Archive

Category Archives for "Networking"

Route Replication the Easy Way

Easy Virtual Network (EVN) was a technology Cisco came up with back in the days to make it easier to implement VRFs without the pain of running VRF lite or the complexity of running a full MPLS + BGP network. It was actually a pretty cool technology but never became mainstream. However, as part of this technology, Cisco also made it easier to replicate, or in other words leak, routes between VRFs. You don’t need the rest of EVN to do this and this simplified way of replicating routes have kind of been forgotten by the industry. I thought I would share with you the ease of replicating routes with this feature even without BGP.

We have a straight forward topology like the one below:

The USERS switch is a L2 switch and all the L3 configuration is in the CORE router. We have implemented segmentation in the network so we have a USERS VRF and then we have a SERVICES VRF for shared services such as DNS and DHCP. Because these services are in a separate VRF, we will not have reachability to them from the USERS VRF. This lab will use the following IP addresses:

User – 10. Continue reading

Interesting Concept: Time Dilation

I loved the Time Dilation blog post by Seth Godin. It explains so much, including why I won’t accept a “quick conf call to touch base and hash out ideas” from someone coming out of the blue sky – why should I be interested if they can’t invest the time to organize their thoughts and pour them into an email.

The concept of “creation-to-consumption” ratio is also interesting. Now I understand why I hate unedited opinionated chinwagging (many podcasts sadly fall into this category) or videos where someone blabbers into a camera while visibly trying to organize their thoughts.

Just FYI, these are some of the typical ratios I had to deal in the past:

Interesting Concept: Time Dilation

I loved the Time Dilation blog post by Seth Godin. It explains so much, including why I won’t accept a “quick conf call to touch base and hash out ideas” from someone coming out of the blue sky – why should I be interested if they can’t invest the time to organize their thoughts and pour them into an email.

The concept of “creation-to-consumption” ratio is also interesting. Now I understand why I hate unedited opinionated chinwagging (many podcasts sadly fall into this category) or videos where someone blabbers into a camera while visibly trying to organize their thoughts.

Just FYI, these are some of the typical ratios I had to deal in the past:

The importance of Calico’s pluggable data plane

This post will highlight and explain the importance of a pluggable data plane. But in order to do so, we first need an analogy. It’s time to talk about a brick garden wall!

Imagine you have been asked to repair a brick garden wall, because one brick has cracked through in the summer sun. You have the equipment you need, so the size of the job will depend to a great extent on how easily the brick can be removed from the wall without interfering with all the ones around it. Good luck.

Now that we have that wonderful imagery in mind, let’s look at how to go about designing walls — and how they can be maintained.

About software coupling: Fixing walls and designing great walls

“Coupling” is the term used to describe the interdependence between pieces of software. Closely coupled systems are interdependent and difficult to separate; loosely coupled systems are more like building blocks designed to work together, but they come apart cleanly. So, since the bricks in our garden wall are closely coupled (in this case, by cement), attempting to remove just one creates difficult challenges.

We can think of software as being built in “walls,” Continue reading

Cisco forecasts a bright future for network, app, hybrid work technologies

In a wide-ranging Investor Day conference Cisco executives outlined what they described as a $900 billion total market of high-level technology targets the networking giant expects to be a dominant force in developing toward in the next four years.Those targets include the six areas Cisco has been building toward for the past couple years, including agile networks, optimized applications, hybrid work, the Internet of the future, end-to-end security and edge networking capabilities but also other areas such as cloud security, hybrid cloud, IoT and more.  The 10 most powerful companies in enterprise networking 2021 “We have built a portfolio designed for the modern world, and driven compelling new innovation from Cisco Plus and the Webex Suite to Silicon One and Secure X just a few examples of key technologies that we have provided over the past few years,” said Chuck Robbins, Cisco CEO. To read this article in full, please click here

Regulating Big Tech. This Time, for sure!

There is a growing unease within the US and elsewhere over the extraordinary rise of these technology giants, not just in monetary terms but in terms of their social power as well. There is a growing sentiment that the current situation looks like it will never be adequately corrected by just competitive pressures within market itself. Some further forms of regulatory intervention will be needed to force a fundamental realignment of these players. In so doing, it appears that regulators appear to be finally catching up with the online world in the US, in Europe and in China.

Palo Alto shapes SASE package for hybrid enterprises

Palo Alto Networks has bolted together its SD-WAN and security technologies to offer an integrated, cloud-based, secure-access service edge (SASE) offering aimed at simplifying distributed enterprises.Called Prisma SASE, the package brings together the company’s core Prisma Access package of cloud-based, next-generation security gateways with its Prisma SD-WAN technology it got when it bought CloudGenix for $420 million last year.To read this article in full, please click here

Palo Alto shapes SASE package for hybrid enterprises

Palo Alto Networks has bolted together its SD-WAN and security technologies to offer an integrated, cloud-based, secure-access service edge (SASE) offering aimed at simplifying distributed enterprises.Called Prisma SASE, the package brings together the company’s core Prisma Access package of cloud-based, next-generation security gateways with its Prisma SD-WAN technology it got when it bought CloudGenix for $420 million last year.To read this article in full, please click here

Early Hints: How Cloudflare Can Improve Website Load Times by 30%

Early Hints: How Cloudflare Can Improve Website Load Times by 30%
Early Hints: How Cloudflare Can Improve Website Load Times by 30%

Want to know a secret about Internet performance? Browsers spend an inordinate amount of time twiddling their thumbs waiting to be told what to do. This waiting impacts page load performance. Today, we’re excited to announce support for Early Hints, which dramatically improves browser page load performance and reduces thumb-twiddling time.

In initial tests using Early Hints, we have observed more than 30% improvement to page load time for browsers visiting a website for the first time.

Early Hints is available in beta today — Cloudflare customers can request access to Early Hints in the dashboard’s Speed tab. It’s free for all customers because we think the web should be fast!

Early Hints in a nutshell

Browsers need instructions for what to render and what resources need to be fetched to complete “painting” a given web page. These instructions come from a server response. But the servers sending these responses often need time to compile these resources — this is known as “server think time.” While the servers are busy during this time… browsers sit idle and wait.

Early Hints takes advantage of “server think time” to asynchronously send instructions to the browser to begin loading resources while the Continue reading

The Zero Trust platform built for speed

The Zero Trust platform built for speed
The Zero Trust platform built for speed

Cloudflare for Teams secures your company’s users, devices, and data — without slowing you down. Your team should not need to sacrifice performance in order to be secure. Unlike other vendors in the market, Cloudflare’s products not only avoid back hauling traffic and adding latency — they make your team faster.

We’ve accomplished this by building Cloudflare for Teams on Cloudflare. All the products in the Zero Trust platform build on the improvements and features we’re highlighting as part of Speed Week:

  1. Cloudflare for Teams replaces legacy private networks with Cloudflare’s network, a faster way to connect users to applications.
  2. Cloudflare’s Zero Trust decisions are enforced in Cloudflare Workers, the performant serverless platform that runs in every Cloudflare data center.
  3. The DNS filtering features in Cloudflare Gateway run on the same technology that powers 1.1.1.1, the world’s fastest recursive DNS resolver.
  4. Cloudflare’s Secure Web Gateway accelerates connections to the applications your team uses.
  5. The technology that powers Cloudflare Browser Isolation is fundamentally different compared to other approaches and the speed advantages demonstrate that.

We’re excited to share how each of these components work together to deliver a comprehensive Zero Trust platform that makes your team faster. Continue reading

Magic makes your network faster

Magic makes your network faster
Magic makes your network faster

We launched Magic Transit two years ago, followed more recently by its siblings Magic WAN and Magic Firewall, and have talked at length about how this suite of products helps security teams sleep better at night by protecting entire networks from malicious traffic. Today, as part of Speed Week, we’ll break down the other side of the Magic: how using Cloudflare can automatically make your entire network faster. Our scale and interconnectivity, use of data to make more intelligent routing decisions, and inherent architecture differences versus traditional networks all contribute to performance improvements across all IP traffic.

What is Magic?

Cloudflare’s “Magic” services help customers connect and secure their networks without the cost and complexity of maintaining legacy hardware. Magic Transit provides connectivity and DDoS protection for Internet-facing networks; Magic WAN enables customers to replace legacy WAN architectures by routing private traffic through Cloudflare; and Magic Firewall protects all connected traffic with a built-in firewall-as-a-service. All three share underlying architecture principles that form the basis of the performance improvements we’ll dive deeper into below.

Anycast everything

In contrast to traditional “point-to-point” architecture, Cloudflare uses Anycast GRE or IPsec (coming soon) tunnels to send and receive traffic for customer Continue reading

Cloudflare Backbone: A Fast Lane on the Busy Internet Highway

Cloudflare Backbone: A Fast Lane on the Busy Internet Highway
Cloudflare Backbone: A Fast Lane on the Busy Internet Highway

The Internet is an amazing place. It’s a communication superhighway, allowing people and machines to exchange exabytes of information every day. But it's not without its share of issues: whether it’s DDoS attacks, route leaks, cable cuts, or packet loss, the components of the Internet do not always work as intended.

The reason Cloudflare exists is to help solve these problems. As we continue to grow our rapidly expanding global network in more than 250 cities, while directly connecting with more than 9,800 networks, it’s important that our network continues to help bring improved performance and resiliency to the Internet. To accomplish this, we built our own backbone. Other than improving redundancy, the immediate advantage to you as a Cloudflare user? It can reduce your website loading times by up to 45% — and you don’t have to do a thing.

The Cloudflare Backbone

We began building out our global backbone in 2018. It comprises a network of long-distance fiber optic cables connecting various Cloudflare data centers across North America, South America, Europe, and Asia. This also includes Cloudflare’s metro fiber network, directly connecting data centers within a metropolitan area.

Cloudflare Backbone: A Fast Lane on the Busy Internet Highway

Our backbone is a dedicated network, Continue reading

Unboxing the Last Mile: Introducing Last Mile Insights

Unboxing the Last Mile: Introducing Last Mile Insights
Unboxing the Last Mile: Introducing Last Mile Insights

“The last 20% of the work requires 80% of the effort.” The Pareto Principle applies in many domains — nowhere more so on the Internet, however, than on the Last Mile. Last Mile networks are heterogeneous and independent of each other, but all of them need to be running to allow for everyone to use the Internet. They’re typically the responsibility of Internet Service Providers (ISPs). However, if you’re an organization running a mission-critical service on the Internet, not paying attention to Last Mile networks is in effect handing off responsibility for the uptime and performance of your service over to those ISPs.

Probably not the best idea.

When a customer puts a service on Cloudflare, part of our job is to offer a good experience across the whole Internet. We couldn’t do that without focusing on Last Mile networks. In particular, we’re focused on two things:

  • Cloudflare needs to have strong connectivity to Last Mile ISPs and needs to be as close as possible to every Internet-connected person on the planet.
  • Cloudflare needs good observability tools to know when something goes wrong, and needs to be able to surface that data to you so that you can be Continue reading

DHCP: How to work with user classes on Windows

Whether in an existing network or a new one, there is an aspect of design that cannot be skipped: deciding if handing out IP addresses will be dynamic (automatic) or manual (one-by-one) or—the most common—a combination of the two.By choosing to distribute them dynamically you are choosing to use a dynamic host configuration protocol (DHCP) service somewhere on your network, and there can be some tricks to that regardless of what server you use. For this discussion, I will describe how to use user classes on a Windows DCHP Server to specify a range of IP addresses and to assign range-specific DHCP options.To read this article in full, please click here

What to expect from SASE certifications

Secure access service edge (SASE) is a network architecture that rolls SD-WAN and security into a single, centrally managed cloud service that promises simplified WAN deployment, improved security, and better performance.According to Gartner, SASE’s benefits are transformational because it can speed deployment time for new users, locations, applications and devices as well as reduce attack surfaces and shorten remediation times by as much as 95%.With the pandemic, adoption of SASE  has been on an upward swing. A June report from Sapio Research, commissioned by Versa Networks, finds 34% of companies are already using SASE, and another 30% plan to in the next six to 12 months.To read this article in full, please click here

What to expect from SASE certifications

Secure access service edge (SASE) is a network architecture that rolls SD-WAN and security into a single, centrally managed cloud service that promises simplified WAN deployment, improved security, and better performance.According to Gartner, SASE’s benefits are transformational because it can speed deployment time for new users, locations, applications and devices as well as reduce attack surfaces and shorten remediation times by as much as 95%.With the pandemic, adoption of SASE  has been on an upward swing. A June report from Sapio Research, commissioned by Versa Networks, finds 34% of companies are already using SASE, and another 30% plan to in the next six to 12 months.To read this article in full, please click here

LSA/LSP Flooding in OSPF and IS-IS

Peter Paluch loves blogging in microchunks on Twitter ;) This time, he described the differences between OSPF and IS-IS, and gracefully allowed me to repost the explanation in a more traditional format.


My friends, I happen to have a different opinion. It will take a while to explain it and I will have to seemingly go off on a tangent. Please have patience. As a teaser, though: The 2Way state between DRothers does not improve flooding efficiency – in fact, it worsens it.