Twitter War !

Through a court-mandated decision, access to Twitter has officially been blocked across all of Turkey. Weather or not this was the right decision; it is evident that people are not happy about it at all. As you already may know, I am originally from Turkey but have been living elsewhere for many years now while […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Twitter War ! appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

The Economic Value of Unlicensed Spectrum $228 Billion Annually in the U.S.

According to a new report completed by Telecom Advisory Services, LLC (Raul Katz, Columbia Business School) commissioned by WiFiForward, the economic value of unlicensed spectrum is over $228 Billion per-year in the U.S. alone!
WiFiForward Value of
Unlicensed Spectrum
Infographic

FINAL REPORT - ASSESSMENT OF THE ECONOMIC VALUE OF UNLICENSED SPECTRUM IN THE UNITED STATES

The Report Overview (1 page) highlights the use-cases and value of each. WiFiForward has also produced an infographic (shown at right) to highlight the various ways in which unlicensed spectrum provides economic value in the U.S.

The report details the value of unlicensed spectrum in the U.S. based on two different economic impacts:
  1. Gross Domestic Product (GDP) - direct sales of technologies, services and applications that run on unlicensed spectrum. This results in $6.7 Billion per-year in value ($4.559 Billion of which is attributed to Wi-Fi).
  2. Economic Surplus - use of technologies that rely on unlicensed spectrum that add value to the economy. This results in $222 Billion per-year in economic value ($91.474 Billion of which is attributed to Wi-Fi).
Missing Data?
I am a bit confused since the value from enterprise Wi-Fi sales and resulting efficiencies appears Continue reading

Understanding FabricPath

Fabric Path


- L2 routing protocol (MAC in MAC Routing).

- Alternative to running STP, built-in loop prevention and mitigation.
  - Even with vPC, you still have STP.
  - vPC is a physical triangle and logical P2P link.
  - can have only 2 vPC peers.
  - thus distribution blocks can be only 2 upstream switches.

- FP builds arbitrary topologies.
  - full mesh
  - partial mesh
  - triangle
  - square

- Single CP for unknown ucast, ucast, bcast and mcast traffic.

- Enhances mobility and virtualization in FP network.
 - MAC mobility : physically move L2 node, but retain the same MAC address and VLAN association for the VM.

- FP retains config across an ISSU.

- FP is not TRILL.

Requirements:

- FP is not Ethernet (hence HW support is limited), it is not Ethernet in Ethernet, is Ethernet in FP tunneling.
 - F line card.
 - Enhanced L2 license (on every system that enables FP).
 - NX7K and NX55K.
 - Beginning NX-OS 6.1, FEX with vPC+ on F2 cards is supported.

FP terminology

CE : Classical Ethernet
- regular ethernet with regular flooding, STP

Windows ISATAP Client, Part 1

Last month I had the opportunity to work with a company to perform an IPv6 pilot.  There are a lot of elements to light up for an organization to use IPv6, most of them (but not all) being technical in nature.  One of the mechanism I used was ISATAP. In the past I have not […]

Author information

Dan Massameno

Dan Massameno is the president and Chief Engineer at Leaf Point, a network engineering firm in Connecticut.

The post Windows ISATAP Client, Part 1 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

The Difference Between Arista and Competitors (Factories not Babies)

I was asked to describe how Arista has been able to penetrate the networking switch market relatively quickly. Arista was founded in 2004 and ten years later has achieved a competitive position against all the major vendors in networking and specifically against Cisco who has a dominant market position. Most vendors develop product like an […]

The post The Difference Between Arista and Competitors (Factories not Babies) appeared first on EtherealMind.

Response: Rate-limiting State and Internet Frailty – ACM

This article from the Association of Computing Machinery and written by no less than Paul Vixie. It is a detailed review of the basic facts of the Internet being smart at the edge and dumb in the middle. By design, the Internet core is stupid, and the edge is smart. This design decision has enabled […]

The post Response: Rate-limiting State and Internet Frailty – ACM appeared first on EtherealMind.

Comparing and Contrasting SDN Across the Pond

Comparing and Contrasting SDN Across the Pond


by Steve Harriman, VP of Marketing - April 8, 2014

How do the U.S. and Europe compare on SDN? To find out, we just replicated a survey we conducted in the U.S. last year. At the MPLS SDN World Congress in Paris a few weeks ago, we polled more than 100 service providers and equipment providers (mostly based in the EU) about their SDN plans, business drivers and concerns. Added to the U.S.-based survey of 100, the results show many similarities as well as some interesting differences. 

Production SDN Deployment Lower in Europe 

More than 90 percent of the 200+ respondents to the two surveys said their organizations are exploring SDN in some way. However, while 74 percent of the EU-based respondents said their organizations are either researching or prototyping SDN, only about eight percent said they currently have some production deployment. This compares to 20 percent of the U.S. survey respondents who indicated some production deployment (with 62 percent either researching or prototyping SDN). 

The percentage planning to deploy production SDN in either this year or in 2015 was similar for both sets, with eight Continue reading

The Learning Curve: Implementations vs Fundamentals

I’ve spent a lot of time lately considering skillsets, and how people go about learning new things. Many aspects of the IT industry are starting to overlap with each other (the idea of DevOps being just one manifestation) and it’s incredibly interesting to see how individual professionals are incorporating new knowledge into their repertoire. I did a little contemplation on this over the weekend and I’d like to share some observations I’ve made.

The Learning Curve: Implementations vs Fundamentals

I’ve spent a lot of time lately considering skillsets, and how people go about learning new things. Many aspects of the IT industry are starting to overlap with each other (the idea of DevOps being just one manifestation) and it’s incredibly interesting to see how individual professionals are incorporating new knowledge into their repertoire. I did a little contemplation on this over the weekend and I’d like to share some observations I’ve made.

SRX – “VPN monitoring” causes IPSec to bounce

Just making a note here because this will probably trip me up again in the future:   I have a customer with a VPN running from an SRX650 on 11.4R9.4 to a variety of other devices.  One of these is some kind of Huawei device, and the other a Vyatta router.  I’ve no idea what versions or models these are because they’re not under the customer’s control.

I noticed that these two VPNs didn’t appear to be staying up.  You could tell because of the lifetime of the IPSec security association.  It is set in the configuration to 1800 seconds and counts  down – when it gets near zero, the SA is re-negotiated.   In this case however, the SA never dropped much below 1400 seconds remaining before being renegotiated. 

You can see this by issuing the command “show security ipsec sa” and looking at the fourth column to see the lifetime remaining.  If you specify the index number you get more detail as can be seen below:

user@LON-SRX650> show security ipsec sa index 12
ID: 12 Virtual-system: root, VPN Name: VPN-1
Local Gateway: x.x.x.x, Remote Gateway: y.y.y. Continue reading

Press Release: Results of Cross-Continent SDN Survey

American and European service providers agree on SDN benefits and challenges with key differences

U.S. and European service providers share similar SDN business drivers and challenges, but Europe has a lower deployment rate and is more concerned about reducing costs as well as managing the technology. These are the main results of a Packet Design survey of more than 200 network service providers on both continents. The company polled more than 100 service providers and equipment providers at the 2014 MPLS SDN World Congress in Paris last month (more than half of the respondents were based in Europe). This adds to the results of the survey of 100 service providers Packet Design conducted at the 16th annual MPLS/SDN International Conference in Washington, D.C. last November.

Key Findings:  

  • More than 90 percent of the 200+ survey respondents are exploring SDN in some way. However, only eight percent of EU-based respondents said they currently have some production deployment compared to 20 percent of the U.S. survey respondents.  
  • Both geographies indicated the same SDN business drivers: support new services, increase business agility, and improve productivity. Europe is more concerned about reducing expenditures: More than one-third of European respondents Continue reading

DDoS mitigation hybrid OpenFlow controller

Performance optimizing hybrid OpenFlow controller describes the growing split in the SDN controller market between edge controllers using virtual switches to deliver network virtualization (e.g. VMware NSX, Nuage Networks, Juniper Contrail, etc.) and fabric controllers that optimize performance of the physical network. The article provides an example using InMon's sFlow-RT controller to detect and mark large "elephant" flows so that they don't interfere with latency sensitive small "mice" flows.

This article describes an additional example, using the sFlow-RT controller to implement the ONS 2014 SDN Idol winning distributed denial of service (DDoS) mitigation solution - Real-time SDN Analytics for DDoS mitigation.
Figure 1: ISP/IX Market Segment
Figure 1 shows how service providers are ideally positioned to mitigate large flood attacks directed at their customers. The mitigation solution involves an SDN controller that rapidly detects and filters out attack traffic and protects the customer's Internet access.
Figure 2: Novel DDoS Mitigation solution using Real-time SDN Analytics
Figure 2 shows the elements of the control system in the SDN Idol demonstration. The addition of an embedded OpenFlow controller in sFlow-RT allows the entire DDoS mitigation system to be collapsed into the following sFlow-RT JavaScript application:
// Define large flow  Continue reading

Quiz #23 – QoS on IPsec Tunnels

Type: Lab Difficulty: Advanced Company ABC runs a static VTI-based VPN tunnel between Site-1, hosting 192.168.1.1, and Site-2, hosting 192.168.5.5. BGP is configured between the two sites, over the VTI Tunnel, making all traffic between the sites to be encrypted/protected by IPsec. A new requirement is received from the customer, asking that all traffic from 192.168.1.1 (in Site-1) to 192.168.2.2 (in Site-2) must be prioritized. The network engineer creates the... [read more]

Quiz #23 &#8211 QoS on IPsec Tunnels

Company ABC runs a static VTI-based VPN tunnel between Site-1, hosting 192.168.1.1, and Site-2, hosting 192.168.5.5. BGP is configured between the two sites, over the VTI Tunnel, making all traffic between the sites to be encrypted/protected by IPsec. The network engineer tries to configure QoS but something does not work !...

BFD in the new Avatar

 

BFDWe all love Bi-directional Forwarding Detection (BFD) and cant possibly imagine our lives without it. We love it so much that we were ready with sabers and daggers drawn when we approached IEEE to let BFD control the individual links inside a LAG — something thats traditionally done by LACP.

Having done that, you would imagine that people would have settled down for a while (after their small victory dance of course) — but no, not the folks in the BFD WG. We are now working on a new enhancement that really takes BFD to the next level.

There isnt anything egregiously wrong or missing per se in BFD today. Its just not very optimal in certain scenarios and we’re trying to plug those holes (and doing our bit to ensure that folks in data comm industry have ample work and remain perennially employed).

Ok, lets not be modest – there are some scenarios where it doesnt work (as we shall see).

So what are we fixing here?

Slow Start

Well for one, BFD takes awfully looooong to bring up the session. Remember BFD starts with sedate timers and then slowly picks up (each side needs to come to an agreement on the rate at Continue reading