Sidebar Design Clinic

Home » Webinars » Networking Fundamentals » Design Clinic Design Clinic is a monthly Zoom call open to users with active paid subscription. The discussions are recorded, and the best bits are published as parts of relevant webinars or as a stand-alone collection.

Last modified on 2023-12-20 (release notes)

ARF PDF MP4 ZIP Design Clinic

1:40:46 November 2023

The topics of November 2023 session included BGP convergence in the global Internet, Web UI for a YAML-based data store, multi-cloud networking, and the state of BGP security.

Improving BGP Convergence in Global Internet 27:45 2023-12-20
Web UI for GitOps YAML Data Store 17:04 2023-12-20

30:19 Multi-Cloud Networking

Multicloud Networking - Hype and Reality 18:00 2023-12-20
Multicloud Networking Challenges 12:19 2023-12-20

25:38 State of BGP Security

Route Origin Validation Is Gaining Traction 8:51 2023-12-20
Vendors Not Using Revised Error Handling 4:01 2023-12-20
Real-Life BGP Session Security 12:46 2023-12-20

1:29:43 March 2023

In March 2023, we discussed BGP routing between WAN edge firewalls and adjacent routers/switches, network device hardening, and connectivity between on-premises data centers and public clouds.

Hardening Network Devices 19:38 2023-04-04
Direct or VPN Access to a Public Cloud 14:46 2023-04-04

55:19 BGP Routing with an Edge Firewall

Challenges and Design Considerations 26:58 2023-04-04
BGP Design Options 28:21 2023-04-04

More Information

High-Availability Switching (NSF, GR, NSR)
Alternatives to IBGP within Multihomed Sites
Fast Failover: The Challenge
How Fast Can We Detect a Network Failure?

1:41:05 February 2023

In February 2023, we spent the whole session discussing the intricacies of IPv6 small site multihoming and zero-trust network architectures (ZTNA).

1:03:26 Small Site IPv6 Multihoming

Easy IPv6 Multihoming Scenarios 10:44 2023-03-15
Small Site Multihoming Problem Statement 14:19 2023-03-15
Small Site Multihoming Reality 13:59 2023-03-15
Discussion of Supportable Solutions 24:24 2023-03-15
Site and Host Multihoming Blog Posts
Default Address Selection for IPv6 (RFC 6724)
IPv6 Unique Local Addresses (ULA) Made Useless
IPv6 Site connection to many Carriers (IETF draft)

37:39 Zero-Trust Network Architecture

ZTNA Overview 9:28 2023-03-15
Microsegmentation in Zero-Trust World 15:02 2023-03-15
Zero-Trust Solutions 13:09 2023-03-15
Zero Trust Architecture (NIST)
What Is Zero Trust (CloudFlare)
Zero Trust Shouldn’t Be The New Normal (Dark Reading)
Network Security Fallacies
Hiding Malicious Packets Behind LLC SNAP Header
Replacing Central Router with a Next-Generation Firewall?

1:29:36 September 2022

September 2022 session focused on various aspects of using BGP in the global Internet, from BGP route servers to multihomed customer designs.

We also discussed the viability of using GPON in enterprise campus networks, and the ways one could design a VXLAN-based data center interconnect between two bridged fabrics.

GPON in Campus Networks 15:41 2022-11-02
BGP Route Servers 15:43 2022-11-02
Redundant VXLAN-Based DCI 11:06 2022-11-02

37:08 Redundant BGP-Based Internet Access

Overview of Design Options and Challenges 10:20 2022-11-02
Egress Traffic Engineering 16:49 2022-11-02
Ingress Traffic Engineering 9:59 2022-11-02
Redundant Data Center Internet Connectivity 928K 2016-04-18
BGP Convergence Optimization 268K 2012-10-30
Living with Small Forwarding Tables
Default Routes in BGP
Use BGP Default Route to Replace Static Routing
Multihoming to a Single ISP
SDN Router @ Spotify
SDN Internet Router Is in Production

9:58 Securing Multi-Homed Customer BGP Configuration

Overview and Sample Designs 9:58 2022-11-02
BGP Operations and Security (RFC 7454)
Secure Router Templates (Team Cymru)
Deploying BGP Routing Security (Junos Day One Book)
The Bogon Reference (Team Cymru)

1:23:07 June 2022

The June 2022 session focused on VXLAN and EVPN: can we use them as a DCI technology, can they replace MPLS/VPN, can we use them to build campus networks, and does it make sense to run them over SD-WAN?

We also discussed data center WAN edge equipment selection, public cloud deployment tools, and typical public cloud deployment gotchas.

VXLAN and EVPN as DCI Technology 20:54 2022-08-16
Multi-Tenant Enterprise Core Network 16:05 2022-08-16
Running VXLAN over SD-WAN 7:41 2022-08-16
Selecting Data Center WAN Edge Equipment 11:08 2022-08-16
Tools for Enterprise Public Cloud Deployments 7:54 2022-08-16

19:25 Ad-Hoc Questions

Using VXLAN with EVPN in Campus Networks 6:26 2022-08-16
Public Cloud Deployment Gotchas 12:59 2022-08-16

More Information

VXLAN-to-VXLAN Bridging in DCI Environments
Data Center Switching ASICs Tradeoffs
Hardware Differences between Routers and Switches

1:16:58 April 2022

In April 2022 we discussed Carrier Ethernet and Content Deliver Network (CDN) basics and revisited application deployment challenges in multi-cloud environments. Ad-hoc topics included DNS and DHCP in data centers, and scale-out DMZ infrastructure in public clouds.

Carrier Ethernet Basics 10:00 2022-05-30
Building Carrier Ethernet Networks 18:16 2022-05-30
Content Delivery Networks 11:18 2022-05-30
Running Applications in Multi-Cloud Environment 19:31 2022-05-30
Networking Engineers in Multi-Cloud World 11:08 2022-05-30

6:45 Ad-Hoc Questions

Using DHCP and DNS in Data Centers 2:43 2022-05-30
Scale-Out Cloud DMZ 4:02 2022-05-30

More Information

Packet Fabric
Could We Build an IXP on Top of VXLAN Infrastructure?
IS-IS in Avaya’s SPB Fabric: One Protocol to Bind Them All
Shortest Path Bridging (SPB) and Avaya Fabric

1:19:31 March 2022

March 2022 session focused on data center leaf-and-spine fabrics. Topics included inter-VRF route leaking, storage integration, migration to a new fabric, ECMP monitoring, and deployment of VXLAN/EVPN in small data centers.

We also continued the WAN encryption discussion with an overview of Data Center Interconnect encryption options.

Inter-VRF Route Leaking 17:30 2022-04-02
Integrating Storage in Leaf-and-Spine Fabrics 22:32 2022-04-02
Data Center Interconnect Encryption 16:40 2022-04-02
Migrating to a Leaf-and-Spine Fabric 6:33 2022-04-02
Monitoring ECMP Behavior in Leaf-and-Spine Fabric 12:42 2022-04-02

3:34 Ad-Hoc Questions

VXLAN and EVPN in Small Data Center 3:34 2022-04-02

Further Reading

An Update on Router Buffering

A fantastic article describing numerous aspects of network buffering, from TCP behavior and congestion control to application requirements and buffer sizing recommendations

Move Fast, Unbreak Things - NANOG NetNorad presentation by Petr Lakuphov
Facebook OpenNetNorad tool
Facebook UdpPinger
Google Backbone Monitoring, Localizing Packet Loss in a Large Complex Network
VXLAN Ping and Traceroute with Lukas Krattiger

1:38:07 January 2022

In January 2022 session we discussed Enterprise WAN design (focusing mostly on routing protocol and transport technology selection), encrypted multi-cloud connectivity, and multi-tenant public cloud networking.

Encrypted Public Cloud Connectivity 20:21 2022-03-01
Multi-Tenant Public Cloud Networking 8:51 2022-03-01

55:07 Enterprise WAN Design

Routing Protocol Selection 22:30 2022-03-01
Routing Protocol Q-A 6:58 2022-03-01
Adapting Your Design to Transport Technologies 10:56 2022-03-01
Multi-Layer Transport 14:43 2022-03-01

13:48 Ad-Hoc Topics

Impact of Transit Gateway on Application Performance 4:59 2022-03-01
Using Public Cloud as SD-WAN 5:29 2022-03-01
MACsec over Carrier Ethernet Networks 3:20 2022-03-01

More Information

IOS Classic versus IOS XE OSPF Behavior
Open-Source DMVPN Alternatives
Integrating DMVPN-based Internet VPN with MPLS/VPN WAN
BGP Routing in DMVPN Access Network
Critical Vulnerabilities in AWS
Azure's Terrible Security Posture

1:32:23 December 2021

December 2021 session was focused on VRFs -- we started with Multi-VRF designs and continued with "should one run Internet services in a VRF" (and why would we do that). We also tackled the endless dilemma: should servers connected to multiple leaf switches use link aggregation (+ LACP) or individual links?

Multi-VRF Designs 25:47 2022-01-18
Internet in a VRF 25:17 2022-01-18
Multi-Homed Servers 34:06 2022-01-18

7:13 Ad-Hoc Topics

VXLAN and EVPN on Linux Hosts 7:13 2022-01-18

1:28:31 November 2021

Topics of November 2021 session included leaf-and-spine fabrics outside of data centers, migrating application stacks into public clouds, and the differences between point-to-point and VLAN interfaces. We also continued the brownfield microsegmentation discussion from the September 2021 session.

Leaf-and-Spine Fabrics Outside of Data Centers 22:59 2021-12-27
Migrating Application Stacks into Public Clouds 16:36 2021-12-27
Point-to-Point versus VLAN Interfaces 12:17 2021-12-27

36:39 Short Questions

Unified Multi-Domain Policy 12:37 2021-12-27
Scaling VMware Private Cloud 4:16 2021-12-27
Brownfield Microsegmentation 19:46 2021-12-27

Further Reading

Could We Build an IXP on Top of VXLAN Infrastructure?
Automation Win: Recreating Cisco ACI Tenants in Public Cloud
Building an IXP with VXLAN and EVPN

1:25:55 October 2021

The session was focused on subnets and IPv6 (with a whiff of microsegmentation). We discussed the optimal subnet sizes, first steps in IPv6 deployments, IPv6 address plans and prefix delegation, and scale-out data center firewalls.

Subnet Sizing 25:11 2021-11-27
First Steps in IPv6 Deployments 29:08 2021-11-27
Scalable Data Center Firewalls 15:34 2021-11-27
IPv6 Addressing Plans and Prefix Delegation 16:02 2021-11-27

Additional Information - Subnet Sizing

Subnet sizing and heterogeneous subnets
ARP Problems in EVPN

Additional Information - IPv6 Deployments

Preparing an IPv6 Address Plan
Analyzing Dual Stack Behavior and IPv6 Quality (Geoff Huston, 2012)
Best Current Practice: IPv6 Prefix Assignment for End-users (RIPE 690)
Happy Eyeballs (RFC 8305)
Happy Eyeballs – Happiness Defined by Your Perspective
Why Does DHCPv6 Matter?
Do We Need Multiple Global IPv6 Addresses Per Interface (RFC 7934)
IPv6 Neighbor Discovery exhaustion attack and IPv6 subnet sizes
IPv6 Prefixes Longer Than /64 Might Be Harmful
Are Unnumbered Interfaces Harmful?

Additional Information - Scalable Data Center Security

I Don’t Need no Stinking Firewall ... or Do I?
Replacing the Central Firewall
Replacing Central Router with a Next-Generation Firewall?
Combine Physical and Virtual Appliances in a Private Cloud
Firewalls in a Small Private Cloud
Considerations for Host-based Firewalls (Part 1)
Considerations for Host-based Firewalls (Part 2)
Using Flow Tracking to Build Firewall Rulesets... and Halting Problem
Fixing Firewall Ruleset Problem For Good
Illumio Core Architecture

1:33:41 September 2021

In September 2021 we discussed microsegmentation (and lack of good solutions) in campus networks, how to provide IP transport to third-party suppliers across an enterprise backbone, and when and where one would use software- or hardware-based overlay virtual networks.

Ad-hoc topics included routing in public clouds, SR-IOV, eBPF, SoNIC and IPv6-only deployments.

Microsegmentation in Campus Networks 27:17 2021-10-01
IP Transport Across Enterprise IP Backbone 25:57 2021-10-01
Overlay Virtual Networking Implementation Options 17:11 2021-10-01

23:16 Ad-Hoc Topics

Subnet Routing in AWS VPC 4:25 2021-10-01
SR-IOV Resource Limitations 2:06 2021-10-01
eBPF Overview 8:18 2021-10-01
SoNIC on Whitebox Switches 2:40 2021-10-01
IPv6-only Deployments 5:47 2021-10-01
You started this section on %started% Mark completed