NetworkingNexus.net

Cisco vPC in VXLAN/EVPN Network – Part 3 – Verifying Connectivity

The following topology is used:

We want to verify connectivity and traffic flow towards:

Gateway of Server3.
Server1.
Server2.
Server4.

Let’s start with the gateway. The gateway is at 10.0.0.1 and has a MAC address of 0001.0001.0001:

server3:~$ ip neighbor | grep 10.0.0.1
10.0.0.1 dev bond0 lladdr 00:01:00:01:00:01 STALE

This is an anycast gateway MAC. When initiating a ping towards 10.0.0.1, it can go to either Leaf1 or Leaf2. I will run Ethanalyzer on the switches to confirm which one is receiving the ICMP Echo Request:

Leaf1# ethanalyzer local interface inband display-filter "icmp" limit-captured-frames 0
Capturing on 'ps-inb'

Leaf2# ethanalyzer local interface inband display-filter "icmp" limit-captured-frames 0
Capturing on 'ps-inb'

Then initiate ping from Server3:

server3:~$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=255 time=1.19 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=255 time=1.29 ms
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.192/1.242/1.292/0.050 ms

Repost: State of Lisp Implementations (2024)

You might remember Béla Várkonyi’s use of LISP to build resilient ground-to-airplane networks from last week’s repost. It seems he’s not exactly happy with the current level of LISP support, at least based on what he wrote as a response to Jeff McLaughlin’s claim that “I can tell you that our support for EVPN does not, in any way, indicate the retirement of LISP for SD-Access.”:

Nice to hear the Cisco intends to support LISP. However, it is removed from IOS XR already. So it is not that clear…

If Cisco will stop supporting LISP, then we will be forced to create our own LISP routers, since we need it for extreme mobility environments.

Repost: State of Lisp Implementations (2024)

Nice to hear the Cisco intends to support LISP. However, it is removed from IOS XR already. So it is not that clear…

If Cisco will stop supporting LISP, then we will be forced to create our own LISP routers, since we need it for extreme mobility environments.

Running Palo Alto Firewall in Containerlab

Hi all, in this quick blog post, let's look at how to run Palo Alto firewalls in Containerlab. If you've been following me for a while, you might know that I've started using Containerlab more often in my projects. If you're new to Containerlab or need a quick recap, check out my other introductory post below. Now, let's dive in.

boxen or vrnetlab

Palo Alto doesn't provide a containerized VM image (not CN-Series), it only has a VM-based image. You can create a container from this VM image using two methods. The official documentation recommends using 'boxen' to generate a container image from the VM. However, I chose to use the vrnetlab project instead.

Creating a containerized image using vrnetlab

First things first, download the VM image (qcow2) from the Palo Alto support portal. You might need a valid support contract to access this image. For this Continue reading

AI Accelerates Cloud Revenues As Well As Cloud Investments

Three years ago, thanks in part to competitive pressures as Microsoft Azure, Google Cloud, and others started giving Amazon Web Services a run for the cloud money, the growth rate in quarterly spending on cloud services was slowing. …

AI Accelerates Cloud Revenues As Well As Cloud Investments was written by Timothy Prickett Morgan at The Next Platform.

NB477: Arista Assembles Switch-Based Microperimeters; FCC Wants More Money for Telcos Dumping Huawei Gear

Take a Network Break! This week we cover a new microsegmentation offering from Arista, new GenAI assistants from Fortinet, and a GenAI firewall from Versa Networks to monitor and report on how organizations are using generative AI tools and applications. AWS will stop selling VMware Cloud on AWS (but you can still get it through... Read more »

Tech Bytes: Real-Time Network Performance Monitoring with NetBeez (Sponsored)

Network monitoring is growing increasingly complicated. Companies are facing more distributed applications and more remote employees. NetBeez, our sponsor today, is here to talk about how they monitor network performance in real time for the campus, WAN, and more. From proactively testing networks after configuration changes to identifying how well a worker’s laptop is connecting... Read more »

Famous Last Words: I’m Too Stupid for That

Some networking vendors realized that one way to gain mindshare is to make their network operating systems available as free-to-download containers or virtual machines. That’s the right way to go; I love their efforts and point out who went down that path whenever possible¹ (as well as others like Cisco who try to make our lives miserable).

However, those virtual machines better work out of the box, or you’ll get frustrated engineers who will give up and never touch your warez again, or as someone said in a LinkedIn comment to my blog post describing how Junos vPTX consistently rejects its DHCP-assigned IP address: “If I had encountered an issue like this before seeing Ivan’s post, I would have definitely concluded that I am doing it wrong.”²

Famous Last Words: I’m Too Stupid for That

Worth Reading: Cisco vPC in VXLAN/EVPN Networks

Daniel Dib started writing a series of blog posts describing Cisco vPC in VXLAN/EVPN Networks. The first one covers the anycast VTEP, the second one the vPC configuration.

Let’s hope he will keep them coming and link them together so it will be easy to find the whole series after stumbling on one of the posts ;)

Worth Reading: Cisco vPC in VXLAN/EVPN Networks

Daniel Dib started writing a series of blog posts describing Cisco vPC in VXLAN/EVPN Networks. The first one covers the anycast gateway, the second one the vPC configuration.

Let’s hope he will keep them coming and link them together so it will be easy to find the whole series after stumbling on one of the posts ;)

HN732: Juniper’s PTX Platforms: 800GE and Double-Density 400GE for DC and WAN (Sponsored)

The future has arrived: 800 gig Ethernet is here. Amit Bhardwaj and Dmitry Shokarev from today’s sponsor, Juniper Networks, join the show to tell us all about Juniper’s 800 gig Ethernet and what we need to know as engineers: use cases, transition plans, fiber and power needs (a lot less than you’d think). We also... Read more »

Weekend Reads 050424

Quantum sensing is poised to revolutionize virtually every aspect of our world. Quantum sensing’s distinctive ability to detect magnetic signatures is already aiding in navigation for countless fuel tankers worldwide, providing otherwise unachievable medical scans, and keeping all of our computer clocks in sync.

Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities.

A growing number of data center operators and equipment vendors are anticipating the proliferation of direct liquid cooling systems (DLC) over the next few years. As far as projections go, Uptime Institute’s surveys agree: the industry consensus for the mainstream adoption of liquid-cooled IT converges on the latter half of the 2020s.

The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security.

The IETF has had a long tradition of doing its technical work through a consensus process, taking into account the different views among IETF participants and coming to (at least rough) consensus on technical matters.

This is where Two-Factor Authentication (2FA) steps in as a powerful tool to bolster security. Let’s delve into Continue reading

Supermicro Finally Mints Some Coin Peddling Rackscale Iron

With new generations of GPUs and other kinds of AI accelerators either shipping or soon to start shipping and new CPUs also soon to be available from Intel and AMD, and sales already at a historical high level at Supermicro, you might not be expecting for sales to bust through a whole new higher ceiling starting in the next quarter. …

Supermicro Finally Mints Some Coin Peddling Rackscale Iron was written by Timothy Prickett Morgan at The Next Platform.

Cilium’s Past Points to Its Future

Cilium is obviously undergoing a lot of changes as a dynamic and popular open source project that heavily utilizes eBPF, but its original reason remains in check: a tool that offers security, observability and networking capabilities. Its capabilities — or hooks — extend from the kernel to throughout the network, including cloud, on-premises or other infrastructures. This definition covers a lot of things, while Cilium should continue to adapt and extend as infrastructure needs change. @tgraf__ ‘s « Cilium Vision » has a lot of future but the core design remains in place. @thenewstack March 19, 2024 In this article, we look at Thomas Graf, who is CTO of Isovalent, described during his KubeCon + CloudNativeCon Europe talk Continue reading

Public Videos: Network Connectivity and Graph Theory

When I decided to sunset the ipSpace.net subscription, I asked Rachel Traylor whether I could make the content of her webinars public. She graciously agreed, and the first results are already here: you can download approximately half of the videos from the Network Connectivity and Graph Theory without a valid ipSpace.net account. Enjoy!

Explore

IPB150: IPv6 Basics: ICMPv6

As part of our ongoing series on IPv6 basics, today we cover the differences you should be aware of between ICMPv4 and ICMPv6. Internet Control Message Protocol (ICMP) is the protocol that lets you test reachability: Pings, echoes, TCP connections, etc. We explain what you need to know and why you need to know it,... Read more »

How To Make More Money Renting A GPU Than Nvidia Makes Selling It

It is not a coincidence that the companies that got the most “Hopper” H100 allocations from Nvidia in 2023 were also the hyperscalers and cloud builders, who in many cases wear both hats and who are as interested in renting out their GPU capacity for others to build AI models as they are in innovating in the development of large language models. …

How To Make More Money Renting A GPU Than Nvidia Makes Selling It was written by Timothy Prickett Morgan at The Next Platform.

Hedge 224: Is Open Source a Market Failure?

Is Open Source Software (OSS) a market failure? What does OSS add to the market that cannot be accomplished in other ways? What happened to the F (Free)? Join us for this roundtable episode of the Hedge.

download

Configuration of BGP afi/safi L2VPN EVPN and NVE Tunnel Interface

Overlay Network Routing: MP-BGP L2VPN/EVPN

EVPN Fabric Data Plane – MP-BGP

Instead of being a protocol, EVPN is a solution that utilizes the Multi-Protocol Border Gateway Protocol (MP-BGP) for its control plane in an overlay network. Besides, EVPN employs Virtual eXtensible Local Area Network (VXLAN) encapsulation for the data plane of the overlay network.

Multi-Protocol BGP (MP-BGP) is an extension of BGP-4 that allows BGP speakers to encode Network Layer Reachability Information (NLRI) of various address types, including IPv4/6, VPNv4, and MAC addresses, into BGP Update messages. The MP_REACH_NLRI path attribute (PA) carried within MP-BGP update messages includes Address Family Identifier (AFI) and Subsequent Address Family Identifier (SAFI) attributes. The combination of AFI and SAFI determines the semantics of the carried Network Layer Reachability Information (NLRI). For example, AFI-25 (L2VPN) with SAFI-70 (EVPN) defines an MP-BGP-based L2VPN solution, which extends a broadcast domain in a multipoint manner over a routed IPv4 infrastructure using an Ethernet VPN (EVPN) solution.

BGP EVPN Route Types (BGP RT) carried in BGP update messages describe the advertised EVPN NLRIs (Network Layer Reachability Information) type. Besides publishing IP Prefix information with IP Prefix Route (EVPN RT 5), BGP EVPN uses MAC Advertisement Route (EVPN RT 2) Continue reading

« Previous 1 … 160 161 162 163 164 … 3,860 Next »