What is the future of SDN Vendors ? Will all the startups eventually close down to just a few choices or can there be a vibrant ecosystem which can allow for many vendors to survive ? The discussion took a left turn and became an strong discussion of whether resellers will survive the arrival of SDN.
The post Priority Queue – SDN and The Reseller Channel appeared first on Packet Pushers Podcast and was written by Greg Ferro.
To run a program that uses a graphical user interface on a guest virtual machine running in the cloonix open-source network simulator, log into the guest VM from the host computer using SSH and forward the X11 display. Then, any X11 program you run on the guest VM using that SSH session, such as Wireshark, will display its X windows on the host computer.
First, we create a cloonix network simulation with at least one guest VM. In this example, we created three guest VMs named Cloon1, Cloon2, and Cloon3.
A cloonix network simulation with three guest VMs
See previous posts related to using cloonix, if you need help setting up the example network.
Open a new terminal window on the host computer. We do this so we can run X windows from the guests on the host. As discussed in the Cloonix v24 overview post, cloonix uses a patched version of the Dropbear SSH client so we use the dbssh command that is installed in the cloonix tree directory, ~/Netsims/cloonix-24.11.
The Dropbear SSH client automatically forwards X windows from the client machine to the server machine so Continue reading
The tutorial discuss the use of GNS3 software to run Cisco Virtual IOS (vIOS). Cisco vIOS is shipped and supported as a part of the Cisco's One Platform Kit (onePK) that is distributed in form of virtual machine. It might be downloaded with Cisco.com account. Currently, it is not required to have Cisco account associated with service contracts, Bill-to IDs, or product serial numbers in order to download onePK.
Here is a Linux bash script that helps you to extract vIOS vios-adventerprisek9-m.vmdk from all-in-one VM file. Download all-in-one.ova file from here and assign executable privileges to the script.
$ chmod +x extract_vios.txt
Then you can run the script as it is shown below. The only user input is selecting path to all-in-one VM file Continue reading
TAKE ACTION: Congress is trying sneak through a dangerous amendment that will kill Net Neutrality. Call right now: https://t.co/lmObQjG49N
— EFF (@EFF) July 15, 2014I’ve been working on Mellanox S-Series switches lately in a largish network with several hundred 10GbE server ports. On the whole, the product has performed beyond my cynically low expectations and the product has good capabilities overall but the command line interface (CLI) is a really poor user experience. How about this gem for configuring […]
The post Mellanox and bad CLI choices appeared first on EtherealMind.
I had the good fortune last week to read a great post from Maish Saidel-Keesing (@MaishSK) that discussed security models in relation to candy. It reminded me that I’ve been wanting to discuss security models in relation to desserts. And since Maish got me hungry for a Snicker’s bar, I decided to lay out my ideas.
When we look at traditional security models of the past, everything looks similar to creme brûlée. The perimeter is very crunchy, but it protects a soft interior. This is the predominant model of the world where the “bad guys” all live outside of your network. It works when you know where your threats are located. This model is still in use today where companies explicitly trust their user base.
The creme brûlée model doesn’t work when you have large numbers of guest users or BYOD-enabled users. If one of them brings in something that escapes into the network, there’s nothing to stop it from wreaking havoc everywhere. In the past, this has caused massive virus outbreaks and penetrations from things like malicious USB sticks in the parking lot being activated on “trusted” computers internally.
A Slice Of Pie
A more modern security Continue reading
How Service Providers are Outpacing Enterprises in SDN Deployments
Service providers are well ahead of enterprises in SDN deployments. The numbers confirm this according to Jim Duffy in his Network World article “Enterprise SDN use lags service providers.” ACG Research estimates that sales of SDN products for live service provider deployments will reach $15.6 billion by 2018, while those that may become live will reach $29.5 billion. Use of production SDNs by enterprises and cloud/service provider data centers will be a fraction of that according to Infonetics Research: $3.1 billion by 2017.
Why are service providers so far ahead of enterprises? To paraphrase the oft-used political aphorism: It’s the business model, stupid. Duffy said it best in his article: “To service providers, the network is the business. To enterprises, the network enables or supports its core business.”
To a network service provider, technology is the revenue generator in a competitive market. Better solutions and better technology lead to lower costs (and more profits), and/or competitive differentiation.
Of course, competitive differentiators tend to become commodities over time, and we’ve seen that happen repeatedly Continue reading
While prepping for CCIE Data Center and playing around with a lab environment, I ran into a problem I’d like to share.
I was setting up a basic OTV setup with three VDCs running OTV, connecting to a core VDC running the multicast core (which is a lot easier than it sounds). I’m running it in a lab environment we have at Firefly, but I’m not going by our normal lab guide, instead making it up as I go along in order to save some time, and make sure I can stand up OTV without a lab guide.
Each VDC will set up an adjacency with the other two, with the core VDC providing unicast and multicast connectivity. That part was pretty easy to setup (even the multicast part, which had previously freaked me the shit out). Each VDC would be its own site, so no redundant AEDs.
On each OTV VDC, I setup the following as per my pre-OTV checklist:
BGP in the data center? And MPLS? Are you insane? Well, maybe, yes. But then again, I’ve been known to do a lot of crazy things in my time. Isn’t MPLS a core and edge service provider technology, while VXLAN is an enterprise data center technology? But let’s begin with this idea that technologies are […]
I received an email last week from a reader seeking advice on a fairly common predicament:
Our CIO has recently told us that he wants to get rid of MPLS because it is too costly and is leaning towards big internet lines running IPSEC VPNs to connect the whole of Africa.
As you can imagine, this has caused a huge debate between the networks team and management, we run high priority services such as Lync enterprise, SAP, video conferencing etc. and networks feel we need MPLS for guaranteed quality for these services but management feels the Internet is today stable enough to run just as good as MPLS.
What is your take on the MPLS vs Internet debate from a network engineer's point of view? And more so, would running those services over Internet work?
This is something I struggled with pretty frequently in a prior job working for a managed services provider. MPLS WANs are great because they provide flexible, private connectivity with guaranteed throughput. Most MPLS providers also allow you to choose from a menu of QoS schemes and classify your traffic so that real-time voice and video services are treated higher preference during periods of congestion.
Unfortunately, Continue reading
Another World Cup is in the books, and it’s fair to say that most people will remember 2014 for the inglorious and improbable performance of the host nation, losing 7-1 and 3-0 in its semifinal and consolation matches. Brazil’s sad exit capped off a year of soul-searching about the nation’s massive investment in hosting the World Cup (and the Olympics yet to come).
But Brazil shouldn’t lose sight of one important silver lining to their World Cup cloud: the startlingly vibrant development of the Brazilian Internet, and the critical role Brazil now plays in the Internet connectivity and ICT development of South America.
| Preparations for the World Cup and the Olympics may have helped light a fire under Brazil’s Internet infrastructure providers. Here’s a plot of the growth of the set of autonomous systems (that is, enterprises and service providers who originate IPv4 address space under their own registered Autonomous System Number) in Brazil over time. For comparison, we’ve also included the same statistic for South Africa. By this measure, the two World Cup host countries couldn’t be more different! |
|
Brazil and South Africa invite comparison because of their many parallels: Continue reading
This week, Packet Pushers’ hosts Ethan Banks and Greg Ferro queue up a discussion about a new technology, exploring EVPN with Russ White & Jeff Tantsura from Ericsson. What’s EVPN? Well, it’s short for Ethernet VPN, and it’s a way of using BGP as a routing system for MAC addresses. If that sounds like SPB […]
The post Show 196 – EVPN Introduction & Use-Cases with Russ White + Jeff Tantsura appeared first on Packet Pushers Podcast and was written by Ethan Banks.
In the process of restudying EIGRP as a protocol, and more specifically as to how it converges, you can’t avoid running into the saying “Remember to bound your queries!”.
From a conceptual point of view its fairly easy to understand that the further out you ask for a prefix the longer the convergence process will take. But what really takes place when you have different tools in place to bound the query from taking place?
There are 3 different types of “Query Bounding” techniques that can be utilized:
1) Filters (fx. distribute lists).
2) Summarization
3) Stub routers.
How do they actually work to limit the query scope?
Well, the basic premise for EIGRP queries is the fact that you are asking your fellow EIGRP neighbour for an exact prefix, fx. 172.16.1.0/25. If for any reason you EIGRP neighbour does not have this in his topology table, it will simply respond right away that it doesn’t have a path to this prefix. Query stopped right there.
By using filters such as distribute lists you are removing the prefix from ever getting advertised to the neighbour and as such he will never receive it in his topology Continue reading
