EVPN. The Essential Parts.

In a blog post back in October 2013 I said I would write about the essential parts of EVPN that make it a powerful foundation for data center network virtualization.  Well just when you thought I'd fallen off the map, I'm back.  :)

After several years as an Internet draft, EVPN has finally emerged as RFC7432.  To celebrate this I created a presentation, EVPN - The Essential Parts, that I hope will be helpful to people who are interested.

Use cases are intentionally left out of this presentation as I prefer the reader to creatively consider whether their own use cases can be supported with the basic features that I describe.

Let me know your thoughts and I will try to expand/improve this presentation or create other presentations to address them.

EVPN - The Essential Parts

Self-driving car technology could end up in robots

The development of self-driving cars could spur advancements in robotics and cause other ripple effects, potentially benefitting society in a variety of ways.Autonomous cars as well as robots rely on artificial intelligence, image recognition, GPS and processors, among other technologies, notes a report from consulting firm McKinsey. Some of the hardware used in self-driving cars could find its way into robots, lowering production costs and the price for consumers.Self-driving cars could also help people grow accustomed to other machines, like robots, that can complete tasks without the need for human intervention.Commonly used parts could allow auto mechanics to fix robots as well, said the report, released Thursday. Infrastructure like machine-to-machine communication networks could also be shared.To read this article in full or to leave a comment, please click here

Cisco gets Computer History Museum haven

The Computer History Museum in Mountain View, Calif., this week said it had created a Cisco Archive that promises to document and preserve the networking giant’s impact on the industry and Internet.+More on Network World: What network technology is going to shake up your WAN?+In a blog post, Paula Jabloner the first Director of the newly established Cisco Archive wrote about one of the more significant events the Archive will preserve: “It was 1989. Kirk Lougheed of Cisco and Yakov Rekhter of IBM were having lunch in a meeting hall cafeteria at an Internet Engineering Task Force (IETF) conference. They wrote a new routing protocol that became RFC (Request for Comment) 1105, the Border Gateway Protocol (BGP), known to many as the “Two Napkin Protocol” — in reference to the napkins they used to capture their thoughts.”To read this article in full or to leave a comment, please click here

Apple may offer personal engravings on the Apple Watch

In just a few days, Tim Cook will take the stage and give us the full scoop on all of the Apple Watch details that we've been yearning for. First and foremost, it stands to reason that we'll finally get a pricing matrix for the Apple Watch. Indeed, recent rumors about potential pricing for the device have been all over the map, with some claiming that the gold models of the Edition lineup may cost upwards of $10,000.As for other tidbits, a rumor from the French-language site iPhonote relayed an interesting Apple Watch rumor earlier today, namely that Apple will offer a personal engraving option for buyers.To read this article in full or to leave a comment, please click here

Google’s new car insurance site lets you compare rates

Google has launched a new auto insurance site in the U.S. designed to simplify for consumers the process of shopping for policies.Google Compare Auto Insurance, launched Thursday, is a free site that prompts users to enter the typical sorts of questions for getting an auto quote, like information about the car, the person’s driving history and location. Do that, and then Google spits back a bunch of quotes and coverage details from different providers. From there, Google can link users with the provider of their choice by phone or website, to complete a purchase.People can also access the service through a regular Google search for “car insurance.”To read this article in full or to leave a comment, please click here

What network technology is going to shake up your WAN?

Few areas of the enterprise are as ripe for change as the wide area network. And there are plenty of technologies – from hybrid WAN services and software defined networking to better management tools -- lining up to push such a makeover closer to reality. “There is about as much turmoil in the WAN arena as possible,” said Steve Taylor, senior research fellow with Webtorials.com. You can get the sense of the tumult by taking a look at the vendor activity in all aspects of the WAN. A ton of startups including vendors such as CloudGenix, Glue Networks, Viptela and Velocloud are offering new WAN services and products. Established vendors such as Cisco, Avaya, Alcatel-Lucent and Riverbed are also scrambling to address WAN issues with new software and hardware.To read this article in full or to leave a comment, please click here

What network technology is going to shake up your WAN?

Few areas of the enterprise are as ripe for change as the wide area network. And there are plenty of technologies – from hybrid WAN services and software defined networking to better management tools -- lining up to push such a makeover closer to reality. “There is about as much turmoil in the WAN arena as possible,” said Steve Taylor, senior research fellow with Webtorials.com. You can get the sense of the tumult by taking a look at the vendor activity in all aspects of the WAN. A ton of startups including vendors such as CloudGenix, Glue Networks, Viptela and Velocloud are offering new WAN services and products. Established vendors such as Cisco, Avaya, Alcatel-Lucent and Riverbed are also scrambling to address WAN issues with new software and hardware.To read this article in full or to leave a comment, please click here

Interactions between QoS and IPSec on IOS and the ASA

Quality of Service configuration for the traffic entering/leaving a VPN tunnel may require some special considerations. In this article, I am going to focus on interactions between QoS and IPSec on IOS and the ASA.

There are two methods of deploying QoS for VPNs – you can match the original (Clear-text/ unencrypted) traffic flows or the actual VPN (Aggregate traffic). This second option can be useful when you want to apply a single QoS policy to all packets leaving a tunnel, no matter what are the original sources and destinations protected by the VPN.

We have got a VPN tunnel built between R1 and ASA. R6 and 10.1.1.0/24 are protected networksQosipsecG1

Let’s start on IOS (R1). The VPN tunnel is already up – we will configure a basic QoS Policy to enable LLQ for delay-sensitive traffic, such as Voice (I assume these are all packets with DSCP of EF). Note that this configuration would normally match all EF-colored packets (including non-VPN EF traffic), but since we won’t have any clear-text EF flows in this network we don’t really care:

class-map match-all VOICE
match dscp ef
policy-map QOS
class VOICE
priority

int f0/0
service-policy output QOS

Voice traffic Continue reading

Time To Get More Advanced :: FCIP Pt. 2!

Part 1 of this blog series created a topology, much like you see below, where we configured a single vE (virtual expansion) port from MDS1 to MDS2 across an IP network.  We merged VSAN 10 across this FCIP tunnel and verified it by looking into the FCNS database and ensuring that we saw entries from both sides.  Today we are going to build upon this topology, and get into some more advanced features like changing the default TCP port, setting DSCP values for the two TCP streams, and controlling who initiates the tunnel!

FCIPpt2g1

So first things first…the default port for FCIP is TCP port 3225. We will terminate both of our TCP streams on this port (we have 1 stream for control and another for data traffic). Essentially 1 of the MDS’s will initiate the connection to the other, and their destination port will be TCP/3225. Their source port will be some high-number ephemeral port by default (usually over 65000). We can look at the output of a ‘show int fcip #’ to find out who initiated, and on which ports!

MDS1-6(config-if)# show int fcip1
fcip1 is trunking
Hardware is GigabitEthernet
Port WWN is 20:10:00:0d:ec:1f:a4:00
Peer port WWN is Continue reading

Lawmakers target data brokers in privacy bill

Four U.S. senators have resurrected legislation that would allow consumers to see and correct personal information held by data brokers and tell those businesses to stop sharing or selling it for marketing purposes.The Data Broker Accountability and Transparency Act, introduced by four Democratic senators Thursday, also would require the U.S. Federal Trade Commission to craft rules for a centralized website for consumers to view a list of data brokers covered by the bill.Data brokers collect personal information about consumers, often without their knowledge, and resell it to other businesses.To read this article in full or to leave a comment, please click here

Lawmakers target data brokers in privacy bill

Four U.S. senators have resurrected legislation that would allow consumers to see and correct personal information held by data brokers and tell those businesses to stop sharing or selling it for marketing purposes.The Data Broker Accountability and Transparency Act, introduced by four Democratic senators Thursday, also would require the U.S. Federal Trade Commission to craft rules for a centralized website for consumers to view a list of data brokers covered by the bill.Data brokers collect personal information about consumers, often without their knowledge, and resell it to other businesses.To read this article in full or to leave a comment, please click here

Endpoint Security Meets the Cybersecurity Skills Shortage

Just about every cyber-attack follows a similar pattern:  An end-user is fooled into clicking on a malicious link, downloading malware, or opening an infected file.  This is one of the early stages of the famous Lockheed Martin “kill chain.”Given this pedestrian malware workflow, endpoint security is absolutely key – catch an attack early when it compromises a few endpoints and you can avoid the more ominous phases of the kill chain including data exfiltration. To pull off today’s endpoint security requirements, you can’t assume that you can block all attacks using AV or patching software vulnerabilities.  Rather, you need smart security analysts skilled at detecting and responding to attacks on endpoint devices.To read this article in full or to leave a comment, please click here

Red Hat strips down for Docker

Reacting to the surging popularity of the Docker virtualization technology, Red Hat has customized a version of its Linux distribution to run Docker containers.The Red Hat Enterprise Linux 7 Atomic Host strips away all the utilities residing in the stock distribution of Red Hat Enterprise Linux (RHEL) that aren’t needed to run Docker containers.Removing unneeded components saves on storage space, and reduces the time needed for updating and booting up. It also provides fewer potential entry points for attackers.Containers are valuable for organizations in that they cleanly separate the application from the underlying infrastructure, explained Lars Herrmann, Red Hat senior director of product strategy.To read this article in full or to leave a comment, please click here

ASA File Operation Tips

I’ve been working on Cisco’s ASA firewall platform for years, and I continue to work on a variety of environments with multiple generations of the ASA for clients at H.A. Storage. One of my favorite features of the ASA platform has been the quality of the high-availability failover mechanism, which is generally very reliable, fast, and seamless.
The ASA operates in an Active/Standby high-availability model (don’t believe that the ASA is *truly* Active/Active — that’s a marketing feature). However, one sore spot that has frustrated me as long as I’ve been working on the fact that the filesystem has no synchronization between failover mates and requires manual efforts to keep files in sync. Other configuration aspects of the ASAs including some XML customization files that are not stored in the running config all get automatically sync’d to the standby unit, but for actual files that show up on the flash filesystem, this does not happen.
This has certainly caused me some frustration and occasional embarrassment over the years, but one thing I’ve learned along the way is that when doing file operations either from the CLI or the ASDM, it’s important to follow one simple rule:
Delete from the active, upload to the Continue reading

Docker buys SDN start-up for container networking

Linux container company Docker this week said it would acquire SDN start-up SocketPlane, a developer of a native networking stack for Docker software.Terms of the acquisition were not disclosed. SocketPlane SocketPlane was founded last fall by former Cisco, Red Hat, HP, OpenDaylight and Dell officials. The company is looking to bring enterprise-grade networking to the Docker ecosystem by developing software designed to address the performance, availability and scale requirements of networking in large, container-based cloud deployments.To read this article in full or to leave a comment, please click here

SCALE13x – My talk: Switch as a Server

This past weekend, I had the opportunity to speak at SCALE13x in Los Angeles, on the Switch as a Server — treating your network switches in the same way you treat your servers.  It’s a topic I feel very strongly about!

As strong as my feelings are about open networking, I also love non-automotive forms of transportation!  So I decided to bike to the airport.  SFO has a lot of bicycle facilities so it was no problem to find parking.

Loaded Bike
My bike loaded up for the trip down

 

Leslie Airport
Slighty tired me at the airport after biking

 

Got to LA on the plane and then Rocket Turtle enjoyed the view by the airport!

Rocket Turtle LAX
Rocket Turtle loves watching the plane contrails

 

… and met some of our great customers!

Rocket Turtle meets Jonathan from Dreamhost
Rocket Turtle meets Jonathan from Dreamhost

Scale is a unique conference in that they encourage canine attendance  — doggies!

 

I met Simba. Picture and Simba courtesy of @spazm
I meet Simba. Picture and Simba courtesy of @spazm

 Friday night I helped out with a birds of a feather (BOF) event, giving advice to job hunters.  Did I mention we’re hiring?

On Saturday evening I won the Weakest Geek — a Weakest Link-style geek-themed trivia contest, run this Continue reading

Avi Networks’ analytics tools can be a network engineer’s best ally

In late 2014, Avi Networks came out of stealth mode with a product aimed at disrupting the application delivery controlled (ADC) market. Network World's Jon Gold did an excellent job covering the launch and the way Avi is attempting to differentiate itself, so I won't rehash what he has already covered.In the right environment, the value proposition of what Avi is doing should be obvious to anyone covering the software defined networking (SDN) or network functions virtualization (NFV) market. Avi brings a high level of agility to the ADC, enabling customers to deploy ADC resources anywhere they need to in the exact quantity required. The pay-as-you-grow model means organizations are no longer required to overpay for resources they won't need 90% of the time. Instead, they can provision for normal utilization and then purchase more capacity when the workloads require it.To read this article in full or to leave a comment, please click here

1 3,549 3,550 3,551 3,552 3,553 3,793