Tag Archives: series

Blog posts that are part of a multi-part series.

Starting a new series: AWS ABCs

I’d be lying if I said that since starting my new job at Amazon Web Services (AWS), I wasn’t looking forward to writing about all the new things I was going to learn. Obviously there’s the technology and services that make up the platform itself. But there’s also the architectural best practices, the design patterns, and  answers to questions like “how does moving to the cloud improve my performance/security/reliability?”

Admittedly, I have a lot to learn. With my background being mostly in the network space for my entire career, stepping out of that and into a software and cloudy world means I’m ramping up on a lot of new skills and knowledge.

I believe I’m not the only one on this journey of learning and that, like me, there a lot of folks who are having to learn the basics of the cloud and specifically, AWS.

This has inspired me to start a new, open-ended series of blog posts that I’ve dubbed AWS ABCs, targeted at people who have a lot of experience designing, operating, and architecting on-premesis systems but are now trying to up-skill by learning how to do the same in the cloud. These posts will focus on basic topics that are relevant to people just getting started on AWS and will provide pointers to resources where they can dive deeper.

You can see the list of posts in this series by clicking on the awsabc tag.

Happy learning!

Lifting the Hood on Cisco Software Defined Access

If you’re an IT professional and you have at least a minimal awareness of what Cisco is doing in the market and you don’t live under a rock, you would’ve heard about the major launch that took place in June: “The network. Intuitive.” The anchor solution to this launch is Cisco’s Software Defined Access (SDA) in which the campus network becomes automated, highly secure, and highly scalable.

The launch of SDA is what’s called a “Tier 1” launch where Cisco’s corporate marketing muscle is fully exercised in order to generate as much attention and interest as possible. As a result, there’s a lot of good high-level material floating around right now around SDA. What I’m going to do in this post is lift the hood on the solution and explain what makes the SDA network fabric actually work.

Continue reading Lifting the Hood on Cisco Software Defined Access

Label Switched Multicast – Ethernet Header

I got an interesting email from Ying Lu who had read my posts on LSM:

I am curious about the Ethernet DA and codepoint used for multicast MPLS. Previously, I understand that:
– Ethernet DA is unicast MAC of nexthop of each replication leg.
– codepoint is 0x8847
However, looking at RFC5332, I am not so sure…
Quote:
“Ethernet is an example of a multipoint-to-multipoint data link. Ethertype 0x8847 is used whenever a unicast ethernet frame carries an MPLS packet.

Ethertype 0x8847 is also used whenever a multicast ethernet frame carries an MPLS packet, EXCEPT for the case where the top label of the MPLS packet has been upstream-assigned.

Ethertype 0x8848, formerly known as the “MPLS multicast codepoint”, is to be used only when an MPLS packet whose top label is upstream assigned is carried in a multicast ethernet frame.

Interesting question. What is the ethernet destination address (DA) and the value of the ethernet type field (codepoint) when the MPLS packet is being sent on an LSM LSP?

Getting back into the lab, I started a ping from CE1 to a group that CE3 had joined. I then ran a sniff on the segment between P and PE3.

Sample LSM Topology
Sample LSM Topology

Examining the capture shows a unicast address in the ethernet DA field and an ethernet type of 0x8847.

LSM-ethernet-da
LSM Ethernet Dest Address and Type

I started wondering if I could trick the P router into using a multicast ethernet frame so I spun up a fourth PE and attached it to the same segment that P and PE3 are on and had it join the same multicast group.

The P router continued to send unicast ethernet frames with a type of 0x8847 and just started putting two frames on the wire, one for PE3 and one for PE4. It did not, as I had hoped, put a multicast ethernet frame on the wire that would be picked up by both PEs.

So it appears that IOS — and I tested this with a version of IOS 15.4T — sends unicast ethernet frames when sending LSM packets and therefore also uses an ethernet type code of 0x8847.

Label Switched Multicast – Q&A

This post is the last one I’m planning in this series on Label Switched Multicast (LSM). The questions & answers below are meant to expand on topics from the previous posts or address topics that weren’t mentioned in the previous posts at all.

If you’re not familiar with LSM yet then this Q&A likely won’t make much sense to you and I recommend you go back and read through the previous posts.

Please post a comment if one of the answers isn’t clear or you have additional questions! Continue reading Label Switched Multicast – Q&A

Label Switched Multicast – Packet Walk

This post is going to follow a multicast packet as it moves through a sample MPLS network using Label Switched Multicast (LSM). I’ll show how the packet moves through the network by looking at the forwarding tables on different routers and also by doing some packet captures.

This post is part of a series I’m writing on LSM and if you’re not already familiar with LSM, I recommend you go back and read the previous posts.

After reading this post you will be able to precisely describe how LSM forwarding works in the data plane and will be able to do some basic troubleshooting.

Let’s get into the lab!

Continue reading Label Switched Multicast – Packet Walk

Label Switched Multicast – Configuration

In the previous post (Label Switched Multicast – An Introduction) in this series on Label Switched Multicast (LSM) I introduced the concepts behind LSM and draft-rosen, the two most poplar methods for transporting multicast traffic through MPLS Layer 3 VPNs.

In this article I will talk through the configuration of LSM on the PE and P routers and get to the point where two CEs are successfully passing multicast traffic via the MPLS network. All of the configuration examples will be relevant to Cisco IOS.

As was the case in the introduction article in the series, it’s best if you already have a good understanding of multicast and MPLS before reading this article.

At the end of this article you’ll be able to start configuring your own LSM environment using the configuration samples here as a template.

To the CLI! Continue reading Label Switched Multicast – Configuration

Label Switched Multicast – An Introduction

There are two common methods for transporting multicast packets within an MPLS-based Layer 3 VPN:

  1. Generic Routing Encapsulation (GRE) with Protocol Independent Multicast (PIM) (also known as “draft-rosen”)
  2. Label Switched Multicast (LSM)

There’s also a third method which uses Resource Reservation Protocol—Traffic Engineering (RSVP-TE) but I’m not going to get into that one.

In this first post in a series on LSM, I’ll describe how draft-rosen works, how LSM works, and then compare and contrast the two. Subsequent posts will focus solely on LSM.

At the end of this post, you will be able to describe conceptually how the control and data planes work with LSM and what the pros and cons are of LSM as compared to draft-rosen.

I will not be covering any theory on multicast or MPLS and will instead recommend that you be familiar with both topics before reading further.

Here we go!

Continue reading Label Switched Multicast – An Introduction

DCI with LISP for Cold Migrations

Let’s step back for a minute. So far in this series of blog posts on DCI, I’ve been focusing on extending the Layer 2 domain between data centers with the goal of supporting hot migrations — ie, moving a virtual machine between sites while it’s online and servicing users.

Is that the only objective with DCI? Continue reading DCI with LISP for Cold Migrations

DCI: Using FabricPath for Interconnecting Data Centers

Here’s a topic that comes up more and more now that FabricPath is getting more exposure and people are getting more familiar with the technology: Can FabricPath be used to interconnecting data centers?

For a primer on FabricPath, see my pervious article Five Functional Facts about FabricPath.

FabricPath has some characteristics that make it appealing for DCI. Namely, it extends Layer 2 domains while maintaining Layer 3 – ie, routing – semantics. End host MAC addresses are learned via a control plane, FP frames contain a Time To Live (TTL) field which purge looping packets from the network, and there are no such thing as blocked links – all links are forwarding and Equal Cost Multi-Pathing (ECMP) is used within the fabric. In addition, since FabricPath does not mandate a particular physical network topology, it can be used in spine/leaf architectures within the data center or point-to-point connections between data centers.

Sounds great. Now what are the caveats? Continue reading DCI: Using FabricPath for Interconnecting Data Centers

DCI Series: Overlay Transport Virtualization

This is the third article in my series on Data Center Interconnection (DCI). In the first (Why is there a “Wrong Way” to Interconnect Data Centers?) I wrote about the risks associated with DCI when the method chosen is to stretch Layer 2 domains between the data centers.

In the second article (DCI: Why is Stretched Layer 2 Needed?) I wrote about why the need exists for stretching Layer 2 domains between sites and also touched on why it’s such a common element in many DCI strategies.

In this article, I’m going to put all that soft stuff aside and get down into some technical methods for achieving a shared Layer 2 domain (ie, same IP subnet in both sites) while managing risk and putting a design in place that is resilient to Layer 2 failures. Namely, I’m going to talk about a protocol called Overlay Transport Virtualization (OTV).
Sanely stretch Layer 2 Continue reading DCI Series: Overlay Transport Virtualization