Archive

Category Archives for "Networking"

Juniper QFX10k | EVPN-VXLAN | IRB Routing | BGP

IRB Routing over EVPN-VXLAN on Juniper QFX10K is now officially supported by Juniper! EVPN master Tom Dwyer informed me that support had been added. A quick check on the VXLAN Constraints page confirms the same. Although, note that IS-IS is still not yet officially supported.

So, what’s the use case? Let’s say there’s a vSRX, hosted in a blade chassis environment, which requires dynamic route updates from the core network. The blade chassis is connected to an EVPN-VXLAN fabric via multi-homed layer 2 uplinks utilising EVPN ESI. In order to establish a BGP peering with the core network, the vSRX must peer with the SPINE devices via the EVPN-VXLAN fabric. 

Overview

This article explains how to establish an EBGP peering between a QFX10K IRB interface and a vSRX in an EVPN-VXLAN environment. The vSRX is hosted in an ESXi hypervisor, which is connected via LEAF1 and LEAF2. A /29 network is used on VNI300 and an EBGP peering is established between SPINE1 & vSRX1 and between SPINE2 & vSRX1. A default route is advertised by both QFX10K SPINEs towards vSRX1. 

QFX10k-IRB-ROUTING-2

 

Device Details:

SPINE – QFX10K  – 17.3R3
LEAF – QFX5110  – 17.3R3
vSRX – 15. Continue reading

Heavy Networking 447: Building A Networking Career Outside The Big City

Today's Heavy Networking is a roundtable show where we talk with engineers about the challenges of building a networking career when you don't live in a big city. We talk about how to find jobs, get training, advance your skills, and build community. Our guests are Phil Gervasi, Ryan Booth, and Eric Stover.

The post Heavy Networking 447: Building A Networking Career Outside The Big City appeared first on Packet Pushers.

Weekend Reads 050219

To say that Kubernetes provides no security features would be wrong. Kubernetes provides some functionality designed to help secure a containerized application. But it would be equally wrong to call Kubernetes a container security tool. Kubernetes’s ability to secure containers is strictly limited. —Sonya Koptyev

There is no denying the impact of the European Union General Data Protection Regulation (GDPR), which went into effect on May 25, 2018. We were all witness — or victim — to the flurry of updated privacy policy emails and cookie consent banners that descended upon us. It was such a zeitgeist moment that “we’ve updated our privacy policy” became a punchline. —Daniel Barber

One of the fascinating parts of my job is seeing how different groups in email have radically disparate points of view. A current example is how much value senders put on spamtraps compared to ISPs and filtering companies —Laura Atkins

I loosely define capability decay as things that happen when security teams go backwards, and the specific ways — the decay modes — in which this may happen (this is my inner physicist speaking). —Hinne Hettema

On April 12 the FCC issued a new Notice for Proposed Rulemaking in Docket 19-71 Continue reading

Cisco’s Catalyst for Change

You’ve probably heard by now of the big launch of Cisco’s new 802.11ax (neé Wi-Fi 6) portfolio of devices. Cisco did a special roundtable with a group of influencers from the community called Just The Tech. Here’s a video from that event covering the APs that were released, the 9120:

Fred always does a great job of explaining the technical bits behind the APs. But one thing that caught my eye here is the name of the AP – Catalyst. Cisco has been using Aironet for their AP line since they purchased Aironet Wireless Communications back in 1999. The name was practically synonymous with wireless technologies for many people in the industry that worked exclusively with Cisco technologies.

So, is the name change something we should be concerned about?

A Rose Is a Rose Is An AP

Cisco moving toward a unified naming convention for their edge solutions makes a lot of sense. Ten years ago, wireless was still primarily 802.11g-based with 802.11n still a few months away from being proposed and ratified. Connectivity hadn’t quite yet reached the ubiquitous levels of wireless that we see today. The iPhone was only about to be on its third Continue reading

eBPF can’t count?!

eBPF can't count?!
Grant mechanical calculating machine, public domain image
eBPF can't count?!

It is unlikely we can tell you anything new about the extended Berkeley Packet Filter, eBPF for short, if you've read all the great man pages, docs, guides, and some of our blogs out there.

But we can tell you a war story, and who doesn't like those? This one is about how eBPF lost its ability to count for a while1.

They say in our Austin, Texas office that all good stories start with "y'all ain't gonna believe this… tale." This one though, starts with a post to Linux netdev mailing list from Marek Majkowski after what I heard was a long night:

eBPF can't count?!

Marek's findings were quite shocking - if you subtract two 64-bit timestamps in eBPF, the result is garbage. But only when running as an unprivileged user. From root all works fine. Huh.

If you've seen Marek's presentation from the Netdev 0x13 conference, you know that we are using BPF socket filters as one of the defenses against simple, volumetric DoS attacks. So potentially getting your packet count wrong could be a Bad Thing™, and affect legitimate traffic.

Let's try to reproduce this bug with Continue reading

10 Hot IoT security startups to watch

The internet of things is growing at breakneck pace and may end up representing a bigger economic shift in networking than the internet itself did, making security threats associated with the IoT a major concern.To read this article in full, please click here(Insider Story)

10 Hot IoT security startups to watch

The internet of things is growing at breakneck pace and may end up representing a bigger economic shift in networking than the internet itself did, making security threats associated with the IoT a major concern.This worry is reflected by investments being made in startups that focus on stopping threats to the IoT, the industrial IoT (IIoT) and the operational technology (OT) surrounding them.To read this article in full, please click here(Insider Story)

5 top Linux server distros: How to choose the right one

More and more networking pros need to familiarize themselves with Linux because the operating system underpins so many enterprise tools and platforms including software-defined networking and SD-WANs, cloud networking, network automation, and configuration management.And in the decades since it was first introduced, the number of distributions of Linux has blossomed as developers create versions that meet the needs of specific interest groups. While all the versions share a common core, they each have distinguishing characteristic suited to designated purposes.[ Also see Invaluable tips and tricks for troubleshooting Linux. ] This article takes a look at five of them – Debian, Fedora, CentOS, RHEL, and Ubuntu - how to acquire and install them, and an assessment of what they might best be suited for.To read this article in full, please click here

Cumulus content roundup: April

You know we like to stay busy here at Cumulus Networks, and April was no exception! We’ve rounded up some of our favorite podcasts, blog posts, and articles in case you missed them. So settle in and get ready for all things open networking!

From Cumulus Networks:

RIP up your dynamic routing with OSPF: Let’s RIP right into the ins and outs of Routing Information Protocol and Open Shortest Path First in this blog post by Keith Ward. Here we’ll discuss all things IGPs, history of RIPS and what you need to know about OSPFs.

Kernel of Truth season 2 episode 5: The power of community: Grab a pair of headphones and tune into Season 2 Episode 5 of our podcast, Kernel of Truth. In this episode, Brian O’ Sullivan talks with Angelo Luciani from Nutanix and our own Pete Lumbis about the power of community and self-service. Learn about the resources available surrounding building community and the importance of it all.

Cumulus NetQ Reinvented
Did you hear the news? We are pleased to announce the launch of our newest product, Cumulus NetQ! Cumulus NetQ is a highly-scalable, modern network operations toolset that provides visibility into and troubleshooting Continue reading

1 1,081 1,082 1,083 1,084 1,085 3,483