VXLAN Book errata updates 30-Nov, 2019
Editions done on 30 November 2019: These updates are made in both pdf-book (available at Leanpub.com) and the paperback version (available at Amazon).
Questions to Ask About Product Using Overhyped Technology
I stumbled upon a great MIT Technology Review article (warning: regwall ahead) with a checklist you SHOULD use whenever considering a machine-learning-based product.
While the article focuses on machine learning at least some of the steps in that list apply to any new product that claims to use a brand new technology in a particular problem domain like overlay virtual networking with blockchain:
Read more ...SDxCentral’s Top 10 Articles — November 2019
Juniper Guns for Cisco, Aruba With Mist AI; Michael Dell: The Future of Tech Is Autonomous; and HPE...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
5G Is No Panacea for IoT
Industry observers agree that the outlook for IoT is up, but the trajectory of that growth and...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Worth Reading: Resilience Engineering
Starting with my faking disaster recovery tests blog post Terry Slattery wrote a great article delving into the intricacies of DR testing, types of expected disasters, and resilience engineering. As always, a fantastic read from Terry.
Fast Friday- Perry Mason Moments
It’s the Thanksgiving holiday weekend in the US which means lots of people discussing things with their relatives. And, as is often the case, lots of arguments. It’s the nature of people to have a point of view and then to want to defend it. And it’s not just politics or other divisive topics. We see it all the time in networking too.
EIGRP vs OSPF. Cisco vs Juniper. ACI vs NSX. You name it and we’ve argued about it. Every viewpoint has a corresponding counterpart. Yes, there are good points for using one versus the other. But there are also times when every piece of factual information doesn’t matter because we “know” the right answer.
It’s those times when we run into what I call the “Perry Mason Problem”. It’s a reminder of the old Perry Mason TV show when the lawyer in the title would win a case with a carefully crafted statement that just ends any arguments. It’s often called a Wham Line or an Armor-Piercing Question. Basically, Mr. Mason would ask a question or make a statement that let all the air out of the argument. And often it would result in him winning the case Continue reading
Getting traffic into GKE Cluster
In this blog, I will talk about different options for getting traffic from external world into GKE cluster. The options described are: Network load balancer(NLB) Http load balancer with ingress Http load balancer with Network endpoint groups(NEG) nginx Ingress controller Istio ingress gateway For each of the above options, I will deploy a simple helloworld … Continue reading Getting traffic into GKE Cluster[4/4] Composition & Service Function Chaining in Network Service Meshes
Following the Path
Welcome to part four of this series. This this final part, we will explore our options for networking a composed application, from a de-composed monolith or set of microservices.
Here is a logical set of options:
-
Proxy: Having a network kernel, ADC or proxy for every component to handle implementation of the service chain. Sidecars quickly solve an issue, but double component count within a mesh. Proxies work well in public and private clouds, but for commercial applications may incur license costs as well as higher resource utilisation to cover the sidecar container.
-
Language specific libraries: which wrap your application packets in a NSH handling outer encapsulation. No sidecar required, no modification of a host. This adds complexity to software development in terms of modified socket libraries, but a well designed and implemented library does not expose the complexity. All your code has to do, is accept connections through a modified socket library. This works in the cloud providing security policies and routing domains allow it.
-
Overlay: Add flow data to forwarding entities. Let’s face it, this isn’t going to happen in a cloud environment unless you’ve implemented a full overlay. An OpenVSwitch (OVS) overlay network would Continue reading
[3/4] Composition & Service Function Chaining in Network Service Meshes
Application De-Composition
Applications are ever evolving and so are the architecture patterns:
MONOLITH -> MICROSERVICES -> FUNCTIONS + FLOWS
Monoliths were easy. Route to them and send the returned packets back to their source.
Microservices (MS) sees a monolith or new application being reduced to smaller self-contained parts, which may talk east-west or north-south. It’s quite common to see a proxy deal with inbound connections and internal communication between components hidden from external interactions. Internal communication typically is either point-to-point (also could be through a load balancer/proxy) or via a message bus of some description.
Functions & Flows makes life even more interesting. We further break down the components of microservices to individual functions that deliver pages, computation and web application components etc. More flow information exists on the whole and the number of points involved in an interaction with an application increase with every de-aggregated component deployed.
For brevity, I’m going to call Functions & Flows, F2. I’ve never seen it shortened to this, so if you see it elsewhere, let me know!
To add to this, MS and F2 components may reside on different infrastructure, separated by the internet and differing policies. Thus, deduced, different IP underlying capabilities.
[2/4] Composition & Service Function Chaining in Network Service Meshes
Not Storing State in the Network
OpenFlow (OF) adoption failed due to scalability of forwarding tables on ASICS, not so great controllers, lack of applications and a non-existent community. OpenFlow however is still useful today for overriding forwarding decision making on a hop-by-hop basis and handling exceptions from what would otherwise be a normal steady state forwarding decision. Exceptions like bypassing limited throughput devices like DPI nodes for large known file transfers are a classic use case. We don’t care beyond simple authentication (maybe) who the client is, so take our file and don’t consume resources doing it.
OpenFlow presents flow state to an ASIC, state that can be granular. If we use it for forwarding equivalency classes (FECs) then it’s no different to normal routing and frame forwarding. That wasn’t the goal and thus, it added to the list of failure reasons. A controller programs flows via an OpenFlow interface on a network element, flows which could time out automatically or be long-lived, requiring the controller to remove them. Also, flows can be programmed proactively from a network design, or reactively from the controller receiving a header packet and deciding what to do with it. Vendors naturally added to Continue reading
[1/4] Composition & Service Function Chaining in Network Service Meshes
This is part one of a series of posts on Application Composition within Network Service Meshes, otherwise known as Service Function Chaining, but at L7 ad not L3/L4.
In Network Service Meshes (NSM), it is a complex affair steering L7 requests and responses through the correct network of components. The current approach at the time of writing (November 27th 2019) is to accept requests on a proxy entity and couple that proxy to an application component through a data-plane. Ideally the model works in both private on-premises and cloud deployment models.
For the sake of building a mental image, this is a graph network that has both control-plane and data-plane attributes on nodes and vertexes.
In IP networking, IP packets are routed to their destination and return to their source, based on their destination IP header field and when policy requires it, we can use other fields like source IP, protocol and port numbers etc. In large networks (like the internet), it’s the destination field in the IP header. In both IPv4 and IPv6 there exists a means to steer packets through a network based on additional fields being present at the point of ingress to a network edge and Continue reading
Software I Use – Black Friday 2019
These are productivity and work apps that I use personally and recommend to people.
The post Software I Use – Black Friday 2019 appeared first on EtherealMind.
Passion and Dedication at the 4th Summit on Community Networks in Africa
The 4th Summit on Community Networks in Africa took place in Dodoma, Tanzania from 28 October to 2 November 2019 in partnership with the Association for Progressive Communications (APC) and hosted by the University of Dodoma. The format consisted of two days of valuable training sessions on defining the community network (CN) movement in Africa, the importance of exclusivity and communications in building CNs, and strategies for sustainability cooperative models among others. The next two days were dedicated to plenary sessions, which focused on discussions to promote the creation and growth of community networks, increase collaboration between CN operators in the region, and improve their business skills. The Summit concluded with a two-day site visit to the Kondoa Community Network for more hands-on technical learning and sharing of best practices.
This year, the Summit received 134 participants from 18 countries globally: Argentina, Cameroon, Canada, Democratic Republic of the Congo, France, Germany, Ethiopia, Kenya, Liberia, Malawi, Namibia, Nigeria, South Africa, Spain, Tanzania, Uganda, the U.K., and the U.S. Of these 36 participants were women and 77 participants were from Tanzania. The participation of women was notable – and important in addressing gender gaps related to access in particular.
Community Networks provide Continue reading
KubeCon Showed Kubernetes Is Big, but Is It a Unicorn?
People like to see horses, but people want to see a unicorn.
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Heavy Networking 490: Lessons Learned From A Large SD-WAN Deployment
With more than 2,800 branch deployments in North America alone, our guest Snehal Patel is running one of the largest SD-WAN deployments on the globe. He stops by the Heavy Networking podcast to share his experiences, both good and bad, on deployment and operations, management, training, security, working with carriers, and more. Snehal is a global network architect for a brand-name retailer.
The post Heavy Networking 490: Lessons Learned From A Large SD-WAN Deployment appeared first on Packet Pushers.
A History of HTML Parsing at Cloudflare: Part 2
The second blog post in the series on HTML rewriters picks up the story in 2017 after the launch of the Cloudflare edge compute platform Cloudflare Workers. It became clear that the developers using workers wanted the same HTML rewriting capabilities that we used internally, but accessible via a JavaScript API.
This blog post describes the building of a streaming HTML rewriter/parser with a CSS-selector based API in Rust. It is used as the back-end for the Cloudflare Workers HTMLRewriter. We have open-sourced the library (LOL HTML) as it can also be used as a stand-alone HTML rewriting/parsing library.
The major change compared to LazyHTML, the previous rewriter, is the dual-parser architecture required to overcome the additional performance overhead of wrapping/unwrapping each token when propagating tokens to the workers runtime. The remainder of the post describes a CSS selector matching engine inspired by a Virtual Machine approach to regular expression matching.
v2 : Give it to everyone and make it faster
In 2017, Cloudflare introduced an edge compute platform - Cloudflare Workers. It was no surprise that customers quickly required the same HTML rewriting capabilities that we were using internally. Our team was impressed with the platform Continue reading
IP Fabric with Gian-Paolo Boarina on Software Gone Wild
No, we were not talking about IP fabrics in general - IP Fabric is a network management software (oops, network assurance platform) Gian Paolo discovered a while ago and thoroughly tested in the meantime.
He was kind enough to share what he found in Episode 107 of Software Gone Wild, and as Chris Young succinctly summarized: “it’s really sad what we still get excited about something 30 years after it was first promised”… but maybe this time it really works ;)