January 23, 2017

ipSpace.net Blog (Ivan Pepelnjak)

Never Take Two Chronometers to Sea

One of the quotes I found in the Mythical Man-Month came from the pre-GPS days: “never go to sea with two chronometers, take one or three”, and it’s amazing the networking industry (and a few others) never got the message.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at January 23, 2017 07:24 AM

January 22, 2017

ipSpace.net Blog (Ivan Pepelnjak)

Linux CLI for Networking Engineers

One would think that we're the only ones struggling with Linux CLI (read: bash). Seems like cyber security professionals might be in the same boat according to the nice summary of dozens of Linux/bash commands collected by Robert Graham.

by Ivan Pepelnjak (noreply@blogger.com) at January 22, 2017 03:44 PM

January 21, 2017

Honest Networker
Ethan Banks on Technology

Reading Tech Books Via The All-At-Once Method

I was recently asked by a friend to read and review a book his publisher had just released. This was a technical book on a topic I was keenly interested in, so I was happy to oblige.

I tackled the book in the way that I normally tackle technical books — a chapter a day, or maybe two chapters in a day. Technical books aren’t recreational fiction for me. I want to grasp the contents of technical books to best make use of the information. This often leads to slow reading. I mull over paragraphs and digest.

This time, I broke that habit. I wanted to get this book done quickly. I wanted the information immediately. I didn’t want to take a few weeks to get through it. Thus, I tried reading the book all at once.

Surprisingly, this worked out well. I ended up getting through the book in four sittings, which perhaps doesn’t sound like “all at once.” Bear with me. The first sitting was a single chapter. The second sitting was a single chapter. Then came the holidays and a complete disruption to my workflow. And then came the epiphany as I stared at the book post-holidays. It stared back at me.

Not this time. Not this book. No. This is happening. I’m reading this book right now. ALL OF IT.

The third sitting took me through several chapters. On the following day, the fourth sitting allowed me to complete the book.

I got as much if not more out of the book as I would have gotten spreading the book out over weeks. There was a distinct advantage in maintaining mental continuity across the chapters. Concepts I had read just a few hours or a day before were brought more readily to mind. I did much less flipping back to reference earlier sections of the book. The flow was more linear than my normal technical book consumption process has been.

What about my inbox, social media, other projects, and all the rest? Didn’t I pay some horrible penalty for mostly ignoring them for two days? Not really. I saved an hour at the end of the day as my mind was fatiguing for messaging tasks. And my other projects were, for the most part, okay to be ignored for a little while.

The payoff was enormous. The book is read and understood. While I don’t know the contents of the book at the “I could pass a detailed exam” level, I know enough to be literate on the content and perform related lab work. I also know what I don’t know, which goes a long way towards removing the shroud of mystery obscuring unexplored technology.

Consuming the book all at once was definitely worthwhile and oddly addictive. Despite having read a technical book in this manner only once, I find myself eyeing other tech tomes with the intent of additional “all at once” sessions soon.

by Ethan Banks at January 21, 2017 04:30 PM

January 20, 2017

Network Design and Architecture

Should I use Cisco OTV for the Datacenter Interconnect ?

Should I use Cisco OTV for the Datacenter Interconnect? This question comes from not only from my students but also the companies which I provide consultancy. I will not go through the OTV details, how it works, design recommendations etc. But let me remind you what is OTV and why OTV is used , Where […]

The post Should I use Cisco OTV for the Datacenter Interconnect ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at January 20, 2017 02:12 PM

ipSpace.net Blog (Ivan Pepelnjak)

Multi-Host Container Networking

Running Linux containers on a single host is relatively easy. Building private multi-tenant networks across multiple hosts immediately creates the usual networking mess.

Fortunately the Socketplane team did a pretty good job; for more details watch the video from Docker Networking Fundamentals webinar or listen to the podcast I did with them a year ago.

by Ivan Pepelnjak (noreply@blogger.com) at January 20, 2017 11:31 AM

XKCD Comics

January 19, 2017

My Etherealmind

Avaya Inc. Files for Chapter 11 Protection

Not much of a surprise, the Avaya business has been doing OK but the company has a large about of debt that is dragging it down. Chapter 11 likely to allow restructuring of debt and plan a path forward.

Its possible that the business could be broken up or pieces sold off to pay down debt but the lack of buyers for Brocade (either whole or in part) suggests that is unlikely for networking. Other parts of Avaya might be sold off

Link: Avaya Inc. Files for Chapter 11 Protection – http://www.avaya.com/en/about-avaya/newsroom/news-releases/2017/pr-us-170119a/

Customer FAQ: http://www.avaya.com/en/documents/filing-faqs.pdf has more info:

As a result of the terms of Avaya’s debt obligations and the upcoming debt maturities, we need to recapitalize the Company and believe the restructuring process is the best path forward at this time. Our businesses are healthy and performing well, and we are executing at a high level.

Seems likely.

The post Avaya Inc. Files for Chapter 11 Protection appeared first on EtherealMind.

by Greg Ferro at January 19, 2017 08:38 PM

The Networking Nerd

Two Takes On ASIC Design

Making ASICs is a tough task. We learned this last year at Cisco Live Berlin from this conversation with Dave Zacks:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/155635184" title="Cisco Enterprise ASICs Discussion with Dave Zacks" webkitallowfullscreen="webkitallowfullscreen" width="584"></iframe>

Cisco spent 6 years building the UADP ASIC that powers their next generation switches. They solved a lot of the issues with ASIC design and re-spins by creating some programmability in the development process.

Now, watch this video from Nick McKeown at Barefoot Networks:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/200192012" title="Why Does the Internet Need a Programmable Forwarding Plane with Nick McKeown" webkitallowfullscreen="webkitallowfullscreen" width="584"></iframe>

Nick says many of the same things that Dave said in his video. But Nick and Barefoot took a totally different approach from Cisco. Instead of creating programmable elements in the ASIC design, then abstracted the entire language of function definition from the ASIC. By using P4 as the high level language and making the system compile the instruction sets down to run in the ASIC, they reduced the complexity, increased the speed, and managed to make the system flexible and capable of implementing new technologies even after the ASIC design is set in stone.

Oh, and they managed to do it in 3 years.

Sometimes, you have to think outside the box in order to come up with some new ideas. Even if that means you have to pull everything out of the box. By abstracting the language from the ASIC, Barefoot not only managed to find a way to increase performance but also to add feature sets to the switch quickly without huge engineering costs.

Some food for thought.

by networkingnerd at January 19, 2017 08:11 PM

Bridging the gap between CCIE RS and SP

TCP Acceleration


TCP Acceleration

The TCP Acceleration Performance Enhancing Proxy (PEP) is an optional feature that can be enabled on the Wan Accelerator to significantly enhance performance when sending TCP traffic over suboptimal network conditions or to improve TCP performance of slow TCP stack implementations.

Note: The PEP TCP Accelerator is currently in closed beta phase. Please email info at wanos.co to participate in the beta.

Limitations of Standard TCP

Most applications such as Email, HTTP, FTP and TCP based SSL VPN, use TCP. Standard TCP congestion control estimates the safe transmission rate in the network and has throughput fall-back mechanisms in case of suspected congestion. TCP performance can be limited by the host TCP stack implementation, processing speeds of routers, bandwidth available in intermediate links, packet loss, round trip delay, changes in round trip delay and other factors.

Standard TCP also has two major drawbacks for the long delay environment:
• Long delays in the network leads to suboptimal window size calculations.
• TCP Slow start mechanism avoids burst on low latency links and doubles throughput every round trip time, which leads to slow TCP throughput over long delay links.

Overview of the TCP Accelerator

The TCP Accelerator is a full transparent performance enhancing proxy that can be enabled to transparently optimize TCP sessions on the fly. The TCP accelerator utilizes the following mechanisms to improve TCP Performance:

HighSpeed TCP – Optimize TCP performance with HighSpeed TCP for high-speed high-delay networks.

Window Scaling – The TCP Window Scale option is used to set the optimal window sizes in order to avoid the throughput limitation of a suboptimal TCP window size.

Selective Acknowledgement – When packets are lost and unrecoverable through the packet loss recovery feature, the sender is notified to only retransmit the missing packets.

Local Congestion and Flow Control – TCP Accelerator splits an end-to-end TCP connection transparently and operates each link separately. As the bandwidth will typically be different between the sections, the TCP Accelerator use different HighSpeed TCP congestion and flow control metrics for each.

Local Acknowledgements – The TCP session acknowledgements are sent locally between the proxy and server, as well as the proxy and client to avoid idle time waiting for acknowledgements.


The result of these features working together is faster file transfers for TCP-based applications. Where TCP throughput is suboptimal due to the limitations of standard TCP or network conditions, TCP speed improvements with the TCP Accelerator enhancements are expected to range from 2-10X. The speed improvement depends on the severity of conditions that hinder performance. Total speed improvement is also dependent on the optimization ratio of other acceleration features like Stream Compression, Deduplication and Packet Loss Recovery.
The following diagram shows the TCP Accelerator deployment.

TCP Acceleration

TCP Acceleration

Note: Some conditions exist where the TCP Accelerator will not enhance performance:
• Non-TCP based protocols e.g. UDP based video streaming or audio streaming
• TCP Acceleration can be diminished in optimal network conditions e.g. high speed low latency environments.

The post TCP Acceleration appeared first on Free WAN Optimization Software.

by Wanop at January 19, 2017 07:31 PM

My Etherealmind

Dictionary: Despondent

Despondent: a deep dejection arising from the conviction of the uselessness of further effort.

A perfect word of current state of Enterprise IT.

Definition of despondent : feeling or showing extreme discouragement, dejection, or depression

despondent : in low spirits from loss of hope or courage

The post Dictionary: Despondent appeared first on EtherealMind.

by Greg Ferro at January 19, 2017 03:15 PM

ipSpace.net Blog (Ivan Pepelnjak)

OSPF Forwarding Address: Yet another Kludge

One of my readers sent me an interesting NSSA question (more in a future blog post) that sent me chasing for the reasons behind the OSPF Forwarding Address (FA) field in type-5 and type-7 LSAs.

This is the typical scenario for OSPF FA I was able to find on the Internet:

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at January 19, 2017 08:06 AM

Inevitable (Himawan's blog)

2016 Year in Review

Every beginning of the year I usually review what I have done the past one year, make notes, and build the plan for the upcoming year. I made many mistakes in the past, did things I’m not proud of, however I use them as opportunity to learn and try to be better next time.

Early 2016 I found that my startup company was competing directly against Cisco (that was still my employer at that time). That was quite surprising. I founded that company in 2012 initially as my pet project, the lab for my MBA, where I can practice whatever I learned from the business school. My pitch for the startup was simple: we do what Cisco (or Cisco Services) will not do. We built online learning platform to learn Cisco certification using group mentoring system. We run physical network audit. We did system integration projects to interoperate Cisco products with any other vendors.

However, since late 2014 the engineering team in my company have evolved. They grew skills in network programming. The team put more focus on Software Defined Networking (SDN). They built lab to validate Network Function Virtualization (NFV). And then the team started to develop our own SDN Controller and Network Automation platform.

Then customers started to come. Customers wanted SDN solution, NFV infrastructure and network automation, but the ones that are vendor-agnostic. They came to my company. They asked the team to bid in the project. That’s when finally Cisco started to notice because they were bidding too.

Early April I decided to resign from Cisco to run my own company as full time CEO.

Mid 2016 I received an offer from Google to join them in Zürich, Switzerland. From April I have built company vision for my startup and laid multi-year strategy, and I knew they can be executed under the current leadership team even without me. I also have personal reason to move my family to Europe. So I agreed to leave Dubai and started working at Google from July.

Even before I joined Google, I already made a plan of what I will learn in the company. Google is the right place to learn so many interesting things, but for 2016 I just wanted to focus on three things:

1. Learn how to build great product

“Behind every great product, there is a great product manager” - Marty Cagan

Google has created 7 great products with more than a billion users using each. And as Ben Horowitz wrote: a good Product Manager is the CEO of the product. A Product Manager combines business, technology, and design in order to discover a product that is valuable, feasible, and usable.

Product Management is above all else a business function, focused on maximising business value from a product. A Product Manager understands the technology stack from the product, and most importantly understanding the level of effort involved is crucial to making the right decisions. And Product Manager is the voice of the user inside the business and must be passionate about the user experience.

2. Continue to learn about SDN, but the scalable ones

Deep down inside I’m still a network engineer. I’ve been focusing on SDN & NFV since 2014 when I was in Cisco. Google has been using software-based solution in its network infrastructure even before the world called it SDN. However, I’m currently interested with highly scaled SDN solution using cloud based platform.

And I’m very interested with transformation path for any Enterprise company to evolve towards a fully automated network operation. I even built the five levels of Autonomous Network, mimicking the levels in Autonomous Vehicle, and currently working on the fifth level: intent-based, policy-driven, zero touch networking.

3. Learn Data Analysis to Machine Learning

Google is the best place to learn Data Science. Period. With Google Brain and DeepMind as part of the Alphabet group, this is the only company I know that puts Machine Learning first in every aspect of its products. Currently I'm focusing to learn about data analysis, data vizualisation and predictive analysis using machine learning.

The three things above are still my valid learning plan for 2017.
How about you? What is your learning plan this year?

Build great product.
Cloud based SDN solution.
With data analytics and machine learning.
“Building the network of the future”. Got it?

by Himawan Nugroho (noreply@blogger.com) at January 19, 2017 05:09 AM

The Data Center Overlords

Video: Newbie Guide to Python and Network Automation

<iframe allowfullscreen="true" class="youtube-player" height="385" src="https://www.youtube.com/embed/pn_OsyI0qys?version=3&amp;rel=1&amp;fs=1&amp;autohide=2&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" style="border:0;" type="text/html" width="630"></iframe>

by tonybourke at January 19, 2017 03:12 AM

January 18, 2017

Network Design and Architecture

Tier 1, Tier 2 and Tier 3 Service Providers

Tier 1,Tier 2 and Tier 3 Service Providers What is tier in the first place ? If you are dealing with Service Provider networks, you hear this term a lot. But how we define Tier 1,Tier 2 and Tier 3 Service Providers ? What should be their infrastructure to be seen as Tier 1 for example […]

The post Tier 1, Tier 2 and Tier 3 Service Providers appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at January 18, 2017 07:31 PM

My Etherealmind

Musing: ITC rejects de facto standard defense (337-TA-944, Cisco v. Arista) | Essential Patent Blog

Detailed but accessible legal review of Cisco vs Arista case. Dated July 2016 so it doesn’t cover the latest developments but provides a lot of insight into the legal.

My current view on this issue:

  1. Cisco is validating Arista as a serious, viable competitor. On balance, Arista gets more out of this than Cisco does and doing a nice job of being the under dog.
  2. Rumours suggest that its personal matter to attack Arsita for some executives and not a business matter.
  3. Customers perceive Cisco as wasting time and energy on legal matters instead of innovating new products or improving product quality.
  4. Customers money is being wasted on lawyers instead of solutions.

In December 2015, Cisco Systems, Inc. (Cisco) filed a complaint alleging that certain network devices (switches) imported by Arista Networks, Inc. (Arista) infringed several Cisco patents directed to computer networks.  Arista raised several equitable defenses based, in part, on allegations that Cisco submitted a request for comments document RFC 5517 to IETF and promoted RFC 5517 to the public generally as an “informal standard” for private virtual local area networks (PVLANs) for which Cisco would not assert its patents or would license on fair, reasonable and non-discriminatory (FRAND) terms based on Cisco’s IPR disclosures to IETF.   Judge Shaw’s Initial Determination (PUBLIC) rejected this “de facto standard” defense, which was raised based on equitable theories of equitable estoppel, implied license, waiver, patent misuse and laches.

ITC rejects de facto standard defense (337-TA-944, Cisco v. Arista) | Essential Patent Blog

Related: Cisco won the latest round when customs ruled against Arista importing some products into the United States. It may be that Cisco wins in Customs but loses in ITC untl the patent case is heard in the years ahead.

Link: Protecting Innovation: CBP Revokes Approval of Arista Redesign – http://blogs.cisco.com/news/protecting-innovation-cbp-revokes-approval-of-arista-redesign

The post Musing: ITC rejects de facto standard defense (337-TA-944, Cisco v. Arista) | Essential Patent Blog appeared first on EtherealMind.

by Greg Ferro at January 18, 2017 05:12 PM


An Inside Look at Juniper Networks’ Forthcoming JNCIE-DC Exam

Data Centers and the Cloud are all the rage right now, and Juniper has been at the forefront of the Data Center revolution from the very beginning – early on with their introduction of the QFX and the much maligned QFabric, and more recently with the addition of Virtual Chassis Fabric (VCF), various open architectures …

by Stefan Fouant at January 18, 2017 01:40 PM

ipSpace.net Blog (Ivan Pepelnjak)

New Webinar: Automating Data Center Fabric Deployments

The next session of the Network Automation Use Cases series will take place on January 24th. Dinesh Dutt will explain describe how you can use Ansible and Jinja2 to automate data center fabric deployments, and I’ll have a few things to say about automating network security.

If you think that what Dinesh will talk about applies only to startups you’re totally wrong. UBS is using the exact same approach to roll out their new data centers; Thomas Wacker will share the details in his guest presentation in the next Building Next-Generation Data Centers online course.

by Ivan Pepelnjak (noreply@blogger.com) at January 18, 2017 07:56 AM

XKCD Comics

January 17, 2017

Networker's Online

L3 fabric DC -The underlay Network (BGP) -part2

In the previous post, we laid the foundation of L3 fabric DC In this post we will discuss the underlay network which mainly provide IP reachability plus ECMP capability, here BGP would play a role in your DC next to the 3 other that we discussed one of the previous posts. For the sake of simplicity …

The post L3 fabric DC -The underlay Network (BGP) -part2 appeared first on Networkers-online.com.

by Ayman AboRabh at January 17, 2017 01:53 PM

ipSpace.net Blog (Ivan Pepelnjak)
Network Design and Architecture

Is Fate Sharing bad thing in network design ?

Is fate sharing bad thing in network design? Someone asked this question recently on my youtube channel and I want to share a post for the website followers as well. First of all, what is fate sharing ? Below is the Wikipedia definition of fate sharing. ” Fate-sharing is an engineering design philosophy where related parts of a […]

The post Is Fate Sharing bad thing in network design ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at January 17, 2017 07:37 AM

My Etherealmind

Response: Saving you bandwidth on Google+ through machine learning

Image compression reduces network requirements in a major way.

  1. Smaller files means less bandwidth
  2. Less round trips for faster page rendering
  3. reduces load on network function like proxies, IDS, etc.

And its already in production for Android devices using Google services.

To help everyone be able to see the beautiful photos that photographers share to Google+ in their full glory, we’ve turned to machine learning and a new technology called RAISR. RAISR, which was introduced in November, uses machine learning to produce great quality versions of low-resolution images, allowing you to see beautiful photos as the photographers intended them to be seen. By using RAISR to display some of the large images on Google+, we’ve been able to use up to 75 percent less bandwidth per image we’ve applied it to.

Saving you bandwidth on Google+ through machine learning

The post Response: Saving you bandwidth on Google+ through machine learning appeared first on EtherealMind.

by Greg Ferro at January 17, 2017 03:13 AM

January 16, 2017

My Etherealmind

Video: Fark Google on TWIT

I was a guest On This Week In Tech 357 yesterday and they extracted this piece where I am being critical of media companies who can’t run their businesses properly. Its one of my better rants about CEOs being stupid. 

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="281" src="https://www.youtube.com/embed/Cs-IDtkHCKY?feature=oembed" width="500"></iframe>

The post Video: Fark Google on TWIT appeared first on EtherealMind.

by Greg Ferro at January 16, 2017 08:43 PM

Network Design and Architecture

Keeping the Cisco CCDE exam secure !

One of the most important thing about CCDE exam is security. We all think that it is secure, it is not cheatable. There is no CCDE dump. We all believe that. CCDE exam has been around for more than 8 years and there are still only less than 400 people in the world. It seems […]

The post Keeping the Cisco CCDE exam secure ! appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at January 16, 2017 08:08 AM

ipSpace.net Blog (Ivan Pepelnjak)

Worth Reading: the Mythical Man-Month

I was discussing a totally unrelated topic with Terry Slattery when he mentioned a quote from the Mythical Man-Month. It got me curious, I started exploring and found out I can get the book as part of my Safari subscription.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at January 16, 2017 07:39 AM

XKCD Comics

January 15, 2017

My Etherealmind

Arris in bid for Brocade network unit: sources | Reuters

Arris wants to buy the Ruckus wireless business.

Arris is looking to buy Brocade’s network edge business, which is the most valuable of the assets being sold, according to the sources. Arris is not in talks to buy other parts of the business being divested by Brocade that include data centers, switching and software, the sources added.

Apparently talks to buy other parts of the business in whole or part are not working out.

Broadcom had divided up Brocade’s divestiture into three pieces after an earlier deal to sell the whole business to a private equity firm fell apart late last year, according to the sources. A private equity firm could still step up to buy all three pieces, the people said.

Arris in bid for Brocade network unit: sources | Reuters

The post Arris in bid for Brocade network unit: sources | Reuters appeared first on EtherealMind.

by Greg Ferro at January 15, 2017 03:36 PM

Response: Codec 2 700C | Rowetel

Acceptable quality open source voice codec in 700 bps

My endeavor to produce a digital voice mode that competes with SSB continues. For a big chunk of 2016 I took a break from this work as I was gainfully employed on a commercial HF modem project. However since December I have once again been working on a 700 bit/s codec. The goal is voice quality roughly the same as the current 1300 bit/s mode. This can then be mated with the coherent PSK modem, and possibly the 4FSK modem for trials over HF channels.

Codec 2 700C | Rowetel

The post Response: Codec 2 700C | Rowetel appeared first on EtherealMind.

by Greg Ferro at January 15, 2017 03:33 PM

Response: Site Reliability Engineering – Medium

Four rules for SRE:

  1. Always Know When It’s Broken
  2. Avoid Global Changes
  3. Moving Traffic Is Faster Than Fixing
  4. Make Your Mitigations Normal

Good rules, can’t argue with this as starting point. The devil in the detail of all of these and Enterprise IT does none of them.

Site Reliability Engineering – Medium:

The post Response: Site Reliability Engineering – Medium appeared first on EtherealMind.

by Greg Ferro at January 15, 2017 02:21 AM

January 14, 2017

Ethan Banks on Technology

Ubiquiti EdgeRouter Lite ERLite-3 Board Detail

I ran a Ubiquiti Edge Router Lite as my home firewall for a couple of years. The box had a nice GUI with CLI option, and had no problem keeping up with my > 100Mbps Internet connection. The box died after a lengthy power failure that drained the large UPS buffering electrons in my basement equipment rack.

I’m not sure what happened to the ERLite-3, but it’s as dead as the bird in the Python parrot sketch. The firewalls appears to boot. The lights come on, etc. However, the box passes no traffic and responds to no ARP requests. I can get no serial console output from it. I even tried a full factory reset, to no effect.

Until its early death, the little firewall had a trouble-free two year run. For $99 spent according to my Amazon order history, I don’t feel too badly about the loss.

Before throwing it in the bin, I decided to open it up and take a look at the mainboard. Here’s a notated picture for you. Enjoy.

Click image to BIGGIFY and see cropped text.


  1. My thanks to @williamhulley for correcting the first version of this diagram.
  2. @Brownout suggests that the firewall might have bricked due to a problem with the USB key. “Usually it’s the USB key, there’s a procedure on the forums to reinstall EdgeOS on a new one.”

I exercised my google-fu based on Brownout’s input, and came up with this link, “EdgeMax rescue kit (now you can reinstall EdgeOS from scratch).” Seems promising if you want to try to rescue your ERLite!

by Ethan Banks at January 14, 2017 08:05 PM

Network Design and Architecture

Packet loss with Fast Reroute

Packet loss with Fast Reroute Do we still lose packet with fast reroute? One of my students asked me this question. And I would like to share the answer with everyone. Before we discuss whether or not we lose packet with fast reroute mechanisms, let’s remember what fast reroute is. It is pertinent to know […]

The post Packet loss with Fast Reroute appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at January 14, 2017 10:25 AM

January 13, 2017

Ethan Banks on Technology

Stumbling And Fumbling Into Video Blogging

I’m used to writing and to podcasting. I know what the content creation and publication process looks like for written and audio media. The increasing popularity of video has had me and my business partner scratching our heads, wondering how we can best leverage the medium. Or if we even should.

And so, we’ve begun our video adventure the way we’ve always done things. Just go for it. Try it. Hit publish. It won’t be perfect, but that’s okay. Learn and improve.

My first video was a good bit of work, taking roughly eight hours to write, shoot, produce, and publish a ten minute video covering some tech industry news. That’s not scalable, but it was a learning experience. Here was my process.


I get press releases from dozens of marketers and public relations firms, usually several per day. I chose some that I thought folks might be interested in. And then I wrote copy. I know from past projects that many written words translate to many spoken minutes. You have to keep copy tight if you’re writing to a time limit.

I managed to do that, writing just under a thousand words of copy. I did ad lib a bit, but overall, I didn’t stray far from the copy. In fact, you can watch the video and track the words here if you want to see just how close I kept it.

There’s a point of reference for you. A thousand words of copy plus a bit of ad-lib resulted in ten minutes of video.


I shot with a green screen background I’ve rigged up in my office. It’s not great, but it is good enough. In the actual shoot, the screen was hanging with no tension. I’m adding clips to give the screen a stretch so that there will be a flatter result that will light more evenly. I need more clips. If you see the right top clip, you see the wrinkle formed. More clips will help.

The point of the green screen is to allow me to insert whatever background I want to in its place. This is easily accomplished with Final Cut Pro X, my video editing tool.

I shot in 4K at 30fps using an iPhone 6S+. I’m only going to publish in 1080p, but shooting in 4K means I can crop, use the highest res graphics possible, etc. and minimize loss of image quality when rendering to 1080p.

I use the same principle when recording audio. I usually record podcasts at 48kHz/24-bit mono for what will ultimately be a 64Kbps mono MP3 when distributed – more bits to work with in editing means plug-ins have more zeros and ones to act on, and presumably makes for a better end result.

I don’t have a good lighting solution yet. For this shoot, I lit my face with a diffused LED panel lamp with a mix of cold and warm LEDs. The light was mounted straight ahead of me. The nature of my office means that I also have a strong side light coming from the south-facing window during the day. In the video, this ended up casting a shadow on the left side of the video behind my head. It looked a little strange. You can see the side-lighting in the green screen shot above as well.

In any case, I need more lighting in the right places to fill shadow behind me. My office is small, so I’m looking into how I can get this done without filling what little floor space I have with box lights, etc. But, box lights might be where I end up anyway.

Another issue in the video is that I’m looking off-camera to read copy. That leaves the video feeling disconnected. However, there are many teleprompter solutions available. Teleprompters like the ones I’m researching use beamsplitter glass. This special glass acts as a mirror for the teleprompter text, while at the same time allowing the camera to shoot you, but not see the text.

Thus, with the right teleprompter, I can read my copy while looking straight into the camera. I’ve done some video work in the past for a large media company using a teleprompter. I know it would work well for me.

Image from Caddie Buddy, one of the teleprompter solutions I’m looking into. Great reviews and a low price. Of course, I need a tablet…


I produced the video with Apple’s Final Cut Pro X running on loaded iMac Retina 5K model with 32GB of RAM and an Intel Core i7 running at 4Ghz. Sounds like a beast of a machine, eh? Sigh. Not so much. I wish I had more cores, or maybe a Mac Pro. Video rendering (the part you do when you’re done editing the video) takes a long time.

I won’t go into the specifics of FCPX here. If you care about that, go to YouTube and search. The sheer volume of FCPX instructional videos borders on profligate. I will summarize the tools I used, however.

  • Titles for lower thirds, plus a date in the upper left hand corner.
  • Several transforms to move my headshot off-center, to size and place graphics, etc.
  • Video animation with compositing opacity so that graphics would fade in and out instead of suddenly appearing and disappearing.
  • Chroma keying to make the green screen disappear.
  • Secondary audio track inserted, with primary audio track muted. I used the audio from the lapel mic you see in the shot instead of the audio captured by the iPhone.

Another thing I didn’t do that I wish I had done was use a visual flag to signal each segment. That meant I had to go through the entire video carefully to insert the graphics and lower thirds in the right spot.

This was my first project using a Contour ShuttleXpress, a USB rotary dial that makes getting to just the right spot in the video much easier. I use it with my left hand and a trackpad with my right.

Much of my time spent in editing the video was in simply figuring out how to get around in FCPX. For example, if you’ve never done chroma keying, you have watch a video that explains it to you. It’s not hard, but you won’t figure it out just by clicking around if you’re a video editing n00b.

I found this to be a pattern with every FCPX tool — the first time out will take a while. For instance, using transforms drove me a little nuts, because I couldn’t grok how to get the handles to appear consistently on the object I was manipulating. Then I figured out to click on the Transform tool itself when the handles weren’t showing up, and I stopped losing minutes fumbling around in confusion.

The last thing I did when done stumbling and fumbling with FCPX was to add a brief top and tail. Both were the same video clip — a pre-rendered video my business partner made with Apple Motion.

Final rendering takes an enormous amount of time. Every added effect, every title, every graphic, etc. all has to be turned into video frames. FCPX renders in the background constantly with spare CPU cycles, but even so, the final render took dozens of minutes with my iMac cooling fans whirring away.


First time out, I rendered from FCPX directly into YouTube. Once FCPX is authorized to use your account, you can set YouTube as a sharing target.

I learned a couple of important things about YouTube.

  1. YouTube is going to render in its own way what you upload. This takes a while. You aren’t simply “uploading a video to YouTube.” The process is more involved.
  2. While YouTube is working on your video, the video will only be available at 360p. This is a brief, temporary situation.

The 360p issue was a surprise. I reacted by deleting what I thought were 360p renders, assuming I’d done something wrong that resulted in 360p, and not 1080p. But, the only mistake I made was not waiting long enough. After just a few minutes, the video was available in a variety of resolutions up to 1080p.

However, since I didn’t know about this “360p at first” issue, I deleted my first video. Then I re-rendered the video locally at 1080p, watched it to be sure it was what I expected, and then uploaded that to YouTube, only to have the same 360p result. I executed some google-fu, discovered my blunder, waited, and then the glory of 1080p washed over me.

The next time…

  • I need to sort out a teleprompter. I have a plan.
  • I need to improve lighting. I have a plan here as well.
  • I will flag the end of segments with a piece of colored construction paper, then edit those bits out.
  • Video editing & publication will go much faster. I learned a lot during the initial round of n00bery.

by Ethan Banks at January 13, 2017 05:44 PM

Network Design and Architecture

Is LISP (Locator Identity Separation Protocol) Dead?

Today, there are many networking technologies which haven’t been widely deployed. And among them are Internet Multicast and IPv6 although these two protocols have many benefits .  But probably people are asking the correct question. Do we really need new protocol ? Or can we solve our problem with the existing mechanisms deployed on our […]

The post Is LISP (Locator Identity Separation Protocol) Dead? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at January 13, 2017 04:56 PM

ipSpace.net Blog (Ivan Pepelnjak)

VXLAN Ping and Traceroute

From the moment Cisco and VMware announced VXLAN some networking engineers complained that they'd lose visibility into the end-to-end path. It took a long while, but finally the troubleshooting tools started appearing in VXLAN environment: NVO3 working group defined Fault Managemnet framework for overlay networks and Cisco implemented at least parts of it in recent Nexus OS releases.

You'll find more details in Software Gone Wild Episode 69 recorded with Lukas Krattiger in November 2016 (you can also watch VXLAN Technical Deep Dive webinar to learn more about VXLAN).

by Ivan Pepelnjak (noreply@blogger.com) at January 13, 2017 11:58 AM

My Etherealmind

Response: Introducing Open/R — a new modular routing platform | Engineering Blog | Facebook Code | Facebook

Although this post is from May 2016, Petr Lapukhov at Facebook outlines an method to replace routing protocols with a message bus to enable real network applications.

I’m doubtful that wider networking market would adopt something that doesn’t have BGP in the solution but Facebook has the resources to develop something like this and prove that it works. That could change perceptions. In any case, thought provoking reading.

Introducing Open/R — a new modular routing platform | Engineering Blog | Facebook Code | Facebook: “The Open/R software enables rapid prototyping and deployment of new applications to the network much more frequently than the industry’s standard development process. To create an interoperable standard, the industry’s process is often lengthy due to code being built independently by multiple vendors and then slowly deployed to their customer networks. Furthermore, every vendor has to accommodate for the demands of numerous customers — complicating the development process and requiring features that are not always useful universally.”

The post Response: Introducing Open/R — a new modular routing platform | Engineering Blog | Facebook Code | Facebook appeared first on EtherealMind.

by Greg Ferro at January 13, 2017 10:11 AM

Response: Coming soon with Cumulus Linux 3.2: EVPN

Increasingly coming to the view that BGP-EVPN is a big deal. Neither vendors or customers can imagine their networks without a 30 year old routing protocol so this is the half-pregnant, half-arsed solution that seems likely to gain widespread adoption.

You can mangle BGP configuration with an application and call it SDN. Heck, IXPs have been doing that for a decade so its not new.

Welcome to networking where “its not new” is the byline for SDN.

Coming soon with Cumulus Linux 3.2: EVPN – Cumulus Networks Blog: “Can you summarize the benefits of deploying EVPN?

Cumulus EVPN provides many benefits to a data center, including:

Controller-less VXLAN: No controller is needed with EVPN, as it enables VTEP peer discovery through BGP.
Scale and Robustness: EVPN uses the standard BGP routing protocol for the control plane. BGP is a mature well-known protocol that powers the internet. For data centers that already run BGP, this involves just adding another address-family.
Fast convergence/mobility: The BGP EVPN address family includes features to track host moves across the datacenter, allowing for very fast convergence.
Multi-vendor interoperable: Since EVPN is a standard, it will be interoperable with other vendors that adhere to the standard.
Support for Active/Active VxLAN: Cumulus EVPN supports host redundancy to switch pairs with an MLAG configuration.
Multi-tenancy: Cumulus EVPN supports VXLAN tunnel separation”

The post Response: Coming soon with Cumulus Linux 3.2: EVPN appeared first on EtherealMind.

by Greg Ferro at January 13, 2017 10:08 AM

XKCD Comics

January 12, 2017

My Etherealmind

Video: Business Tech News for January 11, 2017

https: //www.youtube.com/watch?v=poIBwW1gI3E

Arista, NetBeez, Viptela, Silver Peak, Velocloud, ETSI, Extreme Networks are included in today’s press release round up.

Packet Pushers Youtube Channel – https://www.youtube.com/channel/UC7vAUu1TQAwzuq8wajJw4kA

The post Video: Business Tech News for January 11, 2017 appeared first on EtherealMind.

by Greg Ferro at January 12, 2017 10:28 PM

The Networking Nerd

Culling The Community


By now, you may have seen some bit of drama in the VMUG community around the apparent policy change that disqualified some VMUG leaders based on their employer. Eric Shanks (@Eric_Shanks) did a great job of covering it on his blog as did Matt Crape (@MattThatITGuy)with his post. While the VMUG situation has its own unique aspects, the question for me boils down to something simple: How do you remove people from an external community?

Babies And Bathwater

Removing unauthorized people from a community is nothing new under the sun. I was a Cisco Champion once upon a time. During the program’s second year I participated in briefings and events with the rest of the group, including my good friend Amy Arnold (@AmyEngineer). When the time came to reapply to the program for Year 3, I declined to apply again for my own reasons. Amy, however, was told that she couldn’t reapply. She and several other folks in the program were being disqualified for “reasons”. It actually took us a while to figure out why, and the answer still wasn’t 100% clear. To this day the best we can figure out is that there is some kind of conflict between anyone working with the public sector or government and the terms and conditions of the Champions program.

The lack of communication about the rules was the biggest issue by far with the whole transition. People don’t like being excluded. They especially don’t like being excluded from a group they were previously a member of. It takes time and careful explanation to help them understand why they are no longer able to be a part of a community. Hiding behind vague statements and pointing to rule sections doesn’t really help.

In the case of the VMUG issue above, the answer as to why the dismissed leaders were disqualified still isn’t clear. At least, it isn’t clear according to the official rules. There is still some debate as to the real reasoning behind everything, as the comments on Matt’s blog indicate. However, the community has unofficially settled on the reasoning being that those leaders were employed by someone that VMware, who is more-than-loosely affiliated with VMUG, has deemed a direct competitor.

I’m no stranger to watching companies go from friends to frenemies to competitors in the blink of an eye. VMware and Cisco. VMware and Scale Computing. Cisco and HP. All of these transitions took two aligned companies and put them on opposite sides of the firing line. And in a lot of cases, the shift in messaging was swift. Last week they were both great partners. The next week shifted to “We have always been at war with Eurasia.” Which didn’t bode well for people that were caught in the middle.

Correcting The Position

How do you correctly go about affecting changes in membership? How can you realistically make things work when a rule change suddenly excludes people? It’s not an easy path, but here are some helpful hints:

  • COMMUNICATION! – Above all else, it is absolutely critical to communicate at every step of the process. Don’t leave people guessing as to your reasoning. If you are contemplating a rule change, let everyone know. If you are looking to enforce a rule that was previously not enforced, warn everyone well in advance. Don’t let people come up with their own theories. Don’t make people write blogs asking for clarification on a situation.
  • If a person is being excluded because of a rule change, give the a bit of grace period to exit on their own terms. If that person is a community leader, they will need time to transition a new person into their role. If that person is a well-liked member of the community, give them a chance to say goodbye instead of being forced out. That grace period doesn’t need to be months long. Usually by the next official meeting or briefing time is enough. Giving someone the chance to say goodbye is much better than telling everyone they left. It provides closure and gives everyone a chance to discuss what the next steps will be.
  • If a rule change is in order that excludes members of the community, weigh it carefully. Ask yourself what you are gaining from it. Is it a legal reason? Does it need to be made to comply with some kind of regulation? Those are valid reasons and should be communicated with enough warning. People will understand. But if the reasoning behind your rule change is spite or retaliation for something, carefully consider your next steps. Realize that every rank-and-file member of the community has their own opinions and vision. Just because Evil CEO made your CEO mad doesn’t mean that his Local SE has the same feelings. And it absolutely doesn’t mean that Local SE is going to subvert your community for their own ends. These are the kinds of decisions that divide people at the expense of keeping your community free of “influences”.

It can’t be said enough that you need to talk to the community before you even begin debating action. There are no community organizations that blindly follow orders from on high. These are places where thinking people interact and share. And if they are suddenly told how things are going to be without any discussion or debate, you can better believe they are going to try and get to the bottom of it. Whether you want them to or not.

Tom’s Take

Kicking people out of something is never easy. Tech Field Day has rules about delegates being employed by presenting vendors. More than once I’ve had conversations with people about being disqualified from being a delegate. Most of them understand why that’s the case beforehand because our policy is straightforward. But if it’s ever changed, you can better believe that we’re going to let everyone know well in advance.

Communities run on communication. Discussion, debate, and ultimately acceptance are all driven by knowing what’s happening at all times. If you make rules under the cloak of secrecy for reasons which aren’t readily apparent, you risk alienating more than just the people you’re looking to exclude.

by networkingnerd at January 12, 2017 06:02 PM

Network Design and Architecture

Introduction to VPN (Virtual Private Network)

Introduction to VPN (Virtual Private Network) Let’s start with the definition. VPN is a logical network and created over shared physical infrastructure. Shared infrastructure can be private such as MPLS VPN of a Service Provider or over the Public infrastructure such as Internet. There are many concepts to understand VPN in detail but in this […]

The post Introduction to VPN (Virtual Private Network) appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at January 12, 2017 05:42 PM

My Etherealmind

Response: Japan researchers warn of fingerprint theft from ‘peace’ sign

Another one from the Biometrics is not useful for authentication dumpster:

The NII researchers were able to copy fingerprints based on photos taken by a digital camera three metres (nine feet) away from the subject.

Japan researchers warn of fingerprint theft from ‘peace’ sign : http://phys.org/news/2017-01-japan-fingerprint-theft-peace.html

The post Response: Japan researchers warn of fingerprint theft from ‘peace’ sign appeared first on EtherealMind.

by Greg Ferro at January 12, 2017 12:00 PM

ipSpace.net Blog (Ivan Pepelnjak)

Parsing Printouts with Ansible Regular Expression Filters

Ansible is great at capturing and using JSON-formatted data returned by REST API (or any other script or method it can invoke), but unfortunately some of us still have to deal with network devices that cannot even spell structured data or REST.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at January 12, 2017 06:28 AM

January 11, 2017

My Etherealmind

Response: Engineers know how to party! Start your own celebration with Mellanox Ethernet solutions – YouTube

I approve of this positive, supportive and realistic representation of network engineers.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="281" src="https://www.youtube.com/embed/dYni87y3dL4?feature=oembed" width="500"></iframe>

Engineers know how to party! Start your own celebration with Mellanox Ethernet solutions – YouTube: “”

The post Response: Engineers know how to party! Start your own celebration with Mellanox Ethernet solutions – YouTube appeared first on EtherealMind.

by Greg Ferro at January 11, 2017 10:11 PM

Network Design and Architecture

Orhan Ergun 2017 CCDE Training Agenda

CCDE Training Agenda of 2017 If you have any question or comment please don’t hesitate to ask in the comment box below. 2016 & 2017 CCDE TRAINING AGENDA Bootcamp Type                                                   […]

The post Orhan Ergun 2017 CCDE Training Agenda appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

by Orhan Ergun at January 11, 2017 08:01 PM

Honest Networker
ipSpace.net Blog (Ivan Pepelnjak)

Introduction to Docker: Featured Video of January 2017

The featured webinar in January 2017 is the Introduction to Docker webinar, and in the featured video Matt Oswalt explains the basic Docker tasks. Other videos in this webinar cover Docker images, volumes, networking, and Docker Compose and Swarm.

To view the featured video, log into my.ipspace.net, select the webinar from the first page, and watch the video marked with star.

Read more ...

by Ivan Pepelnjak (noreply@blogger.com) at January 11, 2017 07:23 AM

XKCD Comics

January 10, 2017

My Etherealmind

Dictionary: optic boom

optic boom

A flash produced when electrons move faster than light, akin to the boom of supersonic jets. Breaking the “light barrier” sounds like sci-fi, but physicists say it can happen in graphene sheets. The discovery could spark development of optical circuits a million times faster than silicon chips.

Link: The 21 Best New Words of 2016 | WIRED https://www.wired.com/2016j/12/21-best-new-words-2016/

The post Dictionary: optic boom appeared first on EtherealMind.

by Greg Ferro at January 10, 2017 11:33 AM