Why do we need specialized switches in Data Centers?
Whats the big deal about Data centers and why do they need special routers and switches anyway? Why cant they use the existing switches that folks use in their back offices or service providers in their networks. What’s so special, really, about a bunch of servers that need Internet connectivity, huh?
Working in the metro Ethernet space all my life I wasn’t sure if I really understood the hype and the reason why Data centers required specialized HW.
It’s only once I started reading about Data centers and how they work and what they’re supposed to do that I was able to appreciate their need for specialized HW – and why the existing products may not be cut for them.
In the world of Wall Street, milliseconds can mean billions of dollars. Really, am not kidding here. Packets carrying Wall Street transactions get delivered to the switch and are then forwarded to the server in the Data Center. There they ride up the protocol stack to the application that executes the trade. The commit message then has to go back down the stack and then be sent over the wire to the switch. The switch does a lookup in its Continue reading
An Operational Reason for Knowing Trivia
I've been largely out of touch with the IT certification scene lately, but I'm sure that people are still complaining incessantly about the fact that they need to memorize "trivia" in order to pass certification tests. Back when I was teaching Cisco classes full-time, my certification-oriented students were particularly bitter about this. Of course, this is a legitimate debate and the definition of "trivia" varies from person to person.When I saw this article about CloudFlare's world-wide router meltdown, however, I immediately felt a bit smug about all those hours spent learning and teaching about packet-level trivia. If you don't want to read the article, here's the tl;dr:
- their automated DDoS detection tool detected an attack against a customer using packets sized in the 99,000 byte range.
- their ops staff pushed rules to their routers to drop those packets
- their routers crashed and burned
In order for this meltdown to happen, they had to have a compounded series of errors:
- the attack detection tool was coded to Continue reading
MAC Cloning on Linksys router for Internet connectivity
When you start an Xfinity (Comcast) Internet service, the activation process involves plugging in your service provider provided modem's cable port to a cable outlet, and the connecting the modem's ethernet port to your laptop. You see the green blinking lights for RX/TX and a steady green light for Internet.
However, if you connect the modem's ethernet port to a wireless router (Linksys E2000 in my case), assuming you have correctly configured all LAN settings, wifi settings, you may still not be able to connect to the Internet.
Log in to the router's admin page, typically http://192.168.1.1, with username admin and password admin (again, unless you have changed these default settings). Go to the status page and notice the IP address. What you'll see is a '0.0.0.0' IP Address for the router's Internet connection.
I tried everything to get a public IP (from Comcast's range) here. Then I read Comcast's documentation which says connect a laptop to the ethernet port on the modem. Well, what's so special about a laptop which a router can't do?
Not always, but some times Comcast's modem expects a laptop on the other end of the ethernet Continue reading
Show 138 – HP’s Software-Defined Networking (SDN) Strategy and Solution
Show 138 – HP’s Software-Defined Networking (SDN) Strategy and Solution [Written by HP.] There has been a lot of interest in the market place recently around software-defined Networking (SDN). HP has been a leader in SDN technologies from the very beginning. HP has played an instrumental role in the development of OpenFlow and continues to […]
Author information
The post Show 138 – HP’s Software-Defined Networking (SDN) Strategy and Solution appeared first on Packet Pushers Podcast and was written by Ethan Banks.
OpenFlow, Controllers – Whats missing in Routing Protocols today?
There is a lot of hype around OpenFlow as a technology and as a protocol these days. Few envision this to be the most exciting innovation in the networking industry after the vaccum tubes, diodes and transistors were miniaturized to form integrated circuits. This is obviously an exaggeration, but you get the drift, right?
The idea in itself is quite radical. It changes the classical IP forwarding model from one where all decisions are distributed to one where there is a centralized beast – the controller – that takes the forwarding decisions and pushes that state to all the devices (could be routers, switches, WiFi access points, remote access devices such as CPEs) in the network.
Before we get into the details, let’s look at the main components – the Management, Control and the Forwarding (Data) plane – of a networking device. The Management plane is used to manage (CLI, loading firmware, etc) and monitor the device through its connection to the network and also coordinates functions between the Control and the Forwarding plane. Examples of protocols processed in the management plane are SNMP, Telnet, HTTP, Secure HTTP (HTTPS), and SSH.
The Forwarding plane is responsible for forwarding frames Continue reading
Q-in-Q
Q-in-Q
——-
Consider a situation where service providers want to offer transparent LAN services that preserve a customers VLAN tags across your Layer-2 network.This can be done by the Q-in-Q IEEE 802.1q standard which allows us to use a single VLAN to transport multiple VLANS across the MAN or WAN. In doing so, we stack on an extra 802.1q tag to the customer’s traffic at the provider’s edge (PE). The original 802.1Q specificationallows a single VLAN header to be inserted into an Ethernet frame.A port configured to support 802.1Q tunneling is called a tunnel port. When you configure tunneling, you assign a tunnel port to a VLAN that is dedicated to tunneling. Each customer requires a separate VLAN, but that VLAN supports all of the customer’s VLANs.
How It works
——————-
Referece pic: Cisco Site
Customer Edge1——(802.1Q Trunk port having cutomer Vlan Ids)
V
V
V
Service Provider edge switch1 —-(Packets entering the tunnel port on the service-provider edge switch, which are already 802.1Q-tagged with the appropriate VLAN IDs, are encapsulated with another layer of an 802.1Q tag that contains a VLAN ID unique to the customer).
Creating a CCNA Voice Lab
I've been working on something that at this point in my career I never thought I'd be doing: another Cisco Certified Network Associate (CCNA) certification. The CCNA Voice, to be exact. Now that I'm in a job role where I'm expected to be somewhat of a jack-of-all-trades, I can no longer avoid learning voice :-) For a long time I've focused on just the underlying network bits and left the voice “stuff” to others. Since I now need to talk intelligently about Cisco voice solutions, products, and architectures, I decided to go through the CCNA Voice curriculum as a way to establish some foundational knowledge.
This post is about the tools and methods I used to build a small lab to support my studies.
Rapid Spanning Tree and PortFast
PortFast is a feature enabled on switchports, specifically 'edge' ports that reduces convergence time by transitioning to forwarding state quickly bypassing 30 seconds of listening and learning. When you connect an end device like a PC, server, phone etc, the switchport almost instantly starts forwarding frames.
PortFast also suppresses TCN BPDUs (Topology Change Notification Bridge Protocol Data Units). However, it sends BPDUs and actively participates in the STP topology mechanism.
Why would one want an edge port to send BPDUs? Well, if you 'accidentally' connect a switch (managed or unmanaged) to an edge port configured with PortFast, that switch needs to know it is connected to a switch.
If this port were to receive a BPDU, it would lose its PortFast status and transition to a normal STP port. This could be dangerous. You would want to block this port and prevent a loop from occurring.
In order to accomplish the above, PortFast must be configured in conjunction with BPDUGuard. If a port configured with PortFast BPDUGuard receives a BPDU, it disables the port. The switchport moves into error-disabled state. And you need to manually shut and no shut the port to bring it back up, although Continue reading
The VAR-y good upsides to being a consultant!
Earlier today Ethan Banks wrote a really good blog posts about “Thoughts on Working as a Consultant for a VAR“. I found his point of view quite interesting and I will say I can understand his points. I can also say that I would rather be a consultant than a full time engineer at a customer site. As a little bit of background I have spent most of my career working as a consultant. I did do a two year stint as network operations manager for a wireless ISP which itself was quite fast paced, but other than that Ive work as a consultant in one form or another.
Maybe I have ADD, maybe I just need to focus, but I have found that constantly having different projects going allows me to satisfy these tendencies. I feel I work better with more than one thing to occupy my time. I see friends who work for enterprise customers who spend their days submitting change requests that third party support companies fulfil, or spend months writing detailed design guides for projects that inevitably get canceled and all that time is spent without getting to touch the things they got into this Continue reading
My First Junos Switch: Detailed Review After Three Days Under The Covers
Background This post is the story of my first practical look at Junos on Juniper EX-series switches. One day last December, Skeeve Stevens from eintellego opened a can of worms by offering a deal on Juniper equipment to all network engineers on the AusNOG mailing list. I had been looking for an excuse to try […]
Author information
The post My First Junos Switch: Detailed Review After Three Days Under The Covers appeared first on Packet Pushers Podcast and was written by Paul Gear.
Thoughts On Working As A Consultant For A VAR
One of the questions I’m frequently asked via e-mail is how to get started in networking and/or whether or not a particular job change is a good idea. Those are always hard questions to answer intelligently because everyone’s individual situation is different. In addition, everyone’s personality is different. Different jobs work for different people. It […]
Author information
The post Thoughts On Working As A Consultant For A VAR appeared first on Packet Pushers Podcast and was written by Ethan Banks.
Healthy Paranoia Show 10: Beware the Shmoo
Darkness falls across the land, The hacker hour is close at hand. Creatures crawl in search of 0-days To terrorize your enterprise. And whosoever shall be found, Without the soul for clamping down, Must stand and face the nerds of hell, And rot inside a clear text shell. The foulest stench is in the air, […]
Author information
The post Healthy Paranoia Show 10: Beware the Shmoo appeared first on Packet Pushers Podcast and was written by Mrs. Y.
A /64 On Every Link? Are You Crazy?
I’ve had some great conversations lately with a lot of folks on the topic of IPv6 prefix length in a variety of applications, specifically one very good discussion on just about anything IPv6 between me, the kind folks over at The Class-C Block and Tom Hollingworth (aka The Networking Nerd). For many folks that are considering the impact of going dual-stack in their environments, the idea of using a /64 on all links is still a point of contention.Assigning IPv6 Prefixes for Customers
Now we arrive at the question of how much address space to allocate for…anyone. You may be a service provider, you may be a business, you may be a home user. Today, this question is quite easy to solve. If you’re a business-class customer, you ask your ISP for a block of addresses, and based off of your need (or ability to justify the need), you’ll be allocated some addresses. For many small-to-medium businesses, this can be as small as 8, or even 4 addresses.Assigning IPv6 Prefixes for Customers
Now we arrive at the question of how much address space to allocate for…anyone. You may be a service provider, you may be a business, you may be a home user. Today, this question is quite easy to solve. If you’re a business-class customer, you ask your ISP for a block of addresses, and based off of your need (or ability to justify the need), you’ll be allocated some addresses. For many small-to-medium businesses, this can be as small as 8, or even 4 addresses.A /64 On Every Link? Are You Crazy?
I’ve had some great conversations lately with a lot of folks on the topic of IPv6 prefix length in a variety of applications, specifically one very good discussion on just about anything IPv6 between me, the kind folks over at The Class-C Block and Tom Hollingworth (aka The Networking Nerd). For many folks that are considering the impact of going dual-stack in their environments, the idea of using a /64 on all links is still a point of contention.How to Study Better
How to study better Exams are a stressful thing to study for—even to the most organised students. Most students are afraid of pulling in a goose egg instead of an A and so they talk themselves out of doing well before they even see the exam. But they don’t really have to; studying in a […]
The post How to Study Better appeared first on Roger Perkin - Networking Articles.
Show 137 – Gartner Is Not For Sale with @Aneel Lakhani
Summary Packet Pushers co-hosts Ethan Banks & Greg Ferro chat with Aneel Lakhani, a research director at Gartner about his job. Aneel provides an insider perspective on how the research & analysis business works. More Info Analyst firm research offerings seem to cynical network engineers like bought-and-paid-for shill pieces whose conclusions follow the money back to its […]
Author information
The post Show 137 – Gartner Is Not For Sale with @Aneel Lakhani appeared first on Packet Pushers Podcast and was written by Ethan Banks.
NetCitadel and Software Defined Security
It’s been an exciting couple of weeks in the security realm, with a number of innovative startups appearing. That’s refreshing because recently most “innovation” in the security space has been something involving a new way of marketing a signature or reputation based system – and that’s just a bit rubbish, and not a little tiresome. Most […]
Author information
The post NetCitadel and Software Defined Security appeared first on Packet Pushers Podcast and was written by Neil Anderson.
Pull My Strings, I’m Your Puppet: Juniper Bringing DevOps to Networking
The buzzword in the industry of late is DevOps. It is one that I hope isn’t tarnished by the marketing machine where buzzwords go to die. DevOps is the shift in the paradigm of network and infrastructure management. Centralized infrastructure that is transparent to the administrator and end-user, IaaS, cloud – whatever you want to […]
Author information
The post Pull My Strings, I’m Your Puppet: Juniper Bringing DevOps to Networking appeared first on Packet Pushers Podcast and was written by Anthony Burke.