Automatic logon to vCenter using vMA/SDK for Perl

One of the most useful appliance for vSphere administration is a Linux based VM called vMA (vSphere Management Assistant ). It’s a simple SUSE Linux installation with the vSphere SDK for Perl installed. Both method will provide useful tools like esxcli, vmkfstools, vicfg-* and so on. Each command can read credentials as parameters: $ esxcli --server vcenter.example.com --username example\vsphereadmin […]
(Visited 4 times since 2013-06-04, 4 visits today)

The Trap of Net Neutrality

net-neutrality

The President recently released a video and statement urging the Federal Communications Commission (FCC) to support net neutrality and ensure that there will be no “pay for play” access to websites or punishment for sites that compete against a provider’s interests.  I wholeheartedly support the idea of net neutrality.  However, I do like to stand on my Devil’s Advocate soapbox every once in a while.  Today, I want to show you why a truly neutral Internet may not be in our best interests.

Lawful Neutral

If the FCC mandates a law that the Internet must remain neutral, it will mean that all traffic must be treated equally.  That’s good, right?  It means that a provider can’t slow my Netflix stream or make their own webmail service load faster than Google or Yahoo.  It also means that the provider can’t legally prioritize packets either.

Think about that for a moment.  We, as network and voice engineers, have spent many an hour configuring our networks to be as unfair as possible.  Low-latency queues for voice traffic.  Weighted fair queues for video and critical applications.  Scavenger traffic classes and VLANs for file sharers and other undesirable bulk noise.  These plans take weeks to Continue reading

Response: Cisco, Arista Disaggregating

Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches.

Is there any mileage in this idea?

Old News, New Timing

The idea of the big players selling their software for use on generic hardware has been floating around pretty much since SDN hit the news and the first bare metal switches came out, with Cisco for example looking like they were pretending that SDN wasn’t a thing, and their position was secure if they continued to do what they already did. To be honest, I think Cisco is still paying the price for initially lacking a strategy, then embracing SDN in such a confusing way. Nonetheless, the idea isn’t new, but has the market moved to a position where Cisco and Arista really need to do this? And what of Juniper; are they immune to being sucked into the bare metal market?

Special Sauce

In addition to being a good addition to awesome music of G. Love, for companies like Cisco Arista and Juniper, their “special sauce” these days Continue reading

Response: Cisco, Arista Disaggregating

Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches. Is there … Continue reading

If you liked this post, please do click through to the source at Response: Cisco, Arista Disaggregating and give me a share/like. Thank you!

Integrating HP addons to VMware Update Manager

Honestly I don’t like customized ISO images for VMware ESXi. I prefer to know what software is installed and how to upgrade it. This short guide will show how to integrate HP addons for VMware in the Update Manager (VUM). Open the vClient -> Home -> Update Manager -> Download Settings -> Add Download source: Source […]
(Visited 4 times since 2013-06-04, 4 visits today)

VMware Update Managet (VUM) fail after upgrade

Sometimes after a vSphere upgrade Update Manager (VUM) can fail with the following error: There was an error connecting VMware vSphere Update Manager – [vcenter.example.com:443]. Database temporarily unavailable or has network problems. The easiest way is to reconfigure the VUM using the VMwareUpdateManagerUtility.exe utility installed in the VMware Update Manager program path (usually C:Program Files (x86)VMwareInfrastructureUpdate Manager): […]
(Visited 1 times since 2013-06-04, 1 visits today)

An industry in transition

The tendency of most companies is to talk strategy and vision. Almost every technology company can paint a future that is somehow more elegant based on their product’s fit into customer plans. And, as a sales leader, if you find a company whose vision you find compelling enough to inspire you to share it with customers, you’re probably feeling pretty good about things.

But sales is ultimately measured on wins and losses. And there is no taking solace in a grand vision if you cannot meaningful and immediately make a difference in a customer’s life. So as much as sales is about demonstrating a better future, there is no substitute for solving immediate pain.

This means that the ideal landing spot for anyone in a sales role is a company that thinks big but is committed to enabling the game changing vision for today’s customer problem set.You want to be a part of an organization that wants to do nothing short of changing the world, but who has the focus to do it in ways that provide immediate tangible benefit.

I am certain I have found that in Plexxi.

Before joining Plexxi as the head of Worldwide Sales, I Continue reading

Deploying VMware vCenter Operations (vCOPS)

Deploying the VMware vCOPS appliance is an easy task with only one prerequisite: IP pool. An IP pool is IP pools provide a network identity to vApps. An IP pool is a network configuration that is assigned to a network used by a vApp. The vApp can then leverage vCenter Server to automatically provide an […]
(Visited 4 times since 2013-06-04, 4 visits today)

Failed to deploy an OVA

Deploying an OVA to a VMware vSphere infrastructure can fail with the following error: Failed to deploy OVF package: The request was aborted: The request was cancelled. The OVA file can be damaged. Because an OVA file is a TAR, the archive can be tested using 7-Zip. Open the archive, use the verify function and see the […]
(Visited 3 times since 2013-06-04, 3 visits today)

A Month of SDN

My calendar for the following four weeks is jam-packed with SDN events:

All the travel might affect my blogging frequency, but I still have a few podcasts in the editing queue, so you’ll have something to listen to in the meantime ;)

The Best Presentations on SDN Analytics and Wide Area Orchestration at SDN/MPLS 2014

The Best Presentations on SDN Analytics and Wide Area Orchestration at SDN/MPLS 2014

by Cengiz Alaettinoglu, CTO - November 11, 2014

I attended the SDN/MPLS conference in Washington, D.C. last week, where I presented on the importance of analytics for WAN SDN application bandwidth scheduling and the need for even richer analytics when looking at the data center, network edge and WAN SDN holistically. In my presentation I highlighted the importance of accurate traffic demand matrices and the need to consider failures when selecting paths, so that the network can survive them without creating congestion. I was not the only one talking about WAN orchestration and analytics.

One of the most interesting presentations in my opinion was by Douglas Freimuth of IBM. Douglas presented his work titled “Orchestrated Bandwidth-on-Demand for Cloud Services.” It is a collaboration between IBM, Ciena, and AT&T. They carried out the work in a laboratory test bed.

In the test bed, there were three data centers (Los Angeles, New York and Chicago) running OpenStack. When VM workload in the Los Angeles data center exceeded a threshold, some of the VMs were moved to the New York data center to reduce the load. Continue reading

SDN Analytics and Orchestration from the 17th Annual SDN/MPLS Conference

SDN Analytics & Orchestration from the 17th Annual SDN/MPLS Conference

by Steve Harriman, VP of Marketing - November 11, 2014

Last week at the SDN/MPLS [1] conference in Washington, D.C., large service providers, research organizations and academia, and equipment manufacturers from around the world gathered to hear about the latest SDN/NFV developments. Cengiz Alaettinoglu, Packet Design’s CTO, contributed his insights and experience by presenting at the conference on “SDN Analytics: Bridging Overlay and Underlay Networks.” His premise is that underlay routing issues will impact overlay network performance, thus creating the need for SDN analytics to correlate the two and provide management visibility. 

Figure 1. SDN Analytics can correlate the impact of underlay network issues on overlay performance.
In the presentation, Cengiz discussed three types of SDNs: Data center, network edge, and WAN. All three must work in concert, as data center and edge orchestrators will need to request services from the WAN orchestrator. He explained the required elements of SDN analytics, which include historical, current and predictive awareness of the following: 
  • Topology (IGP, BGP, RSVP-TE, L2/3 VPNs, OpenFlow tables)
  • Traffic (real-time and historical traffic matrices, and projected demands)
  • Performance (jitter, packet delay/loss, MOS scores, Continue reading

Don’t mistake masturbation for insight [NOT SAFE FOR WORK]

Stroking prejudices isn't insight. I mention this because people keep sending me this Oatmeal cartoon that does nothing but furiously stroke its supporters until they ejaculate all over the screen.


The comic claims NetNeutrality is a bipartisan issue. By bipartisan it means that Democrats and the Green Party overwhelming support it. The comic is certainly not referring to Republicans, who overwhelming oppose NetNeutrality, as any googling of "republican net neutrality" would demonstrate. I suspect the problem here is that Oatmeal readers are in a filter-bubble (a technical term for "sitting in a circle jerking each other off") and therefore don't seriously believe Republicans exist.


The comic seriously says this: support for NetNeutrality is bipartisan, but opposition is partisan. I suspect they like words like "shit smear" because they are so accustomed to having their heads up their own asses.


The Oatmeal claims NetNeutrality won't mean the feds can dictate how much your ISP charges. I suspect that's because the comic's fingering of his own ass distracts him from reading. Obama's proposal today is to reclassify the Internet as a common-carrier under section II of the Telecommunication's Act. Luckily, we have something called the "Internet" were we can  Continue reading

CloudFlare and SHA-1 Certificates

At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates. We are aware of these changes, and we have modified our SSL offerings to ensure customer sites continue to be secure and available to all visitors.

Chrome (and Firefox) and SHA-1

Google will be making changes to its Chrome browser in upcoming versions to change the way they treat certain web site certificates based on their digital signature. These changes affect over 80% of websites.

As described in our blog post on CFSSL, web site certificates are organized using a chain of trust. Digital signatures are the glue that connects the certificates in the chain. Each certificate is digitally signed by its issuer using a digital signature algorithm defined by the type of key and a cryptographic hash function (such as MD5, SHA-1, SHA-256).

Starting in Chrome 39 (to be released this month, November 2014), certificates signed with a SHA-1 signature algorithm will be considered less trusted than those signed with a more modern SHA-2 algorithm. This change Continue reading

This Vox NetNeutrality article is wrong

There is no reasoned debate over NetNeutrality because the press is so biased. An example is this article by Timothy B. Lee at Vox "explaining" NetNeutrality. It doesn't explain, it advocates.

1. Fast Lanes

Fast-lanes have been an integral part of the Internet since the beginning. Whenever somebody was unhappy with their speeds, they paid money to fix the problem. Most importantly, Facebook pays for fast-lanes, contrary to the example provided.

One prominent example of fast-lanes is "channels" in the local ISP network to avoid congestion. This allows them to provide VoIP and streaming video over their own private TCP/IP network that won't be impacted by the congestion that everything else experiences. That's why during prime-time (7pm to 10pm), your NetFlix streams are low-def (to reduce bandwidth), while your cable TV video-on-demand are hi-def.

Historically, these channels were all "MPEG-TS", transport streams based on the MPEG video standard. Even your Internet packets would be contained inside the MPEG streams on channels.

Today, the situation is usually reversed. New fiber-optic services have TCP/IP network everywhere, putting MPEG streams on top of TCP/IP. They just separate the channels into their private TCP/IP network that doesn't suffer congestion (for voice and video-on-demand), and Continue reading

What The Juniper Learning Portal Offers For Free

I’ve been working with Juniper SRX firewalls, MX routers, and EX switches for over a year now. I don’t spend a ton of time at the CLI. Mostly, I have some project I need to accomplish, so I do my homework, mock up in a lab what I’m able to, and wing the rest. […]

Andrisoft Wanguard: Cost-Effective Network Visibility

Andrisoft Wansight and Wanguard are tools for network traffic monitoring, visibility, anomaly detection and response. I’ve used them, and think that they do a good job, for a reasonable price.

Wanguard Overview

There are two flavours to what Andrisoft does: Wansight for network traffic monitoring, and Wanguard for monitoring and response. They both use the same underlying components, the main difference is that Wanguard can actively respond to anomalies (DDoS, etc).

Andrisoft monitors traffic in several ways – it can do flow monitoring using NetFlow/sFlow/IPFIX, or it can work in inline mode, and do full packet inspection. Once everything is setup, all configuration and reporting is done from a console. This can be on the same server as you’re using for flow collection, or you can use a distributed setup.

The software is released as packages that can run on pretty much any mainstream Linux distro. It can run on a VM or on physical hardware. If you’re processing a lot of data, you will need plenty of RAM and good disk. VMs are fine for this, provided you have the right underlying resources. Don’t listen to those who still cling to their physical boxes. They lost.

Anomaly Detection

You Continue reading

Lessons Learned from Deploying Multicast

Lately I have been working a lot with multicast, which is fun and challenging! Even if you have a good understanding of multicast unless you work on it a lot there may be some concepts that fall out of memory or that you only run into in real life and not in the lab. Here is a summary of some things I’ve noticed so far.

PIM Register

PIM Register are control plane messages sent from the First Hop Router (FHR) towards the Rendezvous Point (RP). These are unicast messages encapsulating the multicast from the multicast source. There are some considerations here, firstly because these packets are sent from the FHR control plane to the RP control plane, they are not subject to any access list configured outbound on the FHR. I had a situation where I wanted to route the multicast locally but not send it outbound.

PIM Register 1

 

Even if the ACL was successful, care would have to be taken to not break the control plane between the FHR and the RP or all multicast traffic for the group would be at jeopardy.

The PIM Register messages are control plane messages, this means that the RP has to process them Continue reading

1 3,589 3,590 3,591 3,592 3,593 3,751