Archive

Category Archives for "Networking"

Kubernetes Network Observability: Comparing Calico, Cilium, Retina, and Netobserv

Calico, Cilium, Retina, and Netobserv: Which Observability Tool is Right for Your Kubernetes Cluster? Network observability is a tale as old as the OSI model itself and anyone who has managed a network or even a Kubernetes cluster knows the feeling: a service suddenly can’t reach its dependency, a pod is mysteriously offline, and the Slack alerts start rolling in. Investigating network connectivity issues in these complex, distributed environments can be incredibly time consuming. Without the right tools, the debugging process often involves manually connecting to each node, running tcpdump on multiple machines, and piecing together logs to find the root cause. A path that often leads to frustration and extended downtime.

This is the problem that Kubernetes Network Observability was built to solve. By deploying distributed observers, these cloud-native solutions take the traditional flow entries and enrich them with Kubernetes flags and labels to allow Kubernetes users to get insight into the inner workings of their clusters.

This blog post aims to give you a rundown of the leading solutions in the CNCF ecosystem, and compare how they track a packet’s journey across your cluster.

Feature Comparison Matrix

Before diving into the specifics, let’s look at how these four Continue reading

NAN113: What Works, and What Doesn’t, in Network Automation Projects

Today we are joined by Matt Remke, who has spent years in the trenches of network automation projects as a consultant. Matt offers a unique, non-engineer perspective on scaling network automation in real-world, complex environments for some of the world’s largest companies. Matt shares what worked, what backfired, and the hard-earned lessons he has gained... Read more »

netlab 26.02: KinD support, more EVPN/VXLAN

netlab release 26.02 is out, including the usual potpourri of goodies:

  • Support for Kubernetes (KinD) clusters based on work by @wnagele
  • Layer-2 EVPN/VXLAN support on Cat8000v, IOL, and IOLL2
  • netlab graph command can create graphs from a subset of nodes or links
  • You can specify the parameters of core links in the fabric plugin
  • OSPFv3 reports

The fun part, however, are the new container configuration methods:

Read more …

PP096: Taking Note of a Notepad++ Attack; Telnet and NTLM Are Still a Thing?

Everything old is new again in today’s Packet Protector news roundup, as a decade-old Telnet exploit resurfaces, and Microsoft unfolds its roadmap to phase out the ancient NTLM protocol. In other news, Google takes down a sprawling residential proxy network, the popular Notepad++ app takes steps to recover from a serious compromise, and a Polish... Read more »

Multicast PIM Auto RP (V)

Multicast PIM Auto RP (V)

In the previous posts in this series, we covered the basics of multicast, IGMP, PIM Dense Mode, and PIM Sparse Mode. In the Sparse Mode post, we manually configured the RP address on every router in the network. This works fine in a small lab, but in a larger network with many routers, it becomes difficult to manage. If the RP changes, you have to update the configuration on every single router.

Multicast PIM Sparse Mode
Sparse Mode only sends traffic to parts of the network that explicitly request it. Routers with interested receivers send Join messages toward
Multicast PIM Auto RP (V)PacketswitchSuresh Vinasiththamby
Multicast PIM Auto RP (V)

AutoRP solves this problem by allowing routers to dynamically learn the RP address. Instead of manually configuring the RP on each router, you configure one or more routers to announce themselves as Candidate RPs. A separate router (or the same as the Candidate RP router) called the Mapping Agent collects these announcements and distributes the RP information to all other routers in the network. This makes RP management much easier and also provides a way to implement RP redundancy.

There are two methods to dynamically learn the RP address, which are Auto-RP and Bootstrap Router (BSR). In this Continue reading

Open-Source Network Simulators (2026 Edition)

Brian Linkletter published an updated overview of open-source network simulators and emulators.

containerlab and GNS3 are clear leaders (no surprise there) with the original vrnetlab becoming abandonware (fortunately, we have Roman Dodin’s fork), which makes me think we should focus on using netlab primarily with containerlab and slowly sunset the Vagrant support, particularly considering some people actively hate the license change.

Also, if anyone feels like writing an interface (provider module) between netlab and GNS3, the pull request would be most welcome 😎

Any thoughts? Please leave a comment!

NB561: Kubernetes Retires Ingress NGINX; Are Data Centers Headed for Orbit?

Take a Network Break! We start with a trio of follow-ups, including a correction regarding Mplify certifications, Cisco proposing new OSI layers, and free-space optics. Our Red Alert sounds off about a remote code execution vulnerability in the Ivanti Endpoint Manager Mobile agent. On the news front, Broadcom announces new silicon for wireless APs for... Read more »

Fast Arista cEOS Container Configuration

After the enormous speedup I achieved with the FRR containers, I tried to do something similar with the Arista cEOS ones. After all, Arista’s pretty open about running its software on standard Linux, so it should be possible to map host-side configuration files into container-side scripts and execute them, right?

There was just one tiny gotcha: all netlab-generated EOS configuration files are device configuration snippets that are intended to be submitted via EOS CLI, and I didn’t feel like cracking open the netmiko documentation (that’s another backburner project).

However, Arista cEOS includes this magic command called FastCli ;)

Read more …

Fragments of an adolescent web

I have unearthed a few old articles typed during my adolescence, between 1996 and 1998. Unremarkable at the time, these pages now compose, three decades later, the chronicle of a vanished era.1

The word “blog” does not exist yet. Wikipedia remains to come. Google has not been born. AltaVista reigns over searches, while already struggling to embrace the nascent immensity of the web2. To meet someone, you had to agree in advance and prepare your route on paper maps. 🗺️

The web is taking off. The CSS specification has just emerged, HTML tables still serve for page layout. Cookies and advertising banners are making their appearance. Pages are adorned with music and videos, forcing browsers to arm themselves with plugins. Netscape Navigator sits on 86% of the territory, but Windows 95 now bundles Internet Explorer to quickly catch up. Facing this offensive, Netscape opensource its browser.

France falls behind. Outside universities, Internet access remains expensive and laborious. Minitel still reigns, offering phone directory, train tickets, remote shopping. This was not yet possible with the Internet: buying a CD online was a pipe dream. Encryption suffers from inappropriate regulation: the DES algorithm is capped at 40 bits and Continue reading

Multicast PIM Sparse Mode (IV)

Multicast PIM Sparse Mode (IV)

In the previous post, we covered PIM Dense Mode and mentioned that it is not widely used in production because of its flood and prune behaviour. Every router in the network receives the multicast traffic first, and then routers without interested receivers have to send prune messages. This is inefficient, especially in large networks.

Multicast PIM Dense Mode
PIM Dense mode assumes that every subnet in the network has interested receivers, so it floods multicast traffic everywhere first. Routers that
Multicast PIM Sparse Mode (IV)PacketswitchSuresh Vinasiththamby
Multicast PIM Sparse Mode (IV)

In this post, we will look at PIM Sparse Mode, which takes the opposite approach. Instead of flooding traffic everywhere and pruning where it is not needed, Sparse Mode only sends traffic to parts of the network that explicitly request it. Routers with interested receivers send Join messages and only then does the multicast traffic start flowing. This makes Sparse Mode much more efficient and scalable, which is why it is the preferred mode in most production networks today.

PIM Spare Mode Overview

In Dense Mode, we saw two main problems. Multicast traffic is flooded everywhere, and every router has to maintain state for every multicast group, even if all its interfaces are pruned. Sparse Mode Continue reading

HN813: What Should Networkers Know About Software Development (and Vice Versa)?

What should network engineers know about software development? What should software developers know about networking? Ethan and Drew sit down with Chris Rapier and Nick Buraglio to discuss why crossing these silos can improve outcomes for everyone. They break down why being a little curious about the infrastructure can help software developers write better code,... Read more »

How Homepage simplifies monitoring your self-hosted services

Slowly but surely, I’ve been migrating over to self-hosted services so I can finally cut the cord to third parties. By keeping things within my LAN, I enjoy more security and privacy than I would if I continued using cloud hosts. The problem is, I wind up with a lot of different services running that I have to then access via different IP addresses and ports. But what if I wanted to simply (and quickly) view the status of those services, take a gander at statistics, or even confirm that my Docker containers are still running as expected? Do I open a browser tab for each of those to verify things are as expected? I could. Or, I could make use of a single dashboard that gives me all the information I need from a centralized location.

Lab: Routing Between VXLAN Segments

In the previous EVPN/VXLAN lab exercises, we covered the basics of Ethernet bridging over VXLAN and the use of the EVPN control plane to build layer-2 segments.

It’s time to move up the protocol stack. Let’s see how you can route between VXLAN segments, this time using unique unicast IP addresses on the layer-3 switches.

Explore the lab exercise

You can run the lab on your own netlab-enabled infrastructure (more details), but also within a free GitHub Codespace or even on your Apple-silicon Mac (installation, using Arista cEOS container, using VXLAN/EVPN labs).

Hedge 294: Resource Constrained Environments


 
The future of network design and architecture is–based on current trends–is going to be working with and around resource constraints. How would resource constraints impact the way we design and manage networks? Mike Bushong joins Tom, Eyvonne, and Russ to ponder network engineering in a resource constrained world.
 

 
download

Migrating from NGINX Ingress to Calico Ingress Gateway: A Step-by-Step Guide

From Ingress NGINX to Calico Ingress Gateway

In our previous post, we addressed the most common questions platform teams are asking as they prepare for the retirement of the NGINX Ingress Controller. With the March 2026 deadline fast approaching, this guide provides a hands-on, step-by-step walkthrough for migrating to the Kubernetes Gateway API using Calico Ingress Gateway. You will learn how to translate NGINX annotations into HTTPRoute rules, run both models side by side, and safely cut over live traffic.

A Brief History

The announced retirement of the NGINX Ingress Controller has created a forced migration path for the many teams that relied on it as the industry standard. While the Ingress API is not yet officially deprecated, the Kubernetes SIG Network has designated the Gateway API as its official successor. Legacy Ingress will no longer receive enhancements and exists primarily for backward compatibility.

Why the Industry is Standardizing on Gateway API

While the Ingress API served the community for years, it reached a functional ceiling. Calico Ingress Gateway implements the Gateway API to provide:

  • Role-Oriented Design: Clear separation between the infrastructure (managed by SREs) and routing logic (managed by Developers).
  • Native Expressiveness: Features like URL rewrites and header manipulation Continue reading
1 7 8 9 10 11 3,493