OpFlex – is the abstraction in the right place?

It's been a few weeks since Cisco announced OpFlex and I've just finished gathering my thoughts...

What is OpFlex

It's a protocol for delivering policy to endpoints. Policy is declarative, based on promise theory and can therefore scale well vs. imperative models (like OpenFlow)

What does this all mean

Kyle Mestery assures us that OpFlex is not an OpenFlow killer and while I agree, I'm starting to have my doubts. Vendors have been dragging their heels when it comes to implementing OpenFlow due to its pipeline and table structures not being a good fit to current hardware. OpFlex offers them a way out as they no longer need to care "how" something is implemented, just that the "promise" is kept (read: policy is enforced).

I can see Cisco deploying OpFlex across their entire portfolio and declaring victory - we've got SDN. Who cares about OpenFlow? This begs the question of whether OpFlex is just a move from Cisco to protect it's core business?

Why I care about OpenFlow and you should too

The future of networking is "Open"

The key benefit to using OpenFlow is disaggregation. It's beneficial to everybody for the proprietary stack to be broken down to allow Continue reading

AirPcap

Wireless traffic packet capture is not easy as wired traffic. Linux and OSX have several solutions but if you’re stuck with Windows the first problem is to find a compatible adapter. My choice is AirPcap, fully compatible with Wireshark and
Read more ›

RIP Net Neutrality

It's been an interesting couple of months in the ongoing tensions between Internet carriage and content service providers, particularly in the United States. The previous confident assertion was that the network neutrality regulatory measures in that country had capably addressed these tensions. While the demands of the content industry continue to escalate as the Internet rapidly expands into video content streaming models, we are seeing a certain level of reluctance from the carriage providers to continually accommodate these expanding demands within their networks though ongoing upgrades of their own capacity without any impost on the content provider. The veneer of network neutrality is cracking under the pressure, and the arrangements that attempted to isolate content from carriage appear to be failing. What's going on this extended saga about the tensions between carriage and content?

Top 5 Reasons The Evaluator Group Screwed Up

It’s been a while since the trainwreck of a “study” commissioned by Brocade and performed by The Evaluator Group,  but it’s still being discussed in various storage circles (and that’s not good news for Brocade). Some pretty much parroted the results, seemingly without reading the actual test. Then got all pissy when confronted about it.  I did a piece on my interpretations of the results, as did Dave Alexander of WWT and J Metz of Cisco. Our mutual conclusion can be best summed up with a single animated GIF.

 

bullshit

But since a bit of time has passed, I’ve had time to absorb Dave and J’s opinions, as well as others, I’ve come up with a list of the Top 5 Reasons by The Evaluator Group Screwed Up. This isn’t the complete list, of course, but some of the more glaring problems. Let’s start with #1:

Reason #1: I Have No Idea What I’m Doing

Their hilariously bad conclusion to the higher variance in response times and higher CPU usage was that it was the cause of the software initiators. Except, they didn’t use software initiators. The had actually configured hardware initiators, and didn’t know it. Let that sink Continue reading

Blessay: We Need To Buy Infrastructure Dolls Not Babies For The Private Cloud

The future of private infrastructure ownership is moving to a new model combines the old with the new that I describe as “dolls and babies” where the major transformation in infrastructure ownership is the transition from having babies to owning dolls. Infrastructure as Babies Enterprises buy infrastructure like people have babies. It takes months to […]

The post Blessay: We Need To Buy Infrastructure Dolls Not Babies For The Private Cloud appeared first on EtherealMind.

Coffee Break 7

This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break.

Coffee Break 7

This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break. Topics  Cisco Reveals OpenFlow SDN Killer:OpFlex protocol for ACI offered to IETF, OpenDaylight Researchs […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Coffee Break 7 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Blessay: Overlay Networking, BFD And Integration with Physical Network

Lede: In discussions with a stealthy networking startup today, we were discussing how their overlay network technology for the SDN WAN was able to to detect network blackouts and brownouts in the physical network. Their answer was to run Bi-directional Forwarding Detection (BFD) in the overlay tunnels. Now you have effective quality and service detection in the overlay network.

The post Blessay: Overlay Networking, BFD And Integration with Physical Network appeared first on EtherealMind.

Thought for My Day: Existing Networks are Self Automated and Policy Driven

Today’s Networks are auto-configuring and self-orchestrating. When you connect a server to network device, the device will identity the MAC address of the server and update it’s database. The server can make a request to a DHCP server and self configure. A network can be intentionally designed so that multiple paths exist through the network. […]

The post Thought for My Day: Existing Networks are Self Automated and Policy Driven appeared first on EtherealMind.

26-bis – VxLAN VTEP GW: Software versus Hardware-based

Just a slight note to clarify some VxLAN deployment for an hybrid network (Intra-DC).

As discussed in the previous post, with the software-based VxLAN, only one single VTEP L2 Gateway can be active for the same VxLAN instance.

This means that all end-systems connected to the VLAN concerned by a mapping with a particular VNID must be confined into the same leaf switch where the VTEP GW is attached. Other end-systems connected to the same VLAN but on different leaf switches isolated by the layer 3 fabric cannot communicate with the VTEP L2 GW. This may be a concern with hybrid network where servers supporting the same application are spread over multiple racks.

To allow bridging between VNID and VLAN, it implies that the L2 network domain is spanned between the active VTEP L2 Gateway and all servers of interest that share the same VLAN ID. Among other improvements, VxLAN is also aiming to contain the layer 2 failure domain to its smallest diameter, leveraging instead layer 3 for the transport, not necessarily both. Although it is certainly a bit antithetical to VxLAN purposes, nonetheless if all leafs are concerned by the same mapping of VNID to VLAN ID, it is Continue reading

Mininet integrated hybrid OpenFlow testbed

Figure 1: Hybrid Programmable Forwarding Planes
Integrated hybrid OpenFlow combines OpenFlow and existing distributed routing protocols to deliver robust software defined networking (SDN) solutions. Performance optimizing hybrid OpenFlow controller describes how the sFlow and OpenFlow standards combine to deliver visibility and control to address challenges including: DDoS mitigation, ECMP load balancing, LAG load balancing, and large flow marking.

A number of vendors support sFlow and integrated hybrid OpenFlow today, examples described on this blog include: Alcatel-Lucent, Brocade, and Hewlett-Packard. However, building a physical testbed is expensive and time consuming. This article describes how to build an sFlow and hybrid OpenFlow testbed using free Mininet network emulation software. The testbed emulates ECMP leaf and spine data center fabrics and provides a platform for experimenting with analytics driven feedback control using the sFlow-RT hybrid OpenFlow controller.

First build an Ubuntu 13.04 / 13.10 virtual machine then follow instructions for installing Mininet - Option 3: Installation from Packages.

Next, install an Apache web server:
sudo apt-get install apache2
Install the sFlow-RT integrated hybrid OpenFlow controller, either on the Mininet virtual machine, or on a different system (Java 1.6+ is required to run sFlow-RT):
 Continue reading

OpenStack + Docker + OpenContrail

Docker is a tool that simplifies the process of building container images. One of the issues with OpenStack is that building glance images is an off-line process. It is often difficult to track the contents of the images, how they where created and what software they contain. Docker also does not depend on virtualization; it creates linux container images that can be run directly by the host OS. This provides a much more efficient use of memory as well as better performance. It is a very attractive solution for DC operators that run a private infrastructure that serves in-house developed applications.

In order to run Docker as an openstack “hypervisor” start with devstack on ubuntu 12.04LTS. devstack includes a docker installer that will add a debian repository with the latest version of the docker packages.

After cloning the devstack repository one can issue the command:


tools/docker/install_docker.sh

For OpenContrail there isn’t yet a similar install tool. I built the OpenContrail packages from source and installed them manually, modifying the configuration files in order to have config, control and compute-node components all running locally.

Next, I edited the devstack localrc file to have the following settings:

VIRT_DRIVER=docker

disable_service n-net
enable_service neutron
 Continue reading

Blessay: The Internet is a “Cloud” for Networking

Can the Internet be the “Cloud Network” ? If so, when could the transition happen (if it hasn’t started already) ?

Supposition/Hypothesis As a technology, the Internet has strikingly similar properties to sharing Compute and Storage as ‘Cloud’. A large pool of resource that can be used or shared between many parties. The total pool of resource is dynamically allocated. Internet bandwidth is shared between all users and access is determined by bandwidth purchased at the network edge

The post Blessay: The Internet is a “Cloud” for Networking appeared first on EtherealMind.

SSH Fingerprint issue on Mac OS X

If you use an Apple Mac to SSH to a device and the terminal sends an error message saying the SSH fingerprint does not match (following text), the easiest way to get new SSH fingerprints is by doing a ‘ssh-keygen -R IP_Address’.

Last login: Tue Apr 22 10:21:10 on ttys000

doka:~ doka$ ssh -l root 10.100.0.1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
81:79:83:12:f3:85:9c:13:f8:d2:01:ac:43:1c2:28:2c.
Please contact your system administrator.
Add correct host key in /Users/doka/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/doka/.ssh/known_hosts:88
RSA host key for 10.100.0.1 has changed and you have requested strict checking.
Host key verification failed.

doka:~ doka$ ssh-keygen -R 10.100.0.1
# Host 10.100.0.1 found: line 88 type RSA
/Users/doka/.ssh/known_hosts updated.
Original contents retained as /Users/doka/.ssh/known_hosts.old

doka:~ doka$ ssh -l root 10.100.0.1
The authenticity Continue reading

Passing Command Line Arguments to Python

The Common Way (I think) There’s a very well know way of grabbing command-line arguments and passing them to a Python program. This is done by importing the sys module and using the argv...

[[ Summary content only, you can read everything now, just visit the site for full story ]]
1 3,692 3,693 3,694 3,695 3,696 3,791