IPv6 flow analytics with Containerlab

CONTAINERlab is a Docker orchestration tool for creating virtual network topologies. The sflow-rt/containerlab project contains a number of topologies demonstrating industry standard streaming sFlow telemetry with realistic data center topologies. This article extends the examples in Real-time telemetry from a 5 stage Clos fabric and Real-time EVPN fabric visibility to demonstrate visibility into IPv6 traffic flows.

docker run --rm -it --privileged --network host --pid="host" \
  -v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
  -v $(pwd):$(pwd) -w $(pwd) \
  ghcr.io/srl-labs/clab bash

Run the above command to start Containerlab if you already have Docker installed. Otherwise, Installation provides detailed instructions for a variety of platforms.

curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/clos5.yml

Download the topology file for the 5 stage Clos fabric shown above.

containerlab deploy -t clos5.yml

Finally, deploy the topology.

The screen capture shows a real-time view of traffic flowing across the network during an iperf3 test. Click on the sFlow-RT Apps menu and select the browse-flows application, or click here for a direct link to a chart with the settings shown above. 
docker exec -it clab-clos5-h1 iperf3 -c 2001:172:16:4::2

Each of the hosts in the network has an iperf3 server, so running the above command will test bandwidth between Continue reading

Is SASE right for your organization? 5 key questions to ask

Secure access service edge (SASE) is a network architecture that provides a security-focused alternative to SD-WAN. First outlined by Gartner in 2019, SASE converges SD-WAN services with a range of Security-as-a-Service offerings. Gartner now forecasts that by 2024 at least 40% of enterprises will consider adopting SASE.The leading SASE vendors are a mix of networking incumbents and well-funded startups. These include Cato Networks, Cisco, Fortinet, HPE, Palo Alto Networks, Perimeter 81, Versa, VMware, and Zscaler.To read this article in full, please click here

Are DPUs Any Good?

After VMware launched DPU-based acceleration for VMware NSX, marketing-focused websites frantically started discussing the benefits of DPUs. Although I’ve been writing about SmartNICs and DPUs for years, it’s time for another closer look at the emperor’s clothes.

What Is a DPU

DPU (Data Processing Unit) is a fancier name for a network adapter formerly known as SmartNIC – a server repackaged into an interface card form factor. We had them for decades (anyone remembers iSCSI offload adapters?)

Read more …

Are DPUs Any Good?

After VMware launched DPU-based acceleration for VMware NSX, marketing-focused websites frantically started discussing the benefits of DPUs. Although I’ve been writing about SmartNICs and DPUs for years, it’s time for another closer look at the emperor’s clothes.

What Is a DPU

DPU (Data Processing Unit) is a fancier name for a network adapter formerly known as SmartNIC – a server repackaged into an interface card form factor. We had them for decades (anyone remembers iSCSI offload adapters?)

Read more …

Linux bash tips: Many ways to loop using bash

The bash shell provides a superb functionality when it comes to writing scripts. This includes many ways to loop through a pile of data so that you can get a lot done with one running of a script. Whether you’re looping through a large group of numeric values, days of the week, usernames, words, files, or something else entirely, bash has an option that can make it easy for you.for, while, and until loops The first thing you need to know about looping in bash is that there are several basic commands to use. The while loop will loop as long as some particular condition holds true. The until loop will loop until some condition becomes true, and the for loop will run through a series of values regardless of their origin.To read this article in full, please click here

Linux bash tips: Many ways to loop using bash

The bash shell provides a superb functionality when it comes to writing scripts. This includes many ways to loop through a pile of data so that you can get a lot done with one running of a script. Whether you’re looping through a large group of numeric values, days of the week, usernames, words, files, or something else entirely, bash has an option that can make it easy for you.for, while, and until loops The first thing you need to know about looping in bash is that there are several basic commands to use. The while loop will loop as long as some particular condition holds true. The until loop will loop until some condition becomes true, and the for loop will run through a series of values regardless of their origin.To read this article in full, please click here

AWS launches new chips, replacement for TCP

Amazon Web Services has introduced a new CPU customized for high-performance computing (HPC) and the next generation of its Nitro smart networking chip, plus instances that take full advantage of the hardware.The Arm-based CPU is called the Graviton3E and has been optimized for floating point math, key in HPC, the company announced at AWS re:Invent conference. Amazon said Hpc7g instances powered by the new Graviton3E chips offer up to double the floating point and vector performance compared to the current generation of instances.The vast datasets that accompany HPC need to be moved around, so Amazon also introduced the fifth generation of its Nitro smartNICs, offering up to twice the network bandwidth and up to 50% higher packet processing-per-second performance compared to current generation networking-optimized instances.To read this article in full, please click here

Commands for finding out if compressed Linux files are the same

Compressed Linux files are helpful because they save disk space, but what should you do when you have a series of compressed files and want to determine if any are duplicates? The zdiff and zcmp commands can help.To begin, if a directory contains two files like those below, it’s easy to tell just from the listing that they are not identical. After all, the file sizes are a little different. The files look like this:$ ls -l total 200 -rw-r--r--. 1 shs shs 102178 Nov 22 2021 2021.gz -rw-r--r--. 1 shs shs 102181 Nov 22 11:19 2022.gz If you compare the files with the diff command, it will confirm that the files differ:To read this article in full, please click here

Commands for finding out if compressed Linux files are the same

Compressed Linux files are helpful because they save disk space, but what should you do when you have a series of compressed files and want to determine if any are duplicates? The zdiff and zcmp commands can help.To begin, if a directory contains two files like those below, it’s easy to tell just from the listing that they are not identical. After all, the file sizes are a little different. The files look like this:$ ls -l total 200 -rw-r--r--. 1 shs shs 102178 Nov 22 2021 2021.gz -rw-r--r--. 1 shs shs 102181 Nov 22 11:19 2022.gz If you compare the files with the diff command, it will confirm that the files differ:To read this article in full, please click here

DPUs Could Change The Network Forever

You wouldn’t think that AWS re:Invent would be a big week for networking, would you? Most of the announcements are focused on everything related to the data center but teasing out the networking specific pieces isn’t as easy. That’s why I found mention of a new-ish protocol in an unrelated article to be fascinating.

In this Register piece about CPUs there’s a mention of the Nitro DPU. More importantly there’s also a reference to something that Amazon has apparently been working on for the last couple of years. It turns out that the world’s largest online bookstore and data center company is looking to get rid of TCP.

Rebuilding Transport

The new protocol was developed in 2020. Referred to as Scalable Reliable Datagram (SRD), it was build to solve specific challenges Amazon was seeing related to performance in their cloud. Amazon decided that TCP had bigger issues for them that they needed to address.

The first was that dropped packets required retransmission. In an environment like the Internet that makes sense. You want to get the data you lost. However, when TCP was developed fifty years ago the amount of data that was lost in transit was tiny compared to Continue reading

Antrea Egress on vSphere 8 with Tanzu

Welcome to this new new blog post series about Container Networking with Antrea. In this blog, we’ll take a look at the Egress feature and show how to implement it on vSphere with Tanzu.

According to the official Antrea documentation Egress is a Kubernetes Custom Resource Definition (CRD) which allows you to specify which Egress (SNAT) IP the traffic from the selected Pods to the external network should use. When a selected Pod accesses the external network, the Egress traffic will be tunneled to the Node that hosts the Egress IP if it’s different from the Node that the Pod runs on and will be SNATed to the Egress IP when leaving that Node. You can see the traffic flow in the following picture.

Antrea Egress

When the Egress IP is allocated from an externalIPPool, Antrea even provides automatic high availability; i.e. if the Node hosting the Egress IP fails, another node will be elected from the remaining Nodes selected by the nodeSelector of the externalIPPool.

Note: The standby node will not only take over the IP but also send a layer 2 advertisement (e.g. Gratuitous ARP for IPv4) to notify the other hosts and routers on the Continue reading

1 345 346 347 348 349 3,793