult anyone, but rather be a wake-up call. If the only value you provide to the business is that you deploy templates someone else created, configure VLANs on a trunk, or can trace a flapping MAC in the network, you need to reskill and find ways of providing more value. This is not about Junior vs Senior. It’s Continue reading
Vendor Lock-in – Is It Really That Bad?!
In today’s IT infrastructure, open source software is a common component. Many organizations and network engineers stay away from certain architectures and products citing vendor lock-in as their only argument but often lack the understanding to why they think vendor lock-in is a problem. Let me explain.
There are lock-ins of different forms. For example if you are buying MPLS VPN service from a SP, you are somewhat locked in to their offering and pricing. I see at least three types of different lock-in:
Vendor lock-in – This is the one that everyone is familiar in. It means that the vendor has a solution that is proprietary, perhaps using proprietary management or routing protocols so that it can’t interact with solutions from other vendors.
Tools lock-in – This may or may not be as much of a lock-in as vendor lock-in, but when an organization has invested enough time, money and manpower into a specific toolset, it’s difficult to move to other tooling.
People lock-in – An often oversighted form of lock-in. Depending on architecture, toolset and so on, your organization may need a certain type of engineers to work on the network. These may be difficult to find which Continue reading
SD-WAN – Glorified DMVPN?
I had an interesting discussion with Jon Cooper in the Network Collective Slack. The discussion was around SD-WAN. We were discussing if SD-WAN is just a “glorified DMVPN” or if it’s something more than that. Note that this was a bit tongue in cheek comment from Jon but it’s interesting for the sake of discussion.
To compare the two, let’s look at some of the design and operational challenges of running a DMVPN.
Physical design – How many Hub routers do you need? In a DMVPN, the Hub router is a special type of device that is responsible for mapping the underlay IP address to the overlay IP address. If a Hub needs to be added, this Next Hop Server (NHS) needs to be added to the spokes. With Cisco SD-WAN, this is handled by the vBond which is a virtual machine running in a public cloud. Adding a device is simple as the WAN edge routers use a hostname (DNS) to ask for the IP of the vBond. This means that the physical design is less rigid.
Logical design – In a DMVPN, you need to decide on the number of DMVPN clouds. Do you do a single cloud Continue reading
Cisco IT Blog Awards Finalist
I’m proud to announce that I’ve been selected as a finalist in the Cisco IT Blog Awards in the “most inspirational” category.
I’m happy to be in this category as I hope that my posts here have inspired others to learn about design, architecture and to have an open mindset towards technology.
If you want to vote for me, you can do that here. Thanks for your support!
The post Cisco IT Blog Awards Finalist appeared first on Daniels Networking Blog.
Do I Need a WAN?
In the latest Network Break, Network Break 213 from Packet Pushers, they discussed some of the latest news in networking, such as Amazon Outpost. With the rise of SaaS applications, the questions was also raised, do I even need a WAN?
Let’s assume you are running Office365. Your e-mail and office application is in the cloud. You are using Salesforce for your CRM. You ERP is also cloud-hosted. You’ve moved pretty much all of your previously internal apps to the cloud. Do you still need a WAN? I would argue yes. Considering all the applications mentioned previously have been moved, what do we still have left?
All though we’ve been talking about paperless societies for ages, have you ever seen an office environment without a printer? Neither have I. Your printers likely need to reach a print server. Do you have Active Directory? Would you be comfortable putting it entirely in the cloud? How do you provision PC images? Do you use something like SCCM? Do you have lighting, doors, larms etc that are connected to the network? Are all of your stored files in the cloud? Probably not depending on how sensitive they are. Do your offices Continue reading
Passed AWS Solutions Architect Associate
Hi,
Yesterday I took the AWS Solutions Architect Associate and passed it which means I’m now certified. I started studying for this exam around the August time frame. I had wanted to get some exposure to public cloud to broaden my skill set and AWS was the natural one to go after first considering their dominant position on the market. My goal is to do the networking specialty in order to know all of the networking products inside of AWS. I also have a project I’m working on now in AWS which helps with both motivation, knowledge and hands-on experience.
So, what was the exam like?
I don’t know if it was pure shock at first but I felt very uneasy in the beginning of the exam. The questions I got felt very different to the material and questions I had based my studies on. After a while I felt a bit better but it was still a tough exam for me. I had to really think through all of my answers and only a couple of questions, mostly the ones on networking, I felt confident answering immediately. The exam did feel balanced though covering a broad range of topics Continue reading
The Road to Success – Not Always Straight
A lot of people look to me for mentoring and advice. When you see someone in the industry having success, it’s easy to think that they know it all and never have any setbacks, that their career was a straight path to success from day one. When I look at someone like Ivan Pepelnjak, a person I have a tremendous respect for, I imagine him knowing it all from day one. Of course, in reality, he had to learn it the hard way like the rest of us.
A couple of days ago I thought about writing a little about my background. To show people that it’s normal to have some bumps in your career and that success is not achieved overnight.
When I think back of my career so far, there’s two or three things that really bother me and where I had to learn some hard lessons.
When I was done with upper secondary school, I was SO tired of school. I had no motivation. My grades were mediocre. I didn’t know what I wanted to do with my life. All I knew was that I had an interest in IT and that I was going to go Continue reading
Introducing Network4dev
Intro
Some of you may have heard it through the grapevine but it’s time to make my plans known. I have founded a new website called Network4dev which has been setup by my friend Cristian Sirbu.
What is it?
Network4dev is a web site about networking mainly for people that are developers, systems administrators or that spend most of their time working on applications. The goal is to provide short, concise and to the point articles on different networking topics. The articles will stay at a technical level suitable for someone that is not mainly into networking.
Why?
In todays IT infrastructures it’s important to break down silos. We in networking must understand a bit about compute, storage, virtualization, applications and automation. It is equally important for someone working with applications to understand a bit about networking.
For people in networking learning about apps and automation, there are many initiatives such as Devnet, but there isn’t much available for a people working with apps to learn about networking. Most of the networking content out there is aimed for people in networking (naturally). I don’t expect a person not in networking to go after for example the CCNA or to read Continue reading
Networking in the Cloud – Different but the Same
Networking in the cloud is impressive. Building redundant internet access is as easy as attaching an internet gateway (IGW) to your VPC. In an on-premises network we would have to build VLANs, subnets, IGPs, possibly HSRP and BGP etc. This holds true for many of the services in the cloud.
I’ve seen statements as “The networking team is going away because everyone is moving to the cloud”. “The networking team is going away because webscaler/startup company X networking team is only Y number of people”. This is like comparing apples to ostridges. I call BS. Why?
Networking in the cloud is relatively easy when you can leverage the standard services available, which is not always the case. It’s relatively easy because people are in the beginning of their cloud journey. They have one or a couple of VPCs. If they really move a major part of their app stack to the cloud, networking won’t be so easy. Let’s think about some examples.
In the cloud you can provision resources into different subnets, meaning different availability zones. This leads to a very high availability but it’s not enough. To build a really resilient service you need to be in different regions. Continue reading
Snowflake Networks
Snowflake networks, sounds like a good name for a network design company, but this is not what this post is about. Are you familiar with the concept of a snowflake network? This terminology comes from the notion that each snowflake is unique at a molecular level. In networking, many networks don’t look the same, so the term snowflake networks was coined.
Lately there’s been a lot of discussions on networks being snowflakes. Especially on some of the podcasts (you know which ones). What is being discussed is that we need to move away from designing networks that are complex, networks that are snowflakes. Every network is 95% the same and only the last 5% is unique. First, let me agree that snowflakes are bad. Personally I believe we should adhere to the following design tenets if possible:
Don’t use more complexity than needed
Use as much L3 as possible
No stretching of L2
Don’t use more protocols than needed
Don’t change default setting unless needed
Don’t “gold plate” the design
Don’t use “nerd knobs”
I think most of us, if not all, can agree that these tenets make sense when designing a network. So why do networks end up being Continue reading
CCIE Datacenter Updated to Version 2.1
Last year Cisco announced that they would revise their certifications more often and in smaller increments instead of doing only major revisions which had problems keeping up with the pace of the industry.
This is exactly what they are now doing to the CCIE Datacenter certification which is being updated from version 2.0 to 2.1.
The full list of changes can be seen in this link.
Some highlights of the change below:
- FabricPath is being removed
- ACI multipod and multi-site added
- Intersight is being added
- CloudCenter is being added
- vPath is being removed
- RISE is being removed
- UCS Central is being removed
It is clear that ACI and cloud are important going forward and some older technologies had to be removed to make room for the new additions. Seems like a good updated to me. I’m happy to see these minor revisions coming in instead of the major ones which usually only took place every four years or so.
The post CCIE Datacenter Updated to Version 2.1 appeared first on Daniels Networking Blog.
Most Important Skills in Networking
It’s easy to get blinded these days by all the talk about cloud, SDN and automation leading both new and existing people in networking to make decisions in their career which may not be the best ones long term. I’ve had the pleasure of interacting and working together with a lot of prominent people in the industry. Based on this I have identified some skills that all of these people have to some degree and that I believe to be crucial to succeeding in the IT industry.
Ability to write – Many of the successful people in the industry like Ivan Pepelnjak, Russ White, Nick Russo and so on have either authored books, write blogs or both. The ability to put your thoughts down into writing is critical. For someone like me that is working in network design, it is probably the most important skill, not only to write technical documents but to interact with customers, colleagues, managers and so on. It doesn’t matter if you are a technical savant if you can’t put a brief document together describing why and how a certain technology should be implemented.
Ability to speak – A lot of people in IT are a Continue reading
The Network Architect Part 2
I got some great comments from my readers on the first part of this post. I love engaging with readers! So I thought I would write a part two to explain some of my thinking which I described in some of the comments.
Does a network architect need to be technical?
Yes, he/she needs to be technical but what does that mean? Let’s say that two datacenters need to be connected. Layer two needs to be stretched between the two DCs. The architect should be able to know different solutions to the problem such as using fibres between the two DCs, clustering technologies, TRILL, OTV and so on. Does the architect need to be able to configure OTV off the bat? Nope. Does the architect need to know what different timers OTV uses? Nope. Those are not things that need to be considered at that point in time. Now, often the architect is involved in the actual design as well and in that case the architect is involved in creating the design and documenting what commands are needed and so on. So the architect needs to be technical but not super technical.
Does the network architect need operational experience?
Preferably Continue reading
The Network Architect
What’s the difference between a network architect and a network designer? What is network architecture and what is network design? These are questions I asked myself a couple of years ago and that I get asked frequently from others. The reason I wanted to write this post is to help people that want to be network architects understand what it is about. I also wanted to help people that are studying for the CCDE to get into the right mindset. If you go in to the practical with the mindset of a designer, you will fail. You need to think like an architect.
This post is not about if an architect is more advanced than a designer. They are both needed and often they are the same person. I work as both but my title is network architect. Some people use the title to indicate it’s a senior role although the role might not be heavily geared towards design.
So what does a network architect do? And how is that different from the network designer?
The network architect is the one that is fronting the business. What does this mean? The network architect is the one that is meeting stakeholders Continue reading
General – Taking the Long Road
As we start the new year, I started thinking about something. Why do people think it’s acceptable to take shortcuts in their IT career? Is it because people don’t see the true effect of their work? Or is the cheating as prevalent in law and medicine but we working in IT aren’t aware of it?
Trust me, I understand that some people live really tough lives, they want to put food on the table for their family, find a better living, perhaps start a new life in a new country. The competition is fierce. Some countries have more engineers coming out of universities every year than we have people living in Sweden.
The thing is though, if you cheat your way to a CCIE, sooner or later you will be caught. But regardless of that. How would you feel if a power plant goes down due to your mistake? Having a heart monitoring unit fail because of your mistake? Having people’s private information leaked due to your mistake? We all make mistakes but we shouldn’t be making them because we pretend that we are something that we aren’t, experts. Networking is a critical part of everyones life now. Most of Continue reading
General – Merry Christmas And A Little Gift
Hi all,
I had some issues with the site and I haven’t blogged as much lately as I would have hoped but I wanted to wish you a Merry Christmas and send you a little gift from Martin Duggan.
Martin recently released part two of his CCDE Practical Scenarios. Like the last time he is giving you, my readers a discount when you buy it from Leanpub. It’s a really good scenario and you have to stay focused and do your best even if you are not comfortable with the scenario. This is very much how the real scenarios are. You may not be comfortable working with say a cable provider but that might be the scenario you are given. Focus on what is important and find the requirements and constraints and answer as best you can.
Follow this link to receive a discount on the scenario.
Merry Christmas!
The post General – Merry Christmas And A Little Gift appeared first on Daniels Networking Blog.
General – Advice on Numbering Policies in Networking
There are several situations where we need to write some form of policy such as QoS, routing policies used in for example redistribution, filtering and policy-based routing, dot1x and so on. Lately I had to update a policy used by the master controller (MC) in an IWAN design. What are some important things to consider when writing the policy?
The number to start with – If you start with the number one then it won’t be possible to insert anything above this line at a later time. How certain are you that you will never have to put anything before the starting line? My recommendation is to start with a higher number such as 100.
Space between each line – Don’t number your lines 100, 101, 102, 103 and so on. Leave some more space between each line in case you have to insert something later between two lines. A spacing of 10 should be fine for most situations.
Go from most granular to least granular – The policy should go from as granular as possible to the least granular at the end. If you have a statement that is too broad you may catch more than you expected even Continue reading
General – Challenges in Load Balancing Traffic
For the last year I have been working a lot with IWAN which is Cisco’s SD-WAN implementation (before Viptela acquisition).
One of the important aspects of SD-WAN is to be able to load balance the traffic. Load balancing traffic is not trivial in all situations though. Why not?
If you have a site where you have two MPLS circuits or two internet circuits and they both have the same amount of bandwidth, then things are simple. Or at least, relatively simple. Let’s say that you have a site with two 100 Mbit/s internet circuits. This means that we can do equal cost multi pathing (ECMP). If a flow ends up on link A or link B doesn’t matter. The flow will have an equal chance of utilizing as much bandwidth as it needs on either link. Now, there are still some things we need to consider even in the case of ECMP.
The size of flows – Some flows are going to be much larger than others, such as transfering files through CIFS or other protocols, downloading something from the internet versus something like Citrix traffic which is generally smaller packets and don’t consume a lot of bandwidth.
The number Continue reading