Archive

Category Archives for "Networking"

Making Networking Cool Again? (2)

Network engineering is not “going away.” Network engineering is not less important than it was yesterday, last year, or even a decade ago.

But there still seems to be a gap somewhere. There are fewer folks interested than we need. We need more folks who want to work as full-time network engineers, and more folks with network engineering skills diffused within the larger IT community. More of both is the right answer if we’re going to continue building large-scale systems that work. The real lack of enthusiasm for learning network engineering is hurting all of IT, not just network engineering.

How do we bridge this gap? We’re engineers. We solve problems. This seems to be a problem we might be able to solve (unlike human nature). Let’s try to solve it.

As you might have guessed, I have some ideas. These are not the only ideas in the world—feel free to think up more!

If you walk into a robotics class, even an introductory robotics class, you see people … building robots. If you walk into a coding class, even an introductory one, you see people … writing software. If you walk into a network network engineering class you Continue reading

BGP Graceful Restart Considered Harmful

A networking engineer with a picture-perfect implementation of a dual-homed enterprise site using BGP communities according to RFC 1998 to select primary- and backup uplinks contacted me because they experienced unacceptably long failover times.

They measured the failover times caused by the primary uplink loss and figured out it takes more than five minutes to reestablish Internet connectivity to their site.

Read more …

BGP Graceful Restart Considered Harmful

A networking engineer with a picture-perfect implementation of a dual-homed enterprise site using BGP communities according to RFC 1998 to select primary- and backup uplinks contacted me because they experienced unacceptably long failover times.

They measured the failover times caused by the primary uplink loss and figured out it takes more than five minutes to reestablish Internet connectivity to their site.

Read more …

IP Addresses through 2023

Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.

IP Addresses through 2023

Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.

Raspberry Pi 5 network emulation with Containerlab

The GitHub sflow-rt/containerlab project contains example network topologies for the Containerlab network emulation tool that demonstrate real-time streaming telemetry in realistic data center topologies and network configurations. The examples use the same FRRouting (FRR) engine that is part of SONiC, NVIDIA Cumulus Linux, and DENT network operating systems. Containerlab can be used to experiment before deploying solutions into production. Examples include: tracing ECMP flows in leaf and spine topologies, EVPN visibility, and automated DDoS mitigation using BGP Flowspec and RTBH controls.
Raspberry Pi 5 real-time network analytics describes how to install Docker on a Raspberry Pi 5. 
docker run hello-world
Run the hello-world container to verify that Docker in properly installed and running before proceeding. 
git clone https://github.com/sflow-rt/containerlab.git
Download the sflow-rt/containerlab project from GitHub. 
cd containerlab
./run-clab
Start Containerlab. 
containerlab deploy -t clos5.yml
Start the 5 stage leaf and spine topology shown at the top of this page. The initial launch may take a couple of minutes as the container images are downloaded for the first time. Once the images are downloaded, the topology deploys in around 10 seconds. 
./topo.py clab-clos5
Push the topology to the sFlow-RT analytics software.
An instance of the sFlow-RT Continue reading

Weekend Reads 011224

Yes, the weekend has pretty much already passed, but still …


The WailingCrab malware has gained notoriety for its stealth. IBM X-Force security researchers recently published an in-depth analysis of the malware, which has been abusing Internet of Things (IoT) messaging protocol MQTT.


SpaceX successfully launched 21 satellites, including the first six Starlink satellites equipped with “Direct to Cell” capabilities.


MTL mode is a technique developed by Verisign researchers that can reduce the operational impact of a signature scheme when authenticating an evolving series of messages.


While Kubernetes adoption continues to soar, it has become a prime target for cyberattacks. Unfortunately, Kubernetes clusters are complex and can be difficult to secure. Safeguarding your Kubernetes environment requires a solid understanding of the common attack chains that pose a threat to your infrastructure.


Going into 2023, the big telcos had publicly announced plans to build 9.4 million fiber passings, but during the year, they collectively pared that back expectations to 6.5 million passings.


A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures.


The Atomic Stealer, also known as “AMOS,” first Continue reading

BGP in 2023 – BGP Updates

the scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the routing table. BGP protocol behaviour in the form of dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match, then the routing system will lose coherence, and at that point the network will head into periods of instability. This report looks at the profile of BGP updates across 2023 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing.

BGP in 2023 – BGP Updates

the scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the routing table. BGP protocol behaviour in the form of dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match, then the routing system will lose coherence, and at that point the network will head into periods of instability. This report looks at the profile of BGP updates across 2023 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing.

VXLAN/EVPN – Host routing

In an previous post Advertising IPs In EVPN Route Type 2, I described use cases for advertising IP addresses in EVPN route type 2. Host ARP and host mobility I already covered so today we will focus on host routing.

To be able to show this scenario, I have added another server (SERVER-2) and will be using the topology below:

There is already existing configuration for VLAN 10 (L2 VNI) and for VLAN 100 (L3 VNI) which is shown below:

vrf context Tenant1
  vni 10001
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Vlan10
  no shutdown
  vrf member Tenant1
  ip address 198.51.100.1/24
  fabric forwarding mode anycast-gateway
!
interface Vlan100
  no shutdown
  mtu 9216
  vrf member Tenant1
  ip forward

To get SERVER-2 connected the following is needed:

  • Configure VLAN 20 and map it to L2 VNI (VNI 10002).
  • Make the L2 VNI a member of the NVE.
  • SVI for VLAN 20.
  • Configure port towards SERVER-2 in VLAN 20.

This is shown below:

vlan 20
  vn-segment 10002
!
interface nve1
  member vni 10002
    ingress-replication protocol bgp
!
interface Vlan20
  no shutdown
  vrf member Tenant1
  ip address 10.0.0.1/24
  fabric forwarding mode anycast-gateway
!
interface Ethernet1/3
   Continue reading
1 93 94 95 96 97 3,426