Archive

Category Archives for "Networking"

Packet Forwarding and Routing over Unnumbered Interfaces

In the previous blog posts in this series, we explored whether we need addresses on point-to-point links (TL&DR: no), whether it’s better to have interface or node addresses (TL&DR: it depends), and why we got unnumbered IPv4 interfaces. Now let’s see how IP routing works over unnumbered interfaces.

The Challenge

A cursory look at an IP routing table (or at CCNA-level materials) tells you that the IP routing table contains prefixes and next hops, and that the next hops are IP addresses. How should that work over unnumbered interfaces, and what should we use for the next-hop IP address in that case?

Packet Forwarding and Routing over Unnumbered Interfaces

In the previous blog posts in this series, we explored whether we need addresses on point-to-point links (TL&DR: no), whether it’s better to have interface or node addresses (TL&DR: it depends), and why we got unnumbered IPv4 interfaces. Now let’s see how IP routing works over unnumbered interfaces.

The Challenge

A cursory look at an IP routing table (or at CCNA-level materials) tells you that the IP routing table contains prefixes and next hops, and that the next hops are IP addresses. How should that work over unnumbered interfaces, and what should we use for the next-hop IP address in that case?

Juniper Networks upgrades its Apstra intent-based networking software

Juniper Networks is releasing the latest version of its Apstra intent-based networking software that includes new monitoring features and configuration templates as well as better integration with VMware’s NSX virtualization and security platform.In January, Juniper bought Apstra and its Apstra Operating System (AOS), which was developed from the start to support IBN features. Once deployed, AOS—now just called Apstra—keeps a real-time repository of configuration, telemetry and validation information to ensure the network is doing what customers want it to do. Apstra also includes automation features to provide consistent network and security policies for workloads across physical and virtual infrastructures.To read this article in full, please click here

Juniper Networks upgrades its Apstra intent-based networking software

Juniper Networks is releasing the latest version of its Apstra intent-based networking software that includes new monitoring features and configuration templates as well as better integration with VMware’s NSX virtualization and security platform.In January, Juniper bought Apstra and its Apstra Operating System (AOS), which was developed from the start to support IBN features. Once deployed, AOS—now just called Apstra—keeps a real-time repository of configuration, telemetry and validation information to ensure the network is doing what customers want it to do. Apstra also includes automation features to provide consistent network and security policies for workloads across physical and virtual infrastructures.To read this article in full, please click here

Cloudflare’s SOC as a Service

Cloudflare’s SOC as a Service

When Cloudflare started, sophisticated online security was beyond the reach of all but the largest organizations. If your pockets were deep enough, you could buy the necessary services — and the support that was required to operate them — to keep your online operations secure, fast, and reliable. For everyone else? You were out of luck.

We wanted to change that: to help build a better Internet. To build a set of services that weren’t just technically sophisticated, but easy to use. Accessible. Affordable. Part of this meant that we were always looking to build and equip our customers with all the tools they needed in order to do this for themselves.

Of course, a lot has changed since we started. The Internet has only increased in importance, fast becoming the most important channel for many businesses. Cybersecurity threats have only become more prevalent — and more sophisticated. And the products that Cloudflare offers to keep you safe on the Internet have attracted some of the largest and most recognizable organizations in the world.

Ask some of these larger organizations about cybersecurity, and they’ll tell you a few things: first, they love our products. But, second, that when something happens Continue reading

Full Stack Journey 054: Changes Big And Small

On today's Full Stack Journey podcast, host Scott Lowe shares some personal changes in his life, including leaving VMware for a startup called Kong, selling a house and moving, and buying and using an M1-based MacBook Pro. He shares his reflections on career changes, his decision-making process, and more.

Jerikan: a configuration management system for network teams

There are many resources for network automation with Ansible. Most of them only expose the first steps or limit themselves to a narrow scope. They give no clue on how to expand from that. Real network environments may be large, versatile, heterogeneous, and filled with exceptions. The lack of real-world examples for Ansible deployments, unlike Puppet and SaltStack, leads many teams to build brittle and incomplete automation solutions.

We have released under an open-source license our attempt to tackle this problem:

  • Jerikan, a tool to build configuration files from a single source of truth and Jinja2 templates, along with its integration into the GitLab CI system,
  • an Ansible playbook to deploy these configuration files on network devices, and
  • a redacted version of the configuration data and the templates for our, now defunct, datacenters in San Francisco and South Korea, covering many vendors (Facebook Wedge 100, Dell S4048 and S6010, Juniper QFX 5110, Juniper QFX 10002, Cisco ASR 9001, Cisco Catalyst 2960, Opengear console servers, and Linux), and many functionalities (provisioning, BGP-to-the-host routing, edge routing, out-of-band network, DNS configuration, integration with NetBox and IRRs).

Here is a quick demo to configure a new peering:

This work is the collective effort of Continue reading

Aruba Wi-Fi 6E access point to launch this fall

Business users looking for an upgrade to the very latest Wi-Fi standard, also known as Wi-Fi 6E, now have the option of Aruba’s new AP 635, the company announced this morning. Wi-Fi resources Test and review of 4 Wi-Fi 6 routers: Who’s the fastest? How to determine if Wi-Fi 6 is right for you Five questions to answer before deploying Wi-Fi 6 Wi-Fi 6E: When it’s coming and what it’s good for Wi-Fi 6E works much the same as Wi-Fi 6, sharing that standard’s improved ability to handle dense client environments, high throughput, and advanced multi-user and multi-antenna functionality. The new feature is the ability to use the 6GHz spectrum that the FCC opened in April 2020 to unlicensed users, representing a two-fold increase in the spectrum available for WI-Fi. That added spectrum means that Wi-Fi users can take advantage of much wider channels, leading to commensurately higher throughput.To read this article in full, please click here

Mythbusting: NFV Data Center Fabric Buffering Requirements

Every now and then I stumble upon an article or a comment explaining how Network Function Virtualization (NFV) introduces new data center fabric buffering requirements. Here’s a recent example:

For Telco/carrier Cloud environments, where NFVs (which are much slower than hardware SGW) get used a lot, latency is higher with a lot of jitter due to the nature of software and the varying link speeds, so DC-level near-zero buffer is not applicable.

It seems to me we’re dealing with another myth. Starting with the basics:

Mythbusting: NFV Data Center Fabric Buffering Requirements

Every now and then I stumble upon an article or a comment explaining how Network Function Virtualization (NFV) introduces new data center fabric buffering requirements. Here’s a recent example:

For Telco/carrier Cloud environments, where NFVs (which are much slower than hardware SGW) get used a lot, latency is higher with a lot of jitter due to the nature of software and the varying link speeds, so DC-level near-zero buffer is not applicable.

It seems to me we’re dealing with another myth. Starting with the basics:

Ampere updates server chip roadmap with focus on cloud computing

Ampere, the chip startup building Arm-based server processors and led by former Intel exec Renee James, has updated its product roadmap and announced new customers.The biggest news is that the company is designing its own custom cores for release in 2022. Ampere Altra processors are already on the market but use the Neoverse core from Arm. When it introduces the next generation Ampere built on a 5nm process next year, it will be with a homegrown core optimized around cloud workloads."If you go back to the objectives we had, which were delivering predictable, high performance, scalability and power efficiency, we really need to develop our own cores ... to be able to actually focus in on the exact way that the cloud wants single-threaded performance," Jeff Wittich, chief product officer for Ampere, told Network World.To read this article in full, please click here

Ampere points server chip roadmap toward cloud computing

Ampere, the chip startup building Arm-based server processors and led by former Intel exec Renee James, has updated its product roadmap and announced new customers.The biggest news is that the company is designing its own custom cores for release in 2022. Ampere Altra processors are already on the market but use the Neoverse core from Arm. When it introduces the next generation Ampere built on a 5nm process next year, it will be with a homegrown core optimized around cloud workloads."If you go back to the objectives we had, which were delivering predictable, high performance, scalability and power efficiency, we really need to develop our own cores ... to be able to actually focus in on the exact way that the cloud wants single-threaded performance," Jeff Wittich, chief product officer for Ampere, told Network World.To read this article in full, please click here

Ampere updates server chip roadmap with focus on cloud computing

Ampere, the chip startup building Arm-based server processors and led by former Intel exec Renee James, has updated its product roadmap and announced new customers.The biggest news is that the company is designing its own custom cores for release in 2022. Ampere Altra processors are already on the market but use the Neoverse core from Arm. When it introduces the next generation Ampere built on a 5nm process next year, it will be with a homegrown core optimized around cloud workloads."If you go back to the objectives we had, which were delivering predictable, high performance, scalability and power efficiency, we really need to develop our own cores ... to be able to actually focus in on the exact way that the cloud wants single-threaded performance," Jeff Wittich, chief product officer for Ampere, told Network World.To read this article in full, please click here

Ampere points server chip roadmap toward cloud computing

Ampere, the chip startup building Arm-based server processors and led by former Intel exec Renee James, has updated its product roadmap and announced new customers.The biggest news is that the company is designing its own custom cores for release in 2022. Ampere Altra processors are already on the market but use the Neoverse core from Arm. When it introduces the next generation Ampere built on a 5nm process next year, it will be with a homegrown core optimized around cloud workloads."If you go back to the objectives we had, which were delivering predictable, high performance, scalability and power efficiency, we really need to develop our own cores ... to be able to actually focus in on the exact way that the cloud wants single-threaded performance," Jeff Wittich, chief product officer for Ampere, told Network World.To read this article in full, please click here

Containerising NVIDIA Cumulus Linux

In one of his recent posts, Ivan raises a question: “I can’t grasp why Cumulus releases a Vagrant box, but not a Docker container”. Coincidentally, only a few weeks before that I had managed to create a Cumulus Linux container image. Since then, I’ve done a lot of testing and discovered limitations of the pure containerised approach and how to overcome them while still retaining the container user experience. This post is a documentation of my journey from the early days of running Cumulus on Docker to the integration with containerlab and, finally, running Cumulus in microVMs backed by AWS’s Firecracker and Weavework’s Ignite.

Innovation Trigger

One of the main reason for running containerised infrastructure is the famous Docker UX. Containers existed for a very long time but they only became mainstream when docker released their container engine. The simplicity of a typical docker workflow (build, ship, run) made it accessible to a large number of not-so-technical users and was the key to its popularity.

Virtualised infrastructure, including networking operating systems, has mainly been distributed in a VM form-factor, retaining much of the look and feel of the real hardware for the software processes running on top. However it Continue reading

Viewing compressed file content on Linux without uncompressing

If you need to check the contents of a compressed text file on Linux, you don't have to uncompress it first. Instead, you can use a zcat or bzcat command to extract and display file contents while leaving the file intact. The "cat" in each command name tells you that the command's purpose is to display content. The "z" tells you that it works with compressed files.Which of the two commands to use depends on the type of compressed file you are examining. If the file was compressed with gzip or zip, you would use the zcat command. If the file was compressed with bzip2, you would use the bzcat command. On some systems, zcat might be called gzcat.To read this article in full, please click here