Open Networking is the New Normal

The data center is in a constant state of transition. What was once home for rows upon rows of propriety and often siloed equipment based on closed-architecture designs, the modern day data center is now filled with white box solutions serving various functions but working in a harmonious or converged manner.

Several key factors are driving the change to white box or open hardware – ROI, flexibility and customizability of design, ease of implementation, and the avoidance of vendor lock-in along with the high price-tag it can bring. The rise of white box hardware started with servers and storage, and now a movement towards the adoption of open networking has gained quite a bit of traction. The

Open Compute Project (OCP) movement is driving creation of bare metal switches, such as Open Switches, that are designed to be open and disaggregated. This white box model for switching enables users to deploy, monitor, and manage networking alongside servers and storage at a much lower price-point than a traditional network switch.

Scaled Networking Simplified

With a white box switch, the OS layer is decoupled from the hardware itself which allows users to independently select the best-of-breed components and networking software stack Continue reading

Big Switch Is Getting Bigger. Much Bigger.

BigSwitch Logo

Cool news today from BigSwitch who have taken some big steps forward with their rather awesome Big Cloud Fabric (BCF) solution.

Building on the existing features of BCF 2.0 that was announced last July (see my post on the BCF launch for more details), version 2.5 adds some pretty good new features and a surprise partner.

BCF 2.5 New Features

VMWare vCenter Support

BCF now supports VMWare vCenter. BigSwitch sees an Ethernet fabric as a complementary technology to VMWare’s NSX, not a competitor; very wisely they would like to be the underlay while NSX provides the overlay. The BCF controller integrates right into vCenter so that network configuration can be automated with the virtual environment, and the controller provides a single interface to the entire fabric.

CloudStack / OpenStack

The original BCF supported OpenStack. BCF 2.5 now has more elements of OpenStack (Juno) support and adds CloudStack support. With this and the vCenter integration, BCF has positioned itself quite nicely for full server and switch automation.

Brite Box Switching?

My first question when I heard about this was “What on earth is Brite Box switching?” It turns out that somebody somewhere coined the phrase Continue reading

Big Switch updates SDN controller options

Big Switch Networks this week rolled out a new release of its cloud fabric software, which includes support for VMware vSphere environments and Dell switches, among other features.Big Cloud Fabric was released in the third quarter of 2014. It is an SDN fabric designed for bare metal switches.To read this article in full or to leave a comment, please click here

MPLS TE Design -Part 3

This is a continuation from Part 2 Fast Reroute Why Fast Reroute? Many NSP’s like ACME have traffic with tight SLAs. For instance below is an ITU delay recommendation for Voice. One Way Delay Characterization of Quality 0-150ms Acceptable for most applications 150-400ms May impact some applications Above 400ms Unacceptable ITU G.114 delay recommendations Having […]

Author information

Diptanshu Singh

Diptanshu Singh

Diptanshu Singh,(3xCCIE,CCDE) is a Sr. Engineer mostly focused on service providers , data center and security. He is a network enthusiast passionate about network technologies so not only is it his profession, but something of a hobby as well.

The post MPLS TE Design -Part 3 appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

MPLS TE Design -Part 2

This is a continuation from Part 1 Case for LDPoRSVP As we mentioned at the very beginning that ACME provides L3VPN and L2VPN services, which requires end to end LSP between the PEs. But due to scaling reasons, ACME decided not to extend RSVP to the edge routers. This creates a problem as there is […]

Author information

Diptanshu Singh

Diptanshu Singh

Diptanshu Singh,(3xCCIE,CCDE) is a Sr. Engineer mostly focused on service providers , data center and security. He is a network enthusiast passionate about network technologies so not only is it his profession, but something of a hobby as well.

The post MPLS TE Design -Part 2 appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

MPLS TE Design -Part 1

In this post we will be exploring different aspects of Traffic Engineering (RSVP-TE) from a design perspective using fictional ISP as a reference. The intent of the post is to not necessarily recommend a particular solution, but to bring up different aspects involved in the design. I am assuming that the reader already has somewhat […]

Author information

Diptanshu Singh

Diptanshu Singh

Diptanshu Singh,(3xCCIE,CCDE) is a Sr. Engineer mostly focused on service providers , data center and security. He is a network enthusiast passionate about network technologies so not only is it his profession, but something of a hobby as well.

The post MPLS TE Design -Part 1 appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

Using the Fork-and-Branch Git Workflow

Now that I’ve provided you with an introduction to Git and a brief overview of using Git with GitHub, it’s time to build on that knowledge by taking a closer look at one workflow often used when collaborating with Git. The “fork and branch” workflow is a common way of collaborating on open source projects using Git and GitHub. In this post, I’m going to walk through this workflow (as I understand it—I’m constantly learning), with a focus toward helping those that are new to this sort of thing.

If you’re new to Git and/or GitHub and haven’t yet read the earlier posts on Git and using Git with GitHub, I strongly recommend you read those first.

Basically, the “fork and branch” workflow looks something like this:

  • Fork a GitHub repository.
  • Clone the forked repository to your local system.
  • Add a Git remote for the original repository.
  • Create a feature branch in which to place your changes.
  • Make your changes to the new branch.
  • Commit the changes to the branch.
  • Push the branch to GitHub.
  • Open a pull request from the new branch to the original repo.
  • Clean up after your pull request is merged.

Here’s a bit more Continue reading

You shouldn’t be using gethostbyname() anyway

Today's GHOST vulnerability is in gethostbyname(), a Sockets API function from the early 1980s. That function has been obsolete for a decade. What you should be using is getaddrinfo() instead, a newer function that can also handle IPv6.

The great thing about getaddrinfo() is the fact that it allows writing code that is agnostic to the IP version. You can see an example of this in my heartleech.c program.

x = getaddrinfo(hostname, port, 0, &addr);
fd = socket(addr->ai_family, SOCK_STREAM, 0);
x = connect(fd, addr->ai_addr, (int)addr->ai_addrlen);

What you see here is your normal call to socket() and connect() just use the address family returned by getaddrinfo(). It doesn't care if that is IPv4, IPv6, or IPv7.

The function actually returns a list of addresses, which may contain a mixture of IPv4 and IPv6 addresses. An example is when you lookup www.google.com:

[ ] resolving "www.google.com"
[+]  74.125.196.105:443
[+]  74.125.196.147:443
[+]  74.125.196.99:443
[+]  74.125.196.104:443
[+]  74.125.196.106:443
[+]  74.125.196.103:443
[+]  [2607:f8b0:4002:801::1014]:443

My sample code just chooses the first one in the list, Continue reading

How to stay ahead of threats to DNS servers

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Gartner predicts more than 30 billion devices will be connected by the Internet of Things (IoT) by 2020, and Domain Name System (DNS) servers are critical to keeping it all running. However, the number, frequency and variety of attacks on DNS servers is rising, putting businesses and initiatives like IoT at enormous risk. The good news is, there are steps you can take to mitigate these attacks.

The DNS system translates easily memorized domain names into the numerical IP addresses needed for locating computer services and devices worldwide. According to the Internet Corporation for Assigned Names and Numbers (ICANN), there are 30 to 50 million DNS servers on the planet. These servers are being hit by four main types of attacks: zero-day, cache poisoning, denial of service (DoS) and distributed denial of service (DDoS).

To read this article in full or to leave a comment, please click here

Noction Intelligent Routing Platform (IRP) – What is it?

I was contacted by some people at Noction and asked if I was interested in writing about their platform, the Intelligent Routing Platform (IRP). Since it’s a product that uses Border Gateway Protocol (BGP), it peaked my interest. First let’s make the following things clear:

  • I am not being paid to write this blog post
  • My opinions can’t be bought
  • I will only write about a product if it’s something that interests me

BGP is the glue of the Internet (with DNS) and what keeps everything running. BGP is a well designed and scalable protocol which has been around for a long time. It has grown from carrying a few hundred routes to half a million routes. However, there will always be use cases where BGP might not fit your business model.

In Noction’s white paper they define the following as the network’s major challenges:

  • Meeting the customer’s demand for 100% uptime
  • Facing the low latency requirement
  • Achieving reliable data transmission
  • Avoiding network congestion and blackouts
  • Achieving consistency of throughput
  • Keeping bandwidth usage below predefined commit levels
  • Reducing the cost and time of network troubleshooting

The product is designed for multihomed networks running BGP. You can’t optimize network flows if Continue reading

How to transition from customer understanding to customer action

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Many companies focus on using cheaper, faster data warehouses to organize their accumulated customer data for business intelligence. But in order to remain competitive, businesses need to be using customer data to build applications that make real-time, data-driven decisions.

If you can interpret each attribute, event and transaction as a hint to help make the best predictions and decisions for your customers, you can transition from just customer understanding to customer action. But acting upon data to optimize customer experiences requires an architecture different from traditional data warehousing and business intelligence applications.

To read this article in full or to leave a comment, please click here

Its a new year!

My apology. I have been very absent here as of late.

I have been doing some different stuff, which is irrelevant here, but rest assured, i got some posts lined up. The next one on Unified MPLS. I think you will like it, so stay tuned!  :)

Happy New Year! :)

 

PCI DSS 3.0 went into effect Jan. 1. Are you in compliance?

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

The new Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0) that became mandatory January 1 contains significant changes that will require some businesses to do heavier lifting than they did in years past, and many may not realize it.

Certain e-commerce merchants who re-direct their customers to third parties for payment card data collection and third party service providers who remotely manage merchant systems and networks now face a bevy of technical controls that they have never dealt with before.

To read this article in full or to leave a comment, please click here

More Bang For Your Budget With Whitebox

white-box-sdn-nfv

As whitebox switching starts coming to the forefront of the next buying cycle for enterprises, decision makers are naturally wondering about the advantages of buying cheaper hardware. Is a whitebox switch going to provide more value for me than buying something from an established vendor? Where are the real savings? Is whitebox really for me? One of the answers to this puzzle comes not from the savings in whitebox purchases, but the capability inherent in rapid deployment.

Ten Thousand Spoons

When users are looking at the acquisition cost advantages of buying whitebox switches, they typically don’t see what they would like to see. Ridiculously cheap hardware isn’t the norm. Instead, you see a switch that can be bought for a decent discount. That does take into account that most vendors will give substantial one-time discounts to customers to entice them into more lucrative options like advanced support or professional services.

The purchasing advantage of whitebox doesn’t just come from reduced costs. It comes from additional unit purchases. Purchasing budgets don’t typically spell out that you are allowed to buy ten switches and three firewalls. They more often state that you are allowed to spend a certain dollar amount on devices Continue reading