The Week in Internet News: U.S Wants China-Free ‘Clean’ Internet
Scrubbing the Net: U.S. Secretary of State Mike Pompeo says he wants a “clean” Internet free of Chinese apps and network equipment, The Next Web reports. Pompeo also wants to keep U.S. cloud data away from Chinese companies and stop China from spying on traffic in undersea cables. Critics say Pompeo is trying to create a U.S. version of the Great Firewall of China. The Verge, meanwhile, says Pompeo’s announcement is “just bluster” for now.
NOTE: Please read the Internet Society’s statement on the U.S. Clean Network Program.
Trump vs. TikTok: In a related story, U.S. President Donald Trump has continued his fight against Chinese video app TikTok, recently issuing executive orders that would ban TikTok and fellow Chinese app WeChat in 45 days, CNet reports. Trump calls the use of these apps on U.S. devices a security problem, but he earlier gave TikTok time to sell to a more acceptable owner. Microsoft is interested in buying the video app.
Buy local: In yet another related story, the Economic Times reports that the use of locally made apps are surging after the Indian government took its own action against Chinese apps. In late June, Continue reading
Noction Flow Analyzer v 2.08 with support for Ubuntu
We’ve just released NFA v 2.08 with several improvements and some cool new features to help network administrators take their IP flow
The post Noction Flow Analyzer v 2.08 with support for Ubuntu appeared first on Noction.
Scale, Services, Simplicity: R6.0 Expands Broadcom-based Switch Portfolio and Showcases Multi-dimensional Innovation
Netvisor® ONE, UNUM and Insight Analytics 6.0 Release Highlights This past week marked a major step forward in our mission...What Your Handshake Says About You
A lot of people out there are interested in knowing what your handshake says about you. It is an implicit gesture that inadvertently starts a discussion at practically any gathering. This form of greeting is your first impression on the person you just shook hands with.
As indicated by an observation, everybody should give close consideration to their handshake. You might not know, but people are forming judgments and their opinions of you based on the handshake that you just initiated with them!
Different people initiate different types of handshakes. So, keep reading to find out different types of handshakes and what your handshake says about you.
Types of Handshakes and What Your Handshake Says About You
The Double Hander
A double hander is a type where the person uses his other hand to keep on the back of the hand of the person he is shaking hands with. This may indicate that the one initiating it is accepting the dominance of the other person, but wants to have a further discussion with him. It can also mean that the person doesn’t trust the person he is shaking hands with and keeping his second hand on the back of the Continue reading
MPLS Applications/Services
MPLS Applications, what are the MPLS Applications?. MPLS Applications mean MPLS Services. So what can we do with MPLS basically.
Although the very first purpose of MPLS was fast switching, by the time services/applications with MPLS evolved and there are just so many reasons to use MPLS.
Below are some of the most common use case , or in other words, Applications with MPLS.
Important MPLS applications/services for the network designers are listed below.
-
- Layer 2 MPLS VPN (EoMPLS, VPLS, EVPN , VXLAN EVPN etc.)
- Layer 3 MPLS VPN
- Inter-AS MPLS VPNs (Layer 2 or Layer 3)
- Carrier Supporting Carrier
- MPLS Traffic Engineering
- Seamless MPLS
- GMPLS (Generalized MPLS)
- MPLS Transport Profile (MPLS-TP)
MPLS infrastructure can have all of the above MPLS application/ services at the same time. Most of them are architecture, so MPLS Labeling protocols itself (such as LDP, RSVP) are not enough for providing above applications/services.
Usually MPLS protocols, are used commonly with BGP, IGP and other protocols.
I just wanted to mention what people mean when they talk about MPLS applications, thus I am keeping post short but before I finish the post, let me recommend you a book, called . ‘ MPLS Continue reading
Integrated Services QoS – Hard QoS
Integrated Services QoS – Hard QoS is first QoS approach, but currently we are not using. At the end of this post, you will know what is Integrated QoS, what was the idea with it and why it is not used today.
Quality of service (QoS) is the overall performance of a telephony or computer network, particularly the performance seen by the users of the network.
Two QoS approaches have been defined by standard organizations.
These are:
- Intserv (Integrated Services) and
- Diffserv (Differentiated Services).
Intserv QoS demands that every flow requests a bandwidth from the network and that the network would reserve the required bandwidth for the user during a conversation.
Think of this as on-demand circuit switching, each flow of each user would be remembered by the network. This clearly would create a resource problem (CPU, memory , bandwidth) on the network, and thus it was never widely adopted.
Not only allocation bandwidth for each and every flow on each network device in the path, but also keep tracking these flows and tearing down when the flow is terminated is very resource intensive and people thought this will not be scalable and we haven’t seen deployment for it.
Protocol Continue reading
Some must to know information about VPNs
VPN – Virtual Private Network is most common overlay mechanism in Networking. We have many of them, GRE, mGRE, IPSEC, DMVPN, GETVPN, LISP, FlexVPNs, MPLS VPNs and so on. But what are the important and fundamentals thing about VPNs?.In this post I will explain some of them.
Virtual Private Network is the logical entity, which is created over a physical infrastructure. It can be setup over another private network such as MPLS or public network such as Internet.
All VPN technologies add extra byte to the packet or frame, which increases the overall MTU so the network links should be accommodated to handle bigger MTU values.
VPN technologies work based on encapsulation and decapsulation.
For example GRE, mGRE and DMVPN encapsulate IP packets into another IP packet, VPLS and EVPN encapsulates Layer 2 frame into an MPLS packets.
You can run routing protocols over some VPN technologies but not all VPN technologies allow you to run routing protocols.
In order to support routing over tunnel, tunnel endpoints should be aware from each other.
For example MPLS Traffic Engineer tunnels don’t support routing protocols to run over, since the LSPs are unidirectional which mean Head-end Continue reading
OPEX and CAPEX in Network Design
OPEX and CAPEX are two important network design considerations. From the high level we should understand these two design requirements.
OpEx refers to operational expenses such as support, maintenance, labor, bandwidth and utilities. Creating a complex network design may show off your technical knowledge but it can also cause unnecessary complexity making it harder to build, maintain, operate and manage the network.
A well- designed network reduces OpEx through improved network uptime (which in turn can avoid or reduce penalties related to outages), higher user productivity, ease of operations, and energy savings. Consider creating the simplest solution that meets the business requirements.
CapEx refers to the upfront costs such as purchasing equipment, inventory, acquiring intellectual property or real estate. A well-thought design provides longer deployment lifespan, investment protection, network consolidation and virtualization, producing non-measurable benefits such as business agility and business transformation and innovation, thus reducing risk and lowering costs in the long run.
Last metric in the COST constraint is TCO (Total cost of ownership).
TCO is a better metric than pure CapEx to evaluate network cost, as it considers CapEx plus OpEx. Make your network designs cost-effective in the long run and do more Continue reading
Kubernetes and GKE learning series
I recently did a 4 week Kubernetes and GKE learning series in Google cloud. The goal here was to take some of the fundamental Kubernetes and GKE concepts and run them through with specific Qwiklabs to illustrate the concepts. Qwiklabs is a GCP sandbox environment to try out GCP technologies. The nice thing with Qwiklabs … Continue reading Kubernetes and GKE learning seriesTech Agility conference
I recently delivered a session on “Best practises for using Kubernetes in production” in Technical Agility conference. Considering that it’s COVID time, the conference itself was virtual. The conference was well organised and I enjoyed the Q&A session. Following is an abstract of my topic: Kubernetes has become the de facto Container orchestration platform over … Continue reading Tech Agility conferenceBGP Path Validation New Mechanism – AS Cones
When it comes to Routing Security, BGP Origin and Path Validation should be understood very well.
It is the problem of all, not just large Service Providers. Enterprises, Service Providers, Mobile Operators, basically whoever are interacting with Global Routing.
IRR, RPKI, BGPSEC, Origin Validation and Path Validation are the fundamentals of BGP Routing Security. We have many other posts for the subject on the website but in this post I want to share with you new approach for BGP Path Validation. It is called as AS-Cones.
At the moment, it is still IETF draft but soon it is expected to be Standard RFC.
I discussed it with the inventor of the mechanisms, Melchior Aelmans along with many other routing security topic and decided to share with you!
In the below video, Orhan Ergun, Melchior Aelmans and Jeff Tantsura, discussing new approaches in BGP Security – Path Validation.
They explain ASPA – Autonomous System Provider Authorization , and another approach AS-Cone and they compare those two.
Not only BGP Security Path Validation, but they identify the current known problems of the Global Routing Table/DFZ, such as Hijacks, different types of hijacks, route leaks and they discuss some prevention techniques such Continue reading
Flat/Single Level vs. Multi Level IS-IS Design Comparison
Flat/Single Level vs. Multi Level IS-IS Design Comparison. Flat routing means, without hierarchy, entire topology information of the network is known by each and every device in the network.
IS-IS has two levels. Thus, for IS-IS, Multi Level means Two Level IS-IS. Level 1 and Level 2.
When we have two levels, Level 1 routers don’t know the topology of Level 2 and vice versa. By hiding topology information of different level routers, scalability is achieved. Reason we achieve more scalable network is when there is a failure or new information added or metric changes in one Level, another level doesn’t run SPF algorithm.
But what are the design consideration when we have Flat or Multi Level IS-IS networks. Is Multi Level IS-IS design, which mean, Hierarchical IS-IS design always good? Answer is no. Although Multi Level provides Scalability, it comes with extra complexity and end to end routing convergence time increase.
So, I prepared below comparison charts to discuss different design aspects when it comes to IS-IS Single vs. Multi Level design.
If you like this comparison chart, you can see more of them in my CCIE Enterprise Training.
Four necessary steps in routing fast convergence
When it comes to fast convergence, first thing that we need to understand what is convergence?
Convergence is the time between failure and the recovery. Link, circuits, routers, switches all eventually fails. As a network designers, our job is to understand the topology and whenever there is qrequirement, add backup link or node. Of course, not every network, or not every place in the network requires redundancy though. But let’s assume, we want redundancy, thus we add backup link or node and we want to recover from the failure as quickly as possible, by hoping before Application timeout.
But what is the time for us to say , this network is converging fast. Unfortunately, there is no numerical value for it. So, you cannot say, 30 seconds , or 10 seconds , or 1 second is fast convergence. Your application convergence requirement might be much below 1 second.
Thus, I generally call ‘ Fast Convergence’ is the convergence time faster than default convergence value. Let’s say, OSPF on Broadcast media is converging in 50 seconds, so any attempt to make OSPF convergence faster than 50 seconds default convergence value is OSPF Fast Convergence on Broadcast media.
There Continue reading