Transforming Rigid Networks into Dynamic and Agile Infrastructure
The benefits of SDN with network virtualization.
Integrating SRX in Svc Provider Network (Routing and Multi-tenancy Considerations)
Service Providers networks are always have complex requirements of multi-tenancy, routing & security and pose challenges to network architects. In this blog I will write about SRX integration in Svc Provider Network while highlighting methodologies how to handle challenges of implementing security features with multi-tenancy and routing consideration.
REFERENCE TOPOLOGY
Devices have been classified into following segments based on their role:-
- Remote Customer Network (consist of Customer PCs connected to Provide Edge through Customer Edge).
- Provider Network (Consist of Provider Edge Routers and Provider Back Bone Rout
- Data Center Network (Consist of Internet Firewall and Server inside Data Center directly connected with Internet Firewall).
- Internet Edge (Consist of Internet Router connected with Internet Firewall hence providing internet access to Customer Networks connected with Data Center through provider network).
Traffic flow and security requirements are as under:-
- Customer 1 Network (PC-1) requires access to Server-1 installed in Data Center and to Public DNS Server reachable via Internet Edge Router.
- Continue reading
DevOps and the Infrastructure Dumpster Fire
We had a rousing discussion about DevOps at Cloud Field Day this week. The delegates talked about how DevOps was totally a thing and it was the way to go. Being the infrastructure guy, I had to take a bit of umbrage at their conclusions and go on a bit of a crusade myself to defend infrastructure from the predations of developers.
Stable, Boy
DevOps folks want to talk about continuous improvement and continuous development (CI/CD) all the time. They want the freedom to make changes as needed to increase bandwidth, provision ports, and rearrange things to fit development timelines and such. It’s great that they have they thoughts and feelings about how responsive the network should be to their whims, but the truth of infrastructure today is that it’s on the verge of collapse every day of the week.
Networking is often a “best effort” type of configuration. We monkey around with something until it works, then roll it into production and hope it holds. As we keep building more patches on to of patches or try to implement new features that require something to be disabled or bypassed, that creates a house of cards that is only as Continue reading
How NV Can Increase IT Agility
Network virtualization (NV) can increase IT agility, according to emerging case studies and user feedback.
Packet Blast: Top Tech Blogs, Sept. 16
We collect the top expert content in the infrastructure community and fire it along the priority queue.
Oracle Weighs In for a Brawl With AWS
OpenWorld will again be shrouded in Cloud.
Concept of Shared WiFi Precipitated SD-WAN for Mushroom Networks
SD-WAN sprouts like mushrooms in a rainy Autumn.
Multi-Chassis-Link Aggregation (MC-LAG)
In my earlier blog (Junos High Availability Design Guide) it was discussed how to make use of redundant routing engines by configuring features like (GRES, NSR, NSB) for reduction of downtime to minimum possible level.
The real problem is that one RE is active at one time and all PFEs must be connected with active RE . In case of failure of primary Routing Engine (RE) the backup RE will take over and all PFEs now, needs to connect to new primary RE. This scenario can cause momentary disruption of services.
MC-LAG (Active-Active) is correct solution to above described problem as it offers 2 active REs in 2 different devices/ chassis. Important concepts for MC-LAG proper configuration / functionality are as under:-
- Inter Chassis Control Protocol. The MC-LAG peers use the Inter-Chassis Control Protocol (ICCP) to exchange control information and coordinate with each other to ensure that data traffic is forwarded properly. ICCP replicates control traffic and forwarding states across the MC-LAG peers and communicates the operational state of the MC-LAG members. It uses TCP as a transport protocol and requires Bidirectional Forwarding Detection (BFD) for fast convergence. Because ICCP uses TCP/IP to communicate between the peers, the two peers must be connected to Continue reading
Time to move away from HPE Software
If you are still using HPE Software, you should actively plan to migrate away. The recent divestiture does not look good to me – I think existing customers are going to get soaked. Plan your migration now.
I’ve said it before, that I retain a soft spot for Hewlett-Packard. They gave me my first professional job out of university. I served my sentence doing HP OpenView consulting, and HP-UX Administration, but still: it got me started. Once you have some professional experience, it’s much easier to move to the next role.
It saddens me to watch HP’s ongoing struggles. It’s sad to watch a big ship get broken up for parts. But things had to change. They need to do something to adapt to the realities of modern IT demands.
There was one line in the recent announcement about divesting HPE’s software assets that stood out to me:
Micro Focus expects to improve the margin on HPE’s software assets by approximately 20 percentage points by the end of the third full financial year following the closing of the transaction
(Emphasis added).
It has been clear for a while that HP Software was no longer a core asset for HPE. It Continue reading
Junos High Availability Design Guide
High availability is one of the important consideration during network design and deployment stage and all most all the network vendors support various high availability features.
The objective of this article is to describe Junos best practices required to achieve minimum downtime in case of fail-over scenarios.
The Routing Engine or Control Plan is the brain in Junos based devices to run and execute all the management functions. Most of the Junos based devices offers redundant routing engines (either through default configuration or through explicit configuration virtual chassis ). At one time only one Routing engine can be active (exception of Active-Active MC-LAG which is beyond the scope of this blog). The mere presence of 2nd routing engine in the Junos device will not add any advantage with respect to high availability until certain features are not configured.
- Grace-full Routing Engine Switch Over (GRES). GRES enables synchronization of kernel and chassis demon between mater routing engine and backup routing engines and in case of failure of master routing Packet Forwarding Engine (PFE) will simply join to new master routing engine (which was backup routing before fail-over).
GRES can be configured by following configuration command:-
set chassis redundancy graceful-switchover
Effects of Continue reading