0

Learn SDN or Go for Traditional Cisco Certs?

At Interop ’14 New York a few weeks ago, Ethan Banks collected four fellow CCIEs together for a panel discussion about whether we should be studying newer SDN technologies or pursuing the same old traditional certifications. I’ve been getting that kind of question for a while. This post summarizes a few points I took away from the other panelists at the show, with a promise to give some of my own thoughts in the post that follows.

Trade Articles

We had a pretty good spread of competing ideas from the four panelists. I couldn’t sit there and furiously write what the others were saying, for later blogging… but thankfully, there were a couple of professionals in the room! While Interop doesn’t normally post audio or video of the sessions, there have been a few trade press articles written about what was discussed the session:

• Network Computing
• Search SDN

 

Wendell’s Learnings from the Others

I came away with several ideas from the other panelists that either taught me something or made an existing opinion much stronger.

First, it seemed that there was general agreement that cloud, DevOps, and automation were the point. SDN, which was in the session title and Continue reading

0

Applying the Theory of Constraints to network transport

For those of you into expanding your experience through reading, there is a foundational reference at the core of many MBA programs. The book, Eliyahu Goldratt’s The Goal, introduces a concept call the Theory of Constraints. Put simply, the Theory of Constraints is the premise that systems will tend to be limited by a very small number of constraints (or bottlenecks). By focusing primarily on the bottlenecks, you can remove limitations and increase system throughput.

The book uses this theory to talk through management paradigms as the main character works through a manufacturing problem. But the theory actually applies to all systems, making its application useful in more scenarios than management or manufacturing.

Understanding the Theory of Constraints

Before we get into networking applications, it is worth walking through some basics about the Theory of Constraints. Imagine a simple set of subsystems strung together in a larger system. Perhaps, for example, software development requires two development teams, a QA team, and a regressions team before new code can be delivered.

If output relies on each of these subsystems, then the total output of the system as a whole is determined by the lowest-output subsystem. For instance, imagine that SW1 Continue reading

0

Learning NSX, Part 16: Routing to Multiple External VLANs

This is part 16 of the Learning NSX series, in which I will show you how to configure VMware NSX to route to multiple external VLANs. This configuration will allow you to have logical routers that could be uplinked to any of the external VLANs, providing additional flexibility for consumers of NSX logical networks.

Naturally, this post builds on all the previous entries in this series, so I encourage you to visit the Learning NVP/NSX page for links to previous posts. Because I’ll specifically be discussing NSX gateways and routing, there are some posts that are more applicable than others; specifically, I strongly recommend reviewing part 6, part 9, part 14, and part 15. Additionally, I’ll assume you’re using VMware NSX with OpenStack, so reviewing part 11 and part 12 might also be helpful.

Ready? Let’s start with a very quick review.

Review of NSX Gateway Connectivity

You may recall from part 6 that the NSX gateway appliance is the piece of VMware NSX that handles traffic into or out of logical networks. As such, the NSX gateway appliance is something of a “three-legged” appliance:

• One “leg” (network interface) provides management connectivity among the gateway appliance and Continue reading

0

Thinking Through Title II Reguation

Over at CircleID, Geoff Huston has a long’ish article on Title II regulation of the Internet, and the ideals of “net neutrality.” The reasoning is tight and strong — his conclusion a simple one: At its heart, the Internet access business really is a common carrier business. So my advice to the FCC is to […]

Author information

0

Packet Reordering and Service Providers

My “Was it bufferbloat?” blog post generated an unexpected amount of responses, most of them focusing on a side note saying “it looks like there really are service providers out there that are clueless enough to reorder packets within a TCP session”. Let’s walk through them.

Read more ...

0

Last Chance at Chassis Switch Saloon

In recent network designs, the big, hot and heavy chassis switch has become the last option for a number of reasons. Switch Performance and Capacity. Port Density In the past, the most common decision for buying a chassis has been port density. A chassis backplane provides a high speed connection for the line cards to […]

The post Last Chance at Chassis Switch Saloon appeared first on EtherealMind.

0

Don’t sign that CFAA petition

This White House petition reforming the CFAA/DMCA is foolish. Don't sign it.

The problem is that "reform" means nothing. It doesn't state exactly which reforms the petitioners want. That means politicians will deliver on what they asked, reforming the DMCA/CFAA, but in the opposite direction. The mood in Washington D.C. is one of great fear of Chinese hackers and cyberterorrists. Once you start reform, these forces will take over and drive it the other way.

In other words, the petition is like somebody on a submarine saying "the air is stuffy, let's open a window and let some fresh air in". It's best to keep that window closed rather than getting drowned.

A second problem is the declaration that "safe code" is the problem. That will encourage law-makers to solve that problem with legislation requiring manufacturers to follow rules -- without needing weaken the DCMA/CFAA. This is bad. So far rule-based security like Common Criteria and PCI certification have proven to be an enormous burden that does little to address the problem.

Lastly, there is the problem that this is a "White House" petition. The president doesn't make laws, s/he enforces them. It's appropriate to petition the White House Continue reading

0

How to Get into the Top N%

Michael Church wrote an interesting answer on Quora, describing a logarithmic scale of programming skills and (even more importantly) hints to follow to get from n00b into the top N% (for some small value of N):

• Budget 7–14 years;
• Study voraciously;
• Build things when you don’t know that you’ll succeed;
• Network to get new ideas;
• Job hop when you stop learning.

Replace “programmer” with “networking engineer” and read the whole answer ;)

0

HP SDN App Store Launches

HP’s SDN App Store has finally seen the light of day. This is intended to be a common platform for users and developers, to find and distributed real-world, practical SDN applications. Some of the launch apps include:

• Network Optimizer, for automated QoS for Lync
• Network Protector, for security & posture assessment
• LoadMaster – Load balancing

It’s interesting to look at the price points for applications. They are certainly not $0.99 apps, but they are still cheaper than typical ‘Enterprise’ software. I think it will take us a while to figure out what the right level of ‘value’ is.

HP has done well to put together a platform that developers can use to distribute SDN applications. It’s not an easy task to put together all of the back-end work required for something like this. It’s not simply hosting a website, it’s figuring out all the legal & financial implications, the support mechanisms, etc. There’s a lot of non-technical effort that goes into this.

The only challenge is that currently it is for SDN apps that use the HP VAN SDN Controller, which will limit the size of the market. I’m hoping that in future it will work with OpenDaylight. That will expand Continue reading

0

Big Problems Often Require Big Solutions

You can ignore big problems but they need big solutions to remove them from the agenda.

The post Big Problems Often Require Big Solutions appeared first on EtherealMind.

0

PQ Show 34 – Cloudflare Keyless SSL

A couple of weeks ago, Cloudflare announced a new solution that allows DDOS Protection, Caching and application firewalls of SSL encrypted traffic without handing over the private key. This is a significant breakthrough for companies. Many companies have strong controls over private keys that prevent external sharing. More often the simple cost of key ceremonies is punitive to the business.

Author information

The post PQ Show 34 – Cloudflare Keyless SSL appeared first on Packet Pushers Podcast and was written by Greg Ferro.

0

Super NORMAL

KennyK/Shutterstock

HP proposes hybrid OpenFlow discussion at Open Daylight design forum describes some of the benefits of integrated hybrid OpenFlow and the reasons why the OpenDaylight community would be a good venue for addressing operational and multi-vendor interoperability issues relating to hybrid OpenFlow.

HP's slide presentation from the design forum, OpenFlow-hybrid Mode, gives an overview of hybrid mode OpenFlow and its benefits. The advantage of hybrid mode in leveraging the proven scaleability and operational robustness of existing distributed control mechanisms and complementing them with centralized SDN control is compelling and a number of vendors have released support, including: Alcatel Lucent Enterprise, Brocade, Extreme, Hewlett-Packard, Mellanox, and Pica8. HP's presentation goes on to propose enhancements to the OpenDaylight controller to support hybrid OpenFlow agents.

InMon recently built a hybrid OpenFlow controller and, based on our experiences, this article will discuss how integrated hybrid mode is currently implemented on the switches, examine operational issues, and propose an agent profile for hybrid OpenFlow designed to reduce operational complexity, particularly when addressing traffic engineering use cases such as DDoS mitigation, large flow marking and large flow steering on ECMP/LAG networks.

Mechanisms for Optimizing LAG/ECMP Component Link Utilization in Networks is an IETF Continue reading

0

NANOG 62

NANOG 62 was held at Baltimore from the 6th to the 9th October. These are my observations on some of the presentations that occurred at this meeting.

0

Privacy and Security – Five Objectives

It has been a very busy period in the domain of computer security. What with "shellshock", "heartbleed" and NTP monlink adding to the background of open DNS resolvers, port 445 viral nasties, SYN attacks and other forms of vulnerability exploits, it's getting very hard to see the forest for the trees. We are spending large amounts of resources in reacting to various vulnerabilities and attempting to mitigate individual network attacks, but are we making overall progress? What activities would constitute "progress" anyway?

0

CloudFlare Publishes Semiannual Transparency Report:

Painting by Rene Margritte

Today CloudFlare is publishing its third Transparency Report covering the first half of 2014. This report covers government information requests from January 1, 2013 to June 30, 2014, and updates our two existing transparency reports: partial January 2013 Transparency Report and complete 2013 Transparency Report.

CloudFlare’s Transparency Reports shows how many subpoenas, court orders, search warrants, pen register/trap and trace (PRTT) orders, and national security orders CloudFlare received during the reporting period. In this current Transparency Report, we have also added a separate category for wiretap orders CloudFlare received. CloudFlare’s Transparency Reports also shows how many domains and accounts were affected by our response to those requests during the reporting period. CloudFlare’s Transparency Reports do not include non-governmental requests.

We will continue to update this report on a semiannual basis at Transparency Report.

Special thanks to our legal intern, Murtaza Sajjad, for helping to compile this report.

0

PlexxiPulse—Mark Your Calendar: DemoFriday is 10/24

Plexxi is teaming up with SDNCentral to host DemoFriday on October 24 at 10 a.m. PST. Tune in to hear our own Ed Henry and Nils Stewart demonstrate how to build scalable and manageable Big Data fabrics that easily integrate with systems such as OpenStack and Cloudera. You can register to attend here.

In this week’s PlexxiTube of the week, Dan Backman explains how Plexxi’s Big Data fabric solution is applicable beyond Big Data.

SDN: Unshackling the Network Application Environment

Art Cole claims that SDN will enable the development of a robust ecosystem of network applications in a recent article for Enterprise Networking Planet. As we look at applications, it is worth making the distinction between network apps (things that run on the network) and business apps (apps the network enables). The real value in SDN will permit the business apps to influence the network (whether that is automated or not is an interesting side conversation). To bring this to life there has to be a focus on policy abstraction. This is why Congress (part of OpenStack) and OpenDaylight are potentially powerful. If we can agree on policy abstraction, then the applications can interact with the network and Continue reading

0

Ansible and using Automation to Assert IT Compliance

Like “orchestration”, compliance is a frequently overloaded phrase in IT -- it means very different things to different people. Ansible is frequently used in all sorts of compliance use cases, which we’ll expand on below.

Compliance can mean checking to see if a system has “drifted” from a known state, pushing a system back into line from a different state, or making it conform with a very specific set of (often security related) standards.

Too Fast, Too Furious

Continue reading

0

Poster: Life Dashboard

I wish my life was like this dashboard where I could turn all the knobs to ten but I can't.

The post Poster: Life Dashboard appeared first on EtherealMind.

0

IPv6 High Availability Strategies on NIL TV

I had a shorter version of my IPv6 High Availability talk @ Slovenian IPv6 summit this spring. The video is online, but wouldn’t be of much use to anyone but both Slovenian readers of this blog.

The English version of that same talk is now available on NIL TV (or you could decide to go for the full webinar or whole IPv6 track).

0

EVPN: Intro to next gen L2VPN

Introduction: With the ascent of DCI, a new set of requirements emerged which are not fully addressed by current L2VPN technologies like VPLS. There are three major options in deploying VPLS LDP based VPLS (RFC 4762) LDP based VPLS with BGP Auto discovery BGP based VPLS (RFC 4761) Each option has its pros and cons. […]

Author information

The post EVPN: Intro to next gen L2VPN appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.