Silver Peak @ NFD11

silverpeakSilverpeak has shown their Unity EdgeConnect SDWAN solution. Silverpeak has done WAN optimization for many years and has leveraged from that for their SDWAN products.
Silverpeak has several different Hardware Platforms that all have the same feature set from a software prospective.
The devices can handle multiple WAN connections and traffic types. You have seemless failover between WAN links and active-active loadbalancing across all these links as well. All the WAN links will use an encrypted tunnel for the outgoing traffic. The connected endpoints can be centrelized managed with a controller with a nice looking UI.

Network Autobahn View
The Silverpeak SDWAN solution has looked well put toghter. I was impressed by the Silver Peak CEO David Hughes. Hughes has shown a very deep technical understanding of the product. It looks like as if all the expierence that Silverpeak has in the WAN optimization space has been put into the SDWAN product from the beginning. Many problems that we had in the WAN space are finally solved. To buy a SDWAN product today will pay off very quickly when you compare the ISP costs of a privte MPLS that you can safe.

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

Posted in All, Blog | Leave a comment

Netscout @ NFD11

netscoutThe Business Unit inside of NETSCOUT that many of you know as Fluke networks has shown at the NFD11 their new TruView product. It is a monitoring and network measurement as a service offering.
The components of TruView are measurement endpoints and a cloud based management and analytics platform. The endpoints can be deployed as software package or hardware device. The TruView Pulse 1000 comes in a small form factor that is PoE powered. The Endpoints have to establish a connection to the Cloud based management to get registered. It was quiet impressive how easy the deployment of these measurement endpoints is. Pulse1000NetScout has put in serious thoughts to keep the complete process as simple as possible to get results fast and easy. After an endpoint is registered you get immediately results of the performance tests. The cloud based Pure View server presents the results of the performance test.

Network Autobahn View
To have constant data from all your locations that are based on real data like emulated VoIP calls is pretty need. The biggest value for me is that you have a base line and can compare that to the current data.
Instead of shipping expensive measurement equipment that is complex to configure to a remote location, than make one test session and ship everything back. NetScout offers with TruView a compelling model with many small measurement endpoints, that can stay in the remote locations and gives constant data output. At the moment all the data will be in the cloud. I would like to see a server version of TruView so that it can be hosted in your own data center and all the measurement data would stay in your own control.

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

Posted in All, Blog, Monitoring | Leave a comment

Skyport Systems @ NFD11

skyportSkyport Sytems has used the NFD11 to show the first time their new innovativ product.
Skyport is a startup company with a very unique product that brings a new layer of security to the table.
Basicly you can verify that a server is not compromised for e.g. by a rootkits. The problem is to verify that a server is not compromised these days. To survive a wipe/installtion process, rootkids are placed in HW componetnts like e.g. the Firmware of HardDisks and SSDs. Even with a fresh OS installation the server would be immediatly compromised again. At the moment it is hard to address this attack vector. Skyport positioned their product as an extra layer of security for the high mission critical appliactions. How does it work ? Skyport has shown a Hardware based NIC that has TPM Chips, CPUs and RAM. So all the hardware and firmware inside of a server can by verified and inspected.
It is also possible to control and manipulate the traffic that goes across the Skyport hardware. Besides Firewall functionsalitys you have with Shield WEB Application a Crypto Creditional Proxy that can act as an encryption break up point so that SSL encrypted data can be inspected here as well.
You also get new Logging capabilities for your Skyport protected servers. Of course you can run a Virtualization Hypervisor on a Skyport protected Server.

Network Autobahn View:
We have to protect a System against attackers in all possible ways. Skyport adds an additional layer of security and addresses an attack vector that is not covered by any other classic security solution that I am aware of.
Will we deploy a Skyport NIC to all our servers ? Maybee not, but for the buissness critical application I see a pretty sharp usecase.

For more informations check out the Video from the NFD11 Skyport presentation:

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

Posted in All | Leave a comment

Network Field Day 11 Aftermath

NFD-Logo-400x398I have attended to Networking Field Day 11 in San Jose California wich is organized by GestaltIT.
It was a buisy week with a lot of state of the art tech. I had the pleasure to see from a wide range of vendors their products and visions. Some vendors had their first preseation at NFD and other are regular contributer. In my view the Network Field Day event is a win win situation for everybody. The vendors can present their newest innovations to the right audience insteat of an oldschool broadcast approach of merketing.
This is the introducing to a series of blog posts about the presnations that I have seen at NFD11.
I will give you fo all preenations a quick overview and my opinion as well. If that caught your interest check out the TechFiled Youtube Channel
and watch the complete presnation.

Network Field Day 11 Videos

Posted in All | Leave a comment

Happy New Year in IT

2016When the year is ending and everybody is thinking about XMAS in a lot of  IT departments  it starts to get hectic. There is some IT budget left and it has to be spended before the year is ending. I have seen this in many businesses and it is especially true for government organisations. So like at home where I have to assemble some Lego Toys for my children on XMAS there are delivered a lot of large packages at the office that have to be unboxed and rolled out into production before the year is ending. So not for all IT folks the end of the year is as relaxed as it should be. On the first weeks of the new Year I had often to do a lot of clean up work to get everything right for that was no time during the installation like monitoring and documentation.

Hopefully you all have finished your 2015 projects in time and stayed at home with your family at XMAS instead of being busy in the office.

Happy New Year 2016.



Posted in All | 2 Comments

Network Field Day #NFD11

NFD-Logo-400x398ve been invited to attend the Gestalt IT´s Network Field Day 11 held in the Silcon
Valley on January 20th – 24th 2016.

For those of you that haven´t heard of the Tech Field Day events so far. The idea behind Network Field Day is to bring together a bunch of delegates that will attend one week of presentations by different top IT vendors. All the presentations will be streamed live and uploaded to youtube after the event. That includes Q&A sessions after the presentations. It helped me a lot to listen to the Tech Field Day presentations before scheduling an appointment with a possible vendor.

I am honored to be part of the Tech Field Day 11  and am looking forward to meet up with the other delegates:
Ethan Banks
Greg Ferro
Ivan Pepelnjak
John Herbert
Jon Langemak
Brandon Carroll
Terry Slattery
Jason Edelman
Matt Oswald
Jordan Martin
Michael McNamara


You can follow Tech Field Day 11 on Twitter @NFD11

The following disclosure also needs to be made – my travel and lodging costs will be covered by Gestalt IT and the sponsors of Tech Field Day11.

NFD11 Presenting Sponsors












Posted in All | 2 Comments

End of Sale Avaya ERS8000

ERS8000EoSAvaya has recently published an end of sales notice for the ERS8000 product line. The ERS8000 was introduced as Passport 8000 in the year 2000. The product is now for nearly 16 years available. I have configured a lot of new technologys the first time on the Passport/ERS8k. For me the 2 most amazing features that have been introduced on this platform the first time was SMLT and SPBm. The SMLT SwitchCluster features wich was introduced in 2001 was the first Multi Chassis Link Aggregation technology. SMLT was in 2001 a real cutting edge technology that was ahaed of most of the compeditors. For example Cisco introduced with VSS their Multi Chassis Link Aggregation technology in 2008 wich is for IT standards ages later. 10 years later the second next generation technology SPBm was introduced. In 2011 the first SPBm pre standard implemenation was showing up on the ERS8800 platform.

So it is time to say goodbye to the Passport/ERS8000. At the end of the day the complete industry is shifting to Linux based switching OS and the old monolithic OS based switches are fading away.

Some of the ERS8k developpers from Avaya have created a Goodbye ODE , wich I have seen recently on a Avaya presenation:

“When we first turned you on SMLT was quiet new
We had some tough times but we made it through
Alone in the rack looking naked and small
Before we knew it ERS modules populated all
Bandwith demands came quick and came swift
When we gave you E modules you just wouldn´t quit
Who would of thought 10Gig to come fast
Your poor little E modules just wouldn´t last
When R modules came so did netflow
You got super mezz cards but had problems below
Slot 10 was tired and couldn´t keep up
So your body was replaced and you were brand new pup
they lauded and loved you and gave you a new name
8800 they said but you were still the same
Ten days before retirement a power supply quit
We knew at the time we had to be quick
After the more than a decade you served us well
Oh the good times we had and stories we tell
Your out of commision but you still stand tall
Your performance and relaibilitywill be remebered by all”

Here is the Link to the EoS Notice:

Posted in All | Leave a comment

MicroBursts A Troubleshooting Nightmare

One of the most difficult problems to troubleshoot in a Network are Microbursts. This is a really though one. So what is actually the problem with Microburts ? You have a Traffic peak in the network that is only present for a subsecond. Sometimes these spikes can fill up a 10Gigabit Interface at full line rate. The result is that you have typically on multiple devices in a VLAN/Subnet a high rate of TCP retransmits and resets wich causes ~25% Packet Loss. In most cases the server / appliaction teams detects first performance problems that occur sporadically. When this is reported to the network team it is nerly invinceble on the network side. The normal sources for statistics and troubleshooting will show up nothing. For example the monitoring server that polls e.g. every minute the Interface statistics will show up nothing. Also the show commands in the CLI shows on most vendors a statistic over a timeperiod of 10 seconds, wich will round down the burst that was only present for a subsecond. So it looks like that there is no problem in the network. To find the problem it helps to have some sniffer traces during a Microburts that show the TCP Retransmits and Resets. At this time you have to think in a different direction to hunt down the micoburst. Depending on the switch vendor you have to look at a different error counter. The root problem here is that an asic reaches the maximum of throuput and starts to drop packets. If you are lucky you have a counter for that drops like “Drops on no Ressources”.

What can you do to resolve the Problem ?

On the server / application side it is possible to change the traffic profile to remove the burtsy behaviour. That is really hard to achieve and can only be done with apllications that you can change and control. If you can do that this will resolve the issue with Microbursts for one type of Server / Application. You have to be aware that you can run in the same problem again in that network when you deploy for example a new application.

The other method to avoid the problem is to split up the uplinks that are connected to severs that show the bursty behaviour to different devices or asics. It also helps to have more bandwith on the uplinks available than the burst could fill up. So when the Microburst spikes up to 10Gig a 25 or 40Gig Uplink also resolves the issue.

Sometimes you have Micobursts sporadically in a network for years undetected. With strange performnce tickets that are unssolved for a long long time. This is really hard to detect , so keep Microbursts in mind for the case you are dealing with this kind of problems.


Posted in All | 2 Comments