Continuing our routing-on-hosts discussions, Enno Rey (of the Troopers and IPv6 security fame) made another interesting remark “years ago we were so happy when we finally got rid of gated on Solaris” and I countered with “there are still people who fondly remember the days of running gated on Solaris” because it’s a nice solution to host-to-network multihoming problem.
Quoting RFC1925, “It’s easier to move a problem around than to solve it” and people have been extremely good at moving this particular problem around for decades.
Read more ...After I told you that I’m not going to Interop, I got numerous emails along the lines of “but I was really looking forward to attending your workshop” so I started looking for a solution that would combine the best of online and classroom worlds.
Here’s my first attempt: an interactive online course combining topics from two of my Interop workshops. I’m still working on the detailed agenda and plan to have it ready around May 1st. In the meantime, I’d really appreciate your feedback – leave a comment or send me an email.
Luka Manojlovič, a networking engineer with strong focus on Windows and IPv6 sent me a short status update on an enterprise IPv6 deployment:
Moved a whole enterprise network (central location + 17 remote locations) to dual-stack today. So far everything works.
While that sounds pretty easy, there was a lot of work going on behind the scenes. Here are some of the highlights:
Read more ...Russ White made an excellent remark while discussing the news that the CloudRouter pushed 650 Gbps through commodity hardware: “If this is software defined networking, then we’ve been doing this since sometime in the 1990’s, perhaps even earlier…”
He’s absolutely right – the first routers (like AGS or IGS from Cisco) did all packet forwarding in software, so as I explained during the Introduction to SDN webinar while reaching dozens of gigabits with software-based packet forwarding is exciting, calling it SDN doesn’t make much sense.
Everyone loves to talk about business critical applications that require extremely high availability, but it’s rare to see someone analyze the whole application stack and identify the weakest link.
For more details, watch my Designing Active/Active and Disaster Recovery Data Centers or attend one of my workshops.
If you start mapping out the major components of an application stack, you’ll probably arrive at this list (bottom-to-top):
Read more ...The organizers of Troopers 16 conference published the video of my Real-Life Software Defined Security talk. The slides are available on my web site.
Hope you’ll enjoy the talk; for more SDN use cases watch the SDN Use Cases webinar.
A while ago Christer Swartz explained how a Palo Alto firewall integrates with VMware NSX. In the meantime, Palo Alto announced integration with Cisco ACI and OpenStack, and it was time for another podcast with Christer deep-diving into the technical details of these integrations.
Spoiler: It’s not OpFlex. For more details, listen to Episode 53 of Software Gone Wild
It’s amazing how interesting questions come in batches: within 24 hours two friends asked me what I think about writing books. Here’s a summary of my replies (as always, full of opinions and heavily biased), and if you’re a fellow book author with strong opinions, please leave them in the comments.
Read more ...I’ve been telling you to build small-to-midsized data center with two switches for years ;) A few weeks ago I’ve turned the presentation I had on that topic into a webinar and the first video from that webinar (now part of Designing Private Cloud Infrastructure) is already public.
Long story short: I burned out last autumn and still haven’t recovered.
I managed to find a replacement instructor for three of my workshops, so I hope they’ll still take place. I’m also working on other ways of delivering them to whoever is interested in an interactive live session.
To all the people who wanted to meet me in Las Vegas: I’m really sorry I’ll miss you. Interop was always a great place for interesting conversations and awesome workshop audiences.
Some people conflate SDN with whitebox switches preferably running Linux. So what exactly is software-hardware disaggregation, and how do whitebox switches and third-party network operating systems fit into the bigger picture?
I tried to answer these questions in the SDN is not whitebox switching part of (free) Introduction to SDN webinar.
One of my readers sent me this question:
Considering I know nothing about anything SDN-related (and considering it seems "SDN" means something different depending to whom you are asking), where should someone with no knowledge of SDN start?
The obvious answer: sdn.ipSpace.net. On a more serious note:
Read more ...I had a great chat with Enno Rey the morning before Troopers 2016 started in which he he made an interesting remark:
I disagree with your idea of running BGP on servers because I think sysadmins shouldn’t be involved with routing.
As (almost) always, it turned out that we were still in violent agreement ;)
Read more ...Mr. A. Anonymous, frequent contributor to my blog posts left this bit of wisdom comment on the VMware NSX Update blog post:
I don't understand the statement that "whole NSX domain remains a single failure domain" because the 3 NSX controllers are deployed in the site with primary NSX manager.
I admit I was a bit imprecise (wasn’t the first time), but is it really that hard to ask oneself “what happens if the DCI link fails?”
Read more ...Imagine you want to have an IPv6-only access network and transport residual IPv4 traffic tunneled across it. Sounds great, but you need to terminate those tunnels and encapsulate/decapsulate IPv4 traffic at multi-gigabit rate.
There are plenty of reassuringly-expensive hardware solutions that can do that, or you could work with really smart people and get software-based solution that can do 20 Gbps per CPU core.
Read more ...I had a sweet problem with ipSpace.net webinars for quite a while: there are way more ideas than available time. However, a few days ago I stumbled upon a great tip on Trello blog and immediately decided to use it.
Result: list of future ipSpace.net webinars as a Trello board.
Read more ...This article was initially sent to my SDN mailing list. To register for SDN tips, updates, and special offers, click here.
Usman asked a few questions in his comment on my blog, including:
At the moment, local RIB gets downloaded to FIB and we get packet forwarding on a router. If we start evaluating too many fields (PBR) and (assume) are able to push these policies to the FIB - what would become of the FIB table size?
Short answer: It would explode ;)
Read more ...Almost a year ago I wrote a blog post explaining why I don’t think our future lies in becoming programmers. In the meantime, I found two interesting articles explaining the same idea from a programmer’s point-of-view:
Read more ...Salman left an interesting comment on my Running BGP on Servers blog post:
My prior counterparts thought running OSPF on Mainframes was a good idea. Then we had a routing blackhole due to misconfiguration on the server. Twice! The main issue was the Mainframe admins lack of networking/OSPF knowledge.
Well, there’s a reason OSPF is called Interior Routing Protocol.
Read more ...When someone starts complaining about networking device CLI, remind him that other parts of IT aren’t doing much better. For example, it’s oh-so-easy to install a package on Linux or OSX.