ipSpace.net Design Clinic

Home » Webinars » Networking Fundamentals » ipSpace.net Design Clinic

ipSpace.net Design Clinic is a monthly Zoom call open to ipSpace.net users with active paid subscription. The discussions are recorded, and the best bits are published as parts of relevant webinars or as a stand-alone collection.

Last modified on 2023-12-20 (release notes)

Materials
Roadmap

ipSpace.net Design Clinic

1:40:46 November 2023
The topics of November 2023 session included BGP convergence in the global Internet, Web UI for a YAML-based data store, multi-cloud networking, and the state of BGP security. More
Improving BGP Convergence in Global Internet	27:45	2023-12-20
Web UI for GitOps YAML Data Store	17:04	2023-12-20
30:19 Multi-Cloud Networking
Multicloud Networking - Hype and Reality	18:00	2023-12-20
Multicloud Networking Challenges	12:19	2023-12-20
25:38 State of BGP Security
Route Origin Validation Is Gaining Traction	8:51	2023-12-20
Vendors Not Using Revised Error Handling	4:01	2023-12-20
Real-Life BGP Session Security	12:46	2023-12-20
Less
1:29:43 March 2023
In March 2023, we discussed BGP routing between WAN edge firewalls and adjacent routers/switches, network device hardening, and connectivity between on-premises data centers and public clouds. More
Hardening Network Devices	19:38	2023-04-04
Direct or VPN Access to a Public Cloud	14:46	2023-04-04
55:19 BGP Routing with an Edge Firewall
Challenges and Design Considerations	26:58	2023-04-04
BGP Design Options	28:21	2023-04-04
More Information
High-Availability Switching (NSF, GR, NSR)
Alternatives to IBGP within Multihomed Sites
Fast Failover: The Challenge
How Fast Can We Detect a Network Failure?
Less
1:41:05 February 2023
In February 2023, we spent the whole session discussing the intricacies of IPv6 small site multihoming and zero-trust network architectures (ZTNA). More
1:03:26 Small Site IPv6 Multihoming
Easy IPv6 Multihoming Scenarios	10:44	2023-03-15
Small Site Multihoming Problem Statement	14:19	2023-03-15
Small Site Multihoming Reality	13:59	2023-03-15
Discussion of Supportable Solutions	24:24	2023-03-15
Site and Host Multihoming Blog Posts
Default Address Selection for IPv6 (RFC 6724)
IPv6 Unique Local Addresses (ULA) Made Useless
IPv6 Site connection to many Carriers (IETF draft)
37:39 Zero-Trust Network Architecture
ZTNA Overview	9:28	2023-03-15
Microsegmentation in Zero-Trust World	15:02	2023-03-15
Zero-Trust Solutions	13:09	2023-03-15
More ZTNA-Related Information
Zero Trust Architecture (NIST)
What Is Zero Trust (CloudFlare)
Zero Trust Shouldn’t Be The New Normal (Dark Reading)
Network Security Fallacies
Hiding Malicious Packets Behind LLC SNAP Header
Replacing Central Router with a Next-Generation Firewall?
Less
1:29:36 September 2022
September 2022 session focused on various aspects of using BGP in the global Internet, from BGP route servers to multihomed customer designs. We also discussed the viability of using GPON in enterprise campus networks, and the ways one could design a VXLAN-based data center interconnect between two bridged fabrics. More
GPON in Campus Networks	15:41	2022-11-02
BGP Route Servers	15:43	2022-11-02
Redundant VXLAN-Based DCI	11:06	2022-11-02
37:08 Redundant BGP-Based Internet Access
Overview of Design Options and Challenges	10:20	2022-11-02
Egress Traffic Engineering	16:49	2022-11-02
Ingress Traffic Engineering	9:59	2022-11-02
Redundant Data Center Internet Connectivity	928K	2016-04-18
BGP Convergence Optimization	268K	2012-10-30
Living with Small Forwarding Tables
Default Routes in BGP
Use BGP Default Route to Replace Static Routing
Multihoming to a Single ISP
SDN Router @ Spotify
SDN Internet Router Is in Production
9:58 Securing Multi-Homed Customer BGP Configuration
Overview and Sample Designs	9:58	2022-11-02
BGP Operations and Security (RFC 7454)
Secure Router Templates (Team Cymru)
Deploying BGP Routing Security (Junos Day One Book)
The Bogon Reference (Team Cymru)
Less
1:23:07 June 2022
The June 2022 session focused on VXLAN and EVPN: can we use them as a DCI technology, can they replace MPLS/VPN, can we use them to build campus networks, and does it make sense to run them over SD-WAN? We also discussed data center WAN edge equipment selection, public cloud deployment tools, and typical public cloud deployment gotchas. More
VXLAN and EVPN as DCI Technology	20:54	2022-08-16
Multi-Tenant Enterprise Core Network	16:05	2022-08-16
Running VXLAN over SD-WAN	7:41	2022-08-16
Selecting Data Center WAN Edge Equipment	11:08	2022-08-16
Tools for Enterprise Public Cloud Deployments	7:54	2022-08-16
19:25 Ad-Hoc Questions
Using VXLAN with EVPN in Campus Networks	6:26	2022-08-16
Public Cloud Deployment Gotchas	12:59	2022-08-16
More Information
VXLAN-to-VXLAN Bridging in DCI Environments
Data Center Switching ASICs Tradeoffs
Hardware Differences between Routers and Switches
Less
1:16:58 April 2022
In April 2022 we discussed Carrier Ethernet and Content Deliver Network (CDN) basics and revisited application deployment challenges in multi-cloud environments. Ad-hoc topics included DNS and DHCP in data centers, and scale-out DMZ infrastructure in public clouds. More
Carrier Ethernet Basics	10:00	2022-05-30
Building Carrier Ethernet Networks	18:16	2022-05-30
Content Delivery Networks	11:18	2022-05-30
Running Applications in Multi-Cloud Environment	19:31	2022-05-30
Networking Engineers in Multi-Cloud World	11:08	2022-05-30
6:45 Ad-Hoc Questions
Using DHCP and DNS in Data Centers	2:43	2022-05-30
Scale-Out Cloud DMZ	4:02	2022-05-30
More Information
Packet Fabric
Could We Build an IXP on Top of VXLAN Infrastructure?
IS-IS in Avaya’s SPB Fabric: One Protocol to Bind Them All
Shortest Path Bridging (SPB) and Avaya Fabric
Less
1:19:31 March 2022
March 2022 session focused on data center leaf-and-spine fabrics. Topics included inter-VRF route leaking, storage integration, migration to a new fabric, ECMP monitoring, and deployment of VXLAN/EVPN in small data centers. We also continued the WAN encryption discussion with an overview of Data Center Interconnect encryption options. More
Inter-VRF Route Leaking	17:30	2022-04-02
Integrating Storage in Leaf-and-Spine Fabrics	22:32	2022-04-02
Data Center Interconnect Encryption	16:40	2022-04-02
Migrating to a Leaf-and-Spine Fabric	6:33	2022-04-02
Monitoring ECMP Behavior in Leaf-and-Spine Fabric	12:42	2022-04-02
3:34 Ad-Hoc Questions
VXLAN and EVPN in Small Data Center	3:34	2022-04-02
Further Reading
An Update on Router Buffering
A fantastic article describing numerous aspects of network buffering, from TCP behavior and congestion control to application requirements and buffer sizing recommendations
Move Fast, Unbreak Things - NANOG NetNorad presentation by Petr Lakuphov
Facebook OpenNetNorad tool
Facebook UdpPinger
Google Backbone Monitoring, Localizing Packet Loss in a Large Complex Network
VXLAN Ping and Traceroute with Lukas Krattiger
Less
1:38:07 January 2022
In January 2022 session we discussed Enterprise WAN design (focusing mostly on routing protocol and transport technology selection), encrypted multi-cloud connectivity, and multi-tenant public cloud networking. More
Encrypted Public Cloud Connectivity	20:21	2022-03-01
Multi-Tenant Public Cloud Networking	8:51	2022-03-01
55:07 Enterprise WAN Design
Routing Protocol Selection	22:30	2022-03-01
Routing Protocol Q-A	6:58	2022-03-01
Adapting Your Design to Transport Technologies	10:56	2022-03-01
Multi-Layer Transport	14:43	2022-03-01
13:48 Ad-Hoc Topics
Impact of Transit Gateway on Application Performance	4:59	2022-03-01
Using Public Cloud as SD-WAN	5:29	2022-03-01
MACsec over Carrier Ethernet Networks	3:20	2022-03-01
More Information
IOS Classic versus IOS XE OSPF Behavior
Open-Source DMVPN Alternatives
Integrating DMVPN-based Internet VPN with MPLS/VPN WAN
BGP Routing in DMVPN Access Network
Critical Vulnerabilities in AWS
Azure's Terrible Security Posture
Less
1:32:23 December 2021
December 2021 session was focused on VRFs -- we started with Multi-VRF designs and continued with "should one run Internet services in a VRF" (and why would we do that). We also tackled the endless dilemma: should servers connected to multiple leaf switches use link aggregation (+ LACP) or individual links? More
Multi-VRF Designs	25:47	2022-01-18
Internet in a VRF	25:17	2022-01-18
Multi-Homed Servers	34:06	2022-01-18
7:13 Ad-Hoc Topics
VXLAN and EVPN on Linux Hosts	7:13	2022-01-18
Less
1:28:31 November 2021
Topics of November 2021 session included leaf-and-spine fabrics outside of data centers, migrating application stacks into public clouds, and the differences between point-to-point and VLAN interfaces. We also continued the brownfield microsegmentation discussion from the September 2021 session. More
Leaf-and-Spine Fabrics Outside of Data Centers	22:59	2021-12-27
Migrating Application Stacks into Public Clouds	16:36	2021-12-27
Point-to-Point versus VLAN Interfaces	12:17	2021-12-27
36:39 Short Questions
Unified Multi-Domain Policy	12:37	2021-12-27
Scaling VMware Private Cloud	4:16	2021-12-27
Brownfield Microsegmentation	19:46	2021-12-27
Further Reading
Could We Build an IXP on Top of VXLAN Infrastructure?
Automation Win: Recreating Cisco ACI Tenants in Public Cloud
Building an IXP with VXLAN and EVPN
Less
1:25:55 October 2021
The session was focused on subnets and IPv6 (with a whiff of microsegmentation). We discussed the optimal subnet sizes, first steps in IPv6 deployments, IPv6 address plans and prefix delegation, and scale-out data center firewalls. More
Subnet Sizing	25:11	2021-11-27
First Steps in IPv6 Deployments	29:08	2021-11-27
Scalable Data Center Firewalls	15:34	2021-11-27
IPv6 Addressing Plans and Prefix Delegation	16:02	2021-11-27
Additional Information - Subnet Sizing
Subnet sizing and heterogeneous subnets
ARP Problems in EVPN
Additional Information - IPv6 Deployments
Preparing an IPv6 Address Plan
Analyzing Dual Stack Behavior and IPv6 Quality (Geoff Huston, 2012)
Best Current Practice: IPv6 Prefix Assignment for End-users (RIPE 690)
Happy Eyeballs (RFC 8305)
Happy Eyeballs – Happiness Defined by Your Perspective
Why Does DHCPv6 Matter?
Do We Need Multiple Global IPv6 Addresses Per Interface (RFC 7934)
IPv6 Neighbor Discovery exhaustion attack and IPv6 subnet sizes
IPv6 Prefixes Longer Than /64 Might Be Harmful
Are Unnumbered Interfaces Harmful?
Additional Information - Scalable Data Center Security
I Don’t Need no Stinking Firewall ... or Do I?
Replacing the Central Firewall
Replacing Central Router with a Next-Generation Firewall?
Combine Physical and Virtual Appliances in a Private Cloud
Firewalls in a Small Private Cloud
Considerations for Host-based Firewalls (Part 1)
Considerations for Host-based Firewalls (Part 2)
Using Flow Tracking to Build Firewall Rulesets... and Halting Problem
Fixing Firewall Ruleset Problem For Good
Illumio Core Architecture
Less
1:33:41 September 2021
In September 2021 we discussed microsegmentation (and lack of good solutions) in campus networks, how to provide IP transport to third-party suppliers across an enterprise backbone, and when and where one would use software- or hardware-based overlay virtual networks. Ad-hoc topics included routing in public clouds, SR-IOV, eBPF, SoNIC and IPv6-only deployments. More
Microsegmentation in Campus Networks	27:17	2021-10-01
IP Transport Across Enterprise IP Backbone	25:57	2021-10-01
Overlay Virtual Networking Implementation Options	17:11	2021-10-01
23:16 Ad-Hoc Topics
Subnet Routing in AWS VPC	4:25	2021-10-01
SR-IOV Resource Limitations	2:06	2021-10-01
eBPF Overview	8:18	2021-10-01
SoNIC on Whitebox Switches	2:40	2021-10-01
IPv6-only Deployments	5:47	2021-10-01
Less