Archive

Category Archives for "ipSpace.net"

Networking Is Infrastructure – Get Used to It

Jeff Sicuranza left a great comment to one of my blog posts:

Still basically the same old debate from 25 years ago that experienced Network Architects and Engineers understood during technology changes; "Do you architect your network around an application(s) or do you architect your application(s) around your network"

I would change that to “the same meaningless debate”. Networking is infrastructure; it’s time we grow up and get used to it.

Read more ...

Sample Ansible Networking Playbooks on Github

I spent the last week creating numerous scenarios using Ansible networking modules for my upcoming Network Automation workshop. The scenarios use Cisco IOS and Nexus OS modules as I used VIRL for network simulation, but you could easily adapt them to other networking devices.

All the scenarios I’m covering in the workshop are available in my Github repository; to get the them explained you’ll have to attend the workshop. Enjoy!

New Webinar: Docker Networking Fundamentals

After the fantastic Docker 101 webinar by Matt Oswalt a few people approached me saying “that was great, but we’d need something more on Docker networking”, and during one of my frequent chats with Dinesh Dutt he mentioned that he already had the slides covering that topic.

Problem solved… and Dinesh decided to do it as a free webinar (thank you!), so all you have to do is register. Hurry up, there are only 1000 places left ;)

We Need to Educate Our Peers

Failure to use DNS, IP addresses embedded in the code, ignoring the physical realities (like bandwidth and latency)… the list of mistakes that eventually get dumped into networking engineer’s lap is depressing.

It’s easy to reach the conclusion that the people making those mistakes must be stupid or lazy… but in reality most of them never realized they were causing someone else problems because nobody told them so.

Read more ...

And this is why you need automation

I stumbled upon a great description of how you can go bankrupt in 45 minutes due to a manual deployment process. The most relevant part of it:

Any time your deployment process relies on humans reading and following instructions you are exposing yourself to risk. Humans make mistakes. The mistakes could be in the instructions, in the interpretation of the instructions, or in the execution of the instructions.

And no, it's not just application deployment. A similar disaster could happen in your network.

And this is how you build an IPv6-only data center

Tore Anderson has been talking about IPv6-only data centers (and running a production one) for years. We know Facebook decided to go down that same path… but how hard would it be to start from scratch?

Not too hard if you want to do it, know what you're doing, and are willing to do more than buy boxes from established vendors. Donatas Abraitis documented one such approach, and he's not working for a startup but a 12-year-old company. So, don't claim it's impossible ;)

Ethernet-over-VPN: What Could Possibly Go Wrong?

One of my readers sent me a link to SoftEther, a VPN solution that

[…] penetrates your network admin's troublesome firewall for overprotection. […] Any deep-packet inspection firewalls cannot detect SoftEther VPN's transport packets as a VPN tunnel, because SoftEther VPN uses Ethernet over HTTPS for camouflage.

What could possibly go wrong with such a great solution?

Read more ...

OpenFlow and Firewalls Don’t Mix Well

In one of my ExpertExpress engagements the customer expressed the desire to manage their firewall with OpenFlow (using OpenDaylight) and I said, “That doesn’t make much sense”. Here’s why:

Obviously if you can't imagine your life without OpenDaylight, or if your yearly objectives include "deploying OpenDaylight-based SDN solution", you can use it as a REST-to-NETCONF translator assuming your firewall supports NETCONF.

Read more ...

Optimize Your Data Center: Use Distributed File System

Let’s continue our journey toward two-switch data center. What can we do after virtualizing the workload, getting rid of legacy technologies, and reducing the number of server uplinks to two?

How about replacing dedicated storage boxes with distributed file system?

In late September, Howard Marks will talk about software-defined storage in my Building Next Generation Data Center course. The course is sold out, but if you register for the spring 2017 session, you’ll get access to recording of Howard’s talk.