Training Wheels and Protective Gear

Throughout the development cycle of new features and functions for any network platform (or probably most other products not targeted at the mass market consumer) this one question will always come up: should we protect the user of our product from doing this? And “this” is always something that would allow the user of the product to really mess things up if not done right. As a product management organization you almost have to take a philosophical stand when it comes to these questions.

Protect the user

Sure enough, the question came up last week as part of the development of one our features. When putting the finishing touches on a feature that allows very direct control over some of the fundamental portions of what creates a Plexxi fabric, our QA team (very appropriately) raised the concern: if the user does this, bad things can happen, should we not allow the user to change this portion of the feature?

This balancing act is part of what as made networking as complex as it has become. As an industry we have been extremely flexible in what we have exposed to our users. We have given access to portions of our products Continue reading

VXLAN and OTV: The Saga Continues

Randall Greer left a comment on my Revisited: Layer-2 DCI over VXLAN post saying:

Could you please elaborate on how VXLAN is a better option than OTV? As far as I can see, OTV doesn't suffer from the traffic tromboning you get from VXLAN. Sure you have to stretch your VLANs, but you're protected from bridging failures going over your DCI. OTV is also able to have multiple edge devices per site, so there's no single failure domain. It's even integrated with LISP to mitigate any sub-optimal traffic flows.

Before going through the individual points, let’s focus on the big picture: the failure domains.

Read more ...

Show 208 – So, You Want To Work For A Vendor?

Lauren Malhoit, Paul Stewart, and Ed Henry join Packet Pushers hosts Greg Ferro and Ethan Banks for a discussion about what it’s like to work for a networking vendor. Lauren and Paul recently started working at Cisco in two very different roles, while Ed went the startup route, landing at Plexxi. Why did they do it? What […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 208 – So, You Want To Work For A Vendor? appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Response to Kathy Sierra

People are asking me about this post from Kathy Sierra. It’s inaccurate, twisted, and personally insulting. That Kathy was doxxed and harassed 7 years is indeed an awful thing, but that doesn’t justify her own bad behavior toward others.

I always defend targets of lynch mobs, such as accused Boston Bomber Dzhokhar Tsarnaev. To the right is a picture of what appears to be Tsarnaev placing the bomb right behind 9 year old boy Martin Richards who died in the blast. I feel sick to my stomach looking at it. But here’s the thing: Tsarnaev is an American citizen, and I will vigorously defend his rights to due process. When they violated his civil rights, interrogating him for days while he hung near death in his hospital bed, begging for a lawyer, I vocally condemned this. All fruits of that interrogation need to be thrown out, even if it means Tsarnaev goes free. And I have no problem saying this to the face of Martin Richard’s parents.

Weev may be a bad human being, but he’s not as vile as mass bomber. I likewise defend him from lynch mobs. His arbitrary conviction and imprisonment under the CFAA was a gross Continue reading

Blessay: Human Infrastructure Poverty & Over-Capitalisation In The Enterprise – Part 2


Advertise here with BSA

Is Enterprise IT starving its operational process by reducing headcount and overcapitalising on assets ? If so, what arguments can we make for or against this idea ? Part 2 of an essay on investing in people instead of equipment.


Advertise here with BSA

The post Blessay: Human Infrastructure Poverty & Over-Capitalisation In The Enterprise – Part 2 appeared first on EtherealMind.

Internet Regulation: Section 706 vs Title II

At the NANOG meeting in Baltimore this week I listened to a presentation by Patrick Gilmore on “The Open Internet Debate: Section 706 vs Title II”. It’s true that this is a title that would normally induce a comatose reaction from any audience, but don’t let the title put you off. Behind this is an impassioned debate about the nature of the retail Internet for the United States, and, I suspect, a debate about the Internet itself and the nature of the industry that provides it.

A bit of maintenance

I am currently performing a bit of maintenance on the blog (moving host), so there might be some small errors here and there. I apologise for this! – Hopefully everything will be up and running smoothly in a few days time.

Thank you for your patience!

/KP

Technology Short Take #45

Welcome to Technology Short Take #45. As usual, I’ve gathered a collection of links to various articles pertaining to data center-related technologies for your enjoyment. Here’s hoping you find something useful!

Networking

  • Cormac Hogan has a list of a few useful NSX troubleshooting tips.
  • If you’re not really a networking pro and need a “gentle” introduction to VXLAN, this post might be a good place to start.
  • Also along those lines—perhaps you’re a VMware administrator who wants to branch into networking with NSX, or you’re a networking guru who needs to learn more about how this NSX stuff works. vBrownBag has been running a VCP-NV series covering various objectives from the VCP-NV exam. Check them out—objective 1, objective 2, objective 3, and objective 4 have been posted so far.

Servers/Hardware

  • I’m going to go out on a limb and make a prediction: In a few years time (let’s say 3–5 years), Intel SGX (Software Guard Extensions) will be regarded as important if not more important than the virtualization extensions. What is Intel SGX, you ask? See here, here, and here for a breakdown of the SGX design objectives. Let’s be real—the ability for an Continue reading

Cisco NX-API 1.0 Update

If you weren’t paying attention, it was easy to miss. NX-API, Cisco’s new JSON/XML switch API is now shipping as version 1.0. NX-API originated on the Nexus 9000 platform created by the Insieme group, and I’ve explored this in detail before.

In review, NX-API is a new, programmatic method of interacting with a Cisco Nexus switch. In many ways, Cisco is playing catch-up here, since this interface is really just a wrapper for the CLI (admittedly with some convenient output parsing), and most of their competitors have had similar interfaces for a while. Nevertheless, it is better than scraping an SSH session, so it’s worth looking into.

I’d like to go over a few new things you should know about if you are or will be working with this interface.

 

NX-API 1.0 Updates

From a strictly API perspective, not a lot seems to have changed. I would be more specific, but as of yet I’ve been unable to find release notes from Cisco on what’s changed from 0.1 to 1.0. If I ever find something like this, I’ll get my hands on it – part of publishing a good API means publishing good documentation, and Continue reading

Talking Tech Series: VMware NSX Edge Scale Out with Equal-Cost Multi-Path Routing

This post was written by Roie Ben Haim and Max Ardica, with a special thanks to Jerome Catrouillet, Michael Haines, Tiran Efrat and Ofir Nissim for their valuable input.

****

The modern data center design is changing, following a shift in the habits of consumers using mobile devices, the number of new applications that appear every day and the rate of end-user browsing which has grown exponentially. Planning a new data center requires meeting certain fundamental design guidelines. The principal goals in data center design are: Scalability, Redundancy and High-bandwidth.

In this blog we will describe the Equal Cost Multi-Path functionality (ECMP) introduced in VMware NSX release 6.1 and discuss how it addresses the requirements of scalability, redundancy and high bandwidth. ECMP has the potential to offer substantial increases in bandwidth by load-balancing traffic over multiple paths as well as providing fault tolerance for failed paths. This is a feature which is available on physical networks but we are now introducing this capability for virtual networking as well. ECMP uses a dynamic routing protocol to learn the next-hop towards a final destination and to converge in case of failures. For a great demo of how this works, you can Continue reading

Dependency management and organic IT integrations

If the future of IT is about integrated infrastructure, where will this integration take place? Most people will naturally tend to integrate systems and tools that occupy adjacent spaces in common workflows. That is to say that where two systems must interact (typically through some manual intervention), integration will take place. If left unattended, integration will grow up organically out of the infrastructure.

But is organic growth ideally suited for creating a sustainable infrastructure?

A with B with C

In the most basic sense, integration will tend to occur at system boundaries. If A and B share a boundary in some workflow, then integrating A with B makes perfect sense. And if B and C share a boundary in a different (or even further down the same) workflow, then it makes equal sense to integrate B with C.

In less abstract terms, if you use a monitoring application to detect warning conditions on the network, then integrating the monitoring application and the network makes good sense. If that system then flags issues that trigger some troubleshooting process, then integrating the tools with your help desk ticketing system might make sense to automatically open up trouble tickets as issues arise.

In Continue reading

Technology Short Take #45

Welcome to Technology Short Take #45. As usual, I’ve gathered a collection of links to various articles pertaining to data center-related technologies for your enjoyment. Here’s hoping you find something useful!

Networking

  • Cormac Hogan has a list of a few useful NSX troubleshooting tips.

  • If you’re not really a networking pro and need a “gentle” introduction to VXLAN, this post might be a good place to start.

  • Also along those lines—perhaps you’re a VMware administrator who wants to branch into networking with NSX, or you’re a networking guru who needs to learn more about how this NSX stuff works. vBrownBag has been running a VCP-NV series covering various objectives from the VCP-NV exam. Check them out–objective 1, objective 2, objective 3, and objective 4 have been posted so far.

Servers/Hardware

  • I’m going to go out on a limb and make a prediction: In a few years time (let’s say 3-5 years), Intel SGX (Software Guard Extensions) will be regarded as important if not more important than the virtualization extensions. What is Intel SGX, you ask? See here, here, and here for a breakdown of the SGX design objectives. Let’s be real—the ability for an Continue reading

Wget off the leash

As we all know, to grab a website with wget, we'll use the "-r" option to "recurse" through all the links. There is also the '-H' option, means that wget won't restrict itself to just one host. In other words, with '-r -H' together, it'll try to spider the entire Internet. So I did that to see what would happen.

Well, for a 32-bit bit process, what happened is that after more than a month, it ran out of memory. It maintained an ever growing list of URLs that it has to visit, which can easily run in the millions. At a hundred bytes per URL and 2-gigabytes of virtual memory, it'll run out of memory after 20 million URLs -- far short of the billions on the net. That's what you see below, where 'wget' has crashed exhausting memory. Below that I show the command I used to launch the process, starting at cnn.com as the seed with a max timeout of 5 seconds.



How much data did I download from the Internet? According to 'du', the answer is 18-gigabytes, as seen in the following screenshot:



It reached 79425 individual domains, far short of the millions it held Continue reading

Six-month anniversary scan for Heartbleed

I just launched my six-month anniversary scan for Heartbleed. I'll start reporting early results tomorrow afternoon. I'm dialing the scan to run slowly and spreading it across four IP addresses (and 32k ports) in order to avoid unduly alarming people.

If you would like the results of the scan for your subnet, send us your address ranges to our "abuse@" email address. We'll lookup the abuse contact email for those ranges and send you what we found for that range. (This offer good through the end of October 2014).



Here is a discussion of the options.

--conf /etc/masscan/masscan.conf
You don't see this option, but it's the default. This is where we have the 'excluderanges' configured. Because we exclude everyone who contacts us an "opts-out" of our white-hat scans, we are down to scanning only 3.5 billion hosts now, out of around 4 billion.

0.0.0.0/0
The the "/0" means "the entire Internet". Actually, any valid IPv4 address can replace the 0.0.0.0 and it'll produce the same results, such as "127.0.0.0/0" to amuse your friends.

-p443
This says to scan on port 443, the default SSL port. At some point in Continue reading

Cisco NX-API 1.0 Update

If you weren’t paying attention, it was easy to miss. NX-API, Cisco’s new JSON/XML switch API is now shipping as version 1.0. NX-API originated on the Nexus 9000 platform created by the Insieme group, and I’ve explored this in detail before. In review, NX-API is a new, programmatic method of interacting with a Cisco Nexus switch. In many ways, Cisco is playing catch-up here, since this interface is really just a wrapper for the CLI (admittedly with some convenient output parsing), and most of their competitors have had similar interfaces for a while.

Cisco NX-API 1.0 Update

If you weren’t paying attention, it was easy to miss. NX-API, Cisco’s new JSON/XML switch API is now shipping as version 1.0. NX-API originated on the Nexus 9000 platform created by the Insieme group, and I’ve explored this in detail before. In review, NX-API is a new, programmatic method of interacting with a Cisco Nexus switch. In many ways, Cisco is playing catch-up here, since this interface is really just a wrapper for the CLI (admittedly with some convenient output parsing), and most of their competitors have had similar interfaces for a while.

White Box Switching: Broadcom StrataXGS Tomahawk

A previous post listed the excitement I felt when reading through the Cavium XPliant announcement. Programmable fast packet forwarding hardware? Awesome! In a previous life I worked with embedded electronics and wrote several interesting algorithms in C and assembly for applications from noise filtering for AD conversion, LCD screen drivers and TCP/IP stacks (which was fun). This kind of thing really excites me. Nuff said.

So I was more than happy to read the announcement from Broadcom announcing their latest child, the StrataXGS® Tomahawk™. This chipset is formed from more than 7 billion transistors, can forward packets at 3.2Tbps and is optimised for SDN and high port density devices, not to mention it is an authoritative chipset for 25GE and 50GE Ethernet and provides sub 400ns port-to-port operation. Sound good? It’s the next evolutionary step from Trident II and matches the offering from Cavium with their XPliant child.

The Broadcom StrataXGS® Tomahawk™ can deliver 32x 100GE, 64x 40/50GE or 128 ports of of 25GE on a single chip. SINGLE CHIP! This all boils down to 25Gbps per-lane interconnections. Bit of a waste perhaps for 40GE? Which is good considering this chipset is based on upgrading switches with 10GE host Continue reading

Traceroute – A Small Tool for Big Problems

Basics is must for Network Engineer.Traceroute is an imp and handy tool while  troubleshooting any network issue.How Traceroute works ? Whats the concept behind it ? Its task is to determine  the path taken by packet to reach its destination .Before going further ,lets see the IP header . 0                   1                   2                   3 0 1 […]

Author information

Anurudh Dubey

Anurudh Dubey CCIE##44298 is Network Engineer.A thorough professional with over all 8 years’ rich experience in the IT/Telecom and Networking sector.Always try to learn new as their is no limit for learning.In addition, Anurudh is a : Blogger at http://crazyrouters.wordpress.com/
LinkedIn

The post Traceroute – A Small Tool for Big Problems appeared first on Packet Pushers Podcast and was written by Anurudh Dubey.

1 3,711 3,712 3,713 3,714 3,715 3,858