ipSpace.net videos

Is It The End, Or Can You Do Something in 2024?

12 January 2024

David Bombal invited me for another annual chat last December, focusing on (what else) networking careers in 2024. The results were published a few days ago, and I was amazed at how good it turned out. I always love chatting with David; this time, his editing team did a masterful job.

Video: Language Model Basics

15 December 2023

After a brief introduction of how the language models fit into the AI/ML landscape, Javier Antich explained the language model basics, including auto-regression, types of language models, the specifics of large language models, and potential use cases,

Video: netlab IP Address Management (IPAM)

8 December 2023

Did you know that netlab includes full-blown IP address management? You can define address pools (or use predefined ones) and get IPv4 and IPv6 prefixes from those pools assigned to links, interfaces, and loopbacks. You can also assign static prefixes to links, use static IP addresses, interface addresses as an offset within the link subnet, or use unnumbered interfaces.

For an overview of netlab IPAM, watch the netlab address management video (part of the Network Automation Tools webinar), for more details read the netlab addressing tutorial.

Video: Language Models in AI/ML Landscape

24 November 2023

In September 2023, Javier Antich extended the AI/ML in Networking webinar with a new section describing large language models (LLMs), starting with how do the LLMs fit into the AI/ML landscape?

Video: Outages Caused by Bugs in BGP Implementations

17 November 2023

The previous BGP-related videos described how fat fingers and malicious actors cause Internet outages.

Today, we’ll focus on the impact of bugs in BGP implementations, from malformed AS paths to mishandled transitive attributes. The examples in the video are a few years old, but you can see similar things in the wild in 2023.

Video: Kubernetes Calico Plugin

10 November 2023

November is turning out to be the Month of BGP on my blog. Keeping in line with that theme, let’s watch Stuart Charlton explain the Calico plugin (which can use BGP to advertise the container networking prefixes to the outside world) in the Kubernetes Networking Deep Dive webinar.

Video: Hacking BGP for Fun and Profit

3 November 2023

At least some people learn from others’ mistakes: using the concepts proven by some well-publicized BGP leaks, malicious actors quickly figured out how to hijack BGP prefixes for fun and profit.

Fortunately, those shenanigans wouldn’t spread as far today as they did in the past – according to RoVista, most of the largest networks block the prefixes Route Origin Validation (ROV) marks as invalid.

Notes:

• ROV cannot stop all the hijacks, but it can identify more-specific-prefixes hijacks (assuming the origin AS did their job right).
• You’ll find more Network Security Fallacies videos in the How Networks Really Work webinar.

Video: History of BGP Route Leaks

23 October 2023

I’ll be talking about Internet routing security at the Deep conference in a few days, and just in case you won’t be able to make it¹ ;) here’s the first bit of my talk: a very brief history of BGP route leaks².

Note: you’ll find more Network Security Fallacies videos in the How Networks Really Work webinar.

Video: What Is Software-Defined Data Center

6 October 2023

A few years ago, I was asked to deliver a What Is SDDC presentation that later became a webinar. I forgot about that webinar until I received feedback from one of the viewers a week ago:

If you like to learn from the teachers with the “straight to the point” approach and complement the theory with many “real-life” scenarios, then ipSpace.net is the right place for you.

I haven’t realized people still find that webinar useful, so let’s make it viewable without registration, starting with What Problem Are We Trying to Solve and What Is SDDC.

Free Subscription No Longer Needed to Watch the ipSpace.net Videos

16 August 2023

I’m publishing a link to a free ipSpace.net video several times each month, usually with a notice saying you need free subscription to watch the video. I had to put that limitation in place when I was hosting videos on AWS S3 – unlimited streaming could explode my AWS bill.

Recently I moved the video storage to Cloudflare R2. Cloudflare claims they will never charge egress fees, and as long as that’s true (and they don’t start chasing me for generating too much traffic) I see no reason to bother you with registration and login procedures – starting immediately, you can watch the free ipSpace.net videos without an ipSpace.net account.

Video: SD-WAN Security

9 June 2023

After discussing the backend and CPE architecture in a typical SD-WAN solution in the SD-WAN Overview webinar, Pradosh Mohapatra mentioned a few SD-WAN security aspects, focusing on typical attack vectors and the usual mitigations.

Video: Link State Routing Protocol Implementations

2 June 2023

After introducing the routing protocols and explaining the basics of link-state routing it was time for implementation considerations including:

• Collecting local endpoint reachability information
• Finding neighbors and exchanging the collected information (hint: a link-state topology database is just a distributed key-value store)
• Running the SPF algorithm (including partial SPF details) and installing the results

Network Security Vulnerabilities: the Root Causes

26 May 2023

Sometime last autumn, I was asked to create a short “network security challenges” presentation. Eventually, I turned it into a webinar, resulting in almost four hours of content describing the interesting gotchas I encountered in the past (plus a few recent vulnerabilities like turning WiFi into a thick yellow cable).

Each webinar section started with a short “This is why we have to deal with these stupidities” introduction. You’ll find all of them collected in the Root Causes video starting the Network Security Fallacies part of the How Networks Really Work webinar.

Video: Types of Switching ASICs

19 May 2023

Pete Lumbis concluded his ASICs for Networking Engineers presentation with a brief overview of types of switching ASICs and a wrap-up.

You can watch his entire 90-minute presentation (sliced into shorter videos) with Free ipSpace.net Subscription.

Video: Kubernetes Container Networking Interface (CNI)

12 May 2023

Ready for more Kubernetes details? How about Container Networking Interface (CNI) described by Stuart Charlton as part of Kubernetes Networking Deep Dive webinar?

Notes:

• You REALLY SHOULD watch Kubernetes SDN architecture and Sample Kubernetes SDN Implementations videos first
• The video (and a large portion of Kubernetes Networking Deep Dive webinar) is available with Free ipSpace.net Subscription.

Video: 400GbE Optics

5 May 2023

When 400GbE was still an emerging technology, Mark Nowell explained its basics in an update session of the Data Center Fabric Architectures webinar, starting with 400GbE optics.

Advantages and Drawbacks of EVPN-based Multihoming

28 April 2023

Lukas Krattiger wrapped up his EVPN-versus-MLAG presentation (part of EVPN Deep Dive webinar) with an overview of the advantages and drawbacks of EVPN-based multihoming solutions:

• N-way multihoming
• Flexible connectivity (no need for a peer link)
• Fabric-wide scope (MAC multipathing required on ingress node)

Video: SD-WAN CPE Architecture

21 April 2023

Pradosh Mohapatra started the Typical SD-WAN Solution Architecture section of Software-Defined WAN (SD-WAN) Overview webinar with the backend architecture.

Next step: CPE architecture, the topic of today’s video.

Video: netlab Topology File

14 April 2023

After introducing netlab in the Network Automation Tools webinar, I spent a few minutes describing the structure of the netlab lab topology file.

As always, use the video only as a starting point. For more details, read the netlab documentation (overview, reference guide).

Turning WiFi into a Thick Yellow Cable

7 April 2023

The “beauty” (from an attacker perspective) of the original shared-media Ethernet was the ability to see all traffic sent to other hosts. While it’s trivial to steal someone else’s IPv4 address, the ability to see their traffic allowed you to hijack their TCP sessions without the victim being any wiser (apart from the obvious session timeout). Really smart attackers could go a step further, insert themselves into the forwarding path, and inject extra payload into unencrypted sessions.

A recently-discovered WiFi vulnerability brought us back to that wonderful world.

Video: Sample Kubernetes SDN Implementations

31 March 2023

It’s time for another Kubernetes video. After Stuart Charlton explained the Kubernetes SDN architecture, he described architectural approaches of Kubernetes SDN implementations, using Flannel as a sample implementation.

Video: Chassis Switch Architectures

24 March 2023

Did you know most chassis switches look like leaf-and-spine fabrics¹ from the inside? If you didn’t, you might want to watch the short Chassis Architectures video by Pete Lumbis (author of ASICs for Networking Engineers part of the Data Center Fabric Architectures webinar).

Video: vPC Fabric Peering with EVPN Multihoming

17 March 2023

After implementing MLAG functionality with EVPN and having a VXLAN-like fabric transport path between MLAG members, it becomes possible to get rid of the MLAG peer link.

Not surprisingly, most implementations of virtual MLAG peer link remain proprietary. Lukas Krattiger described the details of Cisco’s vPC Fabric Peering implementation in the EVPN Deep Dive webinar.

Video: SD-WAN Backend Architecture

10 March 2023

After describing the SD-WAN reference design, Pradosh Mohapatra focused on individual components of an SD-WAN solution, starting with the backend architecture.

Video: Getting Started with netlab

3 March 2023

After explaining how netlab fits into the virtual lab orchestration picture and what exactly it can do, let’s focus on what’s the easiest way to get started.

The next video in the Using netlab to Build Networking Labs series describes:

• Typical deployment scenarios: VirtualBox on Windows or MacOS, or libvirt/KVM on a Linux server or a virtual machine (running on Windows or MacOS).
• Hardware and software requirements
• Behind-the-scene operations performed by netlab create, netlab initial and netlab up commands.

Video: Packet Buffers in Data Center ASICs

24 February 2023

A few years ago, we were fortunate enough to have Pete Lumbis talking about ASICs for Networking Engineers as part of the Data Center Fabric Architectures webinar.

One of the topics he couldn’t possibly skip was the question of how many packet buffers one needs in a data center switch.

Video: Link State Routing Protocol Basics

17 February 2023

The Routing Protocols Overview part of How Networks Really Work webinar introduced the concepts of distance-vector and link-state routing protocols. Next step: the basics of link-state routing protocols.

Video: Kubernetes SDN Architecture

10 February 2023

Stuart Charlton started the Kubernetes Networking Deep Dive webinar with an overview of basic concepts including the networking model and services. After covering the fundamentals, it was time for The Real Stuff: Container Networking Interface, starting with an overview of Kubernetes SDN architecture.

Video: Migrating into a Cloud

3 February 2023

Matthias Luft concluded his part of Introduction to Cloud Computing webinar with a case study: how can you migrate an existing workload into a cloud environment?

Video: 2023 Network Engineer Path to Success

20 January 2023

David Bombal kindly invited me to have another chat talking about the future of networking in late 2022. The resulting (masterfully edited) video is already on YouTube. Hope you’ll enjoy it as much as I enjoyed chatting with David.

Video: MLAG with EVPN Deep Dive

13 January 2023

In November 2022 I described some of the intricacies of using EVPN to implement MLAG control plane. You might have noticed that I didn’t dive deep into EVPN details, and I had a good reason for that – Lukas Krattiger did a wonderful job describing how MLAG works with EVPN in the EVPN Deep Dive webinar.

Video: IPv6 Traffic Filtering Details

9 December 2022

Did you like the traffic filtering in the age of IPv6 video by Christopher Werny? Time for part two: IPv6 traffic filtering details.

Video: What Can Netlab Do?

2 December 2022

Time for another netlab video: after explaining how netlab fits into the virtual lab orchestration picture, let’s answer the following question: what exactly can netlab do?

Video: Cloud Infrastructure-as-Code

25 November 2022

With AWS re:Invent 2022 being just a few days away, it’s time for another cloudy Friday video: using infrastructure-as-code principles to provision public cloud resources by Matthias Luft (part of Introduction to Cloud Computing webinar).

Video: Exposing Kubernetes Services to External Clients

18 November 2022

After a brief introduction of Kubernetes service and an overview of services types, Stuart Charlton added the last missing bit: how do you expose Kubernetes services to external clients.

Video: Routing Protocols Overview

11 November 2022

After discussing network addressing and switching, routing, and bridging in the How Networks Really Work webinar, it was high time for a deep dive into routing protocols, starting (as always) with an overview.

Video: EVPN Multihoming Deep Dive

4 November 2022

After starting the EVPN multihoming versus MLAG presentation (part of EVPN Deep Dive webinar) with the taxonomy of EVPN-based multihoming, Lukas Krattiger did a deep dive into its intricacies including:

• EVPN route types needed to support multihoming
• A typical sequence of EVPN updates during multihoming setup
• MAC multipathing, MAC aliasing, split horizon and mass withdrawals
• Designated forwarder election

Could I Use netlab instead of GNS3?

28 October 2022

I’m often getting questions like “I’m using GNS3. Could I replace it with netlab?”

TL&DR: No.

You need a set of functions to build a network lab:

• Virtualization environment (netlab supports VirtualBox, libvirt, Docker, and Podman)
• An orchestration tool/system that will deploy network device images in such an environment (netlab supports Vagrant and containerlab)
• A tool that will build orchestration system configuration (netlab core functionality)

Video: EVPN Multihoming Taxonomy and Overview

21 October 2022

I promised you a blog post explaining the intricacies of implementing MLAG with EVPN, but (as is often the case) it’s taking longer than expected. In the meantime, enjoy the EVPN Multihoming Taxonomy and Overview video from Lukas Krattiger’s EVPN Multihoming versus MLAG presentation (part of EVPN Deep Dive webinar).

Video: Traffic Filtering in the Age of IPv6

7 October 2022

Christopher Werny covered another interesting IPv6 security topic in the hands-on part of IPv6 security webinar: traffic filtering in the age of dual-stack and IPv6-only networks, including filtering extension headers, filters on Internet uplinks, ICMPv6 filters, and address space filters.

Video: Kubernetes Services Types

30 September 2022

Kubernetes services are like networking standards: there are so many to choose from. In his brief introduction to Kubernetes service types, Stuart Charlton listed six of them, and I’m positive there are more. That’s what you get when you’re trying to reinvent every network load balancing method known to mankind ;)

Video: Cloud-Native Environments

23 September 2022

One of the overused buzzwords of the cloudy days is the Cloud-Native Environment. What should that mean and why could that be better than what we’ve been doing decades ago? Matthias Luft and Florian Barth tried to answer that question in the Introduction to Cloud Computing webinar.

The Basics of Network Address Translation (NAT)

16 September 2022

The last video in the 2-hour-long Network Addressing part of How Networks Really Work discusses Network Address Translation.

After watching it, you might want to spend some extra quality time (with a bit of soap opera vibe) enjoying the recent ‌Dual ISP deployment operational issues and uncertainties thread on the v6ops mailing list with a “surprising” result: NPTv6 or NAT66 is the least horrible way to do it.

Video: Testing IPv6 RA Guard

9 September 2022

After discussing rogue IPv6 RA challenges and the million ways one can circumvent IPv6 RA guard with IPv6 extension headers, Christopher Werny focused on practical aspects of this thorny topic: how can we test IPv6 RA Guard implementations and how good are they?

Video: Kubernetes Services Overview

2 September 2022

After completing the discussion of basic Kubernetes networking with a typical inter-pod traffic scenario, Stuart Charlton tackled another confusing topic: an overview of what Kubernetes services are.

Video: IPv6 RA Guard and Extension Headers

17 June 2022

Last week’s IPv6 security video introduced the rogue IPv6 RA challenges and the usual countermeasure – RA guard. Unfortunately, IPv6 tends to be a wonderfully extensible protocol, creating all sorts of opportunities for nefarious actors and security researchers.

For years, the networking vendors were furiously trying to plug the holes created by the academically minded IPv6 designers in love with fragmented extension headers. In the meantime, security researches had absolutely no problem finding yet another weird combination of IPv6 headers that would bypass any IPv6 RA guard implementation until IETF gave up and admitted one cannot have “infinitely extensible” and “secure” in the same sentence.

For more details watch the video by Christopher Werny describing how one could use IPv6 extension headers to circumvent IPv6 RA guard

Video: Rogue IPv6 RA Challenges

10 June 2022

IPv6 security-focused presentations were usually an awesome opportunity to lean back and enjoy another round of whack-a-mole, often starting with an attacker using IPv6 Router Advertisements to divert traffic (see also: getting bored at Brussels airport) .

Rogue IPv6 RA challenges and the corresponding countermeasures are thus a mandatory part of any IPv6 security training, and Christopher Werny did a great job describing them in IPv6 security webinar.

Video: Network Address Scopes

3 June 2022

When defining network addresses in IEN 19 John Shoch said:

Addresses must, therefore, be meaningful throughout the domain, and must be drawn from some uniform address space.

But what is a domain? Welcome to the address scope discussion ;)

Video: Ugly Challenges of Using AI/ML in Networking

27 May 2022

Javier Antich concluded the AI/ML in Networking webinar with the ugly challenges of using AI/ML in networking. I won’t spoil the fun, you REALLY SHOULD watch the video (keeping in mind he was trying to stay polite and diplomatic).

Video: Typical Kubernetes Inter-Pod Traffic Walk

20 May 2022

Stuart Charlton did his best to explain the concept of pods in the Kubernetes Networking Deep Dive webinar, but we were still a bit confused. Next step: let’s talk about typical inter-pod traffic scenario.

Video: Network Address Assignments

13 May 2022

The last part of the Network Addressing section of How Networks Really Work webinar covered other addressing-related topics starting with address assignment mechanisms.

Video: Practical Aspects of IPv6 Security

6 May 2022

Christopher Werny has tons of hands-on experience with IPv6 security (or lack thereof), and described some of his findings in the Practical Aspects of IPv6 Security part of IPv6 security webinar, including:

• Impact of dual-stack networks
• Security implications of IPv6 address planning
• Isolation on routing layer and strict filtering
• IPv6-related requirements for Internet- or MPLS uplinks

Video: The Long Tail of AI/ML Problems

29 April 2022

It’s time for the bad part of AI/ML in Networking: Good, Bad, and Ugly webinar. After describing the potential AI/ML wins, Javier Antich walked us through the long tail of AI/ML problems.

Video: Understanding Kubernetes Pods

22 April 2022

Pods are a basic building block of any Kubernetes-based deployment… but what exactly are they and how are they related to Kubernetes networking? Stuart Charlton unraveled that mystery in the Understanding Pods video (part of Kubernetes Networking Deep Dive webinar)

Video: Challenges of Managed SD-WAN Services

15 April 2022

When I published a link to the Is MPLS/VPN Too Complex? blog post to LinkedIn, someone asked whether I’m skeptical about service provider SD-WAN services due to lack of skills, and Kristijan Taskovski quickly identified the root cause in his reply:

The argument of a lack of skill is only one that is perpetuated by businesses. It’s not perpetuated by engineers. People that are trained, honed, and knowledgeable are expensive. Expense is the number one enemy for a business.

That’s exactly why I think most managed SD-WAN services will be a dismal failure.

Video: IPv6 Trust Model

8 April 2022

After discussing the basics of IPv6 security in the hands-on part of IPv6 security webinar webinar, Christopher Werny focused on the IPv6 trust model (aka “we’re all brothers and sisters on link-local”).

Video: Combining Data-Link- and Network Layer Addresses

1 April 2022

The previous videos in the How Networks Really Work webinar described some interesting details of data-link layer addresses and network layer addresses. Now for the final bit: how do we map an adjacent network address into a per-interface data link layer address?

If you answered ARP (or ND if you happen to be of IPv6 persuasion) you’re absolutely right… but is that the only way? Watch the Combining Data-Link- and Network Addresses video to find out.

Video: Managed SD-WAN Services

25 March 2022

Should service providers offer managed SD-WAN services? According to Betteridge’s law of headlines, the answer is NO, and that’s exactly what I explained in a short video with the same name.

Turns out there’s not much to explain; even with my usual verbosity I was done in five minutes, so you might want to watch SD-WAN Technical Challenges as well.

Video: Kubernetes Networking Model

18 March 2022

After describing the Kubernetes architecture in the introductory part of the excellent Kubernetes Networking Deep Dive webinar, Stuart Charlton focused on what matters most to networking engineers: Kubernetes networking model.

Video: Functions-as-a-Service Demo

11 March 2022

Serverless computing (marketing term for code running on servers managed by other people) is one of the must-have terms if you’re playing a Buzzword Bingo, but what does it really mean and how does the whole thing work?

Matthias Luft and Florian Barth illustrated the concept during the Introduction to Cloud Computing webinar with a short demo in which they build a simple AWS Lambda function. For a more network-centric view, read the Can We Ping a Lambda Function blog post by Noel Boulene.

Video: Comparing TCP/IP and CLNP

4 March 2022

If you were building networks in early 1990s you probably remember at least a half-dozen different network protocols. Only one of them survived (IPv6 came later), with another one (CLNP) providing an interesting view into a totally different parallel universe that evolved using a different set of fundamental principles.

After introducing the network-layer addressing, I compared the two and pointed out where one or the other was clearly better.

You might think that it makes no sense to talk about protocols that were rarely used in old days, and that are almost non-existent today, but as always those who cannot remember the past are doomed to repeat it, this time reinventing CLNP principles in IPv6-based layer-3-only data center fabrics.

Video: Use Cases for AI/ML in Networking

25 February 2022

In the first half of the AI/ML in Networking webinar, Javier Antich walked us through the AI/ML hype, basics of machine learning, and machine learning techniques.

In the second part of the webinar, he described “The Good, The Bad and The Ugly”, starting with the good parts: where does AI/ML make sense in networking?

Video: Network Layer Addressing

11 February 2022

After a brief excursion into the ancient data link layer addressing ideas (that you can still find in numerous systems today) and LAN addressing it’s time to focus on network-layer addressing, starting with “can we design protocols without network-layer addresses” (unfortunately, YES) and “should a network-layer address be tied to a node or to an interface” (as always, it depends).

For more details, watch the Network Layer Addressing video (part of How Networks Really Work webinar).

Lesson Learned: The Way Forward

4 February 2022

I tried to wrap up my Lessons Learned presentation on a positive note: what are some of the things you can do to avoid all the traps and pitfalls I encountered in the almost four decades of working in networking industry:

• Get invited to architecture and design meetings when a new application project starts.
• Always try to figure out what the underlying actual business needs are.
• Just because you can doesn’t mean that you should.
• Keep it as simple as possible, but no simpler.
• Work with your peers and explain how networking works and why you face certain limitations.
• Humans are not perfect – automate as much as it makes sense, but no more.

Video: Kubernetes Architecture

28 January 2022

Yesterday I mentioned the giant glob of complexity called Kubernetes (see also more nuanced take on the topic). If you want to slowly unravel it, Kubernetes Architecture video from the excellent Kubernetes Networking Deep Dive webinar by Stuart Charlton is a pretty good starting point.

Video: Machine Learning Techniques

21 January 2022

After Javier Antich walked us through the AI/ML hype and described the basics of machine learning it was time for a more thorough look at:

• Machine learning techniques, including unsupervised learning (clustering and anomaly detection), supervised learning (regression, classification and generation) and reinforced learning
• Machine learning implementations, including neural networks, deep neural networks and convolutional neural networks.

Video: Local Area Network Addressing

14 January 2022

In the Local Area Network Addressing video (part of How Networks Really Work webinar) I covered numerous obscure LAN addressing details including:

• There’s no layer-2 address in Fibre Channel frames (because FC is routing not bridging);
• Why is the multicast bit the lowest bit (0x01) in the first byte on Ethernet but the highest bit (0x80) on Token Ring or FDDI;
• How some NIC manufacturers never got the memo on what OUI really means.

Video: Cloud Services Hierarchy

7 January 2022

Remember the Cloud Models, Layers and Responsibilities video by Matthias Luft? He continued his introduction of cloud services with Cloud Services Hierarchy, explained the differences between infrastructure, platform, function and software as a service, and concluded with a there’s no free lunch message.

Video: Machine Learning 101

3 December 2021

After a brief overview of the AI/ML hype, Javier Antich continued the AI and ML in Networking webinar with the basics of underlying technologies, starting with the machine learning fundamentals.

Lesson Learned: Some Services Are Not Worth Delivering

26 November 2021

Here’s one of the secrets to AWS’s unprecedented scale and financial success: they quickly figured out that some services are not worth delivering. Most everyone else believes in building snowflake single-customer solutions to solve imaginary problems, effectively losing money while doing so.

Video: Early Data-Link-Layer Addressing

19 November 2021

After a brief coverage of the theoretical aspects of network addressing, it’s time to pay a brief visit to the early data-link-layer addressing solutions, from one address per datagram/frame (SDLC, HDLC) and ignore this address (PPP) to no address on P2P links (SLIP).

Video: How Can You Master Public Cloud Networking?

5 November 2021

If you’re a regular reader of this blog, you’ve probably realized there’s still need for networking in public clouds, and mastering it requires slightly different set of skills. What could you as a networking engineer to get fluent in this different world? I collected a few hints in the last video in Introduction to Cloud Computing webinar.

Video: Introduction to AI/ML Hype

22 October 2021

In May 2021, Javier Antich ran a great webinar explaining the principles of Artificial Intelligence and Machine learning and how they apply (or not) to networking.

He started with a brief overview of AI/ML hype that should help you understand why there’s a bit of a difference between self-driving cars (not that we got there) and self-driving networks.

Lessons Learned: Complexity Will Kill Your System

15 October 2021

You wouldn’t believe the intricate network designs I created decades ago until I learned that having uninterrupted sleep is worth more than proving I can get the impossible to work (see also: using EBGP instead of IGP in a 4-node data center fabric).

Once I started valuing my free time, I tried to design things to be as simple as possible. However, as my friend Nicola Modena once said, “Consultants must propose new technologies because they must be seen as bringing innovation,” and we all know complexity sells. Go figure.

Video: Theoretical View of Network Addressing

8 October 2021

After explaining the basics of (network) names, addresses and routes, I wasted a few minutes of everyone’s time discussing the theoretical aspects of layered addressing, and then got back to practical issues like address scopes, namespaces, and address provisioning.

The video ends with a simple (and unappreciated) truth: if you have a point-to-point link between two nodes you don’t need data-link-layer addresses. The consequences of that fact are left as an exercise for the viewer (or you can wait till the next video ;)

Video: Public Cloud Networking Is Different

1 October 2021

Even though you need plenty of traditional networking constructs to deploy a complex application stack in a public cloud (packet filters, firewalls, load balancers, VPN, BGP…), once you start digging deep into the bowels of public cloud virtual networking, you’ll find out it’s significantly different from the traditional Ethernet+IP implementations common in enterprise data centers.

For an overview of the differences watch the Public Cloud Networking Is Different video (part of Introduction to Cloud Computing webinar), for more details start with AWS Networking 101 and Azure Networking 101 blog posts, and continue with corresponding cloud networking webinars.

Lessons Learned: Fundamentals Haven't Changed

10 September 2021

Here’s another bitter pill to swallow if you desperately want to believe in the magic powers of unicorn dust: laws of physics and networking fundamentals haven’t changed (see also: RFC 1925 Rule 11).

Whenever someone is promising a miracle solution, it’s probably due to them working in marketing or having no clue what they’re talking about (or both)… or it might be another case of adding another layer of abstraction and pretending the problems disappeared because you can’t see them anymore.

Video: Introduction to Network Addressing

3 September 2021

A friend of mine pointed out this quote by John Shoch when I started preparing the Network Stack Addressing slide deck for my How Networks Really Work webinar:

The name of a resource indicates what we seek, an address indicates where it is, and a route tells us how to get there.

You might wonder when that document was written… it’s from January 1978. They got it absolutely right 42 years ago, and we completely messed it up in the meantime with the crazy ideas of making IP addresses resource identifiers.

Video: Typical Large-Scale Bridging Use Cases

25 June 2021

In the previous video in the Switching, Routing and Bridging section of How Networks Really Work webinar we compared transparent bridging with IP routing. Not surprisingly (given my well-known bias toward stable solutions) I recommended using IP routing as much as possible, but there are still people out there pushing large-scale transparent bridging solutions.

In today’s video we’ll look at some of the supposed use cases and stable solutions you could use instead of stretching a virtual thick yellow cable halfway across a continent.

Video: Comparing Routing and Bridging

18 June 2021

After covering the basics of transparent Ethernet bridging and IP routing, we’re finally ready to compare the two. Enjoy the ride ;)

Lessons Learned: Technology Still Matters

11 June 2021

In June 2020, a friend asked me to do a short presentation on lessons learned during my 35 years as a networking engineer. It went reasonably well, so I decided to turn it into a webinar, starting with regardless of what the disruptive marketers tell you, technology still matters.

Video: Cisco SD-WAN Policy Design

4 June 2021

In the final video in his Cisco SD-WAN webinar, David Penaloza discusses site ID assignments and policy processing order.

A carefully planned site scheme and ordered list of policy entries will save you complications and headaches when deploying the SD-WAN solution.

Video: Kubernetes Principles

28 May 2021

After answering the “why should I care about Kubernetes?” question, Stuart Charlton explained the Kubernetes principles you should keep in mind if you want to have a chance of understanding what’s going on.

Video: We Still Need Networking in Public Clouds

21 May 2021

Whenever someone starts mansplaining that we need no networking when we move the workloads into a public cloud, please walk away – he has just proved how clueless he is.

He might be a tiny bit correct when talking about software-as-a-service (after all, it’s just someone else’s web site), but when it comes to complex infrastructure virtual networks, there’s plenty of networking involved, from packet filters and subnets to NAT, load balancers, firewalls, BGP and IPsec.

For more details, watch the We Still Need Networking in Public Clouds video (part of Introduction to Cloud Computing webinar).

Video: Cisco SD-WAN Site Design

14 May 2021

In the Site Design part of Cisco SD-WAN webinar, David Penaloza described capabilities you can use when designing complex sites, like extending SD-WAN transport between SD-WAN edge nodes, or implementing high availability between them. He also explained how to track an Internet-facing interface and a service beyond its next hop.

Video: IP Routing Fundamentals

7 May 2021

A few weeks ago we covered transparent bridging fundamentals, now it’s time to recap IP routing fundamentals… and then we’ll be ready to compare the two.

Video: Transparent Bridging Fundamentals

16 April 2021

Years ago I wrote a series of blog posts comparing transparent bridging and IP routing, and creating How Networks Really Work materials seemed like a perfect opportunity to make that information more structured, starting with Transparent Bridging Fundamentals.

Video: Why Do We Need Kubernetes?

2 April 2021

Have you ever wondered what the Kubernetes fuss is all about? Why would you ever want to use it? Stuart Charlton tried to answer that question in the introduction part of his fantastic Kubernetes Networking Deep Dive webinar.

Interview: Will AI Replace the Networking Engineers?

26 March 2021

In the second half of my chat with David Bombal we focused on automation and AI in networking. Even though we discussed many things, including the dangers of doing a repeatable job, and how to make yourself unique, David chose a nice click-bait headline Will AI Replace the Networking Engineers?. According to Betteridge’s law of headlines the answer is still NO, but it’s obvious AI will replace the low-level easy-to-automate jobs (as textile workers found out almost 200 years ago).

While pondering that statement, keep in mind that AI is more than just machine learning (the overhyped stuff). According to one loose definition, “Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions”

Interview: Is Networking Dead?

19 March 2021

A few weeks ago I enjoyed a long-overdue chat with David Bombal. David published the first part of it under the click-bait headline Is Networking Dead (he renamed it Is There any Future for Networking Engineers in the meantime).

According to Betteridge’s law of headlines the answer to his original headline is NO (and the second headline violates that law – there you go 🤷‍♂️). If you’re still interested in the details, watch the interview.

Video: Cisco SD-WAN Routing Design

12 March 2021

After reviewing Cisco SD-WAN policies, it’s time to dig into the routing design. In this section, David Penaloza enumerated several possible topologies, types of transport, their advantages and drawbacks, considerations for tunnel count and regional presence, and what you should consider beforehand when designing the solution from the control plane’s perspective.

Video: Path Discovery in Transparent Bridging and Routing

5 March 2021

In the previous video in this series, I described how path discovery works in source routing and virtual circuit environments. I couldn’t squeeze the discussion of hop-by-hop forwarding into the same video (it would make the video way too long); you’ll find it in the next video in the same section.

Video: High-Level Technology Guidelines

26 February 2021

I concluded the Focus on Business Challenges First presentation (part of Business Aspects of Networking Technologies webinar) with a few technology guidelines starting with:

• Be vendor-agnostic (always look around to see what others are doing);
• Try to understand how the technology you’re evaluating works (it will help you spot the potential problems before they crash your network);
• Always select what’s best for your business, not for the sales quota of your friendly $vendor account manager.

For more guidelines, watch the video.

Video: Cisco SD-WAN Policies Review

12 February 2021

The second part of the Cisco SD-WAN webinar focused on design considerations and trade-offs in several scenarios. David Penaloza briefly reviewed the types of policies and their capabilities before discussing what to keep in mind when designing the solution.

Video: Finding Paths Across the Network

5 February 2021

Regardless of the technology used to get packets across the network, someone has to know how to get from sender to receiver(s), and as always, you have multiple options:

• Almighty controller
• On-demand dynamic path discovery (example: probing)
• Participation in a routing protocol

For more details, watch Finding Paths Across the Network video.

Video: Cisco SD-WAN Policies and Centralized Magic

8 January 2021

Right after Cisco SD-WAN devices are onboarded, how are the control and data plane tasks started? In this section, David Penaloza covers how Cisco SD-WAN solution makes the most of its SDN nature: single point of policy application and centralized management platform. The types of policies, the plane on which they act, their application and the actions that can performed are the main focus in this part of the series.

Video: Should You Build or Buy a Solution?

4 December 2020

After figuring out what business problem you’re trying to solve and what the users expect to get from you it’s time for the next crucial question: should you buy a shrink-wrapped product/solution or build your own? I addressed that question in the third part of Focus on Business Challenges First presentation.

Not surprisingly, the same dilemma applies to network automation solutions, and is often the source of endless time-wasting discussions that I really should have stopped engaging in, but sometimes duty calls ;)

Video: Know Your Users' Needs

20 November 2020

After explaining why you should focus on defining the problem before searching for a magic technology that will solve it, I continued the Focus on Business Challenges First presentation with another set of seemingly simple questions:

• Who are your users/customers?
• What do they really need?
• Assuming you’re a service provider, what are you able to sell to your customers… and how are you different from your competitors?

Video: Getting a Packet Across a Network

13 November 2020

After (hopefully) agreeing on what routing, bridging, and switching are, let’s focus on the first important topic in this area: how do we get a packet across the network? Yet again, there are three fundamentally different technologies:

• Source node knows the full path (source routing)
• Source node opens a path (virtual circuit) to the destination node and uses that path to send traffic
• The network performs hop-by-hop destination-address-based packet forwarding.

More details in the Getting Packets Across the Network video.

Video: NetQ and Cumulus Linux Data Models

6 November 2020

In the last part of his Cumulus Linux 4.0 Update Pete Lumbis talked about using NetQ to capture streaming telemetry and increase network observability, and the new model-driven configuration approach (including all the usual buzzwords like NETCONF, RPC, YAML, JSON, and OpenConfig) coming in 2020.

Video: Cisco SD-WAN Onboarding Process

30 October 2020

After describing Cisco SD-WAN architecture and routing capabilities, David Penaloza focused on the onboarding process and tasks performed by the Cisco SD-WAN solution (encryption, tunnel establishment, and device onboarding) in it’s so-called Orchestration Plane.

New on ipSpace.net: Virtualizing Network Devices Q&A

19 October 2020

A few weeks ago we published an interesting discussion on network operating system details based on an excellent set of questions by James Miles.

Unfortunately we got so far into the weeds at that time that we answered only half of James’ questions. In the second Q&A session Dinesh Dutt and myself addressed the rest of them including:

• How hard is it to virtualize network devices?
• What is the expected performance degradation?
• Does it make sense to use containers to do that?
• What are the operational implications of running virtual network devices?
• What will be the impact on hardware vendors and networking engineers?

And of course we couldn’t avoid the famous last question: “Should network engineers program network devices?”

You’ll need Standard or Expert ipSpace.net subscription to watch the videos.

Video: Simplify Device Configurations with Cumulus Linux

16 October 2020

The designers of Cumulus Linux CLI were always focused on simplifying network device configurations. One of the first features along these lines was BGP across unnumbered interfaces, then they introduced simplified EVPN configurations, and recently auto-MLAG and auto-BGP.

You can watch a short description of these features by Dinesh Dutt and Pete Lumbis in Simplify Network Configuration with Cumulus Linux and Smart Datacenter Defaults videos (part of Cumulus Linux section of Data Center Fabrics webinar).

Network Operating Systems: Questions and Answers

2 October 2020

James Miles got tons of really interesting questions while watching the Network Operating System Models webinar by Dinesh Dutt, and the only reasonable thing to do when he sent them over was to schedule a Q&A session with Dinesh to discuss them.

We got together last week and planned to spend an hour or two discussing the questions, but (not exactly unexpectedly) we got only halfway through the list in the time we had, so we’re continuing next week.

This is how far we’ve got:

Video: Bridging, Routing, Switching

25 September 2020

If you’re working solely with IP-based networks, you’re likely assuming that hop-by-hop destination-only forwarding is the only packet forwarding paradigm that makes sense. That is not true; even today’s networks use a variety of forwarding mechanisms, most of them called some variant of routing or switching.

What exactly is the difference between the two, and what is bridging? I’m answering these questions (and a few others, like what’s the difference between data-, control- and management planes) in the Bridging, Routing, and Switching Terminology video.

Video: Cisco SD-WAN Routing Goodness

18 September 2020

After covering the Cisco SD-WAN components and its architecture in the Cisco SD-WAN Foundations and Design Aspects webinar, David Penaloza focused on the routing capabilities it offers and its control plane characteristics, including types of routes and some scalability recommendations.

Video: ASICs 101

11 September 2020

Earlier this year, Pete Lumbis returned as an ipSpace.net webinar guest speaker with a great presentation describing data center switching ASICs from the perspective of networking engineers. After a brief intro, he started with ASIC Basics… a topic which generated a 25-minute Q&A session.

Video: Define the Problem Before Searching for a Solution

4 September 2020

In December 2019 I finally turned my focus on business challenges first presentation into a short webinar session (part of Business Aspects of Networking Technologies webinar) starting with defining the problem before searching for a solution including three simple questions:

• What BUSINESS problem are you trying to solve?
• Are there good-enough alternatives, or should you invest in new technology and/or equipment?
• Is the problem worth solving?

Video: Networks Are Not Homogenous

28 August 2020

The last Fallacy of Distributed Computing I addressed in the introductory part of How Networks Really Work webinar was The Network Is Homogenous. No, it’s not and it never was… for more details watch this video.

Video: Public Cloud Networking Overview

5 June 2020

Donal O Duibhir was trying to get me to present at INOG for ages, and as much as I’d love to get to Ireland we always had a scheduling conflict.

Last week we finally made it work - unfortunately only in a virtual event, so I got none of the famous Irish beer - and the video about alternate universes of public cloud networking is already online.

Maximilian Wilhelm had great fun turning my usual black-and-white statements into tweets, including:

Updated: What is Cumulus Linux All About

29 May 2020

Pete Lumbis started his Cumulus Linux 4.0 update with an overview of differences between Cumulus Linux on hardware switches and Cumulus VX, and continued with an in-depth list of ASIC families supported by Cumulus Linux.

You can watch his presentation, as well as the more in-depth overview of Cumulus Linux concepts by Dinesh Dutt, in the recently-updated What Is Cumulus Linux All About video.

Video: Cisco SD-WAN Solution Architecture and Components

22 May 2020

After describing Cisco SD-WAN fundamentals and its network abstraction mechanisms, David Penaloza explained the components of Cisco SD-WAN solution and its architecture, including in which plane each element operates and its assigned role in the overlay network.

Video: Internet Has More than One Administrator

8 May 2020

It’s incredible how many people assume that The Internet is a thing. In reality, it’s a mishmash of interconnected independent operators running mostly on goodwill, misplaced trust in other people’s competence, and (sometimes) pure dumb luck.

I described a few consequences of this sad reality in the Internet Has More than One Administrator video (part of How Networks Really Work webinar), and Nick Buraglio and Elisa Jasinska provided even more details in their Surviving the Internet Default-Free Zone webinar.

Video: Cisco SD-WAN Fundamentals and Definitions

30 April 2020

After setting the stage clarifying the current Cisco SD-WAN deployment scenarios, David Penaloza focused on definitions and fundamentals that must be considered before dealing with solutions that hide and abstract complexity like overlays, routing, and network virtualization from the network administrator.

Video: Going Beneath the Cisco SD-WAN Surface

17 April 2020

David Penaloza decided to demystify Cisco’s SD-WAN, provide real world experience beyond marketing hype, and clear confusing and foggy messages around what can or cannot be done with Cisco SD-WAN.

He started the first part of his Cisco SD-WAN Foundations and Design Aspects webinar with a quick look beneath the surface of shiny marketing and corporate slidess.

Video: Networks Are (Not) Secure

10 April 2020

Way too many people still believe in Security Fairy (the mythical entity that makes your application magically secure), fueling the whole industry of security researchers who happily create excruciatingly detailed talks of how you can use whatever security oversight to wreak havoc (even when the limitations of a technology are clearly spelled out in an RFC).

In the Networks Are Not Secure (part of How Networks Really Work webinar) I described why we should never rely on the network infrastructure to provide security but have to implement it higher up in the application stack.

Video: IPv6 Security Overview

27 March 2020

When I’ve seen my good friends Christopher Werny and Enno Rey talk about IPv6 security at RIPE78 meeting, another bit of one of my puzzles fell in place. I was planning to do an update of the IPv6 security webinar I’d done with Eric Vyncke, and always wanted to get it done by a security practitioner focused on enterprise networks, making Christopher a perfect fit.

As it was almost a decade since we did the original webinar, Christopher started with an overview of IPv6 security challenges (TL&DR: not much has changed).

Video: FRRouting Deployment Guidelines

20 March 2020

After describing the FRRouting architecture, as well as recent performance optimizations and usability enhancements, Donald Sharp concluded the FRRouting webinar with detailed deployment guidelines.

Video: Bandwidth Is Neither Infinite Nor Cheap

13 March 2020

After decades of riding Moore’s law curve, the networking bandwidth should be (almost) infinite and (almost) free, right? WRONG, as I explained in the Bandwidth Is (Not) Infinite and Free video (part of How Networks Really Work webinar).

There are still pockets of Internet desert where mobile- or residential users have to deal with traffic caps. If you decide to move your applications into any public cloud you better check how much bandwidth those applications consume, or you’ll be the next victim of the Great Bandwidth Swindle, for more details, watch the video.

Video: FRRouting Usability Enhancements

6 March 2020

After covering configuration and performance optimizations introduced in recent FRRouting releases, Donald Sharp focused on some of the recent usability enhancements, including BGP BestPath explanations, BGP Hostname, BGP Failed Neighbors, and improved debugging.

Video: End-to-End Latency Is Not Zero

28 February 2020

After the “shocking” revelation that a network can never be totally reliable, I addressed another widespread lack of common sense: due to laws of physics, the client-server latency is never zero (and never even close to what a developer gets from the laptop’s loopback interface).

Video: FRRouting Configuration and Performance Optimizations

21 February 2020

After introducing FRRouting architecture, Donald Sharp dived deep into configuration and performance optimizations, including asynchronous data plane, next-hop groups, and commit-and-rollback.

Video: The Network Is Not Reliable

7 February 2020

After introducing the fallacies of distributed computing in the How Networks Really Work webinar, I focused on the first one: the network is (not) reliable.

While that might be understood by most networking professionals (and ignored by many developers), here’s an interesting shocker: even TCP is not always reliable (see also: Joel Spolsky’s take on Leaky Abstractions).

Video: FRRouting Architecture

24 January 2020

After a brief overview of FRRouting suite Donald Sharp continued with a deep dive into FRR architecture, including the various routing daemons, role of Zebra and ZAPI, interface between RIB (Zebra) and FIB (Linux Kernel), sample data flow for route installation, and multi-threading in Zebra and BGP daemons.

Video: Fallacies of Distributed Computing

17 January 2020

What better way to start How Networks Really Work webinar than with fallacies of distributed computing… and that’s exactly what I did in late August 2019.

Video: FRRouting Overview

13 December 2019

In October 2019, Donald Sharp did a short webinar describing FRRouting, the hottest open-source routing suite.

As always, he started with an overview of what FRRouting is, and where you could use it.

Video: Cloud Models, Layers and Responsibilities

6 December 2019

In late spring 2019, Matthias Luft and Florian Barth presented a short webinar on cloud concepts, starting with the obvious topic: cloud models, layers, and responsibilities.

Video: Breaking the End-to-End Principle

22 November 2019

Original TCP/IP and OSI network stacks had relatively clean layered architecture (forgetting the battle scars for the moment) and relied on end-to-end principle to keep the network core simple.

As always, no good deed goes unpunished - “creative” individuals trying to force-fit their misdesigned star-shaped pegs into round holes, and networking vendors looking for competitive advantage quickly destroyed the idea with tons of middlebox devices, ranging from firewalls and load balancers to NAT, WAN optimization, and DPI monstrosities.

Video: Putting the Networking Layers Together

8 November 2019

The previous videos from the How Networks Really Work webinar covered an overview of networking challenges and the importance of networking layers.

Now it’s time to put it all together.

Video: Retransmissions and Flow Control in Computer Networks

11 October 2019

Grouping the features needed in a networking stack in a bunch of layered modules is a great idea. Unfortunately, you could place several essential features like error recovery, retransmission, and flow control in several different layers, from the data link layer dealing with individual network segments, to the transport layer dealing with reliable end-to-end transmissions.

Where should we put those modules? As always, the correct answer is it depends, in this particular case, on transmission reliability, latency, and bandwidth cost. You’ll find more details in the Retransmissions and Flow Control part of How Networks Really Work webinar.

Video: The Need for Network Layers

20 September 2019

After identifying some of the challenges every network solution must address (part 1, part 2, part 3) we tried to tackle an interesting question: “how do you implement this whole spaghetti mess in a somewhat-reliable and structured way?”

The Roman Empire had an answer more than 2000 years ago: divide-and-conquer (aka “eating the elephant one bite at a time”). These days, we call it layering and abstractions.

In the Need for Network Layers video, I listed all the challenges we have to address and then described how you could group them in meaningful modules (called networking layers).

Video: Beyond Two Nodes

13 September 2019

In the introductory videos of How Networks Really Work webinar I described the mandatory elements of any networking solution and additional challenges you have to solve when you can’t pull a cable between the adjacent nodes.

It’s time for the next bit of complexity: what if we have more than two nodes connected to the same network segment? Welcome to the world of multi-access networks and data link control.

Video: Introducing Transmission Technologies

30 August 2019

After discussing the challenges one encounters even in the simplest networking scenario connecting two computers with a cable, we took a short diversion into an exciting complication: what if the two computers are far apart and we can’t pull a cable between them?

Trying to answer that question, we entered the wondrous world of transmission technologies. It’s a topic one can spend a whole life exploring and mastering, so we were not able to do more than cover the fundamentals of modulations and multiplexing technologies.

Recently Published: Azure Networking Demo Videos

26 August 2019

Remember my rant about the glacial speed of Azure orchestration system? I decided I won’t allow it to derail yet another event and recorded the demos in advance of the first live session. The final videos are just over an hour long; it probably took me at least three hours to record them.

If you plan to attend the live webinar session on September 12th, you might want to watch at least the first few videos before the live session - I will not waste everyone’s time repeating the demos during the live session.

Video: Networking Challenges

23 August 2019

Whenever discussing a complex topic, it’s worth adhering to two principles: (A) identify the challenges you’re trying to solve, and (B) start as simple as you can and add complexity later.

We did precisely that in the Introducing Networking Challenges part of How Networks Really Work webinar. We started with the simplest possible case of two computers connected with a cable… and even there identified a plethora of challenges that had to be solved more than half a century ago (and still have to be solved today no matter what magic software-defined technology someone pulls out of their wizard hat).

Video: What Problem Are We Solving with SDDC?

6 December 2018

Remember the Software-Defined Data Centers hype? While I covered SDDC concepts and technologies for years in my webinars and workshops, I never created an introductory webinar on the topic.

That omission has been fixed in late August – SDDC 101 webinar is available as part of free subscription, and as always I started with the seemingly simple question: What problem are we trying to solve?

Real-Life Network Automation: How It All Started

15 November 2018

In spring 2018 I started collecting real-life automation wins reported by the attendees of my Building Network Automation Solutions online course. I presented them at Troopers, and as a set of network automation use cases that are available to all ipSpace.net subscribers, some of them even with free subscription.

Today let’s start with how did it start story.

Video: SD-WAN Reference Design

9 November 2018

After explaining the basics of SD-WAN, Pradosh Mohapatra, the author of SD-WAN Overview webinar focused on SDWAN reference network design.

Making Sense of Software-Defined World

12 October 2018

In mid-September I was invited to present at the vNIC 2018 event in Frankfurt, Germany. Unfortunately I wasn’t able to get there, but Zoom did a great job … and enabled me to record the talk.

Video: What Is SD-WAN?

14 September 2018

Pradosh Mohapatra, the author of last week’s SD-WAN Overview webinar started his presentation with a seemingly simple question: What Is SD-WAN?

Video: SPB Fabric Use Cases

25 May 2018

As part of his “how does Avaya implement data center fabrics” presentation, Roger Lapuh talked about use cases for SPB in data center fabrics.

I have no idea what Extreme decided to do with the numerous data center fabric solutions they bought in the last few years, so the video might have just a historic value at this point… but it’s still nice to see what you can do with smart engineering.

Video: Automatic Diagramming with PowerNSX

13 April 2018

Here's a trick question: how often do your Visio diagrams match what's really implemented in your network?

Wouldn't it be great to be able to create or modify them on-the-fly based on what's really configured in the network? That's exactly what Anthony Burke demonstrated in the PowerNSX part of PowerShell for Networking Engineers webinar (source code).

You’ll need at least free ipSpace.net subscription to watch the video.

Video: Tools and Knobs to Use when Tweaking TCP Performance

6 April 2018

In the second half of his Networks, Buffers, and Drops webinar JR Rivers focused on end systems: what tools could you use to measure end-to-end TCP throughput, or monitor performance of an individual socket or the whole TCP stack?

Presentation and Video: Real-Life Automation Wins

23 March 2018

The networking engineers attending the Building Network Automation Solutions online course created numerous amazing automation solutions, most of them already deployed in production networks.

I described some of them in my Troopers 2018 Real-Life Automation Wins talk. The presentation is online and the video has been published on YouTube a few days ago. I hope you’ll find it as inspirational as the Troopers attendees did.

Did you create an awesome automation solution? I’d like to hear about it!

This blog post was initially sent to the subscribers of my SDN and Network Automation mailing list. Subscribe here.

Video: Automated Data Center Fabric Deployment Demo

16 March 2018

I was focused on network automation this week, starting with a 2-day workshop and continuing with an overview of real-life automation wins. Let’s end the week with another automation story: automated data center fabric deployment demonstrated by Dinesh Dutt during his part of Network Automation Use Cases webinar.

You’ll need at least free ipSpace.net subscription to watch the video.

Video: Create an NSX Logical Switch with PowerNSX

2 March 2018

After introducing PowerNSX Anthony Burke illustrated how easy it is to use with a Hello, World equivalent: creating a logical switch (VXLAN segment).

You’ll need at least free ipSpace.net subscription to watch the video.

Want to know more about VMware NSX? We’ll run an NSX-focused event and a NSX Deep Dive workshop in Zurich on April 19th 2018, an overview webinar comparing NSX, ACI and EVPN on March 1st, and a deep dive in VMware NSX architecture later in 2018.

[Video] Configure Data Center Devices with PowerShell

16 February 2018

PowerShell started as a tool to automate Windows servers. It was picked up by VMware (and others) as a platform on which they built their own solutions (PowerCLI and PowerNSX)… but did you know you can use it to configure data center infrastructure, including NX-OS switches, SAN networks, and Cisco UCS?

In the Configuring Data Center Devices with PowerShell video, Mitja Robas described how to do that, and provided source code for all his examples.

You’ll need at least free ipSpace.net subscription to watch the video.

Video: What Is PowerNSX?

9 February 2018

One of the beauties of VMware NSX is that it’s fully API-based – you can automate any aspect of it by writing a script (or using any of the network automation tools) that executes a series of well-defined (and well-documented) API calls.

To make that task even easier, VMware released PowerNSX, an open-source library of PowerShell commandlets that abstract the internal details of NSX API and give you an easy-to-use interface (assuming you use PowerShell as your automation tool).

Video: Big- or Small-Buffer Switches

26 January 2018

After describing the basics of internal data center switch architectures, JR Rivers focused on the crux of the problem the vendors copiously exploit to create a confusopoly: is it better to use big- or small-buffer switches?

Video: Switch Buffer Architectures

8 December 2017

A while ago (in the time of big-versus-small buffers brouhaha), I asked JR Rivers to do a short presentation focusing on buffering requirements of data center switches. He started by describing typical buffer architectures you might find in data center switches.

Video: Using Simple PowerShell Scripts

25 November 2017

After explaining the basics of PowerShell, Mitja Robas described how to do implement the “Hello, World!” of network automation (collecting printouts from network devices) in PowerShell.

To watch all videos from this free webinar, register here.

You’ll need at least free ipSpace.net subscription to watch the video.

Video: Separate Data from Code

10 November 2017

After explaining the challenges of data center fabric deployments, Dinesh Dutt focused on a very important topic I covered in Week#3 of the Building Network Automation Solutions online course: how do you separate data (data model describing data center fabric) from code (Ansible playbooks and device configurations)

Video: Data Center Fabric Validation

20 October 2017

Validating the expected network behavior is (according to the intent-driven pundits) a fundamental difference that makes intent-driven products more than glorified orchestration systems.

Guess what: smart people knew that for ages and validated their deployments even when using simple tools like Ansible playbooks.

Dinesh Dutt explained how he validates data center fabric deployment during the Network Automation Use Cases webinar; I’m doing something similar in my OSPF deployment playbooks (described in detail in Ansible online course).

Video: Building a Pure Layer-3 Data Center with Cumulus Linux

13 October 2017

One of the design scenarios we covered in Leaf-and-Spine Fabric Architectures webinar is a pure layer-3 data center, and in the “how do I do this” part of that section Dinesh Dutt talked about the details you need to know to get this idea implemented on Cumulus Linux.

We covered a half-dozen design scenarios in that webinar; for an even wider picture check out the new Designing and Building Data Center Fabrics online course.

Video: Using REST API with PowerShell

14 September 2017

PowerShell is a great scripting environment if your vendor provided PowerShell libraries to control their software or devices… but what if all you got is REST API (example: Nexus switches)?

We’ll conveniently ignore the challenges of managing devices that use 30-year-old non-scriptable CLI.

Video: Building Data Center Fabrics with SPB

1 September 2017

There are two reasonable ways of building a layer-2 leaf-and-spine fabric: use VXLAN (the direction almost everyone in the industry is taking at the moment), or routing-on-layer-2 technology like TRILL or SPB.

Video: Challenges of Data Center Fabric Deployments

25 August 2017

One of the use cases we covered in Network Automation Use Cases webinar is a fully-automated data center fabric deployment. Dinesh Dutt (Cumulus Networks) started this section with an overview of challenges you might face in data center fabric deployments.

Videos: PowerShell 101

2 June 2017

Mitja Robas started his PowerShell for Networking Engineers presentation with a brief introduction to PowerShell and a few simple hands-on examples. Enjoy the videos ;)

Video: Routing on Hosts Deep Dive

21 April 2017

Wondering how exactly routing on hosts works? Dinesh Dutt explained the details in this 10-minute video during the Leaf-and-Spine Fabric Designs webinar.

Video: Overlays in Data Center Fabrics

7 April 2017

Lukas Krattiger (Cisco Systems) was the guest speaker in Layer-2+3 fabrics part of the Leaf-and-Spine Fabric Design webinar, and he started his presentation with an overview of how we use overlays in data center fabrics.

Video: SPB Deep Dive

24 March 2017

During the Leaf-and-Spine Fabric Designs webinar Roger Lapuh from Avaya explained how Avaya uses SPB technology to build an L2+L3 fabric.

Newer Docker Networking Options

23 February 2017

In the last part of the free Docker Networking Fundamentals webinar Dinesh Dutt described the newer high-performance networking options (Macvlan and Ipvlan) introduced in Docker version 1.12.

Video: Simplify BGP Configurations

10 February 2017

Running BGP instead of an IGP in your leaf-and-spine fabric sounds interesting (mainly if your fabric is large enough). Configuring a zillion BGP knobs on every box doesn’t.

However, BGP doesn’t have to be complex. In the Simplify BGP Configurations video (part of leaf-and-spine fabric designs webinar) Dinesh Dutt explains how you can make BGP configurations simple and easy-to-understand.

Multi-Host Container Networking

20 January 2017

Running Linux containers on a single host is relatively easy. Building private multi-tenant networks across multiple hosts immediately creates the usual networking mess.

Fortunately the Socketplane team did a pretty good job; for more details watch the video from Docker Networking Fundamentals webinar or listen to the podcast I did with them a year ago.

Building a L3-Only Data Center with Cumulus Linux

2 December 2016

Dinesh Dutt was the guest speaker in the second Leaf-and-Spine Fabric Design session. After I explained how you can use ARP/ND information to build a layer-3-only data center fabric that still supports IP address mobility Dinesh described the details of Cumulus Linux redistribute ARP functionality and demoed how it works in a live data center.

Video: Docker Networking Options

18 November 2016

After introducing the fundamentals of Docker networking, Dinesh Dutt focused on various Docker networking options, including multi-host networking with overlays.

After watching the video, you might also want to listen to Episode 49 of Software Gone Wild with Brent Salisbury, Dave Tucker and Madhu Venugopal.

Docker Networking: Introduction to Microservices and Containers

23 September 2016

Dinesh Dutt started his excellent Docker Networking webinar with introduction to the concepts of microservices and Linux containers. You won’t find any deep dives in this part of the webinar, but all you need to do to get the details you’re looking for is to fill in the registration form.

Video: Cumulus Linux Architecture

20 November 2015

Do you want to know more about Cumulus Linux after learning what data center architectures it supports, what base technologies it uses, and how you can use it to simplify network configurations? It’s time to explore Cumulus Linux architecture (part 5 of the presentation Dinesh Dutt had during the Data Center Fabrics webinar).

Cumulus Linux Base Technologies

25 September 2015

Dinesh Dutt started his part of the Data Center Fabrics Update webinar with “what is Cumulus Linux all about” and “what data center architectures does it support” and then quickly jumped into details about the base technologies used by Cumulus Linux: MLAG and IP routing.

Not surprisingly, the MLAG part generated tons of questions, and Dinesh answered all of them, even when he had to say “We don’t do that.”

Video: What Is Cumulus Linux All About?

14 August 2015

In May 2015 I invited Dinesh Dutt to talk about Cumulus Linux and its typical use cases on an update session of the Data Center Fabrics Architecture webinar.

As expected, he started with the big picture: what are Cumulus Networks and Cumulus Linux all about?

Combining MPLS/VPN, MPLS-TE and QoS on MPLS Talks

4 February 2015

In the final part of our MPLS-focused discussion (now part of MPLS Essentials webinar), Seamus wanted to know how one could combine MPLS/VPN, MPLS-TE and QoS (for example, sending VoIP traffic for one customer over a different path).

Short answer: don’t even think about doing that. The added complexity is not worth whatever extra money you’ll be charging the customer (or not).

How Does MPLS-TE Interact with QoS

7 January 2015

MPLS Traffic Engineer is sometimes promoted as a QoS solution (it seems bandwidth calendaring is a permanent obsession of some networking engineers, and OpenFlow is no more a solution than MPLS-TE was ;), but in reality it’s pretty hard to make the two work together seamlessly (just ask anyone who had to implement auto-bandwidth MPLS-TE in a large network).

Not surprisingly, we addressed the topic during our MPLS Tech Talk (now part of MPLS Essentials webinar).

FECs, LDP, and BGP in the MPLS World

25 November 2014

After discussing the basics of MPLS and LDP in our chat, Seamus Gilchrist and myself focused on a concept that perplexes many networking engineers entering the MPLS world: the relationship between Forward Equivalence Classes (FEC), LDP and BGP.

MPLS 101: Introduction to Label Distribution Protocol (LDP)

24 October 2014

In the third part of MPLS Tech Talks, we focused on the role of label distribution protocol (LDP) and its operation in frame-mode MPLS.

MPLS 101: MPLS Traffic Engineering

1 October 2014

After covering the basics of MPLS, my discussion with Seamus Gilchrist turned to the basics of MPLS Traffic Engineering.

The video of that discussion is available in the MPLS Essentials webinar.

What Are Linux Containers?

30 May 2014

Everyone talks about Linux containers these days like they would be the hottest thing invented this spring. In reality, it’s a pretty old technology that was heavily used by some smart web hosting companies for years (but of course, some people think mentioning Google makes everything look sexier).

If you’re interested in a high-level overview of differences between Linux containers and more traditional virtual machines, watch the video from the Introduction to Virtual Networking webinar.

Dual-Stack Security Exposures

2 August 2013

Dual-stack exposures were the last topic Eric Vyncke and myself addressed in the IPv6 security webinar. They range from missing ip6tables on Linux hosts to unintentional split-tunnel VPNs and missing access classes on Cisco IOS devices.

IPv6 Address Assignment and Tracking

5 July 2013

One of the significant challenges of IPv6 is the host address assignment and tracking (for logging/auditing reasons), more so if you use SLAAC or (even worse) SLAAC privacy extensions. Not surprisingly, Eric Vyncke and I spent significant time addressing this topic in the IPv6 Security webinar.

IPv6 uRPF and Neighbor Discovery Throttling

7 June 2013

IPv6 source address spoofing should be old news – it’s no different from its IPv4 counterpart. Neighbor discovery exhaustion attack is an IPv6-only phenomenon enabled by huge IPv6 subnet sizes.

During the IPv6 Security webinar, Eric Vyncke described Cisco IOS mechanisms you can use to cope with both. Enjoy!

Hyper-V 3.0 Extensible Virtual Switch

24 May 2013

It took years before the rumored Cisco vSwitch materialized (in the form of Nexus 1000v), several more years before there was the first competitor (IBM Distributed Virtual Switch), and who knows how long before the third entrant (recently announced HP vSwitch) jumps out of PowerPoint slides and whitepapers into the real world.

Compare that to the Hyper-V environment, where we have at least two virtual switches (Nexus 1000V and NEC's PF1000) mere months after Hyper-V's general availability.

IPv6 Source Address Validation Improvement

29 March 2013

We learned how to deal with ARP and IP spoofing in IPv4 networks. Every decent switch has DHCP snooping, ARP protection, and IP source guard (or whatever the features are called), but validating source IPv6 addresses in security-conscious environments or public multi-access networks remains a major headache.

It would be pretty easy to solve the problem with a central controller, but IETF decided to go another way and developed yet another framework: Source Address Validation Improvements (SAVI). For more information, watch the following video from IPv6 Security webinar in which Eric Vyncke describes the intricacies of SAVI in great details.

Example: Multi-Stage Clos Fabrics

26 February 2013

Smaller Clos fabrics are built with two layers of switches: leaf and spine switches. The oversubscription ratio you want to achieve dictates the number of uplinks on the leaf switch, which in turn dictates the maximum number of spine switches and thus the fabric size.

You have to use multi-stage Clos architecture if you want to build bigger fabrics; Brad Hedlund described a sample fabric with over 24.000 server-facing ports in the Clos Fabrics Explained webinar.

IPv6 Secure Neighbor Discovery (SEND)

1 February 2013

During the IPv6 Security webinar, Eric Vyncke explained the intricate details of IPv6 Security Neighbor Discovery (SEND) and the reasons it will probably never take off.

Reconnaissance in IPv6

22 November 2012

In the introductory part of the IPv6 security webinar, Eric Vyncke explained how the huge IPv6 subnet sizes won’t stop a determined attacker, but will make the task of network or security engineers trying to take host inventory much harder.