Aaron's Worthless Words Archives - NetworkingNexus.net

Generating Network Diagrams from Netbox with Pynetbox

Here’s my typical disclaimer: I’m not a developer. I have the ability to make code give me an expected output, but I do not do anything “the right way.”

All the code I write for these blog posts is in my Github repo that you can and should freely copy and modify. Here’s the environment I’m running this stuff in. Python. Pynetbox. You know the drill by now.

Python         :  3.9.10
Pynetbox       :  7.0.0
Netbox version :  3.5.8

We’ve been working through some stuff, and, at this point, we have a lot of stuff in our Netbox instance. Let’s step up the game a little, though, and see if we can’t generate a network diagram based on that data. Let’s set some expectations, though. This is not going to be comparable to that Visio diagram you’ve managed by hand for the last 8 years. This is going to be a very simple diagram with subnet, nodes, and IP addresses — enough for an auditor or for some architect who doesn’t know what’s in their own data centers.

The logic is pretty easy. The first thing we do it query for all our prefixes. Continue reading

Out-of-band Management – Useful Beyond Catastrophe

I was lucky enough to participate in Tech Field Day Extra at Cisco Live a couple ~~weeks~~ months ago. This event brings independent thought leaders together with a number of IT product vendors that were at Cisco Live to share information and opinions. I was not paid to attend, but the organizers did provide some meals while I was there. There is no expectation of providing any content, so the fact that I’m mentioning it says something. It was a great event and worth a few hours to check out the videos. Thanks to Gestalt IT for getting me involved. OpenGear was there, and it was good to see some new faces and hear some new ideas.

For those that ~~live under a rock~~ don’t know, OpenGear traditionally provides out-of-band (OOB) management solutions via hardware appliances that run independently of your network. They, like other vendors in that space, can connect to the cellular data network of choice and provide access to your gear when something fails (what OpenGear calls “worst day”). Over 99.9% of the time, though, you would never use your OOB devices. They’re just going to sit there doing nothing until that day that something fails Continue reading

Overlay Management

I was lucky enough to participate in Tech Field Day 27 a couple ~~weeks~~ months ago. This event brings independent thought leaders together with a number of IT product vendors to share information and opinions. I was not paid to attend, but the organizers did provide travel, room, and meals while I was there. There is no expectation of providing any content, so the fact that I’m mentioning it says something. It was a great event and worth a few hours to check out the videos. Thanks to Gestalt IT for getting me involved.

One of the companies that presented was Men & Mice. They have a product called Micetro (great name!) that manages your DHCP, DNS, and IPAM for you. The product doesn’t provide DHCP, DNS, or IPAM services; it manages it. That is, it configures and monitors those services for you, whether it’s running on your local network, in cloud, remotely, whatever. This is what they call overlay management.

What does that really mean, though? Since overlay management doesn’t provide endpoint services, your endpoints don’t see anything different. Your DHCP servers stays the same. DNS servers stays the same. IPAM stays the same. The only thing that’s Continue reading

Netbox Upgrade Play-by-play

I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.

Environment

The source v2.7.6 server is an Ubuntu 18.04 VM. Yes, both are very old.
The destination v3.4.8 server is an Ubuntu 20.04 VM.
We have no media, scripts, or reports in Netbox.
I’m running Virtualbox on my laptop to do the data migrations.
I did the Netbox installs with Netbox Build-o-matic.

Process Overview

Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.

The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.

One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading

Sending Slack Messages with Python

Here’s a quick summary of what we’ve talked about in the last few posts — all with Python.

We’ve asked Netbox to provide some info using pynetbox.
We’ve added stuff to Netbox using pynetbox.
We’ve updated and deleted stuff in Netbox using pynetbox.
We’ve logged our messages with Python logging.

This is all fine and dandy, but I would guess that you’re not the only engineer in the company and production maintenance scripts don’t run off of your laptop. We need a way to let a group of people know what’s happening when one of your scripts is run. And please don’t say email. Email has been worthless for alerting for over a decade, and there are better ways to do it. Search your feelings…you know it to be true!

At this point, we all have some magic messaging tool that someone in upper management decided we needed. There are others out there, but I would guess that the majority of companies are using Microsoft Teams or Slack with some Webex Teams sprinkled in there. These are great tools with lots of features and are probably not yet overused to point of making users ignore the messages, so they are Continue reading

Using Python Logging to Figure Out What You Did Wrong

As a warning to everyone, I am not a developer. I am a network engineer who is trying to do some automation stuff. Some of what I’m doing sounds logical to me, but I would not trust my own opinions for production work. I’m sure you can find a Slack channel or Mastodon instance with people who can tell you how to do things properly.

I use too many print statements to figure out what’s going on. Get an object and print it to screen to make sure it’s right. Do a calculation and print the result. There are so many print statements in my code that I had to start using a debug variable to tell it when to print stuff. I even use that technique in my functions.

# Don't do stuff like this
def myFunc(string_to_return, debug=False):
    if debug:
        print(f"Returning \"{string_to_return}\"")
    return string_to_return

local_debug = True
string_to_send = "Aaron wastes a lot of time with print statements."

if local_debug:
    print(f"I'm sending \"{string_to_send}\"")
myString = myFunc(string_to_send, debug=True)
print(myString)

It’s painful to look at this code. I need a better solution, and I found Python’s logging module.

Very simply, you associate your messages with one of five logging levels (debug, info, warning, error, Continue reading

Deleting Stuff from Netbox with Pynetbox

We’ve added stuff and updated stuff, so let’s delete some stuff. “Hey, man…you already did that,” you say? You’re right! When we started creating API tokens based on user/pass, we made sure to delete the token at the end. That means we should all be professional pynetbox deleters, then, right?

When using pynetbox, we mostly deal with object. When updating, we get the object, make changes, then save it back to Netbox. We don’t say “update object 38718 with a new widget”; you actually manipulate an object. When we delete something, we do the same thing…get the object and delete it. Here’s a snippet of the token cleanup script to show that.

<SNIP>
all_tokens = nb_conn.users.tokens.all()

for token in all_tokens:
    <SNIP>
    token.delete()

<SNIP>

Don’t think on the logic of this Continue reading

Updating Stuff on Netbox with Pynetbox

Let’s see. We’ve queried stuff on Netbox and added stuff to Netbox. Now let’s update stuff.

Netbox, like all sources of truth, needs to be kept up-to-date if it’s going to be useful. Without doing some maintenance on the data, it will wind up being like that one Visio diagram that you give the auditors — it might have been accurate at one point but gets further and further from the truth every day. We’ll need to keep our stuff updated today in order to use it more effectively tomorrow.

We’re going to again use Python and pynetbox for this (as the title says). Here’s the environment I’m working in.

Python         :  3.9.10 
Pynetbox       :  7.0.0  
Netbox version :  3.4.3 (Docker)

Remember when we loaded the data from the Continue reading

Adding Stuff to Netbox with Pynetbox

I think there’s a theme in the last few posts. I can’t quite put my finger on it, though. We’ve talked about querying Netbox, but it’s pretty useless without data actually in it. Let’s look at how to get stuff in there using pynetbox.

Here’s the environment I’m running. All this code is in my Github repo.

Python         :  3.9.10 
Pynetbox       :  7.0.0  
Netbox version :  3.4.2  (Docker)

Adding sites is pretty logical first step in a new Netbox install. They don’t have any required fields that have to be created first, so let’s start there. I’ve got a YAML file called sites.yml that contains the site data I want to import. Here’s what that looks like.

### sites.yml
- name: NYC
  description: New York City
   Continue reading

Query Filtering with Pynetbox

A bit ago, we talked about getting information out of Netbox with Pynetbox. The example was very simple, but I’m afraid the real world dictates that querying every device every time is not very efficient or manageable. At some point, we’ll need to ask for a subset of everything, so let’s look at filtering.

We used .all() last time. It’s pretty obvious what that gives us. If we don’t want everything in the world returned, we can use .filter() along with some parameters to limit that result. Let’s get to an example.

We want to print a report of all devices with hostname and role. The devices should be grouped by site. This means we need to get a list of sites, go through that list, get the devices there, and print what we Continue reading

Using Pynetbox to Create Netbox API Tokens

The last time, I talked about using pynetbox to make queries to Netbox. This was a very simple example, and one of the things that bugged me the most about it was the API token. In that post, we used a statically-assigned API token where I went into the Netbox GUI and generated one for myself. I think I may have even noted that this was definitely not the best way to handle those things. A possibly-better way to do it is to use your username and password on Netbox to generate a token for yourself. This would a token that you then delete when you’re done.

How is this better? The static tokens are just that — they’re static. If you generate your token, then anyone who has it can use it to Continue reading

Querying Netbox with Pynetbox

You should be using Netbox or something equivalent. I’m serious. Stop documenting your network with Word docs and Wiki pages and use something where the information can be queried. I’ve been using Netbox for a couple years, and it’s where I keep all that important information about my network. I use it to store hardware inventory, circuit inventory, contact information, site information…all sorts of stuff. Since all this information is already recorded there, I can just query it for the information I need. That includes any time I need to write some Python code to do something on the gear. I use the pynetbox module to do that.

To use pynetbox (or anything that uses API calls to Netbox), you’ll need to set up an API token. I am not qualified to tell you what the best way to manage these are, so we’re just going to assume you have an appropriate token configured already.

The Python Code

We’re going to write a short script to get all the devices from the Netbox instance…and here it is!¹

import pynetbox
import urllib3

NETBOX_SERVER = "*.*.*.*"
NETBOX_API_KEY = "742*****"

nb_conn = pynetbox.api(url=f"https://{NETBOX_SERVER}", token=NETBOX_API_KEY)
nb_conn.http_session.verify =  Continue reading

Adventures in Upgrading Netbox

I’ve been using Netbox for a while now, and, frankly, I can’t live without it. If you’ve never heard of it, it’s a Source of Truth for your network automation tasks started by Jeremy Stretch. I use it to document my networks (hardware inventory, subnets, physical connections, etc.), which provides my automation tasks a place to pull and push all sorts of information like management IPs, rack locations, power connections, network drops…the list goes on. In better words, your automation tools can ask Netbox what the state of your network is, and send it an update if that tool discovers something different. There are plenty of better places to discuss the benefits of a Souce of Truth, so just do the Googles for it.

My production instance is running Netbox 2.7.6, which is very old. The latest version of Netbox as of today is 3.3.7, so that should tell you how far behind we are. I’ve had mine running for over two years, and, in the meantime, the world has moved forward. If I update the server it’s running on (Ubuntu 20.04), then Netbox breaks. Yes, it’s so far behind Continue reading

BGP Configuration on FortiOS

I’ve never done a post on Forti-anything, but I’m really appreciating the products Fortinet is putting out lately. They’re transitioning from “run your SMB off of our stuff” to “actually, we’re pretty good for larger companies”, so their GUI lacks features to keep the SMB from blowing stuff up, The advanced features are there in the CLI, and I wanted to use it to show that difference between the GUI and the real config.

Let’s review some of the basic configuration elements of BGP first. You need an autonomous system (AS) number and a router ID for your side. You also need the AS number of the remote system. You need the IP address on their side (usually the interface facing you). That looks something like this. We’re going to be ‘Fortigate 1’ for this exercise.

With just this information, we can turn up a BGP neighbor that does absolutely nothing. To actually send some routes, you need to tell BGP what to send. We’ll keep this simple and add just connected networks. Adding to the diagram, we get this.

Now we have something of value (though choosing BGP over OSPF or RIP for this little scenario is pretty horrible). Continue reading

Modular Network OS with Nokia SR Linux

I was lucky enough to have been invited to attend Network Field Day 29 this past September in San Jose, CA. This event brings independent thought leaders together with a number of IT product vendors to share information and opinions. We saw presentations from a pretty full range of vendors — from the chips to observability. It was a great event and worth a few hours to check out the videos. Thanks to Gestalt IT for getting me involved.

Nokia was among the list of high-end companies we saw. No, they don’t make phones any more (though they do market their name to products), but they are still in the full-power, throw-packets-as-fast-as-you-can markets for hyperscalers and such. If you’re old like I am, you might remember Nokia as the hardware that Checkpoint ran on for a while. My brain has done its best to filter memories of those devices, but, luckily, the Nokia team is doing some much better things these days.

SR Linux was one of the focuses and the big hitter for me. This is a modernization of the SR OS that was introduced 20 years or so ago, and gets us into a “world of streaming telemetry. Continue reading

Nyansa Voyance at NFD18

Disclaimer : I was lucky enough to have been invited to attend Network Field Day 18 this past July in Silicon Valley. This event brings independent thought leaders to a number of IT product vendors to share information and opinions. I was not paid to attend any of these presentations, but Tech Field Day did provide travel, room, and meals for the event. There is no expectation of providing any blog content, and any posts that come from the event are from my own interest. I’m writing about Nyansa strictly from demonstrations of the product. I’ve not installed it on my own network and have no experience running it.

Anyway,…on with the show!

Nyansa (pronounced nee-ahn’-sa) is focused on user expereince on the access network. Their product, Voyance, analyzes data from a list of sources to provide a view into what client machines are seeing. This is more than just logs from the machine itself. We’re talkin about taking behaviors on the wireless, access network, WAN, and Internet, and correlating those data points to predict user experience issues and recommend actions to remediate those problems. As we discussed in the presentation, there are products that do each of Continue reading

Automating My World

I’ve told this story 984828934 time in the past year, but bear with me. We got a new director-type last year, and he has challenged all of us to do things differently. As in everything. Anything that we’re doing today should be done differently by next year. This isn’t saying that we’re doing things wrong. This is just a challenge mix things up, integrate new tools, and get rid of the noise. Our group has responded big-time, and we’re now doing most of our day-to-day tasks with a tool of some kind. A couple weeks ago, I realized that I did a whole day’s work without logging directly into any gear — everything was through a tool. It was a proud moment for me and the group.

To kick off this new adventure, we’re starting with writing all our own stuff in-house; we’re obviously not talking about a full, commercial orchestration deployment here. We’ve talking about taking care of the menial tasks that we are way too expensive to be doing. Simple tasks. Common tasks. Repeatable tasks. All game. What’s the MAC address of that host? Continue reading

Cisco Live 2018 – Yes, I Went Too

It’s been a very busy month or so. June is always like that, it seems. There’s ARRL Field Day, which is always the last rainy weekend in June. This year, Cisco Live was in June, and that typically includes Tech Field Day activities. Right before that, we had the whole family in town for a family reunion. There was all sorts of stuff going on. Now that most of that has blown over, I’ve collected my thoughts and wanted to talk about Cisco Live this year.

Those who are of any importance in the networking world (LOL!) converged on Orlando this to attend the conference. Orlando brings back all sorts of memories — from Taverna Opa to Sizzler to LISP explained with plates — and we’re all familiar with the Orange County Convention Center. It’s a great facility with enough room to handle the largest of gatherings. I don’t think I saw the attendance numbers, but I would guess there were 30,000 attendees at Cisco Live this year. A typical crowd for the event, and the venue was more than adequate.

This year, I went on the Imagine Pass instead of the full conference pass. This pass included Continue reading

An Update for my Adoring Fans

I feel like a teenage girl with a fashion blog who hasn’t posted in 6 months and comes back with “I know I haven’t posted in a while…” Sigh. It’s been right at a year since I actually published a post, so I figured I would give everyone an update.

I’ve had some personal things going on lately, and those have taken all of my energy. We’ve made it through those rough times, so my energy is coming back. I’m feeling better every day, and I hope I can get back to producing some content. And, let me tell you…I’ve got some stuff to talk about.

*insert star wipe here*

We got a new director-level dude at the office, and he’s really mixing things up for us. His philosophy includes changing the way we do everything that we do. Like literally everything. He ran a report for me on my ticket queue and showed me that 60% of my ticket count was on stupid stuff that’s below my pay grade. His advice : Make somebody else do it. So I did. I taught myself some more Python (not hard since Continue reading

Cisco Live US 2017 – Saturday Adventure

For the last couple years, on the Saturday before Cisco Live US kicks off, we like to go and do something in the host city. Nothing big. Nothing fancy. Just something we aren’t going to be able to do once the conference gets going. In San Diego, we went to the zoo. Last year, we went to the National Atomic Testing Museum. This year, we’re going to the National Museum of Organized Crime and Law Enforcement…aka, the Mob Museum.

It’s Vegas. This placed used to be full of mobsters doing some unsavory things. I like to think it’s a bit more legit these days, but it’ll be fun to see how the mob and the law danced around back in the day. It’s in the old historic post office and courthouse a couple block off Fremont Street and is complete with full courtroom and the wall where the Saint Valentine’s Day Massacre occurred. I should be a good time assuming we make it past the police lineup.

All are invited. If you want to join us, drop me a message on Twitter. We’ll probably meet for lunch then head over there in the early afternoon. Or head over there for lunch. Continue reading

1 2 Next »