Pseudowire FAT Interoperability

I usually don’t think much about Pseudowires Sub-TLV until I encountered two IOS-XR boxes that didn’t use the same value and didn’t forward any packets. There is a special corner case of pseudowires using Flow Labels Transport (FAT) that can cause unexpected behavior and if you don’t watch out you might drop traffic. In this post I’ll go over the details of using FAT with different IOS-XR versions and what can go wrong.

Flow Aware Transport  pseudowire (RFC6391) is a type of L2VPN that operates over MPLS. The main benefit of it is that it implements a mechanism which allows you to load-balance one pseudowire over multiple equal cost paths (i.e. ECMP). ECMP of a pseudowire becomes an advantage when transporting large amount of traffic such as 10Gbps or more. FAT is a special interface sub-TLV that’s negotiated between two PE.

The problem relates to Flow Aware Transport (FAT) pseudowires where one side terminating router operates the IOS-XR version 4.3.2 and the other any version up to 4.3.1. The symptom is lack to forwarding of tunneled packets. Both sides show PW as up and operational but no traffic is being forwarded over it. Continue reading

The SDN Ecosystem

As a follow on to my blog about building a business case for an SDN deployment, there are now dozens of companies offering SDN-related products – so many that you might find it difficult to separate the hype from the meat. Let’s look at some categories of SDN products and how each of them fits into an overall SDN solution.

The key components of an SDN solution are ASICs, switches, a controller, and the applications or services that run over the network.

ASICs

ASICs have a long history in networking by driving scale and performance. In a clock cycle, very complex tasks can be accomplished. Without the ASIC, the central CPU would be overwhelmed performing those same tasks (remember those so called “one arm routers”). The need for ASICs created a new set of suppliers such as Broadcom, Marvell and Mellanox, and most recently Intel through its acquisition of Fulcrum. We can expect more and more specialization in ASICs as the industry pivots on the SDN theme. Over the last decade, the merchant silicon vendors have diversified and specialized products for vertical markets. For example, an ASIC optimized for the data center might have VxLAN support, while another tuned Continue reading

IPv6 at Home – Prefix Delegation

As many of you may know, I used to move packets around for a living.  I’m not doing that any more, but I’m still administering my own little home network and keeping my hand in.  After my old consumer-grade ADSL modem packed it in, I decided that I’d like to do something a bit more […]

Author information

Matthew Mengel

Matthew was a Senior Network Engineer for a regional educational institution in Australia for over 15 years, working with Cisco equipment across many different product areas. However, in April 2011 he resigned, took seven months of long service leave to de-stress and re-boot before becoming a network engineer for a medium sized non-profit organisation. At the end of 2013, he left full-time networking behind after winning a scholarship to study for a PhD in astrophysics. He is on twitter infrequently as @mengelm.

The post IPv6 at Home – Prefix Delegation appeared first on Packet Pushers Podcast and was written by Matthew Mengel.

Response: Math and Monitoring

Monitorama has posted the videos from their conference PDX 2014 and I’ve been watching them during concentration breaks. Most of them are very good story telling from real practitioners who have real world experiences. I wanted to call out just two that impressed me deeply. Noah Kantrowitz’s session from Monitorama PDX 2014 talks about using […]

The post Response: Math and Monitoring appeared first on EtherealMind.

Cisco Live – The Minimalist Packing List

Cisco Live 2014 is right around the corner! It’s almost time to start packing. The other day, Keith Miller (@packetologist), a first-time Cisco Live attendee, asked me on Twitter:

I have a bit of a reputation among some of my consulting clients as being ready for just about anything. Normally, that means my laptop bag weighs about 50 lbs. But for Cisco Live, I choose to travel light. I’ve seen people in the airport on the way to, and from, the event with a LOT of stuff. Sure, some folks are presenters or carrying company stuff but for the rest, you probably just have too much stuff.

Why choose to travel as light as possible? Here are just a few reasons:

  1. Airline bag check fees
  2. Airlines are great at losing/abusing your stuff once its out of your hands
  3. Due to #1, everyone is always fighting for room in the overhead bins and you end up checking your “carry on” anyway
  4. If you land early, you have to check your 3 tons of bags, or else Continue reading

Load balancing large flows on multi-path networks

Figure 1: Active control of large flows in a multi-path topology
Figure 1 shows initial results from the Mininet integrated hybrid OpenFlow testbed demonstrating that active steering of large flows using a performance aware SDN controller significantly improves network throughput of multi-path network topologies.
Figure 2: Two path topology
The graph in Figure 1 summarizes results from topologies with 2, 3 and 4 equal cost paths. For example, the Mininet topology in Figure 2 has two equal cost paths of 10Mbit/s (shown in blue and red). The iperf traffic generator was used to create a continuous stream of 20 second flows from h1 to h3 and from h2 to h4. If traffic were perfectly balanced, each flow would achieve 10Mbit/s throughput. However, Figure 1 shows that the throughput obtained using hash based ECMP load balancing is approximately 6.8Mbit/s. Interestingly, the average link throughput decreases as additional paths are added, dropping to approximately 6.2Mbit/s with four equal cost paths (see the blue bars in Figure 1).

To ensure that packets in a flow arrive in order at their destination, switch s3 computes a hash function over selected fields in the packets (e.g. source and destination IP addresses Continue reading

Integrating Route Explorer with the OpenDaylight Controller for SDN Provisioning

Integrating Route Explorer with the OpenDaylight Controller for SDN Provisioning

by Steve Harriman, VP of Marketing - May 13, 2014

Despite the hype surrounding SDN, no one can afford to leap frog to the new technology. They must have a strategy to integrate the new with the old to reap the biggest benefits. Packet Design has taken its first step in helping customers do so. We’ve integrated Route Explorer with the OpenDaylight controller to automate SDN provisioning of RSVP-TE tunnels. For network engineers, this means eliminating the manual process of creating tunnels. They can simply plan it in Route Explorer and have the OpenDaylight controller automatically provision it. Some of our early adopter customers – especially service providers – are very happy about this. 

OpenDaylight only supports TE tunnels today, but our integration is an example of how we can support SDN in hybrid environments. Our analytics technology is unique because it allows us to build SDN conforming applications in the presence of non-conforming applications. You don’t have to do a forklift hardware upgrade in the network or build a brand new network architecture where the controller provisions everything. We are able to demonstrate provisioning of RSVP-TE tunnels in hybrid environments Continue reading

Routing-Bits SP Update

    The next installment of the SP handbook is now available. It includes two new chapters and an extra appendix. Please check your email for instructions. Contact me if your email address has changed.Filed under: CCIE SP

Recap of ONUG Conference 2014

Last week I attended the Open Networking User Group conference. My main reason for attending was to participate in three roundtable discussions put on by Tech Field Day. These sessions were recorded, and I’ll be following up with specific thoughts on each session in later blog posts.

These round-tables only occupied a portion of the two-day conference, so I spent the remainder of the time speaking with some of the vendors and sitting in a few of the sessions.

Sessions

I wasn’t permitted to attend a large chunk of ONUG sessions, and I’ll get to that in the next paragraph. I did manage to see a good friend Kyle Mestery present on two of my favorite topics – OpenDaylight and OpenStack. The sessions at ONUG were not recorded, but I’ll again direct you to this video for a reasonably close approximation:

Kyle is the embodiment of the passion and energy found in great communities like OpenStack and OpenDaylight, and if you ever have the opportunity to hear him present, I encourage you to take it.

I also finally got to meet Brad Hedlund in meatspace:

Cisco Live 2014 – Final Countdown!

  Ok, that video probably dates me a bit, and that is OK.  This will be my 9th consecutive time attending Cisco Live (aka Networkers).  Just a few final things to share before the event kicks off. The other day I received an e-mail from Cisco Live with a special announcement.  It reads: This is a […]

Into the Light of Day: Uncovering Ongoing and Historical Point of Sale Malware and Attack Campaigns

Point of Sale systems that process debit and credit cards are still being attacked with an increasing variety of malware. Over the last several years PoS attack campaigns have evolved from opportunistic attacks involving crude theft of card data with no centralized Command & Control, through memory scraping PoS botnets with centralized C&C and most recently to highly targeted attacks that require a substantial amount of lateral movement and custom malware created to blend in with the target organization.

While contemporary PoS attackers are still successful in using older tools and methodologies that continue to bring results due to poor security, the more ambitious threat actors have moved rapidly, penetrating organizational defenses with targeted attack campaigns. Considering the substantial compromise lifespans within organizations that have active security teams and managed infrastructure, indicators shared herein will be useful to detect active as well as historical compromise.

Organizations of all sizes are encouraged to seriously consider a significant security review of any PoS deployment infrastructure to detect existing compromises as well as to strengthen defenses against an adversary that continues to proliferate and expand attack capabilities.

In addition to recent publications discussing Dexter and Project Hook malware activity, Arbor ASERT is currently Continue reading

Recap of ONUG Conference 2014

Last week I attended the Open Networking User Group conference. My main reason for attending was to participate in three roundtable discussions put on by Tech Field Day. These sessions were recorded, and I’ll be following up with specific thoughts on each session in later blog posts. These round-tables only occupied a portion of the two-day conference, so I spent the remainder of the time speaking with some of the vendors and sitting in a few of the sessions.

Recap of ONUG Conference 2014

Last week I attended the Open Networking User Group conference. My main reason for attending was to participate in three roundtable discussions put on by Tech Field Day. These sessions were recorded, and I’ll be following up with specific thoughts on each session in later blog posts. These round-tables only occupied a portion of the two-day conference, so I spent the remainder of the time speaking with some of the vendors and sitting in a few of the sessions.

Quiz #24 – OSPF Default-Information Originate Always

Type: Lab Difficulty: Intermediate Company ABC has multiple buildings (A, B, C and D) and two internet connections to ISP-1 (in Building-B) and ISP-2 (in Building-C). Building-A has a CORE router connected to the Border Router in Building-B (BR-B). Both BR-B and BR-C receive a default route via eBGP from the ISPs and are configured identically to inject it into the OSPF Area 0 that covers all internal routers as... [read more]

Tails 1.0: A bootable Linux distro that protects your privacy

Whatever your primary OS, Linux distro Tails 1.0 offers a plethora of security features to help you work online without worrying about privacy issues.These days, it seems as though anyone who uses the Internet is a tasty morsel for insatiable data thieves. Marketers, governments, criminals and random snoops won't be satisfied until they can snarf whatever information they want about us at any time.If you want to dodge ad trackers, have sensitive sources to protect or you just want to conduct your normal online activities without being spied on, then The Amnesiac Incognito Live System (better known as Tails) could help.To read this article in full or to leave a comment, please click here

QUIZ #24 &#8211 OSPF Default-Information Originate Always

Company ABC has multiple buildings and two internet connections via 2 different ISPs. Both BR-B and BR-C receive a default route via eBGP from the ISPs and they inject it in OSPF. For some reason, when ISP-1 link goes down, entire Building-A looses the internet access ! Something must be wrong...

1 3,755 3,756 3,757 3,758 3,759 3,858