One of the great things about this site is the interaction I enjoy with readers. It’s always great to get comments from readers about how an article was informative, answered a question, or helped solve a problem. Knowing that what I’ve written here is helpful to others is a very large part of why I’ve been writing here for over 9 years.
Until today, I’ve left comments (and sometimes trackbacks) open on very old blog posts. Just the other day I received a comment on a 4 year old article where a reader was sharing another way to solve the same problem. Unfortunately, that has to change. Comment spam on the site has grown considerably over the last few months, despite the use of a number of plugins to help address the issue. It’s no longer just an annoyance; it’s now a problem.
As a result, starting today, all blog posts more than 3 years old will automatically have their comments and trackbacks closed. I hate to do it—really I do—but I don’t see any other solution to the increasing blog spam.
I hope that this does not adversely impact my readers’ ability to interact with me, but it is Continue reading
The Chassis Switch is Dead. For most networks, chassis-based switches are no longer appropriate due to cost, inflexibility and risk. I see this as similar to servers, in that server blade chassis are no longer appropriate for most organisations. The alternatives are already better for cost & flexibility. The real question is what our management model will look like for those alternatives.
Dead Collector: ‘Ere, he says he’s not dead.
Leaf-Spine: Yes he is.
Chassis: I’m not.
Dead Collector: He isn’t.
Leaf-Spine: Well, he will be soon, he’s very ill.
Chassis: I’m getting better.
Leaf-Spine: No you’re not, you’ll be stone dead in a moment.
(With apologies to Monty Python)
In the late 1990s, and early 2000s, server buying patterns changed significantly. Previously we had a few “Big Iron” Unix systems, but cheaper Intel-based systems changed the economics dramatically. This lead to a rapid sprawl in the number of physical servers.
In the second half of the 2000s, server blades appeared as a seductive answer. They promised simpler management of pools of systems, greater density, better efficiencies, and operational cost savings. Vendors promised long term “investment protection”, assuring us that we could keep the chassis, and upgrade blades Continue reading
Networking is at the heart of every Internet of Things deployment, connecting sensors and other “Things” to the apps that interpret the data or take action.
But these are still early days. Assembling an IoT network from commercial off-the-shelf components is still, let’s just say, a work in progress. This will change over time, but for now the technical immaturity is being addressed by System Integrators building custom code to connect disparate parts and by a new class of network meta-product known as the IoT Platform.
IoT Platform products are still in their infancy, but there are already more than 20 on the market today. Approaches vary, so when making a build or buy decision, consider these critical areas of IoT Platform tech: security, sensor compatibility, analytics compatibility, APIs and standards.
To read this article in full or to leave a comment, please click here
How does the internet work - We know what is networking
Intro IPsec making VPN connection possible. I enables to basically simulate a leased line across public Internet and thus enable us to get secure connection across unsecured environment. It enables encryption, authentication and protection of our data when sent across insecurity of the world’s biggest internetwork – Internet. It’s the cheap way to simulate a leased […]
What is the difference between tunnel | transport mode in IPsec
This is a useful tool, as there are clear similarities.
Server virtualization changed the amount of time it took to get a new compute resource up and running from weeks (order hardware, rack gear, install OS) to hours or even minutes. It allowed location independence, so admins could start VMs wherever capacity was available, and move them around at will.
Network virtualization is starting to provide similar benefits to the network. Creating a new virtual network can be done in minutes, compared to hours if we have to file a ticket with the networking team to provision a new VLAN and plumb it across a the physical network. And the scope of VM mobility can be increased radically, as VMs are no longer bound by size-limited physical L2 domains.
But there is one place the analogy breaks down, at least with networking from OEMs with the traditional proprietary appliance approach.
First, let’s back up briefly and examine something I glossed over when talking Continue reading
One of the great things about this site is the interaction I enjoy with readers. It’s always great to get comments from readers about how an article was informative, answered a question, or helped solve a problem. Knowing that what I’ve written here is helpful to others is a very large part of why I’ve been writing here for over 9 years.
Until today, I’ve left comments (and sometimes trackbacks) open on very old blog posts. Just the other day I received a comment on a 4 year old article where a reader was sharing another way to solve the same problem. Unfortunately, that has to change. Comment spam on the site has grown considerably over the last few months, despite the use of a number of plugins to help address the issue. It’s no longer just an annoyance; it’s now a problem.
As a result, starting today, all blog posts more than 3 years old will automatically have their comments and trackbacks closed. I hate to do it—really I do—but I don’t see any other solution to the increasing blog spam.
I hope that this does not adversely impact my readers’ ability to interact with me, but it is Continue reading
K-12 schools face unique challenges with their IT infrastructure. Their user base needs access to a large amount of information while at the same time facing restrictions. While it does sound like some corporate network policies, the restrictions in the education environment are legal in nature. Schools must find new ways to provide the assurance of restricting content without destroying their network in the process. Which lead me to ask: Can SDN Help?
Online Protection
The government E-Rate program gives schools money each year under Priority 1 funding for Internet access. Indeed, the whole point of the E-Rate program is to get schools connected to the Internet. But we all know the Internet comes with a bevy of distractions. Many of those distractions are graphic in nature and must be eliminated in a school. Because it’s the law.
The Children’s Internet Protection Act (CIPA) mandates that schools and libraries receiving E-Rate funding for high speed broadband Internet connections must filter those connections to remove questionable content. Otherwise they risk losing funding for all E-Rate services. That makes content filters very popular devices in schools, even if they aren’t funded by E-Rate (which they aren’t).
Content filters Continue reading
MXC connector. Image from Corning-Intel Whitepaper. |
Greg's shot of CLR4 transceivers with MXC connectors. |
When the sales grunt talks about investment protection, its sure sign that they have run out of features, functions or value propositions to sell you. But do you really need investment protection or is it just another revenue stream for vendors (and a cost for you).
The post Do You Really Need Investment Protection for Your Network ? appeared first on EtherealMind.
In the middle of a migration, and I just discovered the ability to protect parts of the Junos configuration from modification by other users. Could be quite useful!
[edit]
root@VMX1# show system services
[edit]
root@VMX1# protect interfaces
[edit]
root@VMX1# show interfaces
##
## protect: interfaces
##
ge-0/0/0 {
description "LINK TO VMX0";
vlan-tagging;
mtu 2000;
encapsulation flexible-ethernet-services;
unit 10 {
vlan-id 10;
family inet {
address 10.1.1.2/30;
}
}
}
[edit]
root@VMX1# set interfaces ge-0/0/1 description "LINK TO NOWHERE"
warning: [interfaces] is protected, 'interfaces ge-0/0/1' cannot be created
[edit]
root@VMX1#
In part 1 of this series, I mentioned a customer that was starting to understand how to build application policy into their deployment processes and in turn was building new infrastructure that could understand those policies. That’s a lot of usage of the word “policy” so it’s probably a good idea to go into a bit more detail on what that means.
In this context, policy refers to how specific IT resources are used in accordance with a business’s rules or practices. A much more detailed discussion of policy in the data center is covered in this most excellent networkheresy blog post (with great additional discussions here and here). But suffice it to say that getting to full self-service IT nirvana requires that we codify business-centric policy and encapsulate the applications with that policy.
The goals of the previously mentioned customer were pretty simple, actually. They wanted to provide self-service compute, storage, networking, and a choice of application software stacks to their vast army of developers. They wanted this self-service capability to extend beyond development and test workloads to full production workloads, including fully automated deployment. They wanted to provide costs back to the business that were on par Continue reading
Stefan de Kooter (@sdktr) sent me a follow-up question to my Going All Virtual with Virtual WAN Edge Routers blog post:
How would one interface with external Internet in this scenario? I totally get the virtual network assets mantra, but even a virtual BGP router would need to get a physical interconnect one way or another.
As always, there are plenty of solutions depending on your security needs.
Read more ...Original Design Manufacturers (ODMs) that produce incumbent profit busting white box switching technology could soon be releasing the next wave of programmable networking based on technology from a silicon company best known for it’s encryption products. Cavium have released the XPliant chipset which it acquired from a $90m purchase earlier this year. This chipset comes in four flavours varying from 880 Gbps to 3.2 Tbps. This results in devices having 128×25 Gbps switching lanes allowing switches with 32x100GbE, 64x 50/40GbE, or 128x 25/10GbE ports in a single device. The highest speed Cavium device is currently twice the speed of the next highest merchant silicon offering, however merchant vendors will catch up with the speed aspect before too long. The important part here to remember is this chipset is programmable and is touted to be released with support for Generic Network Virtualisation Encapsulation (GENEVE) out of the box, along with a “simulator” for product designers to test their code against. All designed to increase the speed to market and decrease delay.
Let’s take an ODM switch from the likes of Accton that is currently based on the venerable Trident II chipset. Current merchant silicon chipsets limit the features to those Continue reading
Part 2: The Solution Ready for part 2? Have you read part 1 w/ the facts and clues? If not, go read that now before you continue. Part 1: The Facts and Clues Review the Facts and Clues Again Last we played we were ON R1 and unable to ping the IPv6 address […]
The post IPv6 Networking Detection Case #141 – Part 2: The Solution appeared first on Packet Pushers Podcast and was written by Denise "Fish" Fishburne.
Collection of useful, relevant or just fun places on the Internets for 22 September 2014 and a bit commentary about what I've found interesting about them:
The post Internets of Interest – 22 September 2014 appeared first on EtherealMind.