July 30, 2014

Networking Now (Juniper Blog)

A Holistic Approach to DDoS Mitigation and DNS Availability

MX-RoutingToday organizations need to be prepared for a number of different types of DDoS attacks on their networks. Juniper Networks announced several new enhancements that allows its DDoS Secure solution to help the network better defend itself by using routers as enforcement points.  

by rajoon at July 30, 2014 04:14 PM

VMworld 2014 – Juniper at the Hands-on Lab

VMwarelabs.jpgThis is an exciting year for me. I joined Juniper Networks and my first week, I submitted a lab proposal representing Juniper for the VMworld 2014 Hands-on Lab.  Weeks later, it was approved and two weeks ago, I finalized the lab and document.  I am so incredibly excited that for the first time ever, Juniper Networks is represented in the VMworld Hands-on Lab.

by banksek at July 30, 2014 04:05 PM

Cisco IOS Hints and Tricks

VMware vSwitch and 802.1p CoS Value

One of my readers opened another can of VMware vSwitch worms. He sent me this question:

If a VM were to set a COS value, would the vSwitch reset it to 0 as part of its process of building the dot1q header?

The nasty detail (as you probably know) is that 802.1p CoS value resides in the 802.1q (VLAN) tag.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 30, 2014 08:19 AM

XKCD Comics

July 29, 2014

Peter's CCIE Musings and Rants

How to configure Call monitoring for UCCX

Hi Guys!

UCCX is a great contact center. The supervisor desktop, which I always dismissed as not being that good, actually has some great new features that we will cover off later. For now I am going to talk about how to configure UCCX Call monitoring.

Call monitoring allows you to listen in on an agents conversation, it plays through your PC speakers. The call does NOT have to be an ACD calls because it basically works via SPAN.

The way it works is that the agent software sends the RTP stream to the supervisors PC, it does this because the phone has "SPAN to PC" option configured.

This is found under the phone itself:

Next, you simply select an recording server for the user. This is found under the Desktop administration drop box in the corner of UCCX (top right hand corner)

On the side menu, expand out multiline, monitoring and recording and select VoIP monitoring device

We are done! Setup is ready to go, you will need to relogin to the agent and supervsior and don't forget to reset the phone.

From here you simply go to the supervisor desktop, highlight the user and click "voice monitor"
That's it! Easy as that

by peter_revill (noreply@blogger.com) at July 29, 2014 05:56 PM

Honest Networker
The Networking Nerd

The Pain of Licensing

Frequent readers of my blog and Twitter stream may have noticed that I have a special loathing in my heart for licensing.  I’ve been subjected to some of the craziest runarounds because of licensing departments.  I’ve had to yell over the phone to get something taken care of.  I’ve had to produce paperwork so old it was yellowed at the edges.  Why does this have to be so hard?

Licensing is a feature tracking mechanism.  Manufacturers want to know what features you are using.  It comes back to tracking research and development.  A lot of time and effort goes into making the parts and pieces of a product.  Many different departments put work into something before it goes out the door.  Vendors need a way to track how popular a given feature might be to customers.  This allows them to know where to allocate budgets for the development of said features.

Some things are considered essential.  These core pieces are usually allocated to a team that gets the right funding no matter what.  Or the features are so mature that there really isn’t much that can be done to drive additional revenue from them.  When’s the last time someone made a more streamlined version of OSPF?  But there are pieces that can be attached to OSPF that carry more weight.

Rights and Privileges

Here’s an example from Cisco.  In IOS 15, OSPF is considered a part of the core IOS functionality.  You get it no matter what on a router.  You have to pay an extra license on a switch, but that’s not part of this argument.  OSPF is a mature protocol, even in version 3 which enables IPv6 support.  If you have OSPF for IPv4, you have it for IPv6 as well.  One of the best practices for securing OSPF against intrusion is to authenticate your area 0 links.  This is something that should be considered core functionality.  And with IPv4, it is.  The MD5 authentication mechanism is built into the core OS.  But with IPv6, the IPSec license needed to authenticate the links has to be purchased as a separate license upgrade.  That’s because IPSec is part of the security license bundle.

Why the runaround for what is considered a best practice, core function?  It’s because IPv6 uses a different mechanism.  One that has more reach that simple MD5 authentication.  In order to capture the revenue that the IPSec security team is putting in, Cisco won’t just give away that functionality.  Instead, it needs to be tracked by a license.  The R&D work from that team needs to be recovered somehow.  And so you pay extra for something Cisco says you should be doing anyway.  That’s the licensing that upsets me so.

License Unit Report

How do we fix it?  The money problem is always going to be there.  Vendors have to find a way to recapture revenue for R&D while at the same time not making customers pay for things they don’t need, like advanced security or application licenses.  That’s the necessary evil of having affordable software.  But there is a fix for the feature tracking part.

We have the analytics capability with modern software to send anonymized usage statistics to manufacturers and vendors about what feature sets are being used.  Companies can track how popular IPSec is versus MD5 or other such feature comparisons.  The software doesn’t have to say who you are, just what you are using.  That would allow the budgets to be allocated exactly like they should be used, not guessing based on who bought the whole advanced communications license for Quality of Service (QoS) reporting.


Tom’s Take

Licensing is like NAT.  It’s a necessary evil of the world we live in.  People won’t pay for functionality they don’t use.  At the same time, they won’t use functions they have to pay extra for if they think it should have been included.  It’s a circular problem that has no clear answer.  And that’s the necessary evil of it all.

But just because it’s necessary doesn’t mean we can’t make it less evil.  We can split the reporting pieces out thanks to modern technology.  We can make sure the costs to develop these features gets driven down in the future because there are accurate statistics about usage.  Every little bit helps make licensing less of a hassle that it currently is.  It may not go away totally, but it can be marginalized to the point where it isn’t painful.

by Tom Hollingsworth at July 29, 2014 04:02 PM

My Etherealmind

Response: Customer Intent on SDN Adoption is Accelerating with 85% Adoption by 2016

I collect data from three different research . This is much higher and sooner than my previous survey data in December 2013 and more recently for InformationWeek. Clearly, SDN demand is much greater than almost anyone predicts. Are people talking to the wrong sources about the future of networking ?

The post Response: Customer Intent on SDN Adoption is Accelerating with 85% Adoption by 2016 appeared first on EtherealMind.

by Greg Ferro at July 29, 2014 11:24 AM

July 28, 2014

My Etherealmind

Internets of Interest – 27 July 2014

Collection of useful, relevant or just fun places on the Internets for %dateend% and a bit commentary about what I've found interesting about them:

The post Internets of Interest – 27 July 2014 appeared first on EtherealMind.

by Greg Ferro at July 28, 2014 08:10 PM

Cisco IOS Hints and Tricks

Is STP Really Evil?

Maxim Gelin sent me an interesting question:

Can you please explain to me, why is STP supposed to be evil? What's wrong with STP?

STP’s fundamental problem is that it’s a fail-close, not a fail-open protocol.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 28, 2014 04:53 PM

Packet Pushers Blog/Podcast

Show 198 – Kirk Byers on Network Automation with Python & Ansible

Kirk Byers has been doing network automation work for quite a while now. I've been following his Pynet mailing list, where he teaches list members in a series of structured lessons how to code in Python, harnessing the scripting language's power for network automation. I met Kirk at Cisco Live US, and we got to chat for a few minutes. He agreed to come on the show anyway. Kirk discusses network automation with the Packet Pushers, drawing on his experience with Python and Ansible. We also discuss how network automation techniques relate to the larger world of software defined networking. Discussion What do we mean by "network automation"? Is network automation SDN? Python. What is it? (We're brief here, because Packet Pushers did show 176 with more information about Python.) Use-cases for network automation, such as information gathering and network device configuration. How an overlay/underlay networking model will facilitate network automation. Ivan Pepelnjak discussed this to a certain extent recently in this blog post. How white box switching could facilitate network automation (since it is Linux). How Ansible can be used for network device configuration. Links Ansible is Simple IT Automation Kirk Byers (kirkbyers) on Twitter Python for Network Engineers Unit testing - Wikipedia, the free encyclopedia

by Packet Pushers Podcast at July 28, 2014 05:00 AM

XKCD Comics

July 26, 2014

Honest Networker

When you give your colleague’s personal phone number to a brainless customer

When you give your colleague's personal phone number to a brainless customer

When you give your colleague’s personal phone number to a brainless customer

by ohseuch4aeji4xar at July 26, 2014 02:09 PM

July 25, 2014


The Principle of Same-Same in Physical Network Design

In modern network architecture, most designs are redundant, often all the way through. Hosts uplink to two different ToR switches. Those ToR switches usually have two uplinks to a distribution layer or potentially more uplinks in leaf-spine designs. Spine switches uplink to a pair of core switches. Physical firewalls are deployed as clusters. […]

by Ethan Banks at July 25, 2014 09:04 PM

Packet Pushers Blog/Podcast

HTIRW: DNS Security

In the last few posts on this topic, we’ve talked about the various bits and parts of the DNS system, from who pays to how it works to DNS tools. This time, we’re going to finish off DNS in this (probably record breaking for Packet Pushers) series, and talk about some various aspects of DNS […]

Author information

Russ White

Russ White

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking on Software Defined Networks at The Future Internet in Denver in Late August, and in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, and is currently working on a new book in the area of network complexity with Addison Wesley, as well as a book on innovation from within a Christian worldview.

The post HTIRW: DNS Security appeared first on Packet Pushers Podcast and was written by Russ White.

by Russ White at July 25, 2014 06:19 PM

Peter's CCIE Musings and Rants

Retrieve MOH files


by peter_revill (noreply@blogger.com) at July 25, 2014 04:33 PM


The Ethernet Switching Landscape – Part 07 – Data Center Interconnect (DCI)

This is one of a multi-part series on the Ethernet switching landscape I wrote to support a 2-hour presentation I made at Interop Las Vegas 2014. Part 1 of this written series appeared on NetworkComputing.com. Search for the rest of this series. One of the more specialized featured that appears in a limited […]

by Ethan Banks at July 25, 2014 02:22 PM

The Ethernet Switching Landscape – Part 08 – SDN & OpenFlow

This is one of a multi-part series on the Ethernet switching landscape I wrote to support a 2-hour presentation I made at Interop Las Vegas 2014. Part 1 of this written series appeared on NetworkComputing.com. Search for the rest of this series. Ethernet switches have been a focal point of software defined networking. […]

by Ethan Banks at July 25, 2014 02:22 PM

Guest Post – I Am Interviewed About Interop New York

Folks, this is a first for me on this blog – a guest post. In this case, I was interviewed by TechnologyAdvice’s Clark Buckner about my involvement with Interop. Since I’m a big fan of Interop as a vendor-neutral conference designed to bring together all the IT silos, it was an easy interview […]

by Ethan Banks at July 25, 2014 02:15 PM

D-Link for Business? Yes, That’s a Thing.

Yesterday, I was briefed by the good folks at D-Link about their managed Ethernet switches. If you’re like I was, you think of D-Link purely as a consumer-grade line of switches aimed at home users. Reality is that D-Link also has managed switches that are worth evaluating for the small-to-medium sized enterprise. Why? […]

by Ethan Banks at July 25, 2014 02:10 PM

What is ONIE (Open Network Install Environment)?

On 16-July-2014, I attended a webinar hosted by Curt Brune of Cumulus Networks on ONIE. This post is a distillation of some key points from that webinar. What is the Open Network Install Environment (ONIE)? Conceptually, ONIE (pronounced oh-nee) is a network OS installer used by several whitebox switching vendors to load a network […]

by Ethan Banks at July 25, 2014 02:10 PM

Cisco IOS Hints and Tricks

Could You Replace MPLS/VPN with IPSec-over-Internet?

Someone recently sent me this scenario:

Our CIO has recently told us that he wants to get rid of MPLS because it is too costly and is leaning towards big Internet lines running IPSEC VPNs to connect the whole of Africa.

He was obviously shopping around for free advice (my friend Jeremy Stretch posted his answers to exactly the same set of questions not so long ago); here are the responses I wrote to his questions:

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 25, 2014 09:09 AM


Seek The Peak Fundraiser Wrap-Up & Thank You

Thanks to all of you that helped me raise money for New Hampshire’s Mount Washington Observatory through the annual “Seek The Peak” hike to Mt. Washington’s summit. I completed the hike on Saturday. If you’d like to read about that hike and see a pile o’ pictures, go to my family’s hiking blog. […]

by Ethan Banks at July 25, 2014 12:57 AM

XKCD Comics

July 24, 2014

Potaroo blog

Some Internet Measurements

At APNIC Labs we’ve been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP.

July 24, 2014 10:00 PM

Peter's CCIE Musings and Rants

Disabling specific log messages on the ASA to help troubleshoot

The ASA logging gives you lots of great info but it tends to have loads of info coming up all at once. I tend to do a trick where I know the IP address I am looking for, so I constantly type:

show log | inc

then I try and generate the traffic and capture the entry in the log.

However, someone else has a great way to disable specific logs


Great stuff!

by peter_revill (noreply@blogger.com) at July 24, 2014 03:01 PM

July 23, 2014

CCIE Journey

CCIE Journey Special – $500 off 1-Year Premium All Access Pass

INE is offering a $500 off special for a 1 year All Access Pass for our blog readers here. To get the special just click on the INE banner to the left and it will take you to the sign up site for the discount. Not sure how long they will keep the discount going so keep that in mind :)

by CCIE Journey at July 23, 2014 06:04 PM

Cioara's Cisco Blog
Cisco IOS Hints and Tricks

Campfire story: Using the wrong tool for the job

Summer is the perfect time for campfire stories – here’s one about using the wrong tool for the job.

A Long time ago in an IT organization far, far away Artificial Intelligence (AI) was the coolest kid on the block.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 23, 2014 09:07 AM

XKCD Comics

July 22, 2014

Honest Networker
My Etherealmind

Big Switch Networks Launches Mature Hardware-Centric Data Centre SDN Solution

Big Switch Networks (BSN) launches Version 4.0 of Big Cloud Fabric for hardware-centric SDN data centre fabric. The Data Centre Fabric solution clearly shows the maturity gained from 5 years of shipping products while adding innovation in switch hardware through Switch Light operating system. At the same time, they have completed the transition from platform to product. A product that really has what you need in a hardware-centric SDN platform and addresses nearly all of the issues the competitors have not addressed. And it is shipping now.

The post Big Switch Networks Launches Mature Hardware-Centric Data Centre SDN Solution appeared first on EtherealMind.

by Greg Ferro at July 22, 2014 02:30 PM


Six Phases of Network Evolution

Last month I was asked to speak about Next Generation Networks at Indonesian Network Operators Group (IDNOG) forum. Whenever I speak about this subject with my customers, I usually use top down approach: started by talking about the business drivers and requirements, NGN architecture, to high level and low level design, before going deep into details to each supporting technology.

This time I decided to take a different approach. Instead, I tried to demonstrate how to build a new SP network from bottom to up. The objective is to show how the network can be transitioned from the simple one that offers a single service, to the one that carry multiple services and become resilient Next Generation Networks. I don't know if the message was received by the attendees, but I run out my 30 minutes time so I continued that effort by conducting the webex session few weeks ago.

The presentation I made for that session inspires me to write down about the six phases of network evolution below. And the phase will end up with the one thing that has become hot topic these days: Software Defined Network (SDN).

Phase 1: It begins with connectivity
When we build the network from ground up, the first and most important thing to focus is all about connectivity. Site A can connect to site B. User can access the server. This means we need to build the physical topology, enable layer 2 and L3 routing protocols (IGP, BGP) to provide connectivity. And it is common to deliver only single service (Internet/data) on global routing table.

Phase 2: Converged network and multi-services
Then comes the next requirement to use the same network to deliver multiple services. MPLS is definitely the protocol of choice by industry to provide overlay in the network, even other tunneling protocols can still be used as long as the objective is achieved. The network now must be able to provide L3VPN and L2VPN services over MPLS, High speed Internet, voice over IP, IPTV for both multicast stream and unicast video on demand, even mobile services and multimedia. Convergence happens in access layer too: one IP MPLS network to carry different types of last-mile access networks technology.

Phase 3: Scalability
When we have big number of users accessing multiple services, especially for Service Provider, scalability factor becomes important. Nowadays we use IGP routing protocol only to connect between SP routers while the customer networks are carried using BGP. IGP must be fine tuned and link-state protocol area design must be done properly to make it scalable. BGP RR design becomes crucial when the number of BGP speakers is high. Multiple BGP AS must be able to work between each other to carry the services seamlessly. Even the design of every part of the network need to be unified and consistent in order to make it easier to scale up.

Phase 4: Services level differentiation
QoS will kick in when there is congestion in the network. When there is no congestion, QoS is applied to limit the service in order to differentiate service level provided to end user. QoS implementation in Service Provider network is obviously different with Enterprise network. In SP it's common to share network infrastructure that spread across the nation connected with WAN links, with potential of network congestion, to serve big number of users trying to access multiple services. QoS makes sense to be applied to prioritize certain type of traffic, or to charge the customer differently depending on the agreed service level. In Enterprise network such as LAN campus network or data center, it is already considered low latency network with sufficient bandwidth pipe hence the QoS implementation focus is most likely on the WAN link.

Phase 5: High availability and resiliency
The target for HA and resiliency in the network depends on how much we can tolerate services unavailability. Some customers can afford network downtime for days while others can only tolerate fraction of seconds. Some applications can continue to work, or to resume immediately, when it gets disconnected for more than few seconds while some others can show serious disruption when the network is down within miliseconds. So we need to look at high availability and resiliency from end to end perspective. Physical topology redundancy is good but may not be enough. Link down or network node down detection becomes crucial. IGP can be fined tune to react below 500 ms. Hardware availability combined with NSF, NSR and GR may be able to provide 0 packet drop during route-processor failover. BGP fast convergence is done in forwarding plane, even in control plane it still relies on IGP convergence. Multicast streams can be active-active and in parallel using path diversity to provide always-on IPTV service. MPLS TE and IP FRR may be used to achieve sub-50 ms while waiting for the IGP to fully converged, in exchange of more complexity in the network. And infrastructure security is another factor to consider to ensure network availability.

Phase 6: Manageability, agility and efficiency
"Simplicity is the prerequisite for reliability". In order to provide reliable services it should be simple enough to run the network. Some believe if network management works as expected we won't even talk much about SDN. The fact that the network today has become very complex to manage, even with various management tools available in the market, makes many of us are looking for the solution that seems to be promised by SDN. We still need to run lots of management protocol like SNMP and RMON. We still need to secure management channel through SSH or other encrypted channel. But now we want the network to be agile to adopt to the changes that come from lots of new applications. We need to be able to provision new services quicker. We are talking more and more about automation and network programmability. We want the network to be efficient. We want to hide all the complexity that happens in the network to make it efficient for the operator to run and manage it. And SDN may be able to do so by providing the abstraction to provide the simplicity to run the network.

In the end, with the amount of complexity built up when the network transforms from one phase to the other as above, it's clear why SDN looks promising. It's easier now to understand why people believe SDN is the answer.
Because it's simply the part of the network evolution.

by noreply@blogger.com (Himawan Nugroho) at July 22, 2014 12:31 PM

Renesys Blog

Kurdish ISPs enable growth of Iraqi Internet

The recent violence in Iraq and the government’s actions to block social media and other Internet services have put a spotlight on the Iraqi Internet. However, an overlooked but important dynamic in understanding the current Iraqi Internet is the central role Kurdish ISPs play in connecting the entire country to the global Internet.

In the past five years, the Internet of Iraq has gone from about 50 networks (routed prefixes) to over 600. And what is most noteworthy this that the growth has not occurred as a result of increased connectivity from the submarine cable landing at Al Faw, as would be expected in a typical environment. Instead the dominant players in the Iraqi wholesale market are two Kurdish ISPs that connect to the global Internet through Turkey and Iran: Newroz and IQ Networks. Iraq-International-Internet-Connectivity-Paths-by-Dyn@72dpi

Help from the Kurds

The Iraqi Kurdistan region contains four main cities: Erbil, Duhok, Zakho and Sulaymaniyah. Newroz covers the first three, while IQ Networks provides service in the last. However, it would be incorrect to simply classify these providers as city-level retail ISPs. They also carry significant amounts of traffic for the rest of the country.

logo4        iq-networks-orig-220x48

From the relative peace and stability of Kurdistan, Newroz and IQ Networks sell transit to Iraqi ISPs in the biggest markets — those in the middle and south of Iraq. Central Iraq ISPs, such as Earthlink, ScopeSky, and FastIraq, attain transit from the Kurdish providers by connecting in northern Iraqi cities of Mosul and Kirkuk.

Five years Iraqi Internet growth

The graph below illustrates the overall growth of the Iraqi Internet over the last five and a half years. The total count of Iraqi networks (routed prefixes) is depicted in purple and the networks transited by either Newroz (blue), IQ Networks (green) or both (yellow) are overlaid as a stacked plot in the forefront. At last count, 73% of Iraq networks are routed through these two providers. And if you count unique IP addresses, these two Kurdish providers transit 86% of all Iraqi IP address space.


The remaining networks are either routed through Jordan (e.g. Earthlink to Damamax), various satellite service providers, smaller direct connections to Turkey or submarine cable connectivity at the Al Faw cable landing (most notably ITC service to GTT). Below are recorded remarks by Prime Minister Nouri al-Maliki at the opening ceremony of ITC fiber service during which he said, “fiber optic cables have paved the way in revolutionizing the world of communications and this will now be witnessed in Iraq.”

The following graph is similar to the previous one, but limited to just 2014 to more clearly illustrate recent changes. You can see a discontinuity in June as militants destroyed an interconnection point in Mosul, impacting Internet traffic transited by Newroz from central Iraq. Most notably Earthlink lost its service from Newroz and Damamax in this incident.


Low Risk of Disconnection

In 2012, Jim Cowie classified Iraq as “low risk of disconnection” in his blog post Could it happen in your country?. The conclusion was that due to the diversity of external transit sources (submarine cable, satellite, and terrestrial via Turkey, Iran and Jordan), it would be difficult to completely disconnect the Iraq from the global Internet. It may be cold comfort for those Iraqis who were (and still are) impacted by the recent blackouts, but this back-of-the-envelope analysis was proven correct by recent events.

In fact, it is the latest attempted shutdowns (including the failed attempt last fall during a pricing dispute) that prove, perhaps surprising to some, how resilient the Internet of Iraq is. And that resiliency is primarily due to Kurdish transit.

The post Kurdish ISPs enable growth of Iraqi Internet appeared first on Renesys.

by Doug Madory at July 22, 2014 11:45 AM

The Networking Nerd

I Can’t Drive 25G


The race to make things just a little bit faster in the networking world has heated up in recent weeks thanks to the formation of the 25Gig Ethernet Consortium.  Arista Networks, along with Mellanox, Google, Microsoft, and Broadcom, has decided that 40Gig Ethernet is too expensive for most data center applications.  Instead, they’re offering up an alternative in the 25Gig range.

This podcast with Greg Ferro (@EtherealMind) and Andrew Conry-Murray (@Interop_Andrew) does a great job of breaking down the technical details on the reasoning behind 25Gig Ethernet.  In short, the current 10Gig connection is made of four multiplexed 2.5Gig connections.  To get to 25Gig, all you need to do is over clock those connections a little.  That’s not unprecedented, as 40Gig Ethernet accomplishes this by over clocking them to 10Gig, albeit with different optics.  Aside from a technical merit badge, one has to ask themselves “Why?”

High Hopes

As always, money is the factor here.  The 25Gig Consortium is betting that you don’t like paying a lot of money for your 40Gig optics.  They want to offer an alternative that is faster than 10Gig but cheaper than the next standard step up.  By giving you a cheaper option for things like uplinks, you gain money to spend on things.  Probably on more switches, but that’s beside the point right now.

The other thing to keep in mind, as mentioned on the Coffee Break podcast, is that the cable runs for these 25Gig connectors will likely be much shorter.  Short term that won’t mean much.  There aren’t as many long-haul connections inside of a data center as one might thing.  A short hop to the top-of-rack (ToR) switch, then another different hop to the end-of-row (EoR) or core switch.  That’s really about it.  One of the arguments against 40/100Gig is that it was designed for carriers for long-haul purposes.  25G can give you 60% of the speed of that link at a much lower cost.  You aren’t paying for functionality you likely won’t use.

Heavy Metal

Is this a good move?  That depends.  There aren’t any 25Gig cards for servers right now, so the obvious use for these connectors will be uplinks.  Uplinks that can only be used by switches that share 25Gig (and later 50Gig) connections.  As of today, that means you’re using Arista, Dell, or Brocade.  And that’s when the optics and switches actually start shipping.  I assume that existing switching lines will be able to retrofit with firmware upgrades to support the links, but that’s anyone’s guess right now.

If Mellanox and Broadcom do eventually start shipping cards to upgrade existing server hardware to 25Gig then you’ll have to ask yourself if you want to pursue the upgrade costs to drive that little extra bit of speed out of the servers.  Are you pushing the 10Gig links in your servers today?  Are they the limiting factor in your data center?  And will upgrading your servers to support twice the bandwidth per network connection help alleviate your bottlenecks? Or will they just move to the uplinks on the switches?  It’s a quandary that you have to investigate.  And that takes time and effort.


Tom’s Take

The very first thing I ever tweeted (4 years ago):

We’ve come a long way from ratified standards to deployment of 40Gig and 100Gig.  Uplinks in crowded data centers are going to 40Gig.  I’ve seen a 100Gig optic in the wild running a research network.  It’s interesting to see that there is now a push to get to a marginally faster connection method with 25Gig.  It reminds me of all the competing 100Mbit standards back in the day.  Every standard was close but not quite the same.  I feel that 25Gig will get some adoption in the market.  So now we’ll have to choose from 10Gig, 40Gig, or something in between to connect servers and uplinks.  It will either get sent to the standards body for ratification or die on the vine with no adoption at all.  Time will tell.


by Tom Hollingsworth at July 22, 2014 01:13 AM

July 21, 2014

Packet Pushers Blog/Podcast

Show 197 – Cisco Nexus Updates with Ron Fuller – Sponsored

Repeat guest and friend of the Packet Pushers Ron Fuller chats with Greg Ferro and Ethan Banks about the latest updates to both the hardware and software in the ever-growing and capable Cisco Nexus product line. We get a thorough update in this show, hitting lots and lots of highlights. Discussion What's new with the Nexus 7K product line? New hardware in the form of the 7706, 7710, 7718 chassis. New F3 line cards. Additions to the Nexus 6K line with the 6004X chassis, featuring all removable LEMs. NX-OS continues to mature. The 6.2 code train now has "long lived" releases for customers who wish to standardize on specific builds. The Nexus Validation Testing program continues to grow in scope. New software services include Remote Integration of Services Engines (RISE) and Intelligent Traffic Director (ITD). The Nexus 5K line gets new models in the 5672 and 56128 which feature line rate L3 forwarding. What is Dynamic Fabric Automation, and how has customer adoption been? Links Cisco Nexus 7700 Data Sheet Cisco Nexus I/O Modules Data Sheets (including the F3 modules) Cisco Remote Integrated Service Engine Cisco/Citrix RISE-related White Paper Cisco Nexus 7000 NX-OS 6.2 Release Notes

by Packet Pushers Podcast at July 21, 2014 06:31 PM

Honest Networker
My Etherealmind

Response: Improving Flow Based Hashing on ECMP with Cuckoo hashing

There are many algorithms that can be used to for flow-based hashing to provide the best load balancing method over multiple IP or Ethernet connections but I recently learned that Cuckoo Hashing the preferred method.

The post Response: Improving Flow Based Hashing on ECMP with Cuckoo hashing appeared first on EtherealMind.

by Greg Ferro at July 21, 2014 03:39 PM

Internetwork Expert Blog

CCIE RSv5 ATC Continues Wednesday, July 23rd

The CCIE Routing & Switching Advanced Technologies Class v5 resumes Wednesday, July 23rd at 8:00 AM PDT (15:00 UTC) at live.ine.com, where we will be discussing MPLS Layer 3 VPN. In the meantime, you will find the streaming and download playlists have been updated and now includes over 63 hours of content.

We have some other great news as well. The CCIE R&S v5 Rack Control panel has been released with the built-in telnet, loading and saving configs and one click device configurations and reset requests. Also, new content will be posted this week to the workbook, including all new troubleshooting labs.

by Brian McGahan, CCIE #8593, CCDE #2013::13 at July 21, 2014 03:01 PM

Cioara's Cisco Blog
Cisco IOS Hints and Tricks

Layer-3 Switching over VXLAN Revisited

My Trident 2 Chipset and Nexus 9500 blog post must have hit a raw nerve or two – Bruce Davie dedicated a whole paragraph in his Physical Networks in Virtualized Networking World blog post to tell everyone how the whole thing is a non-issue and how everything’s good in the NSX land.

It’s always fun digging into more details to figure out what’s really going on behind the scenes; let’s do it.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at July 21, 2014 08:12 AM

XKCD Comics