HP SDN App Store Launches

HP’s SDN App Store has finally seen the light of day. This is intended to be a common platform for users and developers, to find and distributed real-world, practical SDN applications. Some of the launch apps include:

It’s interesting to look at the price points for applications. They are certainly not $0.99 apps, but they are still cheaper than typical ‘Enterprise’ software. I think it will take us a while to figure out what the right level of ‘value’ is.

HP has done well to put together a platform that developers can use to distribute SDN applications. It’s not an easy task to put together all of the back-end work required for something like this. It’s not simply hosting a website, it’s figuring out all the legal & financial implications, the support mechanisms, etc. There’s a lot of non-technical effort that goes into this.

The only challenge is that currently it is for SDN apps that use the HP VAN SDN Controller, which will limit the size of the market. I’m hoping that in future it will work with OpenDaylight. That will expand Continue reading

PQ Show 34 – Cloudflare Keyless SSL

A couple of weeks ago, Cloudflare announced a new solution that allows DDOS Protection, Caching and application firewalls of SSL encrypted traffic without handing over the private key. This is a significant breakthrough for companies. Many companies have strong controls over private keys that prevent external sharing. More often the simple cost of key ceremonies is punitive to the business.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post PQ Show 34 – Cloudflare Keyless SSL appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Super NORMAL

KennyK/Shutterstock
HP proposes hybrid OpenFlow discussion at Open Daylight design forum describes some of the benefits of integrated hybrid OpenFlow and the reasons why the OpenDaylight community would be a good venue for addressing operational and multi-vendor interoperability issues relating to hybrid OpenFlow.

HP's slide presentation from the design forum, OpenFlow-hybrid Mode, gives an overview of hybrid mode OpenFlow and its benefits. The advantage of hybrid mode in leveraging the proven scaleability and operational robustness of existing distributed control mechanisms and complementing them with centralized SDN control is compelling and a number of vendors have released support, including: Alcatel Lucent Enterprise, Brocade, Extreme, Hewlett-Packard, Mellanox, and Pica8. HP's presentation goes on to propose enhancements to the OpenDaylight controller to support hybrid OpenFlow agents.

InMon recently built a hybrid OpenFlow controller and, based on our experiences, this article will discuss how integrated hybrid mode is currently implemented on the switches, examine operational issues, and propose an agent profile for hybrid OpenFlow designed to reduce operational complexity, particularly when addressing traffic engineering use cases such as DDoS mitigation, large flow marking and large flow steering on ECMP/LAG networks.

Mechanisms for Optimizing LAG/ECMP Component Link Utilization in Networks is an IETF Continue reading

NANOG 62

NANOG 62 was held at Baltimore from the 6th to the 9th October. These are my observations on some of the presentations that occurred at this meeting.

Privacy and Security – Five Objectives

It has been a very busy period in the domain of computer security. What with "shellshock", "heartbleed" and NTP monlink adding to the background of open DNS resolvers, port 445 viral nasties, SYN attacks and other forms of vulnerability exploits, it's getting very hard to see the forest for the trees. We are spending large amounts of resources in reacting to various vulnerabilities and attempting to mitigate individual network attacks, but are we making overall progress? What activities would constitute "progress" anyway?

CloudFlare Publishes Semiannual Transparency Report:

Painting by Rene Margritte

Today CloudFlare is publishing its third Transparency Report covering the first half of 2014. This report covers government information requests from January 1, 2013 to June 30, 2014, and updates our two existing transparency reports: partial January 2013 Transparency Report and complete 2013 Transparency Report.

CloudFlare’s Transparency Reports shows how many subpoenas, court orders, search warrants, pen register/trap and trace (PRTT) orders, and national security orders CloudFlare received during the reporting period. In this current Transparency Report, we have also added a separate category for wiretap orders CloudFlare received. CloudFlare’s Transparency Reports also shows how many domains and accounts were affected by our response to those requests during the reporting period. CloudFlare’s Transparency Reports do not include non-governmental requests.

We will continue to update this report on a semiannual basis at Transparency Report.

Special thanks to our legal intern, Murtaza Sajjad, for helping to compile this report.

PlexxiPulse—Mark Your Calendar: DemoFriday is 10/24

Plexxi is teaming up with SDNCentral to host DemoFriday on October 24 at 10 a.m. PST. Tune in to hear our own Ed Henry and Nils Stewart demonstrate how to build scalable and manageable Big Data fabrics that easily integrate with systems such as OpenStack and Cloudera. You can register to attend here.

In this week’s PlexxiTube of the week, Dan Backman explains how Plexxi’s Big Data fabric solution is applicable beyond Big Data.

SDN: Unshackling the Network Application Environment

Art Cole claims that SDN will enable the development of a robust ecosystem of network applications in a recent article for Enterprise Networking Planet. As we look at applications, it is worth making the distinction between network apps (things that run on the network) and business apps (apps the network enables). The real value in SDN will permit the business apps to influence the network (whether that is automated or not is an interesting side conversation). To bring this to life there has to be a focus on policy abstraction. This is why Congress (part of OpenStack) and OpenDaylight are potentially powerful. If we can agree on policy abstraction, then the applications can interact with the network and Continue reading

Ansible and using Automation to Assert IT Compliance

Like “orchestration”, compliance is a frequently overloaded phrase in IT -- it means very different things to different people. Ansible is frequently used in all sorts of compliance use cases, which we’ll expand on below.

Compliance can mean checking to see if a system has “drifted” from a known state, pushing a system back into line from a different state, or making it conform with a very specific set of (often security related) standards.

Too Fast, Too Furious

Continue reading

EVPN: Intro to next gen L2VPN

Introduction: With the ascent of DCI, a new set of requirements emerged which are not fully addressed by current L2VPN technologies like VPLS. There are three major options in deploying VPLS LDP based VPLS (RFC 4762) LDP based VPLS with BGP Auto discovery BGP based VPLS (RFC 4761) Each option has its pros and cons. […]

Author information

Diptanshu Singh

Diptanshu Singh

Diptanshu Singh,(3xCCIE,CCDE) is a Sr. Engineer mostly focused on service providers , data center and security. He is a network enthusiast passionate about network technologies so not only is it his profession, but something of a hobby as well.
LinkedIn

The post EVPN: Intro to next gen L2VPN appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

U-NII Unlicensed Spectrum Inventory in 5 GHz Bands

Given the recent FCC Report & Order on U-NII (Unlicensed National Information Infrastructure) rule changes in March/April of 2014, I thought it would be helpful to recap the new regulations in the United States regarding the 5 GHz unlicensed spectrum bands. I've put together the following table for quick reference:
U-NII Unlicensed Spectrum in 5 GHz
(Click to Download PDF)

Additionally, here is a graphic of the 5 GHz U-NII bands, both current and proposed, from the NTIA report made in January 2013 (note - this graphic does NOT reflect the change with regards to the extension of U-NII 3 up to 5.850 GHz).

NTIA Graphic of U-NII Unlicensed Spectrum in 5 GHz

Cheers,
Andrew von Nagy

Opening up VXLAN with OpenStack

VXLAN is hot. We constantly hear about VXLAN at conferences, in product announcements, blog posts, and most importantly, we hear about it from our customers.

VXLAN exciting technology that’s been integrated into a number of product offerings from networking and cloud vendors. OpenStack® supports VXLAN via a set of Neutron plugins, and Metacloud OpenStack® has supported VXLAN for a few releases already.

One of the challenges with deploying and scaling VXLAN has been the MAC-to-VTEP learning and BUM (Broadcast, Unknown Unicast, Multicast) packet flooding. The VXLAN spec uses a simple multicast solution to solve this problem. Multicast has its own set of scaling challenges, and reliable multicast routing between network segments isn’t always available. The majority of vendors who have VXLAN support have attempted to solve this problem by implementing their own form of learning and flooding. Some of these solutions work well, but all of them require you to operate in a homogenous network environment or pay expensive per CPU or per VM licensing fees.

Until today…

Metacloud, in partnership with our friends at Cumulus Networks®, have been working together on a solution to these problems for the past year. Starting today, VXFLD is open source and freely Continue reading

EIGRP OTP example

In this post id like to provide an example of a fairly new development to EIGRP which is called EIGRP Over The Top (OTP).

In all its simplicity it establish an EIGRP multihop adjacency using LISP as the encapsulation method for transport through the WAN network.

One of the applications of this would be to avoid relying on the SP in an MPLS L3 VPN. You could simply use the L3 VPN for transport between the interfaces directly connected to the Service Provider and run your own adjacency directly between your CPE routers (without the use of a GRE tunnel, which would be another method to do it)

The topology used for this example consists of 4 routers. All 4 of the routers are using OSPF to provide connectivity (you could take this example and do a L3 VPN using MPLS as an exercise). Im simply taking the lazy path and doing it this way :)

EIGRP-OTP-Topology

EIGRP-OTP-Topology

R1 and R4 are running EIGRP in a named process “test”. This process is in Autonomous system 100 and the Loopback 0 interfaces are advertised into the V4 address-family.

Lets verify that we have connectivity between R1’s g1.102 interface and R4’s g1.304 Continue reading

Case Study: Hootsuite

hootsuite-ansible

Hootsuite, the excellent social media management platform used by over 75% of the Fortune 500, is a big fan of Ansible and uses it for app deployment. Beier Cai, the Director of Technology at Hootsuite was kind enough to speak to us about how Hootsuite uses Asnible to overcome their business challenges.

“Our infrastructure is not scripted, repeatable or immutable. Rebuilding a server relies on limited documentation and mostly memory. Lack of repeatability makes automating our infrastructure and application deployment difficult. 


Read the full case study amd learn how Ansible solves their problems here.

Read more about Ansible and App Deployment.

1 3,684 3,685 3,686 3,687 3,688 3,832