Podcast: State of Multi-Cloud Networking
In mid-September Ethan Banks invited me to chat about multi-cloud networking in the Day Two Cloud podcast. It was just a few weeks after Corey Quinn published a fantastic Multi-Cloud is the Worst Practice rant, which perfectly matched my observations, so I came well prepared ;)
Going Postal
Over the past few months I've had the opportunity at various network operator meetings to talk about BGP routing security. As usual, these presentations include an opportunity for questions from the audience. Here are a small collection of such questions and my efforts at trying to provide an answer.The Cloud-Native Journey for Telecommunications: Leveraging Cloud Technologies the Right Way
The industry is turning to NFV and the Twelve-Factor App, a methodology for building software-as-a-service apps that are suitable for deployment on modern cloud platforms.Kolkata IX: The Maiden Community Internet Exchange in India
In 2015, the Internet Society Kolkata Chapter decided to create an Internet Exchange Point (IXP). It had just completed the installation of L-Root Instance, a critical Internet infrastructure to improve security and resiliency of the Web.
It chose the IXP model specifically because it was working towards hosting an authoritative Domain Name System (DNS) root zone for a top-level domain (TLD), another essential infrastructure of the Internet. But they didn’t know where to begin.
So, the team evaluated cost models and the market and held an outreach event with the Internet Service Provider (ISP) community. The engagement raised interest, but no one joined the IXP. The expectation was that Content Distribution Networks (CDN) would kick off the IXP, before others could join. Tushar Kanti Bhakta, a senior member of the Chapter’s board, suggested community building could help.
With no equipment, no members and no CDN, the team started community building efforts. It held workshops where it invited potential members to discuss Domain Name System Security Extensions, DNS, and the Border Gateway Protocol, the routing protocol for the Internet. Each workshop gave the team the opportunity to pitch the idea of a community IXP in Kolkata.
After two years of engagement, Continue reading
A Last Call for QUIC, a giant leap for the Internet
QUIC is a new Internet transport protocol for secure, reliable and multiplexed communications. HTTP/3 builds on top of QUIC, leveraging the new features to fix performance problems such as Head-of-Line blocking. This enables web pages to load faster, especially over troublesome networks.
QUIC and HTTP/3 are open standards that have been under development in the IETF for almost exactly 4 years. On October 21, 2020, following two rounds of Working Group Last Call, draft 32 of the family of documents that describe QUIC and HTTP/3 were put into IETF Last Call. This is an important milestone for the group. We are now telling the entire IETF community that we think we're almost done and that we'd welcome their final review.
Speaking personally, I've been involved with QUIC in some shape or form for many years now. Earlier this year I was honoured to be asked to help co-chair the Working Group. I'm pleased to help shepherd the documents through this important phase, and grateful for the efforts of everyone involved in getting us there, especially the editors. I'm also excited about future opportunities to evolve on top of QUIC v1 to help build a better Internet.
There are two aspects Continue reading
A Virtual Product Management Internship Experience
In July 2020, I joined Cloudflare as a Product Management Intern on the DDoS (Distributed Denial of Service) team to enhance the benefits that Network Analytics brings to our customers. In the following, I am excited to share with you my experience with remote working as an intern, and how I acclimatized into Cloudflare. I also give details about what my work entailed and how we approached the process of Product Management.
Onboarding to Cloudflare during COVID19
As a long-time user of Cloudflare’s Free CDN plan myself, I was thrilled to join the company and learn what was happening behind the scenes while making its products. The entering internship class consisted of students and recent graduates from various backgrounds around the world - all with a mutual passion in helping build a better Internet.
The catch here was that 2020 would make the experience of being an intern very different. As it was the case with many other fellow interns, it was the first time I had taken up work remotely from scratch. The initial challenge was to integrate into the working environment without ever meeting colleagues in a physical office. Because everything took place online, it was much harder Continue reading
ACI Fabric Access Policies Part 2: Physical Domain
Physical Domain
This section explains how to create a Physical Domain (Fabric Access Policy). It starts by mapping the REST call POST method and JSON Payload into Fabric Access Policy modeling. Then it explains how the same configurations can be done by using the APIC GUI. Phase 2 in Figure 1-15 illustrates the APIC Management Information Model (MIM) from the Physical Domain perspective. I have already added the object Phys-Standalone_ESXi_PHY into the figure. The format of the RN for this object is Prefix1-{name}, where the Prefix1 is “phys”. This gives us the RN “phys-Standalone_ESXi_PHY”.
Figure 1-15: Fabric
Access Policy Modeling: Physical Domain (click image to enlarge).
Continue reading
Weird: Wrong Subnet Mask Causing Unicast Flooding
When I still cared about CCIE certification, I was always tripped up by the weird scenario with (A) mismatched ARP and MAC timeouts and (B) default gateway outside of the forwarding path. When done just right you could get persistent unicast flooding, and I’ve met someone who reported average unicast flooding reaching ~1 Gbps in his data center fabric.
One would hope that we wouldn’t experience similar problems in modern leaf-and-spine fabrics, but one of my readers managed to reproduce the problem within a single subnet in FabricPath with anycast gateway on spine switches when someone misconfigured a subnet mask in one of the servers.
Weird: Wrong Subnet Mask Causing Unicast Flooding
When I still cared about CCIE certification, I was always tripped up by the weird scenario with (A) mismatched ARP and MAC timeouts and (B) default gateway outside of the forwarding path. When done just right you could get persistent unicast flooding, and I’ve met someone who reported average unicast flooding reaching ~1 Gbps in his data center fabric.
One would hope that we wouldn’t experience similar problems in modern leaf-and-spine fabrics, but one of my readers managed to reproduce the problem within a single subnet in FabricPath with anycast gateway on spine switches when someone misconfigured a subnet mask in one of the servers.
A video walk through of EVPN multihoming
You may have overheard someone talking about EVPN multihoming but do you know what it is? If you have, are you up to speed on the latest around it? I walk you through it all, beginning to end, in this three part video series. Watch all three below.
Chapter 1:
EVPN multihoming provides support for all-active server redundancy. In this intro to EVPN multihoming you will hear an overview of the feature and how it compares with EVPN-MLAG.
Chapter 2:
In this episode we dive into the various unicast packet flows in a network with EVPN multihoming. This includes, new data plane constructs such as MAC-ECMP and layer-2 nexthop-groups that have been introduced for the express purpose of EVPN-MH.
Chapter 3:
PIM-SM is used for optimizing flooded traffic in network with EVPN-MH. In this episode we walk through the implementation aspects of flooded traffic, including DF election and Split horizon filtering.
Want to know more? You can find more resources about EVPN and all things networking in our resource hub here.
ACI Fabric Access Policies Part 1: VLAN Pool
Introduction
Everything in ACI is managed as an Object. Each object belongs to a certain Class. As an example, when we create a VLAN Pool, we create an object that belongs to Class VlanInstP. Classes, in turn, are organized in Packages, Class VlanInstP belongs to Package fvns (fv = fabric virtualization, ns namespace). Figure 1-1 illustrates the classes that we are using in this chapter when we create Fabric Access Policies. Lines with an arrow represent Parent-Child structure and dotted lines represent a relationship (Rs) between classes. We will get back to Rs in becoming sections.
Figure 1-1: ACI Fabric Access Policies.
Continue reading
Modernization Myths: Monoliths and Microservices
We aren't modernizing apps; we're modernizing interaction with apps to enable a new means of engaging with the business.The Hedge Podcast #57: Brian Trammell and PANRG
Brian Trammell joins Alvaro Retana and Russ White to discuss the Path Aware Research Group in the IRTF. According to the charter page, PANRG “aims to support research in bringing path awareness to transport and application layer protocols, and to bring research in this space to the attention of the Internet engineering and protocol design community.”