The Path the Resolverless DNS

Networking Hardware/Software Disaggregation in 2022

I started preparing the materials for the SDN – 10 years later webinar, and plan to publish a series of blog posts documenting what I found on various aspects of what could be considered SDN¹. I’m pretty sure I missed quite a few things; your comments are most welcome.

Let’s start with an easy one: software/hardware disaggregation in network devices.

Open-Source Network Operating Systems

I found several widely-used open-source² network operating systems:

Networking Hardware/Software Disaggregation in 2022

I started preparing the materials for the SDN – 10 years later webinar, and plan to publish a series of blog posts documenting what I found on various aspects of what could be considered SDN¹. I’m pretty sure I missed quite a few things; your comments are most welcome.

Let’s start with an easy one: software/hardware disaggregation in network devices.

Open-Source Network Operating Systems

I found several widely-used open-source² network operating systems:

Learning BGP Module 2 Lesson 2: Peering, Part 2 – Video

Russ White continues the discussion about BGP peering in part two of this lesson. Topics covered include: -Challenges with link-local next hop with IPv6 -How different BGP implementations handle these challenges -Promiscuous peering -Mitigating the attack surface of promiscuous peers -BGP Capabilities -Filtering before advertising/RFC 8212 You can subscribe to the Packet Pushers’ YouTube channel […]

The post Learning BGP Module 2 Lesson 2: Peering, Part 2 – Video appeared first on Packet Pushers.

Part 1: Rethinking Cache Purge, Fast and Scalable Global Cache Invalidation

There is a famous quote attributed to a Netscape engineer: “There are only two difficult problems in computer science: cache invalidation and naming things.” While naming things does oddly take up an inordinate amount of time, cache invalidation shouldn’t.

In the past we’ve written about Cloudflare’s incredibly fast response times, whether content is cached on our global network or not. If content is cached, it can be served from a Cloudflare cache server, which are distributed across the globe and are generally a lot closer in physical proximity to the visitor. This saves the visitor’s request from needing to go all the way back to an origin server for a response. But what happens when a webmaster updates something on their origin and would like these caches to be updated as well? This is where cache “purging” (also known as “invalidation”) comes in.

Customers thinking about setting up a CDN and caching infrastructure consider questions like:

• How do different caching invalidation/purge mechanisms compare?
• How many times a day/hour/minute do I expect to purge content?
• How quickly can the cache be purged when needed?

This blog will discuss why invalidating cached assets is hard, what Cloudflare has done to make Continue reading

Learning BGP Module 2 Lesson 1: Peering Part 1 – Video

The first video in this second module of Russ White’s BGP course covers peering, including why BGP uses TCP for transport, passive and active peer, multi-hop peering, collisions, and more. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. […]

The post Learning BGP Module 2 Lesson 1: Peering Part 1 – Video appeared first on Packet Pushers.

Weekend Reads 051322

Cloudflare, a company that specializes in web security and distributed denial of service (DDoS) attack mitigation, just reported that it managed to stop an attack of an unprecedented scale.

Cloud operators provide price incentives so that users gravitate towards newer generations (and between server architectures). Figure 1 shows lines of best fit for the average cost per virtual central processing unit (vCPU, essentially a physical processor thread as most processor cores run two threads simultaneously) of a range of AWS virtual instances over time.

Passwordless sign-ins are already a practical reality, but they’re sometimes clunky — and three of the biggest tech companies believe they can reduce the friction.

Within a decade, the growth of powerful quantum computers will lead to a new era in security, in which once-impenetrable public-key techniques like RSA and ECC will fall to higher levels of brute force.

Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts.

Developers understand the importance of security, and overwhelmingly want to deploy secure and quality code, but software vulnerabilities continue to be exploited.

The National Institute Continue reading

Worth Reading: Using LEO and GEO Satellite Internet

Another interesting column by Geoff Huston: performance of TCP congestion control protocols when using Low-Earth Orbit or Geosynchronous Orbit satellites for Internet access.

Worth Reading: Using LEO and GEO Satellite Internet

Another interesting column by Geoff Huston: performance of TCP congestion control protocols when using Low-Earth Orbit or Geosynchronous Orbit satellites for Internet access.

Using Python to Calculate Cisco SD-WAN Tunnel Numbers – Part 1

When using Cisco SD-WAN on IOS-XE, it uses tunnel interfaces to configure parameters of the implementation. There is a mapping between what interface the tunnel is sourcing from and the name of the tunnel interface. For example, if the tunnel source is GigabitEthernet0, the tunnel interface is Tunnel0, if the tunnel source is GigabitEthernet0.100, the tunnel interface is Tunnel100000. When provisioning a router and not using Zero Touch Provisioning (ZTP), you build a small bootstrap configuration that configures mandatory parameters such as Site ID, System IP, Organization Name, but also a tunnel interface to be able to connect to the controllers. It is possible to create this configuration in vManage, and hence find out the tunnel interface name, but I thought it would be interesting to do this with code and not be dependent on vManage.

In this post, I will describe the code I used and what my logic was when creating different parts of the code. In this first post I will use the code that I came up with. In the second part, my friend Rodrigo who runs an excellent Python blog ,analyzed my code and came up with improvements, which I will describe in that Continue reading

IS-IS Average Flooding Rate

Introduction

In recent years, a lot of work has been done to scale IGPs for dense topologies, making IGPs again an interesting area. In this blog post, we will look at IS-IS Flooding and how we can measure the flooding rate, and in the future post explore Dynamic Flooding and Area Proxy.

Topology Setup

For our experiment, we will use a stripped-down topology connecting Four locations. The devices are emulated using Arista cEOS, and all devices are part of a single level2 flooding domain. Topology creation was done with the help of netsim-tools and containerlabs. So my regards go to everyone involved with the tool, as it took care of the monotonous work like IP-Addressing, wiring, and base configs.

In the above diagram, Nodes under uin1-b2 will be the primary focus of our deep dive. Node Label consists of the node name suffix and the last octet of the loopback IP. For example:

uin1-b2-t1-r1 with LSP ID of 0000.0000.0013 is highlighted as t1-r1(13) under uin1-b2 block.
uin1-b2-t2-r1 with LSP ID of 0000.0000.0009 is highlighted as t2-r1(09) under uin1-b2 block.

IS-IS Refresher

Let’s do a quick IS-IS refresher. We know that IS-IS Packets are of following types:

1. Continue reading

Learning BGP Module 1 Lesson 4: Intra-AS Models And Route Reflectors – Video

This lesson in Russ White’s BGP course delves into synchronization within an Autonomous System (AS) and confederation within an AS. It also discusses route reflectors, including how they prevent loops, route reflector clients, route reflector multi-path, and multi-path pros and cons. Russ White is a network architect, author, and instructor. You can subscribe to the […]

The post Learning BGP Module 1 Lesson 4: Intra-AS Models And Route Reflectors – Video appeared first on Packet Pushers.

Heavy Networking 630: Palo Alto Networks Introduces Okyo Garde And SD-WAN Bandwidth On Demand (Sponsored)

Heavy Networking 630: Palo Alto Networks Introduces Okyo Garde And SD-WAN Bandwidth On Demand (Sponsored)

Today's Heavy Networking podcast explores two new offerings from sponsor Palo Alto Networks. First is Okyo Garde, a home wireless mesh appliance to connect and secure remote workers while reducing the management burden from IT. We also discuss a new licensing program to make provisioning bandwidth for branch and remote offices for Prisma SD-WAN simpler and more flexible.

The post Heavy Networking 630: Palo Alto Networks Introduces Okyo Garde And SD-WAN Bandwidth On Demand (Sponsored) appeared first on Packet Pushers.

AMD makes steady gains on Intel in server chip market

AMD continues to increase its share of both the overall x86 chip market and the server x86 market in particular, despite a large-scale general downturn in shipments, according to a report released this week by Mercury Research.The majority of the fall-off in x86 shipments was felt in the desktop market, the report said, but the server market was also down on a quarterly volume basis — despite reaching record highs in revenue.Dean McCarron, president of Mercury Research, said that the decline was due to a combination of factors."There's a pretty heavy uplift in Q4 on consumer systems due to holiday buying, and it drops off in Q1," he said. "Typically, the worst drop of the year happens in Q1, so not only did that happen, but there's also some excess inventory that got built up and negatively impacted sales."To read this article in full, please click here

Try the Simplest Thing First to Address Hybrid Network Performance Issues

Network Zen: The Duality of Bandwidth

Juniper Extends Contrail To Kubernetes For Cloud-Native Virtual Networking

Juniper Networks’ network virtualization software Contrail can now integrate with Kubernetes. Originally designed for OpenStack, Juniper calls this new version of Contrail “CN2.” Contrail is a Software Defined Networking (SDN) platform for spinning up, configuring, and managing virtual networks on compute nodes rather than traditional network hardware. Contrail enables virtualized routing, switching, load balancing, and […]

The post Juniper Extends Contrail To Kubernetes For Cloud-Native Virtual Networking appeared first on Packet Pushers.

What’s New in Calico v3.23

Hey everyone. We’re excited to announce the release of Calico v3.23! Thanks to everyone in the community who contributed to the release. We could not have fitted this many improvements in without you. To view the detailed release notes, please visit us here. While we have many improvements in this release, here’s a brief overview of some of the larger features to be aware of.

IPv6 VXLAN support

Calico now supports VXLAN encapsulation for IPv6 networks. This expands our support for any users who have adopted IPv6.

VPP data plane beta

We are ecstatic to announce that the Calico VPP data plane has reached beta status! A huge thanks to the VPP team for working tirelessly over the last few releases to increase stability, performance, and feature compatibility. Try it out by visiting our documentation here.

Calico networking support in AKS

You can now install Calico networking in your AKS clusters to take advantage of all of the Calico networking features. To try it out, follow the Calico on AKS installation instructions. To learn more about using your own network plugin in AKS, see the AKS documentation here.

BGP enhancements

We have added new configuration options to allow for Continue reading

Learning BGP Module 1 Lesson 3: How BGP Really Converges – Video

This lesson in Russ White’s BGP course gets into withdrawing a route, MRAI time, implicit withdraws, BGP Hunt, graceful restart, and other topics. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content […]

The post Learning BGP Module 1 Lesson 3: How BGP Really Converges – Video appeared first on Packet Pushers.