The data center landscape has radically evolved over the last decade thanks to virtualization.
Before Network Virtualization Overlay (NVO), data centers were limited to 4096 broadcast domains which could be problematic for large data centers to support a multi-tenancy architecture.
Virtual Extensible LAN (VXLAN) has emerged as one of the most popular network virtualization overlay technologies and has been created to address the scalability issue outlined above.
When VXLAN is used without MP-BGP, it uses a flood and learns behavior to map end-host location and identity. The VXLAN tunneling protocol encapsulates a frame into an IP packet (with a UDP header) and therefore can leverage Equal Cost Multi-Path (ECMP) on the underlay fabric to distribute the traffic between VXLAN Tunneling Endpoints (VTEP).
Multi-Protocol BGP (MP-BGP) Ethernet VPN (EVPN) allows prefixes and mac addresses to be advertised in a data center fabric as it eliminates the flood and learns the behavior of the VXLAN protocol while VXLAN is still being used as an encapsulation mechanism to differentiate the traffic between the tenants or broadcast domains.
A Multi-Tenancy infrastructure allows multiple tenants to share the same computing and networking resources within a data center. As the physical infrastructure is shared, the physical Continue reading
In the third installment of this 9-video series, Russ White clarifies exactly what a fabric is, complete with drawings, animations, and live illustrations. From there, you’ll be able to determine what is and is not a fabric. In this lesson, Russ also walks through traffic patterns, tiers, and bandwidth between tiers in data center fabrics. […]
The post Understanding Data Center Fabrics 03: Characteristics Of Data Center Fabrics – Video appeared first on Packet Pushers.
While researching the BGP RFCs for the Three Dimensions of BGP Address Family Nerd Knobs, I figured out that the BGP Labeled Unicast (BGP-LU, advertising MPLS labels together with BGP prefixes) uses a different address family. So far so good.
Now for the intricate bit: a BGP router might negotiate IPv4 and IPv4-LU address families with a neighbor. Does that mean that it’s advertising every IPv4 prefix twice, once without a label, and once with a label? Should that be the case, how are those prefixes originated and how are they stored in the BGP table?
As always, the correct answer is “it depends”, this time on the network operating system implementation. This blog post describes Cisco IOS behavior, a follow-up one will focus on Arista EOS.
While researching the BGP RFCs for the Three Dimensions of BGP Address Family Nerd Knobs, I figured out that the BGP Labeled Unicast (BGP-LU, advertising MPLS labels together with BGP prefixes) uses a different address family. So far so good.
Now for the intricate bit: a BGP router might negotiate IPv4 and IPv4-LU address families with a neighbor. Does that mean that it’s advertising every IPv4 prefix twice, once without a label, and once with a label? Should that be the case, how are those prefixes originated and how are they stored in the BGP table?
As always, the correct answer is “it depends”, this time on the network operating system implementation. This blog post describes Cisco IOS behavior, a follow-up one will focus on Arista EOS.
This is just a quick post to share something that I found which is a really nice quality of life tip for VSCode. In this post, I will show you how to configure per-language settings in VSCode so that for example in Python files you can set to indent with 4 spaces and in Javascript you...continue reading
Aruba hopes to entice the channel to resell Aruba gear with a new purchasing model. Aruba is packaging network equipment and software into pre-sized bundles designed around outcomes. You want an outdoor WLAN? Select option 1. You want a wired campus? Choose option 2. Based on customer requirements, the reseller buys and installs pre-defined service […]
The post Aruba Seeks To Entice Resellers With Modular ‘Network-In-A-Box’ Approach appeared first on Packet Pushers.
This blog provides an in-depth overview of Palo Alto Networks recently introduced Prisma SASE for MSPs, a scalable multi-tenant cloud management portal solution for managed service providers (MSPs) to fast track enterprise digital transformation with managed SASE services.
The post Fast-Track Enterprise Digital Transformation With Managed Prisma SASE appeared first on Packet Pushers.
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Our understanding is that during January 2022, hackers outside Okta had access to an Okta support employee’s account and were able to take actions as if they were that employee. In a screenshot shared on social media, a Cloudflare employee’s email address was visible, along with a popup indicating the hacker was posing as an Okta employee and could have initiated a password reset.
We learnt of this incident via Cloudflare’s internal SIRT. SIRT is our Security Incident Response Team and any employee at Cloudflare can alert SIRT to a potential problem. At exactly 03:30 UTC, a Cloudflare employee emailed SIRT with a link to a tweet that had been sent at 03:22 UTC. The tweet indicated that Okta had potentially been breached. Multiple other Cloudflare employees contacted SIRT over the following Continue reading
In this article I cover some common "show" commands to view information about our devices as well as tools to refine the commands’ outputs to get exactly the information we require.
The post Device Management From The Ground Up: Part 4 – Viewing Operational State appeared first on Packet Pushers.