36 – VXLAN EVPN Multi-Fabrics with Anycast L3 gateway (part 3)

VXLAN EVPN Multi-Fabric with Distributed Anycast Layer 3 Gateway

Layer 2 and Layer 3 DCI interconnecting multiple VXLAN EVPN Fabrics

A distributed anycast Layer 3 gateway provides significant added value to VXLAN EVPN deployments for several reasons:

  • It offers the same default gateway to all edge switches. Each endpoint can use its local VTEP as a default gateway to route traffic outside its IP subnet. The endpoints can do so, not only within a fabric but across independent VXLAN EVPN fabrics (even when fabrics are geographically dispersed), removing suboptimal interfabric traffic paths. Additionally, routed flows between endpoints connected to the same leaf node can be directly routed at the local leaf layer.
  • In conjunction with ARP suppression, it reduces the flooding domain to its smallest diameter (the leaf or edge device), and consequently confines the failure domain to that switch.
  • It allows transparent host mobility, with the virtual machines continuing to use their respective default gateways (on the local VTEP), within each VXLAN EVPN fabric and across multiple VXLAN EVPN fabrics.
  • It does not require you to create any interfabric FHRP filtering, because no protocol exchange is required between Layer 3 anycast gateways.
  • It allows better distribution of state (ARP, Continue reading

36 – VXLAN EVPN Multi-Fabrics with External Routing Block (part 2)

VXLAN EVPN Multi-Fabric with External Active/Active Gateways

The first use case is simple. Each VXLAN fabric behaves like a traditional Layer 2 network with a centralized routing block. External devices (such as routers and firewalls) provide default gateway functions, as shown in Figure 1.

Figure 8: External Routing Block IP Gateway for VXLAN/EVPN Extended VLAN

Figure 1: External Routing Block IP Gateway for VXLAN/EVPN Extended VLAN

In the Layer 2–based VXLAN EVPN fabric deployment, the external routing block is used to perform routing functions between Layer 2 segments. The same routing block can be connected to the WAN advertising the public networks from each data center to the outside and to propagate external routes to each fabric.

The routing block consists of a “router-on-a-stick” design (from the fabric’s point of view) built with a pair of traditional routers, Layer 3 switches, or firewalls that serve as the IP gateway. These IP gateways are attached to a pair of vPC border nodes that initiate and terminate the VXLAN EVPN tunnels.

Connectivity between the IP gateways and the border nodes is achieved through a Layer 2 trunk carrying all the VLANs that require routing services.

To improve performance with active default gateways in each data center, reducing the hairpinning of east-west traffic for Continue reading

36 – VXLAN EVPN Multi-Fabrics Design Considerations (part 1)

Notices

With my friend and respectful colleague Max Ardica, we have tested and qualified the current solution to interconnect multiple VXLAN EVPN fabric. We have developed this technical support to clarify the network design requirements when the function Layer 3 Anycast gateways is distributed among all server node platform and all VXLAN EVPN Fabrics. The  whole article is organised in 5 different posts.

  • This 1st one elaborates the design considerations to interconnect two VXLAN EVPN based fabrics.
  • The 2nd post discusses the Layer 2 DCI requirements interconnecting Layer-2-based VXLAN EVPN fabrics with external routing block
  • The 3rd covers the Layer 2 and Layer 3 DCI requirement interconnecting VXLAN EVPN  fabrics with distributed Layer Anycast Gateway.
  • The 4th post examines host mobility across two VXLAN EVPN Fabrics
  • Finally the last section develops inbound and outbound path optimisation with VXLAN EVPN fabrics geographically dispersed.

Introduction

Recently, fabric architecture has become a common and popular design option for building new-generation data center networks. Virtual Extensible LAN (VXLAN) with Multiprotocol Border Gateway Protocol (MP-BGP) Ethernet VPN (EVPN) is essentially becoming the standard technology used for deploying network virtualization overlays in data center fabrics.

Data center networks usually require the interconnection of separate network fabrics, which may also be deployed across geographically dispersed Continue reading

Auto Network Diagram with Graphviz

One of the most useful and least updated pieces of network documentation is the network diagram. We all know this, and yet we still don’t have/make time to update this until something catastrophic happens and then we says to ourselves

Wow. I wish I had updated this sooner…

Graphviz

According to the website 

Graphviz is open source graph visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics,  software engineering, database and web design, machine learning, and in visual interfaces for other technical domains.

note: Lots of great examples and docs there BTW.  Definitely check it out.

Getting started

So you’re going to have to first install graphviz from their website. Go ahead… I’l wait here.

Install the graphviz python binding

This should be easy assuming you’ve already got python and pip installed. I’m assuming that you do.

>>> pip install graphviz

Getting LLDP Neighbors from Arista Devices

You can use the Arista pyeapi library, also installable through pip as well.  There’s a blog which introduces you to the basics here which you can check out. Essentially I followed that blog and then substituted the Continue reading

Up to 25% off Amazon Kindle and Fire Tablets – Deal Alert

Amazon has discounted various models of Kindle and Fire Tablets, some up to 25% off their regular list price. Use the links below to learn more and explore buying options. 25% off Kindle -- small, light, and perfect for reading. 17% off Kindle Paperwhite -- Amazon's best-selling Kindle. 20% off Fire Tablet, 7" Display, Wi-Fi, 8 GB 20% off Fire Kids Edition Tablet, 7" Display, Wi-Fi, 16 GB To read this article in full or to leave a comment, please click here

Nanoleaf Aurora: Smart lighting for the nerd set

“You’re going to put that in your office, aren’t you?” So quoth my beloved when I assembled and fired up the Nanoleaf Aurora lighting system in our living room. I understood her point. As lighting solutions go, the Nanoleaf Aurora isn’t exactly subtle in design and in operation as colors flow and change across the various panels it can be a little, well, dominating. That said, speaking as a card-carrying nerd, I love it! Check it out: As you can see, the Nanoleaf Aurora could be part of the set of “Lost in Space”, so unless your house looks like something from the Jetsons, you may find you have a stylistic conflict (and possibly significant other conflict) to deal with. To read this article in full or to leave a comment, please click here

Cisco Clock Issue – This Is Really Bad

Check out this advisory from Cisco that came out a couple days ago.  You need to read it and act on it immediately!  I’ll summarize for you : Thanks to a faulty clock signal component, certain Cisco devices will stop functioning after about 18 months and become really expensive bricks!  Reading through it, you’ll see phrases like “we expect product failures” and “is not recoverable.”  Seriously, what the hell? This really warms the heart.

The fault affects a couple Meraki devices, the Nexus 9504, and some models of the ISR 4000s – the ISR4331, ISR4321, and ISR4351.  The 4000s are part of Cisco’s flagship branch routers, and I know several people (including myself!) who have some of the affected units deployed in production.  Some unnamed people on Twitter tell me that they have 50 and even 120 of these guys deployed in the field.  That’s a lot of faulty clocks.

The fix is to open a TAC case and get a new device.  Cisco is using the word “platform” when talking about replacement, meaning that they’ll send you a naked device.  If you have cards or memory upgrades or a Continue reading

25% off iHome iPL23 Clock Radio with Lightning Dock, Support for iPhone 7/7+ – Deal Alert

iHome's iPL23 is compatible with iPhones 5, 6 and 7 (including Plus models), features premium speakers, a Lightning charging dock, FM radio, and alarm clock in one compact device. This handy radio clock charges Lightning-capable iPhone and iPod devices, while letting you wake or sleep to your favorite songs, podcasts, audio books or FM radio station. Gradual wake/sleep function slowly increases or decreases volume as you drift off, or come to. A USB port allows for simultaneous charging of your iPad or Apple Watch as well. The iPL23 in white has been discounted 25% from $79.95 to $59.95.To read this article in full or to leave a comment, please click here

SSH is a BAD API

Okay, so its not meant to be an API. I get that. I’ve been watching a rather good video about executing interactive commands with Parimiko and two thoughts came to my mind.

  • Very powerful/flexible way to do tasks across many devices
  • This could be a LOT easier if we simply had the RESTful API’s we want everywhere

In any case, I think the video below is a worthwhile watch if you’re struggle to leverage Python and SSH to make a modification across a large number of devices.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

Readers of this article may also enjoy:

  1. OSX, Outlook 2011 and Evernote
  2. Verdict’s In, Size Does Matter…
  3. DNC – What does “dropped the firewall” even mean?
  4. Information Management is Hard
  5. Risky Business #349 <-- Wow, a LOT Happened in 2014

The post SSH is a BAD API appeared first on PacketU.

The LeEco Le Pro 3 Ecophone; an Android smartphone definitely worth considering

It takes a brave company to attempt to gain a serious foothold in the U.S. smartphone market given that the dominant players are so massive and entrenched but that apparently wasn't a concern of LeEco when the company launched its products at the end of 2016. And rather than just selling smartphones, LeEco’s market approach is to become a lifestyle brand and claims that: LeEco seamlessly blends devices, content, applications and distribution in a first-of-its kind ecosystem. This innovative approach puts extraordinary experiences in the hands of millions of people all over the world. Pretty ambitious stuff but perhaps not surprising as LeEco is notable for being aggressively innovative and their product lines include televisions (the company acquired U.S. television manufacturer Vizio last year), headphones, speakers, chargers, phone covers, and there’s the LeEco Super Bike (with built-in fingerprint sensor ID and a waterproof touchscreen Android display). But wait! There’s more! They’ve even showcased a high-tech, self-driving concept car. To read this article in full or to leave a comment, please click here

Automation: Build or Consume?

The question of “home grown vs. off the shelf” comes up a lot. It comes up both in a professional capacity and social.

Home grown, usually born out of frustration to solve an immediate problem, often is a path that leads to consuming something off the shelf either Open Source or commercial. Home grown can deliver rapid results for simple things but has an exponential learning growth curve to do something more complex.

Why learn the oddities and nuances of a full programming language to write a multi-threaded application that automates concurrently, when you can write simple instructions that makes something else takes care of all of that mucking about in parallelism, logging and worrying about covering every use case. If you like hacking and building things, is it not better to apply that yearning solving rapidly rewarded challenges or to work on building something that starts off fragile and like all babies, has to learn to crawl, walk and be weened off milk?

Good tools deal with things like input, decision making and invoking output. It’s always better to control the pipeline and write linkages than to build the whole thing. After all, the problem with software is, you Continue reading

Starting SDN Learning Journey- Through Open vSwitch

openvswitch.png

Introduction

Software Defined networking (SDN) is no more a new topic but still many Network/ System engineers feel it painful how to start learning SDN. Many SDN solution exists in market and each has its pros and cons. Objective of this blog is to give an idea about SDN basics to the engineers who want to start their SDN learning curve.

Reference topology

  • 2 x Ubuntu host (14.04 LTS) each with multiple NICs
  • Open vSwitch installed in each host and 1 instance created.
  • Virtual Box installed in each host, vBox will be used to host guest virtual machines (VM-A & VM-B)

Topology Description

Open vSwitch (e.g br0) in each host will have following interfaces:-

  • A tap interface which will be used to bind guest VM to Open vSwitch
  • Eth1 of each host will be added to Open vSwitch
  • IP address / sub netmask for Eth1 of each host will be configured on Open vSwitch itself (br0)
  • Guest VM eth1 will be configured with IP/sub net mask different that host IP/ sub net mask
  • VXLAN / GRE will be configured on each host (by using host IP addresses)

Step by Step setting up Lab

It is assumed Ubuntu 14. Continue reading

TIP: How To Do MD5 and SHA1 File Checksum Validation

It’s always a good idea to calculate an MD5 or SHA1 file checksum to validate file integrity after download or transfer, especially when dealing with firmware binaries. While most modern systems are smart enough to validate images before attempting an installation, not all are so wise, and I’m sure I’m not the only one to have seen a device bricked (or stuck in ROMMON or a similar bootloader or equivalent) after a bad image was uploaded.

File Checksum

Here’s a quick reference guide to creating file checksums on Macos (OSX), Windows and Linux.

File Checksum Validation

There are various ways to check md5/sha1 checksums depending on your preferred platform. Vendors tend to publish the MD5 or SHA1 checksums (or both) for downloadable files, so it’s silly not to do checksum validation and confirm that the file has downloaded completely and uncorrupted. I try to validate after each time I transfer a file so that I don’t waste time sending a corrupted file on to the next hop. For example:

  • Download image file from Cisco’s website
  • — View the checksum and compare
  • SCP the file to a target jump server
  • — View the checksum and compare
  • SCP the file to the end device

Continue reading

Data, Analytics, Probabilities and the Super Bowl

Data is quickly becoming the coin of the realm in most aspects of the business world, and analytics the best way for organizations to cash in on it. It’s easy to be taken in by the systems and devices – much of the discussion around the Internet of Things tends to be around the things themselves, whether small sensors, mobile devices, self-driving cars or huge manufacturing systems. But the real value is in the data generated by these machines, and the ability to extract that data, analyze it and make decisions based on it in as close to real-time as

Data, Analytics, Probabilities and the Super Bowl was written by Nicole Hemsoth at The Next Platform.

Worth Reading: Quantum safe glossary

The Cloud Security Alliance’s Quantum-Safe Security (QSS) Working Group announces their latest release with the Quantum-Safe Security Glossary. The QSS Working Group was formed to address key generation and transmission methods and to help the industry understand quantum-safe methods for protecting networks and data. The working group is focused on long-term data protection amidst a climate of rising cryptanalysis capabilities. As the working group continues to produce documents to address concerns in a quantum world, the opportunity to share terms to provide a starting point to learn more about quantum-safe security. —Cloud Security Alliance

The post Worth Reading: Quantum safe glossary appeared first on 'net work.

Mozilla zaps residue of Firefox OS as it shutters IoT group

Mozilla confirmed that it is shuttering a group tasked with creating an operating system for connected devices, the category pegged as the "Internet of things," or IoT.It was the second defeat in 14 months for Mozilla projects aimed at producing commercial hardware products."We have shifted our internal approach to the IoT opportunity to step back from a focus on launching and scaling commercial products to one focused on research and advanced development," a Mozilla spokesman said in an email reply to questions. The open-source developer will dissolve its connected devices project, and will instead "incorporate our IoT explorations into an increased focus on emerging technologies."To read this article in full or to leave a comment, please click here

Lawsuit claims Apple broke FaceTime to force iOS 6 users to upgrade

Did Apple purposefully break iOS 6, rendering old iPhones unusable before their time? That’s the question at the heart of a new class-action lawsuit against the Cupertino company, which claims that Apple killed FaceTime in iOS 6 to avoid paying hefty licensing fees.The basis of the lawsuit, first reported by AppleInsider, comes from details that emerged last year in VirnetX’s patent infringement suit against the company. VirnetX licenses patents to technology companies, and one of those patents covers peer-to-peer audio and video transfer; Apple used peer-to-peer transfer to power FaceTime. When VirnetX, which has been described as a “patent troll,” came after Apple, the company switched to another relay method for FaceTime, using the third-party server Akami. That’s where things get tricky. Apple had to pay Akamai for that server usage to the tune of millions and millions of dollars. Faced with VirnetX’s patent infringement court win and mounting Akamai bills, Apple created a new peer-to-peer protocol for FaceTime in iOS 7.To read this article in full or to leave a comment, please click here

AT&T will prove 5G using open-source SDN technology

The blazing fast speed and low latency of 5G could suffer from the same obstacle that Gig-internet access does: a scarcity of apps that demonstrate its capabilities. Case in point: The Chattanooga municipal power company EPB slashed the price of Gig-internet to $69.95 per month because many customers opted for slower 100MB service at $59.95 because typical mobile and PC apps do not showcase the benefits of the top speed offering.It is a chicken and egg problem, or more aptly the chicken and the app problem. Without high-speed infrastructure, apps cannot be built that demonstrate the capabilities of 5G. And without apps, infrastructure will not reach cost effectiveness and be deployed at scale. 5G will not scale without distributing the cloud platforms into the network infrastructure running on software-defined networking (SDN) commodity hardware.To read this article in full or to leave a comment, please click here

1 2,341 2,342 2,343 2,344 2,345 3,849