Networks

i’ve just stumbled upon this gem - it’s hard to find these days such well aggregated and summarized information.

i’ve stumbled upon an article of Michael Leonard from Juniper. he decided to take a stab at LISP. i usually call such articles with the title of this post, and the article mentioned is all about it. while we’re discussing in open forums with engineers and architects from Juniper, and in most of them we actually do cooperate - including in LISP, which author doesn’t seem to even know about - it’s sad to look at people who believe attacking competition is everything they should do in life. his comments are misguided, and willingness to be visible sad. it also doesn’t show juniper as a company in good light. ...

it seems that EU has made a reasonable choice to oppose ITU’s taking control over internet. consequences of handing over real control over future of internet to entity that’s slowly sliding into oblivion and has hardly any real influence on the development of technology are not hard to imagine.

we’re back with Cisco security focused conference in the fall. during Cisco SECURE 2012 we’ll try to demonstrate you the whole security architecture. during two full days of presentations, we’ll try to showcase you all interesting bits and pieces from our portfolio. we already have agenda up, and i’ll be happy to present along Gaweł our security solutions for cloud and data centers - including CSR 1000v, ASAv and other interesting products. ...

using our new blogging platform, i just published short piece about just announced onePK. i’m watching live discussions for over two years now about network control capabilities. i was one of those distanced guys when it comes to OpenFlow “explosion” in popularity. and as time did show - I was right. today even hardware vendors suddenly slowed down a bit and distance themselves from new standard versions, and development tempo also falls down. more and more of these that believed supporting OpenFlow will suddenly change their support model and feature set - start to understand thats hardly true. some of them even decided to abandon this direction altogether. ...

i just made a short post describing a bit behavior and characteristics of new Sup720-10GE switching matrix that can be installed in Catalyst 6500 - for cisco-nsp@ folks: In old Sup720 design, the Supervisor itself is connected to the fabric using one channel. This channel is used by Hyperion ASIC to provide for bus interface, and multicast/SPAN features. Because there’s no other way to connect the uplinks on the Sup itself, the Hyperion has it’s interface also terminating the uplinks (2xGE) thus limiting effective throughput/etc. BTW, both PFC and MSFC are also connected to the rest of the chassis linecards by Hyperion (PFC) and Pinnacle (MSFC). On the Sup720-10GE, the separate, 19th channel is used to connect the uplinks directly into fabric. Hyperion is still there, it still takes the channel “belonging” to the slot which Supervisor itself is in, but thanks to such design doesn’t limit in any way performance you can achieve on the 2x10GE uplinks (or 4xGE). In the new design, Hyperion takes care of providing connectivity to MSFC3 complex, while Metropolis (ASIC terminating the uplinks and connected to fabric) takes care of providing transport to PFC3C/CXL. The 20th channel is used in the same fashion for the redundant Sup if it’s inserted into chassis. Hope that clears it a bit. ...

interesting enhancement to transport traffic in HTTP sessions proposed by Google is starting to gain popularity and traction. while i don’t use Chrome browser, in Firefox starting from version 11 you can turn the protocol on (about:config -> network.http.spdy.enable=true). on the server side you should run mod_spdy if you’re running Apache server. it also makes sense to install Firefox extension signalling SPDY work. the end effect? SPDY gets the traffic faster (usually), as multiple sessions are initiated at the same time. ...

…and inside, you’ll find a lot of completely new features overall (MediaTrace 2.0, IPv6 for GETVPN data plane, new IPv6 IP SLA extensions, LISP extensions), or for the first time available on software routing platforms like ISR G2s (BGP PIC Edge and Core, BGP route-server, Multicast Live-Live). everything can be found here. simultaneously, IOS_XE 3.6S came out, along with bunch of features that are catching up with traditional IOS releases - things like CGNAT or hardware support for BFD. ...

i highly recommend reading this good article about moving network stacks forward. it’s great addendum to network hardware bible. and yes, let’s stop ACTA - we’re not deploying IPv6 just to make our governments to force upon us adoption of poor technical standards. instead of deploying IPv6, fly to stars - we’re drowning in proposals like SOPA, PIPA, ACTA and - generally speaking - attacking each other. ...

FreeBSD 9.0 did an unannounced appearance lately. it introduces a bunch of different features, two of which are of great interest to me. firstly, we can select different mechanisms to fight traffic congestion for TCP. to do that, you need to change sysctl net.inet.tcp.cc.algorithm from the list available under net.inet.tcp.cc.available. NewRENO, the default one, works quite OK, but in some specific configurations you can select others and check if they’d behave better. ...