ipSpace.net

Buying yearly subscription a bit at a time

2012-02-13T07:28:00.000+01:00

One of my readers sent me the following question:

I know that if I purchase a single webinar, I can apply that cost toward a yearly subscription. Is it additive? If I start buying recordings one-by-one until I reach $200, will I be given the yearly subscription?

The answer is a qualified yes (and you can find all the details on my web site):

Nicira, BigSwitch, NEC, OpenFlow and SDN

2012-02-10T06:22:00.000+01:00

Numerous articles published in the last few days describing how Nicira clashes heads-on with Cisco and Juniper just proved that you should never let facts interfere with a good story (let alone eye-catching headline). Just in case you got swayed away by those catchy stories, here’s the real McCoy (as I see it):

Nicira Open vSwitch inside vSphere/ESX

2012-02-09T08:40:00.000+01:00

I got intrigued when reading Nicira’s white paper claiming their Open vSwitch can run within vSphere/ESX hypervisor. There are three APIs that you could use to get that job done: dvFilter API (intercepting VM NIC like vCDNI does), the API used by Cisco’s Nexus 1000V, or the device driver interface (intercepting uplink traffic). Turns out Nicira decided to use a fourth approach using nothing but publicly-available APIs.

Cloudy thoughts

2012-02-08T07:57:00.002+01:00

We have a public holiday today, so I’ll spend the morning with my kids instead of writing yet another whatever-does-not-scale post. However, I did stumble across two fantastic cartoons that I simply have to share with you.

New webinar: DMVPN Designs

2012-02-07T07:08:00.000+01:00

My next live webinar will be based on the DMVPN design posts I wrote recently and a number of scenarios that landed in my Inbox during the last few months. I’ll try to help you decide which phase of the DMVPN technology to use, which routing protocol would be best for you, and how to optimize the routing protocol you select. We’ll also discuss interesting redundancy and primary/backup scenarios, including combinations of DMVPN, MPLS/VPN and 3G networks.

If you’re new to the DMVPN world or haven’t bought my DMVPN webinars yet, consider the DMVPN Trilogy jumbo pack.

Nicira uncloaked

2012-02-06T08:39:00.001+01:00

Nicira, the OpenFlow startup behind the Open vSwitch, has finally dropped the stealthy cloak. Congratulations!!! Their web site is still pretty sparse on details, but you can get an initial impression of what they’re doing from a number of white papers describing Network Virtualization Platform and DVNI architecture. Short summary: I was almost right, but being a routing-and-switching bloke missed a few interesting bits – OpenFlow (and Open vSwitch) can easily combine security and forwarding functionality.

Virtual Circuits in OpenFlow 1.0 World

2012-02-03T06:47:00.000+01:00

Two days ago I described how you can use tunneling or labeling to reduce the forwarding state in the network core (which you have to do if you want to have reasonably fast convergence with currently-available OpenFlow-enabled switches). Now let’s see what you can do in the very limited world of OpenFlow 1.0 (if any shipping physical switch supports OpenFlow 1.1 beyond OpenFlow 1.0 functionality, please write a comment)

Easy Virtual Network (EVN) – nothing new under the sun

2012-02-02T06:56:00.000+01:00

For whatever reason, Easy Virtual Network (EVN), a configuration sugar-glaze on top of VRF-lite (oops, multi-VRF) that has been lurking in the shadows for the last 18 months erupted into the twittersphere after Cisco’s latest switching launch. I can’t possibly understand why the implementation of a decade-old technology on mature platform (Catalyst 4500 and Catalyst 6500) makes news at the time when 40GE and 100GE interfaces were launched, but the intricacies of marketing always somehow escaped me.

Forwarding State Abstraction with Tunneling and Labeling

2012-02-01T06:56:00.000+01:00

Yesterday I described how the limited flow setup rates offered by most commercially-available switches force the developers of production-grade OpenFlow controllers to drop the microflow ideas and focus on state abstraction (people living in a dreamland usually go in a totally opposite direction). Before going into OpenFlow-specific details, let’s review the existing forwarding state abstraction technologies.

FIB update challenges in OpenFlow networks

2012-01-31T07:00:00.000+01:00

Last week I described the problems high-end service provider routers (or layer-3 switches if you prefer that terminology) face when they have to update large number of entries in the forwarding tables (FIBs). Will these problems go away when we introduce OpenFlow into our networks? Absolutely not, OpenFlow is just another mechanism to download forwarding entries (this time from an external controller) not a laws-of-physics-changing miracle.

Not sure about the yearly subscription? Start slowly!

2012-01-30T06:42:00.000+01:00

One of my Twitter friends sent me this question: “Would you honestly recommend your webinar subscription for a young CCIE that knows how routing works but have no real world experience and is a noob in DC/VM/NXOS?” That sounds like a perfect audience to me – I usually assume the attendees have mastered the fundamentals of networking/routing but don’t know much about the topics of the webinar (the whole idea of my webinars is to help you get started in new technology areas).

Interesting links (2012-01-29)

2012-01-29T13:09:00.000+01:00

Most interesting article in this batch: Ethernet Taps - Don't Get Me Started by Chris Marget, focusing on Ethernet taps: passive, active, aggregators, L1 switches ...

And here are the other interesting links I found in somewhat random order:

Prefix-Independent Convergence (PIC): Fixing the FIB bottleneck

2012-01-27T07:18:00.000+01:00

Did you rush to try OSPF Loop Free Alternate on a Cisco 7200 after reading my LFA blog post ... and disappointedly discovered that it only works on Cisco 7600? The reason is simple: while LFA does add feasible-successor-like behavior to OSPF, its primary mission is to improve RIB-to-FIB convergence time.

Loop-Free Alternate: OSPF meets EIGRP

2012-01-26T06:18:00.000+01:00

Assume we have a simple triangular network:

Now imagine the A-to-C link fails. How will OSPF react to the link failure as compared to EIGRP? Which one will converge faster? Try to answer the questions before pressing the Read more link ;)

VXLAN runs over UDP – does it matter?

2012-01-25T06:28:00.000+01:00

Scott Lowe asked a very good question in his Technology Short Take #20:

VXLAN uses UDP for its encapsulation. What about dropped packets, lack of sequencing, etc., that is possible with UDP? What impact is that going to have on the “inner protocol” that’s wrapped inside the VXLAN UDP packets? Or is this not an issue in modern networks any longer?

Short answer: No problem.

Redundant DMVPN designs, Part 2 (Multiple Uplinks)

2012-01-24T07:23:00.000+01:00

In the Redundant DMVPN Design, Part 1 I described the options you have when you want to connect non-redundant spokes to more than one hub. In this article, we’ll go a step further and design hub and spoke sites with multiple uplinks.

Public IP addressing

Fact: DMVPN tunnel endpoints have to use public IP addresses or the hub/spoke routers wouldn’t be able to send GRE/IPsec packets across the public backbone.

Clearing up the IPv6 Webinar confusion

2012-01-23T06:53:00.000+01:00

One of my readers couldn’t figure out which IPv6 webinar to buy. He wrote:

I bought your Service Provider IPv6 Introduction webinar. I’m also interested in Building IPv6 Service Provider Core and Building Large IPv6 Access Networks. I realized that the second training is not released yet and it says that it's an update session for the first training, so do I need to buy both? I would like to download all the material related to the trainings so I would watch them whenever I need.

It seems I did overcomplicate a few things, so I’ll try to clear up the confusion I created.

Best of December 2011

2012-01-21T20:08:00.000+01:00

According to Google Analytics these were the most popular posts I wrote in December 2011:

IP renumbering in disaster avoidance Data Center designs

2012-01-20T12:03:00.000+01:00

It’s hard for me to admit, but there just might be a corner use case for split subnets and inter-DC bridging: even if you move a cold VM between data centers in a controlled disaster avoidance process (moving live VMs rarely makes sense), you might not be able to change its IP address due to hard-coded IP addresses, be it in application code or configuration files.

Disaster recovery is a different beast: if you’ve lost the primary DC, it doesn’t hurt if you instantiate the same subnet in the backup DC.

DHCPv6 Prefix Delegation with Radius works in IOS release 15.1

2012-01-19T13:52:00.001+01:00

A while ago I described the pre-standard way Cisco IOS used to get delegated IPv6 prefixes from a RADIUS server. Cisco’s documentation always claimed that Cisco IOS implements RFC 4818, but you simply couldn’t get it to work in IOS releases 12.4T or 15.0M. In December I wrote about the progress Cisco is making on the DHCPv6 front and iord@intracom.com commented that IOS 15.1S does support RFC 4818. You know I absolutely had to test that claim ... and it’s true!

IPv6 ND Managed-Config-Flag is just a hint

2012-01-19T10:44:00.000+01:00

2012-01-19: The initial version of this post contained a serious error: Cisco IOS DHCPv6 server does not create host routes; without on-link prefix, the router cannot forward the packets to the attached end-hosts.

IPv6 hosts can use stateless or stateful autoconfiguration. Stateless address autoconfiguration (SLAAC) uses IPv6 prefixes from Router Advertisement (RA) messages; stateful autoconfiguration uses DHCPv6. The routers can use two flags in RA messages to tell the attached end hosts which method to use:

Redundant DMVPN designs, Part 1 (The Basics)

2012-01-17T07:03:00.000+01:00

Most of the DMVPN-related questions I get are a variant of the “how many tunnels/hubs/interfaces/areas do I need for a redundant DMVPN design?” As always, the right answer is “it depends” (and I can always help you with your design if you’d like to get a second opinion), but here’s what I’ve learned so far.

Filter inbound BGP prefixes: Summary

2012-01-16T07:32:00.000+01:00

I got plenty of responses to the How could we filter extraneous BGP prefixes post, some of them referring to emerging technologies and clean-slate ideas, others describing down-to-earth approaches. Thank you all, you’re fantastic!

Interesting links (2012-01-15)

2012-01-15T11:20:00.000+01:00

Lots of interesting links accumulated in my Evernote notebook during the last two weeks. Let's start with a design masterpiece — Historical Thursday: The Other Manhattan Project: Almost as good as stretched clusters ... and almost as useful ;)

And here are the other links in somewhat random order:

3 & 5 years ago (January 2012)

2012-01-14T11:32:00.000+01:00

I’ve been blogging regularly for over five years, accumulating almost 1500 posts. It must be quite tasking and time-consuming to leaf through the older posts (not sure anyone ever did that ;), so I decided to use my brand-new Google Analytics add-on to find out which of the old posts are still attracting some attention.

In January 2007, I focused on CEF and wrote about CEF punted packets, CEF punt adjacency and Per-port CEF load sharing.

Hot topics in January 2009 included DHCP (Decent DNS, DHCP and HTTP server on an ISR router and Flash-based DHCP database) and load sharing (EBGP multipath load sharing and CEF).