Understanding Data Center Fabrics 08: Advanced Underlay Control Planes – Video

In this video, Russ White examines two advanced options for your underlay control plane: distoptflood and RIFT. He explores the basics of distopflood and RIFT, optimizations in distoptflood, centralized flooding, how RIFT works, and more. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a […]

The post Understanding Data Center Fabrics 08: Advanced Underlay Control Planes – Video appeared first on Packet Pushers.

Use zero trust to fight network technical debt

Zero trust (ZT) is a mindset and a method, not a technology. The current push to adopt ZT is driven by an urgent and growing need to make a major leap forward in risk management and attack containment in enterprise networks, a need driven home by every successive wave of ransomware. IT can use the urgency of moving to ZT to root out some of the technical debt in the environment. Specifically, it can be a catalyst to find areas exempted from network and network security standards and bring them up to date under the new paradigm of zero trust.No more exempting network components from access-control roles In a ZT environment, the network not only doesn’t trust a node new to it, but it also doesn’t trust nodes that are already communicating across it. When a node is first seen by a ZT network, the network will require that the node go through some form of authentication and authorization check. Does it have a valid certificate to prove its identity? Is it allowed to be connected where it is based on that identity? Is it running valid software versions, defensive tools, etc.? It must clear that hurdle before being Continue reading

Use zero trust to fight network technical debt

Zero trust (ZT) is a mindset and a method, not a technology. The current push to adopt ZT is driven by an urgent and growing need to make a major leap forward in risk management and attack containment in enterprise networks, a need driven home by every successive wave of ransomware. IT can use the urgency of moving to ZT to root out some of the technical debt in the environment. Specifically, it can be a catalyst to find areas exempted from network and network security standards and bring them up to date under the new paradigm of zero trust.No more exempting network components from access-control roles In a ZT environment, the network not only doesn’t trust a node new to it, but it also doesn’t trust nodes that are already communicating across it. When a node is first seen by a ZT network, the network will require that the node go through some form of authentication and authorization check. Does it have a valid certificate to prove its identity? Is it allowed to be connected where it is based on that identity? Is it running valid software versions, defensive tools, etc.? It must clear that hurdle before being Continue reading

Combining BGP and IGP in an Enterprise Network

Syed Khalid Ali left the following question on an old blog post describing the use of IBGP and EBGP in an enterprise network:

From an enterprise customer perspective, should I run iBGP, iBGP+IGP (OSPF/ISIS/EIGRP), or IGP with mutual redistribution on the edge routers? I was hoping you could share some thoughtful insight on when to select one over the other.

We covered many relevant details in the January 2022 Design Clinic; here’s the CliffNotes version. Remember that the road to hell (and broken designs) is paved with great recipes and best practices and that I’m presenting a black-and-white picture because I don’t feel like transcribing our discussion into an oversized blog post. People wrote books on this topic; search for “Russ White books” to find a few.

Finally, there’s no good substitute for understanding how things work (which brings me to another webinar ;).

Read more …

Combining BGP and IGP in an Enterprise Network

Syed Khalid Ali left the following question on an old blog post describing the use of IBGP and EBGP in an enterprise network:

From an enterprise customer perspective, should I run iBGP or iBGP+IGP (OSPF/ISIS/EIGRP) or IGP while doing mutual redistribution on the edge routers. I was hoping if you could share some thoughtful insight on when to select one over the another?

We covered tons of relevant details in the January 2022 Design Clinic, here’s the CliffNotes version. Keep in mind that the road to hell (and broken designs) is paved with great recipes and best practices, and that I’m presenting a black-and-white picture because I don’t feel like transcribing the discussion we had into an oversized blog post. People wrote books on this topic; I’m pretty sure you can search for Russ White and find a few of them.

Finally, there’s no good substitute for understanding how things work (which brings me to another webinar ;).

Read more …

Automation 13. Real-life Example of a Python Automation for a Network Audit with Nornir and Scrapli

Hello my friend,

Today we are going to discuss a real-life experience, how network automation helped us to save a lot of time and significantly improve a quality of the medium size data centre. You will learn about the problem, which audit was to solve and how Python leveraging Nornir and Scrapli solved it.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Can Automation Help with Audits?

We, humans, are incredible creatures. We can create. We can write songs and compose music; we can invent new drugs and find new materials. We can develop new software and tools. However, in order to be able to do that, we need to have a free time and not to worry about anything. That’s why we need to rely on different tools, which can do routine tasks requiring a lot of concentration at least as good as we, humans, can. Probably, even better than we. Audit is one of such tasks, and in IT world it definitely Continue reading

Understanding Data Center Fabrics 07: Link State Protocol In The Underlay – Video

Episode seven continues a discussion of fabric underlays by looking at the use of link-state protocols instead of BGP. Network architect and author Russ White covers: -Which link state protocol (IS-IS or OSPF) to choose -Russ’s reasons for preferring IS-IS -IS-IS efficiencies for packet formats and autoconfiguration -Resource recommendations for learning IS-IS -Scale and flooding […]

The post Understanding Data Center Fabrics 07: Link State Protocol In The Underlay – Video appeared first on Packet Pushers.

VPP Configuration – Part1

VPP

About this series

I use VPP - Vector Packet Processor - extensively at IPng Networks. Earlier this year, the VPP community merged the Linux Control Plane plugin. I wrote about its deployment to both regular servers like the Supermicro routers that run on our AS8298, as well as virtual machines running in KVM/Qemu.

Now that I’ve been running VPP in production for about half a year, I can’t help but notice one specific drawback: VPP is a programmable dataplane, and by design it does not include any configuration or controlplane management stack. It’s meant to be integrated into a full stack by operators. For end-users, this unfortunately means that typing on the CLI won’t persist any configuration, and if VPP is restarted, it will not pick up where it left off. There’s one developer convenience in the form of the exec command-line (and startup.conf!) option, which will read a file and apply the contents to the CLI line by line. However, if any typo is made in the file, processing immediately stops. It’s meant as a convenience for VPP developers, and is certainly not a useful configuration method for all but the simplest topologies.

Luckily, VPP comes Continue reading

Continuing – Bird Project and Extensions

I will keep this post very short, In order to fuel and make the model sustain, https://r2079.wordpress.com/2022/03/18/capturing-bird-photos/, I have thought about including a solar panel and powering the system with a Lithium Ion battery.

I have installed the system and it’s been working fine, I understood I was very bad at Soldering.

  • TP4056 -> This takes energy from solar panel and feeds to Li Battery.
  • Solar Panel -> I have a small panel which fits on the hosting box
  • Lithium Ion Batteries and charger (4x2500mAH)

I hope this runs continuously using solar power.

-Rakesh

Understanding Data Center Fabrics 06: BGP Underlay – Video

The sixth video in this series examines the underlay component of a data center fabric, touches on a theoretical discussion of network layers, and reviews the use of BGP as your underlay protocol. Russ White covers: -The notion of abstractions in a network and how they limit failure domains -Tradeoffs among surface, state, and optimization […]

The post Understanding Data Center Fabrics 06: BGP Underlay – Video appeared first on Packet Pushers.

Nvidia announces server ‘superchips,’ with and without GPUs

At its GPU technology conference (GTC) last year, Nvidia announced it would come out with its own server chip called Grace based on the Arm Neoverse v9 server architecture. At the time, details were scant, but this week Nvidia revealed the details, and they are remarkable.With Grace, customers have two options, both dubbed superchips by Nvidia. The first is the Grace Hopper Superchip that was formally introduced last year, but only broadly described. It consists of a 72-core CPU, and a Hopper H100 GPU tightly connected by Nvidia’s new high-speed NVLink-C2C chip-to-chip interconnect, which has 900GB/s of transfer speed.To read this article in full, please click here

Nvidia announces server ‘superchips,’ with and without GPUs

At its GPU technology conference (GTC) last year, Nvidia announced it would come out with its own server chip called Grace based on the Arm Neoverse v9 server architecture. At the time, details were scant, but this week Nvidia revealed the details, and they are remarkable.With Grace, customers have two options, both dubbed superchips by Nvidia. The first is the Grace Hopper Superchip that was formally introduced last year, but only broadly described. It consists of a 72-core CPU, and a Hopper H100 GPU tightly connected by Nvidia’s new high-speed NVLink-C2C chip-to-chip interconnect, which has 900GB/s of transfer speed.To read this article in full, please click here

SQLModel For Network Engineers

Introduction I published a blog introducing relational databases for network engineers (linked below and here) on Packet Pushers. I would highly encourage readers unfamiliar with SQL and databases in general to take a look at that post before moving on. In this post we will focus on SQLModel and interacting with databases using the python […]

The post SQLModel For Network Engineers appeared first on Packet Pushers.

Nvidia introduces Spectrum-4 platform for AI, HPC over Ethernet

Nvidia is known for its GPUs, but has introduced Spectrum-4, a combination of networking technologies that reinforces its commitment not only to graphics processors, but also to systems designed to handle the demanding network workloads of AI and high-performance computing.The latest Nvidia Spectrum products rely on the new Spectrum-4 Ethernet-switch ASIC that boasts 51.2 Tb/s switching and routing capacity. The chip underpins the latest members of the company’s Spectrum switches, which are available later this year. The switches are part of a larger Spectrum-4 platform that integrates Nvidia’s ConnectX-7 smartNIC, its new BlueField-3 DPU, and its DOCA software-development platform.To read this article in full, please click here

1 495 496 497 498 499 3,793