BGP Local Preference

BGP Local Preference is a BGP attribute that is used for Outbound path manipulation in today’s Computer Networks. Path manipulation is known as BGP Traffic Engineering as well and the Local Preference attribute is the most common technique for it in real networks. In this blog post I will be explaining the use case, comparison with other outbound path manipulation techniques, and how the BGP Local Preference attribute works we will understand.

First of all, we should know that it is not a Cisco specific attribute, it is a standard attribute, which is used in other vendor equipment as well. Vendor interoperability works without issue.

Because a picture is worth a thousand words, let’s have a look at the below topology to understand how it works.

bop local pref

In the above topology, AS65000 has two paths to AS1.

Prefixes from AS1 are learned via two paths but AS65000 wants to use the left path as a Primary Path and the right path as a backup path.

The reason in real-life people wants to use their links as primary and backup this way is usually a cost. One of the links might be expensive and another can be cheaper, and they may want Continue reading

WEBINAR: Deploying IPv6 for WISPs and FISPs.

A few weeks ago, we recorded a webinar on deploying IPv6 for WISPs and FISPs. As IPv6 adoption continues to climb, developing an IPv6 strategy for design, deployment and system integration is an important step before subscribers begin asking for IPv6.

Some of the topics that were covered include:

  • IPv6 basics – addressing, subnetting, types
  • IPv6 design and deployment
  • IPv6 systems and operations

Here is an example of getting started with IPv6 deployment at the border of the ASN


Link to the webinar and slide deck

Webinar: click here

Slides: click here




Revving Up Relational Databases For Scorching Native AI Performance

There may not be as much structured data in the world as there is unstructured data, but one could easily argue that the structured data – mostly purchasing transactions and other kinds of historical data data stored in systems of record – is at least of equal value.

Revving Up Relational Databases For Scorching Native AI Performance was written by Jeffrey Burt at The Next Platform.

VMware named a Leader in Cloud Networking in GigaOm Radar Report

We’re delighted to report that GigaOm, a global provider of technology industry insights and analysis, has placed VMware in the leader ring in the GigaOm Radar Report for Cloud Networking 2022. In the leader ring, VMware is placed in the Platform Play and Maturity quadrant. This is a testament to the robustness of VMware’s cloud networking solution and its leading position in the cloud networking space. Click here to download the complete report.

Chart, radar chart, sunburst chart Description automatically generated

 

Noting VMware’s broad portfolio of networking solutions, which covers the entire network stack and includes native network features for observability, micro-segmentation, and beyond, GigaOm says that VMware is in a leading position to help enterprises with complex networking requirements “modernize and optimize their infrastructure.”

Cloud Network Evaluation Criteria

The report evaluates 11 vendors that provide tools or platforms to help build and operate cloud networks. They include major enterprises like VMware, as well as several smaller companies.

GigaOm assessed the vendors on a variety of criteria, including:

  • Network traffic security and micro-segmentation.
  • Observability.
  • Troubleshooting and diagnostics.
  • Optimization and autoscaling.
  • APIs and IaC integration.
  • Application-aware infrastructure.
  • Solution management.

VMware received a triple-plus score – the highest evaluation possible – for most of the categories given above.

Continue reading

How Observability Helps Troubleshoot Incidents Faster

It all starts with the dreaded alert. Something went awry, and it needs to be fixed ASAP. Whether it’s the middle of the night and you’re the on-call responder, or it’s the middle of the afternoon, and your whole team is working together to ship a bundle of diffs, having an incident happen is extremely disruptive to your business — and often very expensive, making every minute count. So how can observability (o11y for short) help teams save precious time and resolve incidents faster? First, let’s explore the changing landscape from monitoring to observability. Debugging Using Traditional Monitoring Tools Savannah Morgan Savannah is senior technical customer success manager at Honeycomb. She is passionate about helping users find creative solutions for complex problems. When she is off the clock, Savannah can be found at the park with her family, binge-watching Netflix or spoiling her big pup, Bruce. The key to resolving an incident quickly is to rapidly understand why things went wrong, where in your code it’s happening, and most of all, who it affects and how to fix it. Most of us learned to debug using static dashboards powered by metrics-based monitoring tools like Prometheus or Datadog, plus a whole Continue reading

Configuring an AWS dynamic inventory with Automation controller

One of the core components of Ansible is inventories. In its most basic form, an inventory provides host information to Ansible so it can trigger the tasks on the right host or system. In most environments, the static inventory is sufficient for the Ansible control node to work from, however as we expand our use of automation, we need to transition to more effective methods of gathering ever-changing environment details.

This is where the use of a dynamic inventory is beneficial. This allows the platform to gather information for the inventory from environments that are not static sources. A prime example of this is using a dynamic inventory plugin to gather inventory information from a cloud provider or hypervisor, enabling you to keep an inventory up to date with instance details.

Amazon Web Services (AWS) is one of the biggest public cloud providers used around the world. Organizations use their Elastic Compute Cloud services (EC2) for their workflows, however managing an inventory for your instances running on AWS would typically have to be done manually, which is problematic and time consuming. Using the AWS Identity and Access Management interface (IAM), we are able to get programmatic access to the AWS Continue reading

What Is Zero Trust Security?

Zero Trust is a framework for security in which all users of an application, software, system, or network, inside or outside of an organization, must be authenticated, verified, and frequently validated before being granted access to specific data or tools within the company’s network. In the zero trust framework, networks can be in the cloud, hybrid, or on-premise with employees in any location. The assumption is that no users or devices are to be trusted with access without meeting the necessary validation requirements. In today’s modern digital transformation forward environment, the zero-trust security framework helps to ensure infrastructure and data are kept safe, and more modern business challenges are handled appropriately. For example, as the pandemic has evolved, securing remote workers and their access will be of greater importance for organizations that want to scale their workforce. Ransomware threats and attacks are increasing, and zero trust implementation can detect these threats, from novel ones to custom-crafted malware, far before they cause harm. What Foundation Makes up Zero Trust? Zero Trust security is built on the architecture established by the National Institute of Standards & Technology (NIST). The

Duplicate ARP Replies with Anycast Gateways

A reader sent me the following intriguing question:

I’m trying to understand the ARP behavior with SVI interface configured with anycast gateways of leaf switches, and with distributed anycast gateways configured across the leaf nodes in VXLAN scenario.

Without going into too many details, the core dilemma is: will the ARP request get flooded, and will we get multiple ARP replies. As always, the correct answer is “it depends” 🤷‍♂️

Read more …

Duplicate ARP Replies with Anycast Gateways

A reader sent me the following intriguing question:

I’m trying to understand the ARP behavior with SVI interface configured with anycast gateways of leaf switches, and with distributed anycast gateways configured across the leaf nodes in VXLAN scenario.

Without going into too many details, the core dilemma is: will the ARP request get flooded, and will we get multiple ARP replies. As always, the correct answer is “it depends” 🤷‍♂️

Read more …

Troubleshooting puzzle: What caused the streaming to degrade?

You’ve just been given the task of solving a network problem that has been unresolved for many months. Where do you start? Is it a solvable problem or is it just the way the network works? Maybe you’ve encountered a limitation on how network protocols function. What follows is an account of just such a problem that stumped many good network engineers for months and how it was resolved by NetCraftsmen’s Samuel Bickham. It may provide tips for solving problems you face down the road. As Bickham says, “Troubleshooting is kinda like a magic trick: It’s impressive until it’s explained.”A customer contacted NetCraftsmen to ask if we could diagnose a networking problem that affected only a few applications and a subset of employees on an intermittent basis.To read this article in full, please click here

Aruba service overlays existing infrastructure with virtual networks

Aruba Networks is expanding its Edge Services Platform to better manage and automate the operation of far-flung distributed enterprise networks.Hewlett Packard Enterprise’s network subsidiary rolled out NetConductor, a cloud-based service that Aruba says will help enterprises centrally manage the security of distributed networks while simplifying policy provisioning and automating the orchestration of network configurations in wired, wireless, and WAN infrastructures.What is SDN and where it’s going NetConductor is a service delivered by Aruba Central, the vendor’s core cloud-based management platform and works by delivering an EVPN, VXLAN-based network overlay across a customer’s wired and wireless networks offering a much more unified and simplified view of the network to the networking team, according to Larry Lunetta, vice president of wireless local area network and security solutions marketing at Aruba.To read this article in full, please click here

Optimizing Magic Firewall’s IP lists

Optimizing Magic Firewall’s IP lists
Optimizing Magic Firewall’s IP lists

Magic Firewall is Cloudflare’s replacement for network-level firewall hardware. It evaluates gigabits of traffic every second against user-defined rules that can include millions of IP addresses. Writing a firewall rule for each IP address is cumbersome and verbose, so we have been building out support for various IP lists in Magic Firewall—essentially named groups that make the rules easier to read and write. Some users want to reject packets based on our growing threat intelligence of bad actors, while others know the exact set of IPs they want to match, which Magic Firewall supports via the same API as Cloudflare’s WAF.

With all those IPs, the system was using more of our memory budget than we’d like. To understand why, we need to first peek behind the curtain of our magic.

Life inside a network namespace

Magic Transit and Magic WAN enable Cloudflare to route layer 3 traffic, and they are the front door for Magic Firewall. We have previously written about how Magic Transit uses network namespaces to route packets and isolate customer configuration. Magic Firewall operates inside these namespaces, using nftables as the primary implementation of packet filtering.

Optimizing Magic Firewall’s IP lists

When a user makes an API request to configure their Continue reading

1 540 541 542 543 544 3,841