Mass Customization
I’ve mentioned in past articles about my belief that networking - both as a discipline and a technology - needs to be more consumable to other disciplines. But what does this mean? I was reminded of a few great examples today that I think are relevant to this idea, and might help explain my point a little more clearly. Mass Production Meets Customization The assembly line revolutionized the auto industry.Using Firewalls for Policy Has Been a Disaster
Almost every SDN vendor today talks about policy, how they make it easy to express and enforce network policies. Cisco ACI, VMware NSX, Nuage Networks, OpenStack Congress, etc. This sounds fantastic. Who wouldn’t want a better, simpler way to get the network to apply the policies we want? But maybe it’s worth taking a look at how we manage policy today with firewalls, and why it doesn’t work.
In traditional networks, we’ve used firewalls as network policy enforcement points. These were the only practical point where we could do so. But…it’s been a disaster. The typical modern enterprise firewall has hundreds (or thousands) of rules, has overlapping, inconsistent rules, refers to decommissioned systems, and probably allows far more access than it should. New rules are almost always just added to the bottom, rather than working within the existing framework – it’s just too hard to figure out otherwise.
Why have they been a disaster? Here’s a few thoughts:
- Traditional firewalls use IP addresses. But there’s no automated connection between server configuration/IP allocation and firewall policies. So as servers move around or get decommissioned, firewall policies don’t get automatically updated. You end up with many irrelevant objects and Continue reading
Voters are jerks
Out and about today, jerks are proudly displaying a "I Voted!" sticker. My twitter feed is likewise full of people proudly declaring they voted. They only serve to perpetuate the problem.Most voted for incumbents, while spending the rest of the year bitching about how bad the incumbents are.
Most base their voting on vapid political rhetoric, rather than understanding the issues. Their political analysis comes from late night comedians rather than serious sources. Those like Vox or the Economist do a good job with analysis, but of course, few read them because that would require thinking. It's much easier watching Jon Stewart or Stephen Colbert and laugh about how stupid other people are.
Though, understanding the issues is really just a smokescreen. What people really vote for is to take money from other groups and give it to themselves. They mask it in issues like national defense or the environment, but it's really just a money grab.
People proudly vote in this election, where few contests are competitive. These same people ignored the primaries, where their votes could have made a difference.
People waste their vote on major parties. Frankly, we live in a one Party state with Continue reading
Normalizing ACLs to Support Automated Changes
Although I look forward to network fabric management seeing broad deployment, the fact is that many networks (and especially enterprise LAN/WAN) will be managed with traditional methods for some time yet. Inconsistencies in device configurations can present a barrier to some types of automation. In this article, we’ll explore that very challenge and a resolution I came up with to handle it.
Not long ago, I was trying to automate an ACL line insertion task with a popular network configuration push tool that basically does CLI interaction with something like Expect. I needed to push a similar change to about 20 devices with minimal effort. Unfortunately, when looking at the ACL on several sample devices out of the target device pool, I saw things like this:
R1(config)#do sh access-list NAT Extended IP access list NAT 14 deny ip 10.10.1.48 0.0.0.7 10.0.0.0 0.255.255.255 20 deny ip 10.11.1.48 0.0.0.7 10.0.0.0 0.255.255.255 25 permit ip 10.10.1.48 0.0.0.7 192.168.0.0 0.0.255.255 30 permit ip 10.10.1.48 0. Continue reading
How Do You Spell That?
I spent a bit of my career on the phone doing support for a national computer vendor. In addition to the difficulties of walking people through opening the case and diagnosing motherboard issues, I found myself needing to overcome language barriers. While I only have a hint of an accent (or so I’ve been told), spelling out acronyms was a challenge. That’s where the phonetic alphabet comes into play
By now, almost everyone uses the NATO phonetic alphabet. It’s the most recognized in the world. The US joint Army/Navy version varies a bit but does have a lot of similarities. However, when I first started out using the NATO version quite a few callers didn’t know what Lima was or giggled when I said Tango.
I decided that some people have much more familiarity with first names. This was borne out when I kept using Mary for “M” instead of Mike. People immediately knew it. Same for Victor, Peter, and so on. So I cobbled together my own Name Phonetic Alphabet.
A – Adam
B – Barbara
C – Charlie
D – David
E – Edward
F – Frank
G – George
H – Harold
I Continue reading
Does a Cloud Orchestration System Need an Underlying SDN Controller?
A while ago I had an interesting discussion with a fellow SDN explorer, in which I came to a conclusion that it makes no sense to insert an overlay virtual networking SDN controller between cloud orchestration system and virtual switches. As always, I missed an important piece of the puzzle: federation of cloud instances.
2014-11-04 16:48Z: CJ Williams sent me an email with information on SDN controller in upcoming Windows Server release. Thank you!
Read more ...FREE Ansible Up & Running Preview
Are you camped out at your local bookstore awaiting the release of Ansible Up & Running next year and want something to read? How about the first 3 chapters of the book?
The free ebook preview of Ansible Up & Running by Lorin Hochstein includes:
Chapter 1 - Introduction
Chapter 2 - Playbooks, a Beginning
Chapter 3 - Inventory: Describing Your Servers
To download your copy in PDF, MOBI and ePUB formats click here or the link below.
Please enter a vaild email address as the ebook preview will be delivered via email.
Wireshark is almost a Native Species on OSX
I must have been living under a deep sea rock or something because I have been running Wireshark for a while now on my Mac and since Mountain Lion was released, it has been necessary to install XQuartz so that … Continue reading
If you liked this post, please do click through to the source at Wireshark is almost a Native Species on OSX and give me a share/like. Thank you!
The power of Clustering Illusion when managing image
As humans, we are predisposed to finding order out of otherwise random data. When we look at clouds or even a mountain ridge, we find shapes that are familiar to us. When we see data, we instinctively search for patterns to help make sense of what might appear to be random information. It might be our inherent need for understanding. Or maybe we are just programmed to compare things to stuff we already know. Whatever the underlying cause, it’s a powerful trait that virtually all of us share.
Understanding that people want to put information into buckets and draw conclusions, are there things that we can be doing to help manage our own image?
Walking a Vegas game floor
Maybe you have walked a gaming floor in Las Vegas, turning your head as you are assaulted by the lights and noise that accompany the gambling experience. While perusing the various games, have you ever spotted a roulette table and noticed that the last 6 spins have all come up black? The next spin is bound to be red!
Of course we all know that the likelihood of a red on the next spin is statistically the same, regardless of what Continue reading
Cisco free webinars.
Hello my friends. I wish I would not be banned for this advertisement :). I think this might be interesting for packet pushers audience and worth posting. At fisrt legal notice should be written :). All information provided in this post are my subjective understanding of this project. I am not marketing guy, so it […]
Author information
The post Cisco free webinars. appeared first on Packet Pushers Podcast and was written by Michał Janowski.
The Care and Feeding of a High Maintenance Network
The Care and Feeding of a High Maintenance Network
by Kris Olander, Sr. Technical Marketing Engineer - November 4, 2014
A network is an organic creation. The minute it’s born, when all new core and edge connections are made and routing is turned up, things begin to change. Many changes are self-driven due to unexpected interactions: Equal Cost Paths (ECMPs), Asymmetric Paths, etc. Other changes are due to the random nature of the Internet and are readily noticeable at the peering points into the newborn network.
Some people think that once the switch is turned on things will just work as designed. I’ve found that is rarely the case. Networks need care and feeding. Tools to check on the processing capacity, resource consumption, and well being of the network and its individual elements are required.
For the monitoring aspect of this “care and feeding,” simple SNMP tools may be used. They are perfectly adequate for tracking and graphing CPU rates, available memory and throughput for connections between network elements. However, when it comes to understanding the network’s routing and traffic patterns, using SNMP-based tools is rarely the best method.
Today’s dynamic IP networks require visibility into what’s happening Continue reading
Root Cause Analysis – It’s Not Perfect
Automated Root Cause Analysis promises a lot. High-end network monitoring systems promise that they can automatically isolate network problems, and only tell you about the thing that needs fixing. This sounds very enticing. Who wants a flood of alarms, when we could get just one alarm, telling us what we need to fix? But it’s not perfect, and you do need to pay attention to it.
Consider this contrived network:
What happens if the upstream link from the router fails?
From the perspective of the NMS, all systems at that site are unreachable. A simple NMS that is unaware of topology will create 4 alarms – one for each of the router, the switches and the server. A smarter NMS will recognise that it only needs one alarm, for the router WAN link being unreachable (and therefore the whole site is offline). It will know that the switches and server are unreachable, but those alarms will be suppressed by the key incident.
This all sounds like a good idea. Why wouldn’t you want that?
But what if the NMS view of the network is incomplete? What might happen then?
Consider the same network as above, but this time a new WAN router has been Continue reading
On choosing VMware NSX or Cisco ACI
Are you stuck in the middle of a battle to choose VMware NSX or Cisco ACI? In this post I’ll attempt to bring some clarity and strategic guidance in first choosing the right path, then propose how the two technologies can co-exist. I’ll start with the message below from a reader asking for my opinion on the matter:
Hi Brad,
I’m involved in a new Data Center networking project where Cisco is proposing the Cisco ACI solution. I am starting to dig-in to the technology, but my immediate “gut reaction” is to use Cisco for a standard Clos-type Leaf and Spine switch network and use NSX for providing Layer 3 to Layer 7 services.
I am interested in hearing your opinion about Cisco ACI versus VMware NSX, since you have worked for both companies. If you have time, it would be great to share your views on this subject.
As you can imagine, this is a highly political discussion and our network team are Cisco-centric and resisting my ideas. We are a VMware/Cisco shop and I want the best fit for our SDDC strategy.
For the sake of discussion, lets assume that your IT organization wants to optimize for better Continue reading
On choosing VMware NSX or Cisco ACI
Are you stuck in the middle of a battle to choose VMware NSX or Cisco ACI? In this post I’ll attempt to bring some clarity and strategic guidance in first choosing the right path, then propose how the two technologies can co-exist. I’ll start with the message below from a reader asking for my opinion on the matter:
Hi Brad,
I’m involved in a new Data Center networking project where Cisco is proposing the Cisco ACI solution. I am starting to dig-in to the technology, but my immediate “gut reaction” is to use Cisco for a standard Clos-type Leaf and Spine switch network and use NSX for providing Layer 3 to Layer 7 services.
I am interested in hearing your opinion about Cisco ACI versus VMware NSX, since you have worked for both companies. If you have time, it would be great to share your views on this subject.
As you can imagine, this is a highly political discussion and our network team are Cisco-centric and resisting my ideas. We are a VMware/Cisco shop and I want the best fit for our SDDC strategy.
For the sake of discussion, lets assume that your IT organization wants to optimize for better Continue reading
On choosing VMware NSX or Cisco ACI
Are you stuck in the middle of a battle to choose VMware NSX or Cisco ACI? In this post I’ll attempt to bring some clarity and strategic guidance in first choosing the right path, then propose how the two technologies can co-exist. I’ll start with the message below from a reader asking for my opinion on the matter:
Hi Brad,
I’m involved in a new Data Center networking project where Cisco is proposing the Cisco ACI solution. I am starting to dig-in to the technology, but my immediate “gut reaction” is to use Cisco for a standard Clos-type Leaf and Spine switch network and use NSX for providing Layer 3 to Layer 7 services.
I am interested in hearing your opinion about Cisco ACI versus VMware NSX, since you have worked for both companies. If you have time, it would be great to share your views on this subject.
As you can imagine, this is a highly political discussion and our network team are Cisco-centric and resisting my ideas. We are a VMware/Cisco shop and I want the best fit for our SDDC strategy.
For the sake of discussion, lets assume that your IT organization wants to optimize for better Continue reading
On choosing VMware NSX or Cisco ACI
Are you stuck in the middle of a battle to choose VMware NSX or Cisco ACI? In this post I’ll attempt to bring some clarity and strategic guidance in first choosing the right path, then propose how the two technologies can co-exist. I’ll start with the message below from a reader asking for my opinion […]Learning NSX, Part 18: Routing Without Network Address Translation
This is part 18 of the Learning NSX blog series, in which I talk about using layer 3 (L3) routing with VMware NSX but without network address translation (NAT). This post describes a configuration that offers yet another connectivity option for OpenStack cloud administrators and operators.
In part 6, I showed you how to add a gateway appliance to your NSX installation. Part 9 leveraged the gateway appliances to create a L3 gateway service, which—as I explained in part 15—provides the functionality for logical routers in OpenStack. (Logical routing was covered in part 14.) Part 16 expanded the routing configuration to support multiple external networks. This post expands the options again by showing you how to do logical routing without using network address translation (NAT). Of course, it would probably be helpful to read the entire series; links to all posts can be found on the Learning NVP/NSX page.
As I mentioned, so far you’ve seen three different external connectivity options:
- Routing (layer 3 connectivity) to a single external network
- Routing (layer 3 connectivity) to multiple external networks using VLANs
- Bridging (layer 2 connectivity) between a logical network and a physical broadcast domain
Both of the routed Continue reading
Cloudflare – An Awesome IPv6 Move – Thank you!
Recently Cloudflare made a pretty cool move, and made their IPv6 services available to all of their customers – even the free ones, like me! So first things first, huge kudos to Cloudflare for offering this up; it has offered … Continue reading
If you liked this post, please do click through to the source at Cloudflare – An Awesome IPv6 Move – Thank you! and give me a share/like. Thank you!