Lately I’m looking more and more into Python, with respect to automation implementations useful for network engineers. In the learning process I’ve used different materials, like the excellent video trainings Python Programming for Network Engineers from David Bombal which are available free on Youtube.
This training in particular relies on a Ubuntu Docker image in order to support Python learning following interaction with Cisco devices in GNS3. Everything is great, just that the image doesn’t contain all necessary tools (like Paramiko, Netmiko, Ansible…). As you can guess, whenever you close / open the Project in GNS3, all the installed packages installed in the Ubuntu Docker image are gone.
Since we’re talking automation, I got bored to install the necessary tools everytime I wanted to start a new project or I had to close GNS3 for some reason. I’ve tried to find a Docker image that suits my needs, but I couldn’t (please point me to one if you know it).
So, I’ve build a Docker image, based on Ubuntu 16.04, which contains the necessary tools to start learning Python programming oriented for network engineers:
It’s not news anymore that Mozilla is stopping support for NPAPI (Netscape Plugin API). With the release of Firefox 52 version, I believe that only Flash plugin is enabled by default.
I’ll skip the discussion about NPAPI plugins and Mozilla’s decision to stop the support, however the reality is that for me it has a strong impact in certain areas. One of this areas is the F5 BIG-IP, specifically the APM and possibility to launch Application (like RDP) from the Webtop interface.
I’m relying heavily on a F5 BIG-IP VE machine to connect to my home lab when I’m remote. The Webtop functionality gives me the possibility to use only a Browser to connect to my applications at home, keeping me away from any F5 client installation on the machine that I use. Usually this machine is my MacBook or PC, and the F5 client installation should not be a big thing, however I like the clientless option.
The F5 Webtop functionality is possible due to a NPAPI plugin called “F5 Network Host Plugin” which usually installs in the browser when you access the F5 APM. So yes, you still need to install something, but this browser plugin is Continue reading
In this post from 2011 I was explaining that my preferred online tool to draw network diagrams is LucidChart.com. Since then LucidChart.com developed really good and added constantly new features. Unfortunately with the new great additions some not so nice restrictions appeared for the free account.
Those restrictions (like 5 active documents) really make it difficult for me to work with this tool as I got used to a different style.
I’m not a cheap guy! If I would use this tool professionally there would be no problem to buy a subscription package, but at work Visio is saint (unfortunately) and the rest of the time, especially when I’m on my Mac, I just need a fast tool to draw brief network diagrams like for my blog or fast explanation to somebody online.
LucidChart.com is my recommendation if you rely on online tool to work with Visio documents. Last time when I checked their Visio import tool was doing a great job.
Back to this story, I was looking online for another tool when I came across Draw.io.
Draw.io doesn’t need an account creation, rather it just give you direct access to the tool.
Since Continue reading
Recently I had to troubleshoot some communication issues via a Cisco ASA device and the packet capture on the IOS comes in handy for this task.
When you have a lot of traffic over ASA and you’re interested in a particular IP address, the basic packet capture lesson says that you should configure an access-list to limit the captured packets for the interesting traffic only.
Let’s assume that I have a particular interest for the traffic to and from the IP address 10.0.0.10.
I created a standard ACL to match only the traffic related to 10.0.0.10:
access-list TS standard permit host 10.0.0.10
Afterward I attached the created ACL to a packet capture on a particular interface (let’s call it “lan”).
capture TSHOOT access-list TS interface lan
You can find the above lines in almost any how-to regarding packet capture on Cisco ASA.
Checking the capture I noticed that traffic is unidirectional captured:
FW# show capture TSHOOT 4 packets captured 1: 20:15:32.757010 802.1Q vlan#10 P0 192.168.0.10 > 10.0.0.10: icmp: echo request 2: 20:15:33.759283 802.1Q vlan#10 P0 192.168.0.10 > 10. Continue reading
Couple of days ago I reinstalled my machine that I use as GNS3 server. It was about time as thing started to become a bit unstable after so many patches and updates to bring it up from Ubuntu 8.04.
Read more on Remote desktop, GNS3 crashes when drag and drop topology objects…
There are a lot of “how-to” on the Internet explaining the setup procedure. This is mainly a copy / paste example for those in a hurry :)
I got some questions about how to configure Mikrotik to act as L2TP Server with IPsec encryption for mobile clients. I know this is not exactly in the line of this blog oriented on enterprise networks, but it’s network technology in the end so I’ll try to cover it here.
Not long ago I wrote an article on how to configure an IPsec VPN using Mikrotik and Linux devices. For today, I will replace the Linux device with a Cisco. I did test the entire construct in GNS3 integrated with Mikrotik.
I would like to start by saying Merry Christmas and Happy Holidays season to all. In between spending time with my family, decorating the Christmas three and opening presents, I did find some time to play around with my hobby and testing something in the lab.
As mentioned in an earlier post GNS3 is moving ahead fast. Currently at version 1.2.1 the GNS3 is looking great. Compared with the version 1.0 Beta 1 which I had installed, the 1.2.1 is not only more stable, but it has the Menu more clean and compact. For example now there is only one Preferences menu where you can adjust all your settings.
A while ago I received the following question:
“Why I’m not seeing the prefixes received from the BGP peer when using the show ip bgp neighbors x.x.x.x received-routes while the soft-reconfiguration inbound is not enabled?”
Read more on Cisco BGP soft-reconfiguration and received-routes relation…
After writing the Mikrotik IPsec VPN article and I got some questions about how Mikrotik will work with a Linux device to build an IPsec VPN. I did notice that the questions were more oriented for a copy / paste solution, so I’ll provide one that it’s working. If you need more details about why the solution is like it this, please let me know.
Also don’t forget to customize the solution as you need.
If you did not hear yet about Mikrotik I can’t say I blame you. Not exactly something you’ll find in SOHO network shops next to brand like TP-Link, Linksys or Netgear. Mikrotik is a company
in Latvia that produce network hardware under the name of RouterBOARD. The devices are excellent and the RouterOS support an amazing amount of feature for a SOHO product.