NetworkingNexus.net

VXLAN MTU vs IP MTU Consideration

Audience

This post is for anyone who’s thought about deploying VXLAN on their network and who like me thinks deeply about stuff, to the point of utter confusion, which hit me on a very hot sunny afternoon. The good news with confusion is, once you’ve cracked the issue (normally one’s correct understanding), the clouds clear and the birds sing.

VXLAN

Virtual Extensible Local Area Network functionality is beginning to hit a wide range of vendor devices. VXLAN provides 16 million (and then some) segments for Layer 2 networks. Some organisations, especially those providing cloud infrastructure currently have or will have problems with the number of VLANs available in 12 bits, which is 4096. In that 4096 number, some are not usable either are reserved for certain things like token-ring and platform specific internal communication.

VXLAN is a simple encapsulation method or a tunnel. It encapsulates the original payload in to UDP packets for transit across an IP network and adds another 50 bytes on to the header tax. At a very high level, VXLAN can be deployed in multicast mode and with unicast. Virtual Network IDs (VNIDs) represent VXLAN segment identifiers. In order to gain connectivity, a network construct Continue reading

Book Recommendations — Jeff Aiken Series by Mark Russinovich

BookSmall Last week, I spent a the majority of my commute time listening to a cybercrime novel by Mark Russinovich. This book, Trojan Horse, is the second of three books in the Jeff Aiken Novel series and didn’t disappoint in any way. In the past I read the electronic version of the first book, Zero Day. Whether or not you work in information security, you’ll likely find these books enjoyable. Having some grasp of the reach and dependance on information systems, I find these books are reasonably plausible. I plan to listen to the final installment in the series during my travels this week.

HPN Scripting on Github

Dear network community, Based on the feedback of Lindsay Hill on my last post I created a HPN Scripting GitHub repository. The repository is completely free with MIT license. After HP ETSS event next week I’ll post my scripts under … Continue reading →

Reading a Certification Blueprint

Those studying for certification exams should know what they’re studying for. This is typically found on some sort of syllabus or blueprint. In Cisco parlance, we simply call this the exam blueprint. So those taking ICND1 in hopes of achieving CCENT, would typically research the ICND1 exam blueprint. This is found selecting the link in the Exam Topics section of the exam overview page.

While reading through this type of document, it is important to keep a few things in mind. For example, it is beneficial to continually think about how a vendor may validate knowledge of a particular competency. It is also important to pay attention to keywords like describe, configure and troubleshoot. The keyword describe would typically indicate only a conceptual understanding is required. Configure or troubleshoot might be used to indicate working proficiency with a technology is expected.

As a candidate assesses a given blueprint, they should think about how they could assess someone else’s knowledge. For example, one might consider the task of hiring a network administrator. How could the understanding of collision domains and broadcast domains be assessed? By thinking in these terms, the challenges that networking vendors face in assessing candidates begins to surface

Looking at a blueprint Continue reading

The Open Internet?

I hear the virtues of the “open Internet” being extolled so much these days that I can’t help but wonder what exactly we are referring to. So let’s ask the question. What is an “open” Internet?

Brent’s Technology Bookmarks from June

Lots going on in the past couple of months. While current projects have me pretty busy I wanted to share some good reads and interesting developments in the industry. In no particular order: Thats all for now. Have a great weekend.

...

Python Sets: Handy for Network Data

Interview with David Major, Discussing CLN

During Cisco Live 2014, the Cisco team tracked me down and talked to me about my role and the value of the Cisco Learning Network.

Broadcast live streaming video on Ustream

Links

Readers of this article may also enjoy:

The post Interview with David Major, Discussing CLN appeared first on PacketU.

Who Understands Network Statements?

A couple of weeks ago, I asked some questions about an obscure OSPF configuration. I found the scenario fun to write and share. Therefore, I wanted to offer another odd configuration that might challenge readers to think through the resulting behavior of a Cisco device. This particular challenge is a quick and dirty RIP configuration based on the following scenario.

R1 Configuration

interface FastEthernet0/0
 description To Host1
 ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/1
 description To R2
 ip address 10.100.100.1 255.255.255.0
!
router rip
 network 10.100.100.0

R2 Configuration

interface FastEthernet0/0
 description To Host2
 ip address 10.2.2.2 255.255.255.0
!
interface FastEthernet0/1
 description To R1
 ip address 10.100.100.2 255.255.255.0
!
router rip
 network 10.100.100.0

Question

Assuming Host1 and Host2 are configured with the appropriate address and default gateway, which following two statements are true?

Host1 can reach Host2
Host2 cannot reach Host1
show run will reveal the configuration above
show run will reveal differences from what is shown

A question like this can reveal whether or not an individual has experience configuring interior gateway protocols. Those who have worked with IOS will Continue reading

Thought: What Facebook Wedge, Cumulus Linux Shows About Network Operating Systems

Facebook develops it's own operating system for switches. This shows that OS's like Cisco's IOS and Juniper's Junos are under attack and devalues those business. The destruction of the software moat means that customers have far more choice for their networks.

The post Thought: What Facebook Wedge, Cumulus Linux Shows About Network Operating Systems appeared first on EtherealMind.

Network Management a forgotten art? Part 2!

A while back I wrote a quick article about network management and tools you can rely on. As you could imagine network management is a quite a broad topic and definitely one definitely can talk about till I turn blue. So I figured I would throw out some other interesting considerations when dealing with Network […]

HP network scripting

Dear HP Network Community, My name is Dobias van Ingen and I’m working within HP for almost 15 years. I’ve always been in networking and Unix / Linux infrastructures. Currently I’m leading an EMEA pre-sales overlay team with strong technical focus … Continue reading →

Classful IP Networks: An Introduction to IP Address Classes

When the concept of subnetting comes up, there is a need to first establish what networks were like before the Internet Standard Subnetting Procedure was introduced in RFC950. Prior to the use of subnet masks, networked devices made assumtions about the network and host portion of the address. This process by which these assumptions is made was defined in RFC791–

Addresses are fixed length of four octets (32 bits). An address
begins with a network number, followed by local address (called the
“rest” field). There are three formats or classes of internet
addresses: in class a, the high order bit is zero, the next 7 bits
are the network, and the last 24 bits are the local address; in
class b, the high order two bits are one-zero, the next 14 bits are
the network and the last 16 bits are the local address; in class c,
the high order three bits are one-one-zero, the next 21 bits are the
network and the last 8 bits are the local address.

If that leaves you a bit confused, you are in the right place. This article works through the concept of the IP Address Class. Readers should gain the understanding required to decipher things Continue reading

On Policy in the Data Center: The solution space

(This post was written by Tim Hinrichs and Scott Lowe with contributions from Martin Casado, Peter Balland, Pierre Ettori, and Dennis Moreau.)

In the first part of this series we described the policy problem: ensuring that the data center obeys the real-world rules and regulations that are pertinent to that data center. In this post, we look at the range of possible solutions by identifying some the key features that are important for any solution to the policy problem. Those key features correspond to the following four questions, which we use to structure our discussion.

What are the policy sources a policy system must accommodate?
How do those sources express the desired policy to the system?
How does the policy system interact with data center services?
What can the policy system do once it has the policy?

Let’s take a look at each of these questions one at a time.

Policy Sources: The origins of policy

Let’s start by digging deeper into an idea we touched on in the first post when describing the challenge of policy compliance: the sources of policy. While we sometimes talk about there being a single policy for a data center, the reality is Continue reading

SDN/NFV: More than Hot Air in the Windy City

SDN/NFV: More than Hot Air in the Windy City

by Steve Harriman, VP of Marketing - June 19, 2014

As reported in my last blog post - SDN: Déjà vu all over again? - Packet Design was a gold sponsor of Light Reading’s inaugural Big Telecom Event in Chicago this week. The organizers claim there were about 1,500 registered attendees with two thirds of them representing network operators. There were several really interesting presentations and panel discussions, and I’ve captured four key takeaways here.

Cengiz Alaettinoglu prepping to demo the Network Access Broker

SDN is getting the buzz, but NFV is where the early action is. This theme ran through the conference and there was much discussion on the relative merits of SDN vs. NFV and whether they should be implemented simultaneously or separately. While there are clear near-term benefits – including lower capex and faster time to revenue – for operators who virtualize network functions that today run on hardware appliances, most agreed that this is a first step only. To achieve maximum efficiency and flexibility as well as deliver the best customer experience (see below), an SDN-enabled network function virtualization infrastructure (NFVI) is needed in which pools Continue reading

EIGRP Redistribution – Default Metrics of Connected and Static Routes

I wanted to do some analysis of the EIGRP topology table last night, so I fired up a small lab. I was especially interested in how external routes appear there and compare to internal entries. Like all good scientific endeavors, the whole thing got derailed when I made a realization.

Here’s the lab I set up. You can ignore the IPv6 info for this exercise.

It’s a simple little thing. All the networks you see are included in EIGRP 100 for simplicity. I limited the network statements to 192.0.2.0/24 to keep my options open. I went ahead and added Loopback100 on R3 with an address of 3.3.3.3/32 and added a redistribute connected with a route-map to get the route out in the wild. Here’s what I had.

R3#show run | section eigrp
router eigrp 100
 redistribute connected route-map RM-REDIST-CONN
 network 192.0.2.0
 no auto-summary
!
route-map RM-REDIST-CONN permit 100
 match interface Loopback100

Alright. All looks good there, so I checked the topology table on R1 and saw it in there as an external and everything.

R1#sh ip eigrp topology 3.3.3.3/32
IP-EIGRP (AS 100): Topology entry for 3.3.3.3/32
  State  Continue reading

Another way to protect your SSH keys

Let's say you don't have a TPM chip, or you hate them, or for some other reason don't want to use it to protect your SSH keys. There's still hope! Here's a way to make it possible to use a key without having access to it. Meaning if you get hacked the key can't be stolen.

No TPM, but key can't be stolen anyway? Surely this is an elaborate ruse? Well yes, it is. My idea is that you essentially bounce off of a Raspberry Pi.

But doing that straightforward is too easy. I've instead made an SSH proxy, and will show you how to automatically bounce off of it. You could do the same by setting up a second SSH server (or the same one), and hack around with PAM and a restricted shell. But this solution can be run as any user, with just the binary and the set of keyfiles. Very simple.

The goal here is to log in to shell.foo.com from your workstation via a Raspberry Pi. The workstation SSH client presents its SSH client key to the SSH Proxy on the Raspberry Pi, and if allowed will connect on and present the SSH Continue reading

Docker essentials – Images and Containers

I’ll admit, I jumped into docker pretty quickly and found that I was getting a little ahead of myself. After much googling and discussion, I’ve come to realize a couple things about docker that I think are well worth sharing. I’m hoping to share them through a series of ‘Docker Essentials’ type posts.

NOTE: My first post was going to be about how to interact with docker on the CLI. However, there are lots of other resources out there for that. Namely, the really awesome docker documentation. In addition, the CLI provides help/syntax on commands as well. I’ll list a couple of resources that I used and try to explain along the way, but if you don’t recognize a command I’m using look it up!

The docker user guide – http://docs.docker.com/userguide/
The docker CLI reference – https://docs.docker.com/reference/commandline/cli/
The docker guide book – https://github.com/kencochrane/docker-guidebook

Working with images and Containers
On first glance, I made some assumptions about this images and containers that proved to be wrong. So let’s start with some basics.

Images are read-only. That is, they can never be altered. Containers are built using Continue reading

Port mirroring with Linux bridges

Port mirroring with the most popular Linux bridge implementations.

« Previous 1 … 3,707 3,708 3,709 3,710 3,711 … 3,817 Next »