CALIENT Technologies Featured Interview: Pod Architecture & Cloud Data Centers with LightConnect Fabric
In this featured interview with Atiq Raza, chairman and CEO of Calient, we learn about the new challenges driving the future of data center design and how the growing popularity of POD architecture simplifies the need for managing operations.
sFlow Creator Peter Phaal On Taming The Wilds Of SDN & Virtual Networking
InMon president Peter Phaal shares his thoughts on the power of Open Switching Platforms and the Software Defined Data Center.
Lab: iBGP and OSPF Traffic Engineering
Click to enlarge
Here’s the scenario: An enterprise network with an MPLS core and two branch locations connected to their own Provider Edge (PE) router. In addition to the MPLS link, the PEs are also connected via a DMVPN tunnel. The PEs are peering via iBGP (of course) and are also OSPF neighbors on the DMVPN. Both Customer Edge (CE) routers at the branch are OSPF neighbors with their local PE.
Task: Use the high speed MPLS network as the primary path between the CE routers and only use the DMVPN network if the MPLS network becomes unavailable.
Question: Is the solution as simple as adjusting the Admin Distance (AD) so that the iBGP routes are more preferred?
Default State
The obvious first issue is the default AD for iBGP (200) is higher than the default AD of OSPF (110) which means the OSPF path over the DMVPN is going to be preferred. This is confirmed if we do a traceroute from R5 to R6:
R5#traceroute 6.6.6.6 source lo5
1 10.0.45.4 2 msec 0 msec 1 msec
2 10.10.10.7 17 msec 17 msec 17 msec
3 10.0.67.6 18 Continue readingThe Problem with Peanuts
I was hungry. Perhaps that’s a good excuse, or perhaps not. Either way, I sat down after ordering, took a peanut, broke the nuts out of the shell, and ate them.
After eating the peanut, I felt less hungry. So I picked up another one and ate it, as well. Soon enough, long before I order came out in fact, I wasn’t really hungry any longer. I still ate, of course, because I’d bought the burger, and it was a good burger. The fries were pretty good, too. The sweet tea wasn’t shabby, either.
But I thought about the peanut it all started with as I ate the burger. You see, a peanut solved my hunger problem. So it one peanut solves my hunger, why couldn’t a pile of peanuts solve world hunger? So I took a pile of peanuts and put them on the table, considering something I’d never thought about before — I could solve world hunger. Right here, right now, in this place, I could actually solve a major problem the world has been struggling with for thousands of years.
Okay, but then where would I get these peanuts? The place I was in had boxes stacked Continue reading
Retiring the Rockstar: A Counterpoint
“You’re a rockstar!” Chances are, you’ve either a) been told this as a compliment for some work you’d done; b) heard this told to someone else for some work they’d done; or c) told someone this for some work they’d done. If you said this to someone else—I just told someone this quite recently—chances are also very likely that you had nothing but positive intentions behind this statement and your goal was to compliment them on what you saw as outstanding work. But is “rockstar” the wrong term to use? And if so, what is the right term?
Recently, Tyler Britten (a very talented professional and a former colleague when I worked as an EMC vSpecialist) posted an article titled “Time to Retire the Rockstar,” in which he draws a connection between the use of terms like “rockstar,” “superstar,” “genius,” or “guru” and the myth of the lone genius. I see his point, and don’t necessarily disagree with it. Something can be said that calling someone a rockstar (or any of the other terms listed) isn’t automatically encouraging them to “eschew teams and communities and to work alone”, but that isn’t the point of this post. Here I’d rather Continue reading
SElinux policy for icmp checks
Many issues reported with scanning subnets and updating host statuses are related to SElinux being enabled. So far the solution was to completely disable SElinux, but this was more workaround than anything else. Robert was kind enough to share SElinux policy that should be used with phpipam if SElinux is enabled on your server.
Basically it permits the opening of raw IP sockets for non-root users, that are required for executing ping command.
1) Create the file http_ping.tt and add the following to it:
module http_ping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
2) Run the following commands (as root user):
checkmodule -M -m -o http_ping.mod http_ping.tt semodule_package -o http_ping.pp -m http_ping.mod semodule -i http_ping.pp
brm
You Must Understand the Fundamentals to Be Successful
I was speaking with a participant of an SDN event in Zurich after the presentations, and he made an interesting comment: whenever he experienced serious troubleshooting problems in his career, it was due to lack of understanding of networking fundamentals.
Let me give you a few examples: Do you know how ARP works? What is proxy ARP? How does TCP offload work and why is it useful? What is an Ethernet collision and when would you see one? Why do we need MLD in IPv6 neighbor discovery?
You must understand the fundamentals to be successful
I was speaking with a participant of the recent SDN event in Zurich after the presentations, and he made an interesting comment: whenever he experienced serious troubleshooting problems in his career, it was due to lack of understanding of networking fundamentals.
Read more ...