Random technical bits and thoughts

IP Fragmentation versus TCP segmentation

2012-01-22T14:13:00.000-08:00

Ethernet Controllers are increasingly becoming more intelligent with every generation of NICs. Intel and Broadcom have added many features in Ethernet NIC chips in recent past. Multicore SoC vendors are adding large number of features into Ethernet IO hardware blocks. TCP GRO (Generic Receive Offload - It used to be called Large Receive offload too) and GSO (Generic Segmentation Offload and

SAMLv2 mini-tutorial and some good resources

2012-01-21T15:07:00.000-08:00

Why SAML (Security Assertion Markup Language)? Single Sign-On: Many organizations have multiple intranet servers with web front end. Though all servers interact with common authentication database such as LDAP, SQL databases, each server used to take authentication credentials from employee. That is, if employee logs into server1 and then goes to server2 employees are expected to provide

Need for Pattern Matching Accelerators in UTM devices

2012-01-21T12:04:00.000-08:00

Network security term typically refers to Threat prevention and Security on the wire. Threat protection is normally achieved with multiple security technologies. Basic protection is achieved from firewall technology. IDS/IPS (Intrusion Detection/Prevention System), Anti-Virus, Web application firewalls are some of the security technologies that are increasingly being used to protect networks

Locator and Identifier Seperation Protocol (LISP) - One more tunnel protocol

2011-12-31T22:02:00.000-08:00

In 2012, I think that there would be focus on two technologies in network infrastructure market - SDN and LISP (Locator and Identifier Separation Protocol). LISP work is going on for few years and it seems to be talked about quite often in recent past. Why LISP? The reasons for LISP is detailed very well in the RFC 4984. Some points of RFC 4984 are worth noting down and I am mentioned them

Table Centric Processing and Openflow

2011-12-19T19:42:00.001-08:00

Software in Embedded network appliances consists of multiple entities - Management Plane (MP), Control Plane (CP) and Data Plane (DP). Some examples of network appliances include routers, switches, load balancers, security devices and WAN Optimization devices etc.. MP entity typically consists of management engines such as CLI, GUI Engines and Persistent storage Engines. CP is mainly

VXLAN (Virtual eXtensible LAN) - Virtual Data Centers - Tutorial

2011-12-19T16:36:00.000-08:00

VMWare with contributions from Cisco, Citrix, Broadcom, Arista networks released IETF VXLAN draft which is a protocol to enable multiple L2 virtual networks over a physical infrastructure. Please find that draft here. Draft document clearly defines the problem statement and how the VXLAN is solves the problems. I will not repeat all of them here. Some important background points are mentioned

Embrane - Is this SDN Play?

2011-12-15T21:38:00.001-08:00

Recently, I came across a company called Embrane while doing some google search on SDN. Then I saw a press release that Embrane made a product release announcement. I thought I would check this out and see how far it goes in SDN. I had gone through the whitepaper published in Embrane website. If you are interested, you can find that paper here. My understanding of Embrane solution: When I

Software Defined Networking - Java Role

2011-12-11T11:58:00.000-08:00

Controller component of Openflow based SDN is supposed to have most of the networking intelligence. One might have gathered by this time that the SDN is expected to provide programmability of network devices rather than simple configurability. SDN Controller component is going to be complex entity in SDN. Software Engineering principles tell us that complexity is only manageable with

ForCES (Forwarding and Control Element Separation) and Openflow 1.1 - Contrasting them

2011-12-07T23:18:00.000-08:00

At very high level, both ForCES and Openflow protocols separate Control plane and Data plane. Both protocols are intended to drive Software Defined Networking. Some terminology differences: Software Driven Networking versus Software Defined Networking : Both are same, but different terms are used. ForCES uses Software Driven Networking. Openflow is created in the context of Software Defined

Openflow 1.1 protocol tutorial

2011-12-04T15:32:00.001-08:00

Openflow protocol is a TCP/SSL based protocol between controllers and switches. Switch is expected to initiate a connection to the Controller. For each datapath instance, switch device is expected to make a connection. If the switch supports X number of datapaths (instances), then X number of connections are established. As you might have guessed by this time, Openflow is a protocol that

Dual Stack Support in LTE eNodeB - Technical bit

2011-12-04T12:52:00.000-08:00

This technical bit summarizes the type of functionality expected out of Dual stack in user plane of eNodeB. Introduction eNodeB connects to UE on Air interface side and connect to multiple types of devices in the core network over backhaul network. It communicates with MME, S1 Gateways via Security Gateways. GTP-U layer is the relay module which transfers the packets to/from UE to wireless

Software Defined Networking Trend - Winners

2011-11-29T03:49:00.000-08:00

It is not given that the SDN is going to be successful, though there are very high chances of it due to push from Network operators. Unlike earlier efforts, some vendors have resigned to the fact that SDN will become successful and have/are-having products ready in the market. Let us see who would be the winners if SDN picks up. Certainly Network Operators/Service Providers/Data Center

My views on SDN (Software Defined Networking) phases

2011-11-27T16:28:00.000-08:00

In my last post, I have talked about the need for SDNs. I wanted to give my views on how SDN is going to play out in the market place. Phase 1 - Openflow based Data path implementations (Hybrid implementation) Device Side: Many L2 and L3 switch vendors are providing Openflow1.0 based implementation in their switches. Almost all these devices continue to support existing L2/L3 switching

Software Defined Networking (SDN)

2011-11-27T10:21:00.000-08:00

Before going into the details of SDN, it is required to revisit the current networks and different network devices within the network. Then this post talks about the problems associated with network devices as seen by service providers and network operators. I try to describe how SDNs are expected to solve the issues faced by network operators. Current Networks Current Networks consists

Key-Value Store using Memcached - Microservers & Embedded Multicore processors

2011-07-30T02:02:00.000-07:00

What is Microserver? It is explained multiple ways in the Industry. Intel defines it as ""We define it as any server with a large number of nodes, usually with a single socket or multiple low-power processors and shared infrastructure,". Serverwatch article on Microservers - small footprint, powerful punch article characterizes it as "The difference between microservers and server

Hibernate Versus JDBC

2011-04-18T21:39:00.000-07:00

Long back I worked on a project in Java, Centralized Management System, to manage multiple networking devices. At that time I remember having a big debate on whether to use Hibernate for Java Object persistence or use JDBC directly. We have finally decided to use Hibernate at that time. I happened to come across this link which talks about 'when to use Hibernate' and also provides

Cloud Multi-Tenancy Support - Authentication, Authorization and Auditing requirements

2011-04-17T08:10:00.000-07:00

Authentication and Authorization requirements are common in any web based applications. Authentication is the process by which the application takes the user credentials, typically using 'log-in' forms and checks the existence of user by checking against user databases (LDAP, RDBMS, RADIUS etc..). Authorization is the process in which application allows the access to different parts of

Experience with installing VMware Server 2.0 on windows 7

2011-03-20T12:51:00.000-07:00

I was helping a friend to install Ubuntu 10.10 Linux on Windows 7 using VMware server 2.0. I had few hiccups, but finally could do it. Installation of VMware Server was a breeze. No issue found in downloading and installing. Just follow the instructions given in VMware site. After VMware Server was installed, you would see few entries at "Start" of windows 7, All Programs->VMWare->VMware

IGMP Filtering - Developer tips

2011-03-12T17:30:00.000-08:00

IGMP protocol allows hosts to report their interest in Multicast address membership with adjacent routers. These adjacent routers in turn propagate the consolidate membership with upstream routers using PIM-SM or using IGMP proxy functionality. IGMP protocol sits right on top of IP layer, at the same level as ICMP, UDP and TCP. IGMPv1 and IGMPv2 protocols are older protocols to IGMPv3.

Clustering of devices with traffic distribution by L2 Switch - One limitation & Mitigation

2011-02-05T09:25:00.000-08:00

In my last post on "Data Center/Enterprises Clustering of Devices" I discussed on how L2 switches are enabling device equipment vendors to provide cluster solution to take up the increasing load on the networks. Many L2 switches are capable of analyzing multiple different types of layer 2 headers to get to the inner IP packet and use inner IP packet source and destination IP address fields to

Data Center/Enterprises - Clustering of Network devices

2011-02-03T22:43:00.000-08:00

Throughput requirements of Data center/Enterprise network equipment are going up with increased traffic in data centers and Enterprises. In addition, computational requirements of network equipment are also going up. Some examples of why more computation power is required. Intrusion Detection/Prevention now requires almost 3 - 4 times the computation power on per Mbps of traffic than what

Data Center Equipment & Offload card requirements

2011-01-08T14:59:00.000-08:00

I have been attending some web conferences focusing on Data Center equipment. From last few years, there are more and more discussions on offloading some processing out of current data center equipment. Before getting details on offload functions, it is good to revisit some of data center equipment. Data centers, whether they are private, public or cloud, have following equipment. L2/L3

What are Traffic Monitoring Enabler Switches?

2010-12-30T20:12:00.000-08:00

There is increasing trend of Traffic Monitoring Enabler Switches (TMES) in Enterprise, Data Center and Service provider environments. Need for TMES: Traffic monitoring devices are increasingly becoming requirement for networks in Enterprise, Data Center and Service provider environments. There are multiple types of monitoring devices are being deployed in networks. Traffic Monitoring for

User space Packet processing applications - Execution Engine differences with processors

2010-12-26T13:08:00.000-08:00

Please read this post to understand Execution Engine. Many processors with descriptor based IO devices have their own interrupts. For each device, there is corresponding UIO device. Hence software poll based EE provides 'file descriptor' based interface to register, deregister and get hold of indication through callbacks. EE applications are expected to read the packets from the the hardware

User space Packet processing applications - Execution Engine

2010-12-19T22:07:00.000-08:00

If you plan to port your data plane network processing application from Linux kernel space to user space, first thing you would think is how you can port your software to user space with minimal changes to your software. Execution Engine is the first thing one would think of. Many kernel based networking applications don't create their own threads. They work with the threads which are already