Docker’s Success a Foundation for Its Struggles
“In a sense, Docker is almost a victim of its own success,” said 451 Research's Jay Lyman....
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
EVPN-VXLAN | Layer 3 Gateway | IRB | JUNOS
I often get asked about EVPN Layer 3 gateway options. And more specifically, what are the differences between IRB with Virtual Gateway Address (VGA) and IRB without VGA. There are many different options and configuration knobs available when configuring EVPN L3 gateway. But I’ve focused on the 3 most popular options that I see with my customers in EVPN-VXLAN environments in a centralised model. I’m also only providing the very basic configuration required.
Each IRB option can be considered an Anycast gateway solution seeing as duplicate IPs are used across all IRB gateways. However, there are some subtle, yet significant, differences between each option.
Regardless of the transport technology used, whether it be MPLS or VXLAN, a layer 3 gateway is required to route beyond a given segment.
This Week: Data Center Deployment with EVPN/VXLAN by Deepti Chandra provides in-depth analysis and examples of EVPN gateway scenarios. I highly recommend reading this book!
IRB Option 1
Duplicate IP | Unique MAC | No VGA
Duplicate IPs are configured on all gateway IRBs and unique MAC addresses are used (manually configured or IRB default). Virtual Gateway Address is not used.
EVPN provides the capability to automatically synchronise gateways Continue reading
It’s crowded in here!
We recently gave a presentation on Programming socket lookup with BPF at the Linux Plumbers Conference 2019 in Lisbon, Portugal. This blog post is a recap of the problem statement and proposed solution we presented.
Our edge servers are crowded. We run more than a dozen public facing services, leaving aside the all internal ones that do the work behind the scenes.
Quick Quiz #1: How many can you name? We blogged about them! Jump to answer.
These services are exposed on more than a million Anycast public IPv4 addresses partitioned into 100+ network prefixes.
To keep things uniform every Cloudflare edge server runs all services and responds to every Anycast address. This allows us to make efficient use of the hardware by load-balancing traffic between all machines. We have shared the details of Cloudflare edge architecture on the blog before.
Granted not all services work on all the addresses but rather on a subset of them, covering one or several network prefixes.
So how do you set up your network services to listen on hundreds of IP addresses without driving the network stack over the edge?
Cloudflare engineers have had to ask themselves this question Continue reading
You cannot cURL under pressure
You cannot cURL under pressure
cURL. The wonderful HTTP plumbing tool that powers both a lot of command line debugging and bash scripts, but also exists as a strong foundation in our applications in the form of libcurl.
Editing Files in a Docker Container
This is the quick and easy way I learned to edit some files within a Docker container. Professional DevOps engineers might be doing it in a different way, this is the network engineers way of doing things 
-Rakesh
Must read: Shades of Lock-in
Gregor Hohpe published an excellent series on Martin Fowler’s web site focusing on various aspects of lock-in. If nothing else, you SHOULD read the shades of lock-in part, and combine it with my thoughts on lock-in in data center networking.
What’s it like to come out as LGBTQIA+ at work?
Today is the 31st Anniversary of National Coming Out Day. I wanted to highlight the importance of this day, share coming out resources, and publish some stories of what it's like to come out in the workplace.
About National Coming Out Day
Thirty-one years ago, on the anniversary of the National March on Washington for Lesbian and Gay Rights, we first observed National Coming Out Day as a reminder that one of our most basic tools is the power of coming out. One out of every two Americans has someone close to them who is gay or lesbian. For transgender people, that number is only one in 10.
Coming out - whether it is as lesbian, gay, bisexual, transgender or queer - STILL MATTERS. When people know someone who is LGBTQ, they are far more likely to support equality under the law. Beyond that, our stories can be powerful to each other.
Each year on October 11th, National Coming Out Day continues to promote a safe world for LGBTQ individuals to live truthfully and openly. Every person who speaks up changes more hearts and minds, and creates new advocates for equality.
For more on coming out, visit HRC's Coming Out Continue reading
Tarek Kamel: A Loss to the Internet Community
It was indeed very sad news yesterday that Tarek Kamel passed away. Despite his suffering and illness, no one expected death could be that close. Just last week I was chatting with friends in common about his persistence in planning to attend the upcoming ICANN meeting in Montreal, with permission from his doctors. That was Tarek Kamel: always forward looking and a real fighter for what he believed in.
Tarek’s death moved not only his family and friends, but a wider group, especially in the Internet community. Let me share why.
Who is He in a Nutshell?
Tarek Kamel had a Ph.D. in electrical engineering and information technology from the Technical University of Munich. From 1992 to 1999, he was the manager of Egypt’s Communications and Networking Department at the Cabinet Information and Decision Support Centre (IDSC/RITSEC). During this period, he established Egypt’s first connection to the Internet, steered the introduction of commercial Internet services in Egypt, and co-founded the Internet Society of Egypt (the Egyptian Chapter).
Kamel joined the Ministry of Communications and Information Technology at its formation in October 1999, where he was appointed senior advisor to the minister. Then he served as the minister of communications and information Continue reading
Heavy Networking 477: Segment Routing Boot Camp With Juniper Networks (Sponsored)
Today on Heavy Networking we go deep on segment routing, a way to encode into a packet the path it should take through the network. Guest Ron Bonica, Distinguished Engineer at Juniper Networks, offers a detailed look at how segment routing works; discusses use cases; explores the differences among SR-MPLS, SRv6, and SRv6+; and more. Juniper is our sponsor for today's show.
The post Heavy Networking 477: Segment Routing Boot Camp With Juniper Networks (Sponsored) appeared first on Packet Pushers.
Colt Rolls ADVA Ensemble Into Latest uCPE Line
Colt launched a new line of uCPE appliances powered by ADVA's Ensemble software platform in a bid...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Ericsson Eyes $700B 5G Growth Opportunity for Service Providers
The vendor warns that revenues from currently available services, namely mobile broadband services,...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
SAP CEO Bill McDermott Clocks Out
In a statement, SAP explained that McDermott “decided not to renew his contract.” The company...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Weekly Wrap: AT&T Abandons Puerto Rico and US Virgin Islands
SDxCentral Weekly Wrap for Oct. 11, 2019: One analyst cites climate change for AT&T's $2...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
BGP-LU and MPLS VPNs
In my last post I showed you how you can use plain old BGP to distribute labels and create LSPs. While sort of interesting to see – it wasn’t super handy all by itself. In this post, we’re going to try and layer on MPLS VPNs to the same setup and show you how that might work. So let’s dig right in. I’m assuming that you’ve read the last post and that we’re picking up where things left off there.
Note: There are no pretty diagrams here so if you’re looking for some context on the lab we’re using go back and checkout the last post.
The first thing we want to do is put our client subnets into VRFs or routing-instances in Juniper parlance. Let’s do that on each tail router….
vMX1
set routing-instances customer1 instance-type vrf set routing-instances customer1 interface ge-0/0/0.0 set routing-instances customer1 route-distinguisher 1:1 set routing-instances customer1 vrf-target target:1:1 set routing-instances customer1 vrf-table-label
vMX7
set routing-instances customer1 instance-type vrf set routing-instances customer1 interface ge-0/0/1.0 set routing-instances customer1 route-distinguisher 1:1 set routing-instances customer1 vrf-target target:1:1 set routing-instances customer1 vrf-table-label
So nothing fancy here – we’re just creating a routing instance, assigning an RT/RD, Continue reading
Looking the GIFCT in the Mouth
The recent meeting of the United Nations General Assembly (UNGA) was notable because of the attention it paid to the climate of the planet Earth. A different set of meetings around the UNGA was about another climate: the one of fear, anger, and violence swirling about the Internet.
It was only last March that a man (there is only one accused) shot dozens of people in a pair of attacks on Muslims at prayer. The shooter streamed the first 17 minutes of his attacks using Facebook Live. The use of an Internet service in this event, combined with general concern about how Internet services are being used for terrorism and violent extremism, resulted in the Christchurch Call.
There is some reason to be optimistic about the Christchurch Call. Rarely have governments worked so decisively or quickly, together, to take on a global social issue. At a side meeting in New York at UNGA, some 30-odd additional countries signed the Call; more than 50 countries have signed on. New Zealand has led this while insisting that governments cannot tackle the issue alone, and has tried to involve everyone – through an Advisory Network – in decisions that are bound to affect Continue reading
Video: Retransmissions and Flow Control in Computer Networks
Grouping the features needed in a networking stack in bunch of layered modules is a great idea, but unfortunately it turns out that you could place a number of important features like error recovery, retransmission and flow control in a number of different layers, from data link layer dealing with individual network segments to transport layer dealing with reliable end-to-end transmissions.
So where should we put those modules? As always, the correct answer is it depends, in this particular case on transmission reliability, latency, and cost of bandwidth. You’ll find more details in the Retransmissions and Flow Control part of How Networks Really Work webinar.
You need free ipSpace.net subscription to watch the video, or a paid ipSpace.net subscriptions to watch the whole webinar.