Kicking the Tires on Cisco’s onePK
Recently, I experimented with Cisco’s onePK. What follows are observations on onePK, as well as some details on the mechanics of creating a onePK connection. For those of you that are not familiar with onePK–it is an API created by Cisco that they support on various IOS, IOS-XR, and IOS-XE devices. onePK was announced in 2012 […]
Author information
The post Kicking the Tires on Cisco’s onePK appeared first on Packet Pushers Podcast and was written by Kirk Byers.
Migrating to the Ghost Blogging Platform
For those of you that follow the CloudFlare blog, you’ll know that we try to be prolific. We have industry leaders like Matthew Prince, John Graham-Cumming, Nick Sullivan, and others publishing pieces weekly from the front lines of internet performance and security. We’re also big fans of open source software, which is used in almost everything we do.
A little over a year ago we watched as a brand new independent open source blogging platform called Ghost started making waves, raising over $300,000 on Kickstarter. A little later, we reached out to the team to see if CloudFlare could help make the lightning-fast Node.js platform even faster and more secure on the Ghost(Pro) hosted service.
In March, Ghost announced that their entire Pro network was powered by CloudFlare, and today we’re pleased to announce that the CloudFlare blog is now running on Ghost.
While things look largely the same, you’ll find new and improved RSS feeds as well as tag and author archives to allow you to browse through our backlog of content more easily. The biggest improvement by far, though, is in the writing tools which we now have available to us—meaning our team is Continue reading
Automatic logon to vCenter using vMA/SDK for Perl
One of the most useful appliance for vSphere administration is a Linux based VM called vMA (vSphere Management Assistant ). It’s a simple SUSE Linux installation with the vSphere SDK for Perl installed. Both method will provide useful tools like esxcli, vmkfstools, vicfg-* and so on. Each command can read credentials as parameters: $ esxcli --server vcenter.example.com --username example\vsphereadmin […](Visited 4 times since 2013-06-04, 4 visits today)
The Trap of Net Neutrality
The President recently released a video and statement urging the Federal Communications Commission (FCC) to support net neutrality and ensure that there will be no “pay for play” access to websites or punishment for sites that compete against a provider’s interests. I wholeheartedly support the idea of net neutrality. However, I do like to stand on my Devil’s Advocate soapbox every once in a while. Today, I want to show you why a truly neutral Internet may not be in our best interests.
Lawful Neutral
If the FCC mandates a law that the Internet must remain neutral, it will mean that all traffic must be treated equally. That’s good, right? It means that a provider can’t slow my Netflix stream or make their own webmail service load faster than Google or Yahoo. It also means that the provider can’t legally prioritize packets either.
Think about that for a moment. We, as network and voice engineers, have spent many an hour configuring our networks to be as unfair as possible. Low-latency queues for voice traffic. Weighted fair queues for video and critical applications. Scavenger traffic classes and VLANs for file sharers and other undesirable bulk noise. These plans take weeks to Continue reading
Response: Cisco, Arista Disaggregating
Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches. Is there … Continue reading
If you liked this post, please do click through to the source at Response: Cisco, Arista Disaggregating and give me a share/like. Thank you!
Response: Cisco, Arista Disaggregating
Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches.
Is there any mileage in this idea?
Old News, New Timing
The idea of the big players selling their software for use on generic hardware has been floating around pretty much since SDN hit the news and the first bare metal switches came out, with Cisco for example looking like they were pretending that SDN wasn’t a thing, and their position was secure if they continued to do what they already did. To be honest, I think Cisco is still paying the price for initially lacking a strategy, then embracing SDN in such a confusing way. Nonetheless, the idea isn’t new, but has the market moved to a position where Cisco and Arista really need to do this? And what of Juniper; are they immune to being sucked into the bare metal market?
Special Sauce
In addition to being a good addition to awesome music of G. Love, for companies like Cisco Arista and Juniper, their “special sauce” these days Continue reading
Integrating HP addons to VMware Update Manager
Honestly I don’t like customized ISO images for VMware ESXi. I prefer to know what software is installed and how to upgrade it. This short guide will show how to integrate HP addons for VMware in the Update Manager (VUM). Open the vClient -> Home -> Update Manager -> Download Settings -> Add Download source: Source […](Visited 4 times since 2013-06-04, 4 visits today)
Understanding IPv6: Solicited-Node Multicast In Action
In the last installment of her IPv6 series, Denise Fishburne explains how to find the MAC address associated with a Layer 3 IPv6 address.VMware Update Managet (VUM) fail after upgrade
Sometimes after a vSphere upgrade Update Manager (VUM) can fail with the following error: There was an error connecting VMware vSphere Update Manager – [vcenter.example.com:443]. Database temporarily unavailable or has network problems. The easiest way is to reconfigure the VUM using the VMwareUpdateManagerUtility.exe utility installed in the VMware Update Manager program path (usually C:Program Files (x86)VMwareInfrastructureUpdate Manager): […](Visited 1 times since 2013-06-04, 1 visits today)
An industry in transition
The tendency of most companies is to talk strategy and vision. Almost every technology company can paint a future that is somehow more elegant based on their product’s fit into customer plans. And, as a sales leader, if you find a company whose vision you find compelling enough to inspire you to share it with customers, you’re probably feeling pretty good about things.
But sales is ultimately measured on wins and losses. And there is no taking solace in a grand vision if you cannot meaningful and immediately make a difference in a customer’s life. So as much as sales is about demonstrating a better future, there is no substitute for solving immediate pain.
This means that the ideal landing spot for anyone in a sales role is a company that thinks big but is committed to enabling the game changing vision for today’s customer problem set.You want to be a part of an organization that wants to do nothing short of changing the world, but who has the focus to do it in ways that provide immediate tangible benefit.
I am certain I have found that in Plexxi.
Before joining Plexxi as the head of Worldwide Sales, I Continue reading
Deploying VMware vCenter Operations (vCOPS)
Deploying the VMware vCOPS appliance is an easy task with only one prerequisite: IP pool. An IP pool is IP pools provide a network identity to vApps. An IP pool is a network configuration that is assigned to a network used by a vApp. The vApp can then leverage vCenter Server to automatically provide an […](Visited 4 times since 2013-06-04, 4 visits today)
Failed to deploy an OVA
Deploying an OVA to a VMware vSphere infrastructure can fail with the following error: Failed to deploy OVF package: The request was aborted: The request was cancelled. The OVA file can be damaged. Because an OVA file is a TAR, the archive can be tested using 7-Zip. Open the archive, use the verify function and see the […](Visited 3 times since 2013-06-04, 3 visits today)
A Month of SDN
My calendar for the following four weeks is jam-packed with SDN events:
- It starts today with a 3-hour SDN presentation in Ljubljana, Slovenia;
- I’m running a 2-day SDN-focused on-site workshop next week, followed by Scaling Overlay Virtual Networks webinar (register now, we’re slowly running out of space);
- The week of November 24th starts with an SDN meetup in Stockholm and continues with SDN/SDDC event in Rome;
- Finally, I’m running an OpenFlow Deep Dive webinar and another on-site NSX/SDN workshop in early December.
All the travel might affect my blogging frequency, but I still have a few podcasts in the editing queue, so you’ll have something to listen to in the meantime ;)
SDN Analytics and Orchestration from the 17th Annual SDN/MPLS Conference
SDN Analytics & Orchestration from the 17th Annual SDN/MPLS Conference
by Steve Harriman, VP of Marketing - November 11, 2014
Last week at the SDN/MPLS [1] conference in Washington, D.C., large service providers, research organizations and academia, and equipment manufacturers from around the world gathered to hear about the latest SDN/NFV developments. Cengiz Alaettinoglu, Packet Design’s CTO, contributed his insights and experience by presenting at the conference on “SDN Analytics: Bridging Overlay and Underlay Networks.” His premise is that underlay routing issues will impact overlay network performance, thus creating the need for SDN analytics to correlate the two and provide management visibility.
Figure 1. SDN Analytics can correlate the impact of underlay network issues on overlay performance.
In the presentation, Cengiz discussed three types of SDNs: Data center, network edge, and WAN. All three must work in concert, as data center and edge orchestrators will need to request services from the WAN orchestrator. He explained the required elements of SDN analytics, which include historical, current and predictive awareness of the following:
- Topology (IGP, BGP, RSVP-TE, L2/3 VPNs, OpenFlow tables)
- Traffic (real-time and historical traffic matrices, and projected demands)
- Performance (jitter, packet delay/loss, MOS scores, Continue reading
The Best Presentations on SDN Analytics and Wide Area Orchestration at SDN/MPLS 2014
The Best Presentations on SDN Analytics and Wide Area Orchestration at SDN/MPLS 2014
by Cengiz Alaettinoglu, CTO - November 11, 2014
I attended the SDN/MPLS conference in Washington, D.C. last week, where I presented on the importance of analytics for WAN SDN application bandwidth scheduling and the need for even richer analytics when looking at the data center, network edge and WAN SDN holistically. In my presentation I highlighted the importance of accurate traffic demand matrices and the need to consider failures when selecting paths, so that the network can survive them without creating congestion. I was not the only one talking about WAN orchestration and analytics.
One of the most interesting presentations in my opinion was by Douglas Freimuth of IBM. Douglas presented his work titled “Orchestrated Bandwidth-on-Demand for Cloud Services.” It is a collaboration between IBM, Ciena, and AT&T. They carried out the work in a laboratory test bed.
In the test bed, there were three data centers (Los Angeles, New York and Chicago) running OpenStack. When VM workload in the Los Angeles data center exceeded a threshold, some of the VMs were moved to the New York data center to reduce the load. Continue reading
How to IT: Chasing the Certs
Let me kick this blog off with a little bit of background information about me. I am an IT worker born and raised in Houston, TX. ICloudFlare and SHA-1 Certificates
At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates. We are aware of these changes, and we have modified our SSL offerings to ensure customer sites continue to be secure and available to all visitors.
Chrome (and Firefox) and SHA-1
Google will be making changes to its Chrome browser in upcoming versions to change the way they treat certain web site certificates based on their digital signature. These changes affect over 80% of websites.
As described in our blog post on CFSSL, web site certificates are organized using a chain of trust. Digital signatures are the glue that connects the certificates in the chain. Each certificate is digitally signed by its issuer using a digital signature algorithm defined by the type of key and a cryptographic hash function (such as MD5, SHA-1, SHA-256).
Starting in Chrome 39 (to be released this month, November 2014), certificates signed with a SHA-1 signature algorithm will be considered less trusted than those signed with a more modern SHA-2 algorithm. This change Continue reading
What The Juniper Learning Portal Offers For Free
I’ve been working with Juniper SRX firewalls, MX routers, and EX switches for over a year now. I don’t spend a ton of time at the CLI. Mostly, I have some project I need to accomplish, so I do my homework, mock up in a lab what I’m able to, and wing the rest. […]Andrisoft Wanguard: Cost-Effective Network Visibility
Andrisoft Wansight and Wanguard are tools for network traffic monitoring, visibility, anomaly detection and response. I’ve used them, and think that they do a good job, for a reasonable price.
Wanguard Overview
There are two flavours to what Andrisoft does: Wansight for network traffic monitoring, and Wanguard for monitoring and response. They both use the same underlying components, the main difference is that Wanguard can actively respond to anomalies (DDoS, etc).
Andrisoft monitors traffic in several ways – it can do flow monitoring using NetFlow/sFlow/IPFIX, or it can work in inline mode, and do full packet inspection. Once everything is setup, all configuration and reporting is done from a console. This can be on the same server as you’re using for flow collection, or you can use a distributed setup.
The software is released as packages that can run on pretty much any mainstream Linux distro. It can run on a VM or on physical hardware. If you’re processing a lot of data, you will need plenty of RAM and good disk. VMs are fine for this, provided you have the right underlying resources. Don’t listen to those who still cling to their physical boxes. They lost.
Anomaly Detection
You Continue reading
Lessons Learned from Deploying Multicast
Lately I have been working a lot with multicast, which is fun and challenging! Even if you have a good understanding of multicast unless you work on it a lot there may be some concepts that fall out of memory or that you only run into in real life and not in the lab. Here is a summary of some things I’ve noticed so far.
PIM Register
PIM Register are control plane messages sent from the First Hop Router (FHR) towards the Rendezvous Point (RP). These are unicast messages encapsulating the multicast from the multicast source. There are some considerations here, firstly because these packets are sent from the FHR control plane to the RP control plane, they are not subject to any access list configured outbound on the FHR. I had a situation where I wanted to route the multicast locally but not send it outbound.
Even if the ACL was successful, care would have to be taken to not break the control plane between the FHR and the RP or all multicast traffic for the group would be at jeopardy.
The PIM Register messages are control plane messages, this means that the RP has to process them Continue reading