Migrating from WordPress to Pelican on PaaS – Part 3

The final installment in this three part series. This covers installing Dokku and publishing your pelican blog to you new Docker-powere mini-Heroku.

Part 3: Publishing to PaaS with Dokku

The Plan

If you haven't read Part 1 or Part 2 yet, this should give you some background as to what I'm doing, why I'm doing it and how I built it. In this installment I'll focuse on the publishing side of things.

Hosting

My former blog was hosted on a Linode 1024 VPS, which had a healthy 1GB RAM. I've been very happy with Linode and would recommend them to anybody who needs hosting, but for the convenience of having prebuild Ubuntu images with Dokku installed, I opted to host my blog with DigitalOcean. They have a full tutorial on their website that makes this very easy to set up.

One of the big benefits of using a static site generator is that the memory requirement is a lot less than Apache+PHP or Nginx+PHP. I'm hosting my site now on a $5/month VM from DigitalOcean which is a $15/month saving on my Wordpress site.

Before publishing...

Once you have your Dokku installation set up, you can push your application to Continue reading

JunOS and ARP Glean

I'm using Cisco vocabulary 'glean' here as I don't know better word for it. Glean is any IPv4 packet which is going to connected host which is not resolved. It is NOT an ARP packet, so ARP policers won't help you. They are punted, since you need to generate ARP packet and try to resolve them.

In 7600 we can use 'mls rate-limit unicast cef glean 200 50' to limit how many packets per second are punted to control-plane for glean purposes. How can we limit this in JunOS? As far as I can see, there is no way. But I remember testing this attack and was unable to break MX80, so why didn't it break?

First let's check what does connected network look like

[email protected]> show route forwarding-table destination 62.236.255.179/32 table default Routing table: default.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 62.236.255.0/24 intf 0 rslv 828 1 xe-0/0/0.42

Ok, fair enough. Type 'rslv', which we can guess means packet is punted to control-plane for resolving ARP. Let's try to ping some address rapidly which does not resolve and check what it looks like

[email protected]> show Continue reading

Comware: Port Link-mode Bridge vs Port Link-mode Route

Some HP L3 Switches Comware based, brings the concept of “switchports” as Bridge and Route mode.

The Bridge mode (port link-mode bridge) works the same way that any other access Switches.

When using Route mode (port link-mode route) the port is converted into a layer 3 interface, which need an IP address.  All STP messages will be ignored.

Example

#
interface GigabitEthernet4/0/1
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet4/0/2
port link-mode bridge
port link-type access
port access vlan 2
#

Regards

Secret CEF Attributes, Part 4

In Parts 1, Part 2 and Part 3 we saw we can use the CEF table to express all sorts of different QoS policies. In Part 4 we describe how to attach a policy to the packet that will follow it around the network. Like many policies (security, shaping, etc.) it’s best to classify the […]

Author information

Dan Massameno

Dan Massameno is the president and Chief Engineer at Leaf Point, a network engineering firm in Connecticut.

The post Secret CEF Attributes, Part 4 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

Healthy Paranoia Show 22: The Three Ring Circus of Net Neutrality

Ladies and gentleman, unicorns of all ages, get ready for the greatest podcast on earth, Healthy Paranoia. Where the email is always encrypted and the firewalls are ever stateful. On this episode, we’ll be discussing Net Neutrality. Joining us is Sherry Lichtenberg, Principal for Telecommunications at the National Regulatory Research Institute; Andrew Gallo, network architect […]

Author information

Mrs. Y

Snarkitecht at Island of Misfit Toys

Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.

The post Healthy Paranoia Show 22: The Three Ring Circus of Net Neutrality appeared first on Packet Pushers Podcast and was written by Mrs. Y.

ONS2014 Announces Finalists for SDN Idol 2014

Today the Open Networking Summit announced the five finalists for the SDN Idol 2014 competition:
Real-time SDN Analytics for DDoS mitigation is an example of a performance aware SDN controller that combines sFlow and OpenFlow for the visibility and control needed to build self optimizing networks that automatically adapt to changing traffic conditions. A number of other use cases were outlined by Brocade at the recent OpenDaylight Summit - see Flow-aware Real-time SDN Analytics (FRSA)

There are interesting links with other finalists:
  • OpenDaylight Hydrogen The Brocade is a Platinum member of the OpenDaylight project, and the Brocade/InMon DDoS mitigation solution employs OpenDaylight Hydrogen as an OpenFlow controller. Like Brocade, many of the OpenDaylight project members also support sFlow in their networking equipment, including: Brocade, Cisco, IBM, Juniper, NEC, A10 Networks, Arista, Dell, HP, Huawei, Intel, and ZTE. One might expect to see other vendors start to build traffic aware solutions on OpenDaylight in the coming months.
  • HP SDN App Store and Open SDN Continue reading

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

  • Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
  • Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

  • Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
  • Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear. The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms. The response to this piece was phenomenal with many people asking for more details on the how.

The choice is clear. To obtain a more agile IT infrastructure you can either:

  • Rip out every Cisco UCS fabric interconnect and Nexus switch hardware you’ve purchased and installed, then proceed to repurchase and re-install it all over again (ASIC Tax).
  • Add virtualization software that works on your existing Cisco UCS fabric interconnects and Nexus switches, or any other infrastructure.

To help you execute on choice #2, we decided to write a design guide that provides more technical details on how you would deploy VMware NSX for vSphere with Cisco UCS and Nexus 7000. In this guide we provide some basic hardware and software requirements and a design starting point. Then we walk you through how to prepare your infrastructure for NSX, how to design your host networking and bandwidth, how traffic flows, and Continue reading

New design guide: VMware NSX with Cisco UCS and Nexus 7000

Back in September 2013 I wrote a piece on why you would deploy VMware NSX with your Cisco UCS and Nexus gear.  The gist being that NSX adds business agility, a rich set of virtual network services, and orders of magnitude better performance and scale to these existing platforms.  The response to this piece was phenomenal […]

JunOS ‘L3 incompletes’, what and why?

There is quite often chatter about L3 incompletes, and it seems there are lot of opinions what they are. Maybe some of these opinions are based on some particular counter bug in some release. Juniper has introduced also toggle to allow stopping the counter from working. It seems very silly to use this toggle, as it is really one of the few ways you can gather information about broken packets via SNMP.

What they (at least) are not

  • Unknown unicast
  • CDP
  • BPDU
  • Packet from connected host which does not ARP
  • Packet from unconfigured VLAN

What they (at least) are

  • IP header checksum error
  • IP header error (impossibly small IHL, IP version 3, etc)
  • IP header size does not match packet size

Troubleshooting

So if you are seeing them, what can you do? As it is aggregate counter for many different issues, how do you actually know which one is it and is there way to figure out who is sending them? Luckily for Trio based platforms answers and highly encouraging, we have very good tools to troubleshoot the issue.

To figure out what they exactly are, first you need to figure out your internal IFD index (not snmp ifindex)

im@ruuter> Continue reading

Coffee Break – Show 3

Mike Fratto joins us this week to talk about the news of the week on IPv4, Broadband Performance, Net Neutrality, IBM, SDN and more.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break – Show 3 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Configuration Backups for F5

As an administrator of network devices, keeping full backups is important for being able to recover from hardware failure. With F5 devices, backups come in the form of UCS files which is an archive that contains all configurations and SSL certificates. With a UCS file, you can take a replacement device, upload a UCS file […]

Author information

Eric Flores

Eric Flores

Eric is a senior network engineer for a major real estate company. He has seven years in the field and has a passion for anything related to technology. Find him on Twitter @nerdoftech.

The post Configuration Backups for F5 appeared first on Packet Pushers Podcast and was written by Eric Flores.

Dell, Cumulus, Open Source, Open Standards, and Unified Management


On Thursday, at Network Field Day 7, Arpit Joshipura described Dell's networking strategy. He started by polling the delegates to see which topics were most on their mind.
The first topic raised by many of the delegates was the recently announced Dell/Cumulus partnership (listed as Open NW on the white board), see Dell Unlocks New Era for Open Networking, Decouples Hardware and Software. Next on the list was an interest in Dell's Open Source networking strategy, understanding Dell's Differentiation strategy, and plans for L3.
Dell's open networking strategy is described at time marker 14:55 in the video. Dell was one of the first vendors to move to merchant silicon, now they are opening up the switch platform, allowing customers to choose from standard merchant silicon based switch platforms (Broadcom, Intel) and switch software (currently FTOS / Cumulus).

Arpit suggests that customers will choose Cumulus Linux as the operating system for the layer 3 features and because they can use the same expertise and tools (Puppet, Chef etc.) to manage Linux servers and the switches connecting them. He also suggested that customers would choose FTOS for legacy networks and layer 2 features. Support for the Open Networking Install Environment Continue reading

Comware: Clearing an Interface Configuration

HP released the “default” command on interface-view in the latest version of Comware in order to restore to default configuration of an interface.

This command is useful when you want to clear an interface configuration and reuse the interface for some other task. Normally you would need to issue the “undo” command for each line.

Following below the configuration (the command was tested on HP 7500 Switches Release 6626P02)

 

[HP-GigabitEthernet1/0/1] display this
! checking interface configuration before clean up
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
return

[HP-GigabitEthernet1/0/1]default
This command will restore the default settings. Continue? [Y/N]:y
! Setup default command on interface
!
[HP-GigabitEthernet1/0/1]display this
#
interface GigabitEthernet1/0/1
port link-mode bridge
#

See you soon :)

Changing Data Center Workloads

Networking-wise, I’ve spent my career in the data center. I’m pursuing the CCIE Data Center. I study virtualization, storage, and DC networking. Right now, the landscape in the network is constantly changing, as it has been for the past 15 years. However, with SDN, merchant silicon, overlay networks, and more, the rate of change in a data center network seems to be accelerating.

speed

Things are changing fast in data center networking. You get the picture

Whenever you have a high rate of change, you’ll end up with a lot of questions such as:

  • Where does this leave the current equipment I’ve got now?
  • Would SDN solve any of the issues I’m having?
  • What the hell is SDN, anyway?
  • I’m buying vendor X, should I look into vendor Y?
  • What features should I be looking for in a data center networking device?

I’m not actually going to answer any of these questions in this article. I am, however, going to profile some of the common workloads that you find in data centers currently. Your data center may have one, a few, or all of these workloads. It may not have any of them. Your data center may have one of the Continue reading