May. 29, 2019
Years ago I wrote about building a secure network in a box. Over a weekend I decided to revisit this concept thanks to a colleague at work wanting to do something similar. It got me thinking “a lot has changed since I last did this” and it felt like time to revisit it. Well, disappointment wasn’t in the cards because it’s easier, smarter, and more flexible now that it was back then.
Nov. 5, 2018
Remember OpenFlow? It was the media and marketing darling for the better part of 5 years as “the machine” conflated OpenFlow with SDN and SDN with - almost literally - everything. “Still Does Nothing” was a common phrase uttered around those of us that had run large scale, complex networks for a long time. Quietly, and mostly, out of the fickle media and blogosphere eye, a scrappy little SDN project called faucet has been diligently plugging away– making easy to use, production quality, well documented, and very stable code that runs OpenFlow networks quite happily in production and at scale.
Oct. 18, 2018
Recently, the venerable Ivan Pepelnjak published a very insightful article aboutautomation becoming such a popular topic that was spawned by an email from one of his readers. I found this article to be spot on, and wanted to add a bit of my own opinion into the automation pie, as I have been spending a lot of time on automation as it related to existing networks as well as into SDN based environments.
Mar. 20, 2017
In the last few years I have moved all of my virtualization to proxmox and docker. Seeing as I like to look at packets because I am a closet security guy, and being as I have been working off-and-on on a security project in recent times, I wanted to be able to span a port not only from a hardware switch, but also within my software switches. I had been using linux bridge, which I am not a fan of, so when I started down this path I did not look hard to find a way to do so under that platform.
Oct. 3, 2016
Edit: Going against my normal “just get the content out there” methodology, I’ve been mulling over this blog post since July of 2016. Segment routing is such a beautifully elegant solution I have had trouble articulating that fact. WAN technologies are squarely within my wheelhouse, and this one fits in so well I was going over and over the post never really satisfied with it, continuing to find mistakes and decided to just get it out there.
Jan. 18, 2016
I'm way overdue for a soapbox session -- I found this one in my drafts and thought it was something I needed to put out there. It's already dated in terminology but that actually helps make the point - it's hard to keep up. Lets throw this out there: social media can be exhausting. Do not misunderstand me, it’s a great tool for communication, obtaining and disseminating information as well as standard goofing around.
Nov. 5, 2015
A few years ago I wrote some text on interdomain SDN. Years later, work is being done, smart people are thinking about it and building ways to make it a reality. Not being one to give up on an idea, I gave this presentation in may at ChiNOG on what my take on what that architecture should be. I (we) propose that the use of existing protocols such as BGP FlowSpec will make this realistically deployable and maintainable given some simple, pluggable middleware.
Jun. 20, 2015
I recently had a need to test OpenFlow on the brocade ICX 7450 for a fairly good sized, high visibility project. The basic goal is pretty simple, Layer2 path provisioning. Straightforward and fairly well supported in OpenFlow, even from the early days. To do this, the idea was to use a turnkey platform, that way there is one throat to choke if there are issues. I landed on the Brocade Vyatta controller (which is essentially ODL), and the ICX.
Mar. 28, 2015
Since Network Field Day 9, I have spent more and more time mentally grinding on what Brocade is doing. I have been a pretty vocal critic of the foundry hardware and software platform since my first experience with it years and years ago. I found it to be lacking in completed features, Layer 3 functionality and general stability.
This is one reason that anyone reading this should take pause and think about the background this post is sourcing from and how much of a shift it is.
Feb. 20, 2015
When NEC began talking about SDN at Network Field Day 9, I was not sure what to expect. I knew they had been heavily involved with openflow since the early days, and many years ago I was able to get my hands on their early OpenFlow controller and was immediately frustrated by its cryptic nature and frankly, poor documentation. Their switches were fine and were heavily utilized in early OpenFlow deployments.
Jan. 28, 2015
BigSwitch is making waves again, this time with its Big Cloud Fabric product update. I was lucky enough to get a bit of a preview of what was coming and was pleasantly surprised by the new features, finding them functionally useful for both operators, security folks and management alike. Not only is the fabric fit to operate at hyper scale proportions, they've paid close attention to making such operations even easier.
Jan. 24, 2015
In a few weeks I’ll have the opportunity to participate in another Network Field Day. I’ve been lucky enough to have the opportunity to attendin the past and have done some remote participation when possible, but like some of the other rare opportunities I have had in my career, NFD is fairly unique in that it is constantly evolving in both the information provided and the individuals involved. As the saying goes, variety is the spice of life.
Oct. 10, 2014
I was wanting to do a few quick mock-ups with OpenvSwitch and OpenDayLight and wanted to use CentOS since I have templates for it that I replicate. Just like with thedebian stuff I had been doing, I wasn’t able to find any in some quick searches. I stumbled upon This site, which had a great how to for building them, so I just used that. Seeing as that the debian packages actually got downloaded a lot, I figured I’d post these RPMs as well.
Sep. 22, 2014
I was recently granted access to the beta BigSwitch Networks lab site, a purpose built classroom in the cloud focused on teaching the BigSwitch SDN environment. I had seen some of the BSN offerings in the past and always held them in high regard, but I was thoroughly impressed with both the completeness of the lab and how polished the controller environment was.At the time of this writing, the lab consists of 3 modules: Building cloud fabric, monitoring fabric and dynamic provisioning of monitoring fabric.
Sep. 8, 2014
I admit that the title was meant to be inflammatory. However, there are use cases that aren’t terribly uncommon where an in-line security appliance is just not the correct tool for the job. Someone once told me “a firewall protects a network like a fuse protects an electrical circuit”, and it’s mostly a correct statement. Firewall vendors will probably argue this and enterprise folks may discount this as heresy and call for burning me at the stake.
Jun. 23, 2014
With the recent announcement of Cisco Systems intent to purchase tail-f, proponents of a multi-vendor environment are waiting with baited breath to see how the networking giant will deal with support of competitor hardware and CLIs. Yang is here to stay, there is no doubt about that. As is netconf. Both of these are good things for the industry as a whole, having a standard way to communicate with network hardware [that isn’t openflow] is necessary and immeasurably useful.
Feb. 26, 2014
“Hopefully there are some things here that will make you really upset in a very good way” is how Carl Moberg of Swedish based company tail-f opened up to the crowd at Networking Field Day 7 onFeb 19, 2014. Tail-f is a sleeper, I had actually never heard of them before NFD7, but they’ve got a very unique product in NCS and in my opinion it can change the way existing and future networks are managed.
Feb. 10, 2014
A while ago I got an email asking me to participate in Network Field Day 7. I was very happy and humbled to get asked again since I wasn’t able to attend NFD5 or NFD6 for various reasons outside of my control (although I did try toparticipate with NFD5 remotely). If you’re unfamiliar with the tech field day series, you should spend a little time and learn about the value it brings.
Nov. 29, 2013
As part of a larger fun project I’m working on (OVS for the ALIX platform; more to come on that once I have it 100% working), I have been playing a lot with OVS. It’s a great platform, andas others have mentioned, it’s as close to an SDN reference data plane implementation as we have. I’d be surprised if many if not all commercial implementations of OpenFlow aren’t based on OVS.
Apr. 25, 2013
I had been working, off and on, on a how-to for building the daylight openflow controller under CentOS. Most openflow docs and dev are done under ubuntu or debian, and while those are both fantastic alternatives, there are a huge number of folks that will want or need to use RHEL or CentOS. So, seeing as that is the case, having someone be mindful of that is important. When I saw the write up by Jon Langemak, I scrapped my attempt at a how-to since his was so much better.
Apr. 18, 2013
OpenFlow is, of course, a hot buzzword. It’s the newest, and in my opinion, the most innovative thing to hit data networking since dynamic routing. The ability to programmatically, systematically and potentially dynamically control traffic at the flow level through a network is innovative, exciting and terrifying [to many network engineers and architects] at the same time. Allowing applications to touch the network change behavior is something that many engineers are not terribly comfortable with.
Apr. 8, 2013
The SDN world is abuzz with the announcement that the OpenDaylight controller came from stealth mode today. Why is this important? Well, SDN and OpenFlow are fractured. It is Mac vs. PC, Beta vs VHS, Coke vs. Pepsi all over again……multiplied by 100x and with a handful of players. Vendor zealots and brand loyalists will nearly always side with their camp. Heck, even I have some biases of personal preference.
Mar. 23, 2013
This week there was a lot of buzz about SDN (as usual). There was alightreading thread that I commented on and a fantastic read by Brent Salisbury about being the steamroller and not the road that got me thinking about OpenFlow and SDN in a way I had not before. <soapbox> All that is old is new again. I remember when internal networks were small and routing protocols were taboo in many internal environments.
Mar. 6, 2013
Last year, Networking Field Day was something that I’d heard of but wasn’t really aware of what is really was. I occasionally looked at Twitter and saw the hash tags but did not know much about how it was set up or what it was about. In fact, I actually thought it was supposed to be like the HAM radio field day stuff where you go out and build out an emergency network on the fly.
Feb. 4, 2013
A bit of back history: I came from BSD land. I was a FreeBSD user from way back in the 1990s. BSD land is a land of secure boxes and very high uptimes. It’s also a land of arguably clunky package support, a lot of compiling by hand and these days, not nearly as encompassing package and network tuning support. I decided to move to Linux a while ago, reluctantly, and chose Debian as my flavor of choice.
Jan. 10, 2013
I’ve been lamenting about the SDN WAN options for a while now. Having SDN/OpenFlow in a data center or campus is relatively well documented and already widely deployed. Google has been doing SDN across their private WAN in production. These pieces are easy. What isn’t easy is the ability to plumb SDN across many domains that are under disparate control. This part is hard. What is lacking is a fundamental framework, or set of primitives to build from.
Dec. 20, 2012
I have a love-hate feeling about “predictions” about the upcoming year, especially tech predictions. I don’t like media sensationalism of any kind, and a lot of the tech predctions are just that, sensational, extreme talk to draw in readers or viewers. I’m choosing to go down a more subtle path, these are things I’ve thought about lately but will likely forget in the upcoming year, unless they actually happen, in which case I’d likely do an “ah, I remember thinking that may happen” gesture.
Dec. 10, 2012
Plexxi is an interesting product that has recently emerged in the data center space. While data center, fabric and cloud are all the rage in the buzzword world of data networking, this one caught my attention because it was something unique that I’d not seen before. Their TOR boxes have a few interesting additions to them, the first of which is a WDM port on the back. Now, I’m not really a stranger to the WDM world.
Nov. 27, 2012
There has been a flurry of discussion on SDN in the WAN lately, specifically, why and how. Brent Salsbury laid out a few use cases here. The why seems pretty straightforward. I do believe it will happen, however, the how is the interesting part. Admittedly, I’m a tad of a greenhorn in the SDN space, I’ve made it work in a lab, I participate as much as I can in the working groups and I attempt (poorly) to keep up.