Packet Forwarding 101: Header Lookups
Whenever someone asks me about LISP, I answer, “it’s a nice idea, but cache-based forwarding never worked well.” Oldtimers familiar with the spectacular failures of fast switching and various incarnations of flow switching usually need no further explanation. Unfortunately, that lore is quickly dying out, so let’s start with the fundamentals: how does packet forwarding work?
Packet forwarding used by bridges and routers (or Layer-2/3 switches if you believe in marketing terminology) is just a particular case of statistical multiplexing – a mechanism where many communication streams share the network resources by slicing the data into packets that are sent across the network. The packets are usually forwarded independently; every one of them must contain enough information to be propagated by each intermediate device it encounters on its way across the network.
Packet Forwarding 101: Header Lookups
Whenever someone asks me about LISP, I answer, “it’s a nice idea, but cache-based forwarding never worked well.” Oldtimers familiar with the spectacular failures of fast switching and various incarnations of flow switching usually need no further explanation. Unfortunately, that lore is quickly dying out, so let’s start with the fundamentals: how does packet forwarding work?
Packet forwarding used by bridges and routers (or Layer-2/3 switches if you believe in marketing terminology) is just a particular case of statistical multiplexing – a mechanism where many communication streams share the network resources by slicing the data into packets that are sent across the network. The packets are usually forwarded independently; every one of them must contain enough information to be propagated by each intermediate device it encounters on its way across the network.
Considering a Managed SASE? Be Sure to Look Under the Hood
Enterprise interest in SASE is exploding. The benefits of bringing together networking and security services into a single solution delivered from the cloud are too appealing to pass up. However, not all SASE is created equal. In this article, Palo Alto Networks’ Kumar Ramachandran shares what to look for when evaluating managed SASE solutions.An Eight-Step Plan to Updating Your Network Disaster Recovery Plan
Disaster recovery for the modern global enterprise: How to minimize the impact of cable cuts, criminal activity, and acts of God.What is MPLS used for?
What is MPLS used for?. A very common question among IT Engineers. What are the common use cases of MPLS – Multi-Protocol Label Switching?
When it is first invented, 20+ years ago, it was considered one of the most scalable ways of doing VPNs. Faster packet processing could be achieved compared to IP destination-based routing because the IP address was 32 bits long but the Labels are just 20 bits long.
But, quickly after the first invention purpose, MPLS VPNs became the most dominant reason for Networks to deploy MPLS – Multiprotocol Label Switching technology.
It supported Ethernet over MPLS – EoMPLS, which is known as Point to Point Layer 2 MPLS VPN, and then soon after VPLS, which is Virtual Private Lan Service, vendors started to support.
VPLS is any to any, or also known as many to many technologies. It means you can connect. your multiple sites in Layer 2 and extend IP subnet by using VPLS technology. It works based on a full mesh of Pseudowires.
After Pseuodowire based Layer 2 VPNs, MPLS actual boom happened with MPLS Layer 3 VPNs.
With MPLS Layer 3 VPN, which is also known as Peer-to-Peer VPN, MPLS CE, Continue reading
2022 Top 10 Cyber Security Certifications
Before Starting Cyber Security
Cyber Security, sometimes you might find it as Cyber Operations, CyberOps, is the branch of Network Security that focuses on attacks, from the internet or from the inside of the network, gaps, bugs, look for them before they get used, fix them, and look again.
so the engineers continue to keep looking and fixing, as the internet is always evolving and generating more threats.
How to Study Cyber Security
generally, the domain of security (Information Security, Cyber Security) has nowadays hundreds of certifications and exams from many different vendors.
some are involved in the industry of making security devices/components, others are there just to teach us and make us the best engineers in the domain.
and mostly, cyber stuff comes from companies that focuses on creating the content/references more.
rather than information security exams and books that comes from vendors that produces platforms (Firewalls, IPS, IDS, NGFW, NGIPS, ESA, WSA, and many others).
so as a beginner, up to higher than an expert, many exams should be studied.
of course alongside with some other general/networking exams that you might already hold before studying the cyber security, and these exams will be mentioned below.
Top 10 Cyber Continue reading
CCNP ENCOR vs ENARSI
CCNP ENCOR vs ENARSI
is it even related?, or should I ask “comparable?”
yes it is both actually, and in this blog we will review both of the exams, talk about the agenda, which one should be taken before the other, and result of both of them.
Relation between CCNP ENCOR vs ENARSI
both the exam belongs to the certificate of Cisco CCNP Enterprise, and taking each individually will grant you A Certificate!
- Cisco Certified Specialist – Enterprise Core
- Cisco Certified Specialist – Enterprise Advanced Routing and Service
so it is a win-win scenario, but still the question is which one should i take first, and that will be followed below
Difference between CCNP ENCOR vs ENARSI Agenda
ENCOR first, generally a Technology Core exam, focusing on 7 domains of knowledge:
- Architecture
- Virtualization (Device, Path, and Network Virtualization)
- Infrastructure (Switching, Routing, and IP Service)
- Assurance
- Security
- WLAN
- Automation
and NO DEEP DIVE in any of these!!!
while for ENARSI:
- Virtualization (Path Virtualization)
- Infrastructure (Routing and IP Services)
- Security
and that’s it!,
- no Architecture
- in Virtualization no Device nor Network Virtualization, and for the path Virtualization it is different than ENCOR.
- as in the ENCOR you Continue reading
What is ASBR?
What is ASBR? Autonomous System Boundary Router. This seems easy, it is just used in OSPF, isn’t it?. In fact, that is wrong. You will learn in this post something, that is hopefully you will learn the first time. Let’s have a look at it.
ASBR is a node, that is connecting two or more networks. It can be a router or switch and it can be positioned at the Internet Edge. The router at the Internet Edge is referred to as IGW (Internet Gateway) Router and it can be an IGW Router.
It can be located between two different networks to provide MPLS service for example. Between two networks, service is referred to as Inter-AS MPLS VPNs and in RFC 2547, Section 10, 3 different Inter-AS MPLS VPN Options are explained. In all of them, the routers that are connecting two different Autonomous System is referred to as ASBR as well.
On those routers, usually, BGP runs in Inter-AS MPLS VPN service. OSPF is not mandatory.
Thus, saying it is used in OSPF would be a false claim. It can be used for many different services in the networks and ASBR can run any routing protocol, not just Continue reading
What Layer is MPLS?
What Layer is MPLS?. This basic question needs to be clarified for the Network Engineers.
MPLS – Multi-Protocol Label Switching first was invented for fast packet processing. As MPLS Label is 20 bits, and IP address is 32 bits, processing MPLS Label was considered faster back in old times.
Today, as of 2022 MPLS is used for many different purposes, one of the most common reasons to have MPLS in the Networks is VPN.
MPLS VPNs, MPLS Layer 2 VPN, and MPLS Layer 3 VPN are two of the most common VPN mechanisms in large Enterprise and Service Provider Networks.
The label is used for two reasons in MPLS VPNs.
A tunnel label or transport label is used for the reachability between the edge devices, PE devices in MPLS networks.
And another label, which is the VPN label is used to differentiate the customers in MPLS VPN.
Both of these labels are placed between MAC Header and IP Header in IP Packets.
Thus, as you can see from the below picture as well, MPLS is commonly referred to as Layer 2.5.
Figure – MPLS is Layer 2.5
As you can see, from the above Continue reading
Worth Reading: End-to-end Congestion Control Cannot Avoid Latency Spikes
Found a pointer to another you cannot beat the laws of physics or networking result: you cannot avoid latency spikes with end-to-end congestion control regardless of the amount of unicorn dust or hype you’re throwing at the problem (original paper).
Worth Reading: End-to-end Congestion Control Cannot Avoid Latency Spikes
Found a pointer to another you cannot beat the laws of physics or networking result: you cannot avoid latency spikes with end-to-end congestion control regardless of the amount of unicorn dust or hype you’re throwing at the problem (original paper).
Rust Notes: Arrays
An array is a sequence of values, of the same type. A tuple is defined with square brackets []. Array Considerations Arrays live on the stack by default and have a fixed size. Traits are only implemented on an array with a size of 32 or less. Arrays with a size greater than 32 lose...continue reading
Rust Notes: Tuples
A tuple is a sequence of values, which can be of different types. A tuple is defined with circle brackets (). Tuple Considerations The number of elements in a tuple is known as its arity. Traits are only implemented on a tuple with an arity of 12 or less. Tuples with an arity...continue reading
Rust Notes: Chars
A char in Rust represents a single unicode scalar value. A char is defined as a single character within single quotes eg: ('a'). Char Considerations A char is not the same as a single str character. Strings DO NOT use chars internally. A char is always 4-bytes in length. continue reading
Rust Notes: If Conditionals
The if conditional block in Rust behaves similarly to other languages. In Rust, if blocks act as an expression and the resulting branch can be assigned to a variable. The resulting expression of an if branch can be assigned to a variable with the let keyword. If...continue reading
All is fair in and #NANOG Hackathons — refurbishing NAPALM drivers to build a multi-vendor…
All is fair in 💔 and #NANOG Hackathons — refurbishing NAPALM 🔥 drivers to build a multi-vendor #gNMI plug-in 🔌
We’re in Austin, Texas this week where the 84th North American Network Operators Group (NANOG) convention is taking place. Preceding that, during the Super Bowl ⅬⅤⅠ weekend (in which another blue team is about to win big), there is a Hackathon in which the teams are challenged to prepare for the networking equivalent of an epic halftime show.
Yours truly figures it would be a good idea to use this opportunity to kick-off the creation of a multi-vendor NAPALM driver. Most (if not all) NAPALM drivers to date are single vendor, see for example the Nokia SR OS NAPALM driver and the SR Linux variant. However, there is significant overlap in functionality and logic, and so I’d like to see if there is a possibility to “share the burden” by collaborating on some of the more basic (and — quite frankly — boring) parts of the drivers.
My (rough) plan is to clone the best current NAPALM driver code base — eos has been suggested — remove whatever logic it uses to talk to its vendor specific device APIs, and replace that with pyGNMI. To demonstrate this Continue reading
Worth Reading: Crazy about VMware SD-WAN
Have to work with VMware SD-WAN (the entity formerly known as VeloCloud)? You might find interesting tidbits in Crazy about VMware SD-WAN by Alexander Marhold.
Worth Reading: Crazy about VMware SD-WAN
Have to work with VMware SD-WAN (the entity formerly known as VeloCloud)? You might find interesting tidbits in Crazy about VMware SD-WAN by Alexander Marhold.