The AC/DC Conundrum
Simply put: DC power is a ‘cleaner’ energy source. Traditional AC distribution generates energy waste and requires more work to be functional in a data center.What is Storm Control?
Storm control is a feature for monitoring traffic levels and dropping broadcast, multicast, and unknown unicast packets, which is commonly known as BUM Traffic, and when a specified traffic level, referred to as the storm control level or storm control bandwidth is exceeded, limiting the traffic to protect the Local Area Network environment. In this blog post, we will try to understand the basics of it.
Storm Control Broadcast Level
Although the Storm Control feature is mainly used for Broadcast, we should configure it to protect from unnecessarily used Multicast and Unknown Unicast packets. There can be bugs in the software or hardware or due to the mis-cabling or configuration, if any of the above traffic exceeds the limit that we specify, traffic should be blocked. We need to understand some terminologies if we want to understand Storm control and its usage on Network Switch.
In the above configuration, we will show not only for Broadcast but also for Multicast and Unknown Unicast threshold levels on the Cisco switches.
Cisco Storm Control
Let’s have a look at how Storm Control is used in Cisco switch and let’s learn some new terminologies.
interface GigabitEthernet0/0 storm-control broadcast level bps 100k 90k Continue reading
Why Wi-Fi 6’s Time is Now
With the high data rates, low latency, and high network density that Wi-Fi 6 offers, it is ideal for applications that need high throughput as well as for those needing to support a large number of connected devices.Future-proofing SaltStack
At Cloudflare, we are preparing the Internet and our infrastructure for the arrival of quantum computers. A sufficiently large and stable quantum computer will easily break commonly deployed cryptography such as RSA. Luckily there is a solution: we can swap out the vulnerable algorithms with so-called post-quantum algorithms that are believed to be secure even against quantum computers. For a particular system, this means that we first need to figure out which cryptography is used, for what purpose, and under which (performance) constraints. Most systems use the TLS protocol in a standard way, and there a post-quantum upgrade is routine. However, some systems such as SaltStack, the focus of this blog post, are more interesting. This blog post chronicles our path of making SaltStack quantum-secure, so welcome to this adventure: this secret extra post-quantum blog post!
SaltStack, or simply Salt, is an open-source infrastructure management tool used by many organizations. At Cloudflare, we rely on Salt for provisioning and automation, and it has allowed us to grow our infrastructure quickly.
Salt uses a bespoke cryptographic protocol to secure its communication. Thus, the first step to a post-quantum Salt was to examine what the protocol was actually doing. In Continue reading
Is MPLS/VPN Too Complex?
Henk Smit made the following claim in one of his comments:
I think BGP-MPLS-VPNs are over-complicated. And you don’t get enough return for that extra complexity.
TL&DR: He’s right (and I just violated Betteridge’s law of headlines)
The history of how we got to the current morass might be interesting for engineers who want to look behind the curtain, so here we go…
Is MPLS/VPN Too Complex?
Henk Smit made the following claim in one of his comments:
I think BGP-MPLS-VPNs are over-complicated. And you don’t get enough return for that extra complexity.
TL&DR: He’s right (and I just violated Betteridge’s law of headlines)
The history of how we got to the current morass might be interesting for engineers who want to look behind the curtain, so here we go…
Day Two Cloud 140: Troubleshooting Cloud Outages With End-To-End Visibility (Sponsored)
On today’s sponsored Day Two Cloud episode with Cisco ThousandEyes, we discuss how to monitor what’s broken in public cloud services. With the right information, you can offer a nuanced, knowledgeable answer when executives want to know when the company’s crucial customer-facing app hosted on a bunch of cloud services is coming back online.Set git behavior based on the repository path
I maintain a handful of git accounts at GitHub.com and on private git servers, and have repeated committed to a project using the wrong personality.
My early attempts to avoid this mistake involved scripts to set per-project git parameters, but I've found a more streamlined option.
The approach revolves around the file hierarchy in my home directory: Rather than dumping everything in a single ~/projects directory, they're now in ~/projects/personal, ~/projects/work, etc...
Whenever cloning a new project, or starting a new one, as long as I put it in the appropriate directory, git will chose the behaviors and identity appropriate for that project.
Here's how it works, with 'personal' and 'work' accounts at GitHub.com
1. Generate an SSH key for each account
Not strictly required, I guess, but I like the privacy-preserving angle of using different keys everywhere, so I do this as a matter of habit.
ssh-keygen -t ed25519 -P '' -f ~/.ssh/work.github.com
ssh-keygen -t ed25519 -P '' -f ~/.ssh/personal.github.com
2. Add each public key to its respective GitHub account.
Use ~/.ssh/work.github.com.pub and ~/.ssh/personal.github.com.pub (note the .pub suffix).
Instructions here.
3. Continue reading
HS019 Questions on Corporate Technology Strategy
What makes a technology strategy ? Where do you start ? Are you business or solution centric ? Being a leader means risk and funding, being a follower is simpler and faster. What questions should you be asking when establishing an IT strategy ? Heavy Strategy is where the questions are more important than the […]
The post HS019 Questions on Corporate Technology Strategy appeared first on Packet Pushers.
HS019 Questions on Corporate Technology Strategy
What makes a technology strategy ? Where do you start ? Are you business or solution centric ? Being a leader means risk and funding, being a follower is simpler and faster. What questions should you be asking when establishing an IT strategy ? Heavy Strategy is where the questions are more important than the... Read more »
Do You Need SASE or Zero Trust Edge?
Zero Trust Edge provides a more holistic approach to security for those organizations that continue to have an on-premises component.Multicast Basics
In this blog post, I will explain some of the Multicast basics that most of us look for. MPLS Multicast and many other Multicast Design, Troubleshooting, and Multicast Deployment topics are explained in the different blog posts on the website. Also, this post will cover the many fundamental Multicast frequently asked questions briefly. For a more detailed explanation of the particular topic, you can check our other blog posts on the website.
Before we start, please note that if you are looking for IP and MPLS Multicast video course, you can click here.
What is Multicast used for?
There are many reasons in the real life for Multicast, but mostly we are seeing it in the financial networks, stock exchange, Large Campus Networks for IP Surveillance, and IPTV Multicast purposes.
When it comes to the deployment details, although we will cover them in separate blog posts, in IPTV, Source Specific Multicast, in Financial Networks, Bidirectional Multicast is used.
Also, using Multicasting provides resource optimization, which means, less bandwidth, less source, and receiver CPU and Memory usage it can provide.
IP Multicast Routing
There are many Multicast Protocols for Multicast to work in the Networks but when it Continue reading
BGP Local Preference
BGP Local Preference is a BGP attribute that is used for Outbound path manipulation in today’s Computer Networks. Path manipulation is known as BGP Traffic Engineering as well and the Local Preference attribute is the most common technique for it in real networks. In this blog post I will be explaining the use case, comparison with other outbound path manipulation techniques, and how the BGP Local Preference attribute works we will understand.
First of all, we should know that it is not a Cisco specific attribute, it is a standard attribute, which is used in other vendor equipment as well. Vendor interoperability works without issue.
Because a picture is worth a thousand words, let’s have a look at the below topology to understand how it works.
In the above topology, AS65000 has two paths to AS1.
Prefixes from AS1 are learned via two paths but AS65000 wants to use the left path as a Primary Path and the right path as a backup path.
The reason in real-life people wants to use their links as primary and backup this way is usually a cost. One of the links might be expensive and another can be cheaper, and they may want Continue reading
WEBINAR: Deploying IPv6 for WISPs and FISPs.
A few weeks ago, we recorded a webinar on deploying IPv6 for WISPs and FISPs. As IPv6 adoption continues to climb, developing an IPv6 strategy for design, deployment and system integration is an important step before subscribers begin asking for IPv6.
Some of the topics that were covered include:
- IPv6 basics – addressing, subnetting, types
- IPv6 design and deployment
- IPv6 systems and operations
Here is an example of getting started with IPv6 deployment at the border of the ASN
Link to the webinar and slide deck
Webinar: click here
Slides: click here
