Dataplane MAC Learning with EVPN
Johannes Resch submitted the following comment to the Is Dynamic MAC Learning Better Than EVPN? blog post:
I’ve also recently noticed some vendors claiming that dataplane MAC learning is so much better because it reduces the number of BGP updates in large scale SP EVPN deployments. Apparently, some of them are working on IETF drafts to bring dataplane MAC learning “back” to EVPN. Not sure if this is really a relevant point - we know that BGP scales nicely, and its relatively easy to deploy virtualized RR with sufficient VPU resources.
While he’s absolutely correct that BGP scales nicely, the questions to ask is “what is the optimal way to deliver a Carrier Ethernet service?”
Dataplane MAC Learning with EVPN
Johannes Resch submitted the following comment to the Is Dynamic MAC Learning Better Than EVPN? blog post:
I’ve also recently noticed some vendors claiming that dataplane MAC learning is so much better because it reduces the number of BGP updates in large scale SP EVPN deployments. Apparently, some of them are working on IETF drafts to bring dataplane MAC learning “back” to EVPN. Not sure if this is really a relevant point - we know that BGP scales nicely, and its relatively easy to deploy virtualized RR with sufficient VPU resources.
While he’s absolutely correct that BGP scales nicely, the questions to ask is “what is the optimal way to deliver a Carrier Ethernet service?”
On the ‘net: Network Models at Packet Pushers
I’ve just started a new series on network models over at Packet Pushers. The first two installments are here:
On the ‘Net: The IETF at Packet Pushers
I’ve been writing a series about working within the IETF to publish a new standard over at Packet Pushers. The most recent installments are:
Schedule 0923
Here’s a preview of what I’m working on for those who are interested:
- September 2023: (this Friday) How Routers Really Work, a three-hour live webinar at Safari Books Online through Pearson
- October 2023:
- How the Internet Really Works a four-hour live webinar at Safari Books Online through Pearson; this is newly formatted and reorganized version of the two sessions I used to do
- I’m speaking at a small theological conference on AI and ethics in Cary, NC
- November 2023:
- The new CCST book should be released
- I have recorded a network basics video series that should be released in late 2023 or early 2024
- January 2024:
- What Coders Need to Know about Networks, a new course, co-authored with an engineer from Akamai; a three-hour live webinar at Safari Books Online through Pearson
- I’ll be teaching a course in network engineering at the University of Colorado for the spring semester
- February 2024: A new three-hour live webinar on infrastructure interviewing skills at Safari Books Online through Pearson
- March 2024: BGP Policy, a three-hour live webinar on Safari Books Online through Pearson
- April 2024: Troubleshooting, a reformatted and rebuilt three-hour live webinar at Safari Books Online through Pearson
There will probably Continue reading
Automation is Critical for 5G Network Slicing – Here’s Why
Network slicing could be the answer to 5G rollout – but it's not easy to implement. Automation provides a way forward.Heavy Networking 701: Monitoring SD-WAN At Scale With Broadcom (Sponsored)
Our topic today on Heavy Networking is SD-WAN monitoring at massive scale. Scale can grow quickly with SD-WAN when you account for the underlay, overlays, gateways, endpoints, and more. We talk with sponsor Broadcom about their monitoring platform and dig into a case study with a Broadcom customer providing global IT infrastructure for thousands of their own customers.
The post Heavy Networking 701: Monitoring SD-WAN At Scale With Broadcom (Sponsored) appeared first on Packet Pushers.
Heavy Networking 701: Monitoring SD-WAN At Scale With Broadcom (Sponsored)
Our topic today on Heavy Networking is SD-WAN monitoring at massive scale. Scale can grow quickly with SD-WAN when you account for the underlay, overlays, gateways, endpoints, and more. We talk with sponsor Broadcom about their monitoring platform and dig into a case study with a Broadcom customer providing global IT infrastructure for thousands of their own customers.Making Content Security Policies (CSPs) easy with Page Shield
Modern web applications are complex, often loading JavaScript libraries from tens of different sources and submitting data to just as many. This leads to a vast attack surface area and many attack types that hackers may leverage to target the user browser directly. Magecart, a category of supply chain attack, is a good example.
To combat this, browser vendors (Google, Microsoft, Mozilla, etc.) have agreed on a standard that allows application owners to control browser behavior from a security perspective. This standard is called Content Security Policies (CSPs). Content Security Policies are implemented by application owners as a specially formatted HTTP response header that the browser then parses and enforces. This header can be used, for example, to enforce loading of JavaScript libraries only from a specific set of URLs. CSPs are good as they reduce the attack surface, but are hard to implement and manage, especially in a fast-paced development environment.
Starting today, Page Shield, our client-side security product, supports all major CSP directives. We’ve also added better reporting, automated suggestions, and Page Shield specific user roles, making CSPs much easier to manage.
If you are a Page Shield enterprise customer, log in to your Continue reading