Real-time flow telemetry for routers

The last few years have seen leading router vendors add support for sFlow monitoring technology that has long been the industry standard for switch monitoring. Router implementations of sFlow include:
  • Arista 7020R Series Routers, 7280R Series Routers, 7500R Series Routers, 7800R3 Series Routers
  • Cisco 8000 Series Routers, ASR 9000 Series Routers, NCS 5500 Series Routers
  • Juniper ACX Series Routers, MX Series Routers, PTX Series Routers
  • Huawei NetEngine 8000 Series Routers
Broad support of sFlow in both switching and routing platforms ensures comprehensive end-to-end monitoring of traffic, see sFlow.org Network Equipment for a list of vendors and products.
Note: Most routers also support Cisco Netflow/IPFIX. Rapidly detecting large flows, sFlow vs. NetFlow/IPFIX describes why you should choose sFlow if you are interested in real-time monitoring and control applications.
DDoS mitigation is a popular use case for sFlow telemetry in routers. The combination of sFlow for real-time DDoS detection with BGP RTBH / Flowspec mitigation on routing platforms makes for a compelling solution.
DDoS protection quickstart guide describes how to deploy sFlow along with BGP RTBH/Flowspec to automatically detect and mitigate DDoS flood attacks. The use of sFlow provides sub-second visibility into network traffic during the periods of high packet loss Continue reading

Internet disruptions overview for Q1 2022

Internet disruptions overview for Q1 2022
Internet disruptions overview for Q1 2022

Cloudflare operates in more than 250 cities in over 100 countries, where we interconnect with over 10,000 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions. In many cases, these disruptions can be attributed to a physical event, while in other cases, they are due to an intentional government-directed shutdown. In this post, we review selected Internet disruptions observed by Cloudflare during the first quarter of 2022, supported by traffic graphs from Cloudflare Radar and other internal Cloudflare tools, and grouped by associated cause.

Plate tectonics

Internet outages caused by “earth movers” are more frequently caused by errant backhoes. However, two Internet disruptions in the first quarter were caused by more significant earth movement — a volcanic eruption and an earthquake.

The first impacted connectivity on the island nation of Tonga, when the Hunga Tonga–Hunga Ha'apai volcanic eruption damaged the submarine cable connecting Tonga to Fiji, resulting in a 38 day Internet outage. After the January 14 eruption, only minimal Internet traffic (via satellite Continue reading

AMD Makes A Big DPU Move With $1.9 Billion Bid For Pensando

Lisa Su has had the datacenter in her sights since taking over as president and chief executive officer of AMD in 2014, charting a course that would allow the processor to once again become a factor in the global server market after a decade or so in the wilderness following its brief but high-profile breakthrough with its first Opteron processor in 2003.

AMD Makes A Big DPU Move With $1.9 Billion Bid For Pensando was written by Jeffrey Burt at The Next Platform.

What is a network operations center (NOC)?

NOC (pronounced “knock,”) stands for a network operations center, and if the term conjures up images of a NASA-like control room, you would not be too far off from reality – at least at some organizations.While the role of a NOC can vary, the general idea is to create a room or centralized facility where information technology (IT) professionals can constantly monitor, maintain and troubleshoot all aspects of a network. The NOC must also be equipped with all of the technology required in order to support those operations, including monitors, computers, telecommunications equipment and a fast connection to network resources.NOCs were created for two main reasons. The first was to give IT staffers a central location to work from, instead of having them run around trying to fix problems or perform preventative maintenance, like patching systems, from different locations.To read this article in full, please click here

What is a network operations center (NOC)?

NOC (pronounced “knock,”) stands for a network operations center, and if the term conjures up images of a NASA-like control room, you would not be too far off from reality – at least at some organizations.While the role of a NOC can vary, the general idea is to create a room or centralized facility where information technology (IT) professionals can constantly monitor, maintain and troubleshoot all aspects of a network. The NOC must also be equipped with all of the technology required in order to support those operations, including monitors, computers, telecommunications equipment and a fast connection to network resources.NOCs were created for two main reasons. The first was to give IT staffers a central location to work from, instead of having them run around trying to fix problems or perform preventative maintenance, like patching systems, from different locations.To read this article in full, please click here

netlab MPLS Support

netlab release 1.2.0 adds full-blown MPLS and MPLS/VPN support:

It’s never been easier to build full-blown MPLS/VPN labs ;)… if you’re OK with using Cisco IOS or Arista EOS. Please feel free to submit a PR to add support for other platforms.

You might want to start with the VRF tutorial to see how simple it is to define VRFs, and follow the installation guide to set up your lab – if you’re semi-fluent in Linux, the easiest option would be to run Arista cEOS.

netsim-tools, MPLS Edition

netsim-tools release 1.2.0 adds full-blown MPLS and MPLS/VPN support:

It’s never been easier to build full-blown MPLS/VPN labs ;)… if you’re OK with using Cisco IOS or Arista EOS. Please feel free to submit a PR to add support for other platforms.

You might want to start with the VRF tutorial to see how simple it is to define VRFs, and follow the installation guide to set up your lab – if you’re semi-fluent in Linux (and don’t care about data plane quirks), the easiest option would be to run Arista cEOS.

Ipfixprobe Installation and Testing

Ipfixprobe is a project created by CESNET. CESNET is an association of universities and the Academy of Sciences of the Czech Republic that operates and develops a national e-infrastructure for science, research and education, including a computer network, computing grids, data repositories, collaborative environments and offering a wide range of services. Ipfixprobe, as its name […]
Continue reading...

Networking Field Day: Service Provider – Arista VPLS

During the first networking field day: service provider one of the big topics was EVPN versus VPLS. Arista has put a lot of work into their EVPN deployment and this has give then a ton of success in the data center. However, a large portion of the provider space, especially last mile providers, rely on VPLS heavily. This naturally led to discussion about Arista VPLS support.

I’m pleased to see that there is now basic support in EOS as of EOS 4.27.2F and more on the roadmap. Hopefully, we’ll see the off ramp, RFC8560, from VPLS to EVPN which was a hot button topic throughout the week.

In the release notes for EOS 4.27.2F it calls our basic VPLS support. So I took a look. Reviewing the new 4.27.2F manual I found support for LDP PWs on RFC4447 which is virtual private wire support. This also appeared to be in EOS 4.26 but not earlier. I might have missed a different call out in the doc, if I did someone please point me in the right direction so I can update this post!

In the meantime lets review how this works:

mpls  Continue reading

Worth Reading: Higher Levels of Address Aggregation

Every now and then someone tells me how much better the global Internet would be if only we were using recursive layers (RINA) and hierarchical addresses. I always answer “that’s a business problem, not a technical one, and you cannot solve business problems by throwing technology at them”, but of course that has never persuaded anyone who hasn’t been running a large-enough business for long enough.

Geoff Huston is doing a much better job in the March 2022 ISP Column – read the Higher Levels of Address Aggregation, and if you still need more technical details, there’s 30+ pages of RFC 4984.

Worth Reading: Higher Levels of Address Aggregation

Every now and then someone tells me how much better the global Internet would be if only we were using recursive layers (RINA) and hierarchical addresses. I always answer “that’s a business problem, not a technical one, and you cannot solve business problems by throwing technology at them”, but of course that has never persuaded anyone who hasn’t been running a large-enough business for long enough.

Geoff Huston is doing a much better job in the March 2022 ISP Column – read the Higher Levels of Address Aggregation, and if you still need more technical details, there’s 30+ pages of RFC 4984.

What Cloudflare is Doing to Keep the Open Internet Flowing into Russia and Keep Attacks from Getting Out

What Cloudflare is Doing to Keep the Open Internet Flowing into Russia and Keep Attacks from Getting Out
What Cloudflare is Doing to Keep the Open Internet Flowing into Russia and Keep Attacks from Getting Out

Following Russia’s unjustified and tragic invasion of Ukraine in late February, the world has watched closely as Russian troops attempted to advance across Ukraine, only to be resisted and repelled by the Ukrainian people. Similarly, we’ve seen a significant amount of cyber attack activity in the region. We continue to work to protect an increasing number of Ukrainian government, media, financial, and nonprofit websites, and we protected the Ukrainian top level domain (.ua) to help keep Ukraine’s presence on the Internet operational.

At the same time, we’ve closely watched significant and unprecedented activity on the Internet in Russia. The Russian government has taken steps to tighten its control over both the technical components and the content of the Russian Internet. For their part, the people in Russia are doing something very different. They have been adopting tools to maintain access to the global Internet, and they have been seeking out non-Russian media sources. This blog post outlines what we’ve observed.

The Russian Government asserts control over the Internet

Over the last five years, the Russian government has taken steps to tighten its control of a sovereign Internet within Russia’s borders, including laws requiring Russian ISPs to install equipment allowing Continue reading

OSPF Area Types

OSPF Areas are used for OSPF Scalability. In this post, we will have a look at many different topics about OSPF Area Types, their usage, limitations, different router types, and so on.

In OSPF, we have in general two different Area Types. OSPF Backbone Area and OSPF Non-Backbone Area.

There are many different OSPF Non-Backbone Area types and we will cover each one of them, their use case, limitations, and benefits in this post.

OSPF Area 0 – OSPF Backbone Area

First of all, Let’s start with Area 0.

It is known as the Backbone area in OSPF and if there are many different areas, non-backbone areas can communicate with each other through OSPF Area 0.

Let’s use the below topology for the rest of the OSPF Area Types discussion.

OSPF Area Types

Figure – OSPF Area Types

In the above topology, OSPF Area 0, which is OSPF Backbone Area, physically connects different OSPF Non-Backbone Areas.

OSPF Router Types in OSPF Area 0 are known as Internal Backbone Routers. We don’t have OSPF LSA restrictions when it comes to OSPF Area 0, all the LSAs are allowed in this OSPF Area, except Type 4 and Type 7. Type 4 LSA is used for Continue reading

Introduction to Pulumi for Infrastructure as Code Deployments

Introduction I’ve been itching to introduce Pulumi to you all for the longest time. I heard about Pulumi in the mid-point of 2021. At the time I was going through Microsoft AZ-700 studies and figured it would be fun to double up the learning and get my hands on Pulumi. Long story short, I really […]

The post Introduction to Pulumi for Infrastructure as Code Deployments appeared first on Packet Pushers.

1 500 501 502 503 504 3,804