One of the comments I received after publishing the Use VRFs for VXLAN-Enabled VLANs claimed that:
I’m firmly of the belief that VXLAN should be solely an access layer/edge technology and if you are running your routing protocols within the tunnel, you’ve already lost the plot.
That’s a pretty good guideline for typical data center fabric deployments, but VXLAN is just a tool that allows you to build multi-access Ethernet networks on top of IP infrastructure. You can use it to emulate E-LAN service or to build networks similar to what you can get with DMVPN (without any built-in security). Today we’ll use it to build a VRF Lite topology with two tenants (red and blue).
Today we’ll look into a question, which is raising quite often on various meetups related to network automation or various threads that is the addition of any automation components (say, NetBox) to the existing networking managing suit, where you already have some inventory (say, LibreNMS). We’ll take a look into multiple approaches and, as usual, will share some code snippets how you can do that.
Integrating different automation tools is typically the most labor-intensive work, as it requires understanding of the tools you are integrating, their internal hierarchy and APIs capabilities. That is not even saying that you shall be proficient with a variety of technologies, such as REST API or GRPC API, JSON/Protobuf/XML, Postman and many other tools. That’s a lot, and may be not easy to start with.
The good news is that all these things you can learn at out Network Automation Training programs:
show commit changes diff on Cisco IOS XR.
Cisco IOS XR is the operating system running for the Cisco ASR, NCS, and
8000 routers. Compared to Cisco IOS, it features a candidate
configuration and a running configuration. In configuration mode, you can
modify the first one and issue the
commit command to apply it to the running
configuration.1 This is a common concept for many NOS.
Before committing the candidate configuration to the running configuration, you
may want to check the changes that have accumulated until now. That’s where the
show commit changes diff command2 comes up. Its goal is to show the
difference between the running configuration (
show running-configuration) and
the candidate configuration (
show configuration merge). How hard can it be?
Let’s put an interface down on IOS XR 7.6.2 (released in August 2022):
RP/0/RP0/CPU0:router(config)#int Hu0/1/0/1 shut RP/0/RP0/CPU0:router(config)#show commit changes diff Wed Nov 23 11:08:30.275 CET Building configuration... !! IOS XR Configuration 7.6.2 + interface HundredGigE0/1/0/1 + shutdown ! end
+ sign before
interface HundredGigE0/1/0/1 makes it look like you did
create a new interface. Maybe there was a typo? No, the diff is just broken. If
you Continue reading
Cloudflare has been using ingress anycast (advertising the same set of prefixes from all data centers) for ages. Now they did a giant leap forward and implemented another “this thing can never work” technology: egress anycast. Servers from multiple data centers use source addresses from the prefix that’s advertised by all data centers.
Not only that, in the long-established tradition they described their implementation in enough details that someone determined enough could go and implement it (as opposed to the typical look how awesome our secret sauce is approach from Google).
Nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability, a new study shows.
New York State has banned a practice becoming more common in the crypto-mining industry â€“ the rescuing and repurposing of mothballed fossil fuel plants to exclusively provide energy for mining digital currency.
Time for another netlab video: after explaining how netlab fits into the virtual lab orchestration picture, let’s answer the next question: what exactly can netlab do?
Modularization is a crucial part of network design because it supports interchangeability, reduces the size of failure domains, and controls security domains. One critical aspect of modularization is functional separation, which argues for separating services onto specific physical and logical resources. Kevin Myers joins Tom Ammon and Russ White on this episode of the Hedge to discuss the theory and importance of functional separation in network design.
CONTAINERlab is a Docker orchestration tool for creating virtual network topologies. The sflow-rt/containerlab project contains a number of topologies demonstrating industry standard streaming sFlow telemetry with realistic data center topologies. This article extends the examples in Real-time telemetry from a 5 stage Clos fabric and Real-time EVPN fabric visibility to demonstrate visibility into IPv6 traffic flows.
docker run --rm -it --privileged --network host --pid="host" \
-v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
-v $(pwd):$(pwd) -w $(pwd) \
Run the above command to start Containerlab if you already have Docker installed. Otherwise, Installation provides detailed instructions for a variety of platforms.
Download the topology file for the 5 stage Clos fabric shown above.
containerlab deploy -t clos5.yml
Finally, deploy the topology.sFlow-RT Apps menu and select the browse-flows application, or click here for a direct link to a chart with the settings shown above.
docker exec -it clab-clos5-h1 iperf3 -c 2001:172:16:4::2
Each of the hosts in the network has an iperf3 server, so running the above command will test bandwidth between Continue reading