Archive

Category Archives for "Networking"

Musings on IP Packet Reordering

During the Comparing Transparent Bridging and IP Routing part of How Networks Really Work webinar I said something along the lines of:

While packets should never be reordered in transit in transparent bridging, there’s no such guarantee in IP networks, and IP applications should tolerate out-of-order packets.

One of my regular readers who designs and builds networks supporting VoIP applications disagreed with that citing numerous real-life examples.

Of course he was right, but let’s get the facts straight first:

Read more …

For sale: Used, low-mileage hyperscaler servers

A company that specializes in creating second lives for IT hardware is expanding its initiative to reengineer and sell decommissioned data-center equipment from the major hyperscale operators that are aggressively replacing relatively new hardware.ITRenew announced the plan at the recent Open Compute Project (OCP) conference, promising to sell full servers previously owned by the big operators, reengineered, warrantied, and configured for turnkey uses like web serving and Kubernetes. ITRenew launched its first server racks two years ago and is now making the initiative more broadly available to all industries so more potential customers can buy OCP-certified hardware. To read this article in full, please click here

Choose flexible edge deployments carefully

Many edge-computing deployments are driven by very specific needs, but since new needs may arise down the road with a different set of edge requirements, IT leaders should adopt edge-computing architectures with flexibility and adaptability in mind.The fact that all edge-computing systems have certain things in common – complex combinations of hardware, applications, infrastructure software and networking – doesn’t mean they should all have the same design.[Get regularly scheduled insights by signing up for Network World newsletters.] Every new project requires highly specialized software and integrated custom networking to deliver on project goals across such diverse applications as industrial control, autonomous transportation, health services, public safety and energy management. Each use case will have its unique requirements in terms of performance, response times, quantity of data to be gathered and processed, and cost.To read this article in full, please click here

Calico Enterprise 3.0 with Calico Multi-Cluster Management

As our enterprise customers build out large, multi-cluster Kubernetes environments, they are encountering an entirely new set of security challenges, requiring solutions that operate at scale and can be deployed both on-premises and across multiple clouds.

Today we are thrilled to announce the release of Calico Enterprise 3.0 and the availability of Calico Multi-Cluster Management, a game-changing solution that provides centralized management for network security across every Kubernetes cluster in your organization.

Calico Multi-Cluster Management

Calico Multi-Cluster Management provides a centralized management plane and single point of control for multi-cluster and multi-cloud environments. Calico Enterprise’s centralized control simplifies and speeds routine maintenance, leaving more time for your platform team to address other important tasks.

For example, instead of logging in to 50 clusters one-at-a-time to make a policy change, with a single log-in to Calico Enterprise you can apply policy changes consistently across all 50 clusters. You can also automatically apply existing network security controls to new clusters as they are added.

Calico Multi-Cluster Management includes centralized log management, troubleshooting with Flow Visualizer, and cluster-wide IDS (intrusion detection). It also provides compliance reporting, and alerts on non-compliance and indicators of compromise. Alerts are sent to SIEMs, including Splunk and Continue reading

Learning from the Post-Mortem

Post-mortem reviews seem to be quite common in the software engineering and application development sides of the IT world—but I do not recall a lot of post-mortems in network engineering across my 30 years. This puzzling observation sprang to mind while I was reading a post over at the ACM this last week about how to effectively learn from the post-mortem exercise.

The common pattern seems to be setting aside a one hour meeting, inviting a lot of people, trying to shift blame while not actually saying you are shifting blame (because we are all supposed to live in a blame-free environment now—fix the problem, not the blame!), and then … a list is created on a whiteboard, pictures are taken, and everyone walks away with a rock-solid plan to never do that again.

In a few months’ time, the same team will be in the same room, draw the same drawings, and say the same things all over again. At least that is the way it seems to me. If there is an effective post-mortem process in use by a company someplace, I do not think I have seen it.

From the article—

Are we missing anything in Continue reading

Are We Ready to Work from Home in the Middle East?

Even before COVID-19, political and economic scenes within the MENA region were changing. Differences across economies, politics, religion, and even the weather kept governments occupied.

Amid all that, the region has been shaken by COVID-19 as nations have moved operations into the home.

Looking at this from a technology perspective, we must ask ourselves: Are we ready for this? Are we able to transfer all our businesses and schools to our homes? Do we have an adequate Internet-based economy and good quality connectivity to back up the huge demand?

There’s no question that the Internet provides significant economic and social benefits. COVID-19 has made that especially clear. For many parts of the world, it has allowed us to carry on. But for the first time, governments have had to face the reality that there is no time for pilot projects. This is happening and it is happening now.

COVID-19 has opened the world’s eyes to how critical the Internet is for the economy. How can the Middle East build on what COVID-19 has taught us about the Internet and connectivity? The Internet Society has released two papers that can help develop the answers: “Middle East & North Africa Internet Continue reading

Build an OpenStack/Ceph cluster with Cumulus Networks in GNS3: part 2

Adding virtual machine images to GNS3

I’m going to assume that at this stage, you’ve got a fully working (and tested) GNS3 install on a suitably powerful Linux host. Once that is complete, the next step is to download the two virtual machine images we discussed in part 1 of this blog, and integrate them into GNS3.

In my setup, I downloaded the Cumulus VX 4.0 QCOW2 image (though you are welcome to try newer releases which should work), which you can obtain by visiting this link: https://cumulusnetworks.com/accounts/login/?next=/products/cumulus-vx/download/

I also downloaded the Ubuntu Server 18.04.4 QCOW2 image from here: https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img

Once you have downloaded these two images, the next task is to integrate them into GNS3. To do this:

  1. Select Edit > Preferences in the GNS3 interface.
  2. When the Preferences dialog pops up, from the left pane select QEMU VMs, then click New.
  3. Enter a name for the Image (e.g. Cumulus VM 4.0)
  4. Select the Qemu binary, and specify default RAM size for each instance (I used 1024MB). You can override this for each VM you create on the GNS3 canvas, so don’t worry too much about it.
  5. Select the Continue reading

Network Break 284: Dell Technologies Announces SONiC Distro; Microsoft Acquires Metaswitch Networks

Today's Network Break asks if enterprises want a supported SONiC network OS, Microsoft acquires Metaswitch Networks, VMware buys Kubernetes security platform Octarine, Cisco announces quarterly results, and more tech news.

The post Network Break 284: Dell Technologies Announces SONiC Distro; Microsoft Acquires Metaswitch Networks appeared first on Packet Pushers.

The Week in Internet News: COVID-19 Tracing Creates Opportunities, Raises Concerns

Electronic doorman: In many restaurants, offices, and other locations in China, visitors must now show their COVID-19 risk status through a phone app before they are allowed entry, reports Agence-France Presse on Yahoo News. “A green light lets you in anywhere. A yellow light could send you into home confinement. The dreaded red light throws a person into a strict two-week quarantine at a hotel.” This use of contact tracing is raising privacy alarms in other countries.

Conflicting apps: Meanwhile, the Australian government’s new COVID-19 tracing app may interfere with Bluetooth-connected medical devices, including those used by people with diabetes, the Sydney Morning Herald reports.  Diabetes Australia has warned users of continuous glucose monitoring apps that there may be connection problems.

Keeping track of yourself: In Japan, a 16-year-old student has designed an app that allows users to keep track of their whereabouts on their mobile phones, to help with contact tracing, The Associated Press reports on Japan Times. If a user is diagnosed with COVID-19, the Asiato app can tell them where they’ve been in recent weeks. This allows users to reach out to people they may have infected or to inform health authorities.

A digital human touch: Continue reading

DeepLinks and ScrollAnchor

DeepLinks and ScrollAnchor

To directly quote Wikipedia:

“Deep linking is the use of a hyperlink that links to a specific, generally searchable or indexed, piece of web content on a website (e.g. http://example.com/path/page), rather than the website's home page (e.g., http://example.com). The URL contains all the information needed to point to a particular item.”

There are many user experiences in Cloudflare’s Dashboard that are enhanced by the use of deep linking, such as:

  • We’re able to direct users from marketing pages directly into the Dashboard so they can interact with new/changed features.
  • Troubleshooting docs can have clearer, more intently directions. e.g. “Enable SSL encryption here” vs “Log into the Dashboard, choose your account and zone, navigate to the security tab, change SSL encryption level, blah blah blah”.

One of the interesting challenges with deep linking in the Dashboard is that most interesting resources are “locked” behind the context of an account and a zone/domain/website. To illustrate this, look at a tree of possible URL paths into Cloudflare’s Dashboard:

dash.cloudflare.com/ -> root-level resources: login, sign-up, forgot-password, two-factor

dash.cloudflare.com/<accountId>/ -> account-level resources: analytics, workers,  Continue reading

Intent-Based Networking: Another Victim of Sturgeon’s Law

A few days ago Greg Ferro published an interesting post claiming DHCP is an example of intent-based networking (a bit less tongue-in-cheek than my “so is OSPF configuration” rant from 2017). BTW, so is RADIUS or TACACS+ ;)

He got quickly “corrected” by Phil Gervasi who loosely relied on Gartner’s definition of Intent-Based Networking, and claimed that an intent-based networking system should have three major components:

Read more …

GNMI. Part 2. Decoding Protobuf messages with Python.

Hello my friend,

In the previous blogpost we started the discussion about the gNMI/Protobof approach to network automation by creating the Protobuf message. Today we continue it showing read the Protobuf messages.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Network automation training – self-paced and live online

Network automation is a must-have technology set in all the industries these days. It is no more the matter of innovation, it is a matter of normal business operation. And we are happy to help you and your company with automation by providing the necessary holistic knowledge, skills and tools to make your automation journey successful:

At this training we teach you all the necessary concepts such as YANG data modelling, working with JSON/YAML/XML/Protobuf data formats, Linux administration basics, programming in Bash/Ansible/Python for multiple network operation systems including Cisco IOS XR, Nokia SR OS, Arista EOS and Cumulus Linux. All the most useful things such as NETCONF/RESTCONF, REST API, gNMI, OpenConfig and many others. Don’t miss Continue reading

Colorization of RFC 2992(Analysis of an ECMP Algorithm)

Motivation

I recently observed a conversation around ECMP/Hash buckets which made me realize on how the end to end concept is not very well understood. So this provided me enough motivation to write about this topic which will be covered in various upcoming blog posts. But while thinking about the subject, I ran into an interesting RFC RFC2992. This RFC goes through a simple mathematical proof which I found impressive due to the fact that someone wrote that in ASCII in 2000. My intent in this blog post is to provide some colorization to the RFC and perhaps cover a bit more in detail.

Introduction

In the RFC, the focus is on Hash-threshold implementation for mapping hash values to the next-hop. To re-iterate for completeness sake, we all know that a router computes a hash key based on certain fields, like SRC IP, DST IP, SRC Port, DST Port by performing a hash (CRC16, CRC32, XOR16, XOR32 etc.). This hash gets mapped to a region and the next-hop assigned to that region is where the flow get’s assigned.

For example,assume that we have 5-next hops to choose from and we have a key space which is 40 bits wide. Continue reading

SONiC and White Box switches in the Enterprise DC! – Part 3

After discussing the architecture of our design during part 1, and the underlay configuration during part 2, today i’ll show how the overlay it’s configured and hopefully we will be able to draw our conclusions to the question: Are SONiC and White Box switches ready to be used in the enterprise DC?

Our two servers will be connected with LACP and trunk interfaces. 1 VLAN will be bridged (no SVI) and both servers will have an interface into such vlan so that layer 2 can be tested.
Other 2 vlans instead will each be configured on a different pair of switches together with an SVI so that Layer 3 symmetric IRB can be tested.

VRF Configuration

First of all, let’s create a VRF. This vrf requires an VLAN and a Layer 3 VNI for symmetric IRB to function. Configuration is really simple, but a small caveat must be overlooked, specifically every vrf must contain the prefix Vrf- in the name.

From a configuration point of view, we have to follow the usual steps:

  1. Create a VRF
  2. Create a Vlan and allow it to the peer-link port channel
  3. Create a SVI interface and assign it to the VRF itself
  4. Continue reading
1 795 796 797 798 799 3,442