VXLAN designs: 3 ways to consider routing and gateway design (part 1)

With VXLAN design, the easiest thing to overlook is how communication occurs between subnets. I think many times, network engineers take for granted that our traffic will flow in a VXLAN environment. And it’s also easy to get confused when trying to figure out traffic routing path between your overlay and underlay.

As I work with customers in designing VXLAN infrastructures, one of the first questions I always ask is: “Where do you expect the gateway of the servers?”

This always leads to one of three designs, which I will outline over the next two posts. Before we start, know that all these designs leverage BGP EVPN. Ethernet Virtual Private Networks (EVPN) are an address family within BGP that are used to exchange VXLAN related information. This blog won’t go into detail about EVPN, but we have previous blogs to help fill in the gap.

With that said, let’s get started with the first VXLAN design example.

The first case is the simplest environment, and that is the gateway on an internet edge service. In this case, the VXLAN acts as a strict L2 overlay, and the L3 routed BGP underlay is hidden from the end hosts and servers.

Continue reading

DDOS and The DNS

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of “landmark” DDOS attacks on the Internet. It’s up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? It was the largest we have seen so far, with an attack that amassed around 1Tb of attack traffic, which is a volume that creates not only a direct impact on the intended victim but wipes out much of the network infrastructure surrounding the attack point as well. Secondly, it used a bot army of co-opted webcams and other connected devices, which is perhaps a rather forbidding portent of the ugly side of the over-hyped Internet of Things. Thirdly, the target of the attack was aimed at the Internet’s DNS infrastructure. —Geoff Huston @ CircleID

Cisco Exec Says Enterprises Need Help Navigating Multi-Cloud World   

The world doesn’t need another public cloud.

Pivotal Cloud Foundry Shows Love for Serverless, Containers

Pivotal Container Service, developed with VMware and Google, is initially available.

Terminology Tuesday Presents: ZTP

ZTP stands for Zero Touch Provisioning.  And, as a quick google search will quickly reveal, many other things as well.

Back to our ZTP.  ZTP is the process by which new network switches can be configured without much human involvement.   Notice that I said “much” and not “any”.  ZTP is not it’s not truly zero because something (someone!) needs to put the first components of the network together in order for the rest of the network to be built in a ZTP fashion.

Where provisioning many switches could have quite a while through ZTP processes it’s down to a matter of minutes.  Switches can also be updated automatically with any need for physical intervention.

The beauty of ZTP is the continued march towards more and more robust automation solutions.  Delightfully, once folks aren’t mired in the repetitive manual work they can move onto tasks that bring innovation to businesses and, more importantly, make jobs more enjoyable.  We also can’t ignore the fact that it renders moot a lot of the specialized skills that traditionally defined the role of a network engineer. Continue reading

SLAAC and DHCPv6

When deploying IPv6, one of the fundamental questions the network engineer needs to ask is: DHCPv6, or SLAAC? As the argument between these two has reached almost political dimensions, perhaps a quick look at the positive and negative attributes of each solution are. Originally, the idea was that IPv6 addresses would be created using stateless configuration (SLAAC). The network parts of the address would be obtained by listening for a Router Advertisement (RA), and the host part would be built using a local (presumably unique) physical (MAC) address. In this way, a host can be connected to the network, and come up and run, without any manual configuration. Of course, there is still the problem of DNS—how should a host discover which server it should contact to resolve domain names? To resolve this part, the DHCPv6 protocol would be used. So in IPv6 configuration, as initially conceived, the information obtained from RA would be combined with DNS information from DHCPv6 to fully configure an IPv6 host when it is attached to the network.

There are several problems with this scheme, as you might expect. The most obvious is that most network operators do not want to deploy two protocols to Continue reading

Barefoot Networks Plunges Into Network Monitoring

Barefoot leverages its Tofino programmable switch and the P4 language.

VMware targets cloud and container networking with latest NSX-T launch

VMware today released a new version of its NSX virtual networking software that aims to make it easier to manage network requirements of cloud-native and application-container-based applications.The move represents the latest example of a network vendor evolving its automation tooling to operate in not just traditional data center and campus networks, but increasingly in cloud environments that cater to a faster-pace of application development.+MORE AT NETWORK WORLD: What SDN is and where its going +VMware has two separate versions of its software-defined networking (SDN) software. The more popular and widely-used version named NSX integrates with VMware’s vSphere virtualization management software and the company’s popular ESXi compute hypervisor.To read this article in full, please click here

VMware targets cloud and container networking with latest NSX-T launch

VMware today released a new version of its NSX virtual networking software that aims to make it easier to manage network requirements of cloud-native and application-container-based applications.The move represents the latest example of a network vendor evolving its automation tooling to operate in not just traditional data center and campus networks, but increasingly in cloud environments that cater to a faster-pace of application development.+MORE AT NETWORK WORLD: What SDN is and where its going +VMware has two separate versions of its software-defined networking (SDN) software. The more popular and widely-used version named NSX integrates with VMware’s vSphere virtualization management software and the company’s popular ESXi compute hypervisor.To read this article in full, please click here

IDG Contributor Network: To thrive in a digital age, businesses must look beyond log data

With the amount of data in the world predicted to increase at least 50 fold between 2010 and 2020, how we store that data has come into sharp focus. Collecting large volumes of raw log data from multiple applications and infrastructure components and sending it to a central location for storage and processing, for example, increases the size and cost of storage. And as the volume of data grows and storage and processing costs increase dramatically, businesses risk undermining the advantages big data brings. Furthermore, the surging demand for data has environmental implications; by 2020, 12 percent of the world’s energy consumption will be taken by our digital ecosystem, and this is expected to grow annually at approximately 7 percent until 2030. To read this article in full, please click here

IDG Contributor Network: To thrive in a digital age, businesses must look beyond log data

With the amount of data in the world predicted to increase at least 50 fold between 2010 and 2020, how we store that data has come into sharp focus. Collecting large volumes of raw log data from multiple applications and infrastructure components and sending it to a central location for storage and processing, for example, increases the size and cost of storage. And as the volume of data grows and storage and processing costs increase dramatically, businesses risk undermining the advantages big data brings. Furthermore, the surging demand for data has environmental implications; by 2020, 12 percent of the world’s energy consumption will be taken by our digital ecosystem, and this is expected to grow annually at approximately 7 percent until 2030. To read this article in full, please click here

SDxCentral’s Top 10 Articles — November 2017

AT&T wants white box routers; VMware swoops on VeloCloud; Cisco Ericsson partnership wavers.

Related Stories

• SDxCentral’s Top 10 Articles — November 2016

Introducing NSX-T 2.1 with Pivotal Integration

Introducing NSX-T 2.1 with Pivotal Integration Application architectures are evolving. That shouldn’t be news to anyone. Today, emerging app architectures that leverage container-based workloads and microservices are becoming mainstream, moving from science projects in development labs to enterprise production deployments at scale. The benefits are clear. Developers and the application lifecycle, become faster, more productive,... Read more →

Introducing NSX-T 2.1 with Pivotal Integration

Application architectures are evolving. That shouldn’t be news to anyone. Today, emerging app architectures that leverage container-based workloads and microservices are becoming mainstream, moving from science projects in development labs to enterprise production deployments at scale. The benefits are clear. Developers and the application lifecycle, become faster, more productive, more agile, and more responsive to the needs of the business.

Today we’re announcing NSX-T 2.1, which will enable advanced networking and security across these emerging app architectures, just as it does for traditional 3-tier apps. More specifically, NSX-T 2.1 will serve as the networking and security platform for the recently announced VMware Pivotal Container Service (PKS), a Kubernetes solution jointly developed by VMware and Pivotal in collaboration with Google. NSX-T 2.1 will also introduce integration with the latest 2.0 release of Pivotal Cloud Foundry (PCF), serving as the networking and security engine behind PCF. In these environments, NSX-T will provide Layer 3 container networking and advanced networking services such as load balancing, micro-segmentation, and more.

For development teams, these integrations mean that they will be able operate quickly and consume infrastructure as code. Meanwhile, their workflows will remain the same — fast and efficient — because NSX-T will integrate tightly with these application platforms, connecting directly into the Continue reading

Worth Reading: The Tradeoffs of NVM-Express

NVM-Express isn’t new. Development on the interface, which provides lean and mean access to non-volatile memory, first came to light a decade ago, with technical work starting two years later through a work group that comprised more than 90 tech vendors. The first NVM-Express specification came out in 2011, and now the technology is going mainstream. How quickly and pervasively remains to be seen. NVM-Express promises significant boosts in performance to SSDs while driving down the latency, which would be a boon to HPC organizations and the wider world of enterprises as prices for SSDs continue to fall and adoption grows. —Jeffery Burt @ The Next Platform

CoreOS Adds Latest Kubernetes Release, Open Source Model to Tectonic

The company's vetting process found a flaw in the previous Kubernetes release.

Introducing the Cloudflare Warp Ingress Controller for Kubernetes

It’s ironic that the one thing most programmers would really rather not have to spend time dealing with is... a computer. When you write code it’s written in your head, transferred to a screen with your fingers and then it has to be run. On. A. Computer. Ugh.

Of course, code has to be run and typed on a computer so programmers spend hours configuring and optimizing shells, window managers, editors, build systems, IDEs, compilation times and more so they can minimize the friction all those things introduce. Optimizing your editor’s macros, fonts or colors is a battle to find the most efficient path to go from idea to running code.

CC BY 2.0 image by Yutaka Tsutano

Once the developer is master of their own universe they can write code at the speed of their mind. But when it comes to putting their code into production (which necessarily requires running their programs on machines that they don’t control) things inevitably go wrong. Production machines are never the same as developer machines.

If you’re not a developer, here’s an analogy. Imagine carefully writing an essay on a subject dear to your heart and then publishing it only to be Continue reading

IBM to ship its Power9 system this month, claiming AI leadership in the data center

With the release this month of the first commercial server based on its Power9 processor, IBM is reaching another milestone in its quest to be the AI-workload leader for data centers and web service providers.The Power9 chips in the systems hitting the market now don't rev up to the top speeds provided by Intel's Xeon Scalable Processor line, but they offer blazing throughput aimed to give them an edge in machine learning and accelerated database applications.IBM unveiled its first Power9 server, the Power System AC922, Tuesday at the AI Summit in New York. It runs a version of the Power9 chip tuned for Linux, with the four-way multithreading variant SMT4. Power9 chips with SMT4 can offer up to 24 cores, though the chips in the AC922 top out at 22 cores. The fastest Power9 in the AC922 runs at 3.3GHz. To read this article in full, please click here

IBM to ship its Power9 system this month, claiming AI leadership in the data center

With the release this month of the first commercial server based on its Power9 processor, IBM is reaching another milestone in its quest to be the AI-workload leader for data centers and web service providers.The Power9 chips in the systems hitting the market now don't rev up to the top speeds provided by Intel's Xeon Scalable Processor line, but they offer blazing throughput aimed to give them an edge in machine learning and accelerated database applications.IBM unveiled its first Power9 server, the Power System AC922, Tuesday at the AI Summit in New York. It runs a version of the Power9 chip tuned for Linux, with the four-way multithreading variant SMT4. Power9 chips with SMT4 can offer up to 24 cores, though the chips in the AC922 top out at 22 cores. The fastest Power9 in the AC922 runs at 3.3GHz. To read this article in full, please click here

Creating a mixed-mode Virtual Chassis Fabric (VCF)

In order to mix EX switches and QFX switches in the same VCF, you need to enable mixed-mode.   This requires all members of the VCF to reboot unfortunately:

{master:1}
imtech@sw0-24c> request virtual-chassis mode fabric mixed
fpc0:
--------------------------------------------------------------------------
Mode set to 'Fabric with mixed devices'. (Reboot required)

fpc2:
--------------------------------------------------------------------------
Mode set to 'Fabric with mixed devices'. (Reboot required)

fpc3:
--------------------------------------------------------------------------
Mode set to 'Fabric with mixed devices'. (Reboot required)

fpc1:
--------------------------------------------------------------------------
WARNING, Virtual Chassis Fabric mode enabled without a valid software license.
 Please contact Juniper Networks to obtain a valid Virtual Chassis Fabric License.

Mode set to 'Fabric with mixed devices'. (Reboot required)

{master:1}
imtech@sw0-24c>

Once you’ve cabled up your QSFP ports between the EX4300 you are adding and the QFX spines, you need to do the following:

Enable the VCF port on the QFX spine:

request virtual-chassis vc-port set pic-slot 0 port 48