Running Routing Protocols over MLAG Links
It took vendors like Cisco years to start supporting routing protocols between MLAG-attached routers and a pair of switches in the MLAG cluster. That seems like a no-brainer scenario, so there must be some hidden complexities. Let’s figure out what they are.
We’ll use the familiar MLAG diagram, replacing one of the attached hosts with a router running a routing protocol with both members of the MLAG cluster (for example, R, S1, and S2 are OSPF neighbors).
Running Routing Protocols over MLAG Links
It took vendors like Cisco years to start supporting routing protocols between MLAG-attached routers and a pair of switches in the MLAG cluster. That seems like a no-brainer scenario, so there must be some hidden complexities. Let’s figure out what they are.
We’ll use the familiar MLAG diagram, replacing one of the attached hosts with a router running a routing protocol with both members of the MLAG cluster (for example, R, S1, and S2 are OSPF neighbors).
The DNS at the IGF
I was invited to participate in a session at IGF 2022 that was devoted to the workings of the DNS. I’d like to share my contribution to this session with my thoughts on where the DNS is headed.Hedge December 22 Update
The Hedge December update contains information about upcoming episodes and training—listen in for the inside scoop!
Troubleshooting Live Training
My next live training course is coming up on the 16th of December: Troubleshooting. This is one of those classes where I’m taking formal training from a former life (electronic engineering) and applying it to the networking world. From the description—
Troubleshooting is a fundamental skill for all network engineers, from the least to most experienced. However, there is little material on correct and efficient troubleshooting techniques in a network engineering context, and no (apparent) live training in this area. Some chapters in books exist (such as the Computer Networking Problems and Solutions, published in December 2017), and some presentations in Cisco Live, but the level of coverage for this critical skill is far below what engineers working in the field to develop solid troubleshooting skills.
This training focuses on the half-split system of troubleshooting, which is widely used in the electronic and civil engineering domains. The importance of tracing the path of the signal, using models to put the system in context, and the use of a simple troubleshooting “loop” to focus on asking how, what, and why are added to the half-split method to create a complete theory of troubleshooting. Other concepts covered in this course are the Continue reading
Tech Bytes: Diagnosing SaaS Outages When It’s Not The Network (Sponsored)
Today on the Tech Bytes podcast we explore two outages of big-time cloud applications with sponsor ThousandEyes, a Cisco company. These outages share a common thread, in that the network was up and the applications were reachable, but problems on the backend meant the applications weren’t available. We discuss what happened and offer takeaways to minimize business disruptions.
The post Tech Bytes: Diagnosing SaaS Outages When It’s Not The Network (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Diagnosing SaaS Outages When It’s Not The Network (Sponsored)
Today on the Tech Bytes podcast we explore two outages of big-time cloud applications with sponsor ThousandEyes, a Cisco company. These outages share a common thread, in that the network was up and the applications were reachable, but problems on the backend meant the applications weren’t available. We discuss what happened and offer takeaways to minimize business disruptions.Network Break 410: AWS Previews Secure Remote Access; Broadcom Promises Not To Raise VMware Prices
On today's Network Break we discuss new AWS previews for secure remote access and for connecting applications and services across VPCs. We also discuss a serious outage at Hive Social, Open RAN 5G coming to fighter jets, a promise from Broadcom not to raise prices if the VMware acquisition goes through, and more IT news.
The post Network Break 410: AWS Previews Secure Remote Access; Broadcom Promises Not To Raise VMware Prices appeared first on Packet Pushers.
Network Break 410: AWS Previews Secure Remote Access; Broadcom Promises Not To Raise VMware Prices
On today's Network Break we discuss new AWS previews for secure remote access and for connecting applications and services across VPCs. We also discuss a serious outage at Hive Social, Open RAN 5G coming to fighter jets, a promise from Broadcom not to raise prices if the VMware acquisition goes through, and more IT news.Decoding TCP flags in NetFlow and IPFIX.
The post Decoding TCP flags in NetFlow and IPFIX. appeared first on Noction.
Review: S5648X-2Q4Z Switch – Part 1: VxLAN/GENEVE/NvGRE
After receiving an e-mail from a newer [China based switch OEM], I had a chat with their founder and learned that the combination of switch silicon and software may be a good match for IPng Networks. You may recall my previous endeavors in the Fiberstore lineup, notably an in-depth review of the [S5860-20SQ] which sports 20x10G, 4x25G and 2x40G optics, and its larger sibling the S5860-48SC which comes with 48x10G and 8x100G cages. I use them in production at IPng Networks and their featureset versus price point is pretty good. In that article, I made one critical note reviewing those FS switches, in that they’e be a better fit if they allowed for MPLS or IP based L2VPN services in hardware.
I got cautiously enthusiastic (albeit suitably skeptical) when this new vendor claimed VxLAN, GENEVE, MPLS and GRE at 56 ports and line rate, on a really affordable budget (sub-$4K for the 56 port; and sub-$2K for the 26 port switch). This reseller is using a less known silicon vendor called [Centec], who have a lineup of ethernet silicon. In this device, the CTC8096 (GoldenGate) is used for cost effective high density 10GbE/40GbE applications Continue reading
netlab: VRF Lite over VXLAN Transport
One of the comments I received after publishing the Use VRFs for VXLAN-Enabled VLANs claimed that:
I’m firmly of the belief that VXLAN should be solely an access layer/edge technology and if you are running your routing protocols within the tunnel, you’ve already lost the plot.
That’s a pretty good guideline for typical data center fabric deployments, but VXLAN is just a tool that allows you to build multi-access Ethernet networks on top of IP infrastructure. You can use it to emulate E-LAN service or to build networks similar to what you can get with DMVPN (without any built-in security). Today we’ll use it to build a VRF Lite topology with two tenants (red and blue).
netlab: VRF Lite over VXLAN Transport
One of the comments I received after publishing the Use VRFs for VXLAN-Enabled VLANs claimed that:
I’m firmly of the belief that VXLAN should be solely an access layer/edge technology and if you are running your routing protocols within the tunnel, you’ve already lost the plot.
That’s a pretty good guideline for typical data center fabric deployments, but VXLAN is just a tool that allows you to build multi-access Ethernet networks on top of IP infrastructure. You can use it to emulate E-LAN service or to build networks similar to what you can get with DMVPN (without any built-in security). Today we’ll use it to build a VRF Lite topology with two tenants (red and blue).
Data Privacy and Protection in the Age of Cloud
With more data on more cloud platforms being subject to increasingly stringent regulations, traditional approaches to protecting data fall short.Decoding TCP flags in NetFlow and IPFIX.
The post Decoding TCP flags in NetFlow and IPFIX. appeared first on Noction.