Open-Source Hybrid Cloud Reference Architecture on Software Gone Wild

A while ago Rick Parker told me about his amazing project: he started a meetup group that will build a reference private/hybrid cloud heavily relying on virtualized network services, and publish all documentation related to their effort, from high-level architecture to device and software configurations, and wiring plans.

In Episode 8 of Software Gone Wild Rick told us more about his project, and we simply couldn’t avoid a long list of topics including:

Alteon AppShape++ Redirects

Lab goals

Setup

I'll use my Loadbalancer Lab Setup.

1
2

10.136.6.11     3.dans-net.com
10.136.6.11     r.dans-net.com

Alteon configuration

1
2
3
4
5
6
7
8
9

/c/slb/group g1
        ipver v4
        add 1
/c/slb/group g2
        ipver v4
        add 2
/c/slb/group g3
        ipver v4
        add 3

1
2
3
4

 /c/slb/ Continue reading

DockerCon video: Docker deployments at New Relic

In this session, Paul Showalter & Karl Matthias from New Relic discuss how they succesfully leveraged Docker to have consistent, isolated, custom distributed environments over which they have centralized control; making their continuous deployment processes easy and scalable.

Learn More

• Read more about how New Relic used Docker to solve thorny deployments issues

Docker Events and Meetup

• View the list of upcoming events & meetup
• Find a Docker meetup group

Try Docker and stay up-to-date

• Sign up for a free Docker Hub account
• Try our online tutorial
• Sign up for Docker Weekly

IDF 2014: Data Center Mega-Session

This is a liveblog of the Data Center Mega-Session from day 2 of Intel Developer Forum (IDF) 2014 in San Francisco.

Diane Bryant, SVP and GM of the Data Center Group takes the stage promptly at 9:30am to kick off the data center mega-session. Bryant starts the discussion by setting out the key drivers affecting the data center: new devices (and new volumes of devices) and new services (AWS, Netflix, Twitter, etc.). This is the “digital service economy,” and Bryant insists that today’s data centers aren’t prepared to handle the digital service economy.

Bryant posits that in the future (not-so-distant future):

• Systems will be workload optimized
• Infrastructure will be software defined
• Analytics will be pervasive

Per Bryant, when you’re operating at scale then efficiency matters, and that will lead organizations to choose platforms selected specifically for the workload. This leads to a discussion of customized offerings, and Bryant talks about an announcement earlier in the summer that combined a Xeon processor and a FPGA (field-programmable gate array) on the same die.

Bryant then introduces Karl Triebes, EVP and CTO of F5 Networks, who takes the stage to talk about FPGAs in F5 and how the joint Xeon/FPGA integrated solution Continue reading

AnsibleFest San Francisco Speakers

IDF 2014 Day 1 Recap

In case you hadn’t noticed, I’m at Intel Developer Forum (IDF) 2014 this week in San Francisco. Here’s a quick recap of day 1 (I should have published this last night—sorry for not getting it out sooner).

Day 1 Keynote

Here’s a liveblog of the IDF 2014 day 1 keynote.

The IDF keynotes are always a bit interesting for me. Intel has a very large consumer presence: PCs, ultrabooks, tablets, phones, 2-in–1/convertibles, all-in–1 devices. Naturally, this is a big part of the keynote. I don’t track or get involved in the consumer space; my focus is on the data center. It is kind of fun to see all the stuff going on in the consumer space, though. There were no major data center-centric announcements yesterday (day 1), but I suspect there will be some today (day 2) in a mega-session with Diane Bryant (SVP and GM of the Data Center Group at Intel). I’ll be liveblogging that mega-session, so stay tuned for details.

Technical Sessions

I was able to hit two technical sessions yesterday and liveblogged both of them:

• Virtualizing the Network to Enable a Software-Defined Infrastructure
• Bare Metal, Containers, and Virtualization: The Growing Choices for Cloud Applications

Both were Continue reading

IPv6 Neighbor Discovery (ND) and Multicast Listener Discovery (MLD) Challenges

A few days ago Garrett Wollman published his exasperating experience running IPv6 on large L2 subnets with Juniper Ex4200 switches, concluding that “… much in IPv6 design and implementation has been botched by protocol designers and vendors …” (some of us would forcefully agree) making IPv6 “…simply unsafe to run on a production network…”

The resulting debate on Hacker News is quite interesting (and Andrew Yourtchenko is trying hard to keep it close to facts) and definitely worth reading… but is ND/MLD really as broken as some people claim it is?

Network Neutrality Is a Political, Not Technical, Problem

Network Neutrality is a Political, Not Technical, Problem

We've mentioned Network Neutrality several times before on the Knetwork Knowledge Blog, but I wanted to take another look at it since it's back in the news with Wednesday's planned protests by "BattleForTheNet.com" - an artificial "Internet Slowdown" that will create symbolic "loading" symbols and artificially slow down page loading. Participating websites include Kickstarter, Reddit, Foursquare, Vimeo, Namecheap, and others. 

Packet Design has differing opinions on the issue of network neutrality. This is a bit surprising when you consider network neutrality as a technical issue, because you would expect that the engineering and mathematics would speak for themselves. It should be relatively easy to prove, from a technological standpoint, whether a neutral or particular non-neutral Internet scheme would be "better." 

But the minute you ask "better for whom?" you start to realize that network neutrality is not a technical problem. It is a political problem that happens to involve technology. 

As our CTO Cengiz Alaettinoglu said in "Hot Potatoes and Network Neutrality," BGP and IGP routing delivers packets to the next autonomous system (AS) in the route Continue reading

What they claim about NetNeutrality is a lie

“Save NetNeutrality”

“NetNeutrality is technical”

IDF 2014: Bare Metal, Docker Containers, and Virtualization

This is a live blog of session DATS004, titled “Bare-Metal, Docker Containers, and Virtualization: The Growing Choices for Cloud Applications.” The speaker is Nicholas Weaver (yes, that Nick Weaver, who now works at Intel).

Weaver starts his presentation by talking about “how we got here”, discussing the various technological shifts that have affected the computing landscape over the years. Weaver includes a discussion of the drivers behind virtualization as well as the pros and cons of virtualization.

That, naturally, leads to a discussion of containers. Containers are not all that new—Solaris Zones is a form of containers that existed back in 2004. Naturally, the recent hype associated with Docker has, according to Weaver, rejuvenated interest in the concept of containers.

Before Weaver gets too far into containers, he first provides a background of some of the core containerization pieces. This includes cgroups (the ability to control resource allocation/utilization), which is built into the Linux kernel. Namespace isolation is also important, which provides full process isolation (so that one process can’t see processes in another namespace). Namespace isolation isn’t just for processes; there’s also isolation for network entities, mounts, and users. LXC is a set of user-space tools that attempted Continue reading

IDF 2014: Virtualizing the Network to Enable SDI

This is a liveblog of IDF 2014 session DATS002, titled “Virtualizing the Network to Enable a Software-Defined Infrastructure (SDI)”. The speakers are Brian Johnson (Solutions Architect, Intel) and Jim Pinkerton (Windows Server Architect, Microsoft). I attended a similar session last year; I’m hoping for some new information this year.

Pinkerton starts the session with a discussion of why Microsoft is able to speak to network virtualization via their experience with large-scale web properties (Bing, XBox Live, Outlook.com, Office, etc.). To that point, Microsoft has over 100K servers across their cloud properties, with >200K diverse services, first-party applications, and third-party applications. This amounts to $15 billion in data center investments. Naturally, all of this runs on Windows Server and Windows Azure.

So why does networking need to be transformed for the cloud? According to Pinkerton, the goal is to drive agility and flexibility for your business. This is accomplished by pooling and automating network resources, ensuring tenant isolation, maximizing scale/performance, enabling seamless capacity expansion and workload mobility, and minimizing operational complexity.

Johnson takes over here to talk about how Intel is working to address the challenges and needs that Pinkerton just outlined. This breaks down into three core Continue reading

Participate in the “Internet Slowdown” with One Click

Net Neutrality is an important issue for CloudFlare as well as for our more than 2 million customers, whose success depends on a vibrant, dynamic, and open Internet. An open Internet promotes innovation, removes barriers to entry, and provides a platform for free expression.

That's why we’re announcing a new app that lets you easily participate in the “Internet Slowdown” on September 10th, 2014.

Battleforthenet.com (a project of Demand Progress, Engine Advocacy, Fight for the Future, and Free Press) has organized a day of protest against the United States Federal Communications Commission (FCC) proposal that will allow Internet providers to charge companies additional fees to provide access to those companies’ content online. Those additional fees will allow Internet service providers to essentially choose which parts of the Internet you will get to access normally, and which parts may be slow or inaccessible.

As we’ve seen that bandwidth pricing is not reflective of the underlying fair market value when Internet service providers have monopolistic control, we can only fret that a similar situation will be presented by a lack of net neutrality.

The Battle for the Net pop-up (intentionally obtrusive) will simulate a loading screen that website users may see Continue reading

IDF 2014 Day 1 Keynote

This is a liveblog for the day 1 keynote at Intel Developer Forum (IDF) 2014. The keynote starts with an interesting musical piece that shows how technology can be used to allow a single performer to emulate the sound of a full band, and then kicks off with a “pocket avatar” presentation by Brian Krzanich, CEO of Intel Corporation. Krzanich takes the stage in person a few minutes later.

Krzanich starts with a recap of some of the discussions from last year’s IDF, and he points out some of the results over the last year. Among the accomplishments Krzanich lists, he mentions that Intel was the #2 shipper of tablets last year. (One would assume that Apple is #1.) Krzanich clearly believes that Intel has a bright future; he points out that projections show as many as 50 billion x86-based devices by 2020 (just 6 years away). That’s pretty massive growth; there are only an estimated 2.2 billion x86-based devices today.

The line-up today includes talks from Diane Bryant (data center), Kirk Skaugen (clients), Doug Fisher (software and services), and a live Q&A by Krzanich.

Krzanich starts a discussion of wearables and related devices with a mention of Continue reading

Show 204 – Reducing Your Attack Surface with Avaya Stealth Networks – Sponsored

“The problem with ‘covering your tracks’ in network security is that your ‘covering’ becomes more conspicuous than your ‘tracks’,” says Ed Koehler, Distinguished Engineer for Avaya’s Networking Division. Ed joins Greg Ferro and Ethan Banks for a ninja nerd-fest outlining a set of technologies that not only offer some innovative ways to set up your […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

TwitterGoogle+LinkedIn

The post Show 204 – Reducing Your Attack Surface with Avaya Stealth Networks – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Cumulus Workbench – a year of progress

At VMworld 2013, before the Cumulus Workbench was born, Cumulus Networks needed a quick way to demonstrate Cumulus Linux.

One of our amazing engineers, Nat Morris, quickly whipped up a VM (almost out of nowhere), meant to run on virtualbox, on a laptop with two interfaces. Voila! Cumulus Workbench!

For a first effort and for lack of time, this was awesome. However, there were a few limitations, as you would imagine – flexibility was an issue and new features required distributing an entirely new VM. Plus, for the latest version, you had to ask around. This would be fine for a quick demo, but we wanted more. We wanted it to be bigger and better.

We put some thought behind what exactly bigger and better meant to us and too that to the drawing board. From there, we built a framework and began to deep dive into the design and architecture. We wanted to build something useful for customers so that they would be able to see what they could do in their own environment. It was at that moment that the Cumulus Workbench was born, thanks to a lot of elbow grease and hard work from Ratnakar Kolli.  Thus, Continue reading

An Educational SDN Use Case

During the VMUnderground Networking Panel, we had a great discussion about software defined networking (SDN) among other topics. Seems that SDN is a big unknown for many out there. One of the reasons for this is the lack of specific applications of the technology. OSPF and SQL are things that solve problems. Can the same be said of SDN? One specific question regarded how to use SDN in small-to-medium enterprise shops. I fired off an answer from my own experience:

Since then, I’ve had a few people using my example with regards to a great use case for SDN. I decided that I needed to develop it a bit more now that I’ve had time to think about it.

Schools are a great example of the kinds of “do more with less” organizations that are becoming more common. They have enterprise-class networks and needs and live off budgets that wouldn’t buy janitorial supplies. In fact, if it weren’t for E-Rate, most schools would have technology from the Stone Age. But all this new tech doesn’t help if you can’t find a way for it to be used to the fullest for the purposes of Continue reading

vMotion Enhancements in vSphere 6

VMware announced several vMotion enhancements in vSphere 6, ranging from “finally” to “interesting”.

vMotion across virtual switches. Finally. The tricks you had to use previous were absolutely bizarre.

How Route Analytics Help Detect BGP Route Hijacking

How Route Analytics Detect BGP Route Hijacking

Previously, I have talked about BGP route hijacking as a security threat and various techniques being developed to secure it. In this blog entry, I will talk about how route analytics technology can help detect BGP route hijacking in the meantime. 

There are two instances of route hijacking that need detecting. The first is when one of your prefixes is being hijacked; that is, someone is redirecting your traffic elsewhere and you are the victim. The second is when someone passes you a hijacked route; that is, you are being used as an instrument to hijack someone else. Route Analytics can help with both of these cases. However, the data sources that are needed for the analysis are different. 

When your routes are being hijacked, you cannot look at the data that is in your BGP routers in the majority of the cases. Because of the way BGP AS_path attribute works, these routes will contain your AS number and therefore, BGP will not pass them back to your routers in order to avoid loops. However, if you have access to external BGP sessions Continue reading

Framing SDN as Network as a Service (NaaS)

Framing SDN as Network as a Service (NAAS)

Tom Nolle absolutely nails the real promise of SDN in his latest blog post – Should SDN be About OpenDaylight and not OpenFlow? – which is essentially to create Network as a Service (NaaS). Readers of the Knetwork Knowledge blog will know that we have been advocating for some time that SDN is a lot more than just the separation of the network’s control and data planes, and that OpenFlow is “merely” a mechanism (not the only one) for SDN controllers to pass forwarding instructions to the underlying infrastructure. Our industry often gets lost in the technology details and misses the point, which in this case is about creating malleable network infrastructures that flex efficiently with business demands. The really interesting, valuable, and (yes) hard work is to supply the controllers with the intelligence they need to make smart infrastructure changes.   

And equally important is the recognition that we have to be able to deliver NaaS with existing network gear: A forklift upgrade to support new southbound protocols is not an option. We also need to be open to the notion Continue reading

Select group/pool by query URI

Lab goal

Setup

I'll use my Loadbalancer Lab Setup.

Alteon configuration

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

attach group g1
attach group g2
attach group g3

when HTTP_REQUEST {
    set group_exists [regexp -nocase {group=(g[0-9]+)(&.*)*$} [HTTP::query] a group_name]
    if {$group_exists == 1} {
        group select $group_name
     Continue reading