[Insieme and Cisco ACI] Part 2 – Programmability
Introduction to Application-Centric Infrastructure In the last post, we discussed the hardware that was being announced from Cisco’s Insieme spin-in. While the hardware that is comprising the new Nexus 9000 series is certainly interesting, it wouldn’t mean nearly as much without some kind of integration on an application level. Traditionally, Cisco networking has been relatively inaccessible to developers or even infrastructure folks looking to automate provisioning or configuration tasks. It looks like the release of ACI and the Nexus 9000 switch line is aiming to change that.[Insieme and Cisco ACI] Part 1 – Hardware
I’m pleased to kick off my 3-part blog series regarding the VERY recently announced data center networking products by Insieme, now (or very soon) part of Cisco. Nexus 9000 Overview From a hardware perspective, the Nexus 9000 series seems to be a very competitively priced 40GbE switch. As (I think) everyone expected, the basic operation of the switch is to serve up a L3 fabric, using VXLAN as a foundation for overlay networks.[Insieme and Cisco ACI] Part 2 – Programmability
Introduction to Application-Centric Infrastructure In the last post, we discussed the hardware that was being announced from Cisco’s Insieme spin-in. While the hardware that is comprising the new Nexus 9000 series is certainly interesting, it wouldn’t mean nearly as much without some kind of integration on an application level. Traditionally, Cisco networking has been relatively inaccessible to developers or even infrastructure folks looking to automate provisioning or configuration tasks. It looks like the release of ACI and the Nexus 9000 switch line is aiming to change that.[Insieme and Cisco ACI] Part 1 – Hardware
I’m pleased to kick off my 3-part blog series regarding the VERY recently announced data center networking products by Insieme, now (or very soon) part of Cisco. Nexus 9000 Overview From a hardware perspective, the Nexus 9000 series seems to be a very competitively priced 40GbE switch. As (I think) everyone expected, the basic operation of the switch is to serve up a L3 fabric, using VXLAN as a foundation for overlay networks.Avoiding Demo Fail
How would you like to be the CEO of a company like Apple or Dropbox? Money, fame and awesomeness surround you. But as cool as that sounds, it doesn’t prevent you from living through a failed live product demo in...VMware NSX, Convergence, and Reforming Operational Visibility for the SDDC
Note: This article was originally written for and published at the VMware Network Virtualization Blog. The following is a verbatim re-post of the original content.
Through convergence, VMware NSX will substantially reform operational visibility for the era of the software-defined data center.
Executive Summary
Since the launch at VMworld 2013, much of the discussion about VMware NSX has been focused on its core properties of agile and fully automated network provisioning; the ability to create fully functional L2-L7 virtual networks in a software container with equivalent speed and mobility of virtual machines. And while these are very important capabilities of VMware NSX, we believe there is yet another and perhaps equally significant dimension to be discovered. That is, how network virtualization and VMware NSX, through convergence and instrumentation of virtual networks, virtual compute, and the physical network, will substantially reform operational visibility for the era of the software defined data center.
With convergence comes new visibility
Convergence of network and compute is made possible by a platform ideally positioned at the first point in the architecture where these different yet closely related services can reliably coexist. A less obvious yet significant consequence of this is that convergence inherently provides more Continue reading
VMware NSX, Convergence, and Reforming Operational Visibility for the SDDC
Note: This article was originally written for and published at the VMware Network Virtualization Blog. The following is a verbatim re-post of the original content. Through convergence, VMware NSX will substantially reform operational visibility for the era of the software-defined data center Executive Summary Since the launch at VMworld 2013, much of the discussion about […]Stuff Spirent didn’t cover at NFD6
Spirent presented their Avalanche NEXT product at Gestalt IT's Network Field Day 6 event in September of this year.Disclaimers:
- I attended the event, somebody else picked up the tab, yada yada.
- I like Spirent. I've used their products, worked with their people and been to their offices several times, and have gradually become a fan. This fact might be coloring my opinions :)
What's Avalanche NEXT?
Avalanche NEXT is a software frontend for performing tests of security hardware (firewalls and whatnot). It's a modular system that allows simple creation of test components (clients, servers, subnets, protocols, etc...), mixing of modules to create various tests, scaling of the test, application fuzzing, etc... Check out 1:14 - 1:30 in the video below to get a flavor of how slick the interface is. I love that interactive pie chart.
This sort of testing is critical because security devices have some of the most misleading data sheets of anything we're likely to work with as network folks. Security box performance numbers depend heavily on what you're asking them to do. Will your current device survive if you enable SSL offload, application inspection, or similar features? You can try it out (fingers crossed! Continue reading
Remote LFA
In the last episode in our world wide tour of fast reroute mechanisms, we discussed Not-Via. While an interesting concept, Not-Via does require a number of extra IP addresses, as well as a new set of special routing advertisements, to work properly. So while Not-Via is conceptually simple, it hasn’t ever really been accepted as […]
Author information
IP Addresses and Traceback
This is an informal description the evolution of a particular area of network forensic activity, namely that of traceback. This activity typically involves using data recorded at one end of a network transaction, and using various logs and registration records to identify the other party to the transaction. Here we’ll look at the impact that IPv4 address exhaustion and IPv6 transition has had on this activity, and also note, as we explore this space, the changing role of IP addresses within the IP protocol architecture.CCIE RS v5 blueprint will be announced this month?
How does the internet work - We know what is networking
Please note that this article is more or less pure speculation. The fact is that CCIE R&S v5 blueprint will be presented 28th January 2014 on Milan’s Cisco live event everything else is yet to be announced. From Milan’s Cisco live 28.1.2014 there is an CCIE R&S v5 blueprint event scheduled. When Cisco wants to […]
How to Tell if TCP Payloads Are Identical
I was working on a problem today in which vendor tech support was suggesting that a firewall was subtly modifying TCP data payloads. I couldn't find any suggestion of this in the firewall logs, but seeing as how I've seen that vendor's firewall logs lie egregiously in the past, I wanted to verify it independently.I took a packet capture from both hosts involved in the conversation and started thinking about how to see if the data sent by the server was the same as the data received by the client. I couldn't just compare the capture files themselves, because elements like timestamps, TTLs, and IP checksums would be different.
After a bunch of fiddling around, I came up with the idea of using tshark to extract the TCP payloads for each stream in the capture file and hash the results. If the hashes matched, the TCP payloads were being transferred unmodified. Here are the shell commands to do this:
tshark -r server.pcap -T fields -e tcp.stream | sort -u | sed 's/r//' | xargs -i tshark -r server.pcap -q -z follow,tcp,raw,{} | md5sum
2cfe2dbb5f6220f29ff8aff82f7f68f5 *-
You then run exactly the same commands on the "client.pcap" file Continue reading
SDN Themes from ONUG – Community Matters!
I was privileged to attend the Open Networking User Group (ONUG) Conference, ONUG Academy and mini Tech Field Day event hosted by JP Morgan Chase on October 29 and 30.I attended at someone else's expense. Disclaimer. Additional disclaimer: I have a personal relationship with one of the people behind the ONUG conference. That fact will not color the opinions I express about ONUG. If I say I like something, it's because I like it, okay? :)
 |
| SDN Joke from Brent Salisbury's awesome ONUG presentation. I don't know these cats nor the owner of the photo. |
ONUG is founded on the idea that the Software Defined Network (SDN) user community needs to stand up for itself. Prior to ONUG the direction of SDN was set by a handful of players including:
- Vendors who are interested in shaping the SDN marketplace and standards bodies around the capabilities of their products, rather than around the problems being faced by their customers.
- Powerful end users who needed SDN to solve their own peculiar problems. The problems they're solving, and the techniques they're using do not align well with the challenges nor capabilities of mere enterprise users.
- Researchers, who took SDN Continue reading
Revell F-104G Starfighter 1/48
For best article visual quality, open Revell F-104G Starfighter 1/48 directly at NetworkGeekStuff.
Ok, this time there is something special, this is my first model where I used an air brush. As a complete beginner I got the Revell AirBrush starter kit as visible below. I was very happy with it, despite the fact that you cannot do much details with the basic pistol that is creating a paint flow that is too wide.
Revell basic AirBrush set
Regarding the F-104, let me borrow from wiki :
[wikipedia.org]:
The Lockheed F-104 Starfighter is a single-engine, high-performance, supersonic interceptor aircraft originally developed for the United States Air Force (USAF) by Lockheed. One of the Century Series of aircraft, it was operated by the air forces of more than a dozen nations from 1958 to 2004.
The F-104 served with the USAF from 1958 until 1969, and continued with Air National Guard units until 1975. The National Aeronautics and Space Administration (NASA) flew a small mixed fleet of F-104 types in supersonic flight tests and spaceflight programs until 1994.[2] USAF F-104Cs saw service during the Vietnam War, and F-104A aircraft were deployed by Pakistan briefly during the Indo-Pakistani wars. Continue reading
Of Mice and Elephants
[This post has been written by Martin Casado and Justin Pettit with hugely useful input from Bruce Davie, Teemu Koponen, Brad Hedlund, Scott Lowe, and T. Sridhar]
Overview
This post introduces the topic of network optimization via large flow (elephant) detection and handling. We decompose the problem into three parts, (i) why large (elephant) flows are an important consideration, (ii) smart things we can do with them in the network, and (iii) detecting elephant flows and signaling their presence. For (i), we explain the basis of elephant and mice and why this matters for traffic optimization. For (ii) we present a number of approaches for handling the elephant flows in the physical fabric, several of which we’re working on with hardware partners. These include using separate queues for elephants and mice (small flows), using a dedicated network for elephants such as an optical fast path, doing intelligent routing for elephants within the physical network, and turning elephants into mice at the edge. For (iii), we show that elephant detection can be done relatively easily in the vSwitch. In fact, Open vSwitch has supported per-flow tracking for years. We describe how it’s easy to identify elephant flows at the vSwitch and Continue reading
AirConsole Review
If you need regular console port access then nothing beats a fixed console router. However there are many times when that simply isn’t an option. For occasional console connections I use a Keyspan USB/Serial adaptor with my MacBook. It’s … Continue reading
The post AirConsole Review appeared first on The Network Sherpa.
Cisco IPsec VPN breakage on Windows 8[.1] and OS X 10.9
Oh, to be a Cisco IPsec VPN user these days… Now I know that we should get with the program and move to AnyConnect, since Cisco is EOL-ing the venerable Cisco VPN Client in 2014, but we have a large installed base, and since Cisco stopped making IPsec clients for Mac and Linux back in the […]
Author information
The post Cisco IPsec VPN breakage on Windows 8[.1] and OS X 10.9 appeared first on Packet Pushers Podcast and was written by Will Dennis.
Securing a DMVPN spoke – Part 2
In Part 1 we went through protecting the spoke from the outside world on the Internet and using the stateful inspection firewall CBAC, Content-Based Access Control, to dynamically allow returning traffic back in. CBAC works great for a single inside zone and a single outside zone. What if your business requirements have more than two […]
Author information
The post Securing a DMVPN spoke – Part 2 appeared first on Packet Pushers Podcast and was written by Charles Galler.