Talking Tech Series: VMware NSX Edge Scale Out with Equal-Cost Multi-Path Routing

This post was written by Roie Ben Haim and Max Ardica, with a special thanks to Jerome Catrouillet, Michael Haines, Tiran Efrat and Ofir Nissim for their valuable input.

****

The modern data center design is changing, following a shift in the habits of consumers using mobile devices, the number of new applications that appear every day and the rate of end-user browsing which has grown exponentially. Planning a new data center requires meeting certain fundamental design guidelines. The principal goals in data center design are: Scalability, Redundancy and High-bandwidth.

In this blog we will describe the Equal Cost Multi-Path functionality (ECMP) introduced in VMware NSX release 6.1 and discuss how it addresses the requirements of scalability, redundancy and high bandwidth. ECMP has the potential to offer substantial increases in bandwidth by load-balancing traffic over multiple paths as well as providing fault tolerance for failed paths. This is a feature which is available on physical networks but we are now introducing this capability for virtual networking as well. ECMP uses a dynamic routing protocol to learn the next-hop towards a final destination and to converge in case of failures. For a great demo of how this works, you can Continue reading

Dependency management and organic IT integrations

If the future of IT is about integrated infrastructure, where will this integration take place? Most people will naturally tend to integrate systems and tools that occupy adjacent spaces in common workflows. That is to say that where two systems must interact (typically through some manual intervention), integration will take place. If left unattended, integration will grow up organically out of the infrastructure.

But is organic growth ideally suited for creating a sustainable infrastructure?

A with B with C

In the most basic sense, integration will tend to occur at system boundaries. If A and B share a boundary in some workflow, then integrating A with B makes perfect sense. And if B and C share a boundary in a different (or even further down the same) workflow, then it makes equal sense to integrate B with C.

In less abstract terms, if you use a monitoring application to detect warning conditions on the network, then integrating the monitoring application and the network makes good sense. If that system then flags issues that trigger some troubleshooting process, then integrating the tools with your help desk ticketing system might make sense to automatically open up trouble tickets as issues arise.

In Continue reading

Technology Short Take #45

Welcome to Technology Short Take #45. As usual, I’ve gathered a collection of links to various articles pertaining to data center-related technologies for your enjoyment. Here’s hoping you find something useful!

Networking

  • Cormac Hogan has a list of a few useful NSX troubleshooting tips.

  • If you’re not really a networking pro and need a “gentle” introduction to VXLAN, this post might be a good place to start.

  • Also along those lines—perhaps you’re a VMware administrator who wants to branch into networking with NSX, or you’re a networking guru who needs to learn more about how this NSX stuff works. vBrownBag has been running a VCP-NV series covering various objectives from the VCP-NV exam. Check them out–objective 1, objective 2, objective 3, and objective 4 have been posted so far.

Servers/Hardware

  • I’m going to go out on a limb and make a prediction: In a few years time (let’s say 3-5 years), Intel SGX (Software Guard Extensions) will be regarded as important if not more important than the virtualization extensions. What is Intel SGX, you ask? See here, here, and here for a breakdown of the SGX design objectives. Let’s be real—the ability for an Continue reading

Wget off the leash

As we all know, to grab a website with wget, we'll use the "-r" option to "recurse" through all the links. There is also the '-H' option, means that wget won't restrict itself to just one host. In other words, with '-r -H' together, it'll try to spider the entire Internet. So I did that to see what would happen.

Well, for a 32-bit bit process, what happened is that after more than a month, it ran out of memory. It maintained an ever growing list of URLs that it has to visit, which can easily run in the millions. At a hundred bytes per URL and 2-gigabytes of virtual memory, it'll run out of memory after 20 million URLs -- far short of the billions on the net. That's what you see below, where 'wget' has crashed exhausting memory. Below that I show the command I used to launch the process, starting at cnn.com as the seed with a max timeout of 5 seconds.



How much data did I download from the Internet? According to 'du', the answer is 18-gigabytes, as seen in the following screenshot:



It reached 79425 individual domains, far short of the millions it held Continue reading

Six-month anniversary scan for Heartbleed

I just launched my six-month anniversary scan for Heartbleed. I'll start reporting early results tomorrow afternoon. I'm dialing the scan to run slowly and spreading it across four IP addresses (and 32k ports) in order to avoid unduly alarming people.

If you would like the results of the scan for your subnet, send us your address ranges to our "abuse@" email address. We'll lookup the abuse contact email for those ranges and send you what we found for that range. (This offer good through the end of October 2014).



Here is a discussion of the options.

--conf /etc/masscan/masscan.conf
You don't see this option, but it's the default. This is where we have the 'excluderanges' configured. Because we exclude everyone who contacts us an "opts-out" of our white-hat scans, we are down to scanning only 3.5 billion hosts now, out of around 4 billion.

0.0.0.0/0
The the "/0" means "the entire Internet". Actually, any valid IPv4 address can replace the 0.0.0.0 and it'll produce the same results, such as "127.0.0.0/0" to amuse your friends.

-p443
This says to scan on port 443, the default SSL port. At some point in Continue reading

Cisco NX-API 1.0 Update

If you weren’t paying attention, it was easy to miss. NX-API, Cisco’s new JSON/XML switch API is now shipping as version 1.0. NX-API originated on the Nexus 9000 platform created by the Insieme group, and I’ve explored this in detail before. In review, NX-API is a new, programmatic method of interacting with a Cisco Nexus switch. In many ways, Cisco is playing catch-up here, since this interface is really just a wrapper for the CLI (admittedly with some convenient output parsing), and most of their competitors have had similar interfaces for a while.

Cisco NX-API 1.0 Update

If you weren’t paying attention, it was easy to miss. NX-API, Cisco’s new JSON/XML switch API is now shipping as version 1.0. NX-API originated on the Nexus 9000 platform created by the Insieme group, and I’ve explored this in detail before. In review, NX-API is a new, programmatic method of interacting with a Cisco Nexus switch. In many ways, Cisco is playing catch-up here, since this interface is really just a wrapper for the CLI (admittedly with some convenient output parsing), and most of their competitors have had similar interfaces for a while.

White Box Switching: Broadcom StrataXGS Tomahawk

A previous post listed the excitement I felt when reading through the Cavium XPliant announcement. Programmable fast packet forwarding hardware? Awesome! In a previous life I worked with embedded electronics and wrote several interesting algorithms in C and assembly for applications from noise filtering for AD conversion, LCD screen drivers and TCP/IP stacks (which was fun). This kind of thing really excites me. Nuff said.

So I was more than happy to read the announcement from Broadcom announcing their latest child, the StrataXGS® Tomahawk™. This chipset is formed from more than 7 billion transistors, can forward packets at 3.2Tbps and is optimised for SDN and high port density devices, not to mention it is an authoritative chipset for 25GE and 50GE Ethernet and provides sub 400ns port-to-port operation. Sound good? It’s the next evolutionary step from Trident II and matches the offering from Cavium with their XPliant child.

The Broadcom StrataXGS® Tomahawk™ can deliver 32x 100GE, 64x 40/50GE or 128 ports of of 25GE on a single chip. SINGLE CHIP! This all boils down to 25Gbps per-lane interconnections. Bit of a waste perhaps for 40GE? Which is good considering this chipset is based on upgrading switches with 10GE host Continue reading

Traceroute – A Small Tool for Big Problems

Basics is must for Network Engineer.Traceroute is an imp and handy tool while  troubleshooting any network issue.How Traceroute works ? Whats the concept behind it ? Its task is to determine  the path taken by packet to reach its destination .Before going further ,lets see the IP header . 0                   1                   2                   3 0 1 […]

Author information

Anurudh Dubey

Anurudh Dubey CCIE##44298 is Network Engineer.A thorough professional with over all 8 years’ rich experience in the IT/Telecom and Networking sector.Always try to learn new as their is no limit for learning.In addition, Anurudh is a : Blogger at http://crazyrouters.wordpress.com/
LinkedIn

The post Traceroute – A Small Tool for Big Problems appeared first on Packet Pushers Podcast and was written by Anurudh Dubey.

Rant: Oh, You Want It To Work As Well ?


Advertise here with BSA

When we spend millions of dollars on a network product we don't actually expect it to work. That's why it is completely normal to see job advertisement for a 5 day contract engagement to perform a validation that product doesn't have any bugs. Think about the cost incurred by this company to check if this Cisco Nexus is actually fit for purpose.


Advertise here with BSA

The post Rant: Oh, You Want It To Work As Well ? appeared first on EtherealMind.

Status Quo of Open Source SDN and IETF Standardization

Status Quo of Open Source SDN and IETF Standardization

by Hariharan Ananthakrishnan, Distinguished Engineer - October 7, 2014

Open source SDN projects like OpenDaylight are offering an open platform for network programmability to network elements such as routers and switches. They rely on standards-based approaches to provide true multi-vendor support. The IETF (and its various working groups) is moving slowly towards creating the standards needed for widespread SDN development and adoption.

OpenDaylight uses topology models, described in YANG, that are getting standardized in the NETMOD and I2RS IETF working groups. It also uses emerging protocol extensions for PCEP and BGP-LS that are being discussed in the PCE and BGP IETF working groups. OpenDaylight, with more than 200 developers, just last week issued Helium, its second software release.

On the other hand, the IETF is progressing more slowly on standardization. PCEP extensions to support statefullness and PCE-initiated LSP are still in draft form. Major routing vendors are finding it difficult to match up the draft updates to their release cycles. As a result of this, customers are challenged to pair up the draft version supported by their routing software with the controller version.

This slowness can cause other issues. Continue reading

Cisco ISR 4000 – Now with more licensing!

This week an Interop NYC, Cisco launched it’s ISR 4000 Series. This is a new approach for them focused on delivering services to your branch offices. Cisco has dubbed this new approach the Intelligent WAN (IWAN) — but before we talk about that, let’s talk about hardware. Those of us that have been paying attention remember that Cisco announced the ISR 4451 at Cisco Live 2013. The 4451 boasts a multi-core CPU architecture that runs the all to familiar by now IOS-XE. It’s 1-2 Gbps of throughput made it a perfect fit for those looking for something in between a 3945 and an ASR1k. Now Cisco that Cisco has brought the rest of the family into the spotlight it all makes sense.


ISR 4k Family

IWAN focuses on a few key fundamentals to get more bang for your buck. And because Cisco has stuffed some serious hardware into the 4k you won’t see the same performance hits you’re all too familiar with in the ISR series. But more on that in a second. Here is Cisco’s break on on the Intelligent WAN…

  • Transport Independence – Providing flexibility when it comes to connectivity. DMVPN can help augment your network with low cost bandwidth for Continue reading

On choice-supportive bias and the need for paranoid optimism

In cognitive science, choice-supportive bias is the tendency to view decisions you have made in the most favorable light. Essentially, we are all hardwired to subconsciously reinforce decisions we have made. We tend to retroactively ascribe positive characteristics to our selections, allowing us to actually strengthen our conviction after the point of decision. This is why we become more resolute in our positions after the initial choice is made.

In corporate culture, this is a powerful driver behind corporate conviction. But in rapidly-shifting landscapes, it can be a dangerous mindset. Consistently finding reasons to reinforce a decision can insulate companies from other feedback that might otherwise initiate a different response. A more productive mindset, especially for companies experiencing rapid evolution, is paranoid optimism.

The need for choice-supportive bias

Choice-supportive bias can actually be a powerful unifier in companies for whom the right path is not immediately obvious. Throughout most of the high-tech space, strategic direction is murky at best. Direction tends to be argued internally before some rough consensus is reached. But even then, the constantly changing technology that surrounds solutions in high-tech means that it can be difficult to stage a lasting rally around a particular direction.

Failing some Continue reading

API-jinks

Dastardly-vi

Network programmability is a very hot topic.  Developers are looking to the future when REST APIs and Python replaces the traditional command line interface (CLI).  The ability to write programs to interface with the network and build on functionality is spurring people to integrate networking with DevOps.  But what happens if the foundation of the programmable network, the API, isn’t the rock we all hope it will be?

Shiny API People

APIs enable the world we live in today.  Whether you’re writing for POSIX or JSON or even the Microsoft Windows API, you’re interacting with software to accomplish a goal.  The ability to use these standard interfaces makes software predictable and repeatable.  Think of an API as interchangeable parts for software.  By giving developers a way to extract information or interact the same way every time, we can write applications that just work.

APIs are hard work though.  Writing and documenting those functions takes time and effort.  The API guidelines from Microsoft and Apple can be hundreds or even thousands of pages long depending on which parts you are looking at.  They can cover exciting features like media services or mundane options like buttons and toolbars.  But each of these Continue reading

INE R&Sv5 Workbook Full-Scale Practice Lab1 made in GNS3

How does the internet work - We know what is networking

Yesterday INE finally added a Full-Scale LAB in their new CCIE Route and Switching blueprint 5 workbook. I realized this morning that you maybe don’t want to spend half of your day (like me) configuring this topology in GNS3. Better to just take it from here and start your lab right away. In my study […]

INE R&Sv5 Workbook Full-Scale Practice Lab1 made in GNS3

DNSSEC: An Introduction

At CloudFlare our mission is to help build a better Internet. Part of this effort includes making web sites faster, more reliable, and more trustworthy. The obvious first choice in protocols to help make websites more secure is HTTPS. CloudFlare’s latest product—Universal SSL—helps web site operators provide a trustworthy browsing experience for their site visitors by giving their site HTTPS support for free. In this blog post we look at another protocol, DNS, and explore one proposal to improve its trustworthiness: DNSSEC.

DNS is one of the pillars of authority on the Internet. DNS is used to translate domain names (like www.cloudflare.com) to numeric Internet addresses (like 198.41.214.163)—it’s often referred to as the “phone book of the Internet”.

DNSSEC is a set of security extensions to DNS that provides the means for authenticating DNS records. CloudFlare is planning to introduce DNSSEC in the next six months, and has brought Olafur Gudmundsson, one of the co-inventors of DNSSEC, on board to help lead the project.

CC BY 2.0 by Eric Fischer

Introduction

The Domain Name System (DNS) is one of the oldest and most fundamental components of the modern Internet. As the Continue reading

Go Up or Go Wide

You say, the world doesn't need CCIE anymore with the raise of SDN. I say, we still need CCIE, but those who can adapt. You say, my words are just futile last ditch effort to show the importance of CCIE certification. I say, even I still work for Cisco but I don't work for CCIE program, and I get paid not because of my certifications.

If we have data, let's look at data. If all we have are opinions, let's go with mine
(Jim Barksdale, former CEO of Netscape )

So let's look at the data to make the discussion more fruitful. If you look at Cisco revenue of each product line for the past 5 years, we see there is decline for NGN Routing and Switching business. And yes, Data Center business is growing in fast rate. And Data Center business includes unified computing, next generation fabric, cloud and most Cisco SDN solutions that are available today.


However, if you do a simple math you can see the combined revenue of Routing & Switching business is still close to half Cisco revenue as of today. We are talking about more than 20 billion USD business. It's declining Continue reading
1 3,549 3,550 3,551 3,552 3,553 3,694