Distributed Virtual Port-Groups (dvPGs) in vSphere are a powerful tool for controlling network traffic behavior. vSphere Distributed Switches (vDS) are non-transitive Layer 2 proxies and provide us the ability to modify packets in-flight in a variety of complex ways. Note: Cisco UCS implements something similar with …

Read More

VMware introduced the ability to double-encapsulate layer 2 frames in via the "Access VLAN" option for VRF instances in NSX Data Center: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-4CB5796A-1CED-4F0E-ADE0-72BF7B3F762C.html Q-in-VNI provides a capable infrastructure engineer the …

Read More

Cisco Modeling Labs (CML) has turned out to be a great tool for deploying virtual network resources, but the "only Cisco VNFs" limitation is a bit much. Let's use this opportunity to really take advantage of the capabilities that NSX-T has for virtual network labs! Overview For the purpose of lab …

Read More

Spanning Tree is the all-important loop prevention method for Layer 2 topologies and source of ire to network engineers worldwide. Usually IT engineers list the Dunning-Kruger Effect in a negative context, depicting an oblivious junior or an unaware manager, but I like to focus on the opposite end of the curve with …

Read More

Ever wonder what it would be like to have a platform dedicated to Continuous Improvement / Testing / Labbing? Cisco's put a lot of thought into good ways to do that, and Cisco Modeling Labs(CML) is the latest iteration of their solutions to provide this as a service to enterprises and casual users alike. CML is the …

Read More

Have you ever wondered what happened to all the privately-addressed traffic coming from any home network? Well, if it isn't explicitly blocked by the business, it's routed, and this is not good. Imagine what data leakage can occur when a user mistypes a destination IP - the traffic goes out to the Service Provider, who …

Read More

If Avi Vantage IPAM cannot allocate an address for a new vIP, it will advertise an all-zeros host address - 0.0.0.0/32: This will cause Palo Alto PAN-OS to restart a peer - even if it is not the immediate downstream prefix. Palo Alto uses routed as their dynamic routing engine - so this is probably default behavior …

Read More

When encountering this error, please ensure that "Enable IPv6" is set under interfaces: Hope this helps! Happy IPv6ing!

Read More

It's probably safe to say that service provider networking is pretty unique. One particular design pattern - Looking Glasses - is extremely useful for complex dynamically routed networks. I'd really like to shift the gatekeeping needle here - networks that are complex enough to benefit from a looking glass should move …

Read More

We don't always earn reliability with the systems we deploy, design, and maintain Infrastructure reliability is a pretty prickly subject for the community - we as engineers and designers tend to anthropomorphize, attach, and associate personal convictions with what we maintain. It's a natural pattern, but it inflicts a …

Read More