The bumpy road to E-VPN
In 2004 we were in the planning phase of building a new data center to replace one we had outgrown. The challenge was to build a network that continued to cater to a diverse range of data center applications and yet deliver significantly improved value.Each operational domain tends to have one or more optimization problem whose solution is less than optimal for another domain. In an environment where compute and storage equipment come in varying shapes and capabilities and with varying power and cooling demands, the data center space optimization problem does not line up with the power distribution and cooling problem, the switch and storage utilization problem, or the need to minimize shared risk for an application, to name a few.
The reality of the time was that the application, backed by it's business counterparts, generally had the last word -- good or bad. If an application group felt they needed a server that was as large as a commercial refrigerator and emitted enough heat to keep a small town warm, that's what they got, if they could produce the dollars for it. Application software and hardware infrastructure as a whole was the bastard of a hundred independent self-proclaimed Continue reading
Stateless Routing Through an in-line F5 LTM
When using an F5 load balancer there are 2 predominant ways to setup the network topology. While there are many different names for these methods, in this article I will call them “load balancer on a stick” and in-line. Although the article is about the in-line method, we will quickly review both methods for comparison. […]
Author information
The post Stateless Routing Through an in-line F5 LTM appeared first on Packet Pushers Podcast and was written by Eric Flores.
Protect, Grow, Transform
It's been a while since I wrote something in this blog. Long holiday season, moving house, multiple projects in neighbor country, were really occupying my time the past several months.Yesterday I flew 16 hours from Dubai to San Francisco, had to queue 2 hours, and drove about 1 hour to San Jose for some company meeting in Cisco Head Quarter office. Now it's early morning here and I can't really sleep due to 11 hours time zone difference with Dubai, so I guess it's the right time to post new blog.
Last month I was moved to Architecture group for the new Intelligent Infrastructure Center of Excellence team for EMEAR region, focusing on IP NGN and Network Programmability. My current role as Solution Architect is not only to lead complex NGN projects, something that I've been doing for many years, but as well as to grow Cisco Advanced Services business in those focused technologies within the region.
One strategy that we just came up recently is to define the objectives of this new team. We classify the objectives using Protect, Grow, Transform terminology. For example, Protect by focusing on renewal business and ensuring the quality of project delivery, Grow Continue reading
T-Mobile IPv6 in the US
Swapped from AT&T to T-Mobile in order to take advantage of their 4G/LTE IPv6 network. Since I dogfood IPv6 every chance I get, and the cost to swap saved me a whopping $0.50, I moved forward with it. I find that if I set their EPC.TMOBILE.COM APN to IPv4/IPv6, I don’t really see much in the way of dual-stack actually working on the phone. So I set it from the default IPv4 to just IPv6, and that got it working with native IPv6 and using CLAT+NAT64/DNS64 for IPv4 sites. Screenshot from my Galaxy Nexus running 4.3:
Packet Design Launches Multicast Explorer for Network Engineers to Conquer the Multicast Routing Frontier
New product expands visibility into complex multicast routing configurations, speeds troubleshooting, and makes planning more accurate
From market trading data distribution to Internet Protocol television (IPTV) to online education, use of multicast routing is growing but the ability to manage it across networks has been limited. Building on its pioneering work in route analytics, Packet Design has launched Multicast Explorer, an optional module of the company’s flagship Route Explorer system, to provide unprecedented visibility into complex multicast routing configurations. With improved troubleshooting and proactive management – including interactive modeling – network professionals can enhance multicast service quality as well as prevent interruptions and outages. This is particularly important where failures carry severe penalties, such as in the financial services industry.
Going beyond traditional SNMP and CLI pollers, Multicast Explorer collects and analyzes all IGP routing announcements in real time using a passive technique as well as data collection methods optimized for all major vendor routers. This means the information is always current and accurate for monitoring and troubleshooting multicast issues quickly, preventing the tedious process of querying individual routers and manually correlating the resulting data. If any planned or unplanned configuration changes occur, network managers know immediately Continue reading
Cisco UCS: Crossing the Streams
Apparently you can cable the A-side Fabric Interconnect to the right IOM in a chassis, and it works just fine. You can even look at the DCE interfaces on a VIC in this chassis and see that the paths have been flipped: This is not true for the “correctly” cabled chassis, where the A-side traces occupy the first two slots: The first two interfaces will always go to the left IOM because the backplane traces are cabled that way.Cisco UCS: Crossing the Streams
Apparently you can cable the A-side Fabric Interconnect to the right IOM in a chassis, and it works just fine. You can even look at the DCE interfaces on a VIC in this chassis and see that the paths have been flipped: This is not true for the “correctly” cabled chassis, where the A-side traces occupy the first two slots: The first two interfaces will always go to the left IOM because the backplane traces are cabled that way.IPv6 with A10 Load Balancers
So I got to do some honest IPv6 related work at the job the last 2 weeks. One task was to verify we had IPv6 working on the load balancers to hosts behind it. I was a bit wary of the state of IPv6 security on these A10 LBs, so I opted to keep the globally routed IPv6 space on the LB’s uplink interface, and the VIPs. And behind the scenes, use ULA.
Step 1: I generated a /48 of ULA for the location, and assigned a /64 for use on the VLAN that the inside interface of the LB sits on with the servers themselves.
Step 2: Configure ::1/64 on the LB inside vlan interface, and ::2/64 on a server, and verified that they could reach each other.
Step 3: I installed lighttpd on the server and configured it to listen on the ULA address.
Step 4: From my ARIN allocation, I have a /64 reserved for configuring /126s on device links to the router, so I configured it on the LB’s dedicated interface on the router. Using ::1/126 on the router; ::2/126 on the LB’s interface; ::3/126 as the VIP.
Step 5: Create on the LB an “IPv6 Continue reading
Hot,Cold, Mash Potato Routing and BGP Route Reflector Design Considerations.
If someone tosses you a hot potato, do you want to hold it a long time? If you like pain maybe the answer is yes – but how many of us like pain? In the same way, hot potatoes are very applicable to the Service Provider environment. When a service provider receives a packet, if […]
Author information
The post Hot,Cold, Mash Potato Routing and BGP Route Reflector Design Considerations. appeared first on Packet Pushers Podcast and was written by Orhan Ergun.
MPLS VPNs and Junos config groups: a match made in router heaven
Introduction If you manage MPLS VPNs on Juniper Networks devices running Junos (or are learning about doing so), this tip should make your life easier. I can’t imagine operating MPLS VPNs on a scale of more than a handful of VPNs without it. Below I’ll describe how it works, and then to make sure it’s […]
Author information
The post MPLS VPNs and Junos config groups: a match made in router heaven appeared first on Packet Pushers Podcast and was written by Nik Weidenbacher.
IPSec Bandwidth Overhead Using AES
Someone asked so lets walk through the overhead introduced when using IPSec with AES; it’s higher than you might think and I haven’t even factored in ISAKMP. Encryption really isn’t ‘my bag’ so if anything is wrong, do let me know; hopefully public scrutiny will mean I can truly rely on these figures. Take a […]
Author information
The post IPSec Bandwidth Overhead Using AES appeared first on Packet Pushers Podcast and was written by Steven Iveson.
Not-Via? Not-What?
In our last episode (it’s been two weeks!), we talked about P’s and Q’s. Now we’ll get down into a few details, and think through what is probably the simplest mechanism ever designed for finding alternate loop free paths through a two connected network: not-via. Let’s use the embedded network as an example. In this […]
Author information
Show 164 – Cool or Hot? Lapukhov + Nkposong’s BGP SDN
On this Packet Pushers podcast, hosts Ethan Banks and Greg Ferro are joined by Petr Lapukhov for a discussion about his IETF draft on BGP SDN, co-authored with Edet Nkposong. Guests Russ White and Ivan Pepelnjak also join in the discussion, quizzing Petr about the details of the draft and how implementation has worked out thus far […]
Author information
The post Show 164 – Cool or Hot? Lapukhov + Nkposong’s BGP SDN appeared first on Packet Pushers Podcast and was written by Ethan Banks.
IPv6 multicast over IPv6 IPSec VTI
IPv4 IPSec doesn’t support multicast, we need to use GRE (unicast) to encapsulate multicast traffic and encrypt it. As a consequence, more complication and an additional level of routing, so less performance. One of the advantages of IPv6 is the support of IPSec authentication and encryption (AH, ESP) right in the extension headers, which makes […]
Introduction to Open vSwitch
In the early days of my quest to cut through the jungle of hype regarding SDN, it was difficult to go a single day without hearing about Open vSwitch, or OVS. I’ve been tinkering with Open vSwitch in my lab for a few months now, and realized that I haven’t yet written an introductory post about it for those that haven’t tried it out. If you’re involved with data center like I am, you’re probably familiar with the concept of a vSwitch.Introduction to Open vSwitch
In the early days of my quest to cut through the jungle of hype regarding SDN, it was difficult to go a single day without hearing about Open vSwitch, or OVS. I’ve been tinkering with Open vSwitch in my lab for a few months now, and realized that I haven’t yet written an introductory post about it for those that haven’t tried it out. If you’re involved with data center like I am, you’re probably familiar with the concept of a vSwitch.OSPF Adjacency Building Process
Ever curious regarding how two routers configured for OSPF become fully adjacent? The following diagram of the process was modeled directly from RFC 2328, and the steps described gleaned from the Routing TCP/IP Vol I book. Since we can see mention of a DR, this example must be based on a multi-access network.
- RT1 becomes active and sends a Hello. At this point, RT1 hasn’t seen any neighbors, so it reports such and sets its DR and BDR fields to 0.0.0.0.
- Upon receipt by RT2, RT2 will build a data structure for RT1 and set RT1’s state to Init. RT2 will then send a Hello packet reporting that it has seen RT1, and will report itself as the DR.
- RT1 now sees its own RID in the received Hello packet from RT2, so RT1 will now create a data structure for RT2 and set its state to ExStart. RT1 then begins Master/Slave negotiation with a DD packet with a sequence number of “x”, the Init bit set to indicate that it is the start of an exchange, the More bit set to indicate that it is not the last DD packet to Continue reading
Quiz #19 – Short Network Cuts with MSTP
As a senior network administrator, you receive complaints from server team that yesterday there were multiple short network cuts that impacted some very sensitive applications running in the data center. You investigate and find out that one of the level 1 network engineers performed some network changes. What went wrong?
Product & Routing Webinar: Multicast
Packet Design will be hosting a Product & Routing Webinar focused on Multicast on Wednesday, October 23 at 3pm CST. The event will feature Matt Sherrod, VP of Product Management, as its key speaker and will leave time after the live demonstration for Q&A.