[TOC] Introduction Over the course of the last few entries, I documented my learning of Cumulus Linux, and how to do simple VXLAN with an EVPN control plane using their OS. All of this was done in a virtual environment on my server or my Mac laptop. One of the challenges of doing this in an actual network is the…
Category: Network Architecture
Cumulus VX on FreeBSD’s BHyve
[toc] Introduction Over the course of the last few weeks or so, I’ve been working with Cumulus Linux’s VX image on VirtualBox, on my Macbook Pro. As my virtual lab grew from a few VX images to the count of ten or so, my laptop began to complain. My laptop has a 4-core 2.8Ghz Core i7 with 16GB of RAM. …
Automating Cumulus With Ansible and ZTP
[toc] Introduction In the last few of my blog entries, I discussed setting up a virtual lab using Cumulus’ VX image for VirtualBox. I then went through and got EVPN working, and finally showed how using VXLAN, we can consider dumping MPLS for L2VPNs. This entry will focus on automating the bring-up of a new switch running Cumulus, and it’ll…
Deploying Firewalls With Routing
[toc] Introduction State-tracking firewall devices are commonly deployed at the border of data centers, office networks, and other corporate environments where precious IP needs to be kept out of the hands of others. My opinion of these firewall devices is that they should be avoided at all costs, and I’ll get into that later. Sometimes we’re forced to deploy things…
EVPN and VXLAN on Cumulus
[toc] Introduction and Purpose Introduction Almost three years ago, I wrote this long and detailed post about building a VXLAN-enabled virtual lab on a KVM hypervisor, using Arista’s vEOS image. Prior to that, I also wrote up this post regarding the ideas around using VXLAN for spanning L2 across an L3 infrastructure. In the second post, I wrote about the…
Proper IT Security: Build a Fort Not a Prison
Like the rest of the posts on this blog, this is an opinion piece based on my 2+ decades on the industry. Some will agree, others will disagree. Let’s get started. Definition of IT Security When I say “IT security”, I specifically mean that which secures your office place. The PCs, laptops, Macs, and the networking that your employees use…
VXLAN Configuration and Deployment
[toc] In my VXLAN: Providing Ponies for Bad System Designers entry, I discussed using an L2 overlay technology such as VXLAN to provide virtually spanned L2 VLANs over an L3 infrastructure. In this document, I’ll show via diagrams and config snippets how to build a poorly-designed network and why it’s a problem. Then I’ll use VXLAN to build a similar…
Final Linux to FreeBSD Conversion: The Router
[toc] This post will show up in both the FreeBSD section as well as the Network one. It’s sort of a combination of the two. I’ve been detailing my server conversions from Linux to FreeBSD on this blog, but I held off on the final device, and that’s the router. It turned out to be a hell of a challenge…
VXLAN: Providing Ponies for Bad System Designers
[toc] Preface This write-up will consist of technical concepts, architecture ideas, and lots of opinion. All of which are based on 20 years of building big networks in datacenters. I’ve heard it all, seen it all, and have probably already built it. Some of the opinions in this article may come across as a bit cruel. They’ve been forged over…