Thought: What Facebook Wedge, Cumulus Linux Shows About Network Operating Systems

Facebook develops it's own operating system for switches. This shows that OS's like Cisco's IOS and Juniper's Junos are under attack and devalues those business. The destruction of the software moat means that customers have far more choice for their networks.

The post Thought: What Facebook Wedge, Cumulus Linux Shows About Network Operating Systems appeared first on EtherealMind.

Network Management a forgotten art? Part 2!

HP network scripting

Classful IP Networks: An Introduction to IP Address Classes

When the concept of subnetting comes up, there is a need to first establish what networks were like before the Internet Standard Subnetting Procedure was introduced in RFC950. Prior to the use of subnet masks, networked devices made assumtions about the network and host portion of the address. This process by which these assumptions is made was defined in RFC791–

Addresses are fixed length of four octets (32 bits). An address
begins with a network number, followed by local address (called the
“rest” field). There are three formats or classes of internet
addresses: in class a, the high order bit is zero, the next 7 bits
are the network, and the last 24 bits are the local address; in
class b, the high order two bits are one-zero, the next 14 bits are
the network and the last 16 bits are the local address; in class c,
the high order three bits are one-one-zero, the next 21 bits are the
network and the last 8 bits are the local address.

If that leaves you a bit confused, you are in the right place. This article works through the concept of the IP Address Class. Readers should gain the understanding required to decipher things Continue reading

On Policy in the Data Center: The solution space

(This post was written by Tim Hinrichs and Scott Lowe with contributions from Martin Casado, Peter Balland, Pierre Ettori, and Dennis Moreau.)

In the first part of this series we described the policy problem: ensuring that the data center obeys the real-world rules and regulations that are pertinent to that data center. In this post, we look at the range of possible solutions by identifying some the key features that are important for any solution to the policy problem. Those key features correspond to the following four questions, which we use to structure our discussion.

1. What are the policy sources a policy system must accommodate?
2. How do those sources express the desired policy to the system?
3. How does the policy system interact with data center services?
4. What can the policy system do once it has the policy?

Let’s take a look at each of these questions one at a time.

Policy Sources: The origins of policy

Let’s start by digging deeper into an idea we touched on in the first post when describing the challenge of policy compliance: the sources of policy. While we sometimes talk about there being a single policy for a data center, the reality is Continue reading

SDN/NFV: More than Hot Air in the Windy City

SDN/NFV: More than Hot Air in the Windy City

As reported in my last blog post - SDN: Déjà vu all over again? - Packet Design was a gold sponsor of Light Reading’s inaugural Big Telecom Event in Chicago this week. The organizers claim there were about 1,500 registered attendees with two thirds of them representing network operators. There were several really interesting presentations and panel discussions, and I’ve captured four key takeaways here.

Cengiz Alaettinoglu prepping to demo the Network Access Broker

SDN is getting the buzz, but NFV is where the early action is. This theme ran through the conference and there was much discussion on the relative merits of SDN vs. NFV and whether they should be implemented simultaneously or separately. While there are clear near-term benefits – including lower capex and faster time to revenue – for operators who virtualize network functions that today run on hardware appliances, most agreed that this is a first step only. To achieve maximum efficiency and flexibility as well as deliver the best customer experience (see below), an SDN-enabled network function virtualization infrastructure (NFVI) is needed in which pools Continue reading

EIGRP Redistribution – Default Metrics of Connected and Static Routes

I wanted to do some analysis of the EIGRP topology table last night, so I fired up a small lab. I was especially interested in how external routes appear there and compare to internal entries. Like all good scientific endeavors, the whole thing got derailed when I made a realization.

Here’s the lab I set up. You can ignore the IPv6 info for this exercise.

It’s a simple little thing.  All the networks you see are included in EIGRP 100 for simplicity.  I limited the network statements to 192.0.2.0/24 to keep my options open. I went ahead and added Loopback100 on R3 with an address of 3.3.3.3/32 and added a redistribute connected with a route-map to get the route out in the wild.  Here’s what I had.

R3#show run | section eigrp
router eigrp 100
 redistribute connected route-map RM-REDIST-CONN
 network 192.0.2.0
 no auto-summary
!
route-map RM-REDIST-CONN permit 100
 match interface Loopback100

Alright. All looks good there, so I checked the topology table on R1 and saw it in there as an external and everything.

R1#sh ip eigrp topology 3.3.3.3/32
IP-EIGRP (AS 100): Topology entry for 3.3.3.3/32
  State  Continue reading

Another way to protect your SSH keys

Let's say you don't have a TPM chip, or you hate them, or for some other reason don't want to use it to protect your SSH keys. There's still hope! Here's a way to make it possible to use a key without having access to it. Meaning if you get hacked the key can't be stolen.

No TPM, but key can't be stolen anyway? Surely this is an elaborate ruse? Well yes, it is. My idea is that you essentially bounce off of a Raspberry Pi.

But doing that straightforward is too easy. I've instead made an SSH proxy, and will show you how to automatically bounce off of it. You could do the same by setting up a second SSH server (or the same one), and hack around with PAM and a restricted shell. But this solution can be run as any user, with just the binary and the set of keyfiles. Very simple.

The goal here is to log in to shell.foo.com from your workstation via a Raspberry Pi. The workstation SSH client presents its SSH client key to the SSH Proxy on the Raspberry Pi, and if allowed will connect on and present the SSH Continue reading

Docker essentials – Images and Containers

I’ll admit, I jumped into docker pretty quickly and found that I was getting a little ahead of myself.  After much googling and discussion, I’ve come to realize a couple things about docker that I think are well worth sharing.  I’m hoping to share them through a series of ‘Docker Essentials’ type posts.

NOTE: My first post was going to be about how to interact with docker on the CLI.  However, there are lots of other resources out there for that.  Namely, the really awesome docker documentation.  In addition, the CLI provides help/syntax on commands as well.  I’ll list a couple of resources that I used and try to explain along the way, but if you don’t recognize a command I’m using look it up! 

The docker user guide – http://docs.docker.com/userguide/
The docker CLI reference – https://docs.docker.com/reference/commandline/cli/
The docker guide book – https://github.com/kencochrane/docker-guidebook

Working with images and Containers
On first glance, I made some assumptions about this images and containers that proved to be wrong.  So let’s start with some basics.

Images are read-only.  That is, they can never be altered.  Containers are built using Continue reading

Port mirroring with Linux bridges

Thought: Why Are There No Good Open Source BGP Implementations ?

It is common wisdom that BGP is awesome because, you know, … something. It runs the Internet therefore it must good. It can be extended and that makes it good. Lots of vendors use it ….. Hang on. When you think about it there are no good, solid BGP implementation in open source. Quagga is […]

The post Thought: Why Are There No Good Open Source BGP Implementations ? appeared first on EtherealMind.

HTIRW: DNS Reverse Lookups and Whois

In our last episode, we discussed how DNS is paid for in the real world — who builds, maintains, and manages all those servers that allow us to put in a domain name, and end up with a web page? This post will look at two other tools or protocols in the DNS system that […]

Author information

Russ White

Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

Change of focus

I have decided to change my focus quite a bit.

I was planning on tackling the IOS-XR exam this year and was preparing for it by going through the blueprint. However another track kept pulling me towards it, and ofcourse thats the CCDE track.

I have spent the last 6 years learning how to do something, but so far i havent spent alot of time thinking about why that is.

I am not doing the CCDE track in order to pass the exam. I might not even go as far as giving the practical exam a go. I am however going to pursue the written exam for now, as it will give me a target for which to learn new stuff.

To that end, a few of us have created a study group, which im very thrilled about. It will provide an outlet for any ideas and thoughts as well as input. All in all great stuff.

So thats a quick update

Visibility, Trustship,Sub optimality or whatever you want to call it.

To be honest I really tried hard to find a name for this article. Maybe it is not convenient and if you have better idea please let me know in the comment. I want to  mention sub optimality and stretch in the networks while using routing protocols  but the idea actually came to me from […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Visibility, Trustship,Sub optimality or whatever you want to call it. appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

Where to Start with SDN

For the 3^rd installment on my three part SDN series, building on A Business Case for SDN, and the SDN Ecosystem,  the most practical way to start exploring an SDN deployment is with a proof of concept (POC). But even if you have the approval to go ahead with an SDN POC, it can be difficult to know where to start. Let’s cut through the uncertainty and lay out what it takes to do a successful SDN POC.

Identify a pain point

Start by identifying a key pain point in networking that you’d like to address with SDN. For example, you might want to improve campus security, or improve the performance of collaborative tools, or streamline your data center. Specific tasks in these areas include adding a network tap, increasing the speed of a LAN link, or reassigning VLANs.

We’ll assume you have surveyed business unit leaders, ranked overall IT strategies and come back with one SDN application to start your evolution. Similar to a cloud or BYOD initiative, giving visibility for SDN can help you bring the company together, and can also build support for improving how IT can drive the business. If you understand the Continue reading

ANET Cloud Infrastructure – Arista Definition of ACI

You may have noticed Arista being uncharacteristically quiet throughout an imposed “quiet period” leading up to our IPO (ANET). While the industry continued to speak out on behalf of, or against, Arista, the company remained true to its focus on solving customer problems through disruptive cloud networking architectures and technology. Enabling innovative applications to take advantage of modern networking through Arista EOS remains a key priority for the company.

The migration from legacy “policy per application” to universal cloud networks is crystal clear and underway. The classical 1990s web, file and database tier in client-server architectures, with north-south traffic, is migrating to universal workflow telemetry and workload automation for east-west, server-to-server traffic of the 21st Century. This is particularly true as networks move to mandates of terabit scale for data, control, and management. Arista invented the concept of “Leaf-Spine” and late last year introduced the “SplineTM” as architectures to support these next generation network requirements. Five years later others are still trying to mimic the approach but lack the fundamental software or scale to achieve it.

Through the years we’ve witnessed many failed attempts to lock-in customers with proprietary fabrics (FabricPath, QFabric, etc.) and once again we are witnessing Continue reading

Switch Prices Will Get Cheaper. Design Models Will Change.

For the last 20 years, L2 tree-based network topologies meant that the only practical design methodology was to buy large, vertically scaled switch chassis for the core of the data centre. This limitation was largely due to the tree-structure forced on LAN networking by Spanning Tree Protocol. For every new device at point Access/1 we […]

The post Switch Prices Will Get Cheaper. Design Models Will Change. appeared first on EtherealMind.

Show 192 – Logging Design & Best Practices

Jay Swan, Lennart Koopman, and Wes Kennedy join the Packet Pushers co-hosts Ethan Banks and Greg Ferro in this discussion of effectively managing event logging. Why discuss logging on a show about networking? Because networking has a huge volume of logs coming from routers, switches, and firewalls that need to be managed. And frankly, it’s […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

TwitterGoogle+LinkedIn

The post Show 192 – Logging Design & Best Practices appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Not So Random Thoughts on Privacy and Positioning

The Disconnect. Good Enough Is Good Enough.

A Meeting room. Discussing the possible options for product and vendor strategy. Company urgently needs to avoid capital expenditure and reduce maintenance costs. The engineer across the table is wearing a vendor t-shirt, a few years old and looks a bit tatty. The table and chairs are tired and a bit worn. I took a […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post The Disconnect. Good Enough Is Good Enough. appeared first on Packet Pushers Podcast and was written by Greg Ferro.