Internets of Interest for 15th December 2012

 

Collection of useful, relevant or just fun places on the Internets for 15th December 2012 and a bit commentary about what I’ve found interesting about them:

NZNOG list — [nznog] NZ scores first OpenFlow controlled connection to an IX – Notes and comments about a OpenFlow/SDN deployment in an Internet Exchange.

Today New Zealand can boast the first SDN controlled OpenFlow switch BGP peering with a public Internet Exchange.


It’s our duty — all of us — to fight for the open web — Tech News and Analysis – Increasingly, I’m feeling hunted and pursued as I consume information on the Internet. I’m tracked, egged, logged, and my data is sold in real time. I find the closed platforms like Facebook and Twitter even more disturbing as they move to close off access to information.

Closed and proprietary networks and platforms like Facebook and Apple and Amazon are appealing in many ways because they are so easy to use, but in depending on them for so much of our online lives, we give up many of the benefits of the open web.


Cisco Configuration Archive & Rollback: Using ‘Revert’ Instead of ‘Reload’ – Tip from the Charles Galler on the Packet Pushers Blog

Revert/rollback is a great feature, but it might not be available on your device depending on the platform and IOS version. I have also run across an issue where the revert timer looked like it aborted when I confirmed the changes, but kept running and ended up reverting my changes when I didn’t want it to. It also locked me out of making configuration changes. I could still get into configuration mode, just not make any changes. I eventually ended up switching over to the redundant supervisor in order to regain configuration abilities. Therefore, I recommend trying this feature for the first time while you are in a maintenance window so that you can reload the device if you end up locked out of configuration changes.


Wire wrap – Wikipedia, the free encyclopedia – A small walk down memory lane about the lost art of wirewrapping for building electronic boards. Some of the pictures are lovely reminders of a bygone time. Also, I didn’t realise there were automated wire wrap machines that could perform up to 1200 wraps per hour. Reminds me why Silicon chips are more reliable.


IPv6 Prefixes Longer Than /64 Might Be Harmful « ipSpace.net by @ioshints – The road to IPv6 in the data centre is a big gamble on existing and legacy equipment. Even if the software supports it, the silicon in your switches probably doesn’t.

To rephrase: Nexus 5500 can have up to 16K /64 IPv6 prefixes and up to 128 non-/64 IPv6 prefixes. It does make perfect sense, assuming your data center uses /64 prefixes internally and a few summary routes (or default routing) toward the outside world or DC core.

Finally, there are loads of DC switches where the maximum number of IPv6 prefixes is half the maximum number of IPv4 prefixes, probably indicating that their TCAM matches only the top half of IPv6 addresses (and that installing /120 or /127 prefixes into these devices might be a Really Bad Idea). Unfortunately, many vendors are not as open and straightforward as Cisco is, and forget to mention these tiny little details in their documentation.


Clearing up the Fog around the FAWG | BLOG – The FAWG is seriously mis-understood, probably because of vendor involvement. The lack of trust in vendors and their representatives is a serious issue. The ONF is fundamentally opposed to vendors setting an agenda, but vendors need certainty to invest in products and markets. Lots of tension and few answers.

On the day in early August when the ONF announced the formation of the Forwarding Abstractions Working Group (FAWG), and my role as chair, several people asked me what, exactly, FAWG will be doing. My responses at the time rivaled a Higgs boson detector output in clarity and brevity. Now, after a bit of practice and FAWG progress, I aspire to cram fit a meaningful answer comfortably into a blog post. Soon, I’ll be able to tweet my response! By, er, linking to this post. As it happens, that simple idea is relevant here.


Sonicwall – Old dog learns [some] new tricks | The Forwarding Plane – Nick Buraglio wraps the current serious firewalls – Palo Alto, Juniper SRX and Sonicwall.

While I personally like a CLI to rummage around in, not everyone does. Palo Alto Networks has an amazing GUI. Like, the best I’ve ever seen. Sonicwall……well, theirs always left me wanting back in the day. Now…..wow, a totally different ballgame.

Don’t get me wrong, I’m not confident that the Sonicwall “Super Massive” won’t compete (in this guys opinion) with a Juniper 5800. However, their transparent mode is a tad better and their web management is an order of magnitude better. Performance? I don’t think anything can touch an SRX loaded with SPCs, but the numbers are impressive. I’d like to do a bake off once I get some time (and a super massive in my lab)

It’s the GUI interface and available information that makes these products, the firewall features are standardised. That’s why engineers loathe the Cisco ASA – its truly a piece of crap in it’s current form.