Using the DNS without directly using recursive resolvers seems like an approach that is totally alien to the DNS as we know it, so it might be useful to ask: How did we get to this point where a resolverless form of DNS name resolution makes some sense? And, to whom does it make sense?

I started preparing the materials for the SDN – 10 years later webinar, and plan to publish a series of blog posts documenting what I found on various aspects of what could be considered SDN¹. I’m pretty sure I missed quite a few things; your comments are most welcome.

Let’s start with an easy one: software/hardware disaggregation in network devices.

Open-Source Network Operating Systems

I found several widely-used open-source² network operating systems:

Russ White continues the discussion about BGP peering in part two of this lesson. Topics covered include: -Challenges with link-local next hop with IPv6 -How different BGP implementations handle these challenges -Promiscuous peering -Mitigating the attack surface of promiscuous peers -BGP Capabilities -Filtering before advertising/RFC 8212 You can subscribe to the Packet Pushers’ YouTube channel […]

The post Learning BGP Module 2 Lesson 2: Peering, Part 2 – Video appeared first on Packet Pushers.

<figure class="wp-block-image size-large"><figcaption>Soon in a movie theater near you! </figcaption></figure>

Source: https://www.linkedin.com/posts/subspace-com_we-regret-to-announce-that-effective-may-activity-6930952295824207873-2z25?utm_source=linkedin_share&utm_medium=member_desktop_web

The first video in this second module of Russ White’s BGP course covers peering, including why BGP uses TCP for transport, passive and active peer, multi-hop peering, collisions, and more. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. […]

The post Learning BGP Module 2 Lesson 1: Peering Part 1 – Video appeared first on Packet Pushers.

Another interesting column by Geoff Huston: performance of TCP congestion control protocols when using Low-Earth Orbit or Geosynchronous Orbit satellites for Internet access.

This lesson in Russ White’s BGP course delves into synchronization within an Autonomous System (AS) and confederation within an AS. It also discusses route reflectors, including how they prevent loops, route reflector clients, route reflector multi-path, and multi-path pros and cons. Russ White is a network architect, author, and instructor. You can subscribe to the […]

The post Learning BGP Module 1 Lesson 4: Intra-AS Models And Route Reflectors – Video appeared first on Packet Pushers.

Understanding a dual nature can be hard

Juniper Networks’ network virtualization software Contrail can now integrate with Kubernetes. Originally designed for OpenStack, Juniper calls this new version of Contrail “CN2.” Contrail is a Software Defined Networking (SDN) platform for spinning up, configuring, and managing virtual networks on compute nodes rather than traditional network hardware. Contrail enables virtualized routing, switching, load balancing, and […]

The post Juniper Extends Contrail To Kubernetes For Cloud-Native Virtual Networking appeared first on Packet Pushers.

This lesson in Russ White’s BGP course gets into withdrawing a route, MRAI time, implicit withdraws, BGP Hunt, graceful restart, and other topics. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content […]

The post Learning BGP Module 1 Lesson 3: How BGP Really Converges – Video appeared first on Packet Pushers.

First off, go watch this excellent video from Ken Duda of Arista at Networking Field Day 28. It’s the second time he’s knocked it out of the park when it comes to talking about code quality:

<iframe allowfullscreen="true" class="youtube-player" height="329" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation" src="https://www.youtube.com/embed/wDQOghDmTi8?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en&amp;autohide=2&amp;wmode=transparent" style="border:0;" width="584"></iframe>

One of the things that Ken brings up in this video that I thought would be good to cover in a bit more depth is the idea of what happens to the culture of your organization, specifically code quality, when you acquire a new company. Every team goes through stages of development from formation through disagreement and finally to success and performance. One of the factors that can cause a high-performing team to regress back to a state of challenges is adding new team members to the group.

Let’s apply this lesson to your existing code infrastructure. Let’s say you’ve spent a lot of time building the best organization that has figured out and your dev teams are running like a well-oiled machine. You’re pushing out updates left and right and your users are happy. Then, you buy a company to get a new feature or add some new blood to the team. What happens when that new team comes on-board? Are they going to integrate into what you’ve been doing all this time? Do they have their own method for doing development? Are they even using the same tools that you have used? How much upheaval are you in for?

Buying Your Way To Consistency

Over a decade ago, United Airlines bought Continental Airlines. Two years later, the companies finally merged their ticketing systems. Well, merged might be a bit of a stretch. United effectively moved all their reservations to the Continental system and named the whole thing United. There are always challenges with these kinds of integrations but one might think that part of the reason for the acquisition was to move to a more modern reservation system.

United’s system was called Apollo and built in the 1970s. How could they move to a more modern system? Was the reason for the huge purchase of another airline directly related to their desire to adopt a newer, more flexible reservation system? There have certainly been suggestions of that for a number of years. But, more importantly, they also saw the challenges faced by one of their Star Alliance partner US Airways in 2007 when they tried a different approach to merging booking systems. The two radically different code bases clashed and created issues. And that’s for something as simple as an airline reservation system!

In the modern day we have much more control over the way that code is developed. We know the process behind what we do and what we write. When we build something we control it the entire way. However, that is true of everyone that writes code. And even with a large number of “best practices” out there no two developers are going to approach the problem the same way unless they work for the same company. So when you bring someone on board to your team through acquisition you’re also bringing in their processes, procedures, and habits. You have to own what they do because now their development quirks are part of your culture.

Bracing For the Impact

There’s a lot of due diligence that happens when companies are purchased. There’s an army of accountants that pore over the books and find all the potential issues. I’d argue that any successful merger in today’s world also needs to include a complete and thorough code review as well. You need to know how their culture is going to integrate into what you’re doing. Never mind the intellectual property issues. How do they name variables? Do they call the same memory allocation routines? Do they use floats instead of integers because that’s how they were taught? What development tools do they use and can those tools adapt to your workflow?

It may sound like I’m being a bit pedantic when I talk about variable naming being a potential issue but when it comes to code that is not the case. You’re going to have to train someone in procedure and you need to know who that is before they start committing code to your codebase. Those little differences are going to create bugs. Those bugs are going to creep into what you’re working on and create even more problems. Pretty soon something as simple as trying to translate from one IDE to another is going to create a code quality problem. That means your team is going to spend hours solving an issue that could have been addressed up front by figuring out how things were done in two different places. If you think that’s crazy, remember NASA lost a satellite over a unit conversion problem.

---

Tom’s Take

You may never find yourself in the shoes of someone like Ken Duda. He’s committed to quality software and also in charge of trying to integrate acquisitions with his existing culture. However, you can contribute to a better software culture by paying attention to how things are done. If you do things a certain way you need to document everything. You need to ensure that if someone new comes into the team that they can understand your processes quickly. That way they don’t spend needless hours troubleshooting problems that were lost in translation at the start of the process. Do the hard work up front so you aren’t calling people names later.

Cisco Live US 2022 will be June 12-16 in Las Vegas. After two years of virtual conferences and being vaccinated three times against Covid-19, I’m more than motivated to go in person! However, for those who are still hesitating, there is also an online version, over two days, probably in a similar format to 2021. I am really looking forward to it and being able to talk and interact with my former colleagues, friends, and peers again. This is probably the best part about attending a conference in person: meeting…

The post Cisco Live 2022 appeared first on AboutNetworks.net.

The last part of Network Addressing section of How Networks Really Work webinar covered other addressing-related topics starting with address assignment mechanisms.

Brilliant explanation of data encoding and cell services

Here’s another “do these things ever disappear?” question from Enrique Vallejo:

Regarding storage, is Fibre Channel still a thing in 2022, or most people employ SATA over Ethernet and NVMe over fabrics?

TL&DR: Yes. So is COBOL.

To understand why some people still use Fibre Channel, we have to start with an observation made by Howard Marks: “Storage is different.” It’s OK to drop a packet in transit. It’s NOT OK to lose data at rest.

Here’s a short list of major goodies included in netsim-tools release 1.2.2:

• Access VLANs, VLAN trunks and native VLANs implemented on Cisco IOS, Arista EOS, VyOS, and Dell OS10 (VyOS and OS10 support contributed by Stefano Sasso)
• Hardware labs implemented with external topology provider (contributed by Stefano Sasso)
• VRF loopback interfaces (contributed by Stefano Sasso)

More details in the release notes.

To upgrade netsim-tools, use pip3 install --upgrade netsim-tools; if you’re starting from scratch, read the installation instructions.

Recent news from the Department of Unintended Consequences: RFC 6724 changed the IPv4/IPv6 source/destination address selection rules a decade ago, and it seems that the common interpretation of those rules makes IPv6 Unique Local Addresses (ULA) less preferred than the IPv4 addresses, at least according to the recent Unintended Operational Issues With ULA draft by Nick Buraglio, Chris Cummings and Russ White.

End result: If you use only ULA addresses in your dual-stack network¹, IPv6 won’t be used at all. Even worse, if you use ULA addresses together with global IPv6 addresses (GUA) as a fallback mechanism, there might be hidden gotchas that you won’t discover until you turn off IPv4. Looks like someone did a Truly Great Job, and ULA stands for Useless Local Addresses.

A friend of mine working for a mid-sized networking vendor sent me an intriguing question:

We have a product using an old ASIC that has 12K forwarding entries, and would like to extend its lifetime. I know you were mentioning some useful tricks, would you happen to remember what they were?

This challenge has no perfect solution, but there are at least three tricks I’ve encountered so far (as always, comments are most welcome):

Erik Auerswald sent me a pointer to a blog post by Dave Taht: The state of fq_codel and sch_cake worldwide. It’s so nice to see what a huge impact Dave made since he started the Bufferbloat project.

Hint: if you have no idea what Bufferbloat or fq_codel are, you REALLY SHOULD explore Dave’s web site.

Most large content providers use some sort of egress traffic engineering on edge web proxy/caching servers to optimize the end-user experience (avoid congested transit autonomous systems) and link utilization on egress links.

I was planning to write a blog post about the tricks they use for ages, and never found time to do it… but if you don’t mind watching a video, the Source Routing on the Edge presentation Oliver Herms had at iNOG::14v does a pretty good job explaining the concepts and a particular implementation.

It’s been a great week at Networking Field Day 28 this week with some great presentations and even better discussions outside of the room. We recorded a couple of great podcasts around some fun topics, including the Full Stack Engineer.

Some random thoughts about that here before we publish the episode of the On-Premise IT Roundtable in the coming weeks:

• Why do you need a full stack person in IT? Isn’t the point to have people that are specialized?
• Why does no one tell the developers they need to get IT skills? Why is it more important for the infrastructure team to learn how to code?
• We see full stack doctors, which are general practitioners. Why are there no full stack lawyers or full stack accountants?
• If the point of having a full stack understanding is about growing non-tech skills why not just say that instead?
• There’s value in having someone that knows a little bit about everything but not too much. But that value is in having them in a supervisor role instead of an operations or engineering role. Do you want the full stack doctor doing brain surgery? or do you want him to refer you to a brain surgeon?

---

Tom’s Take

Note that I don’t have all the answers and there are people that are a lot smarter than me out there that have talked a lot about the full stack engineering issue. My biggest fear is that this is going to become another buzzword just like 10x engineer that carries a lot of stigma about being less than useful while being a know-it-all. When the episode of the podcast comes out perhaps it will generate some good discussion on how we should be handling it.

15 year duty cycle claimed

Christopher Werny has tons of hands-on experience with IPv6 security (or lack thereof), and described some of his findings in the Practical Aspects of IPv6 Security part of IPv6 security webinar, including:

• Impact of dual-stack networks
• Security implications of IPv6 address planning
• Isolation on routing layer and strict filtering
• IPv6-related requirements for Internet- or MPLS uplinks

Blog post on using SuzieQ for change validation by collecting state information prior to change. Lots of detail on installation and coding so you can do this yourself.  The PRE snapshot was just that, a snapshot of state at a point in time before we started the work. If a device was not on the […]

The final episode in this course reviews everything we covered. Thanks for watching! Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network Automation Nerds and has written the books Mastering Python […]

The post Practical Python For Networking: 8.0 – Conclusion – Video appeared first on Packet Pushers.

netsim-tools started as a simple tool to create virtual lab topologies (I hated creating Vagrantfiles describing complex topologies), but when it morphed into an ever-growing “configure all the boring stuff in your lab from a high-level description” thingie, it gave creative networking engineers an interesting idea: could we use this tool to do all the stuff we always hated doing in our physical labs?

My answer was always “of course, please feel free to submit a PR”, and Stefano Sasso did just that: he implemented external orchestration provider that allows you to use netsim-tools to configure IPv4, IPv6, VLANs, VRFs, LLDP, BFD, OSPFv2, OSPFv3, EIGRP, IS-IS, BGP, MPLS, BGP-LU, L3VPN (VPNv4 + VPNv6), SR-MPLS, or SRv6 on supported hardware devices.

This lesson wraps up the section on distributing packages with a full example. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network Automation Nerds and has written the books Mastering Python […]

The post Practical Python For Networking: 7.3 – Distribution Example – Video appeared first on Packet Pushers.

Details on Aruba & Extreme Avaya vulnerability

Nicola Modena created an interesting presentation describing IBGP designs using BGP Additional Paths and Optimal Route Reflection functionality

Hope you’ll enjoy the presentation as much as I did… and make sure you understand potential circular dependencies you might be introducing when running a route reflector as a virtual machine.

This lessons walks through preparing a package for distribution. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network Automation Nerds and has written the books Mastering Python Networking and Distributed Denial […]

The post Practical Python For Networking: 7.2 Distribution Preparation – Video appeared first on Packet Pushers.

Heavy Strategy is about IT strategy. My co-host Johna Till-Johnson is the CEO/founder of Nemertes Research with a lot of strategy experience that combines with her technical background. The great thing is that Johna is willing to strongly debate topics. We go “head to head” and disagree to discuss. Its enjoyable and the feedback has been […]

Russ White’s BGP series continues with a discussion of building loop-free paths with the Border Gateway Protocol (BGP). Topics include AS (Autonomous System) paths, loop prevention, why loop checks are inbound, and more on IBGP and EBGP. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel […]

The post Learning BGP Module 1 Lesson 2: How BGP Builds Loop-Free Paths – Video appeared first on Packet Pushers.

Continuing the what happened to old technologies saga, here’s another question by Enrique Vallejo:

Are FabricPath, TRILL or SPB still alive, or has everyone moved to VXLAN? Are they worth studying?

TL&DR: Barely. Yes. No.

Layer-2 Fabric craziness exploded in 2010 with vendors playing the usual misinformation games that eventually resulted in totally fragmented market full of partial- or proprietary solutions. At one point in time, some HP data center switches supported only TRILL, and other data center switches from the same company supported only SPB.

Now for individual technologies:

Russ White kicks off a ten-video series on the Border Gateway Protocol (BGP). The series is divided into two modules, with short lessons within each module. This first video covers a brief history of BGP and then gets into the purpose of BPG, reachability vs. a route, Autonomous System (AS) rules, problems that BGP solves, […]

The post Learning BGP Module 1 Lesson 1: Why BGP? – Video appeared first on Packet Pushers.

This lesson provides an introduction to distributing Python packages. Creating packages was covered in lessons 6.1, 6.2, and 6.3. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Additional resources: https://packaging.python.org/tutorials/packaging-projects/ https://dzone.com/articles/executable-package-pip-install Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of […]

The post Practical Python For Networking: 7.1 Distributing Python Packages – Introduction – Video appeared first on Packet Pushers.

This transition to IPv6 has been going on for 20 years now, and if there was any urgency that was instilled in the effort by the prospect of IPv4 address exhaustion then we’ve been living with exhaustion for a decade now. So perhaps it's time to ask the question: How much longer is this transition going to take?

Does an IP address need to be treated like other Personally Indentifiable Information (PII)?

The post Privacy And Networking Part 3: Is An IP Address Protected Information For Privacy? appeared first on Packet Pushers.

Now that you’ve learned how to put together a package, this lesson shows you how to call that package in a script. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network […]

The post Practical Python For Networking: 6.4 – Run Package Example – Video appeared first on Packet Pushers.

It’s time for the bad part of AI/ML in Networking: Good, Bad, and Ugly webinar. After describing the potential AI/ML wins, Javier Antich walked us through the long tail of AI/ML problems.

Research paper on DNS over QUIC suggests faster than DOT & DOH

This lesson walks through the creation of a simple package. Course files are in a GitHub repository: https://github.com/ericchou1/pp_practical_lessons_1_route_alerts Eric Chou is a network engineer with 20 years of experience, including managing networks at Amazon AWS and Microsoft Azure. He’s the founder of Network Automation Nerds and has written the books Mastering Python Networking and Distributed […]

The post Practical Python For Networking: 6.3 – Making A Simple Package Example – Video appeared first on Packet Pushers.

Useful business primer on why and what of SONIC

Two week ago I described how to create a simple VRF Lite lab with netsim-tools VRF configuration module. Adding MPLS/VPN to the mix and creating a full-blown MPLS/VPN lab is a piece of cake. In this blog post we’ll build a simple topology with two VRFs (red and blue) and two PE-routers:

<figure><figcaption>

Lab topology

</figcaption> </figure>