Want to know some details behind the CloudFlare SD-WAN implementation? You might find them in From IP packets to HTTP: the many faces of our Oxy framework.
I don’t know enough about Linux networking to figure out whether one could use those details to build something similar, but CloudFlare blog posts keep begin much better than Google’s Look How Awesome We Are recruitment drives.
Lukas Krattiger wrapped up his EVPN-versus-MLAG presentation (part of EVPN Deep Dive webinar) with an overview of the advantages and drawbacks of EVPN-based multihoming solutions:
Lukas Krattiger wrapped up his EVPN-versus-MLAG presentation (part of EVPN Deep Dive webinar) with an overview of the advantages and drawbacks of EVPN-based multihoming solutions:
I got this question from one of my readers:
Why are OSPF and BGP are more complex than STP from a designer or administrator point of view? I tried everything to come to a conclusion but I couldn’t find a concluded answer, ChatGPT gave a circular loop answer.
There are numerous reasons why a protocol, a technology or a solution might be more complex than another seemingly similar one (or as Russ White would have said, “if you haven’t found the tradeoffs, you haven’t looked hard enough"):
I got this question from one of my readers:
Why are OSPF and BGP are more complex than STP from a designer or administrator point of view? I tried everything to come to a conclusion but I couldn’t find a concluded answer, ChatGPT gave a circular loop answer.
There are numerous reasons why a protocol, a technology or a solution might be more complex than another seemingly similar one (or as Russ White would have said, “if you haven’t found the tradeoffs, you haven’t looked hard enough”):
One of my readers worried about the control-plane-induced MAC learning lag in EVPN-based networks:
In all discussions about the advantages/disadvantages of VXLAN/EVPN, I can’t find any regarding the lag in learning new macs when you use the control plane for mac learning.
EVPN is definitely slower than data plane-based dynamic MAC learning (regardless of whether it’s done in hardware or software), but so is MLAG.
One of my readers worried about the control-plane-induced MAC learning lag in EVPN-based networks:
In all discussions about the advantages/disadvantages of VXLAN/EVPN, I can’t find any regarding the lag in learning new macs when you use the control plane for mac learning.
EVPN is definitely slower than data plane-based dynamic MAC learning (regardless of whether it’s done in hardware or software), but so is MLAG.
You can configure many firewalls to act as a router (layer-3 firewall) or as a switch bridge (layer-2 firewall). The oft-ignored detail: how does a layer-2 firewall handle ARP (or any layer-2 protocol)?
Unless you want to use static ARP tables it’s pretty obvious that a layer-2 firewall MUST propagate ARP. It would be ideal if the firewall would also enforce layer-2 security (ARP/DHCP inspection and IPv6 RA guard), but it looks like at least PAN-OS version 11.0 disagrees with that sentiment.
Straight from Layer 2 and Layer 3 Packets over a Virtual Wire:
You can configure many firewalls to act as a router (layer-3 firewall) or as a switch bridge (layer-2 firewall). The oft-ignored detail: how does a layer-2 firewall handle ARP (or any layer-2 protocol)?
Unless you want to use static ARP tables it’s pretty obvious that a layer-2 firewall MUST propagate ARP. It would be ideal if the firewall would also enforce layer-2 security (ARP/DHCP inspection and IPv6 RA guard), but it looks like at least PAN-OS version 11.0 disagrees with that sentiment.
Straight from Layer 2 and Layer 3 Packets over a Virtual Wire:
Anne Baretta decided to use netlab to test a proposed DMVPN topology. As netlab doesn’t support DMVPN (and probably never will), he decided to use netlab capabilities to start the lab topology and perform initial configuration, adding DMVPN configuration commands as custom configurations. Here’s how he described the process:
In this case I used netlab as a quick way to get a topology up and running, and then add the DMVPN configuration by hand.
Anne Baretta decided to use netlab to test a proposed DMVPN topology. As netlab doesn’t support DMVPN (and probably never will), he decided to use netlab capabilities to start the lab topology and perform initial configuration, adding DMVPN configuration commands as custom configurations. Here’s how he described the process:
In this case I used netlab as a quick way to get a topology up and running, and then add the DMVPN configuration by hand.
Avery Pennarun published a lovely rambling on magic, science, engineering and a pinch of AI. You might enjoy reading it1 with your Sunday morning coffee 😎.
Avery Pennarun published a lovely rambling on magic, science, engineering and a pinch of AI. You might enjoy reading it1 with your Sunday morning coffee 😎.
Pim van Pelt built an x86/Linux-based using Vector Packet Processor that can forwarding IP traffic at 150 Mpps/180 Gbps forwarding rates on a 2-CPU Dell server with E5-2660 (8 core) CPU.
He described the whole thing in a 8-part series of blog posts and a conference talk. Enjoy!
Pim van Pelt built an x86/Linux-based using Vector Packet Processor that can forwarding IP traffic at 150 Mpps/180 Gbps forwarding rates on a 2-CPU Dell server with E5-2660 (8 core) CPU.
He described the whole thing in a 8-part series of blog posts and a conference talk. Enjoy!
Pradosh Mohapatra started the Typical SD-WAN Solution Architecture section of Software-Defined WAN (SD-WAN) Overview webinar with the backend architecture.
Next step: CPE architecture, the topic of today’s video.
Pradosh Mohapatra started the Typical SD-WAN Solution Architecture section of Software-Defined WAN (SD-WAN) Overview webinar with the backend architecture.
Next step: CPE architecture, the topic of today’s video.
Daniel left an interesting comment on my Studying EVPN to Prepare for a Job Interview blog post:
I also never build a VXLAN fabric with two vendors. So, is it possible now to build one large fabric consisting of multiple vendors?
TL&DR: Yes, but just because you could doesn’t mean that you should.
Daniel left an interesting comment on my Studying EVPN to Prepare for a Job Interview blog post:
I also never build a VXLAN fabric with two vendors. So, is it possible now to build one large fabric consisting of multiple vendors?
TL&DR: Yes, but just because you could doesn’t mean that you should.
While I was developing Network Automation Concepts webinar and the network automation online course, I wrote numerous blog posts on the Network Infrastructure as Code (NIaC) concepts, challenges, implementation details, tools, and sample solutions.
In March 2023 I collected these blog posts into a dedicated NIaC resources page that also includes links to webinars, sample network automation solutions, and relevant GitHub repositories.