OpenFlow integration

Northbound APIs for traffic engineering describes how sFlow and OpenFlow provide complementary monitoring and control capabilities that can be combined to create software defined networking (SDN) solutions that automatically adapt the network to changing traffic and address high value use cases such as: DDoS mitigation, enforcing black lists, ECMP load balancing, and packet brokers.

The article describes the challenge of mapping between the different methods used by sFlow and OpenFlow to identify switch ports:
  • Agent IP address ⟷ OpenFlow switch ID
  • SNMP ifIndex ⟷ OpenFlow port ID
The recently published sFlow OpenFlow Structures extension addresses the challenge by providing a way for switches to export the mapping as an sFlow structure.

The Open vSwitch recently implemented the extension, unifying visibility and control of the virtual network edge. In addition, most physical that support OpenFlow also support sFlow. Ask vendors about their plans to implement the sFlow OpenFlow Structures extension since it is a key enabler for SDN control applications.

The Story Behind the Migration

A number of people have asked me why I migrated from WordPress—which powered my blog for 9 years—to Jekyll and GitHub Pages. Now that the migration is finally complete, I can share with you the story behind the migration: why I migrated, the process I followed, and some of the tools I used.

Why I Migrated

“Why?” is a question I heard quite a bit as I was sharing updates on the progress of the blog migration over the Christmas/New Year holiday. It’s quite simple, really: I needed to walk the walk.

Allow me to explain. For the last couple of years, I’ve occasionally been giving presentations at VMUG meetings and other events on how to stay relevant in the fast-changing world of IT. The most recent instance was a whirlwind tour of Dallas, Chicago, and Phoenix in September of this last year, where I presented this deck, titled “Closing the Cloud Skills Gap.”

In that presentation, one of the recommendations I made to the audience was to become more familiar with the software development process. That includes tools like Git (and, by extension, GitHub), Vagrant (a quick introduction is available here), and others. I Continue reading

A Look Ahead to Packet Pushers Content in 2015

Here’s an update on some Packet Pushers news, and a look ahead to the content we’re planning for 2015. No scary announcements, just some thoughts to share. Circling Back Around On Show 200 I think we’ve mentioned it before, but the response we received to show 200 was very encouraging to us. That’s understated. You really blew […]

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post A Look Ahead to Packet Pushers Content in 2015 appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Platitudes are only skin deep

I overdosed on Disney Channel over the holidays, because of course children control the remote. It sounds like it's teaching kids wholesome lessons, but if you pay attention, you'll realize it's not. It just repeats meaningless platitudes with no depth, and sometimes gets the platitudes wrong.

For example, it had a segment on the importance of STEAM education. This sounds a lot like "STEM", which stands for "science, technology, engineering, and math". Many of us believe in interesting kids in STEM. It's good for them, because they'll earn twice that of other college graduates. It's good for society, because there aren't enough technical graduates coming out of college to maintain our technology-based society. It's also particularly important for girls, because we still have legacy sexism that discourages girls from pursuing technical careers.

But Disney adds an 'A' in the middle, making STEM into STEAM. The 'A' stands for "Arts", meaning the entire spectrum of Liberal Arts. This is nonsense, because at this point, you've now included pretty much all education. The phrase "STEAM education" is redundant, conveying nothing more than simply "education".

What's really going on is that they attack the very idea they pretend to promote. Proponents of STEM Continue reading

Upcoming Ansible Training Classes

ANSible_101

We are pleased to announce to training courses. These courses are taught by members of the Ansible Team and will give a great look at how to get started using Ansible.

In this course, students will explore the origins of Ansible, how Ansible approaches automation, and the common use cases for Ansible. Students will learn about key Ansible concepts, including playbooks, plays, tasks, and modules, and the course will go through step-by-step creation of a playbook to deploy a full application from beginning to end. 

The cost is $199.

Choose from one of the dates below. 
Online Training: Introduction to Ansible - February 4th
Online Training: Introduction to Ansible - March 17th

Get ready to replace datacenter appliances with telco services

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  As 2014 drew to a close, Network World contributor Steve Alexander proclaimed 2015 to be the year that Software Defined Networking (SDN) and Network Functions Virtualization (NFV) go mainstream. Calling them "transformative technologies," Alexander expects enterprises to consume services from telcos and other service providers instead of buying traditional data center hardware appliances.To read this article in full or to leave a comment, please click here

Continuous Integration Pipeline for Networking

This entry is part 3 of 3 in the series DevOps for Networking

Popular development methodologies like Continuous Integration are usually accompanied by some kind of automated workflow, where a developer checks in some source code, which kicks off automated review, testing, and deployment jobs. I believe the same workflows can be adopted by network engineers.

Let’s say you are the Senior Network Engineer for your entire company, which boasts a huge network. You don’t have time to touch every device, so you have a team of junior-level network engineers that help you out. Let’s say you want to offload the creation/deletion of DHCP reservations to these junior engineers, but you still want to be able to approve all changes, just as a last line of defense, and a sanity check.

For this, I’m gong to show you how I’m managing my own home DHCP server (ISC) with Gerrit, Jenkins, and Ansible.

 

Config Review and Versioning with Git and Gerrit

I mentioned in a previous post that version control is an important component of efficiently managing network infrastructure. I’m going to take it a step further than what most are doing with RANCID, which is traditionally used at the end of a Continue reading

On Losing

When I got off the phone, I knew I’d blown it. I’d gotten so wrapped up in the discussion on eVPNs that I might have crossed over that magical line between, “this is a really neat technology,” to, “this technology will solve world hunger.” It brought back to mind my first “real fight” in the world of technology, a long ago argument between two network operating systems (Novell Netware and Banyan Vines).

At the time, I was a buck sergeant in the USAF assigned to the Small Computer Support Office. We were building a new base backbone, and trying to decide what network operating system to standardize on as an organization (as a base). The decision had come down to two options — Novell Netware and Banyan Vines. I was in the camp that wanted Vines. In fact, I’d written two papers (long’ish, on the order of 80 pages each), going through the positives and negatives in each direction. I’d been to a number of meetings, and we had small networks set up running both in our lab. In the end, though, I lost. The technology I was advocating for wasn’t chosen by “the powers that be,” and so Continue reading

CheckPoint, Watchguard earn top spots in UTM shootout

When it comes to unified threat management appliances aimed at the SMB market, vendors are finding a way to fit additional security features into smaller and more powerful appliances. In 2013, we looked at nine UTMs. This time around we reviewed six products: the Calyptix AccessEnforcer AE800, Check Point Software’s 620, Dell/Sonicwall’s NSA 220 Wireless-N, Fortinet’s FortiWiFi-92D, Sophos’ UTM SG125 and Watchguard Technologies’ Firebox T10-W. (Cisco, Juniper and Netgear declined to participate.) We observed several megatrends across all the units that we tested:To read this article in full or to leave a comment, please click here(Insider Story)

BGPSEC: Signatures and Performance

BGPSEC is a set of BGP extensions being developed by the SIDR working group of the IETF to improve the security of the Internet’s routing infrastructure. So far in this series, we’ve looked at the basic operation of BGPSEC, the protections offered, and then the first set of performance issues — how do we prevent […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.

The post BGPSEC: Signatures and Performance appeared first on Packet Pushers Podcast and was written by Russ White.

BGP Deaggregation with Conditional Route Injection

Whenever there’s a weird request to do something totally illogical with BGP, there’s a knob in Cisco IOS to get it done (and increase the heartburn of CCIE candidates). Conditional Route Injection (the ability to insert more specific prefixes into BGP without having them in the IP routing table) is one of them.

Keep in mind: being a MacGyver is not a long-term strategy. Just because you can doesn’t mean that you should.

Read more ...

Software-Defined Cloud Networking Reflections

Every year I reflect upon how my predictions compare to actual outcomes. Once again, that time has come, so let’s take a walk together down 2014’s memory lane, while also looking forward to exciting industry developments in 2015. Clearly innovation in networking is returning as we are seeing venture capitalists once again investing in networking innovation!

Prediction #1: The rise in server virtualization is driving network virtualization deployments.

Evaluation #1: Half True.

One can transcend network boundaries at both L2 and L3, building seamless virtual and physical networks with VXLAN as the key L2 over L3 foundation. The VXLAN specification co-authored by Arista and VMware, and in a similar vein the NVGRE specification co-authored by Arista and Microsoft, were key turning points for network virtualization. Arista’s strategic partnership announced in August 2014 with VMware (NSX, vSphere and vCloud Director) and multivendor interoperability with other controllers from Nuage Networks, OpenStack and the OpenFlow community were key milestones in 2014. New protocols take time to be adopted – usually 3-5 years. VXLAN is at that tipping point for broader implementations in place of the proprietary, vendor-specific options we have seen.

Prediction #2: “SDN” is no more “Still Don’t Know”.

Evaluation #2: Continue reading

Continuous Integration Pipeline for Networking

Popular development methodologies like Continuous Integration are usually accompanied by some kind of automated workflow, where a developer checks in some source code, which kicks off automated review, testing, and deployment jobs. I believe the same workflows can be adopted by network engineers. Let’s say you are the Senior Network Engineer for your entire company, which boasts a huge network. You don’t have time to touch every device, so you have a team of junior-level network engineers that help you out.

Continuous Integration Pipeline for Networking

Popular development methodologies like Continuous Integration are usually accompanied by some kind of automated workflow, where a developer checks in some source code, which kicks off automated review, testing, and deployment jobs. I believe the same workflows can be adopted by network engineers. Let’s say you are the Senior Network Engineer for your entire company, which boasts a huge network. You don’t have time to touch every device, so you have a team of junior-level network engineers that help you out.

Blog Migration Complete

The blog migration is finally complete! It’s taken quite a while, but I’ve finally managed to migrate the over 1,600 posts from my original WordPress installation over to Jekyll hosted on GitHub Pages. I’ll have another post later that goes into more detail on the process that I followed (and why) as well as some of the tools that I used in the migration.

As of right now, there are 2 outstanding issues:

  1. While all the content is here, what’s not here is the comments (yet). I’m still working through some issues with Disqus, but I hope to have the issues resolved soon.

  2. Also, depending on when you read this, my original domain (“blog.scottlowe.org”) may or may not be working with the new content.

I appreciate your patience as I work through these issues.

I’d also appreciate it if you could let me know if you find anything that’s not working, such as links to other blog posts, code listings, images, etc. Because this entire site is a GitHub repo, if you’re so inclined you’re welcome to clone the repo, fix the problems, and submit a pull request. If you don’t feel like doing that, just drop me Continue reading

13 reasons why your newsletter sucks

Newsletters are a crucial tool of online marketing; get yours right and your audience will pay attention to you and whatever you’re trying to promote. Get it wrong and if you’re lucky people will just route your newsletter straight to the trash. If you really goof up, you’ll be swamped with abuse and unsubscribe requests. So, to help keep you on the path of digital righteousness here's a selection of the best ways for you to screw up your newsletter:

#1. Be boring. This is the simplest path to a failed newsletter. To really be boring ensure that your newsletter is in plain text, short, minimally formatted, and contains absolutely no graphics.

To read this article in full or to leave a comment, please click here