vSphere 6.5 Security Encrypted vMotion
Interesting
Encrypted vMotion has been asked about for YEARS. It’s here now in vSphere 6.5! And, like VM Encryption, we’ve taken a different approach than you might think. We don’t actually encrypt the vMotion network. What we DO encrypt is the data going over the vMotion network. At the time of migration, a 256-bit key and 64-bit Nonce are created by vCenter. This is a one-time-use key and is not persisted!
Some thoughts:
- what is the impact of the encryption on vMotion performance, especially at load ? Since its symmetric encryption (OTP Key would suggest that) it should light on CPU but still.
- Joined up thinking between network and vm admins is key here. If the network already encrypts this would be silly to implement so “The best part is you don’t have to ask your network team to do anything!” would be doubling down on stupid.
- Network encryption should lower latency (hardware acceleration) and perform better (remember, don’t ask your network team anything)
- Security is a top down thing. If you are bothering to encrypt at all, everything should be encrypted not just the vMotion. Thats kind of pointless if all other data is in the clear.
Response: ASA logout weirdness
5545x/act# logoff
^
ERROR: % Invalid input detected at ‘^’ marker.
5545x/act# logout
Logoff
I would expect nothing less from a Cisco CLI to be fair. Irrational, inconsistent and byzantine CLI is the normal.
ASA logout weirdness | Battles with Cisco product weirdness : https://ciscoweirdness.wordpress.com/2017/01/24/asa-logout-weirdness/
The post Response: ASA logout weirdness appeared first on EtherealMind.
Updated Generic Icon Set
I’ve updated the generic icons linked from this page to include a virtual router/switch. I’ve also added two different spine and leaf topologies to the presentation. I may add other “generic” topologies over time, as I run across ones that seem worth including. These are completely public domain; I would encourage you to use them instead of the normal sets of vendor icons in drawing, books, blogs, etc.
Updated: Thanks to Greg Ferro, there is now a version of these in Omnigraffle! They’re linked on the same page.
The post Updated Generic Icon Set appeared first on 'net work.
On the ‘net: The background of I2RS
The post On the ‘net: The background of I2RS appeared first on 'net work.
Oracle to Lay Off 450 in Its Hardware Operation
The company’s hardware product revenues were down 10 percent year-over-year for its fiscal 2017 second quarter.
Verizon Expands 5G Market Trials Across the U.S.
The 10 pilot markets will not be limited to Verizon's wireline territory.
Cumulus & Apstra Demo on Facebook’s Backpack & Wedge Switches
Facebook shows off the OCP ecosystem at an invitation-only event.
Announcing Backpack running Cumulus Linux — completing our networking portfolio with a modular platform
We are thrilled to announce our integration with Backpack — the industry’s first commercially supported open chassis with Cumulus Linux. You can now have a consistent operating model across fixed and modular platforms.
With Backpack and Cumulus Linux, you can simplify hyperscaling your network infrastructure, especially as you migrate from 40G to 100G platforms.
When Facebook first approached us about the technology, we were thrilled to be a part of it. We’ve always believed the chassis is an important part of the ecosystem, but we also knew the technology needed to be improved.
In fact, when Cumulus Networks was first founded, we were working on developing a chassis that would work seamlessly with open networking ecosystems. No really, we did! Don’t believe us? Here’s the proof:
Clearly, we never quite got it right. But luckily for us and open networking enthusiasts everywhere, Facebook did. Read more about Facebook and Cumulus Networks.
What is Backpack?
This is Facebook’s second generation modular switch platform based on web-scale principles. Cumulus Networks collaborated with Facebook to provide ONIE support for Backpack. Backpack is an 8RU chassis with 128x 100G ports built as a distributed model where each line card and fabric card have dedicated CPUs Continue reading
Why Predictive Analytics and Policy Integration Will Become Critical for Service Management as Virtualization Expands
In order for operators to execute blended service models successfully, a policy-based and predictive analytics-driven approach to end-to-end service management will be essential.
Research: Wired Ethernet: Intel® Ethernet X520 to XL710 -… |Intel Communities
This balance is also important when looking at the interaction within a server between the network cards (which have some on-board buffering) and the DPDK managed buffer resources on the host. A better tuning of the buffer sizes can eliminate potential packet losses. This paper is summarizing what to do when going from one type of network card to another one that has different on-board buffer behavior. It also has the potential to explain and fix certain packet loss issues going from one generation of a NIC card to another (e.g. when moving from Intel® Ethernet Server Adapter X520 to Intel® Ethernet Controller XL710)
Basically it comes down to configuring the RX descriptors.
So, to avoid packet losses due to CPU core being interrupted when using Fortville (or when using Niantic and SRIOV), the number of RX descriptors should be configured high enough, for instance to 2048.
Wired Ethernet: Intel® Ethernet X520 to XL710 -… |Intel Communities : https://communities.intel.com/community/wired/blog/2017/01/09/intel-ethernet-x520-to-xl710-tuning-the-buffers-a-practical-guide-to-reduce-or-avoid-packet-loss-in-dpdk-applications
Link to local version PDF File for my future self (hi there!)
X520_to_XL710_Tuning_The_Buffers.pdf
The post Research: Wired Ethernet: Intel® Ethernet X520 to XL710 -… |Intel Communities appeared first on EtherealMind.