The enterprise network is being transformed by cloud computing, BYOD, multimedia over IP and pervasive Wi-Fi. These technologies are still relatively early in the adoption cycle, but we can see the direction they are taking. But other, arguably more fundamental changes in network architecture are in the pipeline, driven by the adoption of IPv6, very-high-speed Wi-Fi, the increased penetration of consumer technologies and software-defined network architectures. This talk will touch on these areas, drawing on the experiences of early-adopters of new WLANs with a dash of medium-term vision. It will pose questions for network architects looking out several years, and hopefully provide some of the answers.
Architecting data center networks in the era of big data and cloudbradhedlund
Brad Hedlund's speaking session at Interop Las Vegas 2012.
Big Data clusters and SDN enabled clouds invite a new approach to data center networking. This session for data center architects will explore the transition from traditional scale-up chassis based Layer 2 centric networking, to the next generation of scale-out Layer 3 CLOS based fabrics of fixed switches.
9.) audio video ethernet (avb cobra net dante)Jeff Green
Replacing a crossbar switch with ‘virtual’ IP packet switching - The ability to expand video-over-IP systems ‘one piece at a time’ and the decentralized nature of the matrix makes the technology very compelling for any size or scope of AV project.. AV-over-IP is the transport of AV signals over a standard Ethernet network, including…
HD Video (e.g. HDMI, DVI)
Audio
Control Signals (e.g. IR)
Peripheral Signals (e.g. USB)
Does Dante require special switches? No. We strongly recommend that Gigabit switches be used due to the clear advantages in performance and scalability.
Does Dante require a dedicated network infrastructure? No, a dedicated network infrastructure is not required. Dante-enabled devices can happily coexist with other equipment making use of the network, such as general purpose PCs sending and receiving email and other data.
Does Dante require any special network infrastructure? No, special network infrastructure is not required. Since Dante is based upon universally accepted networking standards, Dante-enabled devices can be connected using inexpensive off-the-shelf Ethernet switches and cabling.
What features are important when purchasing a switch? Dante makes use of standard Voice over IP (VoIP) Quality of Service (QoS) switch features, to prioritize clock sync and audio traffic over other network traffic. VoIP QoS features are available in a variety of inexpensive and enterprise Ethernet switches. Any switches with the following features should be appropriate for use with Dante:
Gigabit ports for inter-switch connections
Quality of Service (QoS) with 4 queues
Diffserv (DSCP) QoS, with strict priority
Totally new to AV over IT? This may help. If you have worked with any of the popular protocols, your time is better spent in other sessions. AV over IT methods vary in application of OSI model. Audio Networking - One RJ45 and CAT5 cable for dozens of signal paths. Switches can provide hardware time stamping which allows synchronization, offsets, and corrections. All covered in IEEE 1588.
Ethernet Timing & Priority Standards - All audio over Ethernet protocols require Priority, Sequence, & Sync
Differentiated Services / Quality of Service (DiffServ, QoS)
Priority by data type (Clock Sync and Audio Packets over Email)
Traffic prioritized based upon tags in IP Header (Layer 3)
Priority number assigned by manage switch to each packet
Real-time Transport Protocol (RTP)
Keeps data sequenced in the right order
Time stamp on UDP header
Works with RTCP (Real Time Control Protocol) for QoS and Sync
Variation: RTSP (Real Time Streaming Protocol) works on TCP and not UDP
Does not reserve resources or provide for quality of service
Precision Timing Protocol (PTP)
IEEE 1588
Sub-microsecond accuracy to synchronize subnets
Layer 2 - Switches provide hardware-based time stamping
The enterprise network is being transformed by cloud computing, BYOD, multimedia over IP and pervasive Wi-Fi. These technologies are still relatively early in the adoption cycle, but we can see the direction they are taking. But other, arguably more fundamental changes in network architecture are in the pipeline, driven by the adoption of IPv6, very-high-speed Wi-Fi, the increased penetration of consumer technologies and software-defined network architectures. This talk will touch on these areas, drawing on the experiences of early-adopters of new WLANs with a dash of medium-term vision. It will pose questions for network architects looking out several years, and hopefully provide some of the answers.
Architecting data center networks in the era of big data and cloudbradhedlund
Brad Hedlund's speaking session at Interop Las Vegas 2012.
Big Data clusters and SDN enabled clouds invite a new approach to data center networking. This session for data center architects will explore the transition from traditional scale-up chassis based Layer 2 centric networking, to the next generation of scale-out Layer 3 CLOS based fabrics of fixed switches.
9.) audio video ethernet (avb cobra net dante)Jeff Green
Replacing a crossbar switch with ‘virtual’ IP packet switching - The ability to expand video-over-IP systems ‘one piece at a time’ and the decentralized nature of the matrix makes the technology very compelling for any size or scope of AV project.. AV-over-IP is the transport of AV signals over a standard Ethernet network, including…
HD Video (e.g. HDMI, DVI)
Audio
Control Signals (e.g. IR)
Peripheral Signals (e.g. USB)
Does Dante require special switches? No. We strongly recommend that Gigabit switches be used due to the clear advantages in performance and scalability.
Does Dante require a dedicated network infrastructure? No, a dedicated network infrastructure is not required. Dante-enabled devices can happily coexist with other equipment making use of the network, such as general purpose PCs sending and receiving email and other data.
Does Dante require any special network infrastructure? No, special network infrastructure is not required. Since Dante is based upon universally accepted networking standards, Dante-enabled devices can be connected using inexpensive off-the-shelf Ethernet switches and cabling.
What features are important when purchasing a switch? Dante makes use of standard Voice over IP (VoIP) Quality of Service (QoS) switch features, to prioritize clock sync and audio traffic over other network traffic. VoIP QoS features are available in a variety of inexpensive and enterprise Ethernet switches. Any switches with the following features should be appropriate for use with Dante:
Gigabit ports for inter-switch connections
Quality of Service (QoS) with 4 queues
Diffserv (DSCP) QoS, with strict priority
Totally new to AV over IT? This may help. If you have worked with any of the popular protocols, your time is better spent in other sessions. AV over IT methods vary in application of OSI model. Audio Networking - One RJ45 and CAT5 cable for dozens of signal paths. Switches can provide hardware time stamping which allows synchronization, offsets, and corrections. All covered in IEEE 1588.
Ethernet Timing & Priority Standards - All audio over Ethernet protocols require Priority, Sequence, & Sync
Differentiated Services / Quality of Service (DiffServ, QoS)
Priority by data type (Clock Sync and Audio Packets over Email)
Traffic prioritized based upon tags in IP Header (Layer 3)
Priority number assigned by manage switch to each packet
Real-time Transport Protocol (RTP)
Keeps data sequenced in the right order
Time stamp on UDP header
Works with RTCP (Real Time Control Protocol) for QoS and Sync
Variation: RTSP (Real Time Streaming Protocol) works on TCP and not UDP
Does not reserve resources or provide for quality of service
Precision Timing Protocol (PTP)
IEEE 1588
Sub-microsecond accuracy to synchronize subnets
Layer 2 - Switches provide hardware-based time stamping
Wireless IoT connections fall into two low-power camps: local area and wide area. Historically the two have not overlapped but advances in networking technologies make it possible for wide area technologies to perform the same functions as local area technologies with no additional cost or feature "sacrifice".
Ed Warnicke's talk at Open Networking Summit.
All Open Source Networking project depend on having access to a Universal Dataplane that is:
Able to they deployment models: Bare Metal/Embedded/Cloud/Containers/NFVi/VNFs
High performance
Feature Rich
Open with Broad Community support/participation
FD.io provides all of this and more. Come learn more about FD.io and how you can begin using it.
BGP Traffic Engineering with SDN Controller, by Shaowen Ma.
A presentation given at APRICOT 2016’s Software Defined Networking session on 24 February 2016.
What architectures are best suited for today’s date center network? And how does Cumulus Networks make it easier to build networks? Dinesh Dutt (@ddcumulus), Chief Scientist at Cumulus Networks goes on to answer these questions in an entertaining and lively presentation. Customers need simple building blocks with simple L2 networking (MLAG) and L3 Clos. Cumulus Linux supports both, it supports additional functionality to simplify configuration (ex. PTM, IP unnumbered, L2 & L3 automation) and it is a platform that people can innovate on top of.
SDN programming and operations requires continuous monitoring of network and application state as well as consistent configuration and update of (forwarding) policies across heterogeneous devices. This is resulting in significant challenges.
Multiple open protocols such as OpenFlow, OF-CONFIG, OnePK , etc. are being adopted by different vendors causing an integration problem for developers.
Internet of Things applications are pushing the size and volume of data handled by SDN systems demanding more efficient and scalable protocols for information distribution and coordination of SDN devices.
This presentation will describe these and other SDN challenges and ways in which various open protocols, such as DDS, XMPP, AMQP, are being used to address them.
Wireless IoT connections fall into two low-power camps: local area and wide area. Historically the two have not overlapped but advances in networking technologies make it possible for wide area technologies to perform the same functions as local area technologies with no additional cost or feature "sacrifice".
Ed Warnicke's talk at Open Networking Summit.
All Open Source Networking project depend on having access to a Universal Dataplane that is:
Able to they deployment models: Bare Metal/Embedded/Cloud/Containers/NFVi/VNFs
High performance
Feature Rich
Open with Broad Community support/participation
FD.io provides all of this and more. Come learn more about FD.io and how you can begin using it.
BGP Traffic Engineering with SDN Controller, by Shaowen Ma.
A presentation given at APRICOT 2016’s Software Defined Networking session on 24 February 2016.
What architectures are best suited for today’s date center network? And how does Cumulus Networks make it easier to build networks? Dinesh Dutt (@ddcumulus), Chief Scientist at Cumulus Networks goes on to answer these questions in an entertaining and lively presentation. Customers need simple building blocks with simple L2 networking (MLAG) and L3 Clos. Cumulus Linux supports both, it supports additional functionality to simplify configuration (ex. PTM, IP unnumbered, L2 & L3 automation) and it is a platform that people can innovate on top of.
SDN programming and operations requires continuous monitoring of network and application state as well as consistent configuration and update of (forwarding) policies across heterogeneous devices. This is resulting in significant challenges.
Multiple open protocols such as OpenFlow, OF-CONFIG, OnePK , etc. are being adopted by different vendors causing an integration problem for developers.
Internet of Things applications are pushing the size and volume of data handled by SDN systems demanding more efficient and scalable protocols for information distribution and coordination of SDN devices.
This presentation will describe these and other SDN challenges and ways in which various open protocols, such as DDS, XMPP, AMQP, are being used to address them.
DPDK Summit 2015 - NTT - Yoshihiro NakajimaJim St. Leger
DPDK Summit 2015 in San Francisco.
NTT presentation by Yoshihiro Nakajima.
For additional details and the video recording please visit www.dpdksummit.com.
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...Jim St. Leger
Thomas Monjalon, 6WIND, presents on where/how to use DPDK, the DPDK ecosystem, and the DPDK.org community.
Thomas is the community maintainer of DPDK.org.
Vector Packet Technologies such as DPDK and FD.io/VPP revolutionized software packet processing initially for discrete appliances and then for NFV use cases. Container based VNF deployments and it's supporting NFV infrastructure is now the new frontier in packet processing and has number of strong advocates among both traditional Comms Service Providers and in the Cloud. This presentation will give an overview of how DPDK and FD.io/VPP project are rising to meet the challenges of the Container dataplane. The discussion will provide an overview of the challenges, recent new features and what is coming soon in this exciting new area for the software dataplane, in both DPDK and FD.io/VPP!
About the speaker: Ray Kinsella has been working on Linux and various other open source technologies for about twenty years. He is recently active in open source communities such as VPP and DPDK but is a constant lurker in many others. He is interested in the software dataplane and optimization, virtualization, operating system design and implementation, communications and networking.
Network services on Kubernetes on premiseHans Duedal
Deep dive into Kubernetes Networking and presentation of a usecase of running network services like DNS on a bare metal Kubernetes cluster for a major Danish e-sport event.
Presentation from OpenStack Summit Tokyo
Online video link is below.
https://www.openstack.org/summit/tokyo-2015/videos/presentation/approaching-open-source-hyper-converged-openstack-using-40gbit-ethernet-network
PLNOG14: Evolved Programmable Network, architektura dla sieci operatorskich -...PROIDEA
Krzysztof Konkowski - Cisco Systems
Language: English
Service Provider networks evolve to benefit from virtualisation, programmability, automation and other cutting edge technologies, enabling SPs to streamline their services and keep profitable on competitive market. Being able to adopt new technologies is bound to alleging network architecture, adding new components on top of Access, Aggregation, Core, and Service Edge. Cisco for past years has been developing CVD program - Cisco Validated Design. One of the work groups is dedicated to creating and maintaining EPN solution - Evolved Programmable Network - along with documentation based on cyclic test campaigns, Design & Implementation Guides, and other information. The session will cover EPN - its fundamental blocks, scenarios & equipment tested, where to search for information and how to use them.
Register for the next PLNOG edition: krakow.plnog.pl
Similar to NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric (20)
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
1. Copyright 2014 Juniper Networks
A NATIVE MPLS
FABRIC
MPLS World Congress 2014
CTO, R&D
Kireeti Kompella
2. Copyright 2014 Juniper Networks
PROBLEM STATEMENT (DC)
Overlays are all the rage in the data center …
§ except that we’ve been doing overlays/underlays with MPLS pretty
much since 1997
The DC overlays start at the host (server) …
§ which requires true “plug-and-play” operation
To have an MPLS underlay network, the host must be part
of the underlay …
§ this talk is about making that easy and plug-and-play
3. Copyright 2014 Juniper Networks
PROBLEM STATEMENT (ACCESS)
Many have asked that MPLS start at the access node
(DSLAM, OLT, cell-site gateway)
§ “Seamless MPLS” has suggested the use of LDP “Downstream on
Demand” (DoD) for this
§ However, there haven’t been many implementations of LDP DoD
from access node vendors
Maybe the time has come for a different approach/protocol
for this functionality, one that is easier to implement
4. Copyright 2014 Juniper Networks
OVERLAYS AND UNDERLAYS: NEW?
~64K
end
points
core: no
endpoint
state
VCs
Single VP
ATM overlay
(two level)
O(10^4)
VPNs,
O(10^7)
addresses
PE P
core: no VPN or
VPN address
state
LSP
MPLS overlay
(multi-level)
edge:
lots of
state
edge:
lots of
state
5. Copyright 2014 Juniper Networks
OVERLAY/UNDERLAY DATA PLANE
Commodity chips implemented the MPLS data plane about
a decade ago
Now, some have implemented just one of a largish crop of
new overlay encapsulations; another is close to shipping
§ Each has its own way of identifying tenants, doing load balancing,
and of course, its own encap/decap implementations
§ And, as we speak, there is yet another proposal for an encap
6. Copyright 2014 Juniper Networks
MPLS has a very sophisticated, robust, scalable and
interoperable control plane
§ Various types of hierarchy are supported
§ {BGP, T-LDP} [overlay] over {LDP, RSVP-TE} [underlay]
§ The overlay control plane is for service state
§ The underlay control plane is for traffic management
The new overlay encapsulations don’t have well-specified,
interoperable control planes for either the overlay or the
underlay
§ There is a recent proposal to extend BGP for an overlay (EVPN/
IPVPN) over VXLAN and perhaps NVGRE
OVERLAY/UNDERLAY CONTROL PLANES
7. Copyright 2014 Juniper Networks
WHY IP UNDERLAYS?
The theory is, IP is simple, plug-and-play, well understood
§ and all forwarding chips can do IP
§ also, network interface cards on servers can do TCP offload
Furthermore, IP is ubiquitous
§ Outside the DC, it is all IP
§ Upstream from the access node, it is again all IP
8. Copyright 2014 Juniper Networks
WHY IP UNDERLAYS?
The theory is, IP is simple, plug-and-play, well understood
§ and all forwarding chips can do IP
§ also, network interface cards on servers can do TCP offload
Furthermore, IP is ubiquitous
§ Outside the DC, it is all IP
§ Upstream from the access node, it is again all IP
The reality is, IP encapsulations are pretty heavyweight
§ VXLAN and NVGRE forwarding is relatively new
§ forwarding hasn’t got all the features yet
§ these encapsulations add significant complexity to forwarding
• the above are true whether forwarding is in software or in hardware
Furthermore, while IP is ubiquitous, MPLS is very common
too, especially in metro, core and inter-DC networks
§ To support WAN multi-tenancy, it is very common to use MPLS
§ Alternately, one can use IPsec, but that is a very different use case,
and requires very different forwarding support
^
not
…
9. Copyright 2014 Juniper Networks
The theory is, MPLS is complex, hard to provision, hard to
understand, hard to troubleshoot
§ and few people seem to remember if forwarding chips can do MPLS
§ there is a concern about TCP offload if MPLS is used
Furthermore, MPLS features are not needed for DCs (?)
§ After all, who would need sophisticated load balancing in a DC?
§ Who would need traffic engineering?
§ Fast reroute?
WHY NOT MPLS UNDERLAYS?
10. Copyright 2014 Juniper Networks
The theory is, MPLS is complex, hard to provision, hard to
understand, hard to troubleshoot
§ and few people seem to remember if forwarding chips can do MPLS
§ there is a concern about performance if MPLS is used
Furthermore, MPLS features are not needed for DCs (?)
§ After all, who would need sophisticated load balancing in a DC?
§ Who would need traffic engineering?
§ Fast reroute?
Furthermore, MPLS features are indeed needed in DCs
§ Among them, sophisticated load balancing with entropy labels
§ Traffic engineering to take care of “mice” and “elephant” flows
§ and fast reroute – DC applications are real-time and critical
WHY NOT MPLS UNDERLAYS?
The reality is, all networking is complex today. We need to
make network provisioning and troubleshooting easier
§ while focusing on the features we want or even need
§ Excellent performance is possible with MPLS!
11. Copyright 2014 Juniper Networks
WHAT TO DO ABOUT OVERLAYS?
Having a proliferation of overlay technologies means
significant work for forwarding planes (both software and
hardware), which in turn means increased cost
§ most of all, a dilution of effort that serves no one
§ a repetition of features and a slow “catch-up” game
§ a host of interoperability issues – yet more features to implement
Focusing solely on encapsulations loses the plot – we have
to look at the whole picture
§ provisioning, control plane, data plane, troubleshooting
Do it once, do it right!
12. Copyright 2014 Juniper Networks
CAN THE MPLS CONTROL PLANE (IN SOME
CASES) BE TOO SOPHISTICATED?
Can’t have a flat IGP with so many hosts
LDP DoD with static routing is a possibility, but not ideal
Absolutely has to be plug-and-play – new hosts are added at a high rate
1000s of nodes
VMs
VMs
hosts
ToRs
100000s
VMs
10^7s
13. Copyright 2014 Juniper Networks
PROXY ARP RECAP
IP1 IP2
1) Hey, give me a
hardware address (of
type Ethernet) that I
can use to reach IP2
3) You can
use MAC1
MAC1
H2T1H1 T2…
2) T1 can
reach IP2
FIB
To reach IP2,
use MAC1
14. Copyright 2014 Juniper Networks
LABELED ARP (1)
IP1 IP2
… H2
T1 has a
label (L2) to
reach IP2
T1H1 T2
Label L2
to reach
IP2
LDP
Label L3
to reach
IP2
LDP
T2 leaks its hosts’
routes (here IP2) into
LDP (with label L3)
LFIB
L3: pop &
send to H2
15. Copyright 2014 Juniper Networks
LABELED ARP (2)
IP1 IP2
1) Hey, give me a
hardware address (of
type MPLSoEthernet)
that I can use to reach IP2
3) You can
use MAC1:L1
MAC1
LFIB
L1 à L2
H2T1H1 T2
L2 L3
L1
Functionality is very much
like LDP DoD.
However, ARP code is
plug-and-play and
ubiquitous
…
2) T1 can reach
IP2 via MPLS, so
it allocates L1 for
H1 to reach IP2
Note: new h/w type
means that this code
can coexist with
“normal” ARP code
LFIB
L3: pop &
send to H2
16. Copyright 2014 Juniper Networks
POINTS TO NOTE
ARP is ubiquitous – present on 10s of billions of devices
L-ARP can coexist peacefully with existing Ethernet ARP
§ A host can choose to do E-ARP or L-ARP by setting the hardware
type in the ARP request
There is an IETF draft describing L-ARP in detail
§ The goal is to make this an open standard for anyone to implement
We have prototype L-ARP code for Linux servers
§ The goal is to make this open source for anyone to use
No, sorry, we don’t have an iOS/Android app (yet!)
§ But just ask :)
17. Copyright 2014 Juniper Networks
USE CASE 1:
EGRESS PEERING TRAFFIC ENGINEERING
Content
Server
ISP1
Data Center
Peering
link to
ISP1Intra DC
Network
ISP2
Internet
Direct traffic to
prefix1 to ISP1
Direct traffic to
prefix2 to ISP2
IP1
IP2
RIB:
Prefix1: nh IP1
Prefix2: nh IP2
Peering
link to
ISP2
Use MPLS underlay for
traffic steering
CS L-ARPs for IP1/IP2
to get required labels
Bonus: DC switches
carry “a few” MPLS
LSPs rather than full
Internet routing
18. Copyright 2014 Juniper Networks
USE CASE 2: MPLS UNDERLAY FOR DCs
(WITH VRFs/E-VPNs FOR OVERLAY)
IP1 IP2
… H2T1H1 T2
RR
VM2
BGP: to reach
VM2, use VL2 with
IP2 as the nexthop
VM1
1) VM1
wants to talk
to VM2
(same VPN).
LDP LDPL-ARP L-ARP
2) BGP says to reach VM2, go to IP2
3) H1 resolves IP2 using L-ARP
4) Then, packets from VM1 to VM2 are
encapsulated with outer label from
L-ARP and inner label from BGP
19. Copyright 2014 Juniper Networks
CONCLUSION
A proliferation of encapsulations hurts the industry
§ Encapsulations need a number of features in the data plane –
encap/decap, load balancing, offload, hierarchy, FRR
§ Overlays need a control plane for services and tunnels
MPLS is a powerful data plane and has a great control
plane – it is robust, scalable, and very widely used
§ It just needs to be zero-config, plug-and-play, rack-and-stack, which
is the proposal here
See the demo in the booth!
§ We have prototype L-ARP client code for Linux servers and L-ARP
server code for Junos