Ivan Pepelnjak
Author Archives: Ivan Pepelnjak
- Home → Author's archive:
Ivan Pepelnjak
Worth Reading: the Mythical Man-Month
I was discussing a totally unrelated topic with Terry Slattery when he mentioned a quote from the Mythical Man-Month. It got me curious, I started exploring and found out I can get the book as part of my Safari subscription.
Read more ...VXLAN Ping and Traceroute
From the moment Cisco and VMware announced VXLAN some networking engineers complained that they'd lose visibility into the end-to-end path. It took a long while, but finally the troubleshooting tools started appearing in VXLAN environment: NVO3 working group defined Fault Managemnet framework for overlay networks and Cisco implemented at least parts of it in recent Nexus OS releases.
You'll find more details in Software Gone Wild Episode 69 recorded with Lukas Krattiger in November 2016 (you can also watch VXLAN Technical Deep Dive webinar to learn more about VXLAN).
Parsing Printouts with Ansible Regular Expression Filters
Ansible is great at capturing and using JSON-formatted data returned by REST API (or any other script or method it can invoke), but unfortunately some of us still have to deal with network devices that cannot even spell structured data or REST.
Read more ...Introduction to Docker: Featured Video of January 2017
The featured webinar in January 2017 is the Introduction to Docker webinar, and in the featured video Matt Oswalt explains the basic Docker tasks. Other videos in this webinar cover Docker images, volumes, networking, and Docker Compose and Swarm.
To view the featured video, log into my.ipspace.net, select the webinar from the first page, and watch the video marked with star.
Read more ...Device Configurations Are Not a Good Source of Truth
One of my subscribers sent me this question after watching the second part of Network Automation Tools webinar (or maybe it was Elisa Jasinska's presentation in the Data Center course):
Elisa mentions that for a given piece of data, there should be “one source of truth”. It gets a bit muddled when you have an IPAM tool and Git source control simultaneously. It is not hard to imagine scenarios where these get out of sync especially if you consider multi-operator scenarios.
Confused? He provided a simple scenario:
Read more ...Plans for 2017
With January 6th the Christmas/New Year holidays are over even for most European countries, so it’s time to restart my blog and set some goals for 2017.
Webinars
2015 was year of SDN, 2016 was year of network automation, and 2017 is shaping up to be the year of the cloud.
Read more ...How I Started Hating Automatic Context Switching in Cisco IOS
Here’s a trick question:
- Imagine you have a network running IPv4 and VPNv4 services;
- You want to use neighbor next-hop-self on IPv4 sessions, but not on VPNv4 sessions;
To implement this request you use the following configuration commands (plenty of other commands removed because they don’t impact the results):
router bgp 64500
address-family ipv4
maximum-paths ibgp 32
maximum-paths 32
neighbor 192.168.0.4 next-hop-self
neighbor 192.168.0.1 next-hop-self
address-family vpnv4
maximum-paths ibgp 32
maximum-paths 32
no neighbor 192.168.0.4 next-hop-self
no neighbor 192.168.0.1 next-hop-self
Try to figure out what the end-result will be without connecting to a router or reading the rest of this blog post.
Ok, here’s what totally threw me off (and wasted an hour of my life): next-hop-self is removed from neighbors in the IPv4 address family. Here’s why:
- There is no maximum-paths ibgp command in VPNv4 address family;
- The moment you enter maximum-paths ibgp command the configuration parser exits the address-family vpnv4 context and enters router bgp context;
- Because the ipv4 address family is the default context within router bgp (for legacy reasons) all the subsequent commands are executed within the address-family ipv4 context removing next-hop self from neighbors in IPv4 address family.
No wonder David Barroso named his library NAPALM (you’ll find the full story in this or this podcast).
Worth Investigating: My Looking Glass Tool
If you're a networking engineer, sysadmin, or NetDevOps guru preferring the power of CLI over carpal-syndrome-inducing GUI you might like the My Looking Glass tool developed by Mehrdad Arshad Rad. Haven't tried it out, but the intro on GitHub page looks promising.
If you decide to try it out (or already did) please share your experience in a comment. Thank you!
Push Configuration Snippet to a Bunch of Cisco IOS Devices
As I was trying to automate configuration deployment in a multi-router Cisco IOS lab, I got to a point where the only way of figuring out what was going on was to log commands on Cisco IOS devices. Not a big deal, but I hate logging into a dozen boxes and configuring the same few lines on all of them (or removing them afterwards).
Time for another playbook: this one can push one of many (configurable) configuration snippets to a group of Cisco IOS devices defined in an Ansible inventory file.
Interesting? Want to do something more complex? Join the Network Automation online course.
Generating OSPF, BGP and MPLS/VPN Configurations from Network Data Model
Over a month ago I decided to create a lab network to figure out how to solve an interesting Inter-AS MPLS/VPN routing challenge. Instead of configuring half a dozen routers I decided to develop a fully-automated deployment because it will make my life easier.
I finally got to a point where OSPF, LDP, BGP (IPv4 and VPNv4) and MPLS/VPN configurations are created, deployed and verified automatically.
Read more ...Create Ansible Inventory File from Vagrant SSH Configuration
While it’s relatively easy to create an Ansible inventory file to support a Vagrant-created virtual networking lab, it’s also utterly boring – a perfect job for an automation script. I’m positive there are a zillion solutions out there, but I decided to reinvent the wheel and get a bit of Python hands-on practice.
Python for Networking Engineers
One of my readers sent me a simple question: “Do you plan to have a Python for Networking Engineers webinar?”
Short answer: no immediate plans.
Here are just a few reasons:
Read more ...Network Automation Labs with Ansible in a Virtual Machine
Most network automation tutorials out there assume you’re running Ansible on your workstation and accessing virtual machines via SSH ports mapped by Vagrant. That’s great if you’re an experienced Ansible/Python user; for a clunky beginner like myself it’s safer to run Ansible within a VM that can be destroyed and recreated in seconds.
Webinars in 2016
Another year swooshed by… it’s time for another what have we been doing in this year blog post.
Most important bit first: ipSpace.net is slowly morphing from a personal project into a (hopefully interesting) learning platform with almost 30 authors creating or participating in ipSpace.net webinars or online courses.
Read more ...Video: SDN Controller Running in a Virtual Machine
During the Monitoring Software-Defined Networks webinar Terry Slattery addressed an interesting question: what happens if you run an SDN controller in a virtual machine and the virtual network crashes?
Want to know his take on the problem? Watch this free video on ipSpace.net content site.
Q&A: Vendor OpenFlow Limitations
I rarely get OpenFlow questions these days; here’s one I got not so long ago:
I've just spent the last 2 days of my life consuming the ONF 1.3.3 white paper in addition to the $vendor SDN guide to try and reconcile what features it does or does not support and have come away disappointed...
You’re not the only one ;)
Read more ...Worth Reading: Load Balancing at Fastly
High-speed scale-out load balancing is a Mission Impossible. You can get the correct abstraction at the wrong cost or another layer of indirection (to paraphrase the authors of Fastly load balancing solution).
However, once every third blue moon you might get a team of smart engineers focused on optimal solutions to real-life problems. The result: a layer of misdirection, a combination of hardware ECMP and server-level traffic redirection. Enjoy!
Network Automation Tools: Featured Webinar in December 2016
The featured webinar in December 2016 is the Network Automation Tools webinar, and in the featured videos you'll find in-depth description of automation frameworks (focusing on Ansible) and open-source IPAM tools (including NSoT recently released by Dropbox).
To view the videos, log into my.ipspace.net, select the webinar from the first page, and watch the videos marked with star.
Read more ...Snabb Switch with vMX Control Plane on Software Gone Wild
In Software Gone Wild Episode 52 Katerina Barone-Adesi explained how Igalia implemented 4-over-6 tunnel termination (lwAFTR) with Snabb Switch. Their solution focused on very fast data plane and had no real control plane.
No problem – there are plenty of stable control planes on the market, all we need is some glue.
Read more ...You Don’t Need Programming Skills to Build Network Automation Solutions
I got several questions along the lines of “Do I need programming skills to attend the Building Network Automation Solutions course?”
Short answer: No.
Read more ...