VyOS

VyOS is an open source router operating system based on Linux. This article discusses how to improve network traffic visibility on VyOS based routers using the open source Host sFlow agent.

VyOS claims sFlow support, so why is it necessary to install an alternative sFlow agent? The following experiment demonstrates that there are significant issues with the VyOS sFlow implementation.

vyos@vyos:~$ show version
Version: VyOS 1.4-rolling-202301260317
Release train: current

Built by: [email protected]
Built on: Thu 26 Jan 2023 03:17 UTC
Build UUID: a95385b7-12f9-438d-b49c-b91f47ea7ab7
Build commit ID: d5ea780295ef8e

Architecture: x86_64
Boot via: installed image
System type: KVM guest

Hardware vendor: innotek GmbH
Hardware model: VirtualBox
Hardware S/N: 0
Hardware UUID: 6988d219-49a6-0a4a-9413-756b0395a73d

Copyright: VyOS maintainers and contributors
Install a recent version of VyOS under VirtualBox and configure routing between two Linux virtual machines connected to eth1 and eth2 on the router. Out of band management is configured on eth0.
set system flow-accounting disable-imt
set system flow-accounting sflow agent-address 10.0.0.50
set system flow-accounting sflow sampling-rate 1000
set system flow-accounting sflow server 10.0.0.30 port 6343
set system flow-accounting interface eth0
set system flow-accounting interface eth1
set system flow-accounting interface eth2
The above commands configure sFlow monitoring Continue reading

Case Study: Centec MPLS Core

After receiving an e-mail from [Starry Networks], I had a chat with their founder and learned that the combination of switch silicon and software may be a good match for IPng Networks.

I got pretty enthusiastic when this new vendor claimed VxLAN, GENEVE, MPLS and GRE at 56 ports and line rate, on a really affordable budget ($4’200,- for the 56 port; and $1’650,- for the 26 port switch). This reseller is using a less known silicon vendor called [Centec], who have a lineup of ethernet chipsets. In this device, the CTC8096 (GoldenGate) is used for cost effective high density 10GbE/40GbE applications paired with 4x100GbE uplink capability. This is Centec’s fourth generation, so CTC8096 inherits the feature set from L2/L3 switching to advanced data center and metro Ethernet features with innovative enhancement. The switch chip provides up to 96x10GbE ports, or 24x40GbE, or 80x10GbE + 4x100GbE ports, inheriting from its predecessors a variety of features, including L2, L3, MPLS, VXLAN, MPLS SR, and OAM/APS. Highlights features include Telemetry, Programmability, Security and traffic management, and Network time synchronization.

S5624X Front

S5648X Front



After discussing basic L2, L3 and Overlay functionality in my [first post], and explored the functionality and Continue reading

Worth Reading: The War on Expertise

Jeff McLaughlin published an excellent blog post perfectly describing what we’ve been experiencing for decades: the war on expertise.

On one hand, the “business owners” force us to build complex stuff because they think they know better, on the other they blame people who know how to do it for the complex stuff that happens as the result of their requirements:

I am saying that we need to stop blaming complexity on those who manage to understand it.

Enjoy!

Worth Reading: The War on Expertise

Jeff McLaughlin published an excellent blog post perfectly describing what we’ve been experiencing for decades: the war on expertise.

On one hand, the “business owners” force us to build complex stuff because they think they know better, on the other they blame people who know how to do it for the complex stuff that happens as the result of their requirements:

I am saying that we need to stop blaming complexity on those who manage to understand it.

Enjoy!

Cloudflare’s network expansion in Indonesia

Cloudflare's network expansion in Indonesia
Cloudflare's network expansion in Indonesia

As home to over 200 million Internet users and the fourth-largest population in the world, Indonesians depend on fast and reliable Internet, but this has always been a challenging part of the world for Internet infrastructure. This has real world implications on performance and reliability (IP transit is on average 6x more expensive than our major South East Asian interconnection markets). That said, first we wanted to share what makes things challenging in Indonesia; geography, infrastructure, and market dynamics.

Geography: The Internet backbone for many countries is almost entirely delivered by terrestrial fiber optic cables, where connectivity is more affordable and easier to build when the land mass is contiguous and there is a concentrated population distribution. However, Indonesia is a collection of over 18,000 islands, spanning three time zones, and approximately 3,200 miles (5,100 km) east to west. By comparison, the United States is 2,800 miles (4,500 km) east to west. While parts of Indonesia are geographically close to Singapore (the regional Internet hub with over 60% of the region's data centers) given how large Indonesia is, much of it is far away.

Infrastructure: Indonesia is a large country and to connect it to the rest of the Internet Continue reading

Intel delays next GPU Max until 2025

A significant change to Intel's high performance computing roadmap gives competitors AMD and Nvidia plenty of time to grab market share.Intel has a pair of processors called CPU Max and GPU Max. Both feature high bandwidth memory (HBM) on the die which greatly increases performance. The successor to the GPU Max, known as Rialto Bridge, was due later this year or early next year.Instead, Intel cancelled Rialto Bridge, and its successor – Falcon Shores – isn't coming until 2025. Longer term, Intel plans to have one processor, called an XPU, that will combine CPU and GPU cores on one die, but that will come after Falcon Shores.To read this article in full, please click here

Intel delays next GPU Max until 2025

A significant change to Intel's high performance computing roadmap gives competitors AMD and Nvidia plenty of time to grab market share.Intel has a pair of processors called CPU Max and GPU Max. Both feature high bandwidth memory (HBM) on the die which greatly increases performance. The successor to the GPU Max, known as Rialto Bridge, was due later this year or early next year.Instead, Intel cancelled Rialto Bridge, and its successor – Falcon Shores – isn't coming until 2025. Longer term, Intel plans to have one processor, called an XPU, that will combine CPU and GPU cores on one die, but that will come after Falcon Shores.To read this article in full, please click here

Heavy Networking 669: Graphiant’s Network Edge Service Rethinks SD-WAN (Sponsored)

On today's Heavy Networking, sponsor Graphaint is here to discuss how it's rethinking SD-WAN using a Network-as-a-Service (NaaS) model to help customers consume WAN connectivity instead of setting up and operating a WAN for themselves. Graphiant combines SD-WAN mainstays such as multiple connection options and traffic policies based on applications and performance, without the operational overhead of SD-WAN tunnels. We dive into the how and why in this episode.

Heavy Networking 669: Graphiant’s Network Edge Service Rethinks SD-WAN (Sponsored)

On today's Heavy Networking, sponsor Graphaint is here to discuss how it's rethinking SD-WAN using a Network-as-a-Service (NaaS) model to help customers consume WAN connectivity instead of setting up and operating a WAN for themselves. Graphiant combines SD-WAN mainstays such as multiple connection options and traffic policies based on applications and performance, without the operational overhead of SD-WAN tunnels. We dive into the how and why in this episode.

The post Heavy Networking 669: Graphiant’s Network Edge Service Rethinks SD-WAN (Sponsored) appeared first on Packet Pushers.

US-China chip war to hit affiliates of server maker Inspur

In a move that highlights how the ongoing US-China chip war is disrupting the global semiconductor supply chain, the US is taking measures to address a gap in restrictions imposed on Chinese server maker Inspur Group that leaves US companies free to continue supplying Inspur’s affiliates, of which there are dozens, according to a report by Bloomberg.Inspur sells servers targeted at AI and big data workloads, and does business worldwide, including in the US, Europe, the Middle East, Latin America, and Asia-Pacific.To read this article in full, please click here

US-China chip war to hit affiliates of server maker Inspur

In a move that highlights how the ongoing US-China chip war is disrupting the global semiconductor supply chain, the US is taking measures to address a gap in restrictions imposed on Chinese server maker Inspur Group that leaves US companies free to continue supplying Inspur’s affiliates, of which there are dozens, according to a report by Bloomberg.Inspur sells servers targeted at AI and big data workloads, and does business worldwide, including in the US, Europe, the Middle East, Latin America, and Asia-Pacific.To read this article in full, please click here

The Dangers of Knowing Everything

By now I’m sure you’ve heard that the Internet is obsessed with ChatGPT. I’ve been watching from the sidelines as people find more and more uses for our current favorite large language model (LLM) toy. Why a toy and not a full-blown solution to all our ills? Because ChatGPT has one glaring flaw that I can see right now that belies its immaturity. ChatGPT knows everything. Or at least it thinks it does.

Unknown Unknowns

If I asked you the answer to a basic trivia question you could probably recall it quickly. Like “who was the first president of the United States?” These are answers we have memorized over the years to things we are expected to know. History, math, and even written communication has questions and answers like this. Even in an age of access to search engines we’re still expected to know basic things and have near-instant recall.

What if I asked you a trivia question you didn’t know the answer to? Like “what is the name of the metal cap at the end of a pencil?” You’d likely go look it up on a search engine or on some form of encyclopedia. You don’t know Continue reading

Technology Short Take 166

Welcome to Technology Short Take #166! I’ve been collecting links for the last few weeks, and now it’s time to share them with all of you. There are some familiar names in the links below, but also some newcomers—and I’m really excited to see that! I’m constantly on the lookout for new sources (if you have a site you think I should check out, hit me up—my contact info is at the bottom of this post!). But enough of that, let’s get on with the content. Enjoy!

Networking

Deploying firmware at Cloudflare-scale: updating thousands of servers in more than 285 cities

Deploying firmware at Cloudflare-scale: updating thousands of servers in more than 285 cities
Deploying firmware at Cloudflare-scale: updating thousands of servers in more than 285 cities

As a security company, it’s critical that we have good processes for dealing with security issues. We regularly release software to our servers - on a daily basis even - which includes new features, bug fixes, and as required, security patches. But just as critical is the software which is embedded into the server hardware, known as firmware. Primarily of interest is the BIOS and Baseboard Management Controller (BMC), but many other components also have firmware such as Network Interface Cards (NICs).

As the world becomes more digital, software which needs updating is appearing in more and more devices. As well as my computer, over the last year, I have waited patiently while firmware has updated in my TV, vacuum cleaner, lawn mower and light bulbs. It can be a cumbersome process, including obtaining the firmware, deploying it to the device which needs updating, navigating menus and other commands to initiate the update, and then waiting several minutes for the update to complete.

Firmware updates can be annoying even if you only have a couple of devices. We have more than a few devices at Cloudflare. We have a huge number of servers of varying kinds, from varying vendors, spread Continue reading

What is power over Ethernet (PoE)?

Power over Ethernet (or PoE) is the delivery of electrical power to networked devices over the same Ethernet cabling that connects them to the LAN. This simplifies the devices themselves by eliminating the need for an electric plug and power converter, and makes it unnecessary to have separate AC electric wiring and sockets installed near each device.Many enterprises have come to rely on PoE to bring electricity over existing data cables to Wi-Fi access points, firewalls, IP phones, and other infrastructure throughout their networks.To read this article in full, please click here