Whitebox can be a risk in an enterprise network. But how much? Tom Hollingsworth was a guest on the Heavy Networking podcast to talk whitebox, disaggregration, and more. You can hear the full episode, Heavy Networking 542: Is Whitebox Too Risky For The Enterprise?, right here: https://packetpushers.net/podcast/heavy-networking-542-is-whitebox-too-risky-for-the-enterprise/   You can subscribe to the Packet Pushers’ […]

The post Does Whitebox Screw Enterprises? – Video appeared first on Packet Pushers.

When I was an intern at IBM twenty something years ago, my job was deploying new laptops to people. The job was easy enough. Transfer their few hundred megabytes of data to the new machine and ensure their email was all setup correctly. There was a checklist that needed to be followed in order to ensure that it was done correctly.

When I arrived for my internship, one of my friends was there finishing his. He was supposed to train me in how to do the job before he went back to school. He helped me through the first day of deploying laptops following the procedure. The next day he handed me a different sheet with some of the same information but in a different order. He said, “I realized we had too many reboots in the process and this way cuts about twenty minutes off the deployment time.” I’m all about saving time so I jumped at the chance.

Everything went smashingly for the next month or so. My friend was back at school and I used his modified procedure to be as productive as possible. One day, my mentor wanted to shadow my deployment day to see how I was doing things. I invited him along and we did the first one. I pulled out my deployment docs and made sure to follow the procedure so I got a good grade. When we were done, my mentor pulled me aside and said, “I noticed you went pretty fast and did some things out of order. Why?” I mentioned that my friend and I had modified the deployment procedure a bit to make it easier and faster. That’s when my mentor hit me with a phrase that I’ve spent a lot of my career deconstructing:

“But this is the way we’ve always done it.”

You Do What You’ve Always Done

Process isn’t a bad thing. It makes jobs easy to break down into steps to assess timelines as well as being able to make a job repeatable. There’s nothing worse than a process that only lives inside the head of one person. If you can’t replicate your job you can’t ever stop doing it. Sure, it may be hard to write things down sometimes but you have to have a way to capture that data.

However, process all needs to make sense. If the process for starting my computer involves pushing the buttons in a certain order, there should be a reason for it. If the process for starting my computer also includes extra steps, such as getting a cup of coffee or banging on the monitor twice, there needs to be a reason for those too. Maybe the employee really likes coffee? Or maybe the startup process for the computer takes long enough that you can get a cup of coffee by the time the login is complete and if you try to do it earlier you’re going to run into slowness or indexing issues.

Documenting the steps is important. You also have to document the reasons behind the steps. Why must we tackle the project in this specific order? If you are doing Task A and then Task B why can’t you do the second task first? If you have no good justification then you should be able to do them in any order. But if Task B requires something from Task A to be able to be completed you need to document that. Otherwise people are going to do them out of order and miss steps.

Going back to our IBM deployment guide, why did there need to be so many reboots in the original document. Well, some of them were necessary. We needed to change the machine name before we joined it to the domain. We needed to log in with the username locally to create the profile before we logged in with the domain account so everything was created properly (this was NT4 domain days). Now, the instructions had us rebooting after every change, which added 3-4 minutes to every step along the way. My friend and I knew we could cut that down and do multiple changes for each reboot as long as they didn’t depend on the others being done first. But the original process was the “way it had always been done” and we had to prove it was better this way.

You’ll Always Get What You’ve Always Got

It’s not enough to challenge the process for no reason. Maybe your way is better. Or faster. Or just easier. But you have to prove it. You have to be willing to examine the process and ensure that what you’re doing is objectively better. It’s like taking a shortcut to work. It may feel faster for you. However if it takes 2 minutes longer on your drive is it really worth it? Or are you doing it because you don’t like driving or walking the other way?

Back to IBM and the laptop deployments. In order to get the revised process approved, I had to prove it was faster and provided the same output. I had to go into the lab and deploy using the old method and capture all the settings and data. Then erase the machine and deploy using the new settings and repeat the data capture process again to make sure the results are the same. Once I could prove that the new process resulted in the same output, we could move on to the second step.

Step Two involved timing the deployment. Now, in order to make sure I wasn’t juicing the numbers in either direction, we had our oldest, slowest laptop deployer use the new instructions. He would regularly take over an hour to setup a new machine with the old directions. We handed him the new page and told him to use this instead. Same steps, just in a different order. He went through them all cold twice and managed to average around 45 minutes for his deployment. He even remarked that our process was better.

---

Tom’s Take

Once we had it proven that it was faster and easier to do the things the new way we updated the deployment procedures before the next group of interns arrived. I had left my mark on things and proven that “this is what we’ve always done” isn’t always the best justification for things. But you do have to justify why your way is better. Facts beat opinion every day of the week. And if you aren’t willing to do the work to prove why you can make things better, you’ll always be where you are right now.

In mid-September Ethan Banks invited me to chat about multi-cloud networking in the Day Two Cloud podcast. It was just a few weeks after Corey Quinn published a fantastic Multi-Cloud is the Worst Practice rant, which perfectly matched my observations, so I came well prepared ;)

Over the past few months I've had the opportunity at various network operator meetings to talk about BGP routing security. As usual, these presentations include an opportunity for questions from the audience. Here are a small collection of such questions and my efforts at trying to provide an answer.

SmartFabric Services from Dell Technologies is designed for VMware-based software-defined infrastructures through tight integration with vCenter. With fabric interconnects powered by SmartFabric Services, you can quickly and easily provision scale-out fabrics for compute, storage, and Hyperconverged Infrastructure solutions, and connect them back into the data center.

The post Dell Technologies’ SmartFabric Services: Using vCenter To Dynamically Build A Network Fabric appeared first on Packet Pushers.

As more workloads get placed in the cloud, many IT vendors are offering solutions to build connections among different public cloud providers. In this excerpt from the Day Two Cloud podcast, guest Ivan Pepelnjak discusses whether connectivity will be a significant problem in the near future. You can listen to the full episode, Day Two […]

The post In 2 Years, Will Anyone Care About Multi-Cloud Networking? – Video appeared first on Packet Pushers.

When I still cared about CCIE certification, I was always tripped up by the weird scenario with (A) mismatched ARP and MAC timeouts and (B) default gateway outside of the forwarding path. When done just right you could get persistent unicast flooding, and I’ve met someone who reported average unicast flooding reaching ~1 Gbps in his data center fabric.

One would hope that we wouldn’t experience similar problems in modern leaf-and-spine fabrics, but one of my readers managed to reproduce the problem within a single subnet in FabricPath with anycast gateway on spine switches when someone misconfigured a subnet mask in one of the servers.

Its a mistake to think whiteboards are the only tool you have.

If you’ve got workloads or resources in separate public clouds and you want to connect them, do you need special multi-cloud networking solutions to make it happen? Guest Ivan Pepelnjak has strong opinions on this subject, some of which he shares in this excerpt of the Day Two Cloud podcast. You can hear the full […]

The post Do You Need Multi-Cloud Networking? – Video appeared first on Packet Pushers.

When I published the Optimize Network Data Models series a long while ago, someone made an interesting comment along the lines of “You should use JSON Schema to validate the data model.”

It took me ages to gather the willpower to tame that particular beast, but I finally got there. In the next installment of the Data Models saga I described how you can use JSON Schema to validate Ansible inventory data and your own YAML- or JSON-based data structures.

To learn more about data validation, error handling, unit- and system testing, and CI/CD pipelines in network automation, join our automation course.

Ivan Pepelnjak drills into some of the networking complexity in public cloud networking services. This is an excerpt of a longer podcast, Day Two Cloud 070: The State Of Multi-Cloud Networking, which you can listen to by clicking this link: https://packetpushers.net/podcast/day-two-cloud-070-the-state-of-multi-cloud-networking/   You can subscribe to the Packet Pushers’ YouTube channel for more videos as […]

The post Do AWS Transit Gateway Or Azure Virtual WAN Matter? – Video appeared first on Packet Pushers.

If you can do everything in the cloud, why bother keeping equipment on premises? James Quigley tackles this question with Ethan Banks and Ned Bellavance in this excerpt of the podcast Day Two Cloud 069: The Life Of A Site Reliability Engineer (SRE) You can listen to the full episode right here: https://packetpushers.net/podcast/day-two-cloud-069-the-life-of-a-site-reliability-engineer-sre/   You […]

The post Why Physical Infrastructure Never Goes Away appeared first on Packet Pushers.

Is a whitebox solution, in which you get switch hardware separate from a network OS, a good choice for the enterprise? Do the benefits outweigh the risks? Tom Hollingsworth weighs in on this question in this excerpt from the podcast Heavy Networking 542: Is Whitebox Too Risky For The Enterprise? You can listen to the […]

The post Making The Case For Enterprise Whitebox – Video appeared first on Packet Pushers.

SREs, or Site Reliability Engineers, have to work with software and create and maintain tools. Does that make them software developers? SRE James Quigley offers his take on this question in a podcast conversation with Ethan Banks and Ned Bellavance in Day Two Cloud 069: The Life Of A Site Reliability Engineer (SRE). You can […]

The post Are Site Reliability Engineers Software Developers? – Video appeared first on Packet Pushers.

The Internet was not the first communications system constructed as compound service, where the end-to-end service was built using the services provided by many individual service providers. International telephony was constructed in a similar manner, and predating the telephone was the international postal service. In this article I’d like to look at the Universal Postal Union's track record of trying to construct a fair and efficient way to allow each service provider to be compensated for their part in the construction of the delivered end-to-end service. As with the Internet, it all comes down to the choice of the framework for settlement and peering between providers.

Darren O’Connor put together a BGP looking glass with web GUI. Nothing fancy so far… but he also offers REST API interface (because REST API sounds so much better than HTTP).

The REST API calls return text results, so you can use them straight in a Bash script. For example, here’s a simple script to print a bunch of details about your current IP address:

A few weeks ago we published an interesting discussion on network operating system details based on an excellent set of questions by James Miles.

Unfortunately we got so far into the weeds at that time that we answered only half of James' questions. In the second Q&A session Dinesh Dutt and myself addressed the rest of them including:

• How hard is it to virtualize network devices?
• What is the expected performance degradation?
• Does it make sense to use containers to do that?
• What are the operational implications of running virtual network devices?
• What will be the impact on hardware vendors and networking engineers?

And of course we couldn’t avoid the famous last question: “Should network engineers program network devices?”

You’ll need Standard or Expert ipSpace.net subscription to watch the videos.

My friend Marjan Bradeško wrote a great article describing how we tend to forget common sense and rely too much on technology. I would strongly recommend you read it and start thinking about the choices you make when building a network with magic software-intent-defined-intelligent technology from your preferred vendor.

In early 2018 I described how Hans Verkerk implemented zero-touch provisioning with Ansible. Recently he rewrote his scripts as a Python-only solution using Nornir. Enjoy!

If all of your programming languages and tools were going to be taken away except one, which would you keep? Ethan Banks and Ned Bellavance pose this question to SRE James Quigley in a recent episode of the Day Two Cloud podcast. You can listen to the full episode right here: Day Two Cloud 069: […]

The post If You Had To Chose One Programming Language… – Video appeared first on Packet Pushers.

Tom Hollingsworth was a guest on the Heavy Networking podcast to talk whitebox, disaggregration, and more. You can listen to the full episode here: Heavy Networking 542: Is Whitebox Too Risky For The Enterprise? Heavy Networking is part of the Packet Pushers network of technical podcasts, including Day Two Cloud, IPv6 Buzz, Full Stack Journey, […]

The post Do Switches Even Matter Anymore? – Video appeared first on Packet Pushers.

Have you been playing Among Us? If you haven’t, your kids definitely have. I found out about it a few weeks ago because my children suddenly became Batman-level detectives and knew how to ask the kinds of interview questions that would make the FBI proud. In short, the game is all about finding the imposters in your midst based on their behavior and voting them out of the group to win. Sometimes you get it right. Other times you get it wrong and vote out someone who was doing legitimate tasks. It’s all a matter of perception.

Now, let’s look at another situation where we see this kind of behavior in a different light. You probably guessed where this is going already. We’re going to talk about Imposter Syndrome in our non-gaming lives and how it affects us. We may even make reference to pop culture along the way.

Where You Need To Be

I was thinking about this because something I said a few years ago at Security Field Day 1 popped back up in my feed. I was giving a speech at the beginning of the first day to the delegates and I wanted them to know that I understood that they may feel like they didn’t deserve to be there. I wanted to reassure them that they were where they needed to be. So I said something along the lines of the following:

You are here in this position because you earned it and deserve to be here. It would be an insult to those above and around you to think otherwise. If you have doubt in yourself, trust in those around you that they know who is best for your role.

Thanks to Kori Younger for recalling that specific part of the speech. Imposter Syndrome is hard to overcome because we really do feel like everyone else around us knows what they’re doing and we’re the odd ones out. We feel like we don’t know how to proceed or what to do. And that feeling can be crippling at times.

The idea that we don’t know what we’re doing is really called “learning”. It’s something that we do all the time. We apply lessons and intuition to find new solutions to problems, even ones we don’t feel qualified to do. We feel more comfortable doing this in areas where we have more knowledge or feel more confident, but rest assured we apply it all over the place, especially when confronted with situations we don’t completely understand or feel comfortable working on.

Earlier this year I took a Wilderness First Aid course for an upcoming Scout high adventure trip. Now, I must admit that I’m a terrible doctor or medical professional. I don’t like the sight of blood and I tend to focus on things without having a big picture. WFA is all about what happens when you find yourself in the back country far away from a hospital and what to do to handle situations. After a while, the solutions all kind of started sounding the same. You need to assess, stabilize, and almost always evacuate when critical. Now, that whole process sounds fairly simple when boiled down. But considering the crazy amount of things they want us to know about, like Acute Altitude Sickness, Hypoglycemia, and even things like concussions that cause cerebrospinal fluid leakage, you can see how easy it is to quickly be overwhelmed. However, the training up to that point helps you understand what to do: assess, stabilize, and evacuate if needed.

Applying A Process

Training and baselines help us overcome imposter syndrome in real life. We do similar things in IT or in other lines of work. When we encounter something we don’t understand or we feel overwhelmed by, we repeat the same process.

• Assess – What is going on? Does this look like something I’ve seen before? The more it looks like a previous experience the more knowledge I can apply. Trust what you know. Being wrong because you applied an incorrect lesson is better than being wrong because you did nothing. Your experience will always serve you well. Trust those instincts.
• Stabilize – This is where we spend a lot of our time. How can I fix this problem? Or stop it from getting worse? How can I get back to point where things work well enough to be able to reassess or make a different decision? Stabilization is the work that goes on in a process. A problem that is 100% stable is fixed. A problem that is 25% stable is better than it was with room for improvement. We need to apply lessons and things from our experience here too. Seen OSPF fall over before? Let’s try some things to get the routing table stabilized. Seen someone slice open their finger with a pocket knife before? We know how to fix this so it won’t reopen.
• Evacuate – This one is a little more tricky. Sometimes we can’t fix something. Or we don’t know what’s wrong. So what do we do? Sit there wringing our hands? Scream at the sky? No, we get help. In WFA, evacuation is all about getting better help, whether it’s a first responder at base camp or a doctor in a hospital. In a professional setting, evacuation is more about finding the right help to get past an issue. Asking a mentor or senior person about the issue. Calling the support line. Asking someone on Twitter if they’ve ever seen this before. These are all great examples of evacuation from a situation. There’s no harm in asking for help. But there is harm in not asking for help when you need it.

Remember that everyone else around you is doing the same things you’re doing above when you find yourself in a situation you don’t completely understand. Some look more expert because they have better knowledge to relate to the problem. It doesn’t mean they’re smarter than you or better than you. It means they’re more adept at this problem for this time. Some people are more suited for things than others.

To quote Einstein, “Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will spend its whole life believing it’s stupid.” If we only judge people harshly by their ability to adapt to unknown situations with a minimum of information and then spend hours in post-mortem meetings laying out why they didn’t do everything right, we’re going to make them feel like imposters. Instead, let’s cut them some slack and remind ourselves that we probably couldn’t do as well as they did in the same situation. And if we could have done better than they did, this is a time to step up to the plate and mentor them to make them better. Apply your knowledge to theirs and they will succeed next time. Hoard your knowledge and you will forever believe that they are the imposter.

---

Tom’s Take

Among Us is all about finding imposters in our midst based on their behavior and what tasks they’re doing. Real life is all about proving we aren’t imposters by doing things and showing our worth. As much fun as the game might be trying to figure out who the imposter is, our reality should be spent more on encouraging people to feel better and mentor them through the process of believing in themselves and applying their knowledge to a problem to have a successful outcome. We should be focusing on making everyone better and more confident. There’s nothing suspect about that.

The designers of Cumulus Linux CLI were always focused on simplifying network device configurations. One of the first features along these lines was BGP across unnumbered interfaces, then they introduced simplified EVPN configurations, and recently auto-MLAG and auto-BGP.

You can watch a short description of these features by Dinesh Dutt and Pete Lumbis in Simplify Network Configuration with Cumulus Linux and Smart Datacenter Defaults videos (part of Cumulus Linux section of Data Center Fabrics webinar).

This guest blog post is by Trent Fierro, Senior Solutions Marketing Manager for AIOps at Aruba, a Hewlett Packard Enterprise company. We thank Aruba for being a sponsor. Over the last few months, I’ve spent a lot of time speaking with IT networking teams on how their roles have shifted due to COVID-19. There’s almost […]

The post Say Yes To AIOps For Wi-Fi, Switching, And WAN appeared first on Packet Pushers.

A common mistake about 5G is that is a single monolithic thing. In fact a 5G network is a diverse cluster of systems that interoperate to deliver 5G service. I want to share a simplified model of 5G network and use cases. I simplify 5G Use Cases to three categories: Human, Non-Human and False. Human/Smartphones […]

This blog post was initially sent to the subscribers of our SDN and Network Automation mailing list. Subscribe here.

Most automation projects are gradual improvements of existing manual processes, but every now and then the stars align and you get a perfect storm, like what Adrian Giacommetti encountered during one of his automation projects.

The customer had well-defined security policies implemented in Cisco ACI environment with tenants, endpoint groups, and contracts. They wanted to recreate those tenants in a public cloud, but it took way too long as the only migration tool they had was an engineer chasing GUI screens on both platforms.

<style type="text/css">.fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link) , .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):before, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):after {color: #f2b310;}.fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:before, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:after {color: #f2b310;}.fusion-fullwidth.fusion-builder-row-1 .pagination a.inactive:hover, .fusion-fullwidth.fusion-builder-row-1 .fusion-filters .fusion-filter.fusion-active a {border-color: #f2b310;}.fusion-fullwidth.fusion-builder-row-1 .pagination .current {border-color: #f2b310; background-color: #f2b310;}.fusion-fullwidth.fusion-builder-row-1 .fusion-filters .fusion-filter.fusion-active a, .fusion-fullwidth.fusion-builder-row-1 .fusion-date-and-formats .fusion-format-box, .fusion-fullwidth.fusion-builder-row-1 .fusion-popover, .fusion-fullwidth.fusion-builder-row-1 .tooltip-shortcode {color: #f2b310;}#main .fusion-fullwidth.fusion-builder-row-1 .post .blog-shortcode-post-title a:hover {color: #f2b310;}</style>

The post Inside the 2020 Ping of Death Vulnerability appeared first on Netragard.

The Apple iPhone 12 has 5G but its not for customers. Its because the mobile co’s wanted it. And they indirectly paid Apple for it. While its true that 5G increases bandwidth and reduces latency, it more important that it reduces infrastructure costs. Alert: This twitter thread is a trial of the “blog post as […]

The idea of redistributing the full Internet routing table (840.000 routes at this moment) into OSPF sound as ridiculous as it is, but when fat fingers strike it should be relatively easy to recover, right? Just disable redistribution (assuming you can still log into the offending device) and move on.

Wrong. As Dmytro Shypovalov explained in an extensive blog post, you might have to restart all routers in your OSPF domain to recover.

And that, my friends, is why OSPF is a single failure domain, and why you should never run OSPF between your data center fabric and servers or VM appliances.

Anyone using text files as a poor man’s database eventually stumbles upon the challenge left as a comment in Automating Cisco ACI Environments blog post:

The biggest challenge we face is variable preparation and peer review process before committing variables to Git. I’d be particularly interested on how you overcome this challenge?

We spent hours describing potential solutions in Validation, Error Handling and Unit Tests part of Building Network Automation Solutions online course, but if you never built a network automation solution using Ansible YAML files as source-of-truth the above sentence might sound a lot like Latin, so let’s make it today’s task to define the problem.

Why bother clicking ?

In last week’s update session we covered the new features AWS introduced since the creation of AWS Networking webinar in 2019:

• AWS Local Zones, Wavelengths, and Outposts
• VPC Sharing
• Bring Your Own Addresses
• IP Multicast support
• Managed Prefix Lists in security groups and route tables
• VPC Traffic Mirroring
• Web Application Firewall
• AWS Shield
• VPC Ingress Routing
• Inter-region VPC peering with Transit Gateways

The videos are already online; you need Standard or Expert ipSpace.net subscription to watch them.

I was telling you there’s no need to become a programmer over six years ago, but of course nobody ever listens to grumpy old engineers… which didn’t stop Ethan Banks from writing another excellent advice on the same theme: Don’t Become A Developer, But Use Their Tools.

We all knew it for a long time, now it’s finally official: IP fragmentation is broken, or as the ever-so-diplomatic IETF likes to call it, IP Fragmentation is Considered Fragile.

The pandemic has really done a number on most of our office environments. For some, we went from being in a corporate enterprise with desks and coffee makers to being at home with a slightly different desk and perhaps a slightly better coffee maker. However, one thing that didn’t improve was our home network.

For the most part, the home network has been operating on a scale radically different from those of the average corporate environment. Taking away the discrepancies in Internet speed for a moment you would have a hard time arguing that most home wireless gear is as good or better than the equivalent enterprise solution. Most of us end up buying our equipment from the local big box store and are likely shopping as much on price as we are on features. As long as it supports our phones, gaming consoles, and the streaming box we picked up we’re happy. We don’t need QoS or rogue detection.

However, we now live in a world where the enterprise is our home. We live at work as much as we work where we live. Extended hours means we typically work past 5:00 pm or start earlier than 8:00 or 9:00. It means that we’re usually sending emails into the night or picking up that project to crack a hard problem when we can’t sleep. Why is that important? Well, one of the arguments for having separate enterprise and home networks for years was the usage cycle.

To your typical manager type in an organization, work is work and home is home and n’er the twain shall meet, unless they need you to work late. Need someone to jump on a Zoom call during dinner to solve an issue? Want someone to upload a video before bed? Those are reasonable requests. Mind if my home wireless network also supports the kids watching Netflix or playing Call of Duty? That’s a step too far!

The problem with enterprise networking gear is that it is focused on supporting the enterprise role. And having that gear available to serve a consumer role, even when our consumer office is also our enterprise office, make management types break out in hives.

Technology Marches In Place

Okay, so we know that no one wants to shell out money for good gear. I don’t want to pay for it out of my pocket. The company doesn’t want to pay for something that might accidentally be used to do something fun. So where does that leave the people that make enterprise wireless access points?

I’ll admit I’m a horrible reference to my friends when they ask me what kind of stuff to buy. I tend to get way too deep into things like coverage pattens and device types when I start asking what they want their network to look like. The answer they’re usually looking for is easy, cheap, and simple. I get way too involved in figuring out their needs as if they were an enterprise customer. So I know that most people don’t need band steering or MIMO support in the house. But I still ask the questions as if it were a warehouse or campus building.

Which is why I’m really starting to question how the planned rollout of technologies like Wi-Fi 6E is going to happen in the current environment. I’ll buy that Wi-Fi 6, also known as 802.11ax, is going to happen as soon as it’s supported by a mainstream consumer device or three. But elevating to the 6 GHz range is an entirely different solution looking for a problem. Right now, the costs of 6 GHz radios combined with the operating environment are going to slow adoption of Wi-Fi 6E drastically.

Home Is Where the Wi-Fi Connects

How hostile is the wireless environment in your house? Aside from the odd microwave, probably not too bad. Some of the smart utility services may be operating on a separate network for things like smart electric meters or whole-home DVR setups. Odds are much better that you’re probably in a nice clean radio island. You don’t have to worry about neighboring businesses monopolizing the air space. You don’t have to contend with an old scanner that has to operate on 802.11g speeds in an entirely separate network to prevent everything from slowing down drastically.

If your home is running just fine on a combination of 2.4 GHz for older devices or IoT setups and 5 GHz for modern devices like phones and laptops, what is the advantage of upgrading to 6 GHz? Let’s toss out the hardware argument right now. If you’re running on 802.11ac (Wi-Fi 5) Wave 2 hardware, you’re not upgrading any time soon. Your APs are new enough to not need a refresh. If you’re on something older, like Wi-Fi 5 Wave 1 or even 802.11n (Wi-Fi 4), you are going to look at upgrading soon to get some new features or better speeds now that everyone in your house is online and gobbling up bandwidth. Let’s say that you’ve even persuaded the boss to shell out some cash to help with your upgrade. Which AP will you pick?

Will you pick the current technology that has all the features you need in Wi-Fi 6? Or will you pay more for an AP with a feature set that you can’t even use yet? It’s a silly question that will probably answer itself. You pay for what you can use and you don’t try and break the boss’s bank. That means the likelihood of Wi-Fi 6E adoption is going to go down quickly if the new remote office has no need of the technology.

Does it mean that Wi-Fi 6E is dead in the water? Not really. What it does mean is that Wi-Fi 6E needs to find a compelling use case to drive adoption. This is a lesson that needs to be learned from other protocols like IPv6. If you can’t convince people to move to the new thing, they’re going to stay on the old thing as long as they can because it’s cheaper and more familiar. So you need to create a new device that is 6 GHz only. Or make 6 GHz super fast for things like media transfers. Or maybe even require it for certain content types. That’s how you’re going to drive adoption everywhere. And if you don’t you’re likely going to be relegated to the same junk pile as WiMAX and ATM LANE.

---

Tom’s Take

Wi-Fi 6E is the great solution for a problem that is around the corner. It has lots of available bandwidth and spectrum and is relatively free from interference. It’s also free from the need to adopt it right away. As we’re trying to drive people toward Wi-Fi 6 11ax infrastructure, we’re not going to be able to make them jump to both at once without a killer app or corner case requirement. Wi-Fi 6E is always going to be more expensive because of hardware and R&D costs. And given the chance, people will always vote with their wallet provided their basic needs are met.

This podcast introduction was written by Nick Buraglio, the host of today’s podcast.

In the original days of this podcast, there were heavy, deep discussions about this new protocol called “OpenFlow”. Like many of our most creative innovations in the IT field, OpenFlow came from an academic research project that aimed to change the way that we as operators managed, configured, and even thought about networking fundamentals.

For the most part, this project did what it intended, but once the marketing machine realized the flexibility of the technology and its potential to completely change the way we think about vendors, networks, provisioning, and management of networking, they were off to the races.

We all know what happened next.

Got this question from one of my long-time readers:

I am looking for commercial SDN solutions that can be deployed on top of brownfield networks built with traditional technologies (VPC/MLAG, STP, HSRP) on lower-cost networking gear, where a single API call could create a network-wide VLAN, or apply that VLAN to a set of ports. Gluware is one product aimed at this market. Are there others?

The two other solutions that come to mind are Apstra AOS and Cisco NSO. However, you probably won’t find a simple solution that would do what you want to do without heavy customization as every network tends to be a unique snowflake. 

Before we start: if you’re new to my blog (or stumbled upon this blog post by incident) you might want to read the Considerations for Host-Based Firewalls for a brief overview of the challenge, and my explanation why flow-tracking tools cannot be used to auto-generate firewall policies.

As expected, the “you cannot do it” post on LinkedIn generated numerous comments, ranging from good ideas to borderline ridiculous attempts to fix a problem that has been proven to be unfixable (see also: perpetual motion).

<style type="text/css">.fusion-fullwidth.fusion-builder-row-2 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link) , .fusion-fullwidth.fusion-builder-row-2 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):before, .fusion-fullwidth.fusion-builder-row-2 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):after {color: #f2b310;}.fusion-fullwidth.fusion-builder-row-2 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover, .fusion-fullwidth.fusion-builder-row-2 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:before, .fusion-fullwidth.fusion-builder-row-2 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:after {color: #f2b310;}.fusion-fullwidth.fusion-builder-row-2 .pagination a.inactive:hover, .fusion-fullwidth.fusion-builder-row-2 .fusion-filters .fusion-filter.fusion-active a {border-color: #f2b310;}.fusion-fullwidth.fusion-builder-row-2 .pagination .current {border-color: #f2b310; background-color: #f2b310;}.fusion-fullwidth.fusion-builder-row-2 .fusion-filters .fusion-filter.fusion-active a, .fusion-fullwidth.fusion-builder-row-2 .fusion-date-and-formats .fusion-format-box, .fusion-fullwidth.fusion-builder-row-2 .fusion-popover, .fusion-fullwidth.fusion-builder-row-2 .tooltip-shortcode {color: #f2b310;}#main .fusion-fullwidth.fusion-builder-row-2 .post .blog-shortcode-post-title a:hover {color: #f2b310;}</style>

The post Inside Zerologon appeared first on Netragard.

One of my readers sent me this question (probably after stumbling upon a remark I made in the AWS Networking webinar):

You had mentioned that AWS is probably not using EVPN for their overlay control-plane because it doesn’t work for their scale. Can you elaborate please? I’m going through an EVPN PoC and curious to learn more.

It’s safe to assume AWS uses some sort of overlay virtual networking (like every other sane large-scale cloud provider). We don’t know any details; AWS never felt the need to use conferences as recruitment drives, and what little they told us at re:Invent described the system mostly from the customer perspective.