GRE Tunnels – Generic Routing Encapsulation – Use Cases

GRE Tunnels 

GRE tunnels are by far most common tunnelling technology. Very easy to setup, troubleshoot and operate. But in large scale deployment, configuring GRE tunnels become cumbersome, because GRE tunnel is a point to point tunnel.

GRE Tunnel Characteristics 

• GRE tunnels are manual point to point tunnels. Tunnel end points are not automatically derived. Network operator needs to configure the tunnel end points manually.

• Supports routing protocols to run over. You can run any routing protocols on top of GRE tunnels.

• IPv4 and IPv6 can be transported over GRE. Some VPN technologies may not support IPv6 or IPv6 routing protocols.

• Non-IP protocols such as IPX, SNA etc. can be carried over GRE tunnel as well. Most of the tunnelling technologies cannot carry Non- IP traffic. For example, IPSEC tunnel cannot carry Non-IP Traffic.

• If there are too many sites that need to communicate with each other, GRE is not scalable. But in Hub and Spoke topologies it can be used since whenever new spoke site is added, only new site and hub should be revisited. Not all the spokes need configuration.

• Even though in Hub and Spoke topologies, the configuration can be too long on the Continue reading

Introduction to VPN (Virtual Private Network)

Introduction to VPN (Virtual Private Network)

Let’s start with the definition. VPN is a logical network and created over shared physical infrastructure.

Shared infrastructure can be private such as MPLS VPN of a Service Provider or over the Public infrastructure such as Internet.

There are many concepts to understand VPN in detail but in this article I will cover the definition, common design considerations, and some not well known concepts about it.

We can group VPNs into two categories. WAN and the Datacenter VPN Technologies.

WAN VPN Technologies

1.GRE

2.mGRE (Multipoint GRE)

3. IPSEC

4. DMVPN

5.GETVPN

6.L2TPV3

7.LISP

8. MPLS L3 VPN

Datacenter VPN Technologies

1.EoMPLS (Ethernet over MPLS (a.k.a VPWS)

2. VPLS (Virtual Private Lan Service)

3. OTV (Overlay Transport Virtualization)

4. EVPN

5. PBB-EVPN

6. VXLAN (And other host based overlays such as NVGRE, STT, GENEVE)

Of course this is not the complete list. Please note that some of the technologies which I grouped into WAN technologies can be used in the Datacenter and vice versa.

For example LISP can be used in Datacenter as well and VPWS and VPLS can be used on the Wide Area Network as well.

I Continue reading

Should I use Cisco OTV for the Datacenter Interconnect ?

Should I use Cisco OTV for the Datacenter Interconnect? This question comes from not only from my students but also the companies which I provide consultancy.

I will not go through the OTV details, how it works, design recommendations etc. But let me remind you what is OTV and why OTV is used , Where it makes sense very briefly. 

OTV (Overlay Transport Virtualization) is a tunnelling mechanism which provides to carry Layer 2 ethernet frame in IP. (As I indicated in other articles, when I say MAC in IP, it is the same thing with MAC over IP).

So, OTV is Layer 2 in Layer 3 tunnelling mechanism. You can hear it is an encapsulation mechanism as well, which is true although there is small difference.

You don’t need to have MPLS underlay to create OTV tunnels. It uses IS-IS for the MAC address reachability and stops layer 2 protocol PDUs at the OTV Edge device where encapsulation happens.

This is good because, you don’t want to extend Layer 2 protocol PDUs such as Spanning Tree if you have multiple datacenters. Failure stays and affects only one datacenter, not all. (Failure domain boundary concept)

Another datacenter interconnect requirement Continue reading

Carrier Ethernet – Definition | Service Types | Requirements

CARRIER ETHERNET DEFINITION

Carrier Ethernet is an attempt to expand Ethernet beyond the borders of Local Area Network (LAN), into the Wide Area Networks (WAN).

With Carrier Ethernet, customer sites are connected through the Wide Area Network. Carriers have connected the customers with ATM (Asynchronous Transfer Mode) and Frame Relay interfaces in the past. (User to Network Interface/UNI).

Carrier Ethernet is not about the Ethernet within the Local Area Networks.

Driver of Carrier Ethernet is; since Ethernet is the de-facto protocol on the Local Area Network, why not to use Ethernet everywhere, and not only within LAN. When any other Wide Area Network protocol is used such as ATM, customer Ethernet frame is encapsulated into another protocol.

This reduces the overall efficiency of customer service, consumes more network bandwidth, makes troubleshooting harder and many other drawbacks.

Carrier Ethernet is also known as Carrier Class Ethernet and Carrier Grade Ethernet.

Another reason for Carrier Ethernet is; Ethernet interfaces and the devices are cheaper compare to the other technologies. This result cheaper service to the customers.

CARRIER ETHERNET REQUIREMENTS  

Traditional Ethernet lacks many features which are required to transport critical services, time sensitive applications and voice services.

These are:

• Traffic Engineering
• Bandwidth Guarantee
• Quality of Service
• OAM
• Decoupling of Providing and Customer Networks
• Continue reading

What is Colocation, POP , Carrier Hotels and Meetme Room ?

What is Colocation, POP , Carrier Hotels and Meetme Room ?

If you are working in operator domain or a network engineer who wants to learn what is colocation , what is POP (Point of Presence) , how POPs are physically connected , POP terminology , understand meetme room and carrier hotel, this post is for you.

POP locations can be located in the Datacenter or in very small buildings , meetme room and the carrier hotel is placed in the datacenter.

Colocation is provided by the datacenters.

But there are other details which you should be aware.

I explained these details in the below video. This video is one of the 20 topics from the network interconnection module of Service Provider Design Workshop. You can take this workshop and watch the on demand 10+hours service provider technology videos right away.

If you are not a subscriber yet ,you should subscribe to youtube channel right now.

If you any question or comment, please share in the comment box below.

Orhan Ergun

Let’s Connect on Social Media !

More info about me click here

What is The Next FPGA Platform?

The Next Platform has been tracking momentum with FPGAs over the last several years with particular emphasis on the role programmable devices will continue to play in application acceleration as well as in computational storage and modern datacenter networks. …

What is The Next FPGA Platform? was written by Nicole Hemsoth at The Next Platform.

Qualcomm Bolsters 5G Outlook on Silicon Demand

A Roadmap for Building Modern Applications

No matter what industry you’re in, your application modernization strategy matters. Overlooking or downplaying its importance is a quick way for customers to sour and competitors to gain an edge. It’s why 91% of executives believe their revenues will take a hit without successful digital transformation.

The good news is modern applications offer a clear path forward. Creating a roadmap for your modern application strategy is a critical step toward a more agile and continuous model of software development and delivery – one that’s centered on delivering perpetually expanding value and new experiences to customers. 

This is the first of a series of blogs where we will look at industry viewpoints, different approaches, underlying platforms and real-world stories that are foundational to successful modern application development in order to provide a roadmap for application modernization.

What’s in Your Environment? 

The technology inventory at companies today is as diverse, distributed and complex as ever. It includes a variety of technology stacks, application frameworks, services and languages. During a modernization process, new Open Source technologies are often integrated with legacy solutions. Existing applications need to be maintained and enhanced, modern applications need to be Continue reading

How to harden web browsers against cyberattacks

Use these techniques to limit attackers’ ability to compromise systems and websites.

Digital Realty’s Plan to Overthrow Equinix Hinges On Data Gravity

Infoblox Snaps Up SnapRoute, Eyes SASE Market

Printers: The overlooked security threat in your enterprise | TECHtalk

Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online’s J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

T-Mobile’s ‘Nationwide’ 5G Goes Live Dec. 6

Arm’s Methodical March to HPC Adoption

For those who have expressed concern about the slow pace of Arm’s adoption in HPC, Brent Gorda is advocating the need for patience. …

Arm’s Methodical March to HPC Adoption was written by Michael Feldman at The Next Platform.

DX NetOps Intent Based Networking for SD-WAN

This $387 Azure certification prep bundle is currently on sale for $29

Modern tech companies require more computing power than ever before, so many of them are turning to cloud services like Microsoft Azure to meet their needs. As such, becoming cloud-certified is a necessity if you want to pursue today’s highest-paying IT jobs. With this 4-course bundle, you can become an Azure master for just $29. To read this article in full, please click here

Musing: WiFi Alliance Copyright Assertions

word trademark salad

The post Musing: WiFi Alliance Copyright Assertions appeared first on EtherealMind.

Social Media Crisis Drives Ongoing Decline In Global Internet Freedom

Global Internet freedom declined for the ninth consecutive year in 2019, largely as a result of social media increasingly being used by governments around the world as a conduit for mass surveillance and electoral manipulation. The Freedom on the Net 2019 report, the latest edition of the annual country-by-country assessment of Internet freedom, was released on November 5 by Freedom House, and highlights the shift in social media from a level playing field for civic discussion to an instrument of political distortion and societal control.

The Freedom on the Net 2019 report analyzed Internet freedom in 65 countries worldwide, covering 87% of global Internet users. Surveyed countries are designated as ‘Free’, ‘Partly Free’, or ‘Not Free’ based on an examination of, and scoring against, three categories: obstacles to access, limits on content, and violations of user rights.

Of the 65 countries assessed, 33 of them saw Internet freedom decline over the last year, with the biggest drops observed in Sudan and Kazakhstan. The longtime presidents of both countries were ousted, leading to widespread blocking of social media platforms, disruptions of Internet connectivity, and the increased use of electronic surveillance to undermine free expression.

The report called digital platforms Continue reading

Explore the Content Outline of Our Networking in Public Clouds Online Course

A few days ago we published the content outline for our Networking in Public Clouds online course.

We’ll start with the basics, explore the ways to automate cloud deployments (after all, you wouldn’t want to repeat the past mistakes and configure everything with a GUI, would you?), touch on compute and storage infrastructure, and the focus on the networking aspects of public cloud deployments including:

SEC 2. Data plane and control plane protection in the networking (Nokia, Cisco and Mellanox/Cumulus) for IPv6.

Hello my friend,

After the release of the previous article outlining the data and control plane security for IPv4 in Cisco, Nokia and Mellanox/Cumulus (link) I’ve got several requests about the security in IPv6. The requests were fair enough and with this article we close this gap.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Thanks

Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus for providing me the Mellanox switch and Cumulus license for the tests. 

Disclaimer

This is the fourth article in the series about the Mellanox/Cumulus switch. The three previous are:

• Building lab with Mellanox SN2010
• Configuring Segment Routing on Mellanox/Cumulus, Cisco IOS XR and Nokia SR OS and connecting physical and virtual networks
• Data and control plane protection in Mellanox/Cumulus, Cisco IOS XR and Nokia SR OS

Brief description

The importance of the security for the network in terms of the control and data plane protection was explained in the previous article Continue reading