Archive

Category Archives for "ipengineer.net"

OpenStack Summit – Tokyo – 2015 – Wednesday 28th – Show Notes

It’s Tuesday, it’s 9am and most people have hangovers from the numerous evening events going on in and around Takanawa. 

The opening keynote seemed to revolve around Neutron and the great work Kyle (@mestery) has been doing as the project technical lead (PTL) of Neutron. Seriously, Neutron has the highest activity rate of all projects. Some argue that Neutron is too complicated and previous to attending the summit, rumours were rife around increasing support for simplifying Neutron to replacing it with Open Daylight. Needless to say, there are parties out there that want to see Neutron dead and claim it’s just too complicated to use.

So, to some keynote ‘framing’ figures: In 2014, 68% if OpenStack users (at least of those reporting) were making use of Neutron. Just one year later and it’s jumped to 89%! Maybe this can be attributed to OpenvSwitch and OVN, but either way, usage is increasing. This could also be attributed to new users not wanting to veer away from the popular projects.

With regards to the ever standing argument of “OpenStack isn’t ready for wide adoption”, which is self perpetuating, the guest speakers who were part of the keynotes, seemed to Continue reading

OpenStack Summit – Tokyo – 2015 – Tuesday 27th – Show Notes

It’s Tuesday morning, it’s 9am and the keynote started off in a blaze of glory.

Over 5000 attendees are present, from 56 countries. The opening presenter with a huge amount of energy stated:

OpenStack is the greatest open source project!

Can we argue with that? The obvious one being Linux, but a second place isn’t to be argued with.

Egle Sigler, Principal Architect, RackSpace, OpenStack Foundation Board Member: Use devstack, which provides visibility against usability for defcore. The more it’s used, the better the visibility. All goes to the common good.

DefCore sets base requirements by defining 1) capabilities, 2) code and 3) must-pass tests for all OpenStack products. This definition uses community resources and involvement to drive interoperability by creating the minimum standards for products labeled "OpenStack."

Lachlan Evenson: Lithium Technologies: Highly energetic Aussie, spoke about rapid development and deployment. Via the presentation, Lachlan showcased a realtime app built on Google tech; containers in OpenStack using Kubernetes and a five "minute deployment". Also demonstrated a home grown dashboard with honeycomb visualisation for each type of OpenStack project. Also via Slack, he showed the use of Kubot (A Kubernetes Slack ‘bot’) to talk to Kubernetes and scale up Continue reading

Education for SDN from the ONF

After an incredibly busy week at the Layer 123 SDN World Congress in Düsseldorf, questions of how education is delivered and how it should be delivered in to the field are churning in my aching brain. After a (really) high number of conversations, it’s pretty clear that education for SDN, NfV and network automation is on the mind of professionals and current students alike.

With an almost cocky and over-confident certainty, it’s easy to guess that most network engineers and architects have taken the Cisco road to gain skill sets. Some invest in more neutral options like CBT Nuggets and IPSpace.net, which bring a rich variety of additional content. Cisco have almost certainly set in concrete the way traditional network engineers ‘have’ to learn and as the corporate ladder is ascended year by year, every freshly minted manager believes that his or her staff must follow the same road and ‘earn their spurs’. Not to say there was anything wrong with it, but times change and so must education and learning.

The traditional path to education and certification goes something like this:

NetEng: I need to learn and validate my learning for my employer, or partnership status Continue reading

Killer SDN Applications: A view in 2015

Whilst on the DLR in London earlier this year (2015) a set of thoughts came to light whilst pondering centralised decision making for part of a network. It’s not uncommon to hear “Product X is a great platform that just needs the killer app”. Why the DLR? No drivers, swipe-in-swipe-out ticketing and a well defined service. A train still takes you from A to B, but the whole service around it has completely changed to keep up with the requirements. Thought provoking stuff.

TL;DR

Many people talk about killer apps and are seemingly waiting for them to pop in to existence. This post goes someway to come to terms with the lack of emerging killer apps and why we’re one paradigm shift away from seeing it happen.

The Rub

I’ve said this a million times, but traditional networking skill sets view the network as a CLI that is linked to features. Separation of the monolith seems mad! Why separate something out when what we have today works? Well, that’s the key issue.

The IPEngineer Laws of Humans

Networking as we mostly know it today:

a) Is massively reliant on error prone humans
b) Humans are an expensive resource to have Continue reading

Working From Home On 4G

In April 2015, my partner and I decided it was time to move in to our own (first) place together. As a teleworker this brings it’s own set of issues, mainly in the name of connectivity and climate. BT traditionally have been able to offer generous enough requirements, but as enterprise technology has evolved to consume more bandwidth, BT have slowly fallen behind. FTTC or Fibre To The Cabinet (VDSL), also known as “Superfast Fibre Optic Broadband” offered by the likes of BT and Sky to name but a couple, serves my needs well providing I have access to a local street cabinet that has a spare port on a VDSL capable device.

For those also wondering about the state of “Superfast Fibre Optic Broadband”, it turns out after many court cases mainly with BT and Virgin in the UK, it’s fine to use ‘fibre optic’ in product names as long as fibre is used somewhere. Unbelievably misleading and it cheeses me right off.

So it turns out, after confirmation from BT that our to be purchased house can indeed receive FTTC, we purchased, completed and started renovation work. It was time to place the BT order!

The BT Order

Continue reading

NetDevOps: Delivering Network Levers

As a recent transition from the VAR side of the room to that of the vendor, it’s been eye opening and a great reset experience to view the world from a previously unexperienced angle. Truly.

Just for clarity, this post contains my own views. Period.

What is so apparent and this falls perfectly inline with Matt Oswalt’s floweringly hilarious post, is we’re moving to a period where sexy has to be real and functional. It could be an easy button (something that makes your life easier as an operator of network infrastructure) or an insight shared with your customer that results in infrastructure being used or consumed slightly differently to solve a real business problem. After all, the infrastructure wouldn’t exist without the business requirement to consume it. The days of huge world changing massive behemoth solutions has died a death. Why would an enterprise change their entire operational procedures and practices just because “MEGA SOLUTION-TRON” can make an omelette? The NOC team doesn’t even eat omelettes!

Take the story of Software Defined Networking. Starting out as a centralised control-plane for distributed data paths and being churned up by the stampeding vendor crusades, it’s now a $variable that covers Continue reading

Validating and searching JSON

When it comes to dealing with network automation, you can find yourself battling with many things, including dealing with XML and JSON data structures as you build apps that consume or spit out data.

Recently I’ve been using ‘jq’ to provide my JSON validation (i.e. I’ve not missed a quotation, colon, comma, curly or square bracket) when building data in JSON. Its primary function and purpose is to search through JSON data to find something in the data set, or reduce the data set to an area of focus, thus also validating your application is generating what it should be generating! A ‘lightweight and flexible command line JSON processor’ if you take the website description which is here: http://stedolan.githib.io/jq/

So how do you use this jq?

Here’s a simple JSON example with an ‘error’.

{
	"name":"App1",
	"OS":["Linux", "Windows", "Solaris", "OSX"],
	"Author":"David Gee",
	"Email":"[email protected]",
	"Twitter":"@davidjohngee"
	"Version":"alpha-v0.1",
	"IP_Address":"192.0.2.1:5000"
}

Using ‘jq’ I can not only validate the structure, but in the case of a script, I can also parse out the key/value I need. But first, let’s see where our error is.

$ jq '.' tst.json 
parse error: Expected separator between  Continue reading

Junos export policy not working?

During a project recently, I was promptly reminded about the construction of Junos route export (i.e. route redistribution) policies. Specifically when filtering prefixes during the export/redistribution. The logic goes something like this:

a) Create prefix-list of prefixes to export
b) Create policy which references the protocol and prefix list to export
c) Attach policy to protocol

An example is here:

policy-options {
    prefix-list CUST_A {
        192.0.2.1/32;
    }

	policy-statement REDISTRIBUTE_STATICS_CUST_A {
    	/* FROM PREFIX-LIST TEST TO METRIC TYPE 1 FOR CUST A */
    	term 1 {
        	from {
            	prefix-list CUST_A;
        	}
        	to protocol ospf2;
        	then {
            	external {
                	type 1;
            	}
            	accept;
        	}
    	}
	}
}

protocols {
	ospf {
		export REDISTRIBUTE_STATICS_CUST_A
		area 0.0.0.0 {
		interface x-x/x/x.x
		}
	}
}

With Junos export policies for routing, if you want to export more prefixes of the same type, adding an additional policy which also references the same protocol for the export will just not work. If you do the below, then you’re out of luck.

policy-options {
    prefix-list CUST_A {
        192.0.2.1/32;
    }

    prefix-list CUST_B {
        192.0.2.2/32;
    }

	policy-statement REDISTRIBUTE_STATICS_CUST_A {
    	/* FROM PREFIX-LIST TEST TO METRIC TYPE 1  Continue reading

Git for network engineers

What is Git?

git-logo

Git is a source control manager (SCM), also known as revision control. It manages changes to documents, computer programs and large websites. Arbitrarily it can manage versioning for collections of information.

Why is it important to network engineering? Well, currently we stick the config files in a directory and forget about them. Version control can be very regimented with commit comments and other markers, which helps to identify information. More importantly, as we move towards DevOps with open arms, we have to think about managing what we do in different ways. Just because something has been done a certain way, doesn’t mean it’s good to continue with that modus operandi.

Fear not – just because something is hidden away in a repository, doesn’t mean you can’t diff files etc.

Also you don’t have to have just local git repositories, you can have them on remote servers as well as the likes of github.com.

Before we start, be warned that this is a very simple example. You can use this for managing all sorts of configurations like core routers, firewall access-list entries, hell, even change control data. Be mindful of what you push and commit!!! Ensure that Continue reading

The Zen of Sailing Through IT Projects

For those of you who have worked in large companies, it’s common territory to be stuck riding waves on a ship without a sail. Said ship also has its anchor out, but the deck hands have forgot about that and the captain never logged it. The anchor is being dragged around due to the ship bobbing up and down on the waves, dragging a number of artifacts along at the same time and giving some image of movement. Sometimes the ship and crew head in the right direction but no one really knows what that is due to the ever whirring compass from a dodgy purchase and blocked views of the stars due to persistent clouds.

Fear not, this isn’t a terribly written nautical blog or a write up of a lost ship; it’s a description of a large-scale enterprise IT project.

Boating

This one particularly made me laugh. A lot of projects feel like this!

Waterfalls

In software development, there are numerous approaches to projects. A well known one is the waterfall method. It starts at the top follows a sequential path through the various phases. This methodology is unconsciously followed in enterprise projects through initiation, discovery, design, deployment and Continue reading

Cisco Live Europe 2015 – and the year ahead

Cisco Live Europe 2015

Commonly known as the biggest networking/’networking’ event in the industry for Europe, Cisco Live has something for everyone. Some great breakout technical sessions, meet the engineer, the World of Solutions and of course this year, the DevNet hall that also had a weekend hackathon which this blogger would have loved to have taken part in.

It was pretty obvious (you would have to be blind and deaf not to notice) that whilst walking around the Milano Congressi venue that houses the event, that Cisco have cottoned on to the idea that a copy and replace of product names to ‘software defined <$PRODUCT>’ is a bit of a unique to them tide turner. There are only so many ways problems like ‘resistance to change’ and the ‘adoption of technology to a risk averse’ industry can be addressed. If everything is based on the same naming schema, then the problem becomes less of a thing. Even if people use the same product they used before with a different name, guess what, it’s now software defined and the maturity cycle is already under way. Clever move. Not that I appreciate new startups calling everything software or hardware defined. Yikes. Continue reading

Hyperglance: Visualising ALL of your IT infrastructure

In this modern world where the whole IT industry is pondering what the next steps, trends and operational requirements will be, one thing is sure, we’re in an era of collaboration and integration.
We’ve been through learning curves around converged network fabrics, traditional silo based approaches encroaching on each other and managerial headaches of rapidly deploying new enterprise and webscale applications. Cloud is now a domestic term and the IT industry seeks new cooler ways of delivering technology. Container popularity is rapidly rising and the ‘Internet of Things (IoT)’ is now becoming a real world thing as opposed to a ‘it will happen folks!’ statement.
Winding back to the opening statements, with a system comprised of physical tin, hypervisors, container providers, microservices, machine-to-machine communication, mobile end points, block and blob storage, even if this sat with one vendor it’s a complex set of mush. Throw in ten different vendors, a mashup of APIs and operational territory problems, we have a real problem.

I’m a human – not a machine!

All the recent Hollywood blockbusters focus on human efforts to generate realistic and complex AI (artificial intelligence), but how about humans trying to manage already complex systems? Every vendor and Continue reading

Multigigabit Ethernet 2.5 / 5.0Gbps NBASE-T Alliance

Ethernet 2.0

The title above may seem a little odd given Ethernet’s long and healthy life. Keeping conversation to more recent Ethernet standards (10/100/1000/10000/40000/100000 Mbps) the transmission technology and encoding standards have come a very long way for Ethernet. I remember when 100Mbps ports were the absolute norm and when 1Gbps ports were spared for very special (high paying) customers often on a single line card on a router!!! A router!!!

Wind the clock forward about ten years and where are we? 10Gbps access ports to servers, 40Gbps uplink ports from top of rack switching and 1Gbps ports to wireless access points, vending machines and home devices such as printers and coffee machines. Wireless technology is flourishing and with the advent of 802.11ac (Gigabit wireless) the access layer is seeing rolling upgrades.

So if we imagine our access tier is formed of 1Gbps access ports to wireless access points, multiple 10Gbps uplinks often in a multi-chassis Ethernet LAG (MLAG/MEC/vPC/) bundle and core speeds at least at multiple 10Gbps if not 40Gbps speeds, what happens when wireless plays catch up? Introducing The 802.11ac Wave 2 standard which sees speeds that could exceed 6.8 Gbps. This unbelievable wireless speed Continue reading

Coding Basics: Python in Visual Studio

Python on Windows with Visual Studio

Whilst I’m an OSX and Linux fan, Windows is a key operating system in any enterprise and developing network applications in a Windows environment is also an important topic to cover off. Visual Studio (VS) is a Windows IDE (Integrated Development Environment) which will also soon be available for OSX (at the time of writing, it isn’t released). Whilst I’ve brushed over this previously, this post is a quick guide on how to setup a very easy to use environment to play with Python. This is not however an in depth tool chain guide. This is a 101 post but will be enough for most people to get to grips with Python who use Windows. Let’s face it, you don’t really want to be sitting on the command line doing this do you and Eclipse is not to everyone’s taste, especially if you have prior experience coding with .net for instance.

  1. Install the free version of Microsoft’s Visual Studio found here
  2. Install Python 3.x (or 2.x depending on your reasons) found here
  3. Install the Python tools for Visual Studion found here

I install both Python 2.x and 3.x as you Continue reading

Python: Building a Simple NETCONF RPC Tool

Python: Building a simple NETCONF RPC Tool

For a while now I’ve been playing with NETCONF primarily with Cisco Nexus devices. It’s struck me how difficult it is to get good information on doing trivial things like building a simple NETCONF RPC wrapper

How would this be generated for instance? This is wrapper that can be submitted to the ‘xmlagent’ or ‘netconf’ subsystem on a Cisco Nexus device. Note the use of namespaces (nf:rpc, nxos:cmd) where nxos is a namespace? XML is easy for the most part. Namespaces on a personal level meant learning something new and how to deal with that knowledge programmatically.

<?xml version='1.0' encoding='ISO-8859-1'?>
<nf:rpc xmlns:nxos="http://www.cisco.com/nxos:1.0" xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="42">
  <nxos:exec-command>
    <nxos:cmd>interface ethernet 2/1; shutdown</nxos:cmd>
  </nxos:exec-command>
</nf:rpc>
]]>]]>

Other than generating it via a text string and formatting placeholders with “%s”, there has to be a better way! Indeed there is!

NETCONF 101

The IPEngineer definition: NETCONF is an IETF standardizsed RFC (6241) defined mechanism to configure network devices over some kind of channel using XML encoded data over a secure layer such as SSH. When the channel is opened, a NETCONF ‘Hello’ exchange takes place between the client and Continue reading

Custom Python Packages With PyPi For Networking Peoples

pypi

Quite frequently I write and build code to control and harvest data from network infrastructure. Whether it’s writing modules for a stack automation tool like Ansible or writing modules for run to completion scripts, code is often spawned to meet requirements. Sometimes this code is more than a little complex with many dependencies. In addition, sometimes code is written to extend an existing module, like the Python NetConf library NCClient. This happened recently for example when the NCClient library failed to meet expectations.

Two options exist for complicated projects from an arbitrary point of view:

  1. Include all of the dependencies in a directory and provide everything including the kitchen sink to allow your code to function as per design.
  2. Create an installable which takes care of all dependencies.

With Python, option 2. is an interesting one that I’ve never previously thought about doing.

Information for this post and my initial requirement came from these two sources which were most helpful:

http://www.scotttorborg.com/python-packaging/minimal.html
http://peterdowns.com/posts/first-time-with-pypi.html

PyPi Introduction

How many times have you installed a module using something like

sudo pip install 'blah'
without really wondering what the repository is that hosts the code for you to just automagically Continue reading

White Box Switching: Broadcom StrataXGS Tomahawk

A previous post listed the excitement I felt when reading through the Cavium XPliant announcement. Programmable fast packet forwarding hardware? Awesome! In a previous life I worked with embedded electronics and wrote several interesting algorithms in C and assembly for applications from noise filtering for AD conversion, LCD screen drivers and TCP/IP stacks (which was fun). This kind of thing really excites me. Nuff said.

So I was more than happy to read the announcement from Broadcom announcing their latest child, the StrataXGS® Tomahawk™. This chipset is formed from more than 7 billion transistors, can forward packets at 3.2Tbps and is optimised for SDN and high port density devices, not to mention it is an authoritative chipset for 25GE and 50GE Ethernet and provides sub 400ns port-to-port operation. Sound good? It’s the next evolutionary step from Trident II and matches the offering from Cavium with their XPliant child.

The Broadcom StrataXGS® Tomahawk™ can deliver 32x 100GE, 64x 40/50GE or 128 ports of of 25GE on a single chip. SINGLE CHIP! This all boils down to 25Gbps per-lane interconnections. Bit of a waste perhaps for 40GE? Which is good considering this chipset is based on upgrading switches with 10GE host Continue reading

IPv6 Adoption in the UK

One of my biggest annoyances for a while has been the lack of interest in IPv6 in the UK. There just isn’t a thirst for it. I’m pretty convinced it’s down to lack of sales support by out coin operated fraternity of technology touting army of salesmen (and women). Justifications like “IPv4 is running out” and “IPv6 when wielded correctly gives us huge growth potential” just isn’t enough to convince anyone that it’s here and is ready for adoption in enterprises nationally. The commoditisation of last mile circuits and consumer grade connectivity has also driven down profit and therefore as these businesses run with tightly controlled finances, the ability to invest in additional functionality with no perceivable gain is frowned upon somewhat. So, a quote that I thumbed in to Twitter was “Would you expect sparkling vitamin water to come out of the same taps as your current still cold feed? Who would pay £1 a month more?”. The answer to this somewhat pointless frustrated question is probably not of any value to anyone barring technologists who get it. Of course you wouldn’t get it out of the same tap! Whilst it would be delivered from the same set Continue reading

Network Automation & Controller Questionnaire

With all of the current trends coming in to the industry around policy based network configuration, network automation and controller value add, do you understand why and where the trends are coming from? With organisations, consultancy outfits and independents struggling to see where things are going in the industry, it’s imperative that as an industry we steer eduation and awareness. Sure, the big players are steering things, but you, the fraternity drive the demand. Have your say and the results will be published at the end of the year once there are enough submissions to represent a varying set of opinions.

Do you actually have a customer dying to move to a policy based operations model? Do you know what policy based configuration is and where the industry is going with it?

Does your organisation have a rigid change management stucture? How would your company handle automatic network configuration generation? Would you still need to manually execute the deployment and email with a “green tick” to the change board?

Do you automate your build configuration already? How do you do that? Are you comfortable with it?

Do you have ideas on what value a controller could bring to your organisation? Continue reading

Network Taps, Monitoring & Visibility Fabrics: Modern Packet Sniffing

Before we go in to observed trends, let’s put some context on this post and definitions around monitoring. Network monitoring and tapping, this can be described as “packet capture, packet and session analysis and NetFlow generation with analytics”. Tap fabrics typically provide a means of extracting packets from a network but not so much the analysis. Tools like Wireshark, Lancope’s Stealth Watch and a good IDP solution are still required.

Current Situation and Legacy Methodology

In days of past (and most current networks), if you want/ed to harvest packets from a network the quickest route was to mirror a port to a server running Wireshark and filter the results to make sense of what was going on from a protocol and application point of view. Cisco have tools like the NAM, which comes in several forms such as a server, Catalyst 6500 switch module and ISR module. The NAM allows you to visually observe network trends and network conversations via generated graphs but also inspect by download the PCAP files. Probably one of the most pleasant experiences most people have in addition to Wireshark.

Some shortcomings exist with this approach in so much as the device that receives the mirrored Continue reading