This document discusses the benefits of routing on the host rather than solely using layer 2 networking in the datacenter. Key benefits include simplified troubleshooting, increased redundancy with three or more top-of-rack switches, clear upgrade strategies, improved application availability, and avoiding vendor lock-in through support of multi-vendor networks using open standards like OSPF and BGP. Routing on the host provides improved network resilience, mobility, and agility compared to traditional layer 2 designs.
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
Network operators are slowly but surely embracing L3-based leaf-spine designs. However, either due to legacy applications or certain multi-tenancy requirements, the need for L2 across racks is still present. How do you solve the problem of providing L2 across multiple racks? EVPN is quickly emerging as the best answer to this question.
In this episode of our 2-part series on EVPN, we start with a discussion of the use cases, a review of the technologies EVPN competes with, and dive into an evaluation of the pros and cons of each.
For a recording of the live event, go to http://go.cumulusnetworks.com/l/32472/2017-09-22/95t27t
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
Network operators are slowly but surely embracing L3-based leaf-spine designs. However, either due to legacy applications or certain multi-tenancy requirements, the need for L2 across racks is still present. How do you solve the problem of providing L2 across multiple racks? EVPN is quickly emerging as the best answer to this question.
In this episode of our 2-part series on EVPN, we start with a discussion of the use cases, a review of the technologies EVPN competes with, and dive into an evaluation of the pros and cons of each.
For a recording of the live event, go to http://go.cumulusnetworks.com/l/32472/2017-09-22/95t27t
This slide contains concept about MPLS_VPNs specially L3_VPN protocol, according to the latest version of Cisco books(SP and R&S) and i taught it at IRAN TIC company.
In the next slide, i prepare title about MPLS L3_VPN Services and VPLS (MPLS L2_VPN)
Infrastructure as a Service (IaaS) for cloud environments provides compute processing, storage, networks, and other fundamental computing resources. To support multi-tenant cloud environments, IaaS utilizes the various advantages of the virtualization, but con-ventional virtual (overlay) network architectures for IaaS have been a direct cause of scalability limitations in multi-tenant cloud environments. In other words, IaaS’s virtual networks have the limitations due to the problems of high availability and load bal-ancing, etc. To solve these problems, we present EYWA, a virtual network architecture that scales to support huge data centers with high availability, load balancing and large layer-2 semantics. The design of EYWA overcomes the limitations by accommodating (1)a large number of tenants (about 224 = 16,777,216) by using virtual LANs such as logically isolated network with its own IP range in the cloud service providers’ view, and providing (2)public network service per tenant without throughput bottleneck and single point of failure (SPOF) on Source and Destination Network Address Translation (SNAT/DNAT) and (3)a single large IP subnet per tenant by using large layer-2 semantics in the consumers’ view. EYWA combines existing techniques into a decentralized scale-out control and data plane. The only component of EYWA is an agent in every hypervisor host that can control packets and the agents act as distributed controller. As a result, EYWA can be deployed into all the multi-tenant cloud environments today.
In this presentation, we will discuss how IEEE standard 802.3ad and its implications allow third-party devices such as switches, servers, or any other networking device that supports trunking to interoperate with the distributed trunking switches (DTSs) seamlessly. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Technical-Webinar-LACP-and-distributed-LACP-ArubaOS-Switch/td-p/458170
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
this pdf contain simple method to install one of important MPLS service MPLS L3VPN and explain how mpls distribute labels
use simple routing protocol with customer (static route) to initiate L3VPN
“MPLS is that it’s a technique, not a service.”
The fundamental concept behind MPLS is that of labeling packets. In a traditional routed IP network,
each router makes an independent forwarding decision for each packet based solely on the packet’s
network-layer header. Thus, every time a packet arrives at a router, the router has to “think through”
where to send the packet next.
This slide contains concept about MPLS_VPNs specially L3_VPN protocol, according to the latest version of Cisco books(SP and R&S) and i taught it at IRAN TIC company.
In the next slide, i prepare title about MPLS L3_VPN Services and VPLS (MPLS L2_VPN)
Infrastructure as a Service (IaaS) for cloud environments provides compute processing, storage, networks, and other fundamental computing resources. To support multi-tenant cloud environments, IaaS utilizes the various advantages of the virtualization, but con-ventional virtual (overlay) network architectures for IaaS have been a direct cause of scalability limitations in multi-tenant cloud environments. In other words, IaaS’s virtual networks have the limitations due to the problems of high availability and load bal-ancing, etc. To solve these problems, we present EYWA, a virtual network architecture that scales to support huge data centers with high availability, load balancing and large layer-2 semantics. The design of EYWA overcomes the limitations by accommodating (1)a large number of tenants (about 224 = 16,777,216) by using virtual LANs such as logically isolated network with its own IP range in the cloud service providers’ view, and providing (2)public network service per tenant without throughput bottleneck and single point of failure (SPOF) on Source and Destination Network Address Translation (SNAT/DNAT) and (3)a single large IP subnet per tenant by using large layer-2 semantics in the consumers’ view. EYWA combines existing techniques into a decentralized scale-out control and data plane. The only component of EYWA is an agent in every hypervisor host that can control packets and the agents act as distributed controller. As a result, EYWA can be deployed into all the multi-tenant cloud environments today.
In this presentation, we will discuss how IEEE standard 802.3ad and its implications allow third-party devices such as switches, servers, or any other networking device that supports trunking to interoperate with the distributed trunking switches (DTSs) seamlessly. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Technical-Webinar-LACP-and-distributed-LACP-ArubaOS-Switch/td-p/458170
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
this pdf contain simple method to install one of important MPLS service MPLS L3VPN and explain how mpls distribute labels
use simple routing protocol with customer (static route) to initiate L3VPN
“MPLS is that it’s a technique, not a service.”
The fundamental concept behind MPLS is that of labeling packets. In a traditional routed IP network,
each router makes an independent forwarding decision for each packet based solely on the packet’s
network-layer header. Thus, every time a packet arrives at a router, the router has to “think through”
where to send the packet next.
Gateway Forwarding Schemes For Manet-Internet Connectivityijsrd.com
In the real world one of the most important challenge for the broad implementation of mobile ad hoc network (MANET) technology is the finding way to capably interconnect them with the Internet. Yet, such interconnections are very difficult due to differences in mobility, addressing and routing between MANETs and reside IP networks. Imprecise address and routing techniques are hard to integrate. In this paper we propose the half tunnels as a powerful transition technique to integrate various networks. In this paper, we will also discuss some existing solutions like default routes host route etc to interconnect MANETs with the Internet, but on analysis we find them lacking in robustness and flexibility. For example, many solutions do not consider the presence of multiple gateways, and in such scenarios they either fail, or are less efficient due to the lack of multi-homing capabilities.
As the data center network scales out (both through the addition of more servers per pod and the interconnection of more pods per data center), conventional Ethernet designs need to be modified. This section will consider the evolution from conventional network design to several
emerging standards that will support higher scalability and more complex network topologies.
An Approach for Enhanced Performance of Packet Transmission over Packet Switc...ijceronline
With the increased use of real time applications, there is a need for improved network traffic and bandwidth management. Switches are being used by computer networks for enabling connection between those hosts which are not connected by a direct link. When two or more than two host attempt to transmit packet at the same time, collision in data packets occurred. In this paper an optimized performance of local area network in terms of collision count and some other parameter have been investigated using simulation model. Simulation results have been obtained in different network scenarios by varying the number of devices in the network.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
[Retired] routing on the host an introduction – cumulus networks® knowledge base
1. 12/06/2017 [RETIRED] Routing on the Host: An Introduction – Cumulus Networks® Knowledge Base
https://support.cumulusnetworks.com/hc/enus/articles/216805858RETIREDRoutingontheHostAnIntroduction 1/7
Documentation | Community | Downloads Search
Home My Requests Submit a Request
Cumulus Networks® Knowledge Base > Con蟘guration and Usage > Routing
[RETIRED] Routing on the Host: An Introduction
Important! Now that Routing on the Host has oTcially launched, you can 蟘nd updated content in the technical documentation.
In order to build more resilient data centers, many Cumulus Networks customers are leveraging the Linux ecosystem to run routing protocols directly
to their servers. This is often referred to as routing on the host. This means running layer 3 protocols like OSPF (Open Shortest Path First) or BGP
(Border Gateway Protocol) directly down to the host level, and is done in a variety of ways, by running Quagga:
Within Linux containers (such as Docker)
Within a VM as a virtual router on the hypervisor
Directly on the hypervisor
Directly on the host (such as an Ubuntu server)
Contents
Why Route on the Host?
Simplifying Troubleshooting
Three or More Top of Rack Switches
Clear Upgrade Strategy
Application Availability
Multi-vendor Support
Host, VM and Container Mobility
BGP Unnumbered Interfaces
Why Have Networks not Done this in the Past?
Lack of a Fully-featured Host Routing Application
Cost of Layer 3 Licensing
See Also
Why Route on the Host?
Why do customers do this? Why should you care?
Simplifying Troubleshooting
Troubleshooting layer 2 network problems in the data center has been a persistent challenge in modern networks, so expanding the layer 3 footprint
further into your data center by routing on the host alleviates many issues described below.
Consider a network where layer 2 MLAG is con蟘gured between all devices. Although this is a common data center design, and can be deployed on
Cumulus Linux, it suTers from a number of shortcomings.
Sign in
Sean Cavanaugh
July 08, 2016 02:00
Follow
May we use cookies to track your activities? We take your privacy very seriously. Please see our privacy policy for details and any questions.Yes No
2. 12/06/2017 [RETIRED] Routing on the Host: An Introduction – Cumulus Networks® Knowledge Base
https://support.cumulusnetworks.com/hc/enus/articles/216805858RETIREDRoutingontheHostAnIntroduction 2/7
Traceroute is not eTective, since it only shows layer 3 hops in the network; this design uses layer 2 devices only. All traceroute outputs,
regardless of the path taken, only show the layer 3 exit leafs. There is no way to determine which spine is forwarding traTc.
MAC address tables become the only way to trace down hosts. For the diagram above, to hunt down a particular host you would need to run
commands to show the MAC addresses on the exit leafs, the spine switches and the leaf switches. If a host or VM migrates while
troubleshooting, or a loop occurs from a miscon蟘guration, you may have to show the addresses multiple times.
Duplicate MAC addresses and MAC Taps become frustratingly hard to track down. Orphan ports and dealing with MLAG and non-MLAG pairs
increase network complexity. The fastest way to 蟘nd a speci蟘c MAC address is to check the MAC address table of every single network switch in
the data center.
Proving load balancing is working correctly can become cumbersome. With layer 2 solutions, LACP (Link Aggregation Control Protocol) is very
prevalent, so you need to have multiple bonds/Etherchannels between the switches. Performing a simple ping doesn't help because the hash
remains the same for layer 2 Etherchannels, which are most commonly hashed on SRC IP, DST IP, SRC port and DST port. In the end, you
need multiple streams that hash evenly across the LACP bond. This often means you must buy test tools from companies like Spirent and Ixia.
With a layer 3 design, you can run ip route show and see all of the equal cost routes. It's possible to use tools like mtr and scamper and see all
possible ECMP routes; that is, what switches are being load balanced.
Three or More Top of Rack Switches
With solutions like Cisco's vPC (virtual Port Channel), Juniper's MC-LAG (Multi-Chassis Link Aggregation) or Arista's MLAG (Multi-chassis Link
Aggregation), you gain high availability by having two active connections. Cumulus Networks has feature parity with these solutions with its
own MLAG implementation.
High availability means having two or more active connections. However, with high density servers, or hyper-converged infrastructure deployments, it
is common to see more than two NICs per host. By routing on the host, three or more ToR (top of rack) switches can be con蟘gured, giving much more
redundancy. If one ToR fails, you only lose 1/total ToR switches, whereas with a layer 2 MLAG solution, you lose 50% of your bandwidth.
Clear Upgrade Strategy
By routing on the host, you gain two huge bonuses:
Ability to gracefully remove a ToR switch from the fabric for maintenance
More redudnancy by having multiple ToRs (3+)
Let's expand on these two points. With layer 2 only (like MLAG), there is no way to inTuence routes without being disruptive (that is, some traTc loss
must occur). With OSPF and BGP, there are multiple load balanced routes via ECMP (Equal Cost Multipath) routing. Since there is routing, it is possible
to change these routes dynamically.
3. 12/06/2017 [RETIRED] Routing on the Host: An Introduction – Cumulus Networks® Knowledge Base
https://support.cumulusnetworks.com/hc/enus/articles/216805858RETIREDRoutingontheHostAnIntroduction 3/7
For OSPF, you can increase the cost of all the links making the network node less preferable.
With BGP, there are multiple ways to change the routes, but the most common is prepending your BGP AS to make the switch less preferable.
Both BGP and OSPF make the ToR switch less preferable, removing it as an ECMP choice for both protocols. However, the link doesn't get turned oT.
Unlike layer 2, where the link must be shut down and all traTc currently being transmitted is lost, a routing solution noti蟘es the rest of the network to
no longer send traTc to this switch. By watching interface counters you can determine when traTc is no longer being sent to the device under
maintenance, so you can safely remove it from the network with no impact on traTc.
Because routing on the host uses three or more ToRs, this reduces the impact of a ToR being removed from service, either due to expected
maintenance or unexpected network failure. So, instead of losing 50% of bandwidth in a two ToR MLAG deployment, the bandwidth loss can be
reduced to 33% with three ToRs or 25% with four.
The redundancy with layer 3 networks is tremendous. In the image above, the network on the left can still operate even if 3 out of 4 ToR switches are
down. That is 4N redundancy. The best case for the network on the right is 2N redundancy, no matter what vendor you choose. Layer 3 allows
applications to have much more uptime with no risk for outages.
Application Availability
Often when deploying a new application, server or service, there can be a delay between when the new device or service is available and when it is
integrated with the network. This is typically a result of the additional con蟘guration required to set up layer 2 high availability (HA) technologies on the
upstream switches, which is often a manual process.
Using layer 3 and routing on the host eliminates this delay entirely. Tight pre蟘x list control coupled with authentication can be leveraged on leaf and
spine switches to protect the rest of the network from the downstream servers and what they are allowed to advertise into the network. Server
admins can be in control of getting their service on the network within the bounds of a safe framework setup by the network team. This is similar to
how service providers treat their customers today.
Similarly, when an application or service moves from one part of the network to another, the application team has the ability to advertise the newly
moved application quickly to the rest of the network allowing for more agility in service location.
A service or application can be represented by a /32 IPv4 or /128 IPv6 host route. Since that application depends on that /32 or /128 being reachable,
the application is dependent on the network. Usually this means the ToR or spine is advertising reachability. If the application is migrated or moved
(for example, by VMware vMotion or KVM Migration), the network may need substantial recon蟘guration to advertise it correctly. Usually this requires
multiple steps:
4. 12/06/2017 [RETIRED] Routing on the Host: An Introduction – Cumulus Networks® Knowledge Base
https://support.cumulusnetworks.com/hc/enus/articles/216805858RETIREDRoutingontheHostAnIntroduction 4/7
1. Removing the host route from the previous ToR, spine or pair of ToRs or spines so it is no longer advertised to the wrong location.
2. Adding the host route to the new ToR, spine or pair of ToRs or spines so it is advertised into the routed fabric.
3. Checking connectivity from the host to make sure it has reachability.
These steps are often done by diTerent teams, which can also cause problems. When routing on the host this is done automatically by Quagga
advertising, the host routes no matter where the host is plugged in.
Multi-vendor Support
One problem with layer 2, especially around MLAG environments, is interoperability. This means if you have 1 Cisco device and 1 Juniper device, they
can't act as an MLAG pair. This causes a problem known as vendor lock-in where the customer is locked into a vendor because of propritary
requirements. One huge bene蟘t of doing layer 3 is that by using OSPF or BGP, the network is adhering to open standards that have been around a
long time. OSPF and BGP interoperability is highly tested, very scalable and has a track record of success. Most networks are multi-vendor networks
where they peer at layer 3. By designing the network down to the host level with layer 3, it is now possible to have multiple vendors everywhere in
your network. The following diagram is perfectly acceptable in a layer 3 environment:
Host, VM and Container Mobility
When routing on the host, all VMs, containers, subnets and so forth are advertised into the fabric automatically. This means the only the subnet on the
connection between the ToR and the router on the host needs to be con蟘gured on the ToR. This greatly increases host mobility by allowing minimal
con蟘guration on the ToR switch. All the ToR switch has to do is peer with the server.
If security is a concern, the host can be forced authenticate to allow BGP or OSPF adjacencies to occur. Consider the following diagram:
In the above diagram the Quagga con蟘guration does not need to change, no matter what ToR you plug it into. The only con蟘guration that needs to
change is the subnet on swp1 and eth0 (con蟘gured under /etc/network/interfaces, which is not shown here). This greatly reduces con蟘guration
complexity and allows for easy host mobility.
5. 12/06/2017 [RETIRED] Routing on the Host: An Introduction – Cumulus Networks® Knowledge Base
https://support.cumulusnetworks.com/hc/enus/articles/216805858RETIREDRoutingontheHostAnIntroduction 5/7
BGP Unnumbered Interfaces
Cumulus Networks enhanced Quagga with the ability to implement RFC 5549. This means that you can con蟘gure BGP unnumbered interfaces on the
host. In addition to the bene蟘ts of not having to con蟘gure every subnet described above, you do not have to con蟘gure anything speci蟘c on the ToR
switch at all, so you don't have to con蟘gure an IPv4 address in /etc/network/interfaces for peering.
BGP unnumbered interfaces enables IPv6 link-local addresses to be utilized for IPv4 BGP adjacencies. Link-local addresses are automatically
con蟘gured with SLAAC (StateLess Address AutoCon蟘guration). This address is derived from an interface's MAC address and is unique to each layer 3
adjaency. DAD (Duplicate Address Detection) keeps duplicate addresses from being con蟘gured. This means the con蟘guration remains the same no
matter where the host resides. There is no speci蟘c subnet used on the Ethernet connection between the host and the switch.
Along with implementation of RFC 5549, Quagga has a simpler con蟘guration, allowing novice users the ability to quickly con蟘gure, understand and
troubleshoot BGP con蟘gurations within the data center. The following illustration shows a single attached host using BGP unnumbered interfaces:
Why Have Networks not Done this in the Past?
If routing on the host has a lot of bene蟘ts, why has this not happened in the past?
Lack of a Fully-featured Host Routing Application
In the past, there were no enterprise grade open routing applications that could be installed easily on hosts. Cumulus Networks and many other
organizations have made these open source projects robust enough to run in production for hundreds of customers. Now that applications like
Quagga have reached a high level of maturity, it is only natural for them to run directly on the host as well.
Cost of Layer 3 Licensing
Many vendors have many license costs based on features. Unfortunately, vendors like Cisco, Arista and Juniper often want to charge more money for
layer 3 features. This means that designing a layer 3-capable network is not as simple as just turning it on; the customer is forced to pay additional
licenses to enable these features.
The licensing is often confusing (for example, "What is the upgrade path?" "Do I need additional licenses for BGP vs OSPF?" "Does scale aTect my
price?"), even when the cost is budgeted for. Routing is not something that should cost additional money for customers when buying a layer 3-capable
switch. At Cumulus Networks our licensing model is simple, concise and publicly available.