One of my readers encountered an interesting problem when upgrading a data center fabric to 100 Gbps leaf-to-spine links:
Fortunately my reader took a closer look at the data before they requested a wholesale replacement… and spotted an interesting pattern:
One of my readers encountered an interesting problem when upgrading a data center fabric to 100 Gbps leaf-to-spine links:
Fortunately my reader took a closer look at the data before they requested a wholesale replacement… and spotted an interesting pattern:
Today, we are excited to announce our commitment to support Calico and Calico Enterprise for the Amazon EKS-Distro, a Kubernetes distribution based on and used by Amazon EKS. EKS-D enables you to create reliable and secure Kubernetes clusters using the same versions of Kubernetes and its dependencies deployed by Amazon EKS.
We view EKS-D as further confirmation of the central role that Kubernetes plays in today’s IT infrastructure. We are excited to work with Amazon on this initiative to enable EKS-D users with the same robust enterprise networking and network security functionality that you rely on today to secure your EKS cluster deployments.
Tigera’s commitment to supporting EKS-D highlights our fundamental design principle of “choice”. Our customers can choose to use Calico and Calico Enterprise with their preferred Kubernetes distribution and use the same solution to operate seamlessly across different Kubernetes distributions, including multi-cloud multi-cluster and hybrid environments. Calico Enterprise, for example, allows you to manage multiple Kubernetes clusters to define, apply, and enforce consistent networking and security policy across all your clusters from a single master cluster. Adding EKS-D clusters, which use the same underlying versions of Kubernetes deployed by Amazon EKS, as an option for our customers Continue reading
I’m doing a series of three master classes through Juniper on various DC fabric topics—
Join Juniper’s Russ White, a widely published 30-year network engineering veteran, in a three-part masterclass exploring the data center. Choose from classes on data center fabric, physical topologies, or data center security.
From the schedule—
The world of information technology is filled, often to overflowing, with those who “know better.” For instance, I was recently reading an introduction to networking in a very popular orchestration system that began with the declaration that routing was hard, and therefore this system avoided routing. The document then went on to describe a system of moving packets around using multiple levels of Network Address Translation (NAT) and centrally configured policy-based routing (or filter-based forwarding) that was clearly simpler than the distributed protocols used to run large-scale networks. I thought, for a moment, of writing the author and pointing out the system in question had merely reinvented routing in a rather inefficient and probably broken way, but I relented. Why? Because I know RFC2915, rule 4, by heart:
Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network.
Ultimately, the people who built this system will likely not listen to me; rather, they are going to have to experience the pain caused by large-scale failures for themselves before they will listen. Many network Continue reading
For a point release, VMware NSX-T 3.1 is packed with a bunch of major features. One of these is modular migration, which is making its debut with this release. Customers had asked for an automated way to migrate just firewall rules and groups; modular migration, a new feature of Migration Coordinator, addresses exactly that request.
Taking a step back, Migration Coordinator is a tool that was introduced almost 18 months ago, with NSX-T 2.4, to enable customers to migrate from NSX for vSphere to NSX-T Data Center. It’s a free tool built into NSX-T Data Center that enables customers to migrate everything — from edges, to compute, to workloads — in an automated fashion and with a workflow that is similar to an in-place upgrade on existing hardware. This model of migration is called “in-place.”
From a resource perspective, in-place migration only needs enough resources to host NSX-T manager appliances and edges along with enough capacity per cluster to be Continue reading
Hello my friend,
Some time ago we’ve started sharing with you the details of pygnmi – our new open-source Python library created to simplify the management of the network elements with gNMI. The library is already almost fully operational and we want to start sharing the usage scenarios with you.
1
2
3
4
5 No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Every job, especially network operation, has lots of routing tasks, which are boing and time consuming. Some of such tasks could be already automated in your company, but the vast majority is still waiting you. In our trainings:
A while ago we had an interesting exchange of ideas around inserting high-availability network appliance into a public cloud environment (TL&DR: it was really hard until AWS introduced Gateway Load Balancing), and someone quickly pointed out we’re solving the wrong challenge because…
Azure Firewall […] is a fully stateful firewall-as-a-service with built-in high-availability.
Somehow he wasn’t too happy when I pointed out that there’s more to high availability than vendor marketing ;)
A while ago we had an interesting exchange of ideas around inserting high-availability network appliance into a public cloud environment (TL&DR: it was really hard until AWS introduced Gateway Load Balancing), and someone quickly pointed out we’re solving the wrong challenge because…
Azure Firewall […] is a fully stateful firewall-as-a-service with built-in high-availability.
Somehow he wasn’t too happy when I pointed out that there’s more to high availability than vendor marketing ;)
Python programming is now a required skill for network engineers. I recorded videos of myself as I learned and practiced Python programming. I think these videos, along with the links to learning resources associated with each video’s topic, serve as a good learning guide for network engineers getting started with Python programming.
This post collects links to all ten videos I created. Over the course of these videos, I wrote a program called Usermapper that reads a configuration file and builds an XML authentication file for the Guacamole web proxy. I also used the Git version control system and posted the code in my Usermapper GitHub repository
I learned some programming during my Electrical Engineering degree program many years ago. After I graduated, except for some basic scripting, I’ve not had to do any programming.
These videos do not cover the basics of Python. I strongly suggest you read a book about Python, or watch some video training (see suggestions below) before you start working through these videos. Before I started recording this first video, I read the O’Reilly book, Learning Python, and wrote a blog post about what I learned in the first Continue reading