Archive

Category Archives for "Networking"

Prisma Access 2.0 Enables Painless Migration From Hardware Web Proxies

This guest post is by Drew Conry-Murray on behalf of Palo Alto Networks. We thank Palo Alto Networks for being a sponsor. Prisma Access, which delivers security services via the cloud, has added an explicit proxy feature in the 2.0 version. This feature can help companies migrate off of hardware-based proxies while still protecting Web […]

The post Prisma Access 2.0 Enables Painless Migration From Hardware Web Proxies appeared first on Packet Pushers.

IPv6 Buzz 075: Why Wells Fargo Bought Into IPv6

In this week's IPv6 Buzz episode, Ed, Scott, and Tom chat with John Burns, a lead architect at Wells Fargo, about the relatively early adoption of IPv6 at the company. The discussion also covers adoption trends in the financial sector as a whole, along with the key challenges and opportunities of the protocol.

The post IPv6 Buzz 075: Why Wells Fargo Bought Into IPv6 appeared first on Packet Pushers.

Risks and Rewards of the U.S. Broadband Funding Boom

The COVID-19 pandemic has taught us once and for all that broadband access is critical infrastructure. Without it, communities cannot work, learn, or earn online – a necessity during stay-at-home orders. And policymakers are taking notice. In the past few months, trillions of dollars have been proposed by the House, Senate, and White House for […]

The post Risks and Rewards of the U.S. Broadband Funding Boom appeared first on Internet Society.

Branch predictor: How many “if”s are too many? Including x86 and M1 benchmarks!

Branch predictor: How many
Branch predictor: How many

Some time ago I was looking at a hot section in our code and I saw this:


	if (debug) {
    	  log("...");
    }
    

This got me thinking. This code is in a performance critical loop and it looks like a waste - we never run with the "debug" flag enabled[1]. Is it ok to have if clauses that will basically never be run? Surely, there must be some performance cost to that...

Just how bad is peppering the code with avoidable if statements?

Back in the days the general rule was: a fully predictable branch has close to zero CPU cost.

To what extent is this true? If one branch is fine, then how about ten? A hundred? A thousand? When does adding one more if statement become a bad idea?

At some point the negligible cost of simple branch instructions surely adds up to a significant amount. As another example, a colleague of mine found this snippet in our production code:


const char *getCountry(int cc) {
		if(cc == 1) return "A1";
        if(cc == 2) return "A2";
        if(cc == 3) return "O1";
        if(cc == 4) return "AD";
        if(cc == 5) return "AE";
        if(cc == 6) return "AF";
         Continue reading

Nokia Lab | LAB 7 RSVP-TE Resource reservation |


Hello!

We're going ahead with constraint-based routing and today let's take a look into one of them in more detail - reservation of bandwidth resources.
I'm using topology and configuration from the previous lab.
Please check my first lab for input information.

Topology example

Lab tasks and questions:
  • Signaling and Reserving Bandwidth Requirements
  • create LSP from R1 to R6. The primary path should have bandwidth constraint (e.g. 500Mbit/s)
  • describe reserving bandwidth process
  • examine signaling with cspf and no cspf option
  • examine opaque LSA
    • check maximum bandwidth, reservable bandwidth, and unreserved bandwidth fields
    • Any changes after LSP signaling?
    • change path bandwidth and check opaque LSA again. Pay attention to Age and Sequence especially. What is a problem that can occur if we have an unstable network and a lot of LSP with bandwidth constraints?
    • How can we decrease the amount of LSA flood?
    • configure Threshold-Triggered IGP TE Updates and examine how it works
  • Bandwidth Reservation Styles
    • configure LSP to_R6 with primary "totally loose" path (bandwidth 200Mbit/s) and standby secondary "totally loose" path (bandwidth 300Mbit/s)
    • find a shared link
    • examine TED
    • What is unreserved bandwidth?
    • What is the default Bandwidth Reservation Style?
    • change Bandwidth Reservation Style and examine TED again
  • Least-Fill Bandwidth Reservation
  • Real-Life: How to Start Your Automation Journey

    I love hearing real-life “how did I start my automation journey” stories. Here’s what one of ipSpace.net subscribers sent me:


    • Make peace with your network engineering soul and mind and open up to the possibility that the world has moved on to something else when it comes to consuming apps and software. Back in 2017, this was very hard on me :)

    Real-Life: How to Start Your Automation Journey

    I love hearing real-life “how did I start my automation journey” stories. Here’s what one of ipSpace.net subscribers sent me:


    • Make peace with your network engineering soul and mind and open up to the possibility that the world has moved on to something else when it comes to consuming apps and software. Back in 2017, this was very hard on me :)

    IBM embraces zero trust with upgraded Cloud Pak service

    IBM has taken the wraps off a version of its Cloud Pak for Security that aims to help customers looking to deploy zero-trust security facilities for enterprise resource protection.IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of private or public infrastructure, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.To read this article in full, please click here

    IBM embraces zero trust with upgraded Cloud Pak service

    IBM has taken the wraps off a version of its Cloud Pak for Security that aims to help customers looking to deploy zero-trust security facilities for enterprise resource protection.IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of private or public infrastructure, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.To read this article in full, please click here

    Use Containerlab to emulate open-source routers

    Containerlab is a new open-source network emulator that quickly builds network test environments in a devops-style workflow. It provides a command-line-interface for orchestrating and managing container-based networking labs and supports containerized router images available from the major networking vendors.

    More interestingly, Containerlab supports any open-source network operating system that is published as a container image, such as the Free Range Routing (FRR) router. This post will review how Containerlab works with the FRR open-source router.

    While working through this example, you will learn about most of Containerlab’s container-based features. Containerlab also supports VM-based network devices so users may run commercial router disk images in network emulation scenarios. I’ll write about building and running VM-based labs in a future post.

    While it was initially developed by Nokia engineers, Containerlab is intended to be a vendor-neutral network emulator and, since its first release, the project has accepted contributions from other individuals and companies.

    The Containerlab project provides excellent documentation so I don’t need to write a tutorial. But, Containerlab does not yet document all the steps required to build an open-source router lab that starts in a pre-defined state. This post will cover that scenario so I hope it adds something of Continue reading

    Application Performance in the Age of SD-WAN

    Mike Hicks Mike is a principal solutions analyst at ThousandEyes, a part of Cisco, and a recognized expert with more than 30 years of experience in network and application performance. In the olden days, users were in offices and all apps lived in on-premises data centers. The WAN (wide area network) was what connected all of them. Today, with the adoption of SaaS apps and associated dependencies such as cloud services and third-party API endpoints, the WAN is getting stretched beyond recognition. In its place, the internet is directly and exclusively carrying a large — if not majority — share of all enterprise traffic flows. Enterprises are increasingly moving away from legacy WANs in favor of internet-centric, software-defined WANs, also called SD-WANs or software-defined networking in a wide area network. Architected for interconnection with cloud and external services, adopting SD-WANs can play a critical role in making enterprise networks cloud-ready, more cost-efficient and better suited to delivering quality digital experiences to customers and employees at all locations. But the transformation brings new visibility needs, and ensuring that SD-WAN delivers on expectations requires a new approach to monitoring that addresses network visibility and application performance equally. WAN in the Light of Continue reading

    Lambada Community of Tamil Nadu Now Connected to the Internet

    It’s been decades since the development of the Internet. Yet there are still many people around the world without any kind of connectivity. Some villages don’t know about popular services like Facebook, WhatsApp, and Instagram, and there are tribal communities who have lived their whole lives completely unconnected to the outside world. When information as […]

    The post Lambada Community of Tamil Nadu Now Connected to the Internet appeared first on Internet Society.

    Juniper takes SASE security control to the cloud

    Juniper Networks has laid a key part of its Secure Access Services Edge (SASE) foundation with a cloud-based security-control service that provides a central way to control and protect on-premises or cloud-based enterprise resources.Called Security Director Cloud, the service focuses Juniper's SASE efforts by providing a central point to manage enterprise security services including policy setting, and threat-detection and -prevention.Juniper (like other key enterprise networking vendors such as Cisco, Hewlitt-Packard Enterprise (Aruba) and VMware, as well as service providers including Cato Networks, Akamai, and Zscaler) has pledged allegiance to growing SASE support in its product families.To read this article in full, please click here