Growth of hybrid and multi-cloud demands new thinking about virtual networks.

Everyone in tech likely thinks they know what “cloud computing” and “networking” mean, but they’re probably wrong, and their misconceptions about the first topic color their view of the second. Yes, the cloud is dominating computing, but most stuff isn’t “moving to the cloud”. This subtle point is already changing how we think about networking.I’ve worked with the cloud from the first, and while there was a bit of “move this to the cloud” going on for server consolidation reasons, the overwhelming majority of stuff enterprises run in the cloud today isn’t an entire application at all. It’s the presentation layer of legacy data-center apps.Corporate transaction processing, data storage and retrieval, and analytics are all things that demand security and reliability. From the first, enterprise executives have been telling me that these activities aren’t going to move to the cloud because they believe that their requirements can’t be met, and the cost would be greater rather than lower. My work with them proves out that view. Despite all the hype about the economy of scale of the cloud providers, the fact is that most enterprises achieve economies close enough to those of the cloud that the difference wouldn’t Continue reading

Repost: LISP Is a False Economy

Minh Ha left this comment on the Packet Forwarding 101 blog post. As is usually the case, it’s fun reading and it would be a shame not to repost it as a standalone blog post (even though I don’t necessarily agree with all his conclusions).

I always enjoy Bela’s great insights, esp. on hardware and transport networks, but this time I beg to differ. LISP, is a false economy. It was twisted from the start, unscalable right from the get-go. In Networking and OS, to name (ID) something is to locate it, and vice versa. So the name LISP itself reflects a false distinction. Due to this misconception, LISP proponents are unable to establish the right boundary conditions, leading to the size of xTRs’ RIB diverging (going unbounded). In a word, it has come full circle back to BGP, an exemplary manifestation of RFC 1925 rule 6.

Read more …

Repost: LISP Is a False Economy

Minh Ha left this comment on the Packet Forwarding 101 blog post. As is usually the case, it’s fun reading and it would be a shame not to repost it as a standalone blog post (even though I don’t necessarily agree with all his conclusions).

I always enjoy Bela’s great insights, esp. on hardware and transport networks, but this time I beg to differ. LISP, is a false economy. It was twisted from the start, unscalable right from the get-go. In Networking and OS, to name (ID) something is to locate it, and vice versa. So the name LISP itself reflects a false distinction. Due to this misconception, LISP proponents are unable to establish the right boundary conditions, leading to the size of xTRs' RIB diverging (going unbounded). In a word, it has come full circle back to BGP, an exemplary manifestation of RFC 1925 rule 6.

Read more …

Technology Short Take 152

Welcome to Technology Short Take #152! Normally I’d publish a Technology Short Take in the morning on a Friday, but I really wanted to get this one out so I’m making it live late in the day on a Monday. Here’s hoping I’ve included some content below that you find useful!

Networking

  • I was (and am) familiar with RFC 1918 and the concept of non-routable address spaces. However, I was not familiar with the term “bogons” to refer to such prefixes that should not be publicly routed. Thanks to this article, that oversight is now corrected. Oh, and the article shares a handy Python script to help implement bogon filtering in NSX-T.
  • Koyeb describes, at a high level, the global networking stack for their serverless platform. Components involved include the open source Kuma service mesh (in turn leveraging Envoy), anycast BGP, and mutual TLS (mTLS).
  • Ivan Pepelnjak does a great job of describing all the things you really shouldn’t do (or don’t really need to do) when trying to deal with migrating container hosts in a data center fabric. In truth, the answer is exactly as Ivan says at the top of the article: when it comes to Continue reading

MWC: Microsoft expands 5G, edge-network offerings through Azure

Microsoft announced a range of new carrier infrastructure offerings through Azure, including services for private 5G enterpise networks, at this week’s Mobile World Congress, in a move designed to bolster the company’s position as a partner to the telecom industry as 5G and edge computing deployments progess.To read this article in full, please click here

Cloud Engineering For The Network Pro: Part 3 – VPCs And Virtual Networks (Video)

The next installment of Michael Levan’s series on networking in public clouds walks through how to set up a VPC (Virtual Private Cloud) in AWS and a VNet (Virtual Network) in Microsoft Azure. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of […]

The post Cloud Engineering For The Network Pro: Part 3 – VPCs And Virtual Networks (Video) appeared first on Packet Pushers.

Tech Bytes: How Fortinet’s FortiGuard Labs Turns Billions Of Security Events Into Intelligence (Sponsored)

Today’s Tech Bytes podcast explores threat intelligence with sponsor Fortinet and its FortiGuard Labs. FortiGuard Labs analyzes billions of global security events daily and distills them into actionable information for network and security teams. Fortinet also uses those events to inform security updates to its products.

The post Tech Bytes: How Fortinet’s FortiGuard Labs Turns Billions Of Security Events Into Intelligence (Sponsored) appeared first on Packet Pushers.

Aurora In A Socket: What Intel’s “Falcon Shores” XPU Might Do

We are still chewing through some of the announcements that came out of Intel Investor Day and the ISSCC 2022 chip conference, and one of the things we want to circle back on is the “Falcon Shores” hybrid CPU-GPU that Intel is working on for future servers.

Aurora In A Socket: What Intel’s “Falcon Shores” XPU Might Do was written by Timothy Prickett Morgan at The Next Platform.

VMware And NVIDIA Focus On The Far Edge To Host Network Services On SmartNICs

This post originally appeared on the Packet Pushers’ Ignition site on October 19, 2020. The network edge is desirable new territory for software and hardware vendors. The objective is to get compute, networking, storage, and security features as close as possible to data sources and data-hungry applications. VMware and NVIDIA have launched new initiatives to […]

The post VMware And NVIDIA Focus On The Far Edge To Host Network Services On SmartNICs appeared first on Packet Pushers.

Topology aware fabric analytics

Real-time telemetry from a 5 stage Clos fabric describes how to emulate and monitor the topology shown above using Containerlab and sFlow-RT. This article extends the example to demonstrate how topology awareness enhances analytics. 
docker run --rm -it --privileged --network host --pid="host" \
  -v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
  -v ~/clab:/home/clab -w /home/clab \
  ghcr.io/srl-labs/clab bash
Start Containerlab. 
curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/clos5.yml
Download the Containerlab topology file. 
sed -i "s/prometheus/topology/g" clos5.yml
Change the sFlow-RT image from sflow/prometheus to sflow/topology in the Containerlab topology. The sflow/topology image packages sFlow-RT with useful applications that combine topology awareness with analytics.
containerlab deploy -t clos5.yml
Deploy the topology. 
curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/clos5.json
Download the sFlow-RT topology file. 
curl -X PUT -H "Content-Type: application/json" -d @clos5.json \
http://localhost:8008/topology/json
Post the topology to sFlow-RT.
Connect to the sFlow-RT Topology application, http://localhost:8008/app/topology/html/. The dashboard confirms that all the links and nodes in the topology are streaming telemetry. There is currently no traffic on the network, so none of the nodes in the topology are sending flow data.
docker exec -it clab-clos5-h1 iperf3 -c 172.16.4.2
Generate traffic. You should see the Nodes No Flows number drop Continue reading

Performance Improvements in Automation Controller 4.1

Red Hat Ansible Automation Platform 2 is the next generation automation platform from Red Hat’s trusted enterprise technology experts. With the release of Ansible Automation Platform 2.1, users now have access to the latest control plane – automation controller 4.1.

Automation controller helps standardize how automation is deployed, initiated, delegated, and audited, allowing enterprises to automate with confidence while reducing sprawl and variance. Users can manage inventory, launch and schedule workflows, track changes, and integrate into reporting, all from a centralized user interface and RESTful API.

Automation controller 4.1 provides significant performance improvements when compared to its predecessor Ansible Tower 3.8. To put this into context, we used Ansible Tower 3.8 to run jobs, capture various metrics while jobs were running/finished, and compare that with automation controller 4.1. This post highlights the significant performance improvements in automation controller 4.1.

Benchmark framework

In order to deep dive into the prospective performance enhancements with the latest automation controller, we at the performance engineering team at Red Hat created a benchmarking framework consisting of the following workflow:

  • Installation of RHEL 8.3 virtual machines with 4 CPU and 16 GB RAM deployed within the IBM Cloud
  • Continue reading

How 6 top SD-WAN and SASE vendors are evolving

As the COVID-19 pandemic drags on and continues to impact the way people work, SD-WAN vendors are responding by investing heavily in new capabilities that extend the enterprise edge to wherever workers happen to be—branches, campuses, home offices, co-working spaces, mobile, etc.The main thrust of this evolution in SD-WAN technology is the merger of networking and security functions into a single platform, which most vendors now call Secure Access Service Edge (SASE).Who’s selling SASE, and what do you get? SASE, a term coined by Gartner in 2019, converges SD-WAN with basic security offerings, including encryption, anti-malware, and firewalls, while adding advanced services, such as Next-Generation Firewall (NGFW), Firewall-as-a-Service (FWaaS), Data Leak Prevention (DLP), Secure Internet Gateway (SIG), and Zero Trust Network Access (ZTNA).To read this article in full, please click here

Running a Ubuntu VM on a Mac M1

If you’re brand-new to Python and Ansible, you might be a bit reluctant to install a bunch of packages and Ansible collections on your production laptop to start building your automation skills. The usual recommendation I make to get past that hurdle is to create a Ubuntu virtual machine that can be destroyed every time to mess it up.

Creating a virtual machine is trivial on Linux and MacOS with Intel CPU (install VirtualBox and Vagrant). The same toolset no longer works on newer Macs with M1 CPU (VMware Fusion is in tech preview, so we’re getting there), but there’s an amazingly simple alternative: Multipass by Canonical.

Read more …

Running a Ubuntu VM on a Mac M1

If you’re brand-new to Python and Ansible, you might be a bit reluctant to install a bunch of packages and Ansible collections on your production laptop to start building your automation skills. The usual recommendation I make to get past that hurdle is to create a Ubuntu virtual machine that can be destroyed every time to mess it up.

Creating a virtual machine is trivial on Linux and MacOS with Intel CPU (install VirtualBox and Vagrant). The same toolset no longer works on newer Macs with M1 CPU (VMware Fusion is in tech preview, so we’re getting there), but there’s an amazingly simple alternative: Multipass by Canonical.

Read more …

A Bird feeder from re-usable plastics – we have to start something small to protect other beings.

Disclaimer: I speak about reducing plastic and still I use a 3d printer to print a very specific fixture, I have weighed in options and plastic that I end up printing will be out there hopefully feeding birds or can safely be re-cycled until I come up with something innovative, as of now this is the least I could come upon re-using old bottles, helping birds feed and using some plastic to print a fixture. If I have to buy a commercial one, that is again some plastic and I won’t end up re-using it as well, so 3d printing this small fixture for me outweighs the other currently viable solution and this is something I can give out to neighbours and they can easily associate with.

Am proud to say that I have started to take some responsibility towards the environment and other living beings, that to say it’s my first step and now I appreciate even more what environmentalists and other people do to protect other beings, earth and fellow human beings which we don’t have any time to notice and appreciate them.

Once I started doing the below things which are very trivial I feel good and Continue reading

1 525 526 527 528 529 3,804