In the market overview section of the introductory part of data center fabric architectures webinar I made a recommendation to use larger number of fixed-configuration spine switches instead of two chassis-based spines when building a medium-sized leaf-and-spine fabric, and explained the reasoning behind it (increased availability, reduced impact of spine failure).
One of the attendees wondered about the “right” number of spine switches – does it has to be four, or could you have three or five spines. In his words:
Read more ...My friend Andrea Dainese (of the Route Reflector Labs fame) sent me this observation:
Because of lack of fundamental skills, I see two groups forming: junior guys with low salary (the bigger group), and a few experts (hopefully with higher salary). The middle group is disappearing. Intermediate-level engineers are either moving to the entry level (because the complexity is increasing and they are not keeping up with it) or to the upper level.
I call this phenomenon bifurcation of knowledge (I’m positive it has a formal name – would appreciate a comment with a set of pointers), and it’s a direct result of commoditization and the changing shape of the learning curve.
Read more ...One of the points David Gee, a guest speaker in Spring 2019 Building Networking Automation Solutions online course, and Christoph Jaggi touched on in their interview was the security of network automation solutions (see also: automated workflows and hygiene of network automation).
What are the security risks for automation?
Security is an approach, not an afterthought.
Read more ...I’m not the only one ranting about the need to get a firm grasp on fundamentals before doing the sexy stuff. Found an old blog post by Joel Spolsky (of the Law of Leaky Abstractions fame) on the exact same topic from programming perspective.
If you ever had to deal with a programming language, it’s definitely worth reading… but some of the details might make your head explode. You’ve been warned ;)
Christoph Jaggi asked me a few questions about using VXLAN with EVPN to build data center fabrics and data center interconnects (including active/active data centers). The German version was published on Inside-IT, here’s the English version.
He started with an obvious one:
What is an active-active data center and why would I want to use an active-active data center?
Numerous organizations have multiple data centers for load sharing or disaster recovery purposes. They could use one of their data centers and have the other(s) as warm or cold standby (active/backup setup) or use all data centers at the same time (active/active).
Read more ...December will start with three on-site events:
On the webinar front, December will be a storage month:
Read more ...A friend of mine told me about a “VXLAN is insecure, the sky is falling” presentation from RIPE-77 which claims that you can (under certain circumstances) inject packets into VXLAN virtual networks from the Internet.
Welcome back, Captain Obvious. Anyone looking at the VXLAN packet could immediately figure out that there’s no security in VXLAN. I pointed that out several times in my blog posts and presentations, including Cloud Computing Networking (EuroNOG, September 2011) and NSX Architecture webinar (August 2013).
Read more ...David Gee decided to talk about hygiene of network automation in the Spring 2019 Building Network Automation Solutions online course, and (not surprisingly) Christoph Jaggi wanted to know more:
You highlight the hygiene of automation. What is it and why does it matter?
Hygiene is the important but boring bit of automation most beginners and amateurs pass by.
Read more ...After a series of forward-looking podcast episodes we returned to real life and talked with Carl Buchmann about his network automation journey, from managing upgrades with Excel and using Excel as the configuration consistency tool to network-infrastructure-as-code concepts he described in a guest blog post in February 2018
Read more ...Some (anti)patterns of network industry are way too predictable: every time there’s a new technology marketers start promoting it as the solution for every problem ever imagined. VXLAN was quickly touted as the solution for long-distance vMotion, and now everyone is telling you how to use VXLAN with EVPN to stretch VLANs across multiple data centers.
Does that make sense? It might… based on your requirements and features available on the devices you use to implement the VXLAN/EVPN fabric. We’ll cover the details in a day-long workshop in Zurich (Switzerland) on December 5th. There are still a few places left, register here.
David Gee is coming back to Building Network Automation Solutions online course – in early March 2019 he’ll talk about hygiene of network automation. Christoph Jaggi did an interview with him to learn more about the details of his talk, and they quickly diverted into an interesting area: automated workflows.
Automation is about automated workflows. What kind of workflows can be automated in IT and networking?
Workflows most often fall into categorizations of build, operations and remediation.
Read more ...Here’s another interesting talk from RIPE77: Routing Attacks in Cryptocurrencies explaining how BGP hijacks can impact cryptocurrencies.
TL&DR: Bitcoin is not nearly decentralized enough to be resistant to simple and relatively easy BGP manipulations.
Read more ...You know that time of year when snowflakes mean more than description of uniqueness of your networking infrastructure? Some people love to complain about that season and how the weather hinders them, others put on sturdy winter boots and down jackets, change tires on their car, and have tons of fun.
Network automation is no different. Sometimes you can persuade your peers that it makes sense to simplify and standardize the infrastructure to make it easier to abstract and automate (consider that an equivalent of going to a tropic island with shiny beaches and everlasting summer), other times you have to take out your winter boots and make the best out of what you got.
Read more ...In spring 2018 I started collecting real-life automation wins reported by the attendees of my Building Network Automation Solutions online course. I presented them at Troopers, and as a set of network automation use cases that are available to all ipSpace.net subscribers, some of them even with free subscription.
Today let’s start with how did it start story.
One of my readers sent me this question:
It would be nice to have a blog post or a webinar describing how to implement container networking in case when: (A) application does not tolerate NAT (telco, e.g. due to SCTP), (B) no DNS / FQDN, is used to find the peer element and (C) bandwidth requirements may be tough.
The only thing I could point him to is the Advanced Docker Networking part of Docker Networking Fundamentals webinar (available with free subscription) where macvlan and ipvlan are described.
Read more ...A lightning talk at the recent RIPE77 conference focused on shortcomings of VXLAN and rise of Geneve.
So what are those perceived shortcomings?
No protocol identifier – a single VXLAN VNI cannot carry more than one payload type. Let me point out that MPLS has the same shortcoming, as does IPsec.
Read more ...This blog post was initially sent to subscribers of my SDN and Network Automation mailing list. Subscribe here.
After publishing the Manual Work Is a Bug blog post, I got this feedback from Michele Chubirka explaining why automating changes in your network also increases network security:
Read more ...After explaining the basics of SD-WAN, Pradosh Mohapatra, the author of SD-WAN Overview webinar focused on SDWAN reference network design.
You need at least free ipSpace.net subscription to watch the video.
The “everyone should be a programmer” crowd did a really good job of scaring network engineers (congratulations, just what we need!). Here’s a typical question I’m getting:
Do I need to be good in scripting to attend your automation course.
TL&DR: Absolutely not.
Read more ...Here’s a question I got from someone attending the Building Next-Generation Data Center online course:
Cisco NCS5000 is positioned as a building block for a data center MPLS fabric – a leaf-and-spine fabric with MPLS and EVPN control plane. This raised a question regarding MPLS vs VXLAN: why would one choose to build an MPLS-based fabric instead of a VXLAN-based one assuming hardware costs are similar?
There’s a fundamental difference between MPLS- and VXLAN-based transport: the amount of coupling between edge and core devices.
Read more ...