MLAG Deep Dive: Dynamic MAC Learning
In the first blog post of the MLAG Technology Deep Dive series, we explored the components of an MLAG system and the fundamental control plane requirements.
This post focuses on a major building block of the layer-2 data plane functionality: MAC learning. We’ll keep using the same network topology with two switches and five hosts, and assume our system tries its best to implement hot-potato switching (sending the frames toward the destination MAC address on the shortest possible path).
Tech Bytes: How Aruba NaaS Changes Network Consumption (Sponsored)
Today on the Tech Bytes podcast we’re talking about Network as a Service with sponsor Aruba, a Hewlett Packard Enterprise company, including how Aruba defines NaaS, the market appetite for network as a service, customer examples, and more.
The post Tech Bytes: How Aruba NaaS Changes Network Consumption (Sponsored) appeared first on Packet Pushers.
Tech Bytes: How Aruba NaaS Changes Network Consumption (Sponsored)
Today on the Tech Bytes podcast we’re talking about Network as a Service with sponsor Aruba, a Hewlett Packard Enterprise company, including how Aruba defines NaaS, the market appetite for network as a service, customer examples, and more.Network Break 385: VMware, Juniper Release New Security Tools; Judge Orders IBM To Pay BMC $1.6 Billion
Today's Network Break podcast discusses a new threat analytics product from VMware, new security features from Juniper's cloud-delivered security service, a report from Morgan Stanley on why the big network vendors are chasing the enterprise campus, and more IT news.HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends
Today, a cluster of Internet standards were published that rationalize and modernize the definition of HTTP - the application protocol that underpins the web. This work includes updates to, and refactoring of, HTTP semantics, HTTP caching, HTTP/1.1, HTTP/2, and the brand-new HTTP/3. Developing these specifications has been no mean feat and today marks the culmination of efforts far and wide, in the Internet Engineering Task Force (IETF) and beyond. We thought it would be interesting to celebrate the occasion by sharing some analysis of Cloudflare's view of HTTP traffic over the last 12 months.
However, before we get into the traffic data, for quick reference, here are the new RFCs that you should make a note of and start using:
- HTTP Semantics - RFC 9110
- HTTP's overall architecture, common terminology and shared protocol aspects such as request and response messages, methods, status codes, header and trailer fields, message content, representation data, content codings and much more. Obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.
- HTTP Caching - RFC 9111
- HTTP caches and related header fields to control the behavior of response caching. Obsoletes RFC 7234.
- Continue reading
Revisiting BGP Convergence
My video on BGP convergence elicited a lot of . . . feedback, mainly concerning the difference between convergence in a data center fabric and convergence in the DFZ. Let’s begin here—BGP hunt and the impact of the MRAI are very real in the DFZ. Withdrawing a route can take several minutes.
What about the much more controlled environment of a data center fabric?
Several folks pointed out that the MRAI is often set to 0 in DC fabrics (and many implementations by default). Further, almost all implementations will use an MRAI of 0 for the first received update, holding the second and subsequent advertisements by the MRAI. Several folks also pointed out that all the paths through a DC fabric are the same length, so the second part of the equation is also very small.
These are good points—how do they impact BGP convergence? Let’s use the network below, a small slice of a five-stage butterfly fabric, to think it through. Assume every router is in a different AS, so all the peering sessions are eBGP.
Start with A losing its connection to 101::/64—
- T1: A withdraws its route from B and C
- T2: B withdraws its route from D and E, Continue reading
Share This Protein Shake Recipe with Your Gym Friends!
What goes into a perfect protein shake? If you’re looking for an answer to that question, you’ll find it in Protein and Greens by Vega. This convenient powder provides a perfect blend of protein, greens, and other nutrients to help support optimal health.
Protein and Greens by Vega is a great way to get your daily greens and protein. It’s a convenient powder that can be added to water or your favorite beverage. It’s also a good source of fiber and antioxidants.
If you’re looking for a convenient way to get your daily greens and protein, Protein and Greens by Vega is a perfect choice. It’s a convenient powder that can be added to water or your favorite beverage. It’s also a good source of fiber and antioxidants.
Vega Blueberry Vanilla Smoothie Recipe
This Vega Blueberry Vanilla Smoothie recipe is the perfect way to start your day! It’s packed with healthy ingredients like Vega Protein and Greens, almond milk, banana, and blueberries. Plus, it’s super easy to make – just blend and go!
Ingredients:
– 1 scoop Protein and Greens by Vega
– 1 cup unsweetened almond milk
– 1/2 banana
– 1 cup frozen blueberries
– 1 teaspoon vanilla Continue reading
10 Reasons Why Customers Choose VMware NSX to Automate Networking and Security
By now, you’ve probably heard about why you should automate network management. Not only does automation save time and effort, but it also reduces risk. As Gartner notes, for instance, organizations that automate about 70 percent of their network change management operations will see a 50 percent reduction in outages. They’ll also cut in half the time it takes to roll out new services.
The bigger question many teams face surrounding network automation, however, is how to automate. With so many tools on the market that promise to help automate networking and security, which solution is the best fit for your needs? What should you look for from an automation lens when considering a networking platform?
To provide clarity on those questions, we’ve put together a list of the reasons why customers choose VMware NSX in order to deploy applications at scale with greater speed, efficiency, and security. VMware NSX, the platform for network virtualization, provides instant and programmatic provisioning for fast, highly available, and secure infrastructure. The automation capabilities of NSX listed below maximize time savings and minimize risk when managing distributed, multi-cloud environments. Continue reading
Tips to Keep IT Operations Moving at High Efficiency Amid the Great Resignation
Finding critical staffing support amid the Great Resignation can be an arduous, ongoing battle due to the proliferation of data and introduction of new technology.netsim-tools VLAN Trunk Example
Last week I described how easy it is to use access VLANs in netsim-tools. Next step: VLAN trunks.
VLAN trunks are supported from netsim-tools release 1.2.2 and are currently implemented on Arista EOS, Cisco IOSv, VyOS, Dell OS10 and Nokia SR Linux.
We’ll add two Linux hosts to the lab topology used in the previous blog post, resulting in two switches, two Linux hosts in red VLAN and two Linux hosts in blue VLAN.
6 Years Creating Content for You
Hello my friend,
Typically on this date, June the 5th we celebrate the birthday of our company, Karneliuk.com. It started with a blog back in 2016 and since then we are constantly creating, what we believe is, interesting and useful educational content in the area of network technologies and network automation. We thank you a lot for being with us all this time!
Technically, we started blog earlier than June the 5th, but on that date we published our first blogpost about interconnecting Cisco IOS XR and Nokia SR OS VMs, which defined the course of the blog and the direction for the company – multivendorness. We breath multivendor network technologies every day in heterogeneous networks, which our team support for our companies and customers daily. And we build multivendor network automation to unleash the true potential of networks and IT systems being an enabler for applications and user services, rather than an obstacle draining time and money of organizations.
So, what have we done in the past twelve months? Let’s take a look.
Our Own Prometheus Exporter
One of the interesting experiences we’ve obtained in the software development was the development of Prometheus exporter to report trace Continue reading
Cloudflare observations of Confluence zero day (CVE-2022-26134)
On 2022-06-02 at 20:00 UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products. This post covers our current analysis of this vulnerability.
When we learned about the vulnerability, Cloudflare’s internal teams immediately engaged to ensure all our customers and our own infrastructure were protected:
- Our Web Application Firewall (WAF) teams started work on our first mitigation rules that were deployed on 2022-06-02 at 23:38 UTC for all customers.
- Our internal security team started reviewing our Confluence instances to ensure Cloudflare itself was not impacted.
What is the impact of this vulnerability?
According to Volexity, the vulnerability results in full unauthenticated RCE, allowing an attacker to fully take over the target application.
Active exploits of this vulnerability leverage command injections using specially crafted strings to load a malicious class file in memory, allowing attackers to subsequently plant a webshell on the target machine that they can interact with.
Once the vulnerability is exploited, attackers can implant additional malicious code such as Behinder; a custom webshell called noop.jsp, which replaces the legitimate noop.jsp file located at Confluence root>/confluence/noop.jsp; and another open source webshell called Continue reading
IS-IS Area proxy (WIP)
Introduction
Following up on the last post, we will explore IS-IS Area Proxy in this post.
The main goal of the IS-IS Area proxy is to provide abstraction by hiding the topology. Looking at our toy topology, we see that we have fabrics connected, and
the whole network is a single flat level-2 flooding domain. The edge nodes are connected at the ends, transiting
multiple fabrics, and view all the nodes in the topology.
Now assume that we are using a router with a radix of 32x100G and want to deploy three-level Fat-Tree(32,3). For a single fabric, we will have 1280 nodes, 512 leaf Nodes, providing a bandwidth of 819T. If we deploy ten instances of this fabric, we are looking at a topology size greater than >12k Nodes. This is a lot for any IGP to handle. This inflation of Nodes (and links) is coming from deploying this sort of dense topology to provide more bandwidth and directly impacts IGP scaling in terms of Flooding, LSDB size, SPF runtimes, and frequency of SPF run.
Referring back to our toy topology, if we look from the edge node’s perspective, they use these fabrics as transit, and if we can Continue reading