Packet Pushers Podcast

New voices gather in the Packet Pushers virtual boardroom for a discussion of Cisco's layer 2 extension technology, Overlay Transport Virtualization (OTV). Ethan Banks hosts a recording of about two hours worth of content about OTV; this show is the second hour (well, almost another hour). Joining Ethan are first-time guests Jamie Caesar, Colby Glass and Ken Matlock. Jamie, Colby and Ken have all done real-world OTV deployments. Among the three, both the Cisco Nexus 7000 platform and ASR1000 platforms are represented. What's OTV and why do you care? OTV is a layer 2 extension technology aka data center interconnect (DCI). By L2 extension, we mean extending a VLAN from one data center into a different data center, when those data centers are separated by a layer 3 boundary. OTV is a tunneling overlay that encapsulates Ethernet frames so that they can cross the layer 3 area separating the 2 data centers. While simple in concept and fairly simple to deploy, OTV is rather complex behind the scenes, which is why this was a nearly 2 hour discussion instead of 20 minute one. Here in part two, we cover the following high level topics. Redundancy of OTV edge devices. What is traffic tromboning? How do you minimize it? Managing ARP & CAM timeouts to prevent the overlay from becoming a black hole, since OTV doesn't flood unknown unicasts. Coping with MTU sizes and the overhead added by OTV encapsulation. Designing your IGP to avoid forming a routing adjacency across the overlay, which would probably result in suboptimal forwarding paths forming. Licensing. Preparing your network to add OTV. CLI configuration of OTV. Useful OTV "show" commands. Our favorite OTV documentation. LINKS Cisco OTV Home Page Cisco OTV White Papers (excellent resources) NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures (2nd Edition) by Ron Fuller, David Jansen, Matthew McPherson (chapter dedicated to OTV)

New voices gather in the Packet Pushers virtual boardroom for a discussion of Cisco's layer 2 extension technology, Overlay Transport Virtualization (OTV). Ethan Banks hosts a recording of about two hours worth of content about OTV; this show is the first hour. Joining Ethan are first-time guests Jamie Caesar, Colby Glass and Ken Matlock. Jamie, Colby and Ken have all done real-world OTV deployments. Among the three, both the Cisco Nexus 7000 platform and ASR1000 platforms are represented. What's OTV and why do you care? OTV is a layer 2 extension technology aka data center interconnect (DCI). By L2 extension, we mean extending a VLAN from one data center into a different data center, when those data centers are separated by a layer 3 boundary. OTV is a tunneling overlay that encapsulates Ethernet frames so that they can cross the layer 3 area separating the 2 data centers. While simple in concept and fairly simple to deploy, OTV is rather complex behind the scenes, which is why this was a 2 hour discussion instead of 20 minute one. Here in part one, we cover the following high level topics. What is OTV, and what problems does it solve? OTV use-cases beyond vMotion. How latency introduced by long-distance DCI impacts applications. What hardware can you run OTV on? How does OTV compare to other L2 extensions? What sort of datagrams does OTV encapsulate? How many disparate data centers can OTV stitch together? OTV's fault-isolation mechanisms. How is spanning-tree handled in an OTV deployment? Is 2 OTV edge devices always an appropriate topology? OTV design considerations, hardware and licensing. OTV terminology. Can you run multiple overlays? How do OTV endpoints discover one another when using multicast? Unicast? LINKS Cisco OTV Home Page Cisco OTV White Papers (excellent resources)

Thanks to everyone who supports Packet Pushers and supports us. We could not do this without you. Greg & Ethan go solo to talk a little about 150 weekly shows  Cisco Live US 2013 - Tweet UP - http://networkingnerd.net/2013/05/23/cisco-live–2013-tweetup/ Greg has Published an eBook Greg wrote an eBook on blogging - The Arse First Guide to Technical Blogging Why write this book ? Well, um. My guilty secret is simply that I am tired of being asked. Co-workers, readers, bloggers and friends are constantly asking how I find the time to write ? What tools do you use ? How do you know what to write about ? I’m tired of answering the same question over and over so I just decided to write it down instead (like many of my own blog posts). I’ll be covering my very special “arse-first” writing method that makes short form technical writing easier & achievable for anyone. I’ll discuss your attitude, help you find the technical voice that brings your inner nerd to life. I’ll provide some suggestions on things you should do & some tips on what not to do. They are both equally important. Finally, I’ll offer some of my more advanced tips on the technical writing process and ways you can build your own style. Costs USD$3.99. Predictions for Cisco Live Talking about the “big thing” at Cisco Live this year and speculating on whether Insieme will be announced, or what other big things we might see. This transmogrified into a discussion of the nature of controller, Open Daylight. Discussions around the nature of Automation and Orchestration The future of CLI, the impact of automation on the daily work life of network engineers. Good slice of Unicorn Wishes for the future. Big Switch Leaves The Open Daylight Foundation Discussing why Big Switch has resigned from Platinum status in the Open Daylight Foundation. More unicorn wishes for SDN. Career Advice Just relax, not everyone has the same drive and passion that you do. You  can cause a lot of stress for yourself if you don't understand this (and it rarely ends well).  

Welcome to another lofty episode of Healthy Paranoia where we take on the profound problem of security certifications, specifically the Certified Information Systems Security Professional (CISSP). Joining Mrs. Y and Greg Ferro is an illustrious cast of infosec luminaries, including; well-known security analyst Wendy Nather, Novainfosec.com founder Grecs, IPv6 fanatic Joe Klein, and the enigmatic Jay James. We cover topics such as: Cert Junkies How listening to this podcast will fulfill your CPE requirements Cloud constipation and why Greg Ferro is like Roto-Rooter That Richard Bejtlich's name should always be invoked in respectful, hushed tones (genuflection optional) Show Notes: The Post that started it all, "Going Paperless." A take on professionalizing security by Dave Shackleford with a response from @451's Wendy Nather. A post from Rich at Securosis, "Why I'm Not a CISSP." "Your CISSP is Worthless - So Now What?" by Dave Shackleford "10 Reasons Why Security Professionals Get Hired" "What makes a good information security professional?" April Fool's CNIP certification DoD 8570 NSA National Centers of Academic Excellence

A common discussion in the Packet Pushers Forums and on the #packetpushers IRC channel is questions about career development, focus and doing a good job. These are always good discussions so Greg invited Giulio Chiappini - @its_gcand Jon Garrison - @jpwgarrison to bring their questions & Greg's does his best to give a perspective, opinions and ideas on worklife as a network engineer. As someone once said, Free Sound Advice given here - 95% Sound, 5% Free and 0% advice. You should certainly make your own path and maybe my suggestions are helpful, maybe your situation is different. Topic: Being a beginner in the VAR space, to me, means that i get thrown into the fire a lot. Every week means facing a new project, often on completely different technologies (from UC/Voip to Routing and VPNs in bandwidth-constrained SMBs). I enjoy the challenge immensely but how do you know when you’re being hungry for growth and when you’re being irresponsible, accepting duties that you will likely not be able to accomplish? Is there a golden rule for the balance between personal growth (which sometimes means risking something that is not yours, such as the customer time and money) and your customer’s interests? Topic: As a first year network engineer in a large retail org selecting vendors can be challenging- too often its more than just technical. Being new to the field, I don’t have the Cisco neck tattoo some of my peers have, and wish we could be a bit more agnostic. Other pressures from management, pushy salesmen, etc make it challenging to make choices efficiently. [Currently have a project to replace our IP address management tool- IPPLAN to something more robust that will support auto-provisioning of servers- which some of my peers don’t believe exists in the real world] Topic: Sub-contracting. I worked on projects with up to five levels of subcontracting (we were the lowest level, doing the actual work). Do Technical people in the field have any power over this trend? Often this pattern leads to low quality in the delivered work, poor communication with the final customer and obscure restrictions, imposed by the bureaucracy of 3 to 5 different IT companies in between. Topic: Re: outsourcing, we are well aware that our bosses would not mind taking some FTEs off the books. We recently outsourced up/down monitoring (or at least PAID for it, it doesn't quite work yet...)   I am constantly looking to optimize my learning and grabbing projects I hope will add value to the business long term- like application performance optimization. How do I get from changing VLANs on user ports and making port channels to architect, etc. Topic: working in the SMB space, i often get asked to dabble in the Helpdesk and System Engineering area. (That ESXi host is not doing backups, we need to implement a mass-deployment system for a Microsoft shop etc.) Do i need to be overly selective of these kind of experiences or is it a good idea to grab more knowledge wherever it’s been offered?

The Packet Pushers are joined by Brent Salisbury of networkstatic.net for a chat with some of the top brass on the OpenDaylight project's Technical Steering Committee, Dave Meyer and Inder Gopal. "What's OpenDaylight?" you ask. Why, it's a consortium of vendors working together under the Linux Foundation umbrella to make an open source reference framework for software defined networking. This is one of those projects that really matters, and we think everyone who cares about where networking goes next should be keeping track of OpenDaylight. Dave and Inder were kind enough to spare an hour for us to talk with them about OpenDaylight, what's really going on with it, why it hasn't been 100% smooth sailing thus far, how the governance works, whether or not it's truly open, and oh...you know. Just everything. You'll weep, you'll cheer, and hopefully you'll learn something you didn't know before. We did. Special thanks to Brent for putting together the questions that drove this show. Please visit his blog and follow him on Twitter. LINKS OpenDaylight Project OpenDaylight Mailing Lists (yes, anyone can join)

For many network engineers, IP multicast routing is evil. Difficult to design, complicated to implement, painful to troubleshoot and challenging to scale, multicast routing is rarely implemented on a given network unless it's absolutely required. Most engineers would just rather not bother until the issue is forced upon them. Blame PIM. Blame RPF checks. Blame redundant rendezvous points. Blame inscrutable mroute tables. Blame whatever you like, but then realize that more and more often, multicast routing is as an actual need for production networks. Take VXLAN - it needs multicast routing, at least when implemented according to the spec. Or Cisco's OTV - in its first iteration, it required multicast routing. And of course, there are lots and lots of applications that require multicast routing so that destinations can receive multicast streams from hops-away sources. Legitimate use cases haven't made multicast routing any less of a pain in the backside to implement, and Avaya has put together an interesting solution to address this concern. With Fabric Connect (Avaya's SPB implementation), deploying multicast routing is a whole lot simpler than what network engineers are used to. Chief Architect for Avaya Networking Paul Unbehagen and Darren Giacomini, Network Architect for Schneider Electric's Pelco division, join the Packet Pushers to talk through how multicast routing over Fabric Connect works. Paul is a big part of the standardization process for SPB - he knows SPB inside and out. Darren is an Avaya customer who uses Fabric Connect to scale massive multicast IP surveillance networks. Yeah, it's an Avaya-sponsored podcast, but it's not simply marketing blah-blah. This is a technical conversation with two people very close to the technology. We keep it nerdy. You'll learn something about multicast routing, and you'll learn something about shortest path bridging. Enjoy. LINKS Show 44 – The Case for Shortest Path Bridging | packetpushers.net Show 136: Avaya – Considerations for Turning Your Network Into an Ethernet Fabric – Sponsored | packetpushers.net Avaya IP Multicast for the Cloud | youtube.com The New World of IP Multicasting | avaya.com  

Arista is shipping a serious round of upgrades for the 7500 switch chassis. In this sponsored podcast, Doug Gourlay from Arista returns to the Packet Pushers to give an unvarnished view of the new products and why Arista can deliver 100GbE at a new price point while maintaining technical features and capabilities. Show Topics: 1) It's big… and dense…  and power efficient... 2) The 7500 is really fast and wire speed forwarding and needs just 11RU of space in the rack. 3) How did Arista scale the control plane ? 4)  Martin Hull - Systems Engineering Manager talks about the need for buffering in the spine 5) Economics of 100GbE versus 40GbE and 10GbE  - why is 100Gb cheaper… 6) How this changes network architectures - what we are likely to see from network architects as they use this product ? 7) It is real -  it is not "slideware", it's orderable today, it's running on customer sites today and shipping in "weeks" (not months). Speed and Feeds The Arista 7500E offers 1,152 10GbE, 288 40GbE, or 96 100GbE wire-speed ports, making the Arista 7500E the fastest and most scalable data center Ethernet switch in the industry. The key improvements of the Arista 7500E compared to the first generation Arista 7500 are as follows: Three times the fabric bandwidth at 30 Terabits per second Three times the packet buffer at 144 Gigabyte per switch Three times the control plane performance Triple the power efficiency at less than 4 watts per 10GbE port The industry’s first triple-speed 10/40/100GbE line card Much larger L2 and L3 Table Sizes Wirespeed VXLAN capability on every port The Arista 7500E includes four new line cards for 10/40/100 Gigabit Ethernet switching, including an industry-first triple-speed 10/40/100G line card with integrated MXP (multi-speed-port) optics that can be software configured on a per port basis delivering constant price-per-bandwidth at every port speed. In 100GbE mode the triple-speed line card offers an order-of-magnitude cost reduction over competing 100Gb Ethernet switch products in the market. Arista EOS Software The Arista 7500E together with Arista EOS, delivers a set of advanced Software Defined Networking capabilities that support programmatic control, enhanced monitoring, and self-healing resilience to every aspect of the switch, including the following: Wirespeed VXLAN gateways that enable multi-tenant network virtualization Precise advanced traffic monitoring with Arista LANZ, DANZ and Tap Aggregation Rapid Automated Indication of Link-Loss (RAIL) for accelerated convergence in Big Data analytics and Hadoop applications VM Tracer for network wide workload mobility and virtualization in VMware and OpenStack clouds Distributed system health monitoring with real-time Health Tracer Cloud networks have universally adopted a leaf-spine architecture, using Layer-3 load-balancing to provide scalable performance. With the Arista 7500E as the spine and Arista 7150/7050 as the leaf, these network topologies can support cloud data centers with more than 100,000 servers that deliver consistent performance for dynamically scaling workloads in public or private clouds, including Hadoop, Big Data, storage, Web 2.0, VM farms, and network virtualization. Show Links Full press release - http://www.aristanetworks.com/en/news/pressrelease/568-pr-20130501-01 Founder Andy Bechtolsheim's latest blog, "The Next Generation in Cloud-Scale Networking: The Arista 7500E" - http://www.aristanetworks.com/en/blogs/?p=845 7500E Series Video Overview - http://www.youtube.com/watch?v=KewtombE57M 7500E Video Data Sheet - http://www.youtube.com/watch?v=JI3ZPLDPF3g SDN Video Overview - http://www.youtube.com/watch?v=Jlch6UKJP3w

Announcing the latest episode of Healthy Paranoia from Mrs. Y featuring the case of Terry Childs, the infamous former Network Administrator arrested for refusing to provide passwords for San Francisco's FiberWAN system to management. She's joined by Jeana Pieralde, Chief Security Officer for the City and County of San Francisco, along with two members of the Packetpushers executive board, Greg Ferro and Ethan Banks.* Stay tuned for a Kickstarter project to fund the Lifetime Channel movie. Show Notes: Terry Childs Wikipedia entry "After verdict, debate rages in Terry Childs case" from Computerworld "Terry Childs juror explains why he voted to convict" from Network World "A year after Terry Childs case, privileged user problem grows" from Computerworld "Judge Won't Lower $5M Bail for SF IT Administrator" from PC World The Introvert Advantage: How to Thrive in an Extrovert World Daniel Goleman and Emotional Intelligence Kasper Search *This program contains excessive literary references, unnecessary sarcasm, lefty-British politics, and possibly gratuitous references to unicorns. Parental discretion is advised.

A community show where we get Brent Salisbury and Ivan Pepelnjak to talk about the events of the last few weeks. In the end, the only thing we seemed to cover was OpenDaylight, ONS and various SDN topics. Open Networking Summit - Brent reports in. Talking SDN and OpenDaylight Ivan asks "will you install open source software as the controller in your SDN network" Juniper is Father (IP), Son (BGP) and Holy Ghost(MPLS) Cisco's Padmasree Warrior tells us that networking is all about the hardware -  Three Truths about Networking – the Next Chapter To summarize, of the $3.7B SDN market opportunity represented, 58% of the market or roughly $2.1 Billion is network infrastructure. Neither routers nor switches will become irrelevant in the world of SDN. Only 8.7% or roughly $330 Million represents the market opportunity for the control-plane enabling SDN technology – whether that’s a software controller or some form of virtual overlay technology. The truth is, Cisco will see a $670 Million market for next generation applications and network services that will get created on top of the hardware and software infrastructure. By the way, this market is an incremental opportunity to the business Cisco operates in today. Not to mention a high margin incremental business in the roughly $570 Million market for services that tie the new applications to the systems infrastructure.

EIGRP is a distance vector routing protocol that for many years was unique to Cisco networking environments. Created and championed by Cisco, it didn't get any traction in the standards bodies in the early days, because there were already enough interior gateway routing protocols around according to some. EIGRP just didn't interest enough of the right folks to get it on the standards track. Fast forward to today, and Cisco has been able to publish EIGRP as an informational IETF draft known popularly as Open EIGRP. Two of the authors of that draft, Donnie Savage with Cisco and Russ White, join Ethan Banks on the Packet Pushers podcast for a discussion of Open EIGRP in this show. We talk through a number of issues. Why did Cisco open EIGRP up? Why did Cisco hold back on stub? What's the reaction of the community been? What non-Cisco vendors are interested in EIGRP? Are we going to see an open-source implementation of EIGRP now? And perhaps most cynically of all...what's in it for Cisco? LINKS Open EIGRP IETF Draft Text (ietf.org) Cisco Open EIGRP Informational Draft FAQ (cisco.com) Why is Cisco Bothering with "Open" EIGRP? (Anthony Burke, packetpushers.net) Thoughts on Open EIGRP (Russ White, packetpushers.net)

On March 26, 2013, the Packet Pushers held a sponsored webinar with Anuta Networks to introduce their nCloudX controller to our networking community. In the webinar, the Anuta team covers the following: A bit about their background, the problems they are going after, and how nCloudX addresseses these challenges. An explanation of the nCloudX architecture, so you'll understand how it fits into your environment. You'll want to take special note of the discussion around the slide that shows up about 8 minutes in, seen below. A demonstration of some of the major tools in nCloudX, including the service design and delivery engines. A demonstration of nCloudX interacting with both OpenStack and VMware vCloud Director. These were LIVE DEMOS with real working software done during the webinar event while the audience watched. Along the way, Packet Pushers co-hosts Greg Ferro and Ethan Banks discuss major points with presenters Nat Chidambaram, CCIE #5792 & Director of Product Management and Reddy Bhupathi, CCIE #22151 & Principal Architect.

Nuage Networks announces their Virtualised Services Platform and shows that SDN Networking is closer than you think. VSP is a multi-layer solution with a SDN app, controller & network agent with some technical chops. It's derived from Alcatel-Lucent's Service Routers and offers multi-data centre networking that's fully integrated with your MPLS WAN ? Find out more in the very first Packet Pushers Sponsored White Paper where we scratch it's technical under belly.

SDN innovation has been primarily focused on the data center where centralized network programmability has been shown to be capable of providing many benefits to the complex and dynamic (on-demand) data center environment. Service provider networks will also benefit from SDN. Traversing a service provider network involves crossing different network types, technologies, layers and administrative domains. SDN solutions, including OpenFlow’s programmatic control, will provide capabilities unique to these service provider technologies. Huawei presents an architecture that expands SDN into multiple, task specific, controllers and domains and extends networking control across all of the service provider network dimensions.

Join Mrs. Y, Taylor Banks and esteemed Nerd Captain Ivan Pepelnjak for another exciting episode of Healthy Paranoia!  In this installment, we discover the day the security industry stood still for Bro IDS with expert and project contributor Liam Randall. Just a few of the fun facts you'll learn include: The real meaning of "bromance." What happens when someone says "no" to Ivan. It's impossible to record a Packetpushers or Healthy Paranoia episode without making unicorn jokes. It's also impossible to record a Packetpushers or Healthy Paranoia episode without bringing up SDN. The accurate translation of "Klaatu barada nikto" is "Disable Java now." Show Notes: Bro Quickstart & packages Intro to Google Capirca AOL's Trigger OpenFlow and Bro IDS PF_Ring Liam Randall's Bro Presentations The fun and amazing Security Onion cPacket Nebula ELSA (Enterprise Log Search and Archive) Dualcomm Technology (inexpensive network taps)