How SD-WAN will make the cloud much, much bigger

Though I no longer actively participate in it as a pioneering player in the networking space I have always kept a watchful eye on the market and I am seeing yet another disruptive force known as SD-WAN (Software-Defined Wide-Area Networking) finally gaining momentum.For starters, SD-WAN is an extension of Software-Defined Networking (SDN). As the term implies, SDN aims to automate (virtualize) various network functions that are currently touch-heavy.[ Related: SD-WAN: What it is and why you will use it one day ] Network architects talk about separating the control plane from the data plane ad nauseum but that is just the starting point. The ability to virtualize numerous network functions from a central location and thus create an abstraction layer in a manner that is custom-tailored for each enterprise – and, by extension, perhaps for each user - has been the Holy Grail of networking for years if not decades. Tom Nolle, president of CIMI Corporation and a longtime proponent of all things SDN, is spot on when he states that: "SD-WAN is absolutely critical, because it is the vehicle most likely to bring true virtualization to networking. Without virtualization in the network, virtualization in the Continue reading

Juniper QFX | VMware NSX Edge Gateway | BGP Peering

In this post, I’m going to explain how to establish a BGP peering session between Juniper QFX Series Switches and VMware NSX Edge Service Gateway. VMware NSX provides many features and services, one of which is dynamic routing via the use of an ESG. Typically, ESGs are placed at the edge of your virtual infrastructure to act as a gateway. There are two primary deployment options, stateful HA or non-stateful ECMP. In this example, we’re looking at the ECMP deployment option.

Overview

We have a pair of Juniper QFX5110 switches that we will configure to enable EBGP peering with each NSX Edge Gateway. We also have a pair of NSX Edge Gateway devices that are placed at the edge of a virtualized infrastructure. Each QFX has a /31 point-to-point network to each ESG. These networks are enabled via 802.1q subinterfaces which provide connectivity across the underlying blade chassis interconnect modules.

Topology


NSX Juniper BGP

IP | AS Deets

NSX QFX BGP AS

NSX

We’ll start by configuring BGP on our NSX Edge Gateways.

ESG1

Global Routing Configuration

Via global settings for ESG1, we need to set a Router ID. The router ID is used to identify from where a packet is received.

ESG1 > Manage > Continue reading

Bolstering my Software Development Skills

I recently tweeted that I was about to undertake a new pet project where I was, in my words, “probably going to fall flat on my face”. Later, I asked on Twitter if I should share some of the learning that will occur (is ocurring) as a result of this new project, and a number of folks indicated that I should. So, with that in mind, I’m announcing this project I’ve undertaken is a software development project aimed at helping me bolster my software development skills, and that I’ll be blogging about it along the way so that others can benefit from my mistakes…er, learning.

Readers may recall that my 2018 project list included a project to learn to write code in Golang. At the time, I indicated I’d use Kubernetes and related projects, along with my goal of making more open source contributions, as a vehicle for helping to accomplish that goal. In retrospect, that was quite ambitious, and I’ve since come to the realization that there are a number of “baby steps” that I need to take before I am ready to use a large software project like Kubernetes as a means to help improve my coding skills. Continue reading

Overview of ipSpace.net Training Options

Describe the differences between various ipSpace.net training options has been on my to-do list for ages, but I successfully managed to ignore it till I deployed the new top-level menu that contains training category.

Our designers never considered menu items without a corresponding link, so I got an ugly mess that needed to be cleaned up either by fixing the CSS or writing the overview document.

End result: a high-level document describing how ipSpace.net webinars, courses and workshops fit into the bigger picture.

During the summer break, I’m publishing blog posts about the projects I’m working on. Regular blog posts will return in autumn.

Automating My World

I’ve told this story 984828934 time in the past year, but bear with me.  We got a new director-type last year, and he has challenged all of us to do things differently.  As in everything.  Anything that we’re doing today should be done differently by next year.  This isn’t saying that we’re doing things wrong.  This is just a challenge mix things up, integrate new tools, and get rid of the noise.  Our group has responded big-time, and we’re now doing most of our day-to-day tasks with a tool of some kind.  A couple weeks ago, I realized that I did a whole day’s work without logging directly into any gear — everything was through a tool.  It was a proud moment for me and the group.

To kick off this new adventure, we’re starting with writing all our own stuff in-house; we’re obviously not talking about a full, commercial orchestration deployment here.  We’ve talking about taking care of the menial tasks that we are way too expensive to be doing.  Simple tasks.  Common tasks.  Repeatable tasks.  All game.  What’s the MAC address of that host? Continue reading

MPLS Intro Series – Customer Connection with BGP

In the last article, we performed a packet walk of a simple VPNv4 network. This article will expand our deployment by allowing the CE_Sites to advertise their own routes via BGP. For this configuration, we will use some overlapping and some unique private AS numbers.

One thing that must be considered is whether or not the same BGP AS is used throughout a given VRF. For example, if we use 64512 at both CE_Site_1 and CE_Site_2 the BGP routes will be dropped as they are advertised toward the customer site. This is demonstrated by doing a simple configuration to advertise 1.1.1.1 from CE_Site_1.

CE_Site_1 BGP Configuration

interface Loopback0
 description Loopback
 ip address 1.1.1.1 255.255.255.255
!
router bgp 64512
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 10.1.1.1 remote-as 1

PE1 vrf RED – BGP Configuration and Verification (success)

router bgp 1
!
 no bgp default ipv4-unicast
 neighbor 20.20.20.20 remote-as 1
 neighbor 20.20.20.20 update-source Loopback0
!
 address-family vpnv4
  neighbor 20.20.20.20 activate
  neighbor 20.20.20.20 send-community both
 exit-address-family
!
 address-family ipv4 vrf RED
  redistribute connected
  neighbor 10.1. Continue reading

I Wanna Go Fast – Load Balancing Dynamic Steering

I Wanna Go Fast - Load Balancing Dynamic Steering

I Wanna Go Fast - Load Balancing Dynamic Steering

Earlier this month we released Dynamic Steering for Load Balancing which allows you to have your Cloudflare load balancer direct traffic to the fastest pool for a given Cloudflare region or colo (Enterprise only).

To build this feature, we had to solve two key problems: 1) How to decide which pool of origins was the fastest and 2) How to distribute this decision to a growing group of 151 locations around the world.

I Wanna Go Fast - Load Balancing Dynamic Steering

Distance, Approximate Latency, and a Better Way

As my math teacher taught me, the shortest distance between two points is a straight line. This is also typically true on the internet - the shorter approximate distance there is between a user going through Cloudflare location to a customer origin, the better the experience is for the user. Geography is one way to approximate speed and we included the Geo Steering function when we initially introduced the Cloudflare Load Balancer. It is powerful, but manual; it’s not the best way. A customer on Twitter said it best:

Check Out Our Newest Addition To The INE Course Library: Data Science On The Google Cloud Platform





Data Science in the Cloud

Data Science, machine learning, deep learning; these are the different driving forces of the current revolution which is changing the way businesses, companies and people make decisions, work and innovate. Data Science is triggering profound innovations in healthcare, finance, transportation, manufacturing and many other sectors.

Data science is evolving at lightning speed with a multiplication of approaches, tools and platforms. In parallel to script-based data science, think python and scikit-learn, the major cloud providers are developing platforms to power and facilitate the data scientist’s daily work and the implementation of data science projects in production. The Google Cloud Platform offers one of the most innovative and user friendly data science ecosystem.

My name is Alexis Perrier, I am a data science consultant and I’m very excited to be the instructor on this data science course on the google cloud platform. I teach data science in colleges, bootcamps and also for company training sessions. I recently wrote a couple of books on Machine Learning on the Google Cloud Platform and on AWS, both are with Packt Publishing.

I have a PhD in signal processing from Telecom-ParisTech followed by over 20 years in software engineering Continue reading

Kernel of Truth Episode 04 — Cisco, disaggregation and the industry impact

Subscribe to Kernel of Truth on iTunes, Google Play, Spotify, Castbox and Stitcher!

Click here for our previous episode.

On March 27, 2018, Cisco announced it was embracing disaggregation of the data center by allowing customers to run NX-OS on third-party switches and to use any network operating system on its Nexus switches. It’s certainly an interesting move, considering that they’re the company that claimed to have killed white-box networking.

…But does this model REALLY fit the definition of network disaggregation? What does true data center disaggregation look like? Why did Alanis Morissette name the song “Ironic” when none of the lyrics are examples of irony?? To answer these questions, I invited Ben Ritter (Consulting Engineer, Cumulus Networks) and Rama Darbha (Senior Consulting Engineer, who you’ll remember from our second episode — get ready for more #RamaRants!) into the recording booth so we can get to the bottom of this. In addition to breaking down the definition of data center disaggregation, Rama, Ben and I go full John Lennon and imagine a perfect world, where Cisco actually embraces the true spirit of disagreggation. How would this impact the industry? Imagine there’s no black box…it’s easy if Continue reading

Weekend Reads: 071918

In this post, we present ARTEMIS (Automatic and Real-Time dEtection and MItigation System), a defence system that can be used by operators to protect their own network from BGP prefix hijacking events. Using real experiments, we’ve shown that ARTEMIS can detect prefix hijacking events within seconds and neutralize them within a minute; orders of magnitude faster than with current practices. —Vasileios Kotronis @APNIC

You could sum up the security advantages of serverless this way: What containers did for ensuring the operating system and hardware layer could be maintained and secured separately, serverless offers the same at the application and web server layer. And yet — serverless is no silver bullet from a security perspective. Serverless environments still need to be designed and managed with security in mind at every moment. —Vince Power @The New Stack

Another lesson is that privacy defenses don’t need to be perfect. Many researchers and engineers think about privacy in all-or-nothing terms: a single mistake can be devastating, and if a defense won’t be perfect, we shouldn’t deploy it at all. That might make sense for some applications such as the Tor browser, but for everyday users of mainstream browsers, the threat model is death by Continue reading

CCDE Written 352-001 Exam Experience – 2018

My recent experience on CCDE Written Exam.    If you are reading this post , probably you know that CCDE Written (Qualification) Exam is the only prerequisite for the CCDE Practical exam.   Also when you pass CCDE Practical exam and get the magical number, you need to retake every 2 years CCDE Written or …

Continue reading "CCDE Written 352-001 Exam Experience – 2018"

The post CCDE Written 352-001 Exam Experience – 2018 appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

CCDE Written 352-001 Exam Experience – 2018

My recent experience on CCDE Written Exam.    If you are reading this post , probably you know that CCDE Written (Qualification) Exam is the only prerequisite for the CCDE Practical exam.   Also when you pass CCDE Practical exam and get the magical number, you need to retake every 2 years CCDE Written or …

Continue reading "CCDE Written 352-001 Exam Experience – 2018"

The post CCDE Written 352-001 Exam Experience – 2018 appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

CCDE Written 352-001 Exam Experience – 2018

My recent experience on CCDE Written Exam.    If you are reading this post , probably you know that CCDE Written (Qualification) Exam is the only prerequisite for the CCDE Practical exam.   Also when you pass CCDE Practical exam and get the magical number, you need to retake every 2 years CCDE Written or […]

The post CCDE Written 352-001 Exam Experience – 2018 appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

1 1,533 1,534 1,535 1,536 1,537 3,849