What is route recursion
How does Internet work - We know what is networking
We are going back to networking basics with this post. In few lines below you will find most important theory that makes network gear do its job. The main router job is to making routing decisions to be able to route packets toward their destination. Sometimes that includes recursive lookup of routing table if the next-hop value is not available via connected interface. Routing decision on end device like PC, Tablet or Phone If one device wants to send a packet to another device, it first needs to find an answer to these questions: Is maybe the destination IP address chunk of local subnet
Could We Use OpenFlow for Load Balancing?
It all started with a tweet Kristian Larsson sent me after I published my flow-based forwarding blog post:
@ioshints sure but can't OpenFlow be used to implement an LB? It feels like a mix of terms here
— Kristian Larsson (@plajjan) December 3, 2015Segment routing key points
Segment Routing (SR) leverages the source paradigm. A node. steers a packet through an ordered list of instructions, called ‘ segment ‘.State is kept in the packet header, not on the router, with Segment Routing.
Resources such as the CPU and Memory are saved.
If you have 100 Edge Routers in your network and if you enable MPLS Traffic Edge to Edge, you would have 100×99/2 = 4950 LSP states on your Midpoint LSR. This is prevalent in many MPLS TE enabled network.
If you enable Segment Routing and if you evaluate the same midpoint case (since you assign a Prefix/Node SID for every Edge router), Midpoint LSR would have 110 entries instead of 4500 entries.
As for the scalability, everything is perfect. However, there is a caveat.
Segment list can easily get big if you use explicit routing for the purpose of OAM. If you do that, you may end up with 7-8 segments. In that case, it is pertinent that you check the hardware support.
Cisco claims that they have performed the tests on a number of service provider networks and that their findings show that two or three segments would be enough for the most explicit Continue reading
Docker Meetup Bangalore – Docker 1.9 Presentation
Following link captures the slides on Docker 1.9 feature overview that I presented at Docker Meetup, Bangalore on December 5, 2015. You can find more details on the meetup here.
ansible + ec2 + tags
This post is a direct result of the insightful questions asked by attendees during Ansible Fest 2015 San Francisco during the "Ask an Expert". This was a great opportunity for the Ansible Tower team to engage with customers of both Ansible and Tower and to understand their use cases, frustration, and love when working with our products.
Ansible Fest 2015 San Francisco
*The "Ask an Expert" allowed attendees to sign-up for 15 minute slots to talk with Ansible employees about particular problems or use cases. This resulted in over 50 customer questions! Two Ansible employees were stationed at a heavy traffic area to engage attendees and listen to their initial questions or concerns to help choose from more than 15 experts to best engage with. Attendees then engaged with the expert, identifiable by the "Ask an Expert" picture included in their check-in packet, during their registered time.
* The "Ask an Expert" interaction was much more organic than the above description. Times often ran over when in-depth conversations were had and empty time slots were often filled with discussion from attendees in a more ad-hoc manor.
The feedback from the "Ask an Expert" from the attendees was overwhelmingly positive. I can say that the feeling Continue reading
ansible + ec2 + tags
"How do I spin up multiple ec2 instances, all with differing tags?"
This question is one of the many insightful questions asked by attendees during AnsibleFest 2015 San Francisco at our "Ask an Expert" tables. AnsibleFest was a great opportunity for the Ansible team to engage with customers of both Ansible and Tower and to understand their use cases, frustration, and love when working with our products.
The "Ask an Expert" program allowed attendees to sign-up for 15 minute slots to talk with more than 15 Ansible experts, resulting in over 50 customer questions!
Feedback from the attendees was overwhelmingly positive. I can say that the feeling is mutual from the Ansible team side! It was a joy to hear from so many users of Ansible and Tower.
Example AnsibleFest "Ask an Expert" sign-up sheet:
Onto the Playbook
Now that we have the back story out of the way, let's get into the playbooks. Several attendees asked how to spin up multiple ec2 instances, all with differing tags.
Extrapolating from that question the user wants/concerns are:
- The ec2 doesn't "count" (spins up multiple identical instances)
- Run tasks/plays against spun up instances (obviously)
- Assign different properties to each instance (i.e. tags)
From the above requirements I will demonstrate a general Continue reading
Internet Redundancy with ASA SLA and IPSec
I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats over to a secondary service provider in the event of a failure. I was recently challenged with how this interacted with IPSec. As a result I built out this configuration and performed some fairly extensive testing.
It is worth noting that this is not a substitute for a properly multi-homed Internet connection that utilizes BGP. It is, however, a method for overcoming the challenges often found in the SMB environments where connections are mostly outbound or can alternatively be handled without completely depending on either of the service provider owned address spaces.
In this article, we will start out with a typical ASA redundant Internet connection using IP SLA. Then we will overlay a IPSec Site to Site configuration and test the failover process.
The base configuration for this lab is as follows. Continue reading
SDxCentral Weekly News Roundup — December 3, 2015
Three buyout firms are competing for $4 billion worth of Dell's assets; Verizon and IBM are cloud partners.
F5 Networks Could Be Ripe for the Picking
Cash, lack of debt, and a low stock price make F5 attractive.
iPexpert’s Newest “CCIE Wall of Fame” Additions 12/4/2015
Please join us in congratulating the following iPexpert students who have passed their CCIE lab!
What is Internet Goverance and Why Does it Matter?
Last month, CloudFlare participated the tenth annual Internet Governance Forum (IGF) in Joao Pessoa, Brazil. Since it was launched at the United Nations’ World Summit on the Information Society (WSIS) in 2005, the IGF has provided valuable opportunities for thousands of representatives of non-profit groups, businesses, governments, and others to debate decisions that will affect the future of the Internet. While the Forum does not negotiate any treaties or other agreements, what participants learn there can influence corporate strategies, standards proposals, and national government policies. Even more importantly, discussions in the hallways (or in the bar or on the beach) can lead to new projects, new thinking, and new collaborations.
The range of issues and the diversity of speakers on panels and at the podium was even greater this year than at previous IGFs. Issues ranged from the need for strong encryption to whether net neutrality regulations are needed—from countering the abuse of women online to how to foster deployment of IPv6 and Internet Exchange Points. You can watch all 167 IGF sessions, which were webcast and archived. I represent CloudFlare as a member of the Multistakeholder Advisory Group (MAG), which organizes the IGF program. Together with the other MAG Continue reading