[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
|Nearly two years ago, we broke the story about the activation of the first submarine cable connecting Cuba to the global Internet – a cable that, prior to its activation in January 2013, mysteriously lay dormant on the ocean floor for nearly two years. When the Cuban government issued a confirmation in the days following our report, it contained the following statement:|
|When the testing process concludes, the submarine cable being put into operation will not mean that possibilities for access will automatically multiply.|
In other words, Cubans should not expect greater access to the Internet just because the ALBA-1 submarine cable was now in operation. Yesterday’s historic agreement to begin normalizing relations between Cuba and the United States contains a pledge by the Cuban government to “greatly expand its citizens’ access to the Internet.” What exactly this pledge entails will determine how the Internet evolves in Cuba in the near term. Decision makers in Cuba should look at another country that recently opened up its telecom sector and is presently experiencing an explosion in Internet growth: Myanmar.
The isolation of Cuba is plainly evident when looking at a map of the submarine cables in the Caribbean. While numerous cables crisscross the Caribbean, they all avoid landing on Cuba. That is, all except for ALBA-1 submarine cable, built by Alcatel Submarine Networks and financed by the Venezuelan government.
How much can the lack of Internet development in Cuba be attributed to the US trade embargo? Recall that in 2009, the Obama administration lifted the ban on US companies providing telecommunications services in Cuba as well as cleared the way towards the installation of a new submarine cable to connect Cuba to the US. However, this measure changed very little and no cable has been built to the US.
As part of this week’s announced plans to normalize relations with Cuba, the United States has lifted the ban on exporting telecommunications equipment to Cuba. How much this restriction accounted for the present lack of Internet development in Cuba isn’t clear. Even without access to US vendors, Cuba could acquire equipment from vendors from other nations. For example, they could have been upgrading their infrastructure with Chinese gear, but they weren’t doing that. Perhaps due to the fact that under sanctions, Cuba had very little foreign reserves with which to purchase expensive foreign imports like oil, cars, or networking equipment, and nobody was volunteering to subsidize their infrastructure.
It is really Cuba’s pledge to provide greater access to the Internet to its citizens that could be the most transformative development with respect to the Internet in Cuba.
Internet in Cuba
The following graphic depicts the current layout of the Cuban Internet as represented in Internet routing (BGP). US Department of Defense Autonomous Systems (ASNs) along the bottom represent Internet service to the Guantanamo Bay Naval Base. Otherwise, all Internet access goes through the Cuban state telecom ETECSA (AS11960). ETECSA has four international providers connecting it to the outside world. Telefonica and Tata provide service over the ALBA-1 submarine cable and Intelsat and NewCom are satellite providers.
In the transit shift plot below, we can observe how ETECSA has distributed traffic to its providers over the past two years. The entrance of Telefonica in January of last year (dark grey) coincided with the activation of ALBA-1. The brief period of service from Cable & Wireless Jamaica (yellow) corresponded to the activation of ALBA-1’s branch to Jamaica, intended for backup purposes.
From a purely technical standpoint, the activation of the ALBA-1 cable was a dramatic improvement for ETECSA’s connectivity to the outside world. Submarine cable fiber optics offer far greater amounts of bandwidth with much lower latencies than the bulk satellite service that they had been reliant on for years. From a performance standpoint, it was a tremendous improvement. However, now the challenge for the Cuban government is to extend that connectivity from Siboney Beach to the Cuban people. Below is a screenshot from Dyn Internet Intelligence showing latencies to Havana, Cuba from cities around the world.
Almost all of Cuba’s international Internet traffic has been passing through the United States for as long the Internet has existed in Cuba. For example, the satellite ground stations for the satellite service they currently use are on the East Coast of the United States. (Note: Tata service to Cuba was formerly via satellite and used a ground station in Canada. Of course, Canada also primarily connects to the outside world through the US) The Telefonica and Tata service across the ALBA-1 cable eventually eventually makes its way to Miami to reach the global Internet. For technical reasons and not necessarily political, it is very hard to avoid the gravitational pull of the United States when routing international Internet traffic in the western hemisphere.
The networks for Guantanamo Bay Naval Base presently go over satellite, but last year the DoD announced that it would run its own submarine cable from Florida to Guantanamo Bay to offer better Internet service for the military installation. According to a DoD official testifying at a war crimes tribunal, “it’s going to be for the entire island in anticipation that one day they’ll be able to extend it into mainland Cuba.” So perhaps the second submarine cable to serve the nation of Cuba might come via the Gitmo detention center.
Myanmar as a model for Cuba
If the Cuban government is truly committed to opening up greater access to the Internet for the Cuban people, its decision makers should carefully review the case study of Myanmar over the past three years. Like Cuba, Myanmar was considered one the last green fields of telecom – countries with virtually no telecommunications infrastructure. But just as the transformative growth did not come from Myanmar’s state telecom MPT, ETECSA is unlikely to be leading the way in Cuba. This isn’t a knock on ETECSA, it’s just that legacy fixed-line incumbents are not equipped or manned for the task of rapid deployment of mobile infrastructure. Cuba needs outside help, but to do so Cuba would need to adopt a capitalist mentality.
Presently, Myanmar is experiencing an unparalleled explosion in the growth of Internet access due to the entrance of two private foreign mobile operators that won licenses in a competitive bidding process in 2013. See the AFP piece about what is happening in Myanmar in the clip below:
Despite being one of the poorest countries in Asia, 15-year licenses went for $500 million dollars and the winners had to pledge to build out infrastructure to cover 90% percent of the population in a country of 60 million people spread across the jungles of southeast Asia.
Why did entering Myanmar seem so attractive that over a dozen international mobile operators competed for these licenses? It likely had to do with the fact that Myanmar dispensed with the typical protectionist requirements that can stifle interest such as requiring domestic partners or putting caps on foreign ownership. Outside companies felt like they could come in and operate without being loaded down with requirements that might decrease their profit potential. The result is a rapid growth of Internet access that is having profound impacts on life in Myanmar from empowering women to connecting up libraries. For an example closer to home, Cuba might consider the example of Mexico, where President Peña Nieto’s telecom reforms have eliminated caps on foreign ownership in a bid to increase competition and reduce prices.
In the past two years, there have been some modest steps towards greater access to the Internet in Cuba. These have included the activation of the ALBA-1 submarine cable, opening of Internet access points, and the introduction of mobile Internet service. However, access to the Internet is still limited for a variety of reasons including price of service and outdated technology.
Cuba’s pledge to increase Internet access for their citizens is a very hopeful sign and appears to be a departure from its warning last year that the activation of ALBA-1 “will not mean that possibilities for access will automatically multiply.” We will have to wait and see what precisely this pledge entails to really understand its implications for the future. However, there is reason to believe that impressive growth being experienced currently in Myanmar could be replicated in Cuba – but it would require a capitalist approach for one of the world’s last remaining communist countries. In Cuba, such a mind shift would be … revolutionary.
After discussing the basics of MPLS, MPLS-TE and LDP, and the relationship between FECs, LDP and BGP, Seamus and myself focused on another interesting topic: how MPLS protocol stack uses RSVP to implement traffic engineering.
(yes, I know, it’s been a while… But it’s time to get back to this series) Up to this point in this series, we’ve been discussing the more technical aspects of how the Internet really works. Now I want to shift gears a little, and talk about some of the more political aspects — standards […]
It is common to allocate /24 or /22 subnets to a single VLAN but William writes to ask why and whether is related to broadcasts. What is the best subnet size for VLAN allocation and why ? The answer isn't what you think.
One of the networking engineers using my ExpertExpress to validate their network design had an interesting problem: he was building a multi-tenant VLAN-based private cloud architecture with each tenant having multiple subnets, and wanted to route within the tenant network as close to the VMs as possible (in the ToR switch).
He was using Nexus 5600 as the ToR switch, and although there’s conflicting information on the number of VRFs supported by that switch (verified topology: 25 VRFs, verified maximum: 1000 VRFs, configuration guide: 64 VRFs), he thought 25 VRFs (tenant routing domains) might be enough.Read more ...
Foundation Lab 2 has now been added to the CCIE RSv5 Workbook. This lab is great for working on your configuration speed and accuracy when combining multiple technologies together. It also has a great redistribution section that I hope you’ll all enjoy More Full Scale, Troubleshooting, and Foundation labs are in progress and will be posted soon. I’ll post another update about them when they are available.
In addition to this we’ve added some feature enhancements to the workbook in response to customer requests and feedback. First, there is a new Table of Contents for the workbook that allows you to view all tasks, and to check off tasks that you’ve already completed. This will help you track your progress as you’re going through the workbook.
You can additionally check off the progress of a task in the upper right hand portion of the individual lab page.
Multiple bookmarks are now supported, and will be added to a section under the Table of Contents. When you open the workbook it will now also prompt you to load your latest bookmark.
Lastly, configuration solutions are now hidden by default when you open a lab. This will help prevent “spoilers” in the config before you’ve had a chance to attempt the lab. To see the solution configs, click the Expand button as seen below.
If you want to hide the configuration solution again you can click to collapse.
We’re always looking for additional ways to improve our products, so if you have any suggestions you can submit feedback through the workbook labs themselves, post on our Online Community, or feel free to send me an email directly at firstname.lastname@example.org.
Howard Marks from Deep Storage and long-term curmudgeon sent Ethan & I the following email: As I continue to tilt at the VMware windmill I’m facing fanbois telling me that all you have to do is plug the EVO:RAIL in and turn it on. This of course leaves out the fact that the little sucker still […]
The edited videos for Scaling Overlay Virtual Networking webinar are available on ipSpace.net Content site. Nuage Networks sponsored the webinar; the videos are thus publicly available (without registration).
Gallons of virtual ink have been committed to virtual paper in the last few days with regards to Cisco’s lawsuit against Arista Networks. Some of it is speculating on the posturing by both companies. Other writers talk about the old market vs. the new market. Still others look at SDN as a driver.
I didn’t just want to talk about the lawsuit. Given that Arista has marketed EOS as a “better IOS than IOS” for a while now, I figured Cisco finally decided to bite back. They are fiercely protective of IOS and they have to be because of the way the trademark laws in the US work. If you don’t go after people that infringe you lose your standing to do so and invite others to do it as well. Is Cisco’s timing suspect? One does have to wonder. Is this about knocking out a competitor? It’s tough to say. But one thing is sure to me. Cisco has effectively killed the command line interface (CLI).
EOS is certainly IOS-like. While it does introduce some unique features (see the NFD3 video here), the command syntax is very much IOS. That is purposeful. There are two broad categories of CLIs in the market:
What’s funny is that the IOS-like interfaces have always been marketed as such. Sure, there’s the famous “industry standard” CLI comment, followed by a wink and a nudge. Everyone knows what OS is being discussed. It is a plus point for both sides.
The non-Cisco vendors can sell to networking teams by saying that their CLI won’t change. Everything will be just as easy to configure with just a few minor syntax changes. Almost like speaking a different dialect of a language. Cisco gains because more and more engineers become familiar with the IOS syntax. Down the line, those engineers may choose to buy Cisco based on familiarity with the product.
If you don’t believe that being IOS-like is a strong selling point, take a look PIX and Airespace. The old PIX OS was transformed into something that looked a lot more like traditional IOS. In ASA 8.2 they even changed the NAT code to look like IOS. With Airespace it took a little longer to transform the alien CLI into something IOS-like. They even lost functionality in doing so, simply to give networking teams an interface that is more friendly to them. Cisco wants all their devices to run a CLI that is IOS-like. Junos fans are probably snickering right now.
In calling out Arista for infringing on the “generic command line interface” in patent #7,047,526, Cisco has effectively said that they will start going after companies that copy the IOS interface too well. This leaves companies in a bit of conundrum. How can you continue to produce an OS with an “industry standard” CLI and hope that you don’t become popular enough to get noticed by Cisco? Granted, it seems that all network switching vendors are #2 in the market somehow. But at what point does being a big enough #2 get the legal hammer brought to bear? Do you have to be snarky in marketing messages? Attack the 800-pound gorilla enough that you anger them? Or do you just have to have a wildly successful quarter?
Laid To REST
Instead, what will happen is a tough choice. Either continue to produce the same CLI year and year and hope that you don’t get noticed or overhaul the whole system. Those that choose not to play Russian Roulette with the legal system have a further choice to make. Should we create a new, non-infringing CLI from the ground up? Or scrap the whole idea of a CLI moving forward? Both of those second choices are going to involve a lot of pain and effort. One of them has a future.
Rewriting the CLI is a dead-end road. By the time you’ve finished your Herculean task you’ll find the market has moved on to bigger and better things. The SDN revolution is about making complex networks easier to program and manage. Is that going to be accomplished via yet another syntax? Or will it happen because of REST APIs and programing interfaces? Given an equal amount of time and effort on both sides, the smart networking company will focus their efforts on scrapping the CLI and building programmability into their devices. Sure, the 1.0 release is going to sting a little. It’s going to require a controller and some rough interface conventions. But building the seeds of a programmable system now means it will be growing while other CLIs are withering on the vine.
It won’t be easy. It won’t be fun. And it’s a risk to alienate your existing customer base. But if your options are to get sued or spend all your effort on a project that will eventually go the way of the dodo your options don’t look all that appealing anyway. If you’re going to have to go through the upheaval of rewriting something from the ground up, why not choose to do it with an eye to the future?
Cisco and Arista won’t be finished for a while. There will probably be a settlement or a licensing agreement or some kind of capitulation on both sides in a few years time. But by that point, the fallout from the legal action will have finally finished off the CLI for good. There’s no sense in gambling that you won’t be the next target of a process server. The solution will involve innovative thinking, blood, sweat, and tears on the part of your entire development team. But in the end you’ll have a modern system that works with the new wave of the network. If nothing else, you can stop relying on the “industry standard” ploy when selling your interface and start telling your customers that you are setting the new standard.
I promise engineers who renew their subscription 4-6 new webinars a year. It’s time to see whether I kept that promise in 2014.
TL&DR summary: it was a great year, but I still missed a few things.Read more ...
In my last post on the subject of BGPSEC, I explained the basic operation of the modifications to BGP itself. In this post, I’ll begin looking at some of the properties — both good and bad — of these extensions to BGP. To being, we’ll look at the simple network illustrated here, and see what […]
<soapenv:envelope xmlns:ns="http://www.cisco.com/AXL/API/8.5" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<sql>Select name from device where tkclass = 1</sql>
curl -k -u Administrator -H "Content-type: text/xml;" -H "SOAPAction: CUCM:DB ver=8.5" -d @request.xml https://[CCM-IP-ADDRESS]:8443/axl/
Highly customizable high-speed virtual switch written in Lua sounds great, but is it really that easy to use? Simon Leinen was kind enough to get me in touch with Alex Gall, his colleague at Switch, who's working on an interesting project: implementing L2VPN over IPv6 with Snabb Switch.Read more ...
In just over a year, your FIPS 140-2 cryptographic module may lose its certification
Facebook published their next-generation data center architecture a few weeks ago, resulting in the expected “revolutionary approach to data center fabrics” echoes from the industry press and blogosphere.
In reality, they did a great engineering job using an interesting twist on pretty traditional multi-stage leaf-and-spine (or folded Clos) architecture.Read more ...
Leon Adato, Technical Product Marketing Manager with SolarWinds is our guest blogger today, with a sponsored post — the third in a four-part series on the topic of alerting. In the last two posts in this series, I described two of the four (ok, really five) questions that monitoring professionals are frequently asked: Why did […]
The post 4 Inevitable Questions When Joining a Monitoring Group, Pt.3 appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.
Obviously the page you're referring to is a quick-and-dirty benchmark. If you wanted the optimal numbers, you would have to tune quite a few parameters just like for hardware benchmarks (sysctl kernel parameters, Jumbo frames, ...).
While he’s absolutely right, this is not the performance data a typical user should be looking for.Read more ...
It’s Microsoft Patch Tuesday! In the December edition there are 7 updates; three are marked "Critical" and four are rated "Important". A total of 25 vulnerabilities were fixed over 7 bulletins this month. One of the Critical update MS14-080 is an all version Internet Explorer (IE 6 to 11) patch. This single update resolves 14 CVE's (Common Vulnerability and Exposure).
Resource Public Key Infrastructure (RPKI) is a relatively new standard for establishing BGP route origination. I wrote a brief introductory article here. Apologies for the self-promotion, but rather than rehash the basics here, I raise another issue that needs community attention: ARIN’s Relying Party Agreement (RPA: PDF link). Having said that, some basics are needed. […]
Areas of specialization include the University's wide area connections,
including a 150 kilometer DWDM ring, designing a multicampus routing
policy, and business continuity planning for two online datacenters.
Andrew started during the internet upswing of the mid to late 90s
installing and terminating fiber. As his career progressed, he has had
experience with technologies from FDDI to ATM, and all speeds of Ethernet,
including a recent deployment of several metro area 100Gbps circuits.
Focusing not only on data networks, Andrew has experience in traditional
TDM voice, VoIP, and real-time, unified collaboration technologies.
Areas of interest include optical transport, network virtualization and
software defined networking, and network science and graph theory.
Whitebox switching has moved past the realm of original device manufacturers and has been taken up by traditional networking vendors. Andre Kindness (@AndreKindness) of Forrester recently posted that he fields several calls from his customers every day asking about a particular vendor’s approach to whitebox switching. But what do these vendor offerings look like? And can we predict how a given vendor will address the whitebox market?
Chocolate In My Peanut Butter
Dell was one of the first traditional networking vendors to announce a whitebox switch offering that decoupled the operating system from the switching hardware. Dell offered packages from Cumulus Linux and Big Switch Networks alongside their PowerConnect lineup. This makes sense when you consider that the operating system on the switch has never been the strong suit of Dell. The PowerConnect OS is not very popular with network engineers, being very dissimilar from more popular CLIs such as Cisco IOS and its look-alikes. Their attempts to capitalize on the popularity of Force Ten OS (FTOS) and adapt it or use on PowerConnect switches has been difficult at best, due to the divide been hardware architecture of the two platforms.
What Dell is very good at is offering hardware at a greatly reduced cost. By utilizing this strength, they can enter the whitebox market successfully by partnering with OS vendors to provide customer options. This also gives them time to adapt FTOS to more switches and attempt to drive acquisition posts down once the port of FTOS to PowerConnect is complete.
Peanut Butter In My Chocolate
What happens when a vendor sees software as their strength? You get an announcement like the one last week from Juniper Networks. Juniper has put a significant amount of time and effort into Junos. The FreeBSD base of the system gives it the adaptability that Cumulus enjoys. Since Juniper sees Junos as a huge advantage, their oath to whitebox switching was to offer hardware that reduces the acquisition cost. Porting Junos to run on the OCP-based OCX1100 allows Juniper to use silicon that is more in line with merchant offering price points. The value to the customer comes from existing experience with Junos allowing for reduced learning time on the new platform.
So how will the rest of the market adopt whitebox switching offerings? HP will likely go the same route as Dell, as their software picture is murky with products split evenly between HP Procurve OS and 3Com/H3C Comware. HP has existing silicon manufacturing facilities that allow for economy of scale to reduce acquisition costs to the customer. Conversely, Brocade will likely leverage existing Vyatta development and investment in projects like OpenDaylight to standardize their whitebox offerings on software while offering OCP-style hardware platforms.
The 800-pound Whitebox Gorilla
And what of Cisco? Cisco had invested significant time and effort into both hardware and software. IOS is being renovated with API access and being ported into containers to broaden the platforms on which it can operate. The Cisco investment in custom silicon development is significant as well, with only the Nexus 3000 and 9000 series using merchant offerings from Broadcom. Their eventual whitebox offering could take any form.
Cisco feels very strongly about keeping IOS and its variants exclusive to Cisco hardware. Given that they sued Arista Networks late last week for patent infringement in EOS, it should be apparent how strongly they feel about IOS. That will be the impetus that pushes them to offering some limited custom silicon that is capable of running third-party operating systems. This allows Cisco to partner closely with one of those developers to ensure peak performance and tight integrations with whatever hardware Cisco includes. They would likely offer this platform with a bundle of SmartNET support services, recouping the costs of producing the switch with some very high margin services.
The possibility of porting IOS to an OCP-like reference platform is remote at best. A whitebox IOS offering would still carry a high price tag to reflect Cisco R&D and would be priced too high above what customers would be willing to pay for total acquisition cost. It would also open the door for someone to “port” that version of IOS to run on platforms that it shouldn’t be running on. At the very least, it will expose Cisco in the market as having too high a price tag on their intellectual property in IOS and give competitors like Juniper and Big Switch ammunition to fight back.
When evaluating vendor whitebox offerings, be sure your assessment of the strengths matches theirs. Wide adoption of a given strategy will solidify that approach in the future. Be sure to give feedback to your local account teams and tell them the critical features you need to be supported. That will ensure the vendor has you in mind when the time comes to produce a whitebox offering. And remember that you always have the option of going your own way. Nothing says that you have to buy a solution with bundled services from traditional networking vendors. If you’re willing to fly without a safety net for a while, you can find some great deals on ODM switches and OSes to run on them.
If you want to get a free copy of my Overlay Virtual Networks in Software-Defined Data Centers book, download it now. The offer will expire by December 15th.
If the rest of the blog post feels like Latin, you SHOULD watch the Load Balancing and Scale-Out Application Architecture webinar.
The beginning of the story resembles traditional enterprise solutions:Read more ...