Hacker News new | ask | show | jobs
by theideaofcoffee 1087 days ago
I glanced through the guide and it's Windows and Cisco (specifically IOS) heavy: mentions of the old Cisco architecture via Core/Access/Distribution, where larger DC networks have converged onto spine/spline setups, CDP/Cisco Discovery protocol whereas the open-source LLDP is more generic, even the nomenclature of 802.1q VLAN tags: access versus trunk. But I guess if you are starting to automate a legacy office network, it might be useful.

More recent non-IOS network OSes that lend themselves to automation, especially in the datacenter, the likes of Cumulus or SONiC are pure linux with some asic-vendor-specific bits and bobs, so I'm unsure of the applicability of this guide to larger, more modern networks. Tools like ansible could be a good fit here, but since they are 'just' linux, might as well use a dedicated config management tool like chef or puppet.

Otherwise I think it's well written for someone in a smaller shop wanting to get their feet wet with ansible and other tools but still stuck on IOS.
1 comments
jimmar 1087 days ago
> old Cisco architecture via Core/Access/Distribution, where larger DC networks have converged onto spine/spline setups

Please correct me if I'm wrong, but I see the "old" core/access/distribution layers still relevant. The datacenter spine/spline setup applies to networking between server racks in the data center.

> 802.1q VLAN tags: access versus trunk

Again, are you saying that these are outdated? I'm not a practicing network engineer, but I know several network engineers and they've told me that understanding 802.1q VLAN tags to segment network traffic has been helpful.

link
kazen44 1086 days ago
> Please correct me if I'm wrong, but I see the "old" core/access/distribution layers still relevant. The datacenter spine/spline setup applies to networking between server racks in the data center.

this is correct. The place where spine-leaf really shines is when used in combination with evpn-vxlan. You can then encapsulate every tenant network inside a VXLAN domain and route those between your leafs switches through your spine layer.

This is basically a clos fabric which is non-blocking, and is very easy to expand horizontally. It also gives you nice features like ARP suppression[0]. These features are important in a DC fabric because ARP flooding is traffic which is not revenue generating, and should be minimized as much as possible.

For normal Enterprise/Office network, running an evpn-vxlan fabric is usually far to complex for the benefits involved.

[0] https://satishdotpatel.github.io/how-does-arp-suppression-wo...

link
darkr 1087 days ago
> 802.1q VLAN tags: access versus trunk

I think the parent was saying that these are Cisco specific terms; more generic terms would be "untagged" + "tagged".

link
ajsnigrutin 1087 days ago
Trunk and access ports are like kleenex and bandaids. Yes, technically cisco terminology, but used everywhere.
link
iso1631 1087 days ago
Absolutely, here's a config from one of my aristas(with bits snipped)

   interface Ethernet1
      switchport trunk native vlan 899
      switchport trunk allowed vlan 801
      switchport mode trunk
   interface Ethernet13
      switchport access vlan 311
And on a Juniper

   set interfaces xe-0/2/1 unit 0 family ethernet-switching interface-mode trunk
   set interfaces xe-0/2/1 unit 0 family ethernet-switching vlan members Mgmt_B
   set interfaces xe-0/2/1 unit 0 family ethernet-switching vlan members Audio_2
   ....
   set interfaces ge-0/0/19 unit 0 family ethernet-switching interface-mode access
   set interfaces ge-0/0/19 unit 0 family ethernet-switching vlan members Audio_2
When Cisco, Arista, Juniper all use access vs trunk it's hardly a vendor specific term
link