Aaron's Worthless Words Archives - Page 2 of 3

Using Pynetbox to Create Netbox API Tokens

As a warning to everyone, I am not a developer. I am a network engineer who is trying to do some automation stuff. Some of what I’m doing sounds logical to me, but I would not trust my own opinions for production work. I’m sure you can find a Slack channel or Mastodon instance with people who can tell you how to do things properly.

The last time, I talked about using pynetbox to make queries to Netbox. This was a very simple example, and one of the things that bugged me the most about it was the API token. In that post, we used a statically-assigned API token where I went into the Netbox GUI and generated one for myself. I think I may have even noted that this was definitely not the best way to handle those things. A possibly-better way to do it is to use your username and password on Netbox to generate a token for yourself. This would a token that you then delete when you’re done.

How is this better? The static tokens are just that — they’re static. If you generate your token, then anyone who has it can use it to Continue reading

Using Pynetbox to Create Netbox API Tokens

How is this better? The static tokens are just that — they’re static. If you generate your token, then anyone who has it can use it to Continue reading

Querying Netbox with Pynetbox

You should be using Netbox or something equivalent. I’m serious. Stop documenting your network with Word docs and Wiki pages and use something where the information can be queried. I’ve been using Netbox for a couple years, and it’s where I keep all that important information about my network. I use it to store hardware inventory, circuit inventory, contact information, site information…all sorts of stuff. Since all this information is already recorded there, I can just query it for the information I need. That includes any time I need to write some Python code to do something on the gear. I use the pynetbox module to do that.

To use pynetbox (or anything that uses API calls to Netbox), you’ll need to set up an API token. I am not qualified to tell you what the best way to manage these are, so we’re just going to assume you have an appropriate token configured already.

The Python Code

We’re going to write a short script to get all the devices from the Netbox instance…and here it is!¹

import pynetbox
import urllib3

NETBOX_SERVER = "*.*.*.*"
NETBOX_API_KEY = "742*****"

nb_conn = pynetbox.api(url=f"https://{NETBOX_SERVER}", token=NETBOX_API_KEY)
nb_conn.http_session.verify =  Continue reading

Querying Netbox with Pynetbox

The Python Code

We’re going to write a short script to get all the devices from the Netbox instance…and here it is!¹

import pynetbox
import urllib3

NETBOX_SERVER = "*.*.*.*"
NETBOX_API_KEY = "742*****"

nb_conn = pynetbox.api(url=f"https://{NETBOX_SERVER}", token=NETBOX_API_KEY)
nb_conn.http_session.verify =  Continue reading

Adventures in Upgrading Netbox

I’ve been using Netbox for a while now, and, frankly, I can’t live without it. If you’ve never heard of it, it’s a Source of Truth for your network automation tasks started by Jeremy Stretch. I use it to document my networks (hardware inventory, subnets, physical connections, etc.), which provides my automation tasks a place to pull and push all sorts of information like management IPs, rack locations, power connections, network drops…the list goes on. In better words, your automation tools can ask Netbox what the state of your network is, and send it an update if that tool discovers something different. There are plenty of better places to discuss the benefits of a Souce of Truth, so just do the Googles for it.

My production instance is running Netbox 2.7.6, which is very old. The latest version of Netbox as of today is 3.3.7, so that should tell you how far behind we are. I’ve had mine running for over two years, and, in the meantime, the world has moved forward. If I update the server it’s running on (Ubuntu 20.04), then Netbox breaks. Yes, it’s so far behind Continue reading

Adventures in Upgrading Netbox

BGP Configuration on FortiOS

I’ve never done a post on Forti-anything, but I’m really appreciating the products Fortinet is putting out lately. They’re transitioning from “run your SMB off of our stuff” to “actually, we’re pretty good for larger companies”, so their GUI lacks features to keep the SMB from blowing stuff up, The advanced features are there in the CLI, and I wanted to use it to show that difference between the GUI and the real config.

Let’s review some of the basic configuration elements of BGP first. You need an autonomous system (AS) number and a router ID for your side. You also need the AS number of the remote system. You need the IP address on their side (usually the interface facing you). That looks something like this. We’re going to be ‘Fortigate 1’ for this exercise.

With just this information, we can turn up a BGP neighbor that does absolutely nothing. To actually send some routes, you need to tell BGP what to send. We’ll keep this simple and add just connected networks. Adding to the diagram, we get this.

Now we have something of value (though choosing BGP over OSPF or RIP for this little scenario is pretty horrible). Continue reading

BGP Configuration on FortiOS

Now we have something of value (though choosing BGP over OSPF or RIP for this little scenario is pretty horrible). Continue reading

Modular Network OS with Nokia SR Linux

I was lucky enough to have been invited to attend Network Field Day 29 this past September in San Jose, CA. This event brings independent thought leaders together with a number of IT product vendors to share information and opinions. We saw presentations from a pretty full range of vendors — from the chips to observability. It was a great event and worth a few hours to check out the videos. Thanks to Gestalt IT for getting me involved.

Nokia was among the list of high-end companies we saw. No, they don’t make phones any more (though they do market their name to products), but they are still in the full-power, throw-packets-as-fast-as-you-can markets for hyperscalers and such. If you’re old like I am, you might remember Nokia as the hardware that Checkpoint ran on for a while. My brain has done its best to filter memories of those devices, but, luckily, the Nokia team is doing some much better things these days.

SR Linux was one of the focuses and the big hitter for me. This is a modernization of the SR OS that was introduced 20 years or so ago, and gets us into a “world of streaming telemetry. Continue reading

Modular Network OS with Nokia SR Linux

Nyansa Voyance at NFD18

Disclaimer : I was lucky enough to have been invited to attend Network Field Day 18 this past July in Silicon Valley. This event brings independent thought leaders to a number of IT product vendors to share information and opinions. I was not paid to attend any of these presentations, but Tech Field Day did provide travel, room, and meals for the event. There is no expectation of providing any blog content, and any posts that come from the event are from my own interest. I’m writing about Nyansa strictly from demonstrations of the product. I’ve not installed it on my own network and have no experience running it.

Anyway,…on with the show!

Nyansa (pronounced nee-ahn’-sa) is focused on user expereince on the access network. Their product, Voyance, analyzes data from a list of sources to provide a view into what client machines are seeing. This is more than just logs from the machine itself. We’re talkin about taking behaviors on the wireless, access network, WAN, and Internet, and correlating those data points to predict user experience issues and recommend actions to remediate those problems. As we discussed in the presentation, there are products that do each of Continue reading

Automating My World

I’ve told this story 984828934 time in the past year, but bear with me. We got a new director-type last year, and he has challenged all of us to do things differently. As in everything. Anything that we’re doing today should be done differently by next year. This isn’t saying that we’re doing things wrong. This is just a challenge mix things up, integrate new tools, and get rid of the noise. Our group has responded big-time, and we’re now doing most of our day-to-day tasks with a tool of some kind. A couple weeks ago, I realized that I did a whole day’s work without logging directly into any gear — everything was through a tool. It was a proud moment for me and the group.

To kick off this new adventure, we’re starting with writing all our own stuff in-house; we’re obviously not talking about a full, commercial orchestration deployment here. We’ve talking about taking care of the menial tasks that we are way too expensive to be doing. Simple tasks. Common tasks. Repeatable tasks. All game. What’s the MAC address of that host? Continue reading

Cisco Live 2018 – Yes, I Went Too

It’s been a very busy month or so. June is always like that, it seems. There’s ARRL Field Day, which is always the last rainy weekend in June. This year, Cisco Live was in June, and that typically includes Tech Field Day activities. Right before that, we had the whole family in town for a family reunion. There was all sorts of stuff going on. Now that most of that has blown over, I’ve collected my thoughts and wanted to talk about Cisco Live this year.

Those who are of any importance in the networking world (LOL!) converged on Orlando this to attend the conference. Orlando brings back all sorts of memories — from Taverna Opa to Sizzler to LISP explained with plates — and we’re all familiar with the Orange County Convention Center. It’s a great facility with enough room to handle the largest of gatherings. I don’t think I saw the attendance numbers, but I would guess there were 30,000 attendees at Cisco Live this year. A typical crowd for the event, and the venue was more than adequate.

This year, I went on the Imagine Pass instead of the full conference pass. This pass included Continue reading

An Update for my Adoring Fans

I feel like a teenage girl with a fashion blog who hasn’t posted in 6 months and comes back with “I know I haven’t posted in a while…” Sigh. It’s been right at a year since I actually published a post, so I figured I would give everyone an update.

I’ve had some personal things going on lately, and those have taken all of my energy. We’ve made it through those rough times, so my energy is coming back. I’m feeling better every day, and I hope I can get back to producing some content. And, let me tell you…I’ve got some stuff to talk about.

*insert star wipe here*

We got a new director-level dude at the office, and he’s really mixing things up for us. His philosophy includes changing the way we do everything that we do. Like literally everything. He ran a report for me on my ticket queue and showed me that 60% of my ticket count was on stupid stuff that’s below my pay grade. His advice : Make somebody else do it. So I did. I taught myself some more Python (not hard since Continue reading

Cisco Live US 2017 – Saturday Adventure

For the last couple years, on the Saturday before Cisco Live US kicks off, we like to go and do something in the host city. Nothing big. Nothing fancy. Just something we aren’t going to be able to do once the conference gets going. In San Diego, we went to the zoo. Last year, we went to the National Atomic Testing Museum. This year, we’re going to the National Museum of Organized Crime and Law Enforcement…aka, the Mob Museum.

It’s Vegas. This placed used to be full of mobsters doing some unsavory things. I like to think it’s a bit more legit these days, but it’ll be fun to see how the mob and the law danced around back in the day. It’s in the old historic post office and courthouse a couple block off Fremont Street and is complete with full courtroom and the wall where the Saint Valentine’s Day Massacre occurred. I should be a good time assuming we make it past the police lineup.

All are invited. If you want to join us, drop me a message on Twitter. We’ll probably meet for lunch then head over there in the early afternoon. Or head over there for lunch. Continue reading

Cisco Live US 2017 – The Plan So Far

Put it on your calendar. Cisco Live US is June 25 – 29, 2017, in Las Vegas. This is the largest conference I go to every year, and it’s the highlight of my professional year. I’ve been going for a few years now and enjoy it for the content and camaraderie. What are we doing this year?

We’ll fly in on Friday again and do something. No idea what, but I imagine we’ll throw out an invitation for dinner to the public and meet somewhere. If you’re going to be in town, let me know, and we’ll meet up.

The Saturday Adventure was going to be ham radio related since that’s ARRL Field Day. I reached out to the Las Vegas ham club, and they told me that the clubs out there all go to the top of a mountain to operate. The problem : that mountain is 44.8 miles away from Mandalay. That’s one helluvan Uber ride, so that’s out. I looked at some other epic sites like the Grand Canyon and Hoover Dam, but, based on past participation, the time requirements for those don’t make the cut for the group. We probably need to meet Continue reading

Cisco Clock Issue – This Is Really Bad

Check out this advisory from Cisco that came out a couple days ago. You need to read it and act on it immediately! I’ll summarize for you : Thanks to a faulty clock signal component, certain Cisco devices will stop functioning after about 18 months and become really expensive bricks! Reading through it, you’ll see phrases like “we expect product failures” and “is not recoverable.” Seriously, what the hell? This really warms the heart.

The fault affects a couple Meraki devices, the Nexus 9504, and some models of the ISR 4000s – the ISR4331, ISR4321, and ISR4351. The 4000s are part of Cisco’s flagship branch routers, and I know several people (including myself!) who have some of the affected units deployed in production. Some unnamed people on Twitter tell me that they have 50 and even 120 of these guys deployed in the field. That’s a lot of faulty clocks.

The fix is to open a TAC case and get a new device. Cisco is using the word “platform” when talking about replacement, meaning that they’ll send you a naked device. If you have cards or memory upgrades or a Continue reading

ASIC Programmability from Barefoot Networks

Full disclosure : I was lucky to be among a group of networking influencers invited to Silicon Valley to visit some networking companies and see what they were offering to the market. I was flown out and given accommodations at the expense of Gestalt IT – the company that organized the event. I was given some swag by each company, but I was never paid to write a positive review on the product. Heck, I’m not even expected to write at all.

Think about the fastest switch in your network and why it’s so fast. Traditionally, it’s because the manufacturer has developed a very efficient ASIC that does switching very well (give me some leeway here and forget about routing, encapsulation, etc.), but it really can’t do anything else. Want a new switching feature? Well, your switch can’t do that if the ASIC doesn’t support it. No big deal – the manufacturer just needs to make a new ASIC that supports it, right? This sounds simple, but, generally, this is a many-years process and requires a hardware update on your end. This is not a good solution in a world where new features and technologies Continue reading

QoS? Really?

I wrote this post during Cisco Live and said “I’ll just give it a once-over tonight and publish it.” That was something like 6 weeks ago now. What a loser I am.

Yes, really. QoS has actually gotten some attention this year. After how many years of living in the dark and being feared by junior and senior engineers alike, we’re seeing some really cool technologies coming out for it.

I was honored to be invited to Tech Field Day Extra this morning while I’m at Cisco Live. If you don’t know about TFD, you’re missing out. A group of influencers gather in a room and get very deep and very technical presentations from vendors. Today, Cisco came and talked about a couple of topics including branch security and QoS. Obviously, the QoS was the big hitter for me.

Tim Szigeti (@tim_szigeti) kicked off the QoS conversation by talking about some of the recent advancements in QoS in both hardware and software. In hardware, he discussed the programmability of the new ASICs that Cisco is using in their switches and routers. These ASICs are dumb out of the box, but they are very willing to learn. Want it Continue reading

Cisco Live 2016 – Everything Is Coming Together

It seems that Cisco Live is about the only thing I blog about in the last…well, few years. At least I’m still writing, even if it is twice a year. :)

Here’s a summary about Cisco Live for those who live in a dark hole. It’s July 10 – 14, 2016, in Las Vegas. If you do anything with Cisco, you should go. If you do anything with technology that isn’t Cisco, you should go. Bring your significant other. There’s plenty to do for everyone. Anyway, on to the details for this year’s show.

The Mandalay Bay’s South Convention Center will be our campgroun this year. This is the same place from back in 2011, but with quite a few updates to the layout. I can’t remember the numbers from the last time, but I imagine that number will be close to double this year. I have all confidence that the convention center can handle us, though. They did such a wonderful job last time. I hope the food is as good as I remember; it’s been pretty poor going the last few years in Orlando, San Continue reading

« Previous 1 2 3 Next »