Most overlay virtual networking and cloud orchestration products support security groups – more-or-less-statefulish ACLs inserted between VM NIC and virtual switch.
The lure of security groups is obvious: if you’re willing to change your network security paradigm, you can stop thinking in subnets and focus on specifying who can exchange what traffic (usually specified as TCP/UDP port#) with whom.
Read more ...I gave a presentation at Interop last month and tried to make two major points about network automation. One, network automation is so much more than just “pushing configs” and two, network automation is still relevant in Software Defined Network environments that have a controller deployed as part of the overall solution. And I’m referring to controllers from ANY vendor including, but definitely not limited to Cisco’s APIC, NSX Controllers, Nuage Controller/Director, Juniper Contrail, Plexxi Control, OpenDaylight, and Big Switch’s Big Cloud Fabric.
A few months ago, I was at Network Field Day 8 and got to see a live demo of Big Switch’s newly released Big Cloud Fabric solution. It seemed slick, but I was curious on automating the fabric using the northbound APIs exposed from their controller. As it turns out, I was able to get access to a small fabric (2 leafs / 2 spines) to get familiar with Big Cloud Fabric. In parallel to that, I started testing Schprokits as I mentioned in my previous post.
So, sure enough I spent some time putting together a demo to show what can be done with network automation tools and how they could integrate with SDN controllers. The Continue reading
Recently I posted about Rewarding Effort vs Results, how different contract structures can have different outcomes. This post covers Time & Materials vs Fixed-Price a little more, looking at pros & cons, and where each one is better suited.
Pros: Little time/energy wasted on quoting – engineers can get to work faster. Customer saves money if job Continue reading
In early August, we examined data demonstrating a striking correlation between real-world and online conflict [1], which ASERT tracks on a continual basis [2-7]. Recent political unrest provides another situation in which strong correlative indicators emerge when conducting time-series analysis of DDoS attack data.
The latest round of pro-democracy protests in Hong Kong began on September 22nd when “. . . Students from 25 schools and universities go ahead with a week-long boycott to protest Beijing’s decision to proceed with indirect elections for Hong Kong’s Chief Executive position.” [8]. The protests ramped up on September 28th when a larger pro-democracy group, Occupy Central with Love and Peace, combined forces with the student demonstrators [8-9]. On October 1st, protesters vowed to increased the level of civil disobedience if Hong Kong’s Chief Executive, Leung Chun-Ying, did not step down [10]. Since that time, tensions have increased, with police crackdowns, tear gas, barricades, skirmishes, shutdowns of government buildings and infrastructure, and heavy use of social media to promote both pro-and anti-protest sentiment. By examining Arbor ATLAS Internet-wide attack visibility data we have identified DDoS attack activity in the APAC region which correlates strongly with the ebb and flow Continue reading
This event was like no other Dell event that I’ve attended. First, it actually rained in Austin. For two days straight! But more importantly (and as dramatic), as a private company, Dell had a very different vibe. Michael Dell repeatedly said that this was the first time he was having fun in a long time, and looking at the crowd, you could sense it! The general feel was that this new Dell could take on any new challenge and could do so swiftly. Always optimize for the long run and drive innovation to accelerate business.
It’s very evident that the software-defined world is changing. At Del
l World you could feel the buzz and witness each and every company’s evolution and observe how each product is helping evolve the face of the entire IT ecosystem. With all of the hype surrounding the software-defined market, I’m happy to have had Continue reading
Recently, I experimented with Cisco’s onePK. What follows are observations on onePK, as well as some details on the mechanics of creating a onePK connection. For those of you that are not familiar with onePK–it is an API created by Cisco that they support on various IOS, IOS-XR, and IOS-XE devices. onePK was announced in 2012 […]
The post Kicking the Tires on Cisco’s onePK appeared first on Packet Pushers Podcast and was written by Kirk Byers.
For those of you that follow the CloudFlare blog, you’ll know that we try to be prolific. We have industry leaders like Matthew Prince, John Graham-Cumming, Nick Sullivan, and others publishing pieces weekly from the front lines of internet performance and security. We’re also big fans of open source software, which is used in almost everything we do.
A little over a year ago we watched as a brand new independent open source blogging platform called Ghost started making waves, raising over $300,000 on Kickstarter. A little later, we reached out to the team to see if CloudFlare could help make the lightning-fast Node.js platform even faster and more secure on the Ghost(Pro) hosted service.
In March, Ghost announced that their entire Pro network was powered by CloudFlare, and today we’re pleased to announce that the CloudFlare blog is now running on Ghost.
While things look largely the same, you’ll find new and improved RSS feeds as well as tag and author archives to allow you to browse through our backlog of content more easily. The biggest improvement by far, though, is in the writing tools which we now have available to us—meaning our team is Continue reading
The President recently released a video and statement urging the Federal Communications Commission (FCC) to support net neutrality and ensure that there will be no “pay for play” access to websites or punishment for sites that compete against a provider’s interests. I wholeheartedly support the idea of net neutrality. However, I do like to stand on my Devil’s Advocate soapbox every once in a while. Today, I want to show you why a truly neutral Internet may not be in our best interests.
Lawful Neutral
If the FCC mandates a law that the Internet must remain neutral, it will mean that all traffic must be treated equally. That’s good, right? It means that a provider can’t slow my Netflix stream or make their own webmail service load faster than Google or Yahoo. It also means that the provider can’t legally prioritize packets either.
Think about that for a moment. We, as network and voice engineers, have spent many an hour configuring our networks to be as unfair as possible. Low-latency queues for voice traffic. Weighted fair queues for video and critical applications. Scavenger traffic classes and VLANs for file sharers and other undesirable bulk noise. These plans take weeks to Continue reading
Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches.
Is there any mileage in this idea?
The idea of the big players selling their software for use on generic hardware has been floating around pretty much since SDN hit the news and the first bare metal switches came out, with Cisco for example looking like they were pretending that SDN wasn’t a thing, and their position was secure if they continued to do what they already did. To be honest, I think Cisco is still paying the price for initially lacking a strategy, then embracing SDN in such a confusing way. Nonetheless, the idea isn’t new, but has the market moved to a position where Cisco and Arista really need to do this? And what of Juniper; are they immune to being sucked into the bare metal market?
In addition to being a good addition to awesome music of G. Love, for companies like Cisco Arista and Juniper, their “special sauce” these days Continue reading
Jim Duffy wrote an interesting article on Network World’s Cisco Connection blog called “Cisco, Arista Disaggregating?” in which he speculates that Cisco and Arista may make their network operating systems (NOS) available for use on bare metal switches. Is there … Continue reading
If you liked this post, please do click through to the source at Response: Cisco, Arista Disaggregating and give me a share/like. Thank you!
The tendency of most companies is to talk strategy and vision. Almost every technology company can paint a future that is somehow more elegant based on their product’s fit into customer plans. And, as a sales leader, if you find a company whose vision you find compelling enough to inspire you to share it with customers, you’re probably feeling pretty good about things.
But sales is ultimately measured on wins and losses. And there is no taking solace in a grand vision if you cannot meaningful and immediately make a difference in a customer’s life. So as much as sales is about demonstrating a better future, there is no substitute for solving immediate pain.
This means that the ideal landing spot for anyone in a sales role is a company that thinks big but is committed to enabling the game changing vision for today’s customer problem set.You want to be a part of an organization that wants to do nothing short of changing the world, but who has the focus to do it in ways that provide immediate tangible benefit.
I am certain I have found that in Plexxi.
Before joining Plexxi as the head of Worldwide Sales, I Continue reading
My calendar for the following four weeks is jam-packed with SDN events:
All the travel might affect my blogging frequency, but I still have a few podcasts in the editing queue, so you’ll have something to listen to in the meantime ;)
The Best Presentations on SDN Analytics and Wide Area Orchestration at SDN/MPLS 2014
I attended the SDN/MPLS conference in Washington, D.C. last week, where I presented on the importance of analytics for WAN SDN application bandwidth scheduling and the need for even richer analytics when looking at the data center, network edge and WAN SDN holistically. In my presentation I highlighted the importance of accurate traffic demand matrices and the need to consider failures when selecting paths, so that the network can survive them without creating congestion. I was not the only one talking about WAN orchestration and analytics.
One of the most interesting presentations in my opinion was by Douglas Freimuth of IBM. Douglas presented his work titled “Orchestrated Bandwidth-on-Demand for Cloud Services.” It is a collaboration between IBM, Ciena, and AT&T. They carried out the work in a laboratory test bed.
In the test bed, there were three data centers (Los Angeles, New York and Chicago) running OpenStack. When VM workload in the Los Angeles data center exceeded a threshold, some of the VMs were moved to the New York data center to reduce the load. Continue reading
