Subscribe to IOSHints feed
Internetworking perspectives by Ivan Pepelnjak
Updated: 2 hours 50 min ago

Cloud Orchestration System Is an Ideal Controller Use Case

August 21, 2014 - 11:09pm

A while ago I explained why OpenFlow might be a wrong tool for some jobs, and why centralized control plane might not make sense, and quickly got misquoted as saying “controllers don’t scale”. Nothing could be further from the truth, properly architected controller-based architectures can reach enormous scale – Amazon VPC is the best possible example.

Read more ...

The Impact of Data Gravity: a Campfire Story

August 20, 2014 - 11:55pm

Here’s an interesting story illustrating the potential pitfalls of multi-DC deployments and the impact of data gravity on application performance.

Long long time ago on a cloudy planet far far away, a multinational organization decided to centralize their IT operations and move all workloads into a central private cloud.

Read more ...

Pmacct – the Traffic Analysis Tool with Unpronounceable Name

August 19, 2014 - 11:33pm

SDN evangelists talking about centralized traffic engineering, flow steering or bandwidth calendaring sometimes tend to gloss over the first rule of successful traffic engineering: Know Thy Traffic.

In a world ruled by OpenFlow you’d expect the OpenFlow controller to know all the traffic; in more traditional networks we use technologies like NetFlow, sFlow or IPFIX to report the traffic statistics – but regardless of the underlying mechanism, you need a tool that will collect the statistics, aggregate them in a way that makes them usable to the network operators, report them, and potentially act on the deviations.

Read more ...

Revisited: Layer-2 DCI over VXLAN

August 18, 2014 - 11:58pm

I’m still getting questions about layer-2 data center interconnect; it seems this particular bad idea isn’t going away any time soon. In the face of that sad reality, let’s revisit what I wrote about layer-2 DCI over VXLAN.

VXLAN hasn’t changed much since the time I explained why it’s not the right technology for long-distance VLANs.

Read more ...

Do you really need to see all 512K Internet routes?

August 17, 2014 - 9:57pm

Last week the global routing table (as seen from some perspectives) supposedly exceeded 512K routes, and weird things started to happen to some people that are using old platforms that by default support 512K IPv4 routes in the switching hardware.

I’m still wondering whether the BGP table size was the root cause of the observed outages. Cisco’s documentation (at least this document) is pretty sloppy when it comes to the fact that usually 1K = 1024, not 1000 – I’d expect the hard limit to be @ 524.288 routes … but then maybe Cisco’s hardware works with decimal arithmetic.

Read more ...

Just Published: Brocade VCS Fabric Videos

August 14, 2014 - 10:20pm

The Data Center Fabric Architectures update session in late June included a whole new section on Brocade’s VCS fabric and new features they added in Network OS 4.0. The edited videos have been published and cover these topics:

Read more ...

What Is a Valid BGP Route?

August 14, 2014 - 8:50am

Carlos Mendioroz sent me a seemingly simple question: when is a BGP route invalid? My knee-jerk reaction: when the next hop is not reachable (and I’m not the only one). WRONG – BGP routes with unreachable next hop are still valid, as shown in the following printout:

Read more ...

MPLS Load Sharing – Data Plane Considerations

August 12, 2014 - 11:32pm

In a previous blog post I explained how load sharing across LDP-controlled MPLS core works. Now let’s focus on another detail: how are the packets assigned to individual paths across the core?

Read more ...

Should I Go for CCIE or Some Other Certification?

August 10, 2014 - 11:23pm

One of my readers sent me this question:

I am already CCIE and work as a network engineer with pretty good salary. But I think that I am losing some passion for Cisco networking and have interests in many other technologies. Currently I am very interested in Linux and Python development. Is it worth to add some Red Hat certification along CCIE or should I pursue another CCIE?

I think “should I go for CCIE or RHCE” is the wrong question.

Read more ...

VXLAN Encapsulation in Juniper Contrail

August 8, 2014 - 4:17am

VXLAN is becoming de-facto encapsulation standard for overlay virtual networks (at least according to industry pundits and marketing gurus working for companies with VXLAN-based products) – even Juniper Contrail, which was traditionally a pure MPLS/VPN architecture uses it.

Not so fast – Contrail is using VXLAN packet format to carry MPLS labels between hypervisors and ToR switches.

Read more ...

Load Sharing in MPLS Core

August 6, 2014 - 8:49am

Here’s a question that bothered me for years till I finally gave up and labbed it: does ECMP load sharing work in an MPLS core? More specifically, will an LSP split into multiple LSPs?

Read more ...

STP and Expert Beginners

August 4, 2014 - 9:45am

Maxim and myself continued our STP discussion and eventually agreed that while STP might not be the best protocol out there (remember: it had to run on Z80 CPU), it’s the only standardized thing that prevents nasty forwarding loops, prompting Maxim to ask another seemingly simple question:

What's so wrong with STP, that there are STP haters out there turning it off wherever they see it?

Welcome to the wonderful world of Expert Beginners.

Read more ...

Rate-Limit Console Logging

July 31, 2014 - 10:23pm

Someone made a really interesting remark on my Disable Console Logging blog post: Cisco IOS has log message rate limiting – all you need is the logging rate-limit configuration command.

Read more ...

VMware vSwitch and 802.1p CoS Value

July 29, 2014 - 10:19pm

One of my readers opened another can of VMware vSwitch worms. He sent me this question:

If a VM were to set a COS value, would the vSwitch reset it to 0 as part of its process of building the dot1q header?

The nasty detail (as you probably know) is that 802.1p CoS value resides in the 802.1q (VLAN) tag.

Read more ...

Is STP Really Evil?

July 28, 2014 - 6:53am

Maxim Gelin sent me an interesting question:

Can you please explain to me, why is STP supposed to be evil? What's wrong with STP?

STP’s fundamental problem is that it’s a fail-close, not a fail-open protocol.

Read more ...

Could You Replace MPLS/VPN with IPSec-over-Internet?

July 24, 2014 - 11:09pm

Someone recently sent me this scenario:

Our CIO has recently told us that he wants to get rid of MPLS because it is too costly and is leaning towards big Internet lines running IPSEC VPNs to connect the whole of Africa.

He was obviously shopping around for free advice (my friend Jeremy Stretch posted his answers to exactly the same set of questions not so long ago); here are the responses I wrote to his questions:

Read more ...

Campfire story: Using the wrong tool for the job

July 22, 2014 - 11:07pm

Summer is the perfect time for campfire stories – here’s one about using the wrong tool for the job.

A Long time ago in an IT organization far, far away Artificial Intelligence (AI) was the coolest kid on the block.

Read more ...

Layer-3 Switching over VXLAN Revisited

July 20, 2014 - 10:12pm

My Trident 2 Chipset and Nexus 9500 blog post must have hit a raw nerve or two – Bruce Davie dedicated a whole paragraph in his Physical Networks in Virtualized Networking World blog post to tell everyone how the whole thing is a non-issue and how everything’s good in the NSX land.

It’s always fun digging into more details to figure out what’s really going on behind the scenes; let’s do it.

Read more ...

Next Chapter in Data Center Design Case Studies

July 17, 2014 - 10:55pm

When I published the Data Center Design Case Studies book almost exactly a month ago, three chapters were still missing – but that was the only way to stop the procrastination and ensure I’ll write them (I’m trying to stick to published deadlines ;).

The first one of the missing chapters is already finished and available to subscribersand everyone who bought the book or Designing Private Cloud Infrastructure webinar (you’ll also get a mailing on Sunday to remind you to download the fresh copy of the PDF).

The Amazon Kindle version will be updated in a few days.

Network Automation @ Spotify on Software Gone Wild

July 16, 2014 - 10:56pm

What can you do if you have a small team of networking engineers responsible for four even-growing data centers (with several hundred network devices in each of them)? There’s only one answer: you try to survive by automating as much as you can.

In the fourth episode of Software Gone Wild podcast David Barosso from Spotify explains how they use network automation to cope with the ever-growing installed base without increasing the size of the networking team.

Read more ...