Microloop!

Don’t look now, but you have microloops. How do I know? Because virtually every network with rings larger than three hops, running a link state protocol, will develop a microloop during normal convergence. Okay, so what’s a microloop, and how dangerous is it? Let’s figure this out looking at the (now rather standard) five router […]

Author information

Russ White

Russ White
Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

The Journey Starts 2014 – CCIE Security – Blog Post1

Well it is time to buckle down and make it happen in 2014. The goal is to become a dual CCIE by the end of 2014. I have previously passed the CCIE Sec written in version 3 but I did not have the time to actually sit for the lab and I also wanted to refresh to the latest version of the track. That said I am taking a small step back to refresh and reinforce the theory. The plan is to go through the NP Security track while labbing but also taking the respective NP exam followed by the written and then ultimately sit for the lab.

Here is the order as it stands today:
  • 642-627 IPS - Implementing Cisco Intrusion Prevention System 
  • 642-618 FIREWALL - Deploying Cisco ASA Firewall Solutions 
  • 642-648 VPN - Deploying Cisco ASA VPN Solutions 
  • 642-637 SECURE - Securing Networks with Cisco Routers and Switches
  • ISE and WSA 
  • CCIE Written 
  • CCIE Lab
The primary partner that I am leveraging is CiscoPress and Cisco Docs for the theory and iPexpert for all the heavy labbing. 

The great thing about this journey is that I already eat, sleep, and breath Cisco .:|:.:|:.

Twitter: FE80CC1E

Physical switch hybrid OpenFlow example

Alcatel-Lucent OmniSwitch analytics driven control provided an example with a physical switch, using the Web Services API to send CLI controls to the switch as HTTP requests, the following screen shot shows the results:
Figure 1: Controller using HTTP / REST API
Integrated hybrid OpenFlow describes how the combination of normal forwarding combined with OpenFlow for control of large flows provides a scaleable and practical solution for traffic engineering. The article used the Mininet testbed to develop a DDoS mitigation controller consisting of the sFlow-RT real-time analytics engine to detect large flows and the Floodlight OpenFlow controller to push control rules to the software virtual switch in the testbed.
Figure 2: Performance aware software defined networking
The OmniSwitch supports hybrid mode OpenFlow and this article will evaluate the performance of a physical switch hybrid OpenFlow solution using the OmniSwitch. The following results were obtained when repeating the DDoS attack test using Floodlight and OpenFlow as the control mechanism:
Figure 3: OmniSwitch controller using hybrid OpenFlow
Figure 3 shows that implementing traffic controls using OpenFlow is considerably faster than those obtained using the HTTP API shown in Figure 1, cutting the time to implement controls from seconds to milliseconds.
Figure Continue reading

DEW: MPLS/Tunneling Design in Dubai!

Update: I received lots of request to reduce the fee. After considering it, I decided to create "DEW - No Frills". The fee is now 30% lower but please don't expect fancy hotel meeting room, no lunch included, no coffee break, no print out, no notebook or other gift to attendees. It will be only geeks in a room discussing network design.

After the first Design Expert Weekend in Riyadh focusing on IPv4/IPv6 Routing Design, the second DEW will be held in Dubai, UAE, for MPLS/Tunneling Design.


What:
Design Expert Weekend in Dubai on 24-25 January will focus on MPLS/Tunneling Design. Agenda will cover:

- MPLS Refresh
- MPLS L3VPN Design
- MPLS L2VPN Design
- MPLS VPN Inter-AS
- MPLS Traffic Engineering
- MPLS VPN Resiliency
- IPv6 over MPLS
- Other non-MPLS Tunneling: GRE, L2TPv3, IPSec, DMVPN, IPv6 Tunneling
- CCDE exam tips and tricks
- CCDE sample questions and scenario to practice ability to analyze design requirements, develop network designs, implement network design, validate and optimize network design

The other two DEW are held in separate session:
DEW:Routing Design (IGP IPv4/IPv6, BGP, scaling, inter-AS, HA, and include PIM, ASM, SSM Multicast)
DEW:SP Design (Physical, L2, IGP/BGP/MPLS/PIM Continue reading

New Opportunity at Red Hat

Exciting times are upon us. I have humbly accepted a job at Red Hat on the Open Daylight dev team working with some incredible people at Red Hat and just as special folks in the community. I just wanted to pop up a brief post letting my friends in the community know where I am heading. I will miss my ...

...

Alcatel-Lucent OmniSwitch analytics driven control

There are a many articles on this blog that demonstrate how real-time sFlow analytics driven control of switches using a Mininet testbed. This article is the first of a series that will shift the focus to physical switches and demonstrate different techniques for adapting network behavior to changing traffic.
Performance Aware SDN describes the theory behind analytics driven orchestration. The talk describes how fast controller response, programmatic configuration interfaces and consistent instrumentation of all the elements being orchestrated are pre-requisites for feedback control.
This article uses an Alcatel-Lucent OmniSwitch 6900 as an example. The switch has hardware sFlow support for line rate visibility on all ports, and support for OpenFlow and a RESTful configuration API to deploy control actions. In this example a basic DDoS mitigation filtering function will be triggered when large flood attacks are detected. The script is based on the version described in the article Integrated hybrid OpenFlow, but modified to use the OmniSwitch RESTful API.
RESTful control of switches describes how RESTFul configuration access to switches can be used to develop simple, controller-less SDN solutions. In this example the controller application is implemented using JavaScript that runs within the sFlow-RT analytics engine. The script has Continue reading

The Illusion of Lock-In Avoidance

Over the past few months I’ve heard a lot about vendor lock-in, specifically with respect to new SDN/Network Virtualization products that have come out last year. It appears that no matter what product you look at, there’s some major factor that will cause you to be severely locked in to that vendor until the end of time. Unless, of course, you’re a proponent of that vendor, in which case, that vendor is NOT locking you in, but that other guy totally is.

The Illusion of Lock-In Avoidance

Over the past few months I’ve heard a lot about vendor lock-in, specifically with respect to new SDN/Network Virtualization products that have come out last year. It appears that no matter what product you look at, there’s some major factor that will cause you to be severely locked in to that vendor until the end of time. Unless, of course, you’re a proponent of that vendor, in which case, that vendor is NOT locking you in, but that other guy totally is.

Secret CEF Attributes, Part 1

Welcome to the first in a series of articles that will explore some of the interesting properties we can insert into CEF, Cisco’s implementation of the Forwarding Information Base (FIB) in Layer-3 rotuers. CEF represents the high-speed forwarding architecture in the Cisco platforms. If we can insert data into the CEF memory structure we can […]

Author information

Dan Massameno

Dan Massameno is the president and Chief Engineer at Leaf Point, a network engineering firm in Connecticut.

The post Secret CEF Attributes, Part 1 appeared first on Packet Pushers Podcast and was written by Dan Massameno.

Configuring Alcatel-Lucent switches

The following configuration enables sFlow monitoring of all interfaces on an Alcatel-Lucent OmniSwitch switch (10.0.0.235), sampling packets at 1-in-512, polling counters every 30 seconds and sending the sFlow to an analyzer (10.0.0.1) on UDP port 6343 (the default sFlow port): 
sflow agent ip 10.0.0.235
sflow receiver 1 name InMon address 10.0.0.1 udp-port 6343
sflow sampler 1 port 1/1-20 receiver 1 rate 512
sflow poller 1 port 1/1-20 receiver 1 interval 30
The switches also support the sFlow MIB for configuration.

See Trying out sFlow for suggestions on getting started with sFlow monitoring and reporting.

Using Bro DNS Logging for Network Management

I was recently asked if someone in our desktop support group could get alerted when certain laptops connected to the corporate network. We have a lot of employees who work at industrial locations and rarely connect their machines to our internal networks, so the support group likes to take those rare opportunities to do management tasks that aren't otherwise automated.

The two mechanisms that came to mind for alerting on these events are DHCP address assignment, and DNS autoregistration. While we do send DHCP logs to a central archive, the process of alerting on a frequently changing list of hostnames would be somewhat cumbersome. I have been looking for ways to use Bro for network management tasks, so this seemed like a natural use case.

We already had Bro instances monitoring DNS traffic for two of our central DNS servers. I don't fully understand how Windows DNS autoregistration works, but from looking at the Bro logs, it appears that the DHCP server sends a DNS SOA query to the central DNS servers containing the hostname of the device to which it assigns a lease.

I wanted to learn how to use the input framework in Bro 2.2, so I Continue reading

Network Topologies

Resiliency of the networks is almost the most important design criterion which needs to be considered. Packets need to be reached to destination within the time expected by the application. Although too much redundancy will affect MTBF/MTTR curve directly and start to increase MTTR of the entire system, carefully designed network topologies will play a […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Network Topologies appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

IP/FRR and Centralized Control Planes

I’ve been spending some time in the last few months talking through various fast reroute systems – we’ve looked at one (unconventional!) view of P/Q space, an alternate way of explaining MRT, Not-Via, LFAs, and a few others. Now, let’s close this series by asking: How does all this relate to the “new wave’ of […]

Author information

Russ White

Russ White
Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the Continue reading

Please Check Your Feed URLs – FeedBurner Is Dead To Us

We here at Packet Pushers used to use FeedBurner. It was a value-added RSS service that was eventually brought under Google’s mighty power. Sadly, as with Buzz and Wave, Google has killed FeedBurner. While the FeedBurner service is still limping along, we’re seeing unpredictable results. Even the 301 redirects Greg programmed a while back are […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Please Check Your Feed URLs – FeedBurner Is Dead To Us appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Packet Design Appoints Daniel Ley as SVP, Sales

Expands Management Team with New Executive Role Focused on Customer Success

AUSTIN, Texas — Jan. 7, 2014 — Packet Design, a provider of IP network route analytics software, has hired technology veteran Daniel Ley to lead global sales. Ley joins Packet Design from CA Technologies, where he led the North American Solution Sales team for the capacity management and Nimsoft Monitor products. 

Previously, Ley served as vice president of worldwide sales at Hyperformix, and as director of sales for NetQoS, where he led teams in the North America, Asia Pacific and emerging markets. CA Technologies acquired both companies. Prior to NetQoS, he held various sales and sales management roles at Ward Davis, a networking products and services company. Ley began his career in avionics engineering and engineering management with Hughes Aircraft Company. 

“Daniel Ley is a proven leader who excels in building high-performance sales teams,” said Scott Sherwood, CEO of Packet Design. “His strong technical background helps him understand the customer domain extremely well, and his focus on sales operations best practices leads to predictable revenue and growth.” 

“Packet Design is planning for impressive new customer acquisition and revenue growth, and I look forward to leading this Continue reading

Libvirt – Intro and Basic Configuration

I’ve been hearing a lot about libvirt, so I figured I’d check it out, and see if I could play around with it in my own home lab. According to the wiki, libvirt is a ”collection of software that provides a convenient way to manage virtual machines and other virtualization functionality, such as storage and network interface management.” Okay that’s pretty cool - basically if I have a multi-hypervisor environment, I can build my operational policies around libvirt, so that no matter what hypervisor a workload is being instantiated on, the process is the same.

Libvirt – Intro and Basic Configuration

I’ve been hearing a lot about libvirt, so I figured I’d check it out, and see if I could play around with it in my own home lab. According to the wiki, libvirt is a ”collection of software that provides a convenient way to manage virtual machines and other virtualization functionality, such as storage and network interface management.” Okay that’s pretty cool - basically if I have a multi-hypervisor environment, I can build my operational policies around libvirt, so that no matter what hypervisor a workload is being instantiated on, the process is the same.
1 3,683 3,684 3,685 3,686 3,687 3,760