Archive

Category Archives for "Networking"

Suppressing contributors to an aggregate route

This was a new one on me – in the past I have always advertised an aggregate route and then written policy to match the contributing routes so that they can be suppressed.  It turns out there’s an easier way to do this:

root@R3# show policy-options policy-statement AGG
term T1 {
    from protocol aggregate;
    then accept;
}
term T2 {
    from aggregate-contributor;
    then reject;
}

The Case for Hybrids

Plexxi along with Piston Cloud, Colovore, and King Star Computing published a white paper a few months back looking at the cost of a private cloud running OpenStack in a hosted environment versus renting compute instances from Amazon. The details are here. The short story is that in this analysis, at about 129 Cores, the costs for a private cloud start to become better than public cloud. Certainly the efficiency of colocation, commodity computing/storage, and an application oriented network fabric integrated tightly with a cloud orchestration management platform (OpenStack) has a lot of built in efficiencies so its not surprising to see the result of this analysis.

We’ve Seen this Story Before, Haven’t We?

Similarly, years ago in software development circles, the debates about outsourcing were fierce and emotional. Back then, much centered on the cost leverage available to companies to move development to low-cost areas such as India, China, and Eastern Europe. However, over time, companies found that while cost gave them flexibility and resourcing mite, the more important benefit ended up being owning development resources and presences close to emerging markets while leveraging outsourcing partners for on-demand resource expansion. Wow, sounds a lot like Colocation + Hybrid Cloud Continue reading

SDN Job Numbers – 3QCY14

How many SDN jobs are out there so far? If you missed the previous post, well, I’ve been counting them for about five months. Today’s post looks at the numbers for 3QCY14. Check out the previous post for all the picky details about how we gathered the data. This post focuses on the numbers!

 

 

 

SDN in the Job Title, 3QCY14

I’m theorizing that for a term to be in the title of the job posting, that term must be a pretty important part of the job. So, we searched for “SDN” in the title, at Dice.com and Monster.com, did some averaging to keep a week or two spike or drop from skewing the perception, and we’ve created some graphs.

Figure 1 shows the first graph:

  • Searches for SDN in the job title
  • The data is about new job listings per week
  • We use a couple of rolling averages to reduce the bumps in the graph
  • The graph shows both Dice and Monster combined, but with the raw numbers as well

 

Figure 1: SDN in the Job Title, Per-Week New Job Listings, 3QCY14

 

 

SDN in the Job Description

When we find “SDN” Continue reading

Alteon SSL key import wows

I was trying to import a new certificate with an SSL key, but it was without success.

But as usual, before trying that on production, I tried that on my lab setup. It was done without any problems.

But when trying with the production Alteon, running the same 29.5.1 version, I got this message:

> -----END RSA PRIVATE KEY-----
Enter key passphrase:
Error: The private key is not a valid RSA key

Error: Failed to extract key XXXXX

After trying it several times, comparing some random strings inside the key I noticed a lag when I pasted the key to the production Alteon. The reason for the lag was SecureCRT that was configured to insert delays between keys. This feature is extremely useful with pasting large text into NX-OS.


My lab setup is with the default Line Send delay of 5ms and Character send delay of 0ms.

So I tried to use the lap SecureCRT delay setup on my production Alteon, and to my surprise it worked!

So to sum up: when pasting to Alteon 29.5.1, you better use the default SecureCRT delay settings.

One more thing and this will save you precious time digging through the command reference:

"key" and "srvrcert" names must be identical

SDN fabric controllers

Credit: sFlow.com
There is an ongoing debate in the software defined networking community about the functional split between a software edge and the physical core. Brad Hedlund argues the case in On choosing VMware NSX or Cisco ACI that a software only solution maximizes flexibility and creates fluid resource pools. Brad argues for a network overlay architecture that is entirely software based and completely independent of the underlying physical network. On the other hand, Ivan Pepelnjak argues in Overlay-to-underlay network interactions: document your hidden assumptions that the physical core cannot be ignored and, when you get past the marketing hype, even the proponents of network virtualization acknowledge the importance of the physical network in delivering edge services.

Despite differences, the advantages of a software based network edge are compelling and there is emerging consensus behind this architecture with  a large number of solutions available, including: Hadoop, Mesos, OpenStack, VMware NSX, Juniper OpenContrail, Midokura Midonet, Nuage Networks Virtual Services Platform, CPLANE Dynamic Virtual Networks and PLUMgrid Open Networking Suite.

In addition, the move to a software based network edge is leading to the adoption of configuration management and deployment tools from the DevOps Continue reading

Mass Customization

I’ve mentioned in past articles about my belief that networking - both as a discipline and a technology - needs to be more consumable to other disciplines. But what does this mean? I was reminded of a few great examples today that I think are relevant to this idea, and might help explain my point a little more clearly. Mass Production Meets Customization The assembly line revolutionized the auto industry.

Mass Customization

I’ve mentioned in past articles about my belief that networking - both as a discipline and a technology - needs to be more consumable to other disciplines. But what does this mean? I was reminded of a few great examples today that I think are relevant to this idea, and might help explain my point a little more clearly. Mass Production Meets Customization The assembly line revolutionized the auto industry.

Using Firewalls for Policy Has Been a Disaster

Almost every SDN vendor today talks about policy, how they make it easy to express and enforce network policies. Cisco ACI, VMware NSX, Nuage Networks, OpenStack Congress, etc. This sounds fantastic. Who wouldn’t want a better, simpler way to get the network to apply the policies we want? But maybe it’s worth taking a look at how we manage policy today with firewalls, and why it doesn’t work.

In traditional networks, we’ve used firewalls as network policy enforcement points. These were the only practical point where we could do so. But…it’s been a disaster. The typical modern enterprise firewall has hundreds (or thousands) of rules, has overlapping, inconsistent rules, refers to decommissioned systems, and probably allows far more access than it should. New rules are almost always just added to the bottom, rather than working within the existing framework – it’s just too hard to figure out otherwise.

Why have they been a disaster? Here’s a few thoughts:

  • Traditional firewalls use IP addresses. But there’s no automated connection between server configuration/IP allocation and firewall policies. So as servers move around or get decommissioned, firewall policies don’t get automatically updated. You end up with many irrelevant objects and Continue reading

Normalizing ACLs to Support Automated Changes

Although I look forward to network fabric management seeing broad deployment, the fact is that many networks (and especially enterprise LAN/WAN) will be managed with traditional methods for some time yet. Inconsistencies in device configurations can present a barrier to some types of automation. In this article, we’ll explore that very challenge and a resolution I came up with to handle it.

Not long ago, I was trying to automate an ACL line insertion task with a popular network configuration push tool that basically does CLI interaction with something like Expect. I needed to push a similar change to about 20 devices with minimal effort. Unfortunately, when looking at the ACL on several sample devices out of the target device pool, I saw things like this:
R1(config)#do sh access-list NAT
Extended IP access list NAT
14 deny ip 10.10.1.48 0.0.0.7 10.0.0.0 0.255.255.255
20 deny ip 10.11.1.48 0.0.0.7 10.0.0.0 0.255.255.255
25 permit ip 10.10.1.48 0.0.0.7 192.168.0.0 0.0.255.255
30 permit ip 10.10.1.48 0. Continue reading

How Do You Spell That?

I spent a bit of my career on the phone doing support for a national computer vendor. In addition to the difficulties of walking people through opening the case and diagnosing motherboard issues, I found myself needing to overcome language barriers. While I only have a hint of an accent (or so I’ve been told), spelling out acronyms was a challenge. That’s where the phonetic alphabet comes into play

By now, almost everyone uses the NATO phonetic alphabet. It’s the most recognized in the world. The US joint Army/Navy version varies a bit but does have a lot of similarities. However, when I first started out using the NATO version quite a few callers didn’t know what Lima was or giggled when I said Tango.

I decided that some people have much more familiarity with first names. This was borne out when I kept using Mary for “M” instead of Mike. People immediately knew it. Same for Victor, Peter, and so on. So I cobbled together my own Name Phonetic Alphabet.

A – Adam
B – Barbara
C – Charlie
D – David
E – Edward
F – Frank
G – George
H – Harold
I Continue reading

Does a Cloud Orchestration System Need an Underlying SDN Controller?

A while ago I had an interesting discussion with a fellow SDN explorer, in which I came to a conclusion that it makes no sense to insert an overlay virtual networking SDN controller between cloud orchestration system and virtual switches. As always, I missed an important piece of the puzzle: federation of cloud instances.

2014-11-04 16:48Z: CJ Williams sent me an email with information on SDN controller in upcoming Windows Server release. Thank you!

Read more ...

The power of Clustering Illusion when managing image

As humans, we are predisposed to finding order out of otherwise random data. When we look at clouds or even a mountain ridge, we find shapes that are familiar to us. When we see data, we instinctively search for patterns to help make sense of what might appear to be random information. It might be our inherent need for understanding. Or maybe we are just programmed to compare things to stuff we already know. Whatever the underlying cause, it’s a powerful trait that virtually all of us share.

Understanding that people want to put information into buckets and draw conclusions, are there things that we can be doing to help manage our own image?

Walking a Vegas game floor

Maybe you have walked a gaming floor in Las Vegas, turning your head as you are assaulted by the lights and noise that accompany the gambling experience. While perusing the various games, have you ever spotted a roulette table and noticed that the last 6 spins have all come up black? The next spin is bound to be red!

Of course we all know that the likelihood of a red on the next spin is statistically the same, regardless of what Continue reading

Cisco free webinars.

Hello my friends. I wish I would not be banned for this advertisement :). I think this might be interesting for packet pushers audience and worth posting. At fisrt legal notice should be written :). All information provided in this post are my subjective understanding of this project. I am not marketing guy, so it […]

Author information

Michał Janowski

Michał Janowski

I was happy to finish light studies with a specialization active turism :). Than moved to IT world and participated in postgraduate studies which relied upon CCNA exploration course. After that I got my first job in IT as a software tester in Nokia Siemens Networks where I was responsible for verification of code running on radio equipment (3g, LTE). Now, as a Cisco TAC enginner I am helping cutomers resolving problems in their networks. I belong to unit responsible for Catalyst switches, so forgive me as most of my posts would be influenced by the technology I know the best.
LinkedIn

The post Cisco free webinars. appeared first on Packet Pushers Podcast and was written by Michał Janowski.

The Care and Feeding of a High Maintenance Network

The Care and Feeding of a High Maintenance Network

by Kris Olander, Sr. Technical Marketing Engineer - November 4, 2014

A network is an organic creation. The minute it’s born, when all new core and edge connections are made and routing is turned up, things begin to change. Many changes are self-driven due to unexpected interactions: Equal Cost Paths (ECMPs), Asymmetric Paths, etc. Other changes are due to the random nature of the Internet and are readily noticeable at the peering points into the newborn network.

Some people think that once the switch is turned on things will just work as designed. I’ve found that is rarely the case. Networks need care and feeding. Tools to check on the processing capacity, resource consumption, and well being of the network and its individual elements are required.

For the monitoring aspect of this “care and feeding,” simple SNMP tools may be used. They are perfectly adequate for tracking and graphing CPU rates, available memory and throughput for connections between network elements. However, when it comes to understanding the network’s routing and traffic patterns, using SNMP-based tools is rarely the best method.

Today’s dynamic IP networks require visibility into what’s happening Continue reading

Root Cause Analysis – It’s Not Perfect

Automated Root Cause Analysis promises a lot. High-end network monitoring systems promise that they can automatically isolate network problems, and only tell you about the thing that needs fixing. This sounds very enticing. Who wants a flood of alarms, when we could get just one alarm, telling us what we need to fix? But it’s not perfect, and you do need to pay attention to it.

Consider this contrived network:

RCA Example

What happens if the upstream link from the router fails?

RCA Link Down

From the perspective of the NMS, all systems at that site are unreachable. A simple NMS that is unaware of topology will create 4 alarms – one for each of the router, the switches and the server. A smarter NMS will recognise that it only needs one alarm, for the router WAN link being unreachable (and therefore the whole site is offline). It will know that the switches and server are unreachable, but those alarms will be suppressed by the key incident.

This all sounds like a good idea. Why wouldn’t you want that?

But what if the NMS view of the network is incomplete? What might happen then?

Consider the same network as above, but this time a new WAN router has been Continue reading

On choosing VMware NSX or Cisco ACI

Are you stuck in the middle of a battle to choose VMware NSX or Cisco ACI?  In this post I’ll attempt to bring some clarity and strategic guidance in first choosing the right path, then propose how the two technologies can co-exist.  I’ll start with the message below from a reader asking for my opinion […]
1 3,268 3,269 3,270 3,271 3,272 3,421