Test-driving EVPN route publishing with GoBGP
In recent times there has been a lot of interest in tunnel based L2 networks, especially for Cloud Networks implemented with VXLAN. The tunnel based networks were initially proposed with the idea of alleviating the 4k limit imposed with VLAN based networks. EVPN based VXLAN tunneled networks use BGP as control plane for L2 learning. … Continue reading Test-driving EVPN route publishing with GoBGP
Triggered remote packet capture using filtered ERSPAN
Traditional hierarchical network designs were relatively straightforward to monitor using a packet broker since traffic flowed through a small number of core switches and so a small number of taps provided network wide visibility. The move to leaf and spine fabric architectures eliminates the performance bottleneck of core switches to deliver low latency and high bandwidth connectivity to data center applications. However, traditional packet brokers are less attractive since spreading traffic across many links with equal cost multi-path (ECMP) routing means that many more links need to be monitored.
This article will explore how the remote Selective Spanning capability in Cumulus Linux 3.0 combined with industry standard sFlow telemetry embedded in commodity switch hardware provides a cost effective alternative to traditional packet brokers.
Cumulus Linux uses iptables rules to specify packet capture sessions. For example, the following rule forwards packets with source IP 20.0.1.0 and destination IP 20.0.1.2 to a packet analyzer on host 20.0.2.2:
-A FORWARD --in-interface swp+ -s 20.0.0.2 -d 20. Continue reading
Getting Started in the Mobile World
Got this challenge from one of my readers:
I've recently changed jobs and I am currently working for a telco. The problem is that I have no idea of what they are talking about when they mention SGSN, GGSN, Gi, Gn, etc... I only know routing and switching stuff :(.
Obviously he tried to search for information and failed.
Read more ...Juniper QFX 5100 & VMware ESXI Host NIC Teaming -Design Consideration
The objective of this article is to highlight design consideration for NIC Teaming between Juniper QFX 5100 (Virtual Chassis -VC) and VMWare ESXI host.
Reference topology is as under:-
We have 2 x Juniper QFX 5100 48S switches which are deployed as VC in order to provide connectivity to compute machines. All compute machines are running VMWare ESXI Hyper-visor. Link Aggregation Group (LAG or Active/ Active NIC Teaming) is required between compute machines and QFX 5100 VC.
- Data Traffic from server to switch – xe-0/0/0 interface on both switches connected to NIC 3 & 4 on a single Compute Machine.
- ESXI Host Management and V-Motion Traffic from server to Switch- xe-0/0/45 interface from both switches connected to NIC 1 & 2 ports on compute machine.
- VLANs-ID
- Data VLANs – 116, 126
- V-Motion- 12
- ESXI Management-11
Hence,the requirement is to configure LAG (Active/ Active NIC Teaming) between compute machines and network switch for optimal link utilization in addition to fault tolerance if in case one physical link goes down between network switch and compute machine.
In order to achieve the required results one’s needs to understand default load balancing mechanism over LAG member interfaces in Juniper devices and same load balancing mechanism must be configured on VMware ESXI Continue reading
Let’s Encrypt plugin for ASA
I wrote a certbot (Let's Encrypt ACME client) plugin for Cisco ASA. It runs on a separate box, talks ACME to the Let's Encrypt service and uses the ASA REST API to manage certificates on the ASA.Details here.
If you try it out, please let me know how it goes?
Webcast: Hardening Microservices Security
Microservices is one of the buzz words of the moment. Beyond the buzz, microservices architecture offers a great opportunity for developers to rethink how they design, develop, and secure applications.
On Wednesday, September 21st, 2016 at 10am PT/1pm ET join SANS Technology Institute instructor and courseware author, David Holzer, as well as CloudFlare Solutions Engineer, Matthew Silverlock, as they discuss best practices for adopting and deploying microservices securely. During the session they will cover:
- How microservices differ from SOA or monolithic architectures
- Best practices for adopting and deploying secure microservices for production use
- Avoiding continuous delivery of new vulnerabilities
- Limiting attack vectors on a growing number of API endpoints
- Protecting Internet-facing services from resource exhaustion
Don't miss this chance to learn from the pros. Register now!
Wroth Reading: Exascale might prove difficult
The post Wroth Reading: Exascale might prove difficult appeared first on 'net work.
Google Offers VM ‘Rightsizing’ in its Cloud Platform
It's also supplying cloud storage on an as-needed basis.
GE Digital Drops $495M on Meridium Industrial IoT Software Firm
Meridium's software predicts when machinery might fail.