AWS direct connect – Connectivity matters!

I had some discussion about AWS (Amazon Web Services) and how to connect to their services, especifically when you run production workloads on virtual machines in AWS. Bringing workloads to public clouds, means that your business and/or your customers are more depended on their (internet) connectivity to be able to reach the workloads running on public cloud environment.

Connectivity matters

There are a multiple solutions out there to make your internet facing connections highly available. Bandwidth-wise there aren’t really any challenges, aside from the costs… in the Netherlands at least. It is easy to get a 1GbE or better connection from your datacenter or office location(s).

The thing we were discussing about, is the latency between you and your public cloud services. Even though it’s strongly depending on what workloads you are planning to run in AWS, you want a decent user experience. Thus a lowest possible network latency towards that workload. That brings us to www.cloudping.info. A nifty web tool to give you an idea on what your latency is to the regions from where AWS offers their services. It’s output looks like this:

awscloudping

Since I’m in the Netherlands, the EU Frankfurt site in Germany is the closest AWS site for me. So an average ping time of 23ms… Note: This number is depending strongly on how your internet provider or your datacenter is connected to AWS via peering on various Internet Exchanges or via transits.

(more…)

Read More

Jumbo frames and the risks involved

Even though the jumbo frame and the possible gain and risk trade-offs discussion is not new, we found ourselves discussing it yet again. Because we had different opinions, it seems like a good idea to elaborate on this topic.

Let’s have a quick recap on what jumbo frames actually are. Your default MTU (Maximum Transmission Unit) for a ethernet frame is 1500. A MTU of 9000 is referred to as a jumbo frame.

Jumbo frames or 9000-byte payload frames have the potential to reduce overheads and CPU cycles.

Typically, jumbo frames are considered for IP storage networks or vMotion networks. A lot of performance benchmarking is already described on the web. It is funny to see a variety of opinions whether to adopt jumbo frames or not. Check this blogpost and this blogpost on jumbo frames performance compared to a standard MTU size. The discussion if ‘jumbo frames provide a significant performance advantage’ is still up in the air.

There are other techniques to improve network throughput and lower CPU utilization next to jumbo frames. A modern NIC will support the Large Segment Offload (LSO) and Large Receive Offload (LRO) offloading mechanisms. Note: LSO is also referenced as TSO (TCP Segmentation Offload). Both are configurable. LSO/TSO is enabled by default if the used NIC hardware supports it. LRO is enabled by default when using VMXNET virtual machine adapters.

Risks?

Let’s put the performance aspects aside, and let us look into the possible risks involved when implementing jumbo frames. The thing is, in order to be effective, jumbo frames must be enabled end to end in the network path. The main risk when adopting jumbo frames, is that if one component in the network path is not properly configured for jumbo frames, a MTU mismatch occurs.
(more…)

Read More

Stretched cluster with NSX

Last NLVMUG I was talking about stretched clusters. My presentation elaborated somewhat on how VMware NSX can help you deal with challenges that arise when deploying a stretched cluster solution. In this blogpost I want to have a closer look at this specific topic.

A quick understanding about what a stretched cluster solution actually is; it is a vSphere cluster configured in one vCenter instance containing an equal number of hosts from both sites. This allows for disaster avoidance (vMotion) and disaster recovery (vSphere HA) between two geographical separated sites. From the backend infrastructure perspective, your (synchronous replicated) storage and network solutions must span both sites.

Looking into network designs used for stretched clusters, you will typically face challenges like:

  • How do you design for VM mobility over 2 sites, requiring Layer-2 networks between the 2 sites?
  • Stretched Layer-2 networks (VLANs) introduce a higher risk of failure (think Layer-2 loops).
  • How to properly segment applications and/or tentants (customers/business units)?
  • Netwerk flows. What about your egress and ingress connections?

Let’s begin with how a VMware NSX install-base could look like if it is deployed within stretched cluster infrastructure.

Stretched cluster with NSX architecture

A stretched cluster with VMware NSX could look like the following logical overview.
(more…)

Read More

VCP-NV exam experience

Ending the year on a high!! Today Rutger and I passed the VMware Certificed Professional – Network Virtualization (VCP-NV) exam!! Robert will surely follow soon. 🙂
We had a rather small time frame to successfully pass VCP-NV because as of January 2015 we want full focus on VCDX-DCV. So it had to happen in 2014.

Although we didn’t have a great deal of hands-on experience (yet) with VMware NSX, we were able to pass the exam after a steep learning curve following our NSX deepdive session at VMware along with some really good documentation and blogposts on the matter… not to mention the VMware’s HOL labs!

vcpNV

(more…)

Read More

SDN: VMware NSX (Part 1)

In June 2014 me and my cloudfix co-bloggers attended a seminar about network virtualisation in general and VMware NSX specifically. The seminar also contained a deep-dive into the details of VMware NSX. This deep-dive triggered us to do a blog post series on network virtualisation in general and VMware NSX in detail.

This first article in the series will talk about the VMware NSX globally after which the following will start deep-diving into the specifics about this solutions. I hope you find the series useful in understanding what the VMware NSX solution can do for your organization.

vmware_nsx_logo

(more…)

Read More

VMworld, here we come!

The moment is getting closer and closer, Niels & Robert are attending VMworld Barcelona 2014 (13-16 oct.)! We’re really looking forward to meeting all you vRockstars in person and learn everything there is to know about the new features vendors like PernixData, Nutanix, Cisco and ofcourse VMware  are presenting on VMworld Europe and provide you with this information on our blog.

vmworld2014

In this article we’ll give a short overview of sessions we think everybody should attend and why.

(more…)

Read More

Convert Cisco 1000v from standalone to HA set-up

Recently, working on a customer environment, I discovered that their current Cisco 1000v implementation was not redundant. We quickly decided to convert the standalone setup to a HA-setup. This article shows how this can easily be done.

Cisco Logo

The current setup was a Cisco 1000v VSM (Virtual Supervisor Module) in L2 Control mode, but the same procedure can be applied to a Cisco 1000v in L3 Control mode.

(more…)

Read More

DMVPN Single-Hub Configuration

As I’m currently preparing for Cisco CCIE R&S Written exam I’d like to share some information on the subject of DMVPN (Dynamic Multipoint Virtual Private Network) as this is one of the new topics added to the Cisco CCIE R&S blueprint (on the written and lab exams). You only have to know about the single-hub toplogy, but it’s also not very difficult to do a dual-hub dual-cloud topology.

What is DMVPN?

DMVPN is a VPN which uses dynamic tunnels, this means that on the hub only 1 tunnel is needed to connect all the different spokes to the hub (so no more configuring an IPSEC-tunnel for each site you want to connect). It even automatically forms spoke-to-spoke tunnels on demand, so spoke-to-spoke traffic does not need traverse the hub. Another advantage in my opinion that it is very easy to setup and a very stable solution.

DMVPN is based on:

  • mGRE (Multipoint Generic Routing Encapsulation)
  • NHRP (Next Hop Resolution Protocol)
  • a Dynamic Routing Protocol (EIGRP, OSPF, BGP)
  • IPSEC (optional)

(more…)

Read More

Welcome!

Welcome to Cloudfix, our blog!!

We recently decided to start this blog. We are still setting things up and shuffling a bit with the layout.
Shouldn’t take long now for us to start sharing and collaborating.

What makes us different from other blogs is that we are a bunch of guys participating in one blog rather than we all have our own! This should be good for our visitors; to have different perspectives on technologies we encounter. And because we all have our own package of experience, our blog posts should be diverse.

We hope we can welcome you as a regular visitor!!

Read More