In the "Optimal L3 Forwarding with VARP and Active/Active VRRP" blog post I made a remark along the lines of "Things might get nasty [in Arista EOS Virtual ARP world] if you have configuration mismatches", resulting in a lengthy and amazingly insightful email exchange with Lincoln Dale during which we ventured deeper and deeper down the Virtual ARP (VARP) rabbit hole. Here's what I learned during out trip:
The true OpenFlow zealots would love you to believe that you can drop whatever you’ve been doing before and replace it with a clean-slate solution using dumbest (and cheapest) possible switches and OpenFlow controllers.
In real world, your shiny new network has to communicate with the outside world … or you could take the approach most controller vendors did, decide to pretend STP is irrelevant, and ask people to configure static LAGs because you’re also not supporting LACP.
I was reading What Network Virtualization Isn’t from Jon Onisick the other day and started experiencing all sorts of unpleasant flashbacks caused by my overly long exposure to networking industry missteps and dead ends touted as the best possible solutions or architectures in the days of their glory:
In the TCP, HTTP and SPDY webinar I described the web application performance roadblocks caused by TCP and HTTP and HTTP improvements that remove most of them. Google went a step further and created SPDY, a totally redesigned HTTP. What is SPDY? Is it really the final solution? How much does it help? Hopefully you’ll find answers to some of these questions in the last part of the webinar.
The whole webinar is also available on Udemy - it’s free but you’ll have to register (or log in with Facebook) to get access.
A while ago someone asked what the difference between access and prefix lists is on the Network Engineering Stack Exchange web site (a fantastic resource brought to life primarily by sheer persistence of Jeremy Stretch, who had to fight troves of naysayers with somewhat limited insight claiming everything one would want to discuss about networking falls under server administration web site).
The question triggered a lengthy wandering down the memory lane … and here's the history of how the two came into being (and why they are the way they are).
An individual focused more on sensationalism than content deemed it appropriate to publish an article declaring networking engineers an endangered species on an industry press web site that I considered somewhat reliable in the past.
The resulting flurry of expected blog posts included an interesting one from Steven Iveson in which he made a good point: it’s easy for the cream-of-the-crop not to be concerned, but what about others lower down the pile. As always, it makes sense to do a bit of reality check.
Could you run a data center exclusively on IPv6? What would you need to do to interact with the IPv4 side of the Internet? Tore Anderson from Redpill Linpro figured out that IPv4 addresses are better used to enable the service for the servers hosted in their datacenter instead of “wasting” them for network infrastructure and data center connectivity, and he’ll describe how he’s doing it (in production environment) in tomorrow’s free IPv6-Only Data Centers webinar.
Meeting Brad Hedlund in person was definitely one of the highlights of my Interop 2013 week. We had an awesome conversation and quickly realized how closely aligned our views of VLANs, overlay networks and virtual appliances are.
Not surprisingly, Brad quickly improved my ideas with a radical proposal: running BGP between the virtual and the physical world.
Today's Dilbert is dedicated to every networking and security vendor selling us just good enough solutions.
Huge "Thank you!" to Scott Adams for another well-explained documentary!
IPv6 source address spoofing should be old news – it’s no different from its IPv4 counterpart. Neighbor discovery exhaustion attack is an IPv6-only phenomenon, enabled by huge IPv6 subnet sizes.
During the IPv6 Security webinar Eric Vyncke described Cisco IOS mechanisms you can use to cope with both. Enjoy!
The upcoming Data Center Interconnect webinar (register) is sponsored by Enterasys Networks, so it’s obvious that I’ll also mention how you can use their technology to solve particular data center interconnect problems, but that’s not all. The webinar will focus primarily on Whys, Hows and Whats of solving VM- and IP address mobility challenges in multi-data center environments.
Here are a few of the topics we’ll cover:
One of my blogger friends sent me an interesting observation:
After talking to networking vendors I'm inclined to think they are going to focus on a mesh of overlays from the TOR, with possible use of overlays between vswitch and TOR too if desired - drawing analogies to MPLS with ToR a PE and vSwitch a CE. Aside from selling more hardware for this, I'm not drawn towards a solution like this bc it doesn't help with full network virtualization and a network abstraction for VMs.
The whole situation reminds me of the good old SNA and APPN days with networking vendors playing the IBM part of the comedy.
The Optimal L3 Forwarding with VARP/VRRP post generated numerous comments, ranging from technical questions about VARP (more about that in a few days) to remarks along the lines of “you can do that with X” or “vendor Y supports Z, which does the same thing.” It seems I’ve opened yet another can of worms, let’s try to tame and sort them.
Brent Salisbury sent me a link to a fantastic OpenFlow/SDN presentation Scott Shenker did @ Stanford University a few days ago. It’s a perfect introduction to the fundamental ideas behind SDN and therefore a must-see for everyone vaguely involved in networking.
Here are some of the highlights (from my highly biased perspective):
Brad Hedlund wrote another great article, this one explaining the fundamentals of network virtualization. As you'll see, VMware (and everyone else) aims way higher than replacing VLANs with overlay networks. Highly recommended!
It seems all networking bloggers get plenty of career-related questions: how should I start, what should I focus on, which certification should I pursue ... Finally someone decided to take a structured approach: Paul Stewart and John Harrington launched The Tech Interview web site that should help you get all the answers in a single place.