Author Archives: Dwayne Sinclair

201
0

RFC 6598 – IANA Reserved Address Space 100.64.0.0/10

Just a quick post to make reference to RFC 6598 and the IANA reserved address space 100.64.0.0/10 which spans 100.64.0.0 – 100.127.255.255.

https://tools.ietf.org/html/rfc6598

As detailed in the RFC description, it is intended for use on Service Provider networks however, it may be used in a manner similar to RFC 1918 private address space on routing equipment that is able to do address translation across router interfaces when the addresses are identical on two different interfaces.

From an NSX perspective, optimal use case is between a NSX Distributed Logical Router (NSX Tier-1 Router) and Edge Router (NSX Tier-0 Router). All good!

Read More
Geeking Out
0

STT Review

Network virtualization uses an encapsulation technology for the overlay network. Common encapsulation technologies include GRE, VXLAN, STT, and a promising new technology called Geneve.

Today, we will focus on Stateless Transport Tunnel (STT) and some of the benefits over GRE and VXLAN….

Read More
Geeking Out
0

Intel® DPDK Review

With the growth of network virtualization, it’s time to take a look back at Intel Data Plane Development Kit (DPDK). DPDK provides optimized Packet Processing on Intel® Architectures.

The following homepage and document from Intel® details DPDK capabilities…

http://www.intel.com/go/dpdk

http://www.intel.com/content/dam/www/public/us/en/documents/presentation/dpdk-packet-processing-ia-overview-presentation.pdf

Read More
Uncategorized
0

VMware NSBU Office of the CTO… 2015 and Beyond…

A great blog post from Bruce Davie which details accomplishments over the last year, expanding reach in 2016, and predictions beyond… Enjoy!

https://blogs.vmware.com/cto/network-virtualization-2016-predictions/

Read More
IMO
1

What Micro Segmentation Is Not…

NSX-vSphere Micro Segmentation Review

NSX for vSphere has a compelling use case around Micro Segmentation –

  1. The ability to orchestrate the provisioning of new Layer 2 and Layer 3 application networks via API in a matter of seconds using VXLAN as the overlay technology allowing networks to be created for each application segment on demand. There are numerous benefits in doing this but the big one is this really simplifies the mobility of applications for BC/DR purposes… Easy to move the application and its dedicated network vs dealing with the complexity of splitting Layer 2 networks that support many applications.
  2. The ability to isolate VM’s from each other using customer defined business attributes or vCenter attributes independent of the network topology using Layer 4 Stateful firewall policy. Even with VM’s on the same network segment as each other, Layer 4 Stateful firewall policy dictates how these VM’s should communicate with each other and to the outside world… If you want complete isolation of VM’s on the same network as each other, this is easily accomplished with Layer 2, 3, or 4 security policies.
  3. The ability to apply static or dynamic policy based on changing security conditions within the infrastructure. As example, a virus is identified or intrusion detected will automatically firewall protect the infrastructure from the compromised VM.
  4. Using 3rd Party extensibility, ability to extend native Layer 4 Stateful inspection to Layer 7 Deep Packet Stateful inspection…
Read More
1 2 3 4 5 16