OpenFlow is a proposed standard for exchanging flow data between controllers and networking devices. OpenFlow has the potential to move our networking control plane into the world of Software Defined Networking. But what does that mean for you?
The biggest advantage to having a SDN/OpenFlow enabled network is that you’re able to add plugins to your control plane from multiple vendors. Since it is an open standard, anyone can write modules to add control features for your network, allowing you the flexibility to use any of those to enhance your network.
Panelists
Tech Field Day has done a great job bringing the top minds together, the line up looks something like this.
Guido Appenzeller Kyle Foster (Big Switch)
Curt Beckmann (Brocade)
David Meyer (Cisco)
Ed Crabbe (Google)
David Ward (Juniper)
Don Clark (NEC)
Samrat Ganguily (NEC)
Igor Gashinksy (Yahoo)
Watch the Stream
Followup
After the event, I hope to have some more interesting tidbits to update here as I will be taking some notes on the more interesting bits being discussed. But for now, be sure to check out the Packet Pusher’s blog for some great links and information on OpenFlow. Be on the lookout for an updated post hopefully later today.
As I feel this may be a regular section of the blog due to my lack of availability. Please suggest a better name for this “series”. I would certainly appreciate it, as would my readers who have heard enough of my bad humor…
SSL as we know it has been compromised!
The other Tony, as in Tony Bourke has brought to my attention the recently BEAST exploit that compromises TLS1.0 aka, SSL as you know it. This has been fixed in TLS 1.1 and 1.2, but as it seems, there is very little support out there for anything but TLS 1.0 thanks to the OpenSSL project.
TLS 1.2 and NLB
This is a follow up in a way to the article above, Tony talks about solving the TLS issue using NLBs.
IT Panic Mode
Tom bring up some very good points discussing how engineers deal with stress during outages. And he throws out a great Ghostbusters quote!
Nexus BFD
Interesting article discussing some oddities in the way the Nexus handles BFD processing.
The Reason Enterprises aren’t deploying IPv6
Ethan brings up some great points here discussing why Enterprise enviorments haven’t deployed IPv6, or in many cases, haven’t even considered it.
IPexpert IOU Topology
@jdsilva has built a great IOU Netmap for use with IPexpert’s CCIE R&S labs.
The Last Cable Tool…
Tom has found an interesting tool put out by Gerber. I’d like to see one of these in the store so I could get a feel for it before throwing down some hardcore cash…
MPLS is not Tunneling!
Yet another great post by Ivan, discussing the differences between MPLS virtual circuits and a true tunnel.
Is RIM using Cisco Nexus?
This weeks RIM failure was apparently caused by a core switch failure within their infrastructure. They stated that, “Although the system is designed to failover to a back-up switch, the failover did not function as previously tested.” — This makes me wonder if they’ve experienced some of the same fail over issues as we have with the Nexus line. As these have been fixed in later revisions of code, I would certainly hope this wasn’t the case.
Have you heard the news? You’re least favorite blogger is making the trip to San Jose California for Tech Field Day: Network Field Day 2 — I really want to add a dramatic movie headline to the end of that like… The Reckoning. But I digress. First, I want to say that I’m completely humbled to be selected to attend this years Networking Field Day. As our favorite public access TV hosts Wayne and Garth would say as they bow before the feet of Alice Cooper, “We’re not worthy! We’re not worthy! We’re not worthy! We’re scum, We suck!” — I can use the royal “we”, right? But seriously, to be included in a list with Ivan “Mr. MPLS” Pepelnjak, Greg “Packet Pushers” Ferro, Brandon “AAA” Carroll, Tom “My liver hurts” Hollingsworth, Jeff “Mr. Nexus 7009″ Fry, and Jeremey “IOU” Gaddis is certainly a great honor.
So what is Tech Field Day?
Tech Field Day is a logical expansion of Gestalt IT’s founding principal of “The whole is greater than the sum of the parts”. The brain child of Stephen Foskett now in its third year, brings together innovative IT vendors and the leaders of the IT world in a forum focused on education and feedback. Network Field Day is the networking focused offshoot of this project now in it’s second year. For more information visit the Networking Field Day 2 site.
Tech Field Day Disclaimer
Tech Field Day is made possible by the sponsors who are footing the bill for the travel and living expenses of delegates such as myself. Sponsors should understand that their financing of Tech Field Day in no way guarantees them any bias from the delegates and that they are only there to provide their honest and direct opinions of the solutions they present.
Ever get locked out of a router or switch that is many hours or even days away? Recently, I had the pleasure, again. For some reason, be it the consultant that was turning up our MLPPP session on site, the engineer who was working with the consultant, or a random case of configuration corruption…. a VTY access-class statement got changed to a non-existent ACL. But, at first, I didn’t know this. I didn’t know anything. I assumed the remote office was up, due to the lack of complaints, and the fact that I could get to the server and switch behind the router, but other than that, I had no clue. [ read more... ]
My most recently collection of interesting bits of data found out on the blogsphere/internets. Due to my lack of time, I’ve decided to recycle what I find out on the ‘net and share it here. Please bare with me while I try to come up with an interesting name for such an unoriginal type of post.
Juniper/Junos Portable Library
Greg Ferro ala Etherealmind.com posted an interesting link. Instead of hiding their documentation behind a pay-wall, Juniper has supplied all of it via a mutli-part zip files. As Greg mentioned, loading these on your iPad is a great option for the engineer on the go! [link]
Cisco’s failure to provide IPv6 – Updated!
Ivan Pepelnjak from ioshints.info has some pleasant surprises for us in the Cisco-land with an update on Cisco’s IPv6 support in their data center products. [link]
Nexus 1000v features
Yandy Ramirez aka Packet Maniac has put together a great Mindmap detailing the features of the Nexus 1000v. [link]
IOU – IOS on Unix
More news from Jeremy Gaddis ala Evilrouters.net. He has not only documented the use of, but improved the functionality of the iou2net.pl perl script that replaces the functionality of the hard to come by IOUlive. [link]
Cisco Phone Cheat Codes?
Yes, you had to read that title twice. Tom Hollingsworth aka Networkingnerd.net has put together a cheat sheet for those of us that tend to forget the keypad shortcuts for Cisco’s phone line. [link]
Everyone has different views on hardening IOS, and while I do not claim to be an expert, these are the practices that I commonly use when bringing up a new device. If you see something I missed, please leave a comment and I’ll add it to the list and send the credit your way. I’ve also included general best practices that I follow that fall outside of the security realm. This is in no way a complete list of best practices, or a complete steb-by-step guide to hardening an IOS device. [ read more... ]
As many of you may know, I’m in the middle of a huge network redesign, last week our new firewalls finally arrived and it became time for us to start migrating services onto the edge network I’ve been building for the past couple months. Unfortunately, the first thing they wanted to move was a group of new proxy servers. Since they were already re-addressed and ready for the new infrastructure we figured some policy based routing (PBR) would do the trick until we were ready to flip the switch and change our default route to point out the new edge network.
I spent about a couple minutes writing up the configuration that we would need, nothing too complex. Since we planned out pointing the whole Vlan out the new infrastructure, I wrote 2 ACLs and a route-map that should’ve accomplished the following. [ read more... ]
I’ve never had the opportunity to really do much with F5 load balancers in the past, but recently one our system engineers needed some load balancing setup, and wanted to know if we could assign some static MAC addresses for his NLB. This obviously make us sick to our stomach, so my co-worker decided to dedicate a chuck of time to bringing some F5 BigIP boxes that we had laying around back from the grave. Once they were up and running and had VIPs setup for a couple sites for testing, I spent a few minutes looking at the configuration. Everything seemed rather simple, which explains how he was able to do all of it in just a couple hours. I had him go over the config with me since he has had several years of experience with F5 LTMs and I was rather impressed in their simplicity and flexibility.
Later that day the application owner for one of the test systems we setup asked if there was a decent way for him to troubleshoot with an end user which server they were having an issue with (as this has been a problem in the past when certain servers freak out). My coworker, who doesn’t enjoy any sort of programming or scripting, asked me to look into writing an iRule.
To make a long story short, I quickly found my way to the F5 Dev Central site and started digging in to their documentation. They have a great resource there, lots of examples, and tons of reference information. Within the hour I had a tested and working solution.
The following iRule briefly interrupts the streaming of the page from the server to client, and rewrites the HTML header adding the last octet of the server’s IP address with a bit of formatting to the title section. ie Home (s22)
when HTTP_RESPONSE {
STREAM::disable
if {[HTTP::header "Content-Type"] starts_with "text/"} {
STREAM::expression "@<\/title>@ (s[getfield [LB::server addr] "." 4])<\/title>@"
STREAM::enable
}
}
I really hope to have an opportunity to work with some F5 appliances again soon. I would definitely enjoy writing another iRule to add some custom functionality, but just learning a bit more about some of their advanced features would also be great.
Recent Comments