Linux Routing On The Host With FRR
We've all been there, it's supposed to be a relatively simple change and then BOOM! Spanning tree topology change blows up the network :( There is a movement in the data centre space to push the layer 2 boundary down into the host to avoid the bandwidth waste of spanning tree link blocking and...My DC Virtual Lab Setup – Insights
Hi,
I have been getting a lot of requests offline and online on the lab setup I use, I have to say I have tested many things and finally settled with Vmware ESXi 5.5. Eve-ng was good but not good enough when spawned with multiple instances of qemu, maybe because my host operating system might be slow enough for it.
I will cover the connectivity for two VMX devices but the logic Remains same for any device connectivity.
What I have Already
-> Vmware Esxi5.5
-> Dell R810
-> Insane amount of time to waste :), I hope you won’t fall into the same path.
You need to have the OVA files, all settings are straightforward, don’t even worry about Memory allocations yet, there is time for that and also the networking part, import the OVA
There will be two OVA images
Vfp – forwarding plane
VCP – Control Plane
General import – No Rocket science – Don’t worry about any settings as of now
This is how my VCP looks like – Again don’t worry about any networking here, catch here – VCP has only two networking Adapters – One for Fxp0 which is the Continue reading
2018 SD-WAN as a Managed Service Report Available Now!
Download now to learn the latest on the SD-WAN as a managed service.
Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security
Today the tech media is focused on the announcement of two security vulnerabilities, nicknamed Meltdown and Spectre, that are found in almost all CPUs used in modern devices. Mobile phones, laptops, desktop computers, cloud services, and Internet of Things (IoT) devices are all vulnerable.
There are many articles being published on this topic. The best source of information I’ve found is this site by the security researchers at the Graz University of Technology:
At the bottom of that page are links to the security blog posts, advisories, and other statements from companies and organizations across the industry. In an excellent example of the principles of Collaborative Security, the announcement was coordinated with the release of patches and updates for a wide range of operating systems and devices.
For readers wanting a deeper technical dive, the site from Graz University has links to multiple academic papers. Google’s Project Zero team also published a detailed technical analysis.
From our perspective, today’s news highlights a couple of points:
- Keeping up to date on patches is critical. We each need to ensure that we upgrade our own systems and devices. If we work for organizations/companies, we need to ensure that processes are in place Continue reading
Understanding the architecture of the modern Linux operating system
Linux is cool and can do amazing things in the enterprise data center, whether it’s hosting a web app or acting as an Internet firewall. But what makes up the modern Linux OS? What are the many pieces and parts that make the Linux OS work? Before we answer those questions, let’s start by answering a few more basic questions about Linux architecture such as…
What is an operating system?
The short answer is that an operating system, or OS, is software that you load on your hardware to make it do things. Without an operating system, most hardware is useless. For example, you might have a Dell computer that runs the Windows 10 operating system from which you run your applications. You might have an iPhone that runs the iOS operating system. You may also have an Apple MacBook that runs the Apple macOS operating system. The operating systems on these hardware platforms are what enable them to run applications, as shown in the graphic.
What is a kernel, and what does it do?
The kernel is the special piece of the operating system that controls the CPU hardware, allocates memory, accesses data, schedules processes, runs the applications and Continue reading
Getting More Out Of NSX Webcast Series
Each episode in this Getting More Out of NSX webcast series has its own topic, so there is no need to watch each episode to understand the next one. The episodes cover a variety of NSX features and explain in detail how NSX is the solution to key challenges faced by IT professionals. With the use of product demos, our NSX experts will show you how NSX allows granular control on an application by application basis to achieve the dream of universal security across the network. You will learn about:
- NSX optimization for performance – how NSX eliminates the need for agent management and overprovisioning, thus reducing costs
- NSX automated ubiquitous deployment & enforcement
- NSX simplified policy management & automation across services
Now Available On-Demand
Episode 1: Deep Dive into NSX Service Composer, covered the mapping of applications, adding context to your Security Policy, and the NSX Service Composer and Application Rule Manager. Episode 2: Micro-segmentation Preparation and Planning with vRNI, covered how to perform Plan Security around Applications, build rulesets from Recommendations from vRNI, and verify rules compliance.
There is no need to watch Episodes 1 and 2 to understand Episodes 3 and 4 as each episode has its own topic. Episodes 1 and 2 can be accessed here.
Upcoming
Cisco Keeps Lead in Enterprise Infrastructure
Synergy Research report shows big gap between Cisco and the competition.
Google, Microsoft, AWS Scramble to Limit Impact from CPU Security Bugs
These CPU security bugs have been around for 20 years, says AWS.
SDxCentral’s Top 10 Articles — December 2017
Cisco merges Viptela tech with its routers; Silver Peak, Aryaka top SD-WAN revenue rankings; and AT&T explains white box plans.
Flowspec and RFC1998?
In a recent comment, Dave Raney asked:
Russ, I read your latest blog post on BGP. I have been curious about another development. Specifically is there still any work related to using BGP Flowspec in a similar fashion to RFC1998. In which a customer of a provider will be able to ask a provider to discard traffic using a flowspec rule at the provider edge. I saw that these were in development and are similar but both appear defunct. BGP Flowspec-ORF https://www.ietf.org/proceedings/93/slides/slides-93-idr-19.pdf BGP Flowspec Redirect https://tools.ietf.org/html/draft-ietf-idr-flowspec-redirect-ip-02.
This is a good question—to which there are two answers. The first is this service does exist. While its not widely publicized, a number of transit providers do, in fact, offer the ability to send them a flowspec community which will cause them to set a filter on their end of the link. This kind of service is immensely useful for countering Distributed Denial of Service (DDoS) attacks, of course. The problem is such services are expensive. The one provider I have personal experience with charges per prefix, and the cost is high enough to make it much less attractive.
Why would the cost be so high? The same Continue reading
Additions to the ‘net Neutrality Page
Just a friendly reminder that I keep the ‘net Neutrality page up to date with a selection of articles I find from all sorts of different viewpoints. I am trying to avoid the “this is what you can do,” and “the fight is not over” sorts of articles, and focus on arguments making points in either one direction or the other, or some perspective I have not seen before.
I just added three more articles today.
Candy.com Sweetens Business with Dell Boomi
“It’s the No. 1 reason for the success and growth of our company.”