IDF 2014: Architecting for SDI, a Microserver Perspective

This is a liveblog for session DATS013, on microservers. I was running late to this session (my calendar must have been off—thought I had 15 minutes more), so I wasn’t able to capture the titles or names of the speakers.

The first speaker starts out with a review of exactly what a microserver is; Intel sees microservers as a natural evolution from rack-mounted servers to blades to microservers. Key microserver technologies include: Intel Atom C2000 family of processors; Intel Xeon E5 v2 processor family; and Intel Ethernet Switch FM6000 series. Microservers share some common characteristics, such as high integrated platforms (like integrated network) and being designed for high efficiency. Efficiency might be more important than absolute performance.

Disaggregation of resources is a common platform option for microservers. (Once again this comes back to Intel’s rack-scale architecture work.) This leads the speaker to talk about a Technology Delivery Vehicle (TDV) being displayed here at the show; this is essentially a proof-of-concept product that Intel built that incorporates various microserver technologies and design patterns.

Upcoming microserver technologies that Intel has announced or is working on incude:

• The Intel Xeon D, a Xeon-based SoC with integrated 10Gbs Ethernet and running in a Continue reading

Poster: State of SDN in 2014

The post Poster: State of SDN in 2014 appeared first on EtherealMind.

Tools for Learning Python for Networkers

I’ve been slowly adding to my list of favorite tools and books for learning Python, and I came across a new one this week. So it seemed like a good time to hit the highlights in a blog post, given that so many networkers have some motivation to learn a programming language. Feel free to comment and add your favorite tools to the list!

Context: Networkers Learning a Language (Python)

First, let me throw in a quick paragraph for context. In this world of SDN, NFV, and network automation and programmability, networking people may or may not choose to go learn a programming language. (What are your plans?)

If you do choose to learn a language (as the poll results show so far at least), Python seems to be the best choice if programming is either new to you, or you just haven’t had to (gotten to?) program as a regular part of a job. Python is the simplest to learn of the languages that matter most to SDN, and is becoming the language-of-choice for more and more universities as the first language learned by undergrads.

On to the Continue reading

Troubleshooting an ESXi host using esxtop

Open-Source Hybrid Cloud Reference Architecture on Software Gone Wild

A while ago Rick Parker told me about his amazing project: he started a meetup group that will build a reference private/hybrid cloud heavily relying on virtualized network services, and publish all documentation related to their effort, from high-level architecture to device and software configurations, and wiring plans.

In Episode 8 of Software Gone Wild Rick told us more about his project, and we simply couldn’t avoid a long list of topics including:

Alteon AppShape++ Redirects

Lab goals

Setup

I'll use my Loadbalancer Lab Setup.

1
2

10.136.6.11     3.dans-net.com
10.136.6.11     r.dans-net.com

Alteon configuration

1
2
3
4
5
6
7
8
9

/c/slb/group g1
        ipver v4
        add 1
/c/slb/group g2
        ipver v4
        add 2
/c/slb/group g3
        ipver v4
        add 3

1
2
3
4

 /c/slb/ Continue reading

IPv6 Neighbor Discovery (ND) and Multicast Listener Discovery (MLD) Challenges

A few days ago Garrett Wollman published his exasperating experience running IPv6 on large L2 subnets with Juniper Ex4200 switches, concluding that “… much in IPv6 design and implementation has been botched by protocol designers and vendors …” (some of us would forcefully agree) making IPv6 “…simply unsafe to run on a production network…”

The resulting debate on Hacker News is quite interesting (and Andrew Yourtchenko is trying hard to keep it close to facts) and definitely worth reading… but is ND/MLD really as broken as some people claim it is?

Network Neutrality Is a Political, Not Technical, Problem

Network Neutrality is a Political, Not Technical, Problem

We've mentioned Network Neutrality several times before on the Knetwork Knowledge Blog, but I wanted to take another look at it since it's back in the news with Wednesday's planned protests by "BattleForTheNet.com" - an artificial "Internet Slowdown" that will create symbolic "loading" symbols and artificially slow down page loading. Participating websites include Kickstarter, Reddit, Foursquare, Vimeo, Namecheap, and others. 

Packet Design has differing opinions on the issue of network neutrality. This is a bit surprising when you consider network neutrality as a technical issue, because you would expect that the engineering and mathematics would speak for themselves. It should be relatively easy to prove, from a technological standpoint, whether a neutral or particular non-neutral Internet scheme would be "better." 

But the minute you ask "better for whom?" you start to realize that network neutrality is not a technical problem. It is a political problem that happens to involve technology. 

As our CTO Cengiz Alaettinoglu said in "Hot Potatoes and Network Neutrality," BGP and IGP routing delivers packets to the next autonomous system (AS) in the route Continue reading

IDF 2014: Virtualizing the Network to Enable SDI

This is a liveblog of IDF 2014 session DATS002, titled “Virtualizing the Network to Enable a Software-Defined Infrastructure (SDI)”. The speakers are Brian Johnson (Solutions Architect, Intel) and Jim Pinkerton (Windows Server Architect, Microsoft). I attended a similar session last year; I’m hoping for some new information this year.

Pinkerton starts the session with a discussion of why Microsoft is able to speak to network virtualization via their experience with large-scale web properties (Bing, XBox Live, Outlook.com, Office, etc.). To that point, Microsoft has over 100K servers across their cloud properties, with >200K diverse services, first-party applications, and third-party applications. This amounts to $15 billion in data center investments. Naturally, all of this runs on Windows Server and Windows Azure.

So why does networking need to be transformed for the cloud? According to Pinkerton, the goal is to drive agility and flexibility for your business. This is accomplished by pooling and automating network resources, ensuring tenant isolation, maximizing scale/performance, enabling seamless capacity expansion and workload mobility, and minimizing operational complexity.

Johnson takes over here to talk about how Intel is working to address the challenges and needs that Pinkerton just outlined. This breaks down into three core Continue reading

Participate in the “Internet Slowdown” with One Click

Net Neutrality is an important issue for CloudFlare as well as for our more than 2 million customers, whose success depends on a vibrant, dynamic, and open Internet. An open Internet promotes innovation, removes barriers to entry, and provides a platform for free expression.

That's why we’re announcing a new app that lets you easily participate in the “Internet Slowdown” on September 10th, 2014.

Battleforthenet.com (a project of Demand Progress, Engine Advocacy, Fight for the Future, and Free Press) has organized a day of protest against the United States Federal Communications Commission (FCC) proposal that will allow Internet providers to charge companies additional fees to provide access to those companies’ content online. Those additional fees will allow Internet service providers to essentially choose which parts of the Internet you will get to access normally, and which parts may be slow or inaccessible.

As we’ve seen that bandwidth pricing is not reflective of the underlying fair market value when Internet service providers have monopolistic control, we can only fret that a similar situation will be presented by a lack of net neutrality.

The Battle for the Net pop-up (intentionally obtrusive) will simulate a loading screen that website users may see Continue reading

Show 204 – Reducing Your Attack Surface with Avaya Stealth Networks – Sponsored

“The problem with ‘covering your tracks’ in network security is that your ‘covering’ becomes more conspicuous than your ‘tracks’,” says Ed Koehler, Distinguished Engineer for Avaya’s Networking Division. Ed joins Greg Ferro and Ethan Banks for a ninja nerd-fest outlining a set of technologies that not only offer some innovative ways to set up your […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

TwitterGoogle+LinkedIn

The post Show 204 – Reducing Your Attack Surface with Avaya Stealth Networks – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Cumulus Workbench – a year of progress

At VMworld 2013, before the Cumulus Workbench was born, Cumulus Networks needed a quick way to demonstrate Cumulus Linux.

One of our amazing engineers, Nat Morris, quickly whipped up a VM (almost out of nowhere), meant to run on virtualbox, on a laptop with two interfaces. Voila! Cumulus Workbench!

For a first effort and for lack of time, this was awesome. However, there were a few limitations, as you would imagine – flexibility was an issue and new features required distributing an entirely new VM. Plus, for the latest version, you had to ask around. This would be fine for a quick demo, but we wanted more. We wanted it to be bigger and better.

We put some thought behind what exactly bigger and better meant to us and too that to the drawing board. From there, we built a framework and began to deep dive into the design and architecture. We wanted to build something useful for customers so that they would be able to see what they could do in their own environment. It was at that moment that the Cumulus Workbench was born, thanks to a lot of elbow grease and hard work from Ratnakar Kolli.  Thus, Continue reading

An Educational SDN Use Case

During the VMUnderground Networking Panel, we had a great discussion about software defined networking (SDN) among other topics. Seems that SDN is a big unknown for many out there. One of the reasons for this is the lack of specific applications of the technology. OSPF and SQL are things that solve problems. Can the same be said of SDN? One specific question regarded how to use SDN in small-to-medium enterprise shops. I fired off an answer from my own experience:

Since then, I’ve had a few people using my example with regards to a great use case for SDN. I decided that I needed to develop it a bit more now that I’ve had time to think about it.

Schools are a great example of the kinds of “do more with less” organizations that are becoming more common. They have enterprise-class networks and needs and live off budgets that wouldn’t buy janitorial supplies. In fact, if it weren’t for E-Rate, most schools would have technology from the Stone Age. But all this new tech doesn’t help if you can’t find a way for it to be used to the fullest for the purposes of Continue reading

vMotion Enhancements in vSphere 6

VMware announced several vMotion enhancements in vSphere 6, ranging from “finally” to “interesting”.

vMotion across virtual switches. Finally. The tricks you had to use previous were absolutely bizarre.

Framing SDN as Network as a Service (NaaS)

Framing SDN as Network as a Service (NAAS)

Tom Nolle absolutely nails the real promise of SDN in his latest blog post – Should SDN be About OpenDaylight and not OpenFlow? – which is essentially to create Network as a Service (NaaS). Readers of the Knetwork Knowledge blog will know that we have been advocating for some time that SDN is a lot more than just the separation of the network’s control and data planes, and that OpenFlow is “merely” a mechanism (not the only one) for SDN controllers to pass forwarding instructions to the underlying infrastructure. Our industry often gets lost in the technology details and misses the point, which in this case is about creating malleable network infrastructures that flex efficiently with business demands. The really interesting, valuable, and (yes) hard work is to supply the controllers with the intelligence they need to make smart infrastructure changes.   

And equally important is the recognition that we have to be able to deliver NaaS with existing network gear: A forklift upgrade to support new southbound protocols is not an option. We also need to be open to the notion Continue reading

How Route Analytics Help Detect BGP Route Hijacking

How Route Analytics Detect BGP Route Hijacking

Previously, I have talked about BGP route hijacking as a security threat and various techniques being developed to secure it. In this blog entry, I will talk about how route analytics technology can help detect BGP route hijacking in the meantime. 

There are two instances of route hijacking that need detecting. The first is when one of your prefixes is being hijacked; that is, someone is redirecting your traffic elsewhere and you are the victim. The second is when someone passes you a hijacked route; that is, you are being used as an instrument to hijack someone else. Route Analytics can help with both of these cases. However, the data sources that are needed for the analysis are different. 

When your routes are being hijacked, you cannot look at the data that is in your BGP routers in the majority of the cases. Because of the way BGP AS_path attribute works, these routes will contain your AS number and therefore, BGP will not pass them back to your routers in order to avoid loops. However, if you have access to external BGP sessions Continue reading

Select group/pool by query URI

Lab goal

Setup

I'll use my Loadbalancer Lab Setup.

Alteon configuration

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

attach group g1
attach group g2
attach group g3

when HTTP_REQUEST {
    set group_exists [regexp -nocase {group=(g[0-9]+)(&.*)*$} [HTTP::query] a group_name]
    if {$group_exists == 1} {
        group select $group_name
     Continue reading

Network Admin in Cary NC

I’m helping a company (as a favor) that’s looking for a network administrator in the Cary, NC area. The company is moving from another area, and hence rebuilding their office and backend systems. They rely heavily on their IT “stuff,” as they’re essentially in the information business. Please send me an email if you’re interested […]

Author information

Russ White

Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

RFCs You Should Know: 6250

Most RFCs are deeply technical — and they follow the “Yaakov rule” for intelligibility (if you didn’t write it, or you didn’t sit with one of the authors in a bar someplace to talk about it, you can’t understand it), there are a few here and there every network engineer should know. RFC 6250 is […]

Author information

Russ White

Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

What is CHI-NOG (Chicago-NOG)

Over the last year, I haven’t been writing many new blog posts. I have been pretty busy with a new job, but also starting a new networking group called the Chicago Network Operators Group (CHI-NOG). The idea behind it is that there aren’t that many places where network engineers can meet to talk about technology, learn something new and network with each other. The communities are mostly virtual and that’s something I wanted to change by creating CHI-NOG.

Chicago Network Operators Group

Last year Brian McGahan, Jason Craft and I met to talk about the void of the networking community. A lot of times people only know each other from email or forum exchanges. We wanted to bring in the Chicago community together and have a place to met and discuss the topics that interests us and learn from each other.

We try to host CHI-NOG events 3 times a year. So far our events have been in the evenings for few hours. For each event we have a number of guest speakers. They present on any topic relating to networking, which is a good way to spark conversation for the social hours that start right after.

This October Continue reading