In his The Case for Hybrids blog post Mat Mathews described the Hotel California effect of public clouds as: “One of the most oft mentioned issues with public cloud is the difficulty in getting out.” Once you start relying on cloud provider APIs to provide DNS, load balancing, CDN, content hosting, security groups, and a plethora of other services, it’s impossible to get out.
Interestingly, the side effects of public cloud deployments extend into the realm of application programming, as I was surprised to find out during one of my Expert Express engagements.
Read more ...In my presentation @ SDN Meetup in Stockholm, I tried to answer a simple question: “Should I really program my network?” and obviously had to start with an even simpler one: “What is SDN?”
The video of the presentation is already available on YouTube, and you can watch the slides on my content web site.
Also, make sure you watch other presentations from that event, particularly David Barroso’s SDN Internet Router.
One of my readers is struggling with the aftermath of marketing gimmicks:
We will be implementing a new network soon, and we're discussing P-routers versus regular routers versus switches. I'm looking for arguments to go one way or the other.
TL&DR: there’s no difference between router and L3 switch.
Read more ...Someone recently sent me this question:
Is it possible to prepend one IP address from a public IPv4 segment?
I don’t want to know what crazy stunt this engineer was forced to pull off, but just in case you land in a similar quandary here’s how you shoelace yourself out of it.
Read more ...A third of my readers are celebrating Thanksgiving today, and I’d like to use the opportunity to say what I always wanted to say but somehow never got to it. Let’s make it short: Thank you! Without you, there would be no ipSpace.net.
Read more ...It was a dark stormy autumn night and three networking engineers had nothing better to do than ponder the heavy topics of transactional consistency in a distributed SDN environment in Episode 16 of Software Gone Wild podcast.
Here are a few of the topics that crossed our minds:
Read more ...After discussing the basics of MPLS and LDP in our Tech Talks chat, Seamus Gilchrist and myself focused on a concept that perplexes many networking engineers entering the MPLS world: the relationship between Forward Equivalence Classes (FEC), LDP and BGP.
While the industry press deliberates the disaggregation of Arista and Cisco, and Juniper’s new CEO, Juniper launched a virtual version of its vMX router, which is supposed to have up to 160 Gbps of throughput (as compared to 10 Gbps offered by Vyatta 5600 and Cisco CSR). Can Juniper really deliver on that promise?
Read more ...David Spark published 16 tips for moving your workloads to the clouds. Contrary to the usual useless nonsense coming down from hybrid cloud evangelists (you know, the people who moved from “VMs following the sun” to “seamless hybrid cloud workload mobility”) some of the tips actually make sense, starting with “Have a real reason for the migration”. Enjoy!
A while ago I wrote about performance bottlenecks of Open vSwitch. In the meantime, the OVS team drastically improved OVS performance resulting in something that Andy Hill called Ludicrous Speed at the latest OpenStack summit (slide deck, video).
Let’s look at how impressive the performance improvements are.
Read more ...After describing the current state of affairs in his Network Programmability 101 webinar, Matt Oswald moved to the low-hanging fruits: automating repetitive tasks in baby steps, from VLAN provisioning to consistent device configurations.
The edited videos of the fantastic PCI DSS webinar Michele Chubirka presented in early July have finally been published (yes, there’s a huge backlog that’s getting cleaned up). Enjoy!
One of my readers sent me an interesting challenge:
We have two MPLS providers sending us default routes and it seems like whenever we have problem with SP1 our failover is not happening properly and actually we have to go in manually and influence our traffic to forward via another path.
Welcome to the wondrous world of byzantine routing failures ;)
Read more ...The last day of Interop New York found me sitting in the Speaker Center with a few friends pondering the hype and reality of SDN and brokenness of traditional network products. One of the remarks during that conversation was very familiar: “we have too many knobs to configure”, and I replied “and how many knobs do you think there are in Windows registry?" (or Linux kernel and configuration files).
Read more ...Overlay virtual networks are one of my favorite topics – it seems I wrote over a hundred blog posts describing various aspects of this emerging (or is it reinvented) technology since Cisco launched VXLAN in 2011.
During the summer of 2014 I organized my blog posts on overlay networks and SDDC into a digital book. I want to make this information as useful and as widely distributed as possible – for a limited time you can download the PDF free of charge.
Simon Wardley is another old-timer with low tolerance for people reinventing the broken wheels. I couldn’t resist sharing part of his blog post because it applies equally well to what we’re seeing in the SDN world:
No, I haven't read Gartner's recent research on this subject (I'm not a subscriber) and it seems weird to be reading "research" about stuff you've done in practice a decade ago (sounds familiar). Maybe they've found some magic juice? Experience however dictates that it'll be snake oil […]. I feel like the old car mechanic listening to the kid saying that his magic pill turns water into gas. I'm sure it doesn't ... maybe this time it will ... duh, suckered again.
Meanwhile the academics already talk about SDN 2.0.
Like many of us Khalid Raza wasted countless hours sitting in meetings discussing hybrid WAN connectivity designs using a random combination of DMVPN, IPsec, PfR, and one or more routing protocols… and decided to try to create a better solution to the problem.
Viptela Secure Extensible Network (SEN) doesn’t try to solve every networking problem ever encountered, which is why it’s simpler to use in the use case it is designed to solve: multi-provider WAN connectivity.
Read more ...Last week I ran the second part of the updated (4-hour) VXLAN webinar. The raw videos are already online and cover these topics:
Most overlay virtual networking and cloud orchestration products support security groups – more-or-less-statefulish ACLs inserted between VM NIC and virtual switch.
The lure of security groups is obvious: if you’re willing to change your network security paradigm, you can stop thinking in subnets and focus on specifying who can exchange what traffic (usually specified as TCP/UDP port#) with whom.
Read more ...My calendar for the following four weeks is jam-packed with SDN events:
All the travel might affect my blogging frequency, but I still have a few podcasts in the editing queue, so you’ll have something to listen to in the meantime ;)