Packet Pushers Podcast

Hurricane Electric's Owen DeLong joins Ethan Banks and Greg Ferro to discuss TunnelBroker.net. What's TunnelBroker.net? It's a free service from Hurricane Electric that lets you connect to the IPv6 Internet across an IPv4-only connection. Want to get started with IPv6? This is a great way to go, not only for the connectivity, but also for the IPv6 education Hurricane Electric offers. We keep the show pretty on-topic, and cover the following information. Who is Hurricane Electric? In simple terms, what's the TunnelBroker.net service? Are these "real" routable IPv6 address blocks HE is issuing? Why is HE offering this service (a) at all and (b) for free? Who is eligible to use TunnelBroker.net? Why bother? Isn't carrier grade NAT going to save us all? There are several types of IPv6 over IPv4 tunnels. What kind of tunnel is tunnelbroker.net using, and why was this type chosen over others? What sorts of devices can successfully bring up an IPv6 tunnel to HE? What sort of tunnel termination device is on the HE side? Is it redundant/resilient? In what way? Explain the tunnelbroker.net provisioning process. Is it automated or are there humans involved? Once the tunnel is up, what can you do with it? Can end users do anything crazy like advertise their own RIR-assigned IPv6 allocation to HE via BGP through the tunnel? Or nail up 2 tunnels to HE to have redundant virtual links for their IPv6 block? What happens if the user's IPv4 tunnel endpoint is dynamically assigned, and the address changes? How does a person advertise their IPv6-enabled service with DNS? What resources would you recommend for a person trying to get smart about IPv6? What's a good strategy for a business looking to do IPv6 multihoming? Is IPv6 prefix translation just a lame way for carriers to get out of upgrading their equipment? LINKS Carrier Grade NAT 6in4 Quad-A DNS Records (RFC3596) IPv6 Prefix Translation (IETF Draft) www.theipv6experts.net - where Owen blogs...you know...once in a while.

In this Sponsored show we talk to Gigamon about " making the SPAN port what it always wanted to be". In short, Gigamon makes switch devices that allow for powerful ways to capture traffic from your network, then slice, dice and forward it. If you have ever had problem with "not enough SPAN ports" for packet capture, then take a look at this product. Show Agenda Overview of Gigamon Mid-stage startup; founded in 2004; all product built-in-the-USA; founders from network monitoring industry Bridge the gap between faster-and-flatter networks, and the growing demand for diverse monitoring, management and security tools Establish an out-of-band, pervasive fabric, connecting to the network mirror & SPAN ports, and intelligently delivering the right traffic to the right tool Sounds good, but how do you do that ? A range of systems from 1RU to 1Tb chassis Let's focus on a deployment of just one system (although they are all locally and remotely 'stackable') Traffic on SPAN/Mirror/TAP ports is delivered into the Gigamon Fabric on what we call a "network port" At wirespeed, the traffic is 'manipulated' using GigaVUE software with hardware acceleration "Manipulation" means duplication, slicing, filtering, masking, etc How is the "Manipulation" configured : using "FlowMapping" logic What is FlowMapping ? A L2/3/4 rules engine that overcomes the limitation of ingress and egress filtering Ingress : too much is dropped at the entry .. Good stuff could be lost Egress : too much could be dropped through oversubscription Flow Mapping sits in the heart of the system (and can span multiple systems)   How complex / what type of rules can be written ? Very complex, multi-step boolean type decisions Multiple egress (multi-tool as we call it) so that single ingress traffic can go to multiple tools Are they fixed rules/definitions ? We support the L2/3/4 decision criteria Also allow for a set of User-Defined criteria to look for specific traffic characteristics How do you extend beyond a single system ? We offer stacking – to connect multiple system together over n x 10Gb trunks We offer tunneling – to allow systems in remote offices to be part of the central "stack" How do your customers use the systems ? Single-system deployments to smooth the migration from 1Gb to 10Gb To deliver longer and more predictable ROI for monitoring, management and security tools In Data Centers to centralize all monitoring/management system into one rack Service providers around the globe to support the growth of mobile devices What does a normal deployment look like with your technology ? Ranges from a single system to multiple systems stacked together to form one Visibility Fabric Easy/flexible to configure – Network ports and tool port Maps are built to establish the "mapping rules" of traffic on network ports to tool ports Central management from a single GUI system (Citrus) if required How does your solution get deployed in the Data Center ? End of row deployments Each end of row location has uplinks to top-of-rack swicthes GigaVUE devices are connected together using stacking All monitoring and management tools centrally located in one rack "Maps" are changed as needed to forward traffic from any server, any rack, any row to central tools You can also watch a presentation from Gigamon from TechFieldDay at Vimeo - Gigamon where they presented at Network Field Day in Otcober 2011. Thanks to Gigamon for sponsoring the Packet Pushers and sharing this content with the community. Contact You can follow them on twitter at http://twitter.com/gigamon or on the web at http://www.gigamon.com/

Liad Ofek from the Cisco Borderless team joins Ethan Banks and Greg Ferro to discuss the state of Cisco Wide Area Application Services (WAAS) in this sponsored show. WAAS is Cisco's WAN optimization platform, competing against products from Riverbed, SilverPeak, Exinda and others. If you're wrinkling your brow while remembering a bad WAAS experience back in 2007-2008, the software functionality and implementation process have changed for the better. Are you in the market for a WAN optimization solution? WAAS is worth another look. In this show, we cover the following points: WAAS was a rough ride back in day. Are we right to have some bad memories? 2010 was a breakout year for WAAS releases, while 2011 saw additional innovations. What are the deployment options for WAAS? (We discuss appliances, ISRG2 modules, Nexus 1000V and more.) We get into some detail about deployment scenarios. When does it make sense to deploy a WAVE appliance versus WAAS Express, for example? WAAS has some rich features and options that arrived in 2011, including new appliances, upgradeable network modules, context-aware DRE, and application optimization for Citrix XenDesktop. Network World seemed to like WAAS in their November 2011 independent testing. Links Cisco WAAS Home Page Technical Discussion of WAAS Features Context Aware Data Redundancy Elimination White Paper Technical Discussion of vWAAS WAAS Express Data Sheet Network World WAAS Testing

This week it's just Greg and Ethan talking over a few topics. What was intended to be a quick half hour chat for the new year about Packet Pushers turned into a more than an hour on a whole range of topics that interest us, especially on independence and community. Some technical, some industry stuff and some about our own lives. Intro What the show is. Who we are. Plans for 2012. Mix of sponsored and independent shows. (Hey vendors, get on our radar now, Q1 is already filled.) Still about one show a week. More new voices from the community. More from our popular regulars (Ivan, Mrs. Y, Tom, others) More bloggers. Call for assistance with moderated forum / e*mail list site. (Are we ready to make that plea?) Continued relationship with Tech Field Day. Do it yourself fibre optic cabling. Introduction to Mechanical Splicing - http://www.thefoa.org/tech/ref/termination/mechsplice.html Greg's recent blog post on laser power and cable lengths: Can Fibre Optic Ethernet Cables Be Longer Than the standard?Splice loss on a mech splice = 0.3db whereas fusion splice is

Guests This week a bunch of new faces to talk about 2011 and it's many failing: Scott Morris - well known industry figure and CCIE trainer. Chris Marget - Fragmentation Needed who works for a large reseller. And some regulars return: Tony Bourke @tbourke [Data Center Overlords](http://datacenteroverlords.com/ Hosts and Regulars And the blow hards Mrs. Y - the Network Security Princess, Ethan "I'm looking forward to next year" Banks and Greg "IT Security got shown up as a bunch of retards in 2011" Ferro are all making noises as usual. Topics From Greg’s blog - is OpenFlow/SDN routing or switching? From Chris’ blog - Pricing and Trading Networks: Down is Up, Left is Right Is 2012 the year enterprises get serious about IPv6? (Don’t fear the colon.) Professional certifications that matter in 2012. 2011 was the year everything we trusted in security broke (RSA, various CAs, health information breaches, financial information breaches, SSL cipher cracks). So what decisions should enterprises be making in 2012 to stay out of the headlines? Show Notes Show 72 - How We are Killing the Internet - where we talk about the Happy Eyeballs IPv6/IPv4 interoperability feature. LinkedIn Group - Packet Pushers Show Sponsors This week’s show is sponsored Get Console, makers of the best iPad terminal app for network engineers. If you need a rock solid feature rich terminal app to run on your iPad, including serial console support, check out www.getconsole.co.uk. And also by, Infineta Systems, a leading innovator and provider of Hyper-scale WAN Optimization solutions. Infineta's WAN Optimization product, the Data Mobility Switch, allows enterprises to expand and fill large WAN links. Infineta helps you move more data, more quickly, using less bandwidth. Get more information at www.infineta.com.

Network Configuration is still done by hand. Each engineer types in each command after thirty years of "progress". Does this seem right to you ? Tail-F systems sponsored today's show to talk about their Network Configuration System and the advantage of using decent software with good quality tools like NETCONF and YANG to make configuring your network easier than before. Topics Covered Why did Tail-f move towards addressing the central configuration management solution? What is wrong with existing solutions for managing configuration? What is the NCS product and what is it's moving parts? What is NETCONF and how does it apply to configuration management and Tail-f solutions Describe the architecture of NCS and how that works with the network What can NCS do that current solutions can't? What about legacy (non-NETCONF) interfaces? What kind of solutions can NCS be applied to? What kind of solutions shouldn't NCS be applied to? About Tail-F Tail-f has two products. The first, ConfD, is what we've been working on since we were founded in 2006. It's an on-device configuration management soution that provides common management interfaces (CLI, SNMP, Web UI, NETCONF server and REST API) and supporting infrastructure (AAA, transaction management, data store) for all kinds of networking equipment. A large number of equipment providers are using it (including 7 out of the 10 largest) in their products. The second product, NCS, is what we're currently bringing to market. It's a network configuration management software solution that takes a software oriented approach to configuration (as in reading and writing to the routers and switches) management. NCS allows developers to write applications that manipulate the network configuration using a model-driven environment. Early customers use it for things like provisioning of (MPLS) VPNs, managing clusters of load balancers, and managing large BGP policies. Show Notes and References Some links to data sheets and whitepapers: For the ConfD product, used by vendors, information available here: ConfD - for network vendors Then some more thought-oriented whitepapers around the issues that we see with configuration management: Tail-F Whitepaper on Enterprise and Network Management Systems doing more than than just Alarms and Maps Tail-F Systems Whitepaper: EMS and NMS - Beyond Alarms and Maps.pdf A paper that we are presenting at LISA 2011: Automating Network and Service Configuration For information about the product we're bringing to market, NCS: [Tail-F NCS Product Data Sheet] ( http://www.tail-f.com/products-and-services/ncs) NETCONF RFC http://tools.ietf.org/html/rfc6241 YANG RFC - A Data Modeling Language for the Network Configuration Protocol (NETCONF) - http://tools.ietf.org/html/rfc6020 Overview of the 2002 IAB Network Management Workshop: The goal of the workshop was to continue the important dialog started between network operators and protocol developers, and to guide the IETFs focus on future work regarding network management. This report summarizes the discussions and lists the conclusions and recommendations to the Internet Engineering Task Force (IETF) community. http://tools.ietf.org/html/rfc3535 The NETCONF and YANG Users Group at LinkedIn http://www.linkedin.com/groups/NETCONF-YANG-Users-3301774 A 30 Minute Introduction to NETCONF and YANG http://www.slideshare.net/cmoberg/a-30minute-introduction-to-netconf-and-yang

During the EuroNOG conference I recorded a conversation about SFlow with Elisa Jasinska who is Senior Packet Herder at Limelight Networks. ( That's what is says on her business card). Joining me is Ivan Pepelnjak to cover the SFlow basisc and some f the more advanced ideas that you need to be thinking of when looking a IP Accounting. Show Topics We kept the agenda simple - SFlow: Why, What, How About Ela Ela Jasinska is a Senior Network Architect at Limelight Networks. Her work is focused on introducing new technologies to Limelight’s global network footprint as well as designing tools to manage and maintain the platform. She built and now operates Limelight’s Phoenix based Internet exchange, Arizona IX. Previously Elisa has been working as a Network Engineer at the Amsterdam Internet Exchange, on projects such as AMS-IX’s route server deployment and their sFlow accounting software, as well as day-to-day operations of the exchange point. Show Links PMAcct - Open Source OpenFlow accounting PMACCT AMSIX Frame Size Distribution http://www.ams-ix.net/sflow-stats/

In this sponsored podcast, we introduce Link Load Balancing - something the Packet Pushers hadn't realised was available for Enterprise and handling multi gigabit links. We talk about what Link Balancing is, how it works, and even some of the gotchas and 'be careful' points when deploying. Plus some delightfully nerdy discussion about what goes on inside the box. Elfiq Link Balancer appliances bring the ability to deploy and manage multiple ISPs for redundancy/failover, bandwidth augmentation and management.  This approach is simple and more cost-effective than traditional methods including BGP and is fully automated.  As all organizations depend on Internet connectivity to conduct business, Elfiq Link Balancers are a natural addition to any network. Links to More Information on Elfiq Link Load Balancers. Elfiq White Papers: www.elfiq.com/whitepapers (we have 15 - one for all major topics!) Introduction to Link Balancers: www.elfiq.com/what Webcasts: http://www.elfiq.com/webcasts Elfiq model selector: www.elfiq.com/modelselector About Elfiq Networks Elfiq Networks ® enables organizations to ensure business continuity and improve network performance through innovative link balancing technologies.  We have been delivering innovation and excellence since 2004, creating a unique value proposition which is used in businesses in over 120 countries all over the world. The Packet Pushers thanks Elfiq Networks for supporting the show by sponsoring us.

This week we takes a nod at Thanksgiving and talk nerdy. talks about the latest security breaches. Unsurprisingly. Ivan talks about changing the name of his quite famous ioshints.info blog to ipSpace.net HP announces only one Software licensing for their Wired Ethernet switches across the product range. which naturally, leads into a rant about Cisco licensing. Answer some twitter questions about Centralised Wireless Controllers making sense and even when VoIP is being used. Documentation - Sharepoint, Wikis. Diagrams. Reminder about Color Blindness Colour Blindness, Network Diagrams and Reliability Show Sponsors This week’s show is sponsored Get Console, makers of the best iPad terminal app for network engineers. If you need a rock solid feature rich terminal app to run on your iPad, including serial console support, check out www.getconsole.co.uk. And also by, Infineta Systems, a leading innovator and provider of Hyper-scale WAN Optimization solutions. Infineta's WAN Optimization product, the Data Mobility Switch, allows enterprises to expand and fill large WAN links. Infineta helps you move more data, more quickly, using less bandwidth. Get more information at www.infineta.com.

Greg Ferro and Ethan Banks chat with Cisco Technical Marketing Engineers Han Yang and Victor Moreno to discuss Cisco's implementation of the emerging VXLAN standard (currently a draft) in the Nexus 1000V virtual switch. VXLAN is being evaluated by architects who need to scale multi-tenant networks beyond the traditional 4K VLAN limitation. VXLAN can be integrated with existing infrastructures, as it leverages IPv4 to form tunnels and multicast groups to carry broadcast traffic.

OpenFlow. Brave new world, or niche solution to a specific problem? The tool we always wanted, or the need we didn't know we had? Replacement for the legacy data center, or special purpose player at the edge? Unicorn tears or useful technology? Greg Ferro, Ivan Pepelnjak, and Derick Winkworth join this show's host Ethan Banks in a wide-open, back-and-forth discussion that opines about these questions and many more. For example: Is OpenFlow really "open" if you have to have a license to bake it into your products? Do we care? Does the ONF's agenda limit the impact OpenFlow will have on enterprise networks? Why does Cisco want to stomp OpenFlow into the ground? Or do they? Why is it that some of the guys developing OpenFlow technology say that the revolution is not all about OpenFlow? How is Software Defined Networking different from OpenFlow? Why did the NEC ProgrammableFlow demo rock the world of the Net Field Day 2 delegates? What's Big Switch doing that gets folks running multi-tenant networks all excited? Isn't it time we stopped managing our networks one device at a time? Why does OpenFlow have mind-melting potential? Links Open Networking Foundation NEC ProgrammableFlow Big Switch Networks Nicira

Introducing Aerohive , manufacturers of fine Enterprise Wi-Fi networking equipment who, believe it or not, may actually have found a use for the cloud at the same time as getting rid of wireless LAN controllers in their big boned Access Points. After a quick introduction to Aerohive, we talk about their Branch-on-Demand product line that is being announced today. This is an interesting change from traditional branch networking because the Wireless Access Point becomes the edge router, integrates off-site (Cloud based) security functions and offer a yearly pricing plan starting at USD$99 and priced per user and providing alternatives for SSL VPN, branch office routers. Hive Manager provides visibility and control of remote sites using cloud-hosted management system which means it scales according to your needs. Moving ahead of the rising tide of network management and visibility, Aerohive has already built a management platform that is well ahead of other organisations. Visibility and monitoring is especially important to the success of wireless networks, but for wide area networking it's vital to the administrator to know what's happening 'out there'. More Information You can go to www.aerohive.com for more product information and blogs.aerohive.com and follow them on twitter at @Aerohive More information on the Branch-On-Demand Products Branch on Demand Landing Page – http://www.aerohive.com/vip Extending your Enterprise With Branch on Demand - http://www.aerohive.com/solutions/solutions-use-case/extending-your-enterprise HiveOS for WiFi and Routing - http://www.aerohive.com/products/access-points/www.aerohive.com/products/software-management/hiveos Cloud VPN Gateway Product Page - http://www.aerohive.com/products/software-management/cloud-vpn-gateway BR100 Product Page - http://www.aerohive.com/products/hive-routers/br100 Cloud Platform - http://www.aerohive.com/solutions/technology-behind-solution/cloud-platform Feedback Follow the Packet Pushers on Twitter (@packetpushers | Greg @etherealmind, and send your queries & comments about the show to packetpushers@gmail.com. We want to hear from you! Subscribe in iTunes and RSS You can subscribe to Packet Pushers in iTunes by clicking on the logo here. Media Player and MP3 Download You can subscribe to the RSS feed or head over to the Packet Pushers website to download the MP3 file directly from the blog post for that episode.

Liz Burns, Kieran Milne, and Kurt Bales join Ethan Banks for an update on where the Juniper certification tracks stand. Liz & Kieran talk about each of the tracks in turn, discuss the current and upcoming boot camp offerings, and Kurt describes his training and test-taking experience gained during the beta period. A short show, a good listen, and interesting content for anyone considering a certification in the Juniper realm. Links Packet Pushers podcast from October 2010 - "Big Things Ahead For Juniper Certifications" Juniper Networks Certification Program Service Provider Routing & Switching Track Enterprise Routing & Switching Track Junos Security Track Junosphere Lab Follow @junipercertify on Twitter.

Cisco is extending their Nexus 1000V in new directions. Not only is the Nexus 1000V a virtual switch, it acts as a platform for extending ASA firewall and security technology into your virtual environment. In this sponsored podcast, we get Rajneesh Chopra, Product Manager for the Nexus 1000V product line, to talk about how Virtual ASA maps into the product and fits into Cisco's product strategy. Topics Covered Data path from source to destination How the firewall is both in-line and indirect for application scanning. Suppoer for existing procedures and firewall policies Performance and capacity planning for the Virtual ASA firewall comparing with vShield Edge/App as distinct firewall solutions. comparing with Juniper VGW and HP Tipping Point SVF. Answering the question - Wouldn’t everyone need both VSG and virtual ASA? Is there a customer for one that would never need the other? Show Notes Previously we covered the Nexus 1000v in Show 49 – Cisco Nexus 1000v on 21 June 2011 where we covered the internal working and product overview. You can find more information on the Cisco ASA 1000v Cloud Firewall on these links: ASA 1000V product page Nexus 1000V product page Cisco Virtual Network Management Center And big thanks to Cisco Server and Virtualization Business Unit for sponsoring the Packet Pushers. It helps us to keep pushing out more content. !!!

Greg was invited to be a speaker at the EuroNOG conference in Warsaw Poland. While there, Greg spoke to Jan Zorz who is a major contributor to IPv6 in RIPE and IETF and involved with many large service providers for their IPv6 designs and deployment. He says about himself “A Guy from Slovenia, the IPv6 evangelist. And a lot of opinions. ”. Ivan Pepelnjak was also on hand to make sure we had everything technically correct This is general discussion to highlight the problem with IPv6, NAT and stateful protocols such as MPLS are slowly killing the Internet. And we talk about a wide range of other stuff - well, what else is new. This is first podcast Greg recorded using a portable recorder so the audio quality is bit patchy. It’s still good to listen to, but not up to our usual standards Show Links Happy Eyeballls RFC6346 - The Address plus Port (A+P) Approach to the IPv4 Address Shortage