Subscribe to IOSHints feed
Internetworking perspectives by Ivan Pepelnjak
Updated: 7 hours 52 min ago

When Did SDN Really Start?

22 hours 21 min ago

You might remember my blog post claiming we had a system with SDN-like properties more than 20 years ago.

It turns out SDN is older than that – Rob Faulds found an old ComputerWorld ad from 1989 promoting AT&T SDN service, and it seems SDN was in operation as early as 1985.

NSONE – Data-Driven DNS on Software Gone Wild

April 16, 2015 - 11:15pm

DNS is a crucial component in modern scale-out application architectures, so when Alex Vayl and Kris Beevers from NSONE contacted me just as I was starting to work on my Active-Active Data Centers presentation, I was more than interested to hear what their solution can do.

The result: Episode 29 of Software Gone Wild in which we discussed a number of topics including:

Read more ...

How Do I Get Started with SDN and Virtualization?

April 16, 2015 - 1:24am

Here’s a short question I got from one of my readers:

I am a CCIE in SP/DC & working as Technical Architect in US. I follow your website but I don’t know where to start for SDN/Virtualization/Openstack…

I guess he’s not alone, so here’s a long list of resources I put together in the last 5+ years.

Before I get started: you’ll find links to most of these resources on SDN Resources page.

Read more ...

Design Challenge: Multiple Data Centers Connected with Slow Links

April 15, 2015 - 12:29am

One of my readers sent me this question:

What is best practice to get a copy of the VM image from DC1 to DC2 for DR when you have subrate (155 Mbps in my case) Metro Ethernet services between DC1 and DC2?

The slow link between the data centers effectively rules out any ideas of live VM migration; to figure out what you should be doing, you have to focus on business needs.

Read more ...

Video: IPv6 Microsegmentation

April 14, 2015 - 1:12am

The video of my Troopers 15 IPv6 Microsegmentation presentation has been published on YouTube. As with the Automating Network Security video, it’s hard to read the slides; you might want to look at the slide deck on my public content web site.

You’ll find more about this topic, including tested Cisco IOS configurations, in IPv6 Microsegmentation webinar.

Watch the video

There’s a Difference between Scaling and Not Being Stupid

April 13, 2015 - 2:17am

I was listening to one of the HP SDN Packet Pushers podcasts in which Greg made an interesting comment along the lines of “people say that OpenFlow doesn’t scale, but what HP does with its IMC is it verifies the amount of TCAM in the switches, checks whether it can install new flows, and throws an alert if it runs out of TCAM.

Read more ...

Are your ESXi uplinks saturated?

April 11, 2015 - 9:25am

Iwan Rahabok sent me a link to a nice vRealize setup he put together to measure maximum utilization across all uplinks of a VMware host. Pretty handy when the virtualization people start deploying servers with two 10GE uplinks with all sorts of traffic haphazardly assigned to one or both of them.

Oh, if the previous paragraph sounds like Latin, and you should know a bit about vSphere/ESXi, take a hefty dose of my vSphere 6 webinar ;)

ntopng Deep Dive with Luca Deri on Software Gone Wild

April 10, 2015 - 12:03am

PF_RING is a great open-source project that enables extremely fast packet processing on x86 servers, so I was more than delighted when Paolo Lucente of the pmacct fame introduced me to Luca Deri, the author of PF_RING.

When we started chatting, we couldn’t resist mentioning ntopng, another open-source project Luca is working on.

Read more ...

More Layer-2 Misconceptions

April 9, 2015 - 2:03am

My “What Is Layer-2 and Why Do You Need It?blog post generated numerous replies, including this one:

Pretend you are a device receiving a stream of bits. After you receive some inter-frame spacing bits, whatever comes next is the 2nd layer; whether that is Ethernet, native IP, CLNS/CLNP, whatever.

Not exactly. IP (or CLNS or CLNP) is always a layer-3 protocol regardless of where in the frame it happens to be, and some layer-2 protocols have no header (apart from inter-frame spacing and start-of-frame indicator).

Read more ...

New Webinar: vSphere 6 Networking Deep Dive

April 7, 2015 - 11:35pm

The VMware Networking Deep Dive webinar was getting pretty old and outdated, but I always managed to get an excuse to postpone its refresh – first it was lack of new features in vSphere releases, then bad timing (doesn’t make sense to do a refresh in June with new release coming out in August), then lack of documentation (vSphere 6 was announced in August 2014; the documentation appeared in March 2015).

Read more ...

Article: Is NFV Relevant for Enterprise Networks?

April 7, 2015 - 1:03am

Network Computing recently published my “Yes, NFV Is Important For The Enterprise” article. Short summary: NFV is (like BGP and MPLS) yet another technology that is considered applicable only to service provider networks but makes great sense in some enterprise contexts.

I’ll talk about enterprise aspects of NFV at Interop Las Vegas, and describe some NFV technical details and typical use cases in an upcoming webinar.

IPv6 is 20 years old

April 4, 2015 - 7:46am
An interesting message appeared on v6ops mailing list a few days ago: the first interconnect between independent IPv6 implementations was established 20 years ago. No wonder some youngsters who don't know any better treat this venerable protocol like a modem and ignore it in favor of IPv4 ;)

Video: IPv6 Myths and Reality

April 3, 2015 - 2:41am

I was talking and writing about IPv6 myths for years, but like any good myth they tend to be pretty robust. Unfortunately, as I explained in the IPv6 Myths and Reality part of IPv6 High Availability Strategies webinar, the reality seems pretty bleak: all we got are longer addresses, half-baked protocols, unsolved challenges, and heaps of confusion.

Watch the video

What Is Layer-2 and Why Do We Need It?

April 1, 2015 - 11:57pm

I’m constantly ranting against large layer-2 domains; recently going as far as saying “we don’t really need all that stuff.” Unfortunately, the IP+Ethernet mentality is so deeply ingrained in every networking engineer’s mind that we rarely ever stop to question its validity.

Let’s fix that and start with the fundamental question: What is Layer-2?

Read more ...

Arista EOS Available on Whitebox Switches

April 1, 2015 - 1:26am

A few months ago Gigamon did the right thing: they figured out that their true value lies not in the hardware boxes, but in the software running on them, and decided to start offering their GigaVUE-OS on whitebox switches.

So far, Arista is the only other networking vendor that figured out it doesn't make sense to resist the tide - Arista EOS is now available on Open Compute Networking whitebox switches.

Read more ...

Video: Automating Network Security

March 30, 2015 - 11:45pm

The video of my Automating Network Security talk @ Troopers 15 has been published on YouTube. They used fixed camera and the slides are a bit hard to read; you’ll find a better copy of the slide deck on my content web site.

For a bit of fun, turn on closed captions (CC) – public cloud became public lout.

Watch the video

Too Many Details Can Hurt You (or Why You Need the Fundamentals First)

March 29, 2015 - 11:34pm

The IPv6 Security Summit at the Troopers conference always has a few awesome IPv6 presentations (many people claim Troopers is the conference to attend if you’re serious about IPv6), and this year was no exception. A day after the MLD bashing, Enno Rey delivered a great in-depth presentation on DHCPv6 features and shortcomings.

It seems the DHCPv6 intricacies presented in that talk were too much for some of the attendees – that afternoon I accidentally stumbled upon a visibly distressed gentleman who started our chat with “How could anyone expect us to deploy IPv6 in a production environment?

Read more ...

Common Misconceptions about SDN

March 28, 2015 - 10:45pm
Andrew Lerner, my favorite Gartner blogger, published a great article documenting common SDN misconceptions. Not surprisingly, they're pretty much in line with what I've been ranting about for the last few years (including Whitebox Switching Is not SDN). Enjoy!

Microsegmentation in VMware NSX on Software Gone Wild

March 27, 2015 - 1:24am

VM NIC firewalls have been around for years (they’re also the reason I got my first invitation to the awesome Troopers conference), but it sounds so much better when you call them Microsegmentation (not the one I talked about @ Troopers this year).

Marketing gimmicks aside, VMware NSX includes an interesting in-kernel stateful firewall, and Brad Hedlund was kind enough to explain the intricacies of that feature in Episode 27 of Software Gone Wild

Listen to the podcast

MLD Considered Harmful

March 26, 2015 - 12:06am

Multicast Listener Discovery (MLD) protocol is well hidden deep in the bowels of IPv6 protocol stack and most of us tend to gloss over it when we discuss IPv6 neighbor discovery process… until MLD raises its ugly head to bite an unsuspecting network administrator.

The problems with MLD are not new (and I wrote exhaustively about them a while ago), but it’s always nice to see other people raise awareness of broken IPv6 features like Enno Rey and his security team did during the IPv6 Security Summit (part of Troopers 15 conference).

Read more ...