Collection of useful, relevant or inane places on the the Internets for 28 Oct 2011:
- Cisco IOS Hints and Tricks: OpenFlow and the State Explosion –
Moral of the story – every time you hear about an incredible solution to a well-known problem ask yourself: why weren’t we using it in the past? Were we really that stupid or are there some inherent limitations that are not immediately visible? Will it scale? Is it resilient? Will it survive device or link failures? And don’t forget: history is a great teacher.
Morals to live by. Also, Ivan points out a key consideration for OpenFlow/SDN technology. Both important.
- Choose Internetworking — Evil Routers – Funny play on an Internet meme.
- Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide [Cisco Nexus 7000 Series Switches] – Cisco Systems –
Download the complete book (EPUB – 709 KB)
Testing this out. All my workflows are built for PDF files, but ePub is an exciting idea.
Although, reading NXOS manuals may not be the most exciting book to ever written 🙂
- NOX | An OpenFlow Controller – This is the NOX controller – open source
NOX is an open-source OpenFlow controller. Its purpose is to provide a simplified platform for writing network control software in C++ or Python. While still under heavy development, NOX is currently used in a number of large production network deployments. New users can learn more from the NOX development mailing list.
Was talked about a lot at the OpenFlow Symposium and I took some time to read up on it.
- OpenFlow Symposium in San Jose – Networks as Application Stacks | Ethernet Fabric – Lisa Caywood talks about her views on the Packet Pushers OpenFlow Symposium and talks about how shee sees OpenFlow as result…..
It was clear that several of the attendees were eager to understand the likely rate of adoption of OpenFlow and how serious the vendor community really is about making it a reality. The panelists, as well as a representative of the ONF, took pains to stress that while some very early adopters are already experimenting with OpenFlow 1.0, the technology is still very nascent, with many questions still to be hashed out. “We’re still learning how to do this” was a common remark.
- Facebook letting Open Compute Project go. Will it fly? — Tech News and Analysis – FaceBook published a set of physical data center standards. I think it’s to drive down the price of the hardware components by giving offshore OEMs the designs.
Asked if networking was on the agenda, he said: ”Andy Bechtolsheim has a lot of interest in networking but for now we’ve excluded networking from Open Compute. There’s already ONF [the Open Networking Foundation] and we don’t want to compete, but if the community thinks we should look at the physical layer of Open Compute, that’s a possibility.”
If the OpenCompute defines physical network switches then the incumbent vendors would be effectively excluded from at-scale data centres. That’s disruptive.
- Juniper Networks Delivers OpenFlow Application to Enable Network Programmability & Flexibility for Customers – Juniper Networks – “Juniper is making the OpenFlow application available to an SDK developer community that includes more than five hundred organizations in order to get working code into the hands of customers so they can explore how OpenFlow and network programmability can impact networks everywhere,” said Mike Marcellin, vice president of systems strategy and marketing at Juniper Networks. “Our priority is making the networking infrastructure more efficient and effective for customers, and OpenFlow is an important step on the path to greater programmability.”
- HP Firewall Series – HP Networking, HP F1000-E VPN Firewall Appliance, JD272A, HP F5000 Firewall Main Processing Unit, JG215A, HP F1000-S-EI VPN Firewall Appliance, JG213A, HP F1000-A-EI VPN Firewall Appliance, JG214A, HP F5000 Firewall Standalone Chassi – HP seems to have announced their firewall products. In a BIG way.
HP A series firewalls enable advanced scalable network protection from the core to the edge at up to 40Gbps firewall throughput. the series also feature with rich VPN abilities including GRE, L2TP and IPSec tunnelling technologies which makes them to be ideal products to build VPN gateway of enterprise and data center user. Meanwhile, the appliances combine built-in protection against denial of service(DoS),hacking attacks, zonal and virtual stateful packet inspection firewall, application bandwidth management, Audio/Video IP multicast routing and email attachment filtering.
Stats are good, now need to look at the software and supporting ecosystem.
- Cisco Blog » Blog Archive » IDS and IPS – Liked this summary of IDS/IPS deployments:
Type 1: A few sensors are deployed, no one is looking at them or is even sure what networks are covered or not covered.
Type 2: Intrusion detection is deployed through an outsourced service. There is a good understanding of what is covered and there is a good management of events, but only a few high fidelity signatures are running (or are viewed). This type of implementation is typically static and can be considered a sort of network anti-virus service.
Type 3: Intrusion detection is deployed over all applicable choke-points, managed, and tuned with the security team using multiple signatures — many signatures that are custom-developed to solve ongoing security issues at the site.
Still can’t shake the feeling that IPS, as it exists today, is NOT the answer to security problems. Why does it not work today ?
- Why I Switched Network Vendors after 12 Years from… – J-Net Community – Even though this artcile is on Juniper’s website, I liked the points and power of the article – which runs true.
have learned a lot the past year about what products, technologies but also philosophies are out there in the world of networking when you look beyond what is familiar to you. The points mentioned above are just a few that came to mind. I’m very eager to hear about your own stories when you looked outside your comfort zone and considered another vendor. And for those of you that are considering a network refresh – all I can say is shop around, the grass might not be greener on the other side of the fence, but if you don’t open the gate and take a look you will never know. And for those of you wondering which products we went for in the end, it’s a combination of the MX-series (core/edge), M-series (edge), SRX-series (take a guess) and EX-series (out-of-band).