Network BGP on TOR

Layer 3 design with spine and leaf


* prefix list automation:

# Network design

### Google new network design
Read this paper: [Conferences sigcomm](

### Facebook DC design

Information about 1st design @FB:

Facebook DC design Next Gen:
Introducing data-center fabric the next generation facebook DC network

A video presentation about L3 spine and leaf @FB (useful demo @2’22 »)


Pictures of FB DC:
[Photo tour new facebook data-center in iowa (2014)](

FB servers
### LinkedIn DC design plus L3

DC design spine and leaf and water-cooling at LinkedIn  

And from linkedin blog:

### Other company L3 design

An old article from Metadata blog:

### Tools for network BGP and design



IETF draft for L3 in the DC:  

Presentation from Nanog about  


From Arista:  


How to load balance applications in a L3 DC (Replay of a meetup)  



Cabinet Load Ratings: Why They Matter (and Why They’re Changing)

Cabinet Load Ratings

– – – – – –

To make better use of floor space and decrease operating costs, more active gear is being placed inside cabinets and enclosures. As a result, they’re getting wider, deeper and taller. Just a few years ago, most enclosures offered 42 RUs or 45 RUs of space. Today, however, many cabinets offer 48 RUs of space – and can offer as many as 52 RUs (or more).

But as cabinets grow in size to accommodate more active gear, they also get heavier. If cabinets get too heavy, the floor may not be able to support them; the cabinets may also be very difficult to move (rolled from one spot to another, transported for loading and shipping, etc.).

It’s becoming crucial to analyze load ratings (also known as “load capacities”) when selecting enclosures. Here are the load ratings you need to know:

– *Static load rating*: How much weight a cabinet can hold when racks are loaded in the data center
– *Dynamic load rating*: How much weight a cabinet can accommodate when shipped fully loaded (important to note with services like Data Center Ready becoming more popular)
– *Rolling load rating*: How much weight a cabinet can tolerate as it is moved/rolled across the floor

Most enclosures are listed against UL 2416 for static load. Just a few years ago, the average static load rating was approximately 1500 pounds; now, a static load rating of 3000 pounds isn’t unusual. In many cases, dynamic and rolling load ratings will be the same for a cabinet.

It’s also critical to note that static, dynamic and rolling load ratings are *not* the same as a cabinet’s seismic rating. Seismic ratings indicate how much protection the rack-mount equipment in a cabinet will receive during an earthquake. (We’ll cover this topic in an upcoming blog post.)

While a cabinet’s width, depth and height can influence load ratings, there are other factors to consider as well.

## Cabinet Construction

There are two main enclosure types: fully welded enclosures and enclosures with bolted-together components. A bolted design allows cabinets to be shipped flat, saving shipping costs. Typically, however, fully welded enclosures have higher load ratings; they can adequately support more weight from active gear.

Corner post geometry and the steel gauge (thickness) used to construct corner posts and mounting rails can also influence a cabinet’s load rating.

## Casters

Before a cabinet is shipped, it is often loaded with switches, servers and everything else needed. Then, it is tested and commissioned. Once testing is complete, the cabinet is shipped to the end-user. To get the enclosure into a truck, however, it needs to be rolled – and then rolled again once it arrives at its destination.

Moving an enclosure across the floor doesn’t just require an adequate rolling load rating – it also requires the correct casters. Heavy-duty casters make a world of difference in accommodating a heavier rolling load rating, as well as withstanding rolling movement. There’s a significant load-rating difference (up to 1000 pounds or more) between a cabinet with regular-capacity casters and a cabinet with high-capacity casters.

## Built-In Levelers

Levelers don’t impact a cabinet’s static, rolling or dynamic load rating – but they can make it much easier to safely move a cabinet. For best performance of active gear, enclosures need to be level. Built-in levelers underneath enclosures allow installers to move cabinets and level them once they’re in place.

A few years ago, cabinets were leveled before equipment was placed inside – which made it more difficult to move the cabinet and ensure that everything remained level. Today, however, built-in levelers allow you to install equipment inside beforehand and level the enclosures once the cabinets are loaded.

## Vibration

Vibration doesn’t directly influence load ratings, either, but the ability of a cabinet to withstand vibration and shocks when being moved – without distortion – is an important factor.

Many times, special shock-absorbent pallets are used to insulate active gears mounted in the enclosure to offer protection during transportation.

## Belden

Belden’s X Series enclosures – XHM and XHS – have a static load rating of 3000 pounds. They seamlessly integrate power distribution, airflow containment and management, networking connectivity and cable management. They are shipped fully assembled and configured to your exact specifications, with several options for doors, side panels, passive chimneys or active AEHC units and PDU mounting.

Learn more about the data center solutions available from Belden to help maximize space, save time, speed up deployment, reduce downtime and save costs here.

Advances in Multi-Fiber Connectivity WP CTA
Advances in Multi-Fiber Connectivity WP CTA Source: Spine and Leaf (1st) test

[Contact and Source]

Bending Loss: A Risk Associated with Reusing Installed Fiber Cable

[![Fiber Bending Loss](http// « Fiber Bending Loss »)](http//

Thanks to its ultra-high data transmission capacity, ultra-low loss and installation flexibility, glass optical fiber is the most power-efficient data transmission media available today. Optical fiber cables have been deployed worldwide to connect people and “[things](” together.

According to [CRU’s Optical Fibre and Cable Monitor](, last year, the global optical cable demand reached 318 million kilometers in the first three quarters of 2016.

As we mentioned in a [previous blog](, two types of optical fiber are available for different network environments and link distances:

– Multimode fiber (MMF) for short-reach links up to a few hundred meters, mainly used in data centers environments
– Singlemode fiber (SMF) for long-reach links, such as in LANs, access networks, metro/transport networks and hyperscale data centers

![Multimode Fiber](http// « Multimode Fiber »)

Fiber cables are typically installed and owned by internet service providers or internet content providers (including cloud service providers), or enterprise IT departments. People commonly believe that fiber cable has unbounded bandwidth capacity and can last forever; however, with the recent [data traffic boom]( – cloud services, over-the-top content delivery and [Internet of Things (IoT)]( – some old fiber infrastructure has hit its capacity limit and needs to be upgraded.

This blog is the first of three in a series where we will walk you through the risks of reusing installed fiber cable, and help you understand how fiber cable infrastructure performance and quality could impact your business operations.

## Macrobending and Bend-Insensitive Fiber

Optical fiber cables are recognized as the superior data transmission media over long distances. The optical fiber is a waveguide that confines light within the fiber core, which is bounded by the cladding material that prevents light from escaping.

![Macrobending]( « Macrobending »)
*Source: IBM*

Compared to copper cable, optical fiber cable has a much smaller cross-section diameter to support flexible cable routing and installation, especially for high-density I/O. Nevertheless, strict fiber cable installation rules have to be followed because light can leak out of the fiber core through the cladding when bent or wrapped. Bending loss occurs when a fiber cable bend is tighter than its maximum bend tolerance; bending loss is due to physical bends that are large in relation to the diameter of the cable. As the bend tightens, more light is lost. This phenomenon is referred to as “fiber macrobending.”

![Macrobending 2]( « Macrobending 2 »)

TIA 568.3-D specifies the minimum bend radius for fiber cable installation to avoid excessive “light leakage” or bending loss:

*Cables with four or fewer fibers intended for Cabling Subsystem 1 shall support a minimum bend radius of 25 mm (1 in) when not subject to tensile load. Cables with four or fewer fibers intended to be pulled through pathways during installation shall support a minimum bend radius of 50 mm (2 in) under a pull load of 220 N (50 lbf). All other inside plant cables shall support a minimum bend radius of 10 times the cable outside diameter or less when not subject to tensile load, and 20 times the cable outside diameter or less when subject to tensile loading up to the cable’s rated limit.*

## Macrobending Hurdles in New Use Cases

In many new practical use cases, fiber cables are required to be installed with even smaller bend radii, which could lead to bending loss:

1. In access networks, optical fiber is installed closer to subscribers; therefore, smaller bend radius is required to support high-density, flexible fiber installation and routing.
2. In data center networks, more and denser fiber cables are installed to support ever-growing bandwidth requirements in limited space; therefore, hassle-free fiber cable installation with higher bend tolerance is increasingly important to reduce bending loss and speed up data center deployment and upgrades.

![Bent and Pinched Fiber]( « Bent and Pinched Fiber »)

![Fiber Slack Loop]( « Fiber Slack Loop »)

*Source: Anixter*

Legacy fiber cable, although optimized for low-attenuation data transmission, is subject to excessive transmission loss; it was not optimized to support sharp bends and can suffer from bending loss. Accidental fiber loss can happen on a daily basis if care is not taken:

– *Sharp bend*: severe 90-degree bend can induce high link loss of up to 0.4 dB to 0.5 dB
– *Pinched cable*: pinching standard fiber jumper can lead to an attenuation of 3 dB to 4 dB
– *Fiber slack loop*: a tight pulling tension on the fiber jumper can cause an attenuation of >5 dB

## Fibers with Enhanced Macrobend Loss Performance: Bend-Insensitive Fibers

Recently, bend-insensitive SMF and MMF (BI-SMF and BI-MMF) products have been introduced to the market to meet the needs of tighter fiber-bend tolerance to avoid bending loss. Optical fiber manufacturers used a refractive index “trench” in the fiber structure – a ring of lower refractive index material – to reflect lost light back into the core of the fiber.

Industry standards have also been developed to specify the bend-radius tolerance of BI-SMF and BI-MMF.

– BI-MMF: ISO/IEC 60793-2-10 provides specifications for A1a.1b, A1a.2b, A1a.3b and A1a.3W that support two turns of 15mm bending radius with <0.1 dB loss at 850nm, and two turns of 7.5mm bending radius with <0.2 dB at 850 nm. *(BI-MMF cables are only optimized for 850nm but not for 1300nm. While the bend loss at 850nm is as described above, the results at 1300nm are not much different than with standard 50µm MMF.)*
– BI-SMF: ISO/IEC 60793-2-50 provides specifications for B6 singlemode fibers that can support minimum bending radius of 10mm, 7.5mm and 5mm. The same recommendation has also been made in the ITU-T G.657 standard document. *(G.657.A1 and G.657.A2 are fully compliant with traditional SMF standard G.652.D with lower fiber transmission loss; G.657.B2 and G.657.B3 are compatible with G.652.D with smaller minimum bending radii, but the transmission loss is slightly higher.)*

Using bend-insensitive fiber cable will minimize the risks of fiber bending loss, and reduce accidental system downtime by considerably improving link robustness and overall performance.

Given the installation and maintenance advantages, considering BI-MMF and BI-SMF for system upgrades or new fiber cable deployment is highly recommended.

Belden offers BI-MMF and BI-SMF [fiber products]( that are faster, easier and better to use. Our fiber connectivity solutions reduce complexity, increase flexibility and streamline installation.

<div style= »text-align: center; »>[![Advances in Multi-Fiber Connectivity WP CTA]( in Multi-Fiber Connectivity WP CTA_86060.png « Advances in Multi-Fiber Connectivity WP CTA »)](</div>

Source: Spine and Leaf (1st) test

HDBaseT: Is it Convergence?


– – – – – –

There has been a lot of talk about convergence in the cabling world; some of this has been driven by new technology and market overlapping. Today’s integrator has the ability to install a system that covers phones, computers, security, audio/video and even low-voltage power.

There are two types of convergence that we often discuss: technology and infrastructure convergence.

[Technology convergence]( uses a single network system, such as Ethernet, to support multiple devices. All of these devices share the same cable and active gear. For example, you can now plug your desk phone and computer into the same telecom room switch. Ethernet networks can support just about every aspect of communication, voice, data, security, building control and even audio/video applications. This is not the type of convergence we are talking about.

Infrastructure convergence uses the same *cable* to support multiple systems. All sorts of devices connect to their own system using a universal cabling system. The biggest type of communication cabling being used today is category cable. While the entire system shares the same cable, the devices don’t talk the same language; therefore, they can’t communicate with each other. This system offers customers a universal, low cost-cabling system. But is it really the best solution for each application?

This blog examines one version of this type of convergence: the use of category cabling for HDBaseT signals.


## Standards

How did category cable become the dominant communications cable? The main reason is the success of Ethernet, which is the de facto standard for today’s networks – but this was not always the case. If you go back a few years, network cabling included an [IBM token ring]( (150 Ohm), ARCNET (twin-axial) and even Ethernet, which could be sent on Thicknet 10BASE5 and Thinnet 10BASE2 coaxial cable.

IEEE 802.3 (the Ethernet standard) over twisted pair won out, and category cabling was born. As IEEE was writing the Ethernet standards, TIA was creating the 568 standards to specify cable characteristics for category cabling. The two standards worked hand in hand; as Ethernet technology increased from 10 Mbps to 10 Gbps, category cabling standards kept pace, going from Category 3 to Category 6A.

Internationally, the ISO 11801 standard followed TIA’s lead. Ideally, every manufacturer produces a category cable that meets ANSI/TIA specifications (in the United States) or ISO specifications (internationally), giving the user a reasonable expectation that the cable will support his or her network.

Today’s network can support just about every aspect of communication, voice, data, security, building control and audio/video applications. With all devices following the same standard, we achieved interoperability. So, why don’t just use it for everything? It turns out that it has latency and bandwidth shortfalls, which don’t make it ideal for video. The issues are being corrected, but that is the subject of another blog.

The professional AV industry is in the process of trying to develop a standard for everyone to follow. For AV systems, you often need more than one type of signal: an application might require an audio signal, a video signal and a variety of control signals. An increasingly popular new standard, HDBaseT®, does just that.


## HDBaseT Technology

This technology uses 5Play®: HDMI 1.4, 4K video with audio, USB 2.0, 100BASE-T Fast Ethernet, various control signals with low-voltage power (up to 100W).

A group of manufacturers formed the [HDBaseT Alliance]( in 2010, with one of the goals being the development of a universal standard and interoperability between manufacturers. The HDBaseT 2.0 specification has been submitted to IEEE to become a universal standard, but is currently only in draft form. Although it might seem like it is, the HDBaseT 2.0 specification is *not* part of the IEEE Ethernet 802.3 standard. Also adding to the confusion is the universal appeal of category cabling, which the HDBaseT Alliance selected.

From the start, there have been minor issues with the cabling, and people have been improvising solutions. Making matters worse is the adoption and popularity of ultra-high-definition video, commonly referred to as 4K. The increased bandwidth of a 4K image, with almost 9 Mbps of information, causes even more strain on the infrastructure. Furthermore, this strain will only increase as the market moves to 8K, with even more color and faster frame rates. It’s possible for the bandwidth to push well beyond 50 Gbps per second. (Get more information on this topic [here](

Not only is the video signal a bandwidth hog, it is very latency sensitive. Due to time sensitivity, a video signal is different than a pure data signal. If a video signal is lost or damaged, those pieces of the image are lost and are never retransmitted. Instead, they appear as errors on the screen; if you have too many errors, the picture is lost altogether – but more on this in a different blog.

To adjust for these demands, most manufacturers have tried tweaking a variety of category cable types. Most have gone to a shielded cable or screened cable. Additionally, some have increased the category rating, even up to Category 7A, in hopes of improved results. This has stopped becoming a converged infrastructure, and turned into a search for a cable that can support this signal. Belden set out to uncover the true cabling requirements – and then to design a cable to meet it.

This blog is just one in a series that will cover in more detail the testing we completed and what we found, including 4K HDBaseT cabling misconceptions and myths. [Subscribe to our blog so you don’t miss out!](

*HDBaseT® and 5Play are registered trademarks of the HDBaseT Alliance.*

<div style= »text-align: center; »>[![HDBaseT CTA](http// « HDBaseT CTA »)](</div>Source: Spine and Leaf (1st) test

URLs and links to read later….

Liens et site de documentations / news a suivre

* Napalm:

* Python/Napalm for network:

* Tools & Automation

* Facebook tools: FBNet-Command-Runner: A thrift service to run commands on heterogeneous Network devices with configurable parameters: 
The presentation:

* DDOS with memcached:

* AI with Google:

* Tools for dev
[vim editor – fonctions avancees](
[From gitlab an Infrastructur handbook](

* IoT / Domotic
New soft for domotic: (demo) + doc
OpenHardware devices and howtos:

# Social
* Working & related stuff

* Networking & Social net
[MP #198 : Réussir sa photo de profil pour les réseaux sociaux et sites de rencontres](

[Mes petites astuces Instagram](

# Photos
* Photos


* Videos

Paris in Video:
<iframe allowfullscreen= » » frameborder= »0″ height= »295″ mozallowfullscreen= » » src= »″ title= »Paris. » webkitallowfullscreen= » » width= »525″></iframe>

Google Authenticator VS Authy:
[Authy vs. Google Authenticator](
<iframe allowfullscreen= » » frameborder= »0″ height= »295″ mozallowfullscreen= » » src= » » title= »Authy vs. Google Authenticator » webkitallowfullscreen= » » width= »525″></iframe>

# Not checked
* Technical
Dev/Net visialisation tools in python for BGP:
dotfiles management:

* Blogs

* Photos

* dev
Check code in git searching for password and other bad stuff:
Liste of django apps:

* Docker / VM / Sec

Password / vault managment:

* Other
[832 TB – ZFS on Linux – Project “Cheap and Deep”: Part 1](

Story of someone at criteo:


To check:

[MP #198 : Réussir sa photo de profil pour les réseaux sociaux et sites de rencontres](

<iframe class= »wp-embedded-content » data-secret= »HjfZuDvvrv » frameborder= »0″ height= »296″ marginheight= »0″ marginwidth= »0″ sandbox= »allow-scripts » scrolling= »no » security= »restricted » src= » » style= »position: absolute; clip: rect(1px, 1px, 1px, 1px); » title= »« MP #198 : Réussir sa photo de profil pour les réseaux sociaux et sites de rencontres » — » width= »525″></iframe>

> [Git : Apprendre à utiliser le gestionnaire de versions](

<iframe class= »wp-embedded-content » data-secret= »2n6dRGttNM » frameborder= »0″ height= »296″ marginheight= »0″ marginwidth= »0″ sandbox= »allow-scripts » scrolling= »no » security= »restricted » src= » » style= »position: absolute; clip: rect(1px, 1px, 1px, 1px); » title= »« Git : Apprendre à utiliser le gestionnaire de versions » — Born to Code: la programmation par l’exemple » width= »525″></iframe>

> [Mes petites astuces Instagram](

<iframe class= »wp-embedded-content » data-secret= »yjp6qcwU0Y » frameborder= »0″ height= »296″ marginheight= »0″ marginwidth= »0″ sandbox= »allow-scripts » scrolling= »no » security= »restricted » src= » » style= »position: absolute; clip: rect(1px, 1px, 1px, 1px); » title= »« Mes petites astuces Instagram » — Santadenn » width= »525″></iframe>

> [Authy vs. Google Authenticator](

<iframe class= »wp-embedded-content » data-secret= »cLlSVT6Zen » frameborder= »0″ height= »296″ marginheight= »0″ marginwidth= »0″ sandbox= »allow-scripts » scrolling= »no » security= »restricted » src= » » style= »position: absolute; clip: rect(1px, 1px, 1px, 1px); » title= »“Authy vs. Google Authenticator” — Authy » width= »525″></iframe>

<iframe allowfullscreen= » » frameborder= »0″ height= »295″ mozallowfullscreen= » » src= »″ title= »Paris. » webkitallowfullscreen= » » width= »525″></iframe>

> [832 TB – ZFS on Linux – Project “Cheap and Deep”: Part 1](

<iframe class= »wp-embedded-content » data-secret= »JxOAVbIJMl » frameborder= »0″ height= »296″ marginheight= »0″ marginwidth= »0″ sandbox= »allow-scripts » scrolling= »no » security= »restricted » src= » » style= »position: absolute; clip: rect(1px, 1px, 1px, 1px); » title= »“832 TB – ZFS on Linux – Project “Cheap and Deep”: Part 1” — » width= »525″></iframe>

Blog & Link for new techno @Work


I try to add section between network/devops/systems stuff
Links on official content, Tutorial, interesting blog
All are used @Criteo if not indicated
Most of this tools could be found on github

Looking Glass net

Network – BGP on TOR – L3 design spine and leaf


prefix list automation (Not used @Criteo yet)
Google new network design :

2’22’’ to 2’54’’

-La prez au nanog sur les presentations don’t je vous ai parlé, faites pas attention au gars a 16’59’’ qui est arrivé en retard à la conf…

-Celle-là est pas mal aussi dans les videos connexes proposées, c’est pratiquement la meme prez que j’ai vu chez Arista par le même mec.
-LoadBalancer : Replay of a meetup



More Network

Sort of NoNo @FB
network definition language
looks a lot like cmdb light, same approach to config and design generation
language defines objects and comiled to fill db
they generate complete templates 2: Wedge100 + Backpack: From the Leaf to the Spine Zhiping Yao + Xu Wang, Facebook

Use of yang / openconfig

Presentation of openconfig with a demo on Juniper:

Ansible (Python) :
Ansible presentation made by Francois (Ex collegue @Criteo):

(Not used @Criteo ):

-Napalm : (Not used @Criteo yet) :
Napalm @Spotify:

More DevOps

Chef: ruby
Puppet : (not used @Criteo)

Python for Network
-Criteo Tools for network diff between 2 configuration files (Cisco/Arista) :

-Pourquoi docker/ansible par rapport a puppet/chef :

Monitoring / Graphs

-Time series DB:
OpenTSDB :
Grafana frontend :
Kibana :
ElasticSearch :

**Virutal env (VM/libvirt/container/…) :
If you want to test some apps/stuff you can use one of this « tools »
Docker :
Virtualenv : (more for dev)
Vagrant : (more for dev)


@34:47 you will find Steve Feldman, that’s my previous company colleague 🙂
The only feldman I know is him 😀

**DC Google en carton :

**Blog :

**A Trier:

— DEV —


** Tutos + Infos
Help on Git
And on this blog: Article de blog: Utilisation de git

Scripts a la con Hacks&co

**Security & Exlpoits
Browser exploit framework :