NetworkingNexus.net

Technology Short Take #46

Welcome to Technology Short Take #46. That’s right, it’s time for yet another collection of links and articles from around the Internet on various data center-related technologies, products, projects, and efforts. As always, there is no rhyme or reason to my collection; this is just a glimpse into what I’ve seen over the past few weeks. I hope you are able to glean something useful.

Networking

This post by Matt Oswalt—the first in a series, apparently—provides a great introduction to 5 development tools for network engineers. I’ve already increased my usage of Git in an effort to become more fluent with this very popular version control tool, and I was already planning on exploring Jinja2 as well (these are both mentioned in Matt’s article). This is a really useful post and I’m looking forward to future posts in this series.
Matt also recently posted part 4 (of 5) in his series on SDN protocols; this post covers OpFlex and declarative networking.
It was good to read this post on Cumulus Linux first impressions by Jeremy Stretch. I’m a fan of Cumulus, but I’m admittedly a Linux guy (see here) so you might say I’m a bit biased. Jeremy is Continue reading

The Unofficial JNCIE-ENT Prep Guide

Some of you may have heard that Jeff Fry has published his Unofficial JNCIE-ENT Prep Guide, but how many of you have purchased it yet? I’ve had the opportunity to look it over as he was completing it, and I must say it is an impressive collection of work. He has stuffed over 500 pages into the workbook and we’re not talking about fluff. Countless hours and many months of work later, he has published it with LeanPub, and will continue to issue updates. That is one of the nice things about Leanpub, with your purchase, you have the right to receive all future updates to the content! And many publishers, at least the ones I’ve purchased from, do push out significant updates to their work. You also receive a 100% guarantee on your purchase, that means if you are not happy, you can receive a full refund within 45 days of purchase. Jeff has also published a sample which includes the full table of contents and small sample section of the content.

If you’re studying for the JNCIE-ENT use the link below and receive 25% off your purchase.

The post The Unofficial JNCIE-ENT Prep Guide appeared first on Continue reading

7-Nov-2014: Press Releases From Meru, Gigamon, Big Switch + Dell

I receive a steady stream of press releases from networking vendors. I don’t have time to cover them all (or even most of them) individually, because there’s only so many hours in the week. Even so, I find many of the releases to contain genuinely interesting news. I thought I’d try echoing the […]

Imtech’s SDN and NFV demo

This is a pretty cool demo of SDN (Software-Defined Networking) and NFV (Network Function Virtualization) by our SDN Consultant. I’ve seen a lot of slideware on Contrail and NFV, but they don’t really help understanding very well. Seeing it actually happen makes a world of difference.

Watch the demo trailer here.

FlipIT Cloud: Orchestrating IT-as-a-Service on Software Gone Wild

Imagine being an IT administrator running a multi-tenant enterprise environment (example: an SMB business center). How many things would you have to configure to add a new tenant? How about adding a new user for an existing tenant?

The engineers behind the scenes of FlipIT cloud service ended up with a 40-page configuration guide when they started the service years ago… and obviously decided full-blown automation is the only way to go.

Alteon – each server is different

Lab goal

Create VIP 10.136.6.16 with the following servers/reals:

"r8080" - 10.136.85.1 port 8080
"r8081" - 10.136.85.2 port 8081
"r8082" - 10.136.85.3 port 8082

The group name should be "gMulti".

Setup

I'll use my Loadbalancer Lab Setup.

The loadbalancer is Radware's Alteon VA version 29.5.1.0

The initial Alteon VA configuration can be found here.

Alteon configuration

First lets add the reals.

/c/slb/real r8080
       ena
       ipver v4
       rip 10.136.85.1
       addport 8080
/c/slb/real r8081
       ena
       ipver v4
       rip 10.136.85.2
       addport 8081
/c/slb/real r8082
       ena
       ipver v4
       rip 10.136.85.3
       addport 8082
/c/slb/group gMulti
       ipver v4
       add r8080
       add r8081
       add r8082
/c/slb/virt 6_16
       ena
       ipver v4
       vip 10.136.6.16                   
/c/slb/virt 6_16/service 80 http
       group gMulti
       rport 0

Lines 1-15 : Configure the real servers

Notice the addport command, which sets the port being used by the server.

Lines 16-20: Create a new group and adds the previously defined servers

Lines Continue reading

Storage Traffic Magic with OpenFlow

I am in the Bay Area this week, working on some network automation stuff, and I was fortunate to be able to stop by and say hello to the Storage Field Day 6 folks over drinks. I was told by several impressed delegates about a talk by Andy Warfield of Coho Data, where he described how they used OpenFlow to steer storage traffic intelligently to and from various nodes in a distributed storage array.

Storage Traffic Magic with OpenFlow

Santa Cruz New Tech Meetup

Since moving to Santa Cruz, I’ve attended two meetups for Santa Cruz New Tech Meetup, which is the 8th largest meetup in the United States. The events are held on the first Wednesday of each month and feature pitches from some of the local tech entrepreneurs in the city. While Santa Cruz isn’t technically Silicon Valley … Continue reading →

Using Puppet to Configure F5 Network’s LTM via SOAP

You’ll like this, and you won’t; and that reflects on how I’ve felt variously about this task/burden. So, I’ve spent three weeks, almost full-time, on the work necessary to use Puppet to configure F5 Networks LTM via SOAP. Not just a few Pools and Virtual Servers; the whole box, from scratch. I knew this would be […]

Author information

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

The post Using Puppet to Configure F5 Network’s LTM via SOAP appeared first on Packet Pushers Podcast and was written by Steven Iveson.

APIs Alone Aren’t Enough

Yes, we know: Your product has an API. Yawn. Sorry for not getting excited. That’s just table stakes now. What I’m interested in is the pre-written integrations and code you have that does useful things with that API.

Because sure, an API lets me integrate my various systems however I want. Theoretically. Just the same way that Bunnings probably sells me all the pieces I need to build a complete house.

Random aside: If your “open API” requires signing an NDA to view details, then maybe it’s not so open after all?

If I’m running a small company staffed by developers, then just giving me an API is acceptable. But in a larger company, or one without developer resources, an API alone isn’t enough. I want to see standard, obvious integrations already available, and supported by the vendor.

In this spirit, I’m very pleased to see that ThousandEyes now has a standard integration with PagerDuty:

ThousandEyes appears as a partner integration from which you can receive notifications; and, within ThousandEyes we now have a link to easily add alerts to your PagerDuty account.

You can read more at the ThousandEyes blog.

This is exactly the sort of obvious integration I Continue reading

Chinese Routing Errors Redirect Russian Traffic

In recent weeks, Russian President Vladimir Putin announced a plan to enact measures to protect the Internet of Russia. In a speech to the Russian National Security Council he said, “we need to greatly improve the security of domestic communications networks and information resources.” Perhaps he should add Internet routing security to his list because, on a number of occasions in the past year, Russian Internet traffic (including domestic traffic) was re-routed out of the country due to routing errors by China Telecom. When international partners carry a country’s domestic traffic out of the country, only to ultimately return it, there are inevitable security and performance implications.

Last year, Russian mobile provider Vimpelcom and China Telecom signed a network sharing agreement and established a BGP peering relationship. However, as can often happen with these relationships, one party can leak the routes received from the other and effectively insert itself into the path of the other party’s Internet communications. This happened over a dozen times in the past year between these two providers. This is a general phenomenon that occurs with some regularity but isn’t often discussed in BGP security literature. In this blog post, we’ll explore the issue Continue reading

Improving performance and security with a visibility plane in virtual network infrastructures

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Software-defined networking (SDN) and network functions virtualization (NFV) promise numerous benefits, but adding layers of network abstraction come at a cost: visibility into the traffic traversing the links at the physical layer.

The migration to ever-faster networks is compounding this challenge because virtually no network monitoring, management or security tool today is capable of operating at 40Gbps or 100Gbps. Network packet brokers (NPBs), also known as network visibility controllers, address this challenge by capturing, filtering, aggregating and optimizing traffic. This enables 1Gbps and 10Gbps performance management and security systems to operate in 40/100Gbps networks.

To read this article in full or to leave a comment, please click here

Node and Link Protection

Node and link protection is a mechanism for protecting LSPs from (you guessed it) the failure of nodes and links. It differs from fast re-route in that you have to specify node and link protection on the interfaces of all the downstream routers as well as on the LSP at its source.

My network looks like this at the moment, with an LSP running from R5 to R1 using the shortest path determined by the IGP:

Path of LSP R5-to-R1

So on R5, I configure node-link-protection on the LSP:

root@R5> show configuration protocols mpls
no-propagate-ttl;
label-switched-path R5-to-R1 {
    to 10.0.6.1;
    node-link-protection;
}
interface ge-0/0/0.0;
interface ge-0/0/1.0;

This has the effect of signalling to the downstream routers that link and node protection is desired, as you can see here:

root@R5> show mpls lsp name R5-to-R1 detail
Ingress LSP: 6 sessions

10.0.6.1
  From: 10.0.3.5, State: Up, ActiveRoute: 0, LSPname: R5-to-R1
  ActivePath:  (primary)
  Node/Link protection desired                        <===== Node Link Protection 
  LSPtype: Static Configured, Penultimate hop popping
  LoadBalance: Random
  Encoding type: Packet, Switching type: Packet, GPID: IPv4
 *Primary                    State: Up
    Priorities: 7 0
 Continue reading

Setting up the Tools for Contributing to OpenStack Documentation

For non-programmers, making a meaningful contribution to an open source project can be difficult; this is as true for OpenStack as for other open source projects. Documentation is a way to contribute, but in the case of OpenStack there is a non-trivial setup required in order to be able to contribute to the OpenStack documentation. In this post, I’m going to share how to set up the tools to contribute to OpenStack documentation in the hopes that it will help others get past the “barrier to entry” that currently exists.

I’ve long wanted to be more involved in supporting the OpenStack community, beyond my unofficial support via advocacy and blogging about OpenStack. I felt that documentation might be a way to achieve that goal. After all, I’ve written books and have been blogging for 9 years, so I should be able to add some value via documentation contributions. However, the toolchain that the OpenStack documentation uses requires a certain level of familiarity with development-focused tools, and the “how to” guides were less than ideal because of assumptions made regarding the knowledge level of new contributors. For these reasons, I felt that sharing how I (a non-programmer) set up the tools Continue reading

Monitoring OTV – Overlay Transport Virtualization

If there is anything I find more enjoyable then doing some type of network design or writing on whiteboard, it’s thinking about network management and creating some new alert or poller that let’s me know when something changes that shouldn’t. It would seem over the last few years Data Center technologies have really become popular: […]

The Quanta LB4M – Cheap White Box Switching?

“Hey,” said my friend, “are you interested in buying an Ethernet switch? 48 1Gbps copper ports and two 10Gbps fiber uplinks. Very cheap. Layer 2 only, though.” A few minutes later, we were doing business out of the trunk of … Continue reading →

If you liked this post, please do click through to the source at The Quanta LB4M – Cheap White Box Switching? and give me a share/like. Thank you!

The Philosophy of Network-as-a-Service

In the world of Anything-as-a-Service (I will leave the acronym to your imagination), Network-as-a-Service is not a new term. In fact, it even has its own wikipedia page which will tell you it has been used for many years now, well before the current set of service related terms in IT have become popular.

Like most high tech industries, we get somewhat carried away when we have some new terminology and quickly overuse and overload them, watering them down to be meaningless or at least highly confusing. But when you cut through the clutter a bit, the as-a-Service terminology most certainly articulates a shift in thought process and behaviors on how we provide and consume IT resources.

The IT organization has always been a service organization, there is nothing much new there. From the days of mainframes and supercomputers, their job was to provide access to these expensive resources and maintain them. They provided environments that allowed the users to conveniently consume these abilities, and the business applications that ran on top of them, whether those were financial systems, email, uucp news (remember those days) or the basic ability to run user created jobs.

With the distribution of compute and Continue reading

Setting up the Tools for Contributing to OpenStack Documentation

So You’re an Open Source Shop? Really?

I carried out an interesting quiz during one of my Interop workshop:

How many use Linux-based servers? Almost everyone raised their hands;
How many use Apache or Tomcat web servers? Yet again, almost everyone.
How many run applications written in PHP, Python, Ruby…? Same crowd (probably even a bit more).
How many use Nginx, Squid or HAProxy for load balancing? Very few.

Is there a rational explanation for this seemingly nonsensical result?