Distributed routing on VMware NSX

On the previous post a NSX environment has been configured with three isolated logical switches. In this post a distributed router will be added to route packets between logical switches inside tenant 1. Open the Web client and go to “Networking & Security -> NES Edges” and add a new logical (distributed) router: Configure username, […]

Routers vs Switches, When to position which?

Everyone knows the difference between a router and switch right? Good.. (for those that need a good refresher) this post is not going is not going to dive into that topic. What I want to talk about is Router vs Switching from a positioning standpoint. One question I often get asked working with customers is: “Can I […]

Author information

Derek Pocoroba

Derek Pocoroba
Principal Architect at sigmanet

Derek is a principal architect who helps customers of all sizes solve complex problems. His background ranges from Campus and Data centers designs. Within enterprise and service provider networks. With his 10 year IT experience he has worked on a wide range of products with a focus on Cisco. Derek is currently a CCIE#18559 studying for his CCDE.

The post Routers vs Switches, When to position which? appeared first on Packet Pushers Podcast and was written by Derek Pocoroba.

OVN, Bringing Native Virtual Networking to OVS

By Justin Pettit, Ben Pfaff, Chris Wright, and Madhu Venugopal

Today we are excited to announce Open Virtual Network (OVN), a new project that brings virtual networking to the OVS user community. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Just like OVS, our design goal is to have a production quality implementation that can operate at significant scale.

Why are we doing this? The primary goal in developing Open vSwitch has always been to provide a production-ready low-level networking component for hypervisors that could support a diverse range of network environments.  As one example of the success of this approach, Open vSwitch is the most popular choice of virtual switch in OpenStack deployments. To make OVS more effective in these environments, we believe the logical next step is to augment the low-level switching capabilities with a lightweight control plane that provides native support for common virtual networking abstractions.

To achieve these goals, OVN’s design is narrowly focused on providing L2/L3 virtual networking. This distinguishes OVN from general-purpose SDN controllers or platforms.

OVN is a new project from the Open vSwitch team to Continue reading

AT&T Personifies Slow Crawl to SDN Ubiquity

AT&T Personifies Slow Crawl to SDN Ubiquity


by Brian Boyko, Contributor - January 13, 2015

The Wall Street Journal reported in a “CIO Journal” blog post that AT&T intends to virtualize 75% of its network by 2020, with “very specific operational planning,” according to SEVP of Technology and Operations, John Donovan. 

Why would AT&T push off SDN so far into the distant future? Then again, 2020 is only five years away. Five years is a relative timeframe in IT, and I think the length of AT&T’s transition not only underscores the size and scope of AT&T’s networks but also the caution to which they’re giving the task. This is understandable considering the complexity of managing SDN. 

Donovan says the motivation for AT&T is to reduce capital expenditures while increasing capacity in the network. In our recent survey of service providers, more than 40% said reducing costs is their number one driver for deploying SDN, compared to only 17% in 2013. The biggest drivers cited however – which corroborates AT&T’s desire to increase capacity – are improved agility and supporting new services such as cloud, big data applications, and mobility. 

According to the article, it Continue reading

Rules Shouldn’t Have Exceptions

MerkurRazor

On my way to Virtualization Field Day 4, I ran into a bit of a snafu at the airport that made me think about policy and application. When I put my carry-on luggage through the X-ray, the officer took it to the back and gave it a thorough screening. During that process, I was informed that my double-edged safety razor would not be able to make the trip (or the blade at least). I was vexed, as this razor had flown with me for at least a whole year with nary a peep from security. When I related as much to the officer, the response was “I’m sorry no one caught it before.”

Everyone Is The Same, Except For Me

This incident made me start thinking about polices in networking and security and how often they are arbitrarily enforced. We see it every day. The IT staff comes up with a new plan to reduce mailbox sizes or reduce congestion by enforcing quality of service (QoS). Everyone is all for the plan during the discussion stages. When the time comes to implement the idea, the exceptions start happening. Upper management won’t have mailbox limitations. The accounting department is Continue reading

Internet for the Next 3 Billion

37406-4

Last month, I traveled to Doha, Qatar to participate in the ITU’s Telecom World conference. While there I got to understand how a satellite provider brings Internet access to South Sudan using medium-earth orbit satellites and, amazingly, achieves terrestrial latencies to a region where reliable terrestrial connections simply don’t exist!  The mission of this company is to help close the digital divide by extending Internet access to the estimated three billion people on the planet who are currently not served.  Our measurements show the that performance improvement over traditional satellite can be dramatic.

ITU Telecom World

First, let me say a few words about the conference itself and then I’ll review this intriguing new satellite service.  In Doha, I was on a panel entitled Affordable International Backhaul and chaired by Abu Saaed Kahn of LIRNEAsia, a telecommunications policy institute primarily focused on the Asia-Pacific region.

Panel Session:Affordable International Backhaul
On the panel, Siddhartha Raja of the World Bank and Khaled Naguib Sedrak of NxtVn described creative approaches to the common problem of liberalizing telecom markets in developing countries. While it is an established fact that a liberalized telecom market yields better service for its customers and spurs greater economic growth, Continue reading

Zero Touch Provisioning in a Bare Metal World

Who doesn’t like automation?  If you’re speaking to somebody in IT, then the short answer is “nobody”.

While the term Zero Touch Provisioning (ZTP) might be increasingly more common to networking, the concept of automation has existed for years in IT.  At its core, ZTP is an automation solution that’s designed to reduce errors and save time when an IT administrator needs to bring new infrastructure online.

This is particularly useful for data center servers, where scale and configuration similarities across systems make automation a necessity.  In the server world, the Linux-based operating system has revolutionized on boarding and provisioning.  Rather than using command-line interfaces (CLI) to configure these systems one at a time, administrators can use automation tools to roll out the operating system software, patches, and packages on new servers with a single command, or the click of a mouse.

Advanced scripting capabilities also allow administrators to tailor the boot configuration of these systems with profiles for specific applications.  So for example, if you need ten servers for a new Hadoop cluster, you can load this with one profile, but if you need six new servers for a new web application, you can Continue reading

phpipam MySQL database optimizations

Having large amount of subnets (and other tables) on unoptimised MySQL database server can significantly increase page loads. To see which parameters need to be change I usually use mysqltuner perl script, which connects to database, analyses data and proposes which parameters need to be changed that are not optimally set based on current load.mysqltuner

Installation is simple:

1.) Fetch mysqltuner on FreeBSD:

cd ~
fetch http://mysqltuner.pl

or wget on linux:

wget http://mysqltuner.com

2.) Make it executable:

chmod +x mysqltuner.pl

3.) And run it to analyse database, you have to provide administrative credentials.

./mysqltuner.pl

 

Any other similar scripts out there you would recommend?

brm

Citrix Acquires Sanbolic

I just saw the news that Citrix has acquired Sanbolic, a storage virtualization company that I’ve written about before. (TechCrunch also has a quick write-up as well.) Early this year, Sanbolic announced their storage virtualization product, completing a pivot from offering a Windows-only solution (file system and volume manager) to a multi-platform solution that encompasses multiple storage tiers, multiple operating systems, and multiple hypervisors.

It will be interesting to see how this acquisition affects the virtualization industry. With the exception of a few major players running open source Xen, Citrix has thus far been unsuccessful (to my knowledge, correct me if I’m wrong) in making any significant inroads with XenServer (either commercial or open source). KVM seems to be the open source hypervisor of choice while VMware’s vSphere continues to dominate (for now) the commercial market—leaving XenServer with leftovers. The same can be said for CloudStack, which—with a few exceptions—is losing to OpenStack on the open source side and VMware’s offerings on the commercial side.

So the big question becomes, “Will the Sanbolic acquisition change things?” Will the addition of a storage virtualization solution that supports multiple operating systems and multiple hypervisors give Citrix an edge that Continue reading

Leaky Abstractions

Much of our life, as engineers, is about building, manipulating, and using abstractions. For instance, C is nothing but an abstraction on top of the actual register set provided by a particular processor. HTML is nothing but an abstraction for formatting and display (a markup language), implemented in — well, C. There is a lot of power in such abstractions, of course. Without them we couldn’t build operating systems, applications, browsers, web pages — or networks.

Ethernet is an abstraction of electronic signals (anyone remember Manchester Encoding?). IP is an abstraction of every physical layer in the world. TCP is an simulation, or abstraction, of a reliable connection oriented link over (completely unreliable) IP. HTTP is an abstraction of a flow of information, a stream, between two computers. It’s all abstractions — as the philosopher might say, “it’s abstractions all the way down.” So what’s wrong with this?

All abstractions are leaky. What do I mean when I say abstractions are leaky? Let’s turn to the originator of the phrase, Joel Spolsky:

Abstractions fail. Sometimes a little, sometimes a lot. There’s leakage. Things go wrong. It happens all over the place when you have abstractions.

This is the Continue reading

VMware NSX: a short introduction and HOWTO install it

NSX is the SDN solution by VMware. NSX is  available as: NSX for vSphere (NSX-V) NSX Multi-Hypervisor (NSX-MH) NSX-MH is NSX for Multi Hypervisors (ESXi, KVM, Xen, Hyper-V). This post is focused on NSX-V. Acronyms DFW: Distributed FireWall DLR: Distributed Logical Router LIF: Logical InterFace UWA: User World Agent VDS: VSphere Distributed Switch VIB: VSphere Installation Bundle VNID: VXLAN […]

Switching is not working on VMware NSX

In this scenario we have three VMs deployed on a NSX vSwitch with VNI 5002. Two are running on the same hosts and they can ping each other, the other one is running on a separated host and cannot ping the other VMs. Check if at least one interface is configured for VXLAN: ~ # […]

A Call for Better Vulnerability Response

Microsoft forced a self-serving vulnerability disclosure policy on the industry 10 years ago, but cries foul when Google does the same today.

Ten years ago, Microsoft dominated the cybersecurity industry. It employed, directly or through consultancies, the largest chunk of security experts. The ability to grant or withhold business meant influencing those consulting companies -- Microsoft didn't even have to explicitly ask for consulting companies to fire Microsoft critics for that to happen. Every product company depended upon Microsoft's goodwill in order to develop security products for Windows, engineering and marketing help that could be withheld on a whim.

This meant, among other things, that Microsoft dictated the "industry standard" of how security problems ("vulnerabilities") were reported. Cybersecurity researchers who found such bugs were expected to tell the vendor in secret, and give the vendor as much time as they needed in order to fix the bug. Microsoft sometimes sat on bugs for years before fixing them, relying upon their ability to blacklist researchers to keep them quiet. Security researchers who didn't toe the line found bad things happening to them.

I experienced this personally. We found a bug in a product called TippingPoint that allowed us to decrypt their Continue reading