Balanced Buffer Design for Mission-Critical Cloud Networks
Leading customers and researchers in cloud and data center networking have been promoting the importance of understanding the impact of TCP/IP flow and congestion control, speed mismatch and adequate buffering for many decades. The problem space has not changed during this time, but the increase in the rates of speed by 100X and in storage capacity by 1000X have aggravated the problem of reliable performance under load for data intensive content and for storage applications, in particular. One Arista fan summed it up best by saying:
“Basically the numbers have changed by order of magnitude, but the problem is the same!”
Poor performance and inadequate buffering in a demanding network is a painful reminder that buffering, flow control, and congestion management must be properly designed. TCP/IP was not inherently built for rate-fairness, and packets are intentionally dropped (yes, only window fairness is possible). Yet the effect of these drops can be multiplicative given major speed mismatches of 10-100X inside the data center. In the past, QoS and rate metering were adequate. However, at multi-gigabit and terabit speeds and particularly as more storage moves from Fiber Channel (with buffer credits) to Ethernet, packet loss gets more acute.
Benefits of Balanced Continue reading
The Canadian Bitcoin Hijack
A few days ago researchers at Dell SecureWorks published the details of an attacker repeatedly hijacking BGP prefixes for numerous large providers such as Amazon, OVH, Digital Ocean, LeaseWeb, Alibaba and more. The goal of the operation was to intercept data between Bitcoin miners and Bitcoin mining pools. They estimated that $83,000 was made with this attack in just four months. The original post has many of details which we won’t repeat here, instead will take a closer look at the BGP details of this specific attack.
Attack details
Our friends at Dell SecureWorks decided not to name the network from which the hijacks originated. As a result we won’t name the exact Autonomous System either, instead we will suffice by saying that the originator of this hijack is a network operating in Eastern Canada.
Initial experiment
BGPmon detected the first hijack by this Canadian Autonomous System on October 8th 2013. For about 14 minutes a more specific /24 prefix for a Palestinian network was hijacked. Looking at geographical scope of the announcements and the probes that saw this route, we believe that in this case the route was only announced over the Toronto Internet Exchange.
Bitcoin hijack
On Feb Continue reading
Let’s Connect at VMworld 2014
I’ll be at VMworld in a couple of weeks. If you’re a vendor that would like to chat, please schedule me. I’d be happy to meet. If you’re a fellow IT engineer, I’d be happy to meet up as well. I’ll be hanging with folks from Tech Field Day, as well as Chris […]Downloads
Here is a repository of Wi-Fi related documents and resources that WLAN administrators will find useful.
If you have a Wi-Fi related document, tool, or resource that you would like included on this list, please contact me for inclusion! My contact info is listed on the right column of this website.
Revolution Wi-Fi Downloads:
35 presentation slides, PDF format.
This presentation covers an approach and methodology to integrating WLAN capacity planning into the WLAN design process to allow network engineers to effectively meet growing capacity demands by clients on wireless networks. It defines what capacity means for a WLAN, what factors determine capacity, provides an approach to designing for capacity, and where capacity planning should be integrated into the overall WLAN design process.
Effective capacity planning is required for all WLANs, not just high-density environments.
This information was presented at the WLAN Professionals Conference (2014).
You can also
and download the
to help calculate capacity needs, which helps simplify the process and step the user through each step.
Wi-Fi SSID Overhead Calculator
Excel Spreadsheet format.
This tool allows WLAN administrators to assess the network performance impact that multiple SSIDs Continue reading
SSID Overhead Calculator
One of the most commonly cited best practices among Wi-Fi professionals is to the limit the number of SSIDs you have configured on your WLAN in order to reduce the amount of overhead on the network and to maintain high performance. But there is not a lot of public data out there to really drive home this point when explaining it to another engineer, management, or a customer. Simply telling someone that they shouldn't create more than 'X' number of SSIDs isn't very convincing.Therefore, I've created a visual tool to help you explain WHY too many SSIDs is a bad thing:
The Wi-Fi SSID Overhead Calculator
(Click Image to Download)
 |
| Wi-Fi SSID Overhead Calculator |
This tool calculates the percentage of airtime used by 802.11 beacon frames based on the following variables:
- Beacon Data Rate - beacon frames are sent at the lowest Basic / Mandatory data rate configured on the WLAN. Beacons must be sent at a "legacy" data rate, meaning only 802.11a/b/g rates. Select the beacon data rate from the drop-down menu within the tool.
- Beacon Frame Size - beacon frames can vary in size based on the version of the 802.11 standard implemented (802. Continue reading
Show 200 – State of the Pushers
With 2.5 Million downloads over 4 years and more 250 shows, Greg and Ethan talk honestly and openly about the future of Packet Pushers, the increasing impact on our personal lives and the choices we face in the months ahead. What few people understand is that producing the Packet Pushers podcasts takes a lot of […]
Author information
The post Show 200 – State of the Pushers appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Security policies on vSwitch/dvSwitch
As described on previous posts both vSwitch and dvSwitch can enforce networking through three policies: Option Default on vSwitch dvSwitch PortGroup Promiscuous mode Reject Reject MAC address changes Accept Reject Forged transmits Accept Reject Let’s describe what each policy can prevent and cannot. Promiscuous mode The promiscuous mode allows a VM to put a vNIC […](Visited 195 times since 2013-06-04, 1 visits today)
Segment Routing on IOS-XR
Cisco has released some support for segment-routing on IOS-XR 5.2.0 so what better time to lab it up. I’ve got four IOS-XRv boxes running 5.2.0: RP/0/0/CPU0:XR1#sh ver | include XR Cisco IOS XR Software, Version 5.2.0[Default] Currently IS-IS is the only protocol with support in XR. There are drafts to get this working in both […]What is Metadata and Why Should I Care?
August 2014 is proving yet again to be an amusing month in the Australian political scene, and in this case the source of the amusement was watching a number of Australian politicians fumble around the topic of digital surveillance and proposed legislation relating to data retention measures.VMware NSX Customer Story: Colt Decreases Data Center Networking Complexity
Adoption of network virtualization and SDN technologies from VMware and Arista Networks simplifies cloud infrastructure and enables automation to reduce timescales of cloud and network service provisioning
Offering the largest enterprise-class cloud footprint in Europe, Colt, an established leader in delivering integrated network, data center, voice and IT services, has implemented software- defined networking [SDN] and network virtualization to simplify how its managed IT and cloud-based networking environment is deployed, managed and scaled throughout its data centers.
Following an extensive review, Colt selected Arista to provide high speed 10 and 40 gigabit Ethernet cloud-centric switches as an underlay network fabric and VMware NSX™ network virtualization to deliver a fully decoupled software network overlay.
SDN paves the way for automated cloud service delivery
The shift to SDN will provide a flexible, scalable, efficient and cost effective way to support the delivery of Colt’s managed IT services, including cloud based services. This makes Colt one of the first service providers in Europe to adopt SDN in a production environment to remove automate cloud service delivery.
As a result of deploying a new network architecture based on Arista and VMware networking technologies, the time for Colt to add, change or modify services will Continue reading
Using LISP for IPv6 tunnelling.
In this post I would like to show how its possible to use a fairly new protocol, LISP, to interconnect IPv6 islands over an IPv4 backbone/core network.
LISP stands for Locator ID Seperation Protocol. As the name suggest, its actually meant to decouple location from identity. This means it can be used for such cool things as mobility, being VM’s or a mobile data connection.
However another aspect of using LISP involves its tunneling mechanism. This is what I will be using in my example to provide the IPv6 islands the ability to communicate over the IPv4-only backbone.
There is alot of terminology involved with LISP, but i will only use some of them here for clarity. If you want to know more about LISP, a good place to start is http://lisp.cisco.com.
The topology i will be using is a modified version of one presented in a Cisco Live presentation called “BRKRST-3046 – Advanced LISP – Whats in it for me?”. I encourage you to view this as well for more information.
Here is the topology:
Some background information about the setup. Both Site 1 and Site 2 are using EIGRP as the IGP. Both IPv4 and Continue reading
VMworld sessions up for viewing. It’s free to!
How’s that for a topic out of left field, never before seen on my blog. VMWare! Well, I got wind that WMworld sessions are available to watch for free so I just wanted to spread the word. All you need to do is create an account, you can find the sessions here. I’ll say It’s nice […]
HP NNMi 10.00 Released
HP NNMi version 10.0 has been released. This is a good release, with many usability enhancements. I’m pleased to see continued development, as the future nirvana of all-powerful software defined networks hasn’t quite arrived yet. For now, we still have to manage our networks the old-fashioned way: SNMP is still alive & kicking.
NNMi – Background
HP NNMi is a spiritual descendant of HP OpenView, one of the first network monitoring tools. Between versions 6 and 7, HP completely re-wrote the NNM code, and now we have NNMi. The core product performs network discovery and fault monitoring. Add-on components (iSPIs) offer performance monitoring, NetFlow analysis, IP SLA monitoring, etc. A sister-product (HP Network Automation) is used for network configuration management. The add-on components were all separately licensed, but HP now bundles products together.
Historically NNMi has focused on underlying network monitoring capabilities, and less on the user interface. This meant that almost anything was technically possible, but the visual experience was underwhelming. The integration between core product and add-on components was limited.
The last major release was 9.20, in June 2012. There have been minor enhancements and fixes since, but the last patch was in September 2013. We’ve been due for Continue reading
Network Dictionary – Default Free Zone
Define "Default Free Zone" or DFZ Routing
The post Network Dictionary – Default Free Zone appeared first on EtherealMind.
Why logging is so important? VSS example.
Example: Why switch in VSS mode crashed? Few weeks ago there was a great podcast about logging (show 192). Recently I came with great example about how important logging is. If there is only one thing that I could pick up from the podcast it would be following statement “log as much as you can, […]
Author information
The post Why logging is so important? VSS example. appeared first on Packet Pushers Podcast and was written by Michał Janowski.
What is Service Chaining?
This post is in response to a comment on one of my previous posts on using MPLS in the Data Center. Service chaining has been getting a lot of press — and I’m encountering it a lot in the customers I’m talking to. What’s the big deal? To understand service chaining, let’s look at a […]
Author information
OSPF Enhancements in recent IOS versions
OSPFv3 Authentication Trailer In 2011 I wrote an article showing that in order to provide authenticated OSPFv3 neighbour sessions, you needed the security license on IOS. Manav Bhatia commented on that post stating they were working on an IETF standard to fix this. That draft became RFC6506 and then RFC7166 Cisco has added support for […]OpenStack taining
There are two buzzwords floating around. Cloud and SDN.They are even closely related.
For now, SDN is mostly a buzzword but Cloud is actually something people are using daily, such as AWS, Azure, Rackspace, Google and others.
As network engineer, my chances of touching or even seeing the details of the backends of those public clouds are quit small. However, private clouds are different.
With private clouds, as it was with VMWare installations, network engineers are expected to be able to support and install the network side of things.
So I have decided to jump in and learn private clouds. And for me, the best way to learn is always hands on.
OpenStack has these online training guides: http://docs.openstack.org/training-guides/content/
I'll jump right in and do the Operator Training Guide.
I'll publish a series of posts with my experience with the training material, and I'll update this post with links to all of the posts.
Blog status report 2014
The occasion of my fiftieth post is a good milestone to pause and look back on the two years since I started blogging about open-source routing and network simulation. I will review the blog’s performance statistics and reflect on why I started this blog and what I want to do next.
The chart above shows the blog traffic over the past two years, starting in August 2012. In the first year I thought I would reach only a small audience but, as I posted more content, more users found my blog. In the past twelve months, 29,500 unique users visited this blog. Traffic grew steadily almost every month in the past year.
Users from almost every country on Earth have visited this blog. The map below illustrates the number of users in each country who have visited the blog during the past twelve months, with shades of blue representing the number of users.
I considered writing a technical blog after listening to the audiobook Crush It! by Gary Vaynerchuck, read by the author. The audiobook was very inspirational and made me understand that writing a blog could be a positive experience.
The next book I read was Technical Blogging Continue reading
Joining the Cisco Team
Today was a bittersweet day for me. It was my final day working with a great group of people at a prominent community bank. I have nothing but good things to say about the people, the organization, and the interesting projects I’ve been involved in. I’ll miss everyone a lot and plan to stay in touch.
Tomorrow I begin a new role as a Systems Engineer at Cisco Systems. I will be working with the SLED (public sector) sales team in Kentucky and West Virginia. In this role I hope to broaden my knowledge of networking components and spend time helping customers better position their technology infrastructures.
What this means for me–
I will be aggressively learning the Cisco Product lines, including areas that I previously had less exposure to. I will take advantage of the resources I have and marry my vision of the changing network industry to the components Cisco positions into higher education environments. My intentions include better understanding the roadmap and technical details as they pertain to the integration path from traditional networking to software defined approaches.
But what about…
As long time PacketU readers know, I have written positive and negative articles about many vendors. All vendors have their strengths and weaknesses. We regularly see them Continue reading