I had no idea how convoluted VLANs could get until I tried to implement them in netsim-tools. We’re not done yet – we have access VLANs, VLAN trunks (including native VLAN support), and VLAN (SVI) interfaces, but we’re still missing routed VLAN subinterfaces – but we have enough functionality to show you a few VLAN examples.
We’ll start with the simplest option: a single VLAN stretched across two bridges switches with two Linux hosts connected to it. netsim-tools can configure VLANs on Arista EOS, Cisco IOSv, VyOS, Dell OS10, and Nokia SR Linux. We’ll use the quickest (deployment-wise) option: Arista EOS on containerlab.
Using Terraform to deploy networking elements with an SDN controller that cannot replace the current state of a tenant with the desired state specified in a text file (because nobody ever wants to do that, right) sounds like a great idea… until you try to do it at scale.
Noël Boulene hit interesting scalability limits when trying to provision VLANs on Cisco ACI with Terraform. If you’re thinking about doing something similar, you REALLY SHOULD read his article.
Hello my friend,
We use Proxmox in our Karneliuk Lab Cloud (KLC), which is a driving power behind our Network Automation and Nornir trainings. It allows to run out of the box the vast majority of VMs with network opening systems: Cisco IOS or Cisco IOS XR, Arista EOS, Nokia SR OS, Nvidia Cumulus, and many others. However, when we faced recently a need to emulate a customer’s data centre, which is build using Cisco Nexus 9000 switches, it transpired that this is not that straightforward and we had to spend quite a time in order to find a working solution. Moreover, we figured out that there are no public guides explaining how to do it. As such, we decide to create this blog.
1
2
3
4
5 No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
A lot of network automation trainings worldwide imply that a student has to build a lab his/her-own. Such an approach, obviously, is the easiest for Continue reading
Are you afraid the network automation will eat your job? You might have to worry if you’re a VLAN-provisioning CLI jockey, but then you’re not alone. Textile workers faces the same challenges in 19th century and automation report from 1958 the clerical workers were facing the same dilemma when the first computers were introduced.
Guess what: unemployment rate has been going up and down in the meantime (US data), but mostly due to various crisis. Automation had little impact.
networks and policy
Leading off this weekend, an article by Simon Sharwood on the impact of the centralization of the Internet. I wrote a somewhat longer article on the Public Discourse a while back on the same topic.
Is softwarization really going to change the way we build networks from the ground up? I suspect things will change, but they’ve always changed. I also suspect we’ll be hearing about how software is going to eat the world ten years from now, and IPv6 still won’t be fully deployed.
security and other technologies
This one on Costa Rica is a serious warning—
A ransomware gang that infiltrated some Costa Rican government computer Continue reading
I recently talked to some security friends on a CloudBytes podcast recording that will be coming out in a few weeks. One of the things that came up was the idea of an air gapped system or network that represents the ultimate in security. I had a couple of thoughts that felt like a great topic for a blog post.
I can think of a ton of classical air gapped systems that we’ve seen in the media. Think about Mission: Impossible and the system that holds the NOC list:
Makes sense right? Totally secure unless you have Tom Cruise in your ductwork. It’s about as safe as you can make your data. It’s also about as inconvenient as you can make your data too. Want to protect a file so no one can ever steal it? Make it so no one can ever access it! Works great for data that doesn’t need to be updated regularly or even analyzed at any point. It’s offline for all intents and purposes.
Know what works great as an air gapped system? Root certificate authority servers. Even Microsoft agrees. So secure that you have to dig it out of storage Continue reading
Today's Heavy Networking dives into the automation and orchestration of 5G networks with sponsor Juniper Networks. We discuss Juniper's RAN Intelligent Controller (RIC), Service Management and Orchestration (SMO), how Juniper works with the Open RAN ecosystem, and more. Our guest is Constantine Polychronopoulos, Vice President of 5G and Telco Cloud at Juniper Networks.
The post Heavy Networking 632: How Juniper’s RAN Intelligent Controller Enables 5G Automation (Sponsored) appeared first on Packet Pushers.
This is a guest post from Nathan Skrzypczak at Cisco. Nathan is part of a team of external contributors to Calico Open Source that have been working on an integration between Calico Open Source and Cisco’s data plane technology, VPP, for the last year.
Calico v3.23 is out, and with it a lot of new features! This release marks a long-awaited milestone for me and my team, as it includes the Calico VPP data plane (beta). So now seems to be a good time to reflect on what this integration actually is, and why we built it.
The Calico VPP data plane is the fourth data plane option for Calico. Alongside the Linux kernel, eBPF data plane, and Windows kernel, you can now choose to have packet processing done in a userspace network stack: the Vector Packet Processor (VPP). This means the service load-balancing, NAT-ing of packets, encapsulation, encryption and policies will all run in a user-space application. It all seems mostly transparent from the user’s perspective, is seamless to enable, and enabling it allows access to a series of really interesting features.
The first thing the Calico VPP data plane aims to Continue reading
I’m attending Cisco Live US 2022 in Las Vegas this June. I’ll be there on the Explorer Pass, crawling the World Of Solutions and chatting with anyone and everyone my introverted nature can handle. If you’ll be there and want to meet up, DM me on Twitter or ping me on LinkedIn.
I’m especially looking to connect with…
The networking & cloud community. Maybe you listen to a podcast I host or read something I wrote and want to meet up. Yup, I’m all for that. Let’s do it. I’m always looking for new podcast guests, so if you’ve got a story to tell or opinion to share, let’s discuss. No pressure, though. I’d be just as happy to shake hands bump air-gapped fists and make your acquaintance.
Vendors with new shinies. Brief me on your latest and greatest. Show off your nifty thing.
Stealth companies getting close to launch. I focus on IT operations and infrastructure–networking and cloud especially. I’d like to hear about what you’re coming to market with.
We recently updated developers.cloudflare.com
, the Cloudflare Developers documentation website, to a new version of our custom documentation engine. This change consisted of a significant migration from Gatsby to Hugo and converged a collection of Workers Sites into a single Cloudflare Pages instance. Together, these updates brought developer experience, performance, and quality of life improvements for our engineers, technical writers, and product managers.
In this blog post, we’ll cover the history of Cloudflare’s developer docs, why we made this recent transition, and why we continue to dogfood Cloudflare’s products as we develop applications internally.
Cloudflare’s Developer Docs, which are open source on GitHub, comprise documentation for all of Cloudflare’s products. The documentation is written by technical writers, product managers, and engineers at Cloudflare. Like many open source projects, contributions to the docs happen via Pull Requests (PRs). At time of writing, we have 1,600 documentation pages and have accepted almost 4,000 PRs, both from Cloudflare employees and external contributors in our community.
The underlying documentation engine we’ve used to build these docs has changed multiple times over the years. Documentation sites are often built with static site generators and, at Cloudflare, we’ve Continue reading
In this post we will have a look at another EVPN Route Type, that being RT-3, which goes by the rather opaque name of 'Inclusive Multicast Ethernet Tag'; and look at how it is used to ensure EVPN peers flood traffic to those neighbours that need it.
Firstly, we'll look at EVPN packet forwarding to provide some context around why this Route Type is important, then we will dive into its details, with all the usual show commands, packet captures and plethora of RFC name drops.
Let's start off by running through EVPN Packet forwarding, for that we need an example network.
Javier Antich concluded the AI/ML in Networking webinar with the ugly challenges of using AI/ML in networking. I won’t spoil the fun, you REALLY SHOULD watch the video (keeping in mind he was trying to stay polite and diplomatic).