End-to-End Segmentation with NSX SD-WAN and NSX Data Center
As you may have read earlier this month, NSX Data Center and NSX SD-WAN by VeloCloud are part of the expanded VMware NSX portfolio to enable virtual cloud networking. A Virtual Cloud Network provides end-to-end connectivity for applications and data, whether they reside in the data center, cloud or at the edge. I wanted to follow up, and walk through an example using NSX Data Center and NSX SD-WAN of how one could build an end to end segmentation model from the data center to the branch.
NSX SD-WAN Segmentation
NSX SD-WAN SegmentationBeyond lowering cost and increasing agility and simplicity of branch connectivity, one of the key values provided by NSX SD-WAN by VeloCloud is enterprise segmentation, which provides isolated network segments across the entire enterprise, enabling data isolation or separation by user or line of business, support for overlapping IP addresses between VLANs and support for multiple tenants. NSX SD-WAN provides this segmentation using a VRF-like concept with simplified, per-segment topology insertion. This is accomplished by inserting a “Segment ID” into the SD-WAN Overlay header as traffic is carried from one NSX SD-WAN Edge device to another Edge. Networks on the LAN-side of an NSX SD-WAN Edge with different Continue reading
The Week in Internet News: Artificial Intelligence Heads to the Final Frontier
Coming to a space station near you: Artificial intelligence is going to space – maybe not a space station, but a satellite – predicts an aerospace executive, quoted in SpaceNews.com. So-called geospatial intelligence, housed on satellites, will collect massive amounts of data in space and analyze it, she says.
More blockchain believers: Tech giant Oracle plans to release its own blockchain software with a platform-as-a-service product coming this month and decentralized ledger-based applications coming next month, Bloomberg notes. Oracle is working with Banco de Chile to log inter-bank transactions on a hyperledger and with the government of Nigeria to document customs and import duties on blockchain.
Does blockchain even lift? Blockchain can help improve the sports and fitness industry by allowing instructors to securely stream workouts, allowing customers to avoid that annoying trip to the gym, Forbes suggests.
Social media eyes encryption: Facebook and Twitter are both looking at encrypting some user communications, according to news reports. Facebook has voiced support for end-to-end encryption on its blog, apparently in response to concerns it was moving to weaken encryption on its WhatsApp messaging service, BGR.com notes. However, Facebook hasn’t enabled encryption by default on it Messenger service, the story Continue reading
5 Campus Network Upgrade Planning Tips
Campus network design has become complex with cloud adoption and increased telecommuting. Here are some top considerations for ensuring a high-performing network.
What Is EVPN?
EVPN might be the next big thing in networking… or at least all the major networking vendors think so. It’s also a pretty complex technology still facing some interoperability challenges (I love to call it SIP of networking).
To make matters worse, EVPN can easily get even more confusing if you follow some convoluted designs propagated on the ‘net… and the best antidote to that is to invest time into understanding the fundamentals, and to slowly work through more complex scenarios after mastering the basics.
Read more ...Tracing System CPU on Debian Stretch
This is a heavily truncated version of an internal blog post from August 2017. For more recent updates on Kafka, check out another blog post on compression, where we optimized throughput 4.5x for both disks and network.
Photo by Alex Povolyashko / Unsplash
Upgrading our systems to Debian Stretch
For quite some time we've been rolling out Debian Stretch, to the point where we have reached ~10% adoption in our core datacenters. As part of upgarding the underlying OS, we also evaluate the higher level software stack, e.g. taking a look at our ClickHouse and Kafka clusters.
During our upgrade of Kafka, we sucessfully migrated two smaller clusters, logs and dns, but ran into issues when attempting to upgrade one of our larger clusters, http.
Thankfully, we were able to roll back the http cluster upgrade relatively easily, due to heavy versioning of both the OS and the higher level software stack. If there's one takeaway from this blog post, it's to take advantage of consistent versioning.
High level differences
We upgraded one Kafka http node, and it did not go as planned:
Having 5x CPU usage was definitely an unexpected outcome. For control datapoints, we Continue reading
Networking With Fish: YouTube Channel
Blogging, originally, was my go to and preferred method for sharing information to others – teaching, sharing, etc. For a few corner case type things I found video (YouTube) to be a better tool for those specific items. Recently, however, I am finding about half of my ideas of things I want to “pass on” to others… would be best (in my opinion) via video.
I’ve been trying to figure out and think about how best to have the two sharing tools – this blog site and the YouTube channel – best compliment each other. So I have been experimenting with this. What I have come up with that I like and works for me is the following…..
- “Standalone Video” – If the YouTube is really a “standalone” and blogging with additional text around it here doesn’t “help” communicate what I’m trying to get across… then I won’t be blogging about it here.
- “Video Series” – There will be series that will be building on each other – like the videos in the playlist “BGP Show and Tell: Beginners” and the playlist “Label Swapping Fun”. Video series, I believe, would definitely benefit from larger big Continue reading
Worth Reading: Cognitive Dissonance
I always wondered why it’s so hard to accept that someone might not find your preferred solution beautiful but would call it complex or even harmful (or from the other side, why someone could not possibly appreciate the beauty of your design)… and then stumbled upon this blog post by Scott Adams describing cognitive dissonance (the actual topic they’re discussing in the mentioned video doesn’t matter – look for the irrational behavior).
You might say “but we could politely agree to disagree” but unfortunately that implies that at least one of us is not fully rational due to Aumann’s Agreement Theorem.
Link Propagation 118
Welcome to Link Propagation, a Packet Pushers newsletter. Link Propagation is included in your free membership. Each week we scour the InterWebs to find the most relevant practitioner blog posts, tech news, and product announcements. We drink from the fire hose so you can sip from a coffee cup. Blogs Foundations of MPLS: Label Switching […]Time To Get Back To Basics?
I’ve had some fascinating networking discussions over the past couple of weeks at Dell Technologies World, Interop, and the spring ONUG meeting. But two of them have hit on some things that I think need to be addressed in the industry. Both Russ White and Ignas Bagdonas of the IETF have come to me and talked about how they feel networking professionals have lost sight of the basics.
How Stuff Works
If you walk up to any network engineer and ask them to explain how TCP works, you will probably get a variety of answers. Some will try to explain it to you in basic terms to avoid getting too in depth. Others will swamp you with a technical discussion that would make the protocol inventors proud. But still others will just shrug their shoulders and admit they don’t really understand the protocol.
It’s a common problem when a technology gets to the point of being mature and ubiquitous. One of my favorite examples is the fuel system on an internal combustion engine. On older cars or small engines, the carburetor is responsible for creating the correct fuel and air mixture that is used to power the cylinders. Getting that Continue reading
SeaMeWe-3 Experiences Another Cable Break
On Thursday, May 10 at approximately 02:00 UTC, the SeaMeWe-3 (SMW-3) subsea cable suffered yet another cable break. The break disrupted connectivity between Australia and Singapore, causing latencies to spike as illustrated below in our Internet Intelligence tool, because traffic had to take a more circuitous path.
The SMW-3 cable has had a history of outages, which we have reported on multiple times in the past, including August 2017, December 2014, and January 2013.
Weekend Reads: 051118: New spectre-class vulnerabilities, scraping data, and no middle ground on encryption
Despite this renewed rhetoric, most experts continue to agree that exceptional access, no matter how you implement it, weakens security. The terminology might have changed, but the essential question has not: should technology companies be forced to develop a system that inherently harms their users? The answer hasn’t changed either: Continue reading
Project Jengo Celebrates One Year Anniversary by Releasing Prior Art
Today marks the one year anniversary of Project Jengo, a crowdsourced search for prior art that Cloudflare created and funded in response to the actions of Blackbird Technologies, a notorious patent troll. Blackbird has filed more than one hundred lawsuits asserting dormant patents without engaging in any innovative or commercial activities of its own. In homage to the typical anniversary cliché, we are taking this opportunity to reflect on the last year and confirm that we’re still going strong.
Project Jengo arose from a sense of immense frustration over the way that patent trolls purchase over-broad patents and use aggressive litigation tactics to elicit painful settlements from companies. These trolls know that the system is slanted in their favor, and we wanted to change that. Patent lawsuits take years to reach trial and cost an inordinate sum to defend. Knowing this, trolls just sit back and wait for companies to settle. Instead of perpetuating this cycle, Cloudflare decided to bring the community together and fight back.
After Blackbird filed a lawsuit against Cloudflare alleging infringement of a vague and overly-broad patent (‘335 Patent), we launched Project Jengo, which offered a reward to people who submitted prior art that could Continue reading
Symantec Cops to Internal Investigation, Sends Stock Crashing 35%
The mysterious probe isn’t related to a breach or any security concern about its products.
SDxCentral’s Weekly Roundup — May 11, 2018
Oracle spreads AI across the cloud; Nokia makes successful 5G call in France; Cisco completes $270 million purchase of AI company.
How to Manage Cloud Expenses With a Solution You Probably Already Have
Over the years, Telecom Expense Management has helped organizations optimize and gain visibility into usage trends, expenses, and financial allocation — and now it can address a broader set of IT and cloud services.
