November 24, 2014

Packet Pushers Blog/Podcast

We Are At HP Discover Conference in Barcelona Next Week

The Packet Pushers team are once again packing their virtual underpants and this time heading to Spain at HP Discover in Barcelona with our “cloud studio”. Next week we will enjoying some warm winter nerdiness on HP Networking products and strategy, looking closely at the ever-growing HP VAN strategy for SDN and also diving in the bread & […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at and on Twitter @etherealmind and Google Plus.

The post We Are At HP Discover Conference in Barcelona Next Week appeared first on Packet Pushers Podcast and was written by Greg Ferro.

by Greg Ferro at November 24, 2014 04:50 PM

Chewtoy's Technical Musings

Love thy Neighbor

A couple of unrelated incidents over the past couple of weeks have prompted me to put some words down on how a pretty well understood protocol in IPv4 has changed to a pretty misunderstood protocol in IPv6.  Yup, that's right. ARP versus neighbor discovery.

I think that one of the problems people hit is that IPv6 neighbor discovery actually covers a range of different functions.  For the purposes of this post I am only considering neighbor solicitations and solicited advertisements: i.e. the bits that replace ARP.  Other goodness, such as router advertisements and duplicate address detection, I am treating as out of scope.  I am also only considering the case of Ethernet, as that is by far the most common type of link in networks these days.  When you restrict yourself to this subset to begin with neighbor discovery starts to look very familiar.

Lets consider ARP first.  ARP is pretty simple.  You send out a broadcast asking who has a specific IP address, and you get a unicast reply back telling you the answer.  It can get more complicated than that, but that description covers most of the ARP you will ever see. So what are the problems?

The glaring one is the use of broadcast.  An Ethernet broadcast will work its way through the whole of the layer 2 network.  When an Ethernet card receives a broadcast (and every card will recieve every ARP request), the only thing it can do is punt it up to the next layer in the stack based on the Ethertype. You may hear other arguments against ARP, but basically it boils down to either the fact that every request hits the whole of your network or that every request causes a kernel interrupt on every box connected to the network.

When designing neighbour discovery in IPv6 thought was put into how this can be alleviated, and this is where most of the main differences between ARP and ND come in. Rather than broadcasting an ARP request, a neighbour solicitation will take the low-order 24 bits of the IPv6 address, and use this to construct a link-local multicast address to send the solicitation to.  This will determine both the link-layer (MAC) destination as well as the destination IPv6 address used in the packet.  The logic here is that if you are using stateless autoconfiguration, the low-order 24 bits of your IPv6 address will be the low-order 24 bits of your MAC address, and will be the same for every on-net prefix you have an address on and you only need one entry in your multicast filter list (more on this later).

Now multicast introduces a can of worms.  What does Ethernet multicast actually mean?  There are protocols/features (IGMP snooping, MLD) that will allow a switch to determine whether to flood a multicast frame through a port based on the groups that port subscribes to.  These are valuable when you have busy multicast groups in your network, but most switches will fall back to a safe default of flooding all traffic. Because of this we can consider Ethernet multicast to be equivalent to broadcast at layer 2 in the majority of networks.  Where this changes though is when the frame actually hits a network card.  While a broadcast will always need to be passed up the stack, the chipset and driver should allow an application to specify which multicast MAC addresses it is interested in, and therefore the card can make a decision on whether to ignore the frame before generating an interrupt.  So half a win here, right?.

Well actually that depends on your hardware and the way that the software is implemented.  The MAC filter on most cards is quite limited.  128 is considered a good card, and numbers like 4 or 8 are a lot more common.  What does this mean?  Well, that again depends on the card.  Sometimes it will be a simple list: interested in a MAC? Put it in the list and I will pass you frames forwarded to that MAC. Want more entries in the list than I have space for? Tough, you'll need to use promiscuous mode and get everything...  Sometimes it is a hash table: Interested in a MAC?  I will calculate a hash of the destination MAC (e.g. applying the FCS calculation against the destination MAC address to map it into a numerical bucket) and pass you all frames that match the same bucket. You can drop ones you aren't interested in.  Other cards may have a filter list for unicast MACs but will have a flag allowing "promiscuous multicast" so that all multicast frames get punted upwards. In all cases, if the card forwards more than just those frames asked for, the software will need to make up for it; hopefully in the driver rather than punting the requirement all the way to user-space.  In other words this isn't so much half a win as somewhere between parity and half a win. Maybe.

So is it all worth it? Personally I think it is.  Sure there are arguments that the extra complexity doesn't actually come with much benefit but I would disagree here.

Neighbor Solicitation vs ARP Request and Neighbor Advertisement vs ARP Reply is a fairly clear mapping. It might not catch all the nuances but it is a pretty good start for troubleshooting. The fact that neighbor discovery actually uses ICMPv6 rather than residing in it's own layer parallel to IP may twist the noggins of us old-timers, but it makes more sense for new engineers coming in to networking. And while the jump from broadcast to multicast doesn't really give much advantage while today's network cards can't be relied on to filter things properly, but that is a problem that can be solved with pressure on vendors (which will come when people start growing LANS with /64s and don't have the prompt to evaluate the design that comes when you need to change the netmask).  If we consider hardware not being where we want it a hard road-block we'll never get anything

Comments / abuse gratefully received :)

by (Russell Heilling) at November 24, 2014 04:46 PM

Packet Pushers Blog/Podcast

4 Inevitable Questions When Joining a Monitoring Group, Pt. 2

Leon Adato, Technical Product Marketing Manager with SolarWinds is our guest blogger today, with a sponsored post in a four-part series on the topic of alerting. In the first part of this series, Leon explained how to answer the first of four (ok, really 5) questions that monitoring professionals are inevitably asked once they join […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via

The post 4 Inevitable Questions When Joining a Monitoring Group, Pt. 2 appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

by Sponsored Blog Posts at November 24, 2014 04:30 PM

Cisco IOS Hints and Tricks

Quick Peek: Juniper vMX Router

While the industry press deliberates the disaggregation of Arista and Cisco, and Juniper’s new CEO, Juniper launched a virtual version of its vMX router, which is supposed to have up to 160 Gbps of throughput (as compared to 10 Gbps offered by Vyatta 5600 and Cisco CSR). Can Juniper really deliver on that promise?

Read more ...

by Ivan Pepelnjak ( at November 24, 2014 11:09 AM

Moving Workloads to the Clouds

David Spark published 16 tips for moving your workloads to the clouds. Contrary to the usual useless nonsense coming down from hybrid cloud evangelists (you know, the people who moved from “VMs following the sun” to “seamless hybrid cloud workload mobility”) some of the tips actually make sense, starting with “Have a real reason for the migration”. Enjoy!

by Ivan Pepelnjak ( at November 24, 2014 07:45 AM

XKCD Comics

November 22, 2014

Networking Now (Juniper Blog)
Peter's CCIE Musings and Rants

Binding SIP on a per dial-peer basis:

Hi Guys!

Very Cool and I had no idea you could do this, I am sure your all familiar with binding to SIP:

voice service voip
  bind all lo0

What I just found out and wish I had known sooner, is you can actually change this binding on a per dial-peer basis:

dial-peer voice 100 voip
 session target
session protocol sipv2
 voice-class sip bind control source-interface Loopback0
 voice-class sip bind media source-interface Loopback0


Pretty cool hey?

by peter_revill ( at November 22, 2014 10:44 AM

November 21, 2014

Packet Pushers Blog/Podcast

APIs, APIs…a look at Arista’s eAPI

Arista switches have an API known as eAPI. In this article, I will discuss some of the basics of how eAPI operates, how to connect to it, and how to gather network information using it.   Basic eAPI operation eAPI uses JSON-RPC over HTTPS.  What this means in simpler terms is that the communication to and […]

Author information

Kirk Byers

Kirk Byers is the owner of Twin Bridges Technology–a bootstrapped technology business in San Francisco. He teaches Python courses for Network Engineers and writes about network automation at He is a long-time network engineer (CCIE #6243 emeritus), has extensive experience with *nix system administration, and is a Python programmer. He is interested in programming and networking and how to improve network engineering practices through automation.

The post APIs, APIs…a look at Arista’s eAPI appeared first on Packet Pushers Podcast and was written by Kirk Byers.

by Kirk Byers at November 21, 2014 11:52 PM

Network Break 22

Cisco Loves and Hates Net Neutrality, SDN WAN continues to grow and Analysts as AWS puppy dogs - drooling, licking themselves and barking at the AWS reinvent conference.

by Packet Pushers Podcast at November 21, 2014 08:00 PM

Honest Networker
My Etherealmind

Less Sales, Simpler Products, Easier Buying

Out of sheer frustration this week, I tweeted this and got a big response: The Back Story I’ve wasted about 60 hours of customers time working with resellers & vendors to get a quote for a relatively simple network upgrade. Neither the vendor staffers or the reseller employees knew how the product was licensed or […]

The post Less Sales, Simpler Products, Easier Buying appeared first on EtherealMind.

by Greg Ferro at November 21, 2014 04:00 PM

Cisco IOS Hints and Tricks

Open vSwitch Performance Revisited

A while ago I wrote about performance bottlenecks of Open vSwitch. In the meantime, the OVS team drastically improved OVS performance resulting in something that Andy Hill called Ludicrous Speed at the latest OpenStack summit (slide deck, video).

Let’s look at how impressive the performance improvements are.

Read more ...

by Ivan Pepelnjak ( at November 21, 2014 08:21 AM

XKCD Comics

November 20, 2014


Not Raising Red Flags While Looking For A New Job

A reader wrote to me, explaining that they were unhappy in their current job situation, and queried how they might be able look for a new job without raising any red flags with their existing employer. Tricky, but I have a few thoughts, having done this a time or two over my career. […]

by Ethan Banks at November 20, 2014 10:10 PM

Friday News Analysis: Open Networking Foundation, Dave Ward on Open

Open Networking Foundation Extends Conformance Testing to Non-Members “The Open Networking Foundation (ONF), a non-profit organization dedicated to accelerating the adoption of open Software-Defined Networking (SDN), today announced it has extended the ONF OpenFlow™ Conformance Testing Program to include testing for non-ONF members. Companies interested in receiving an OpenFlow Certificate of Conformance for […]

by Ethan Banks at November 20, 2014 08:13 PM

Cisco IOS Hints and Tricks
Potaroo blog

The Resolvers We Use

The Internet's Domain Name System is a modern day miracle. It may not represent the largest database that has ever been built, but nevertheless it's truly massive. The DNS is consulted every time we head to a web page, every time we send an email message, or in fact every time we initiate almost any transaction on the Internet. We assume a lot about the DNS. For example, content distribution networks are observed to make use of the location of the DNS resolver as being also the same location as the user. How robust is this assumption of co-locality of users and their resolvers? Are users always located "close" to their resolvers? More generally, what is the relationship between the end user, and the DNS resolvers that they use? Are they in fact closely related? Or is there widespread use of distant resolvers?

November 20, 2014 04:15 AM

Who's Watching?

It's been more than a year since Edward Snowden released material concerning the activities of US agencies in the area of cyber-intelligence gathering. A year later, and with allegations of various forms of cyber spying flying about, it's probably useful to ask some more questions. What is a reasonable expectation about privacy and the Internet? Should we now consider various forms of digital stalking to be "normal"? To what extent can we see information relating to individuals' activities online being passed to others?

November 20, 2014 04:15 AM

Networking Now (Juniper Blog)

Microsoft's Out-of-Band Fix for a Critical Kerberos Issue

Microsoft released an out-of-band update, MS14-068, yesterday to patch a critical bug in its Kerberos implementation. This bug could allow a remote, unprivileged, authenticated attacker to elevate their privileges to that of any other domain user. Such an attack could also enable the attacker to obtain domain administrator privileges and completely compromise the security restrictions enforced on the targeted domain.

by atyagi at November 20, 2014 01:15 AM

November 19, 2014

Packet Pushers Blog/Podcast

The changing of the guard: Telecom Style-Part 1

The sale of a incumbent local exchange carrier (ILEC) aka the local telephone company can be much more complicated than one might think, ordinary folks anyway. Networking & IT  professionals most likely have a different viewpoint as migrations are a fundamental part of the IT field. Such a transaction becomes more complicated when triple play […]

Author information

Mitchell Lewis

Mitchell is a young technology professional with an interest in networking & communications. He takes an interest in the ever changing telecom space as well as other networking technologies (datacenter etc). His main hobby project is overseeing the expansion of broadband into a co-operative campground, shares of which are owned by a family member.

Mitchell currently is a Cisco Certified Entry Level Tech (CCENT Certified) with intentions of obtaining higher as time permits.He graduated from the Connecticut Technical High School system with a focus in Information Systems Technology (Combination of Higher Ed MIS & Computer Science). While there he developed the production computing platform for his academic department( servers, networking, desktop).

He is currently pursing higher education from the UCONN School of Business & welcomes any opportunity to further advance his experience in the IT Field & professional knowledge.

The post The changing of the guard: Telecom Style-Part 1 appeared first on Packet Pushers Podcast and was written by Mitchell Lewis.

by Mitchell Lewis at November 19, 2014 10:26 PM

The Linux ip Command – An Ostensive Overview

It came to my attention and I was rather surprised to learn a while back that the Linux ifconfig command has been deprecated for quite some time by the Linux ip command set. The ip command isn’t new to me and I’ve recognised its advantages for some time but considering its ‘elevated’ status I thought […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

The post The Linux ip Command – An Ostensive Overview appeared first on Packet Pushers Podcast and was written by Steven Iveson.

by Steven Iveson at November 19, 2014 10:03 PM

Stop Doing Post Mortems & Root Cause Analysis With indeni

Indeni has technology that can predict known types of network failures using pre-mortem analysis.

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via

The post Stop Doing Post Mortems & Root Cause Analysis With indeni appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

by Sponsored Blog Posts at November 19, 2014 08:00 PM

Cisco IOS Hints and Tricks

Just Published: PCI DSS Videos

The edited videos of the fantastic PCI DSS webinar Michele Chubirka presented in early July have finally been published (yes, there’s a huge backlog that’s getting cleaned up). Enjoy!

by Ivan Pepelnjak ( at November 19, 2014 02:42 PM

Coping with Byzantine Routing Failures

One of my readers sent me an interesting challenge:

We have two MPLS providers sending us default routes and it seems like whenever we have problem with SP1 our failover is not happening properly and actually we have to go in manually and influence our traffic to forward via another path.

Welcome to the wondrous world of byzantine routing failures ;)

Read more ...

by Ivan Pepelnjak ( at November 19, 2014 08:41 AM

Packet Pushers Blog/Podcast

Show 213 – What’s Next for Avaya Enterprise Wireless – Sponsored

Unlike Gen Z’ers, who have never known a world without Wi-Fi (or Minecraft), some of us get to see technology come full circle. Join Alan Hase, VP of Avaya Networking, and the Packet Pushers as they outline (and relish and pontificate) how this phenomenon is playing out in WLAN and Mobility today. Alan highlights how modern WLAN solutions can combine the best of both worlds (the manageability/scale of controller based WLAN solutions with the resiliency/performance of wired solutions) to create a truly unified network that is optimized for today’s BYOD, application-driven, and 802.11ac world. This podcast gets into architecture discussions and is useful for anyone considering improving or expanding their wireless Enterprise footprint.

by Packet Pushers Podcast at November 19, 2014 04:00 AM

XKCD Comics

November 18, 2014

Honest Networker
The Networking Nerd

Wires Are The Exception


Last week I went to go talk to a group of vocational students about networking.  While I was there, I needed to send a couple of emails.  I prefer to write emails from my laptop, so I pulled it out of my bag between talks and did the first thing that came to mind: I asked for the wireless SSID and password.  Afterwards, I started thinking about how far we’ve come with connectivity.

I can still remember working with a wireless card back in 2001 trying to get the drivers to play nice with Windows 2000.  Now, wireless cards are the rule and wired ports are the exception.  My primary laptop needs a dongle to have a wired port.  My new Mac Mini is happily churning along halfway across the room connected to my network as a server over wireless.  It would appear that the user edge quietly became wireless and no tears were shed for the wire.

It’s also funny that a lot of the big security features like 802.1x and port security became less and less of an issue once open ports started disappearing in common areas.  802.1x for wired connections is barely even talked about now.  It’s more of an authentication mechanism for wireless now.  I’ve even heard some vendors of these solutions touting the advantages of using it with wireless and then throwing in the afterthought comment, “We also made it easy to configured for wired connections too.”

We still need wires, of course.  Access points have to connect to the infrastructure.  Power still can be delivered via microwave.  But the shift toward wireless has made ubiquitous cabling unnecessary.  I used to propose a minimum of four cable drops per room to provide connectivity in a school.  I would often argue for six in case a teacher wanted to later add an IP phone and a couple of student workstations.  Now, almost everything is wireless.  The single wire powers a desk phone and an antiquated desktop.  Progressive schools are replacing the phones with soft clients and the desktops with teach laptops.

The wire is not in any danger of becoming extinct.  But it is going to be relegated to the special purpose category.  Wires will only live behind the scenes in data centers and IDF closets.  They will be the thing that we throw in our bag for emergencies, like an extra console cable or a VGA adapter.

Wireless is the future.  People don’t walk into a coffee shop and ask, “Hey, where’s the Ethernet cable?” Users don’t crowd around wall plates with hubs to split the one network drop into four or eight so they can plug their tablets in.  Companies like Aruba Networks recognized this already when they started posing questions about all-wireless designs.  We even made a video about it:

While I don’t know that the all-wireless design is going to work, I can say with certainty that the only wires that will be running across your desktop soon will be power cables and the occasional USB cord.  Ethernet will be relegated to the same class as electrical wires connected to breaker boxes and water pipes.  Important and unseen.

by networkingnerd at November 18, 2014 08:11 PM

Honest Networker
Cisco IOS Hints and Tricks

Do We Have Too Many Knobs?

The last day of Interop New York found me sitting in the Speaker Center with a few friends pondering the hype and reality of SDN and brokenness of traditional network products. One of the remarks during that conversation was very familiar: “we have too many knobs to configure”, and I replied “and how many knobs do you think there are in Windows registry?" (or Linux kernel and configuration files).

Read more ...

by Ivan Pepelnjak ( at November 18, 2014 08:23 AM Blog

MAC Address Aggregation and Translation as an Alternative to L2 Overlays

Not so long ago, if you wanted to build a data center network, it was perfectly feasible to place your layer three edge on the top-of-rack switches and address each rack as its own subnet. You could leverage ECMP for simple load-sharing across uplinks to the aggregation layer. This made for an extremely efficient, easily managed data center network.

Then, server virtualization took off. Which was great, except now we had this requirement that a virtual machine might need to move from one rack to another. With our L3 edge resting at the top of the rack, this meant we'd need to re-address each VM as it was moved (which is apparently a big problem on the application side). So, now we have two options: We can either retract the L3 edge up a layer and have a giant L2 network spanning dozens of racks, or we could build a layer two overlay on top of our existing layer three infrastructure.

Most people opt for some form of the L2 overlay approach, because no one wants to maintain a flat L2 network with dozens or hundreds of thousands of end hosts, right? But why is that?

Continue reading · 10 comments

by Jeremy Stretch at November 18, 2014 02:05 AM

November 17, 2014

My Etherealmind

Cisco On Net Neutrality Isn’t What It Seems

Chambers pointed the finger at Net Neutrality for a slow down in purchasing by carriers in US markets and that he perceives it as damaging to Cisco business interests. I find it more credible that SDN/NFV is slowing capital investments than some far off political change.

The post Cisco On Net Neutrality Isn’t What It Seems appeared first on EtherealMind.

by Greg Ferro at November 17, 2014 06:00 PM

Cisco IOS Hints and Tricks

Just Published: Overlay Virtual Networks in Software Defined Data Centers

Overlay virtual networks are one of my favorite topics – it seems I wrote over a hundred blog posts describing various aspects of this emerging (or is it reinvented) technology since Cisco launched VXLAN in 2011.

During the summer of 2014 I organized my blog posts on overlay networks and SDDC into a digital book. I want to make this information as useful and as widely distributed as possible – for a limited time you can download the PDF free of charge.

Learn more about the book

by Ivan Pepelnjak ( at November 17, 2014 12:24 PM

Packet Pushers Blog/Podcast

BGPSEC: Basic Operation

I’m going to take a little break from my other two series to inject a short series on BGPSEC. I’ll return to HTIRW and RFCs you need to know shortly. BGPSEC is a set of standards currently under consideration in the IETF to secure BGP beyond the origin AS – in other words, to secure […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.

The post BGPSEC: Basic Operation appeared first on Packet Pushers Podcast and was written by Russ White.

by Russ White at November 17, 2014 08:00 AM

XKCD Comics

November 15, 2014

Packet Pushers Blog/Podcast

Network Break 21

IT Talent Shortage and Whiny CIOs, Podcasts Make Money, ACI vs NSX wobbles and Dell busts some moves at its conference.

by Packet Pushers Podcast at November 15, 2014 07:00 PM

Cisco IOS Hints and Tricks

Reinventing the wheel (or RFC 1925 sect 2.11)

Simon Wardley is another old-timer with low tolerance for people reinventing the broken wheels. I couldn’t resist sharing part of his blog post because it applies equally well to what we’re seeing in the SDN world:

No, I haven't read Gartner's recent research on this subject (I'm not a subscriber) and it seems weird to be reading "research" about stuff you've done in practice a decade ago (sounds familiar). Maybe they've found some magic juice? Experience however dictates that it'll be snake oil […]. I feel like the old car mechanic listening to the kid saying that his magic pill turns water into gas. I'm sure it doesn't ... maybe this time it will ... duh, suckered again.

Meanwhile the academics already talk about SDN 2.0.

by Ivan Pepelnjak ( at November 15, 2014 11:36 AM

November 14, 2014


Friday News Analysis: Arkin Net, Pica8, OpenDaylight, Plexxi, Juniper

Arkin Net Rises from Stealth with $7M in funding, to bring Google Search-like Simplicity to Software-Defined Datacenter Operations “Arkin Net is coming out of stealth mode with $7 million in funding, led by Nexus Venture Partners, to revolutionize the Software-Defined Networking (SDN) market – projected to be $8B by 2018. Arkin Net is […]

by Ethan Banks at November 14, 2014 02:44 PM

Packet Pushers Blog/Podcast

4 Inevitable Questions When Joining a Monitoring Group, Pt. 1

Leon Adato, Technical Product Marketing Manager with SolarWinds is our guest blogger today, with a sponsored post on the topic of alerting. The Four Questions For people who are interested in monitoring, there is a leap that you make when you go from watching systems that YOU care about, to monitoring systems that other people […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via

The post 4 Inevitable Questions When Joining a Monitoring Group, Pt. 1 appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

by Sponsored Blog Posts at November 14, 2014 02:00 PM

Cisco IOS Hints and Tricks

Viptela SEN: Hybrid WAN Connectivity with an SDN Twist

Like many of us Khalid Raza wasted countless hours sitting in meetings discussing hybrid WAN connectivity designs using a random combination of DMVPN, IPsec, PfR, and one or more routing protocols… and decided to try to create a better solution to the problem.

Viptela Secure Extensible Network (SEN) doesn’t try to solve every networking problem ever encountered, which is why it’s simpler to use in the use case it is designed to solve: multi-provider WAN connectivity.

Read more ...

by Ivan Pepelnjak ( at November 14, 2014 09:05 AM

XKCD Comics