A while ago I wrote:
I haven’t seen any hard data, but intuition suggests that apart from hardware failures a standalone firewall might be more stable than a state-sharing firewall cluster.
Guillaume Sachot (working for a web hosting company) sent me his first-hand experience on this topic:
Read more ...During our summer team-building podcast we agreed it would be fun to record a few episodes along the “how do I become a programmer” theme and figured out that Elisa Jasinska would be a perfect first candidate.
A few weeks ago we finally got together and started our chat with campfire stories remembering how we got started with networking and programming.
Read more ...I got into an interesting discussion with Johannes Luther on the need for VRFs and he wrote:
If VRF = L3 virtualization technologies, then I saw that link. However, VRFs are again just a tiny piece of the whole story.
Of course he’s right, but it turns out that VRFs are the fundamental building block of most L3 virtualization technologies using a shared infrastructure.
Read more ...One of the challenges traditional networking engineers face when starting their network automation journey is the “build or buy” decision: should I use a plethora of small open-source or commercial tools and components and build my own solution, or should I buy a humongous platform from a reassuringly-expensive $vendor.
Most of us were used to buying platforms ranging from CiscoWorks to HP OpenView (oops, Business Technology Optimization Software) or now Cisco’s NSO, so it’s natural that we’re trying to map this confusing new world into old patterns, leading to interesting discussions like the one I had during one of my workshops:
Read more ...In June 2016 I got an interesting idea: let’s create a webinar series with numerous guest speakers that would describe several widely-used network automation use cases.
It took me almost half a year to get there, but finally the first session is scheduled for November 22nd.
Read more ...One of my readers sent me an interesting question a while ago:
Isn’t IS-IS a better fit for building L3-only networks than BGP, particularly considering that IS-IS already has a protocol to communicate with the end systems (ES-IS)?
In theory, he’s correct (see also this blog post).
Read more ...Our Data Center optimization journey has finished. We virtualized the workload, got rid of legacy technologies, reduced the number of server uplinks, replaced storage arrays with distributed file system and replaced physical firewalls and load balancers with virtual appliances.
Let’s see what’s left: it turns out you really don’t need more than two switches in most data centers.
I encountered an ancient problem during one of my ExpertExpress engagements:
Challenge: what’s the simplest possible configuration to get it done?
Read more ...Got this comment on my Network Automation RFP Requirements blog post:
Looks like you are paid shill for Brocade based on the quote earlier in your blog "The Pass/Fail information included below was collected to the best of my knowledge with extensive help from Jason Edelman, Nick Buraglio, David Barroso and several Brocade engineers (THANK YOU!)."
Hooray, one more accolade to add to my list of accomplishments. And now for a few more details:
Read more ...It’s only two weeks since the last live session of the Autumn 2016 Data Center course in which Mitja Robas did a fantastic job describing a production deployment of VMware NSX on top of Cisco Nexus 9000 network, and we already have the first speakers for the Spring 2017 event:
We did a podcast describing NAPALM, an open-source multi-vendor abstraction library, a while ago, and as the project made significant progress in the meantime, it was time for a short update.
NAPALM started as a library that abstracted the intricacies of network device configuration management. Initially it supported configuration replace and merge; in the meantime, they added support for diffs and rollbacks
Read more ...One of my readers left this comment (slightly rephrased) on my Network Automation RFP Requirements blog post:
Given that we look up to our *nix pioneers as standard bearers for system automation, why do we demand an API from network devices? The API requirement would make sense if the vendor OS is a closed system. If an open system vendor creates APIs for applications running on their system (say for BGP configs) - kudos to them, but I no longer think that should be mandated.
He’s right - API is not a mandatory prerequisite for reliable network automation.
Read more ...Continuing the Do Enterprises Need VRFs discussion, let’s see which enterprise networks might need MPLS.
Do you need VRFs?
Read the previous blog post. If the answer is NO, you can stop reading. Otherwise, carry on.
Read more ...Do you need large buffers in data center switches or not? If you’re a vendor your take obviously depends on whether you have them or not, and then there are people saying “it’s bullshit” (mostly agree) and “look, I have a shinier toy” (get lost).
Unfortunately, it’s really hard to get someone who would know what he’s talking about, and be relatively unbiased.
Read more ...I was cleaning my Blog Post Ideas Evernote notebook and found these gems hidden deep inside its bowels:
I still haven’t found the presentation in which someone (from Facebook?) explained how long DNS information with long-expired TTLs persists in the clients. Relevant links would be highly appreciated.
Read more ...Robert Graham wrote a great blog post explaining why so many IT certifications suck.
TL&DR: because they are trivial pursuits instead of knowledge assessment tests… but do read the whole post and compare it to your recent certification experience.
After explaining the basics of Linux containers, Dinesh Dutt moved on to the basics of Docker networking, starting with an in-depth explanation of how a container communicates with other containers on the same host, with containers residing on other hosts, and the outside world.
One of my readers sent me this question:
Using SSL over the Internet is a must when dealing with sensitive data. What about SSL between data center components (frontend load-balancers and backend web servers for example)? Does it make sense to you? Can the question be summarized as "do I trust my Datacenter network team"? Or is there more at stake?
In the ideal world in which you’d have a totally reliable transport infrastructure the answer would be “There’s no need for SSL across that infrastructure”.
Read more ...One of my readers sent me a long of questions titled “Do enterprise customers REALLY need VRFs?”
The only answer I could give is “it depends” (it’s like asking “Do animals need wings?”), and here’s my attempt at building a decision tree:
You can use the decision tree to figure out whether you need VRFs in your data center or in your enterprise WAN.
Read more ...Do you believe in vendor-supplied black box (regardless of whether you call it ACI or SDDC) or in building your own data center fabric using solid design principles?
It should be an easy choice if believe a business should control its own destiny instead of being pulled around by vendor marketing (to paraphrase Russ White)
Read more ...