The exploration of ACI continues, this time focusing on both Security Model fundamentals and Fabric external connectivity via L3Out. A fascinating journey for the reader keen on “connecting the dots…” between them.

*A support Lab is also included.

On the journey across modern data center technologies, now is the time to stop at the ACI station. Its fascinating architecture synthesizes Cisco’s vision of a modern SDN. Powerful new features are available to the network administrator capable of “connecting the dots…” between them.

*A support Lab is also included.

Part Two – The Hound

The story about the considerations on BGP EVPN as an instrument for extending the NSX’s capability continues. This time it is the protocol’s turn to be put under the lens, on a journey in constant balance between theory and practice.

Here are the results of this fascinating investigation.

Part One – The Fox

After some deep digging into VMware NSX, VXLAN, controllers, logical switches and routers, I felt it was only fair to share my thoughts and considerations on BGP EVPN as an instrument for solving some intriguing challenges I had found. Enjoy.

The phone rings, it’s a colleague, a DBA, dangerous people!
Listen, – he says – we have a weird problem. I have started a 600GB backup on Sunday night, it’s Tuesday morning, the backup is still at around 30%. There is one of your network guys here with me, please talk to him, DBA out!
Ok – I said – Bob, (in IT there is always a Bob and an Alice, an old habit) what’s the situation from the networking perspective?
Not so good, – he answers – since Monday we have been experiencing some random problems with no apparent correlation, some slowdowns but not total cut-offs. Ah, and another thing, the Catalyst 3750-X in the stack have been experiencing horrible ssh delays when we connect to them.
Hmmm, one more question, did you apply some kind of a dirty configuration to those switches?
No no, nothing relevant, on Saturday, during the scheduled maintenance, we only added some ACLs, but we have checked them, they are working perfectly, so the problem has to be somewhere else, for sure!
Hoho Bob, I truly believe it would be wise for you to have a look at the related post here. Let me know if it helped to solve the issue.

The SDN approach has brought so much energy in the Datacenter that it changed everything. As a result, virtual switches have become a central element of the modern networking. As one of the early adopters of the mighty Cisco Nexus 1000v, accelerated by the Cisco 1010 appliances and deployed in a UCS-based VMware context, I have appreciated, since the beginning, the competitive advantage of becoming virtual.
In the meantime, on the other side of the Moon, Open vSwitch was growing, evolving and improving up to the point where it became, in my opinion, the best virtual switch implementation ever made. I liked the project so much that I have decided to give my small contribution to the community, by writing a mini-book about the subject. Being a system programmer, other than a sysadmin, my intention is to conjugate both sides of the medal in a single coherent vision about the how and why.
The first chapter, still in rough cut but decent enough to be read, is presented here. It’s all about Linux networking, from the moment a packet hits the NIC up to the moment a virtual switch is able to catch it. Practically, it’s an appetizer of what Open vSwitch is capable of, as we will see in the forthcoming chapters.