Packet Bursts in Data Center Fabrics
When I wrote about the (non)impact of switching latency, I was (also) thinking about packet bursts jamming core data center fabric links when I mentioned the elephants in the room… but when I started writing about them, I realized they might be yet another red herring (together with the supposed need for large buffers in data center switches).
Here’s how it looks like from my ignorant perspective when considering a simple leaf-and-spine network like the one in the following diagram. Please feel free to set me straight, I honestly can’t figure out where I went astray.
Packet Bursts in Data Center Fabrics
When I wrote about the (non)impact of switching latency, I was (also) thinking about packet bursts jamming core data center fabric links when I mentioned the elephants in the room… but when I started writing about them, I realized they might be yet another red herring (together with the supposed need for large buffers in data center switches).
Here’s how it looks like from my ignorant perspective when considering a simple leaf-and-spine network like the one in the following diagram. Please feel free to set me straight, I honestly can’t figure out where I went astray.
Tech Bytes: Automating Network Troubleshooting With PathSolutions (Sponsored)
Today we’re talking about automating network troubleshooting. We’re sponsored by PathSolutions, maker of the TotalView network monitoring software. TotalView pulls in network and device data and then runs it through a heuristics engine to identify problems such as cabling faults, QoS misconfigurations, VLAN tagging faults, and others. The engine can surface up issues automatically to help network engineers identify and resolve problems. Our guest is Tim Titus, CTO at PathSolutions.
The post Tech Bytes: Automating Network Troubleshooting With PathSolutions (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Automating Network Troubleshooting With PathSolutions (Sponsored)
Today we’re talking about automating network troubleshooting. We’re sponsored by PathSolutions, maker of the TotalView network monitoring software. TotalView pulls in network and device data and then runs it through a heuristics engine to identify problems such as cabling faults, QoS misconfigurations, VLAN tagging faults, and others. The engine can surface up issues automatically to help network engineers identify and resolve problems. Our guest is Tim Titus, CTO at PathSolutions.Network Break 333: Cisco Acquires Optical Controller Software; DarkSide Gang Gets The Spotlight
This week's Network Break covers a pair of Cisco acquisitions, new path analysis capabilities from NetBeez, how the DarkSide ransomware gang is getting the spotlight, sleazy behavior from US broadband companies, and other tech news.Network Break 333: Cisco Acquires Optical Controller Software; DarkSide Gang Gets The Spotlight
This week's Network Break covers a pair of Cisco acquisitions, new path analysis capabilities from NetBeez, how the DarkSide ransomware gang is getting the spotlight, sleazy behavior from US broadband companies, and other tech news.
The post Network Break 333: Cisco Acquires Optical Controller Software; DarkSide Gang Gets The Spotlight appeared first on Packet Pushers.
The Effectiveness of AS Path Prepending (2)
Last week I began discussing why AS Path Prepend doesn’t always affect traffic the way we think it will. Two other observations from the research paper I’m working off of are:
- Adding two prepends will move more traffic than adding a single prepend
- It’s not possible to move traffic incrementally by prepending; when it works, prepending will end up moving most of the traffic from one inbound path to another
A slightly more complex network will help explain these two observations.
Assume AS65000 would like to control the inbound path for 100::/64. I’ve added a link between AS65001 and 65002 here, but we will still find prepending a single AS to the path won’t make much difference in the path used to reach 100::/64. Why?
Because most providers will have a local policy configured—using local preference—that causes them to choose any available customer connection over other paths. AS65001, on receiving the route to 100::/64 from AS65000, will set the local preference so it will prefer this route over any other route, including the one learned from AS65002. So while the cause is a little different in this case than the situation covered in the first post, the result is the Continue reading
VMware Wins 2021 Global InfoSec Award as Market Leader in Firewall
Today at RSA Conference 2021, we’re excited to announce that VMware is a winner of the CyberDefense Magazine 2021 Global InfoSec Award as Market Leader in Firewall. One of VMware’s core beliefs is that we need structural and architectural changes to how organizations approach security. This means taking a fresh look at how we approach issues such as internal data center security. This is exactly what led us to deliver the VMware NSX Service-defined Firewall.
The NSX Service-defined Firewall is one of the foundations of VMware Security. This solution is a unique distributed, scale-out internal firewall that protects all east-west traffic across all workloads without network changes. This radically simplifies the security deployment model. It includes a distributed firewall, advanced threat protection, and network traffic analytics. With the VMware NSX Service-defined Firewall, security teams can protect their organizations from cyberattacks that make it past the traditional network perimeter and attempt to move laterally. Its key differentiating capabilities include:
- Distributed, granular enforcement: The NSX Service-defined Firewall provides distributed and granular enforcement of security policies to deliver protection down to the workload level, eliminating the need for network changes.
- Scalability and throughput: Because it is distributed, the Service-defined Firewall is elastic, Continue reading
The Week in Internet News: U.S. Rolls Out Broadband Subsidy
Help is on the way: The U.S. government is offering a $50-a-month broadband subsidy for people who took a financial hit during the COVID-19 pandemic, CNet reports. The subsidies are part of a COVID-19 relief package passed by Congress in December. More than 825 broadband providers, including AT&T, Comcast and Verizon, are participating. Online soldiers: An […]
The post The Week in Internet News: U.S. Rolls Out Broadband Subsidy appeared first on Internet Society.
netsim-tools release 0.6.2
Last week we pushed out netsim-tools release 0.6.2. It’s a maintenance release, so mostly full of bug fixes apart from awesome contributions by Leo Kirchner who
- Made vSRX 3.0 work on AMD CPU (warning: totally unsupported).
- Figured out how to use vagrant mutate to use virtualbox version of Cisco Nexus 9300v Vagrant box with libvirt
Other bug fixes include:
- Numerous fixes in Ansible installation playbook
- LLDP on all vSRX interfaces as part of initial configuration
- Changes in FRR configuration process to use bash or vtysh as needed
- connect.sh executing inline commands with docker exec