Sunday, November 15, 2015

DMVPN: Still Pretty Awesome

While not exactly a cutting-edge technology anymore, I recently gave a small introductory training presentation on the underpinnings of DMVPN and how it has the potential to help to solve labor-intensive S2S VPN management. The ability for phase 3 DMVPN direct spoke-to-spoke communication helps pit a serious business case of utilizing BYO Internet circuits up against costly, slow MPLS solutions.

Figured I would share the slides. Hope you enjoy - Google Slide Deck Link

Thursday, May 1, 2014

Getting to Know Virtual Output Queuing

Imagine if you will, a building with three floors - a lobby, a second and a third floor.
This building has an elevator [Think: An Ethernet Switch] that services people [Frames] between the three floors [Ports].
However let’s also pretend that this is a fairly busy little building, and since there’s just one elevator car [Fabric Bus], people entering the lobby are having to queue to get into the elevator while it’s busy transporting earlier-arriving people to their desired floors. So regardless of the destination floor that people wish to go, they’re being held up in an elevator line in the lobby.
At this point some of the people now entering the lobby will see this impasse of a line and decide to turn away (take the stairs, leave for the pub, etc). Regardless of the floor that newly arriving people wish to go, they’re being discouraged [prevented] from even queuing in the lobby for the elevator because of the time it will take to service the folks already ahead of them [Head of Line], let alone themselves. This little building is so busy that this situation happens quite regularly, maybe even constantly, and is producing some inefficient results for the buildings tenants and visitors alike.
So to fix this, what if we increased the number of elevators in the building from one to three? This would allow two more working elevator cars which could be servicing the line of folks while other ones are currently in transit between floors. To take it a step further, perhaps we could even install a private, VIP-only elevator?

Friday, October 11, 2013

Consolidating Network Sandwiches Using VRF Lite

These days it seems there are a hundred different ways one could design a datacenter from scratch. Every vendor has their own ‘unified’ locked-in solution with everlasting promise of a good night sleep. Singe app, multi-app, single-tenant compute, single-tenant virtualization, multi-tenant virtualization, and so on. All of these requirements have potential to change the design and types of networks that you might plan and deploy…or do they?

Thursday, September 19, 2013

A Quick Look at AWS Inter-Regional Network Design

In order to support a globally deployed SaaS application, I've recently been tasked with building out a new, scalable, redundant inter-connection of geo-dispersed private networks for the foundation. I can hear you now…“Yeah, and? What’s the big deal? We solved that ages ago with MPLS or at the very least static L2L VPN tunneling!” Well, this particular application environment happens to be running entirely in Amazon’s AWS cloud in separate VPC’s, spanning multiple regions worldwide. The thing is, Amazon doesn’t provide any MPLS-style product to do this seamlessly, not even for VPC’s that exist within the same region (and possibly even within the same datacenter). So, what now?