Archive

Category Archives for "Life As A Network Engineer – Rakesh"

Linux — Debugging a Python Process with gdb

<MEDIUM: https://raaki-88.medium.com/linux-debugging-a-python-process-with-gdb-b9ea67173aff&gt;

Have you anytime used py-bt inside gdb or used gdb to trace a linux process, if so you can skip this post

GDB is awesome! Am not a everyday programmer but I have been studying internal of linux and operating systems and its fascinating. I wrote about process last time <https://raaki-88.medium.com/linux-process-what-happens-under-the-hood-49e8bcf6173c> and continuing towards threads, Its now making sense when we import modules in python lets examine below snippet which is typically used in Python.

>>> from concurrent.futures import ThreadPoolExecutor

vs

>>> from concurrent.futures import ProcessPoolExecutor

One of the distinctions that I learnt when studying these two functions for multiprocessing is that typical use of ThreadPoolExecutor is when you have IO based activity while ProcessPool is for CPU bound compute activity, I left that

What I now understood is that thread is an integral part of process, there can be multiple threads with in a process and there can be multiple processes, each process needs to be scheduled for CPU cycles and you have different locking mechanism for single process. Now, scheduler algorithm schedules these process as linux is time-sharing based operating system, effectively schedules processes on many factors, Continue reading

Linux — Process, what happens under the hood?

<MEDIUM: https://raaki-88.medium.com/linux-process-what-happens-under-the-hood-49e8bcf6173c&gt;

I have taken operating systems for granted but looking internally it’s an excellent experience to understand how everything gets glued together, this post will be an overview of a process and what happens to a process.

A program is nothing but a set of instructions that the user writes for the desired behavior after execution. when the program gets into a running state that’s when you have a process which gets created and gets associated with the program, in other words, this is how to program is abstracted by the process.

Let’s consider the below python program, we will create some Child processes and Parent processes from the program and see how the underlying operating sees when we execute the program.

You don’t have to be a python expert to know what is going on in this program, basically, we can see the python program has an imported OS module and then it calls on fork() operation to create various child processes.

import os
def child():
    print('\nA new child', os.getpid())
    os._exit(0)

def parent():
    while True:
        newpid = os.fork()
        if newpid == 0:
            child()
        else:
            pids = (os.getpid(), newpid)
            print("Parent: %d,  Continue reading

Configuring BGP and open-source FRR docker on AWS — Advanced Networking

MEDIUM: <https://raaki-88.medium.com/configuring-bgp-and-open-source-frr-docker-on-aws-advanced-networking-d21fd0d76b33&gt;

What is FRR?
a. License based AWS internal routing platform 
b. Only supports static routing and IPSEC vpn 
c. Open-source internet routing protocol suite for *nix platforms
d. Support BGP along with ISIS,OSPF networking protocols

Answer is at the end of the post, feel free to skip it, I just did not want to make a spoiler residing just below the question

Before I write anything on implementation, I can vouch for FRR stability. It’s an open source internet routing protocol suite and used by many organisations on bare-metal and cloud instances as well, its very stable and

https://frrouting.org/

Simply put, FRR can make your bare metal or a cloud instance a routing platform to connect various networks together. The reason why we explore this is that this setup builds onto other posts on how AWS interacts with various routing platforms hosted from on-premises and to show the possibility if someone is considering FRR as an alternative.

Setup is extremely simple but there is one caveat which consumed almost a day for me to figure out and at last it was an answer to a known problem. FRR builds on Quagga which provided Continue reading

Traffic Mirroring- Interesting one — AWS Advanced Networking

MEDIUM: <https://raaki-88.medium.com/traffic-mirroring-interesting-one-aws-advanced-networking-a7e41027c75&gt;

What is Traffic Mirroring ? 
a. Used for Content Inspection,Threat Monitoring,Troubleshooting 
b. Can only be implemented with a Load Balancer 
c. Needs Elastic Fabric Adapter 
d. Flow logs capture mirrored traffic   

Answer is at the end of the post, feel free to skip it, I just did not want to  make a spoiler residing just below the question

Traffic Mirroring is an awesome concept which can now be implemented with an AWS VPC. You can mirror the traffic and send packets to a EC2 instance or specific appliances for further processing.

  • Used for Content Inspection, Threat Monitoring and Troubleshooting.
  • An interesting as aspect is Packet-Format

*So when a packet gets mirrored it gets VXLAN encapsulated, end host/appliance should be able to decapsulate VXLAN header( we will see a PCAP ).

[https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring- packet-formats.html]

* Two encapsulations – outer GENEVE(from LB if used) and inner VX-LAN

* Source (which should be monitored — Network Interface)

*Target (Destination of mirrored Traffic)

*Filter (What traffic types should be Continue reading

Transit VPC — AWS — Advanced Networking

What is Transit Gateway in AWS used for ?
a. Interconnect One or more VPC's eliminating need for full mesh 
b. customer gateway in only one region
c. Enhanced NAT gateway 
d. Can be used to Connect SD-Wan with VPC's Answer is at the end of the post, feel free to skip it, I just did not want to make a spoiler residing just below the question

The post from transitive routing in AWS had a few different solutions at the end, the one which is most efficient and future-proof would be transit-gateway implementation for inter-VPC communication without needing a full mesh.

https://raaki-88.medium.com/transitive-routing-aws-advanced-networking-984ca492d2d7

We will first explore an example and then come back to some of the concepts

Consider below VPCs, by default, there is no VPC peering and if we want to achieve connectivity we need to do n*(n-1)/2 number of peerings, this will quickly get out of hand as the VPCs increase.

The easiest way to achieve connectivity will be in 3 steps

  1. Create transit gateway
  2. Attach all the VPCs as attachments in the Transit gateway
  3. Most Importantly, create a route in the sub-net table for the destination sub-net via Transit gateway else connectivity will never work.

Continue reading

Transitive Routing — AWS — Advanced Networking

Before understanding the way AWS does transitive routing, let us try to wrap our head on transitive property in mathematics

What is Transitive Property?A property is called transitive property, if x, y and z 
are the three quantities, and if x is related to y by some rule, 
and y is related to z by the same rule, then we can say x is related to z by the same rule.

Alright, now let’s look at the following scenario

So Connectivity from VPC3-VPC1 would work just fine, VPC2-VPC1 will also work just fine while VPC2-VPC3/VPC3-VPC2 via VPC1 will never work in AWS, this is the first thing that we should remember.

I see only downsides! — well not everything is lost in this case, there are security benefits as well, large part of it plays a role in IP Address spoofing. Imagine someone is trying to send a packet to your VPC, check to make sure that the instance won’t accept the packet as that is not locally configured and also instance cannot send any of the packets with any source IP as well, that is one of the preliminary reasons why Source and Destination checks are turned off.

Continue reading

What is eBPF? How is it used?

This will be a Series of Posts on eBPF extensively covering XDP and its usage.

https://ebpf.io

New technology, implemented in Linux, extends kernel functionalities without having to modify the kernel, Safe to execute with a verification engine, JIT compiler and LLVM (Virtual Environment) basically a safe and secure tiny VM.

Medium – https://raaki-88.medium.com/what-is-ebpf-how-is-it-used-f897e8fb0934

Some Background

As my career is mainly in Network Engineering, when some talks about Network performance my initial thoughts jump to increase network throughput, Port-Density, High speed and secure interconnect, I recently came across Systems Performance by Brendan Gregg. I have to say I have never ever imagined that the role is sought out, I went through the book (https://www.amazon.co.uk/Systems-Performance-Enterprise-Brendan-Gregg/dp/0133390098) and I was indeed mind blown by the granularity that one can look into an individual system.

I definitely would recommend anyone in Networking/Cloud/Systems Engineering to go through this book if you haven’t t already, it exposes a whole new level of Linux Kernel and E-BPF and Performance methodologies (Chapter 2) which I instantly fell in love with.

What Inspired me?

When I first saw the book I was under the initial impression that this was meant for Linux system Continue reading

VPC Endpoints – AWS

Who Should Read: If you are interested in VPC Endpoints or if you want to know more about AWS VPC services please continue.

I have been trying to understand endpoint services and thought I will write up a few posts on it, here are some posts I have written on medium(if you have access), I will port them to the blog by the weekend.

https://towardsaws.com/part-1-aws-advanced-networking-vpc-endpoint-and-types-of-endpoints-covers-exam-44e689d875b

https://towardsaws.com/part-2-setting-up-ipsec-vpn-to-explore-interface-end-points-3048080e5514

https://raaki-88.medium.com/part-3-interface-endpoints-testing-with-s3-and-workspaces-as-services-practically-bb685a6e2e9d

Again, these will be ported here as well along with an audio version.

-Rakesh

Continuing – Bird Project and Extensions

I will keep this post very short, In order to fuel and make the model sustain, https://r2079.wordpress.com/2022/03/18/capturing-bird-photos/, I have thought about including a solar panel and powering the system with a Lithium Ion battery.

I have installed the system and it’s been working fine, I understood I was very bad at Soldering.

  • TP4056 -> This takes energy from solar panel and feeds to Li Battery.
  • Solar Panel -> I have a small panel which fits on the hosting box
  • Lithium Ion Batteries and charger (4x2500mAH)

I hope this runs continuously using solar power.

-Rakesh

How to enable Recurring Cloudwatch Alarms?

If you do not deal with AWS/CloudWatch you don’t have to read this post.

What: The issue was simple, we had a cloud watch alarm for Lambda Function invocation, now the way I wanted was to send us recurring email notifications if the alarm was not addressed, apparently this is not a cloud-watch native feature and there is a work-around for this.

Short Story: Implementing this will have a new step function which will start alarming based on an alert-timer, this won’t by default apply to all the alarms that you configure, you need to specifically tag it with a keyword, more of those options detailed in the article, so based on the timer you set, Cloud-watch say send SNS notification or any action of your choice to get implemented.

Link:https://aws.amazon.com/blogs/mt/how-to-enable-amazon-cloudwatch-alarms-to-send-repeated-notifications/

Why Article if you have a Link that explains ?: To start with not everything that I encountered was straightforward, the install process requires you to have a docker environment, and a proper node install and then a CDK install, I never did that and it did waste some time so I wanted to document and also this might help anyone to implement the same.

Spoilers:

Continue reading

Capturing Bird Photos

Continuing from the previous post which I have set up to install a bird feeder, I have mentioned that I would install a camera based on the https://mynaturewatch.net/daylight-camera-instructions project and I did install it, this took some really good photos and would like to share some of them.

Few points:

  • The battery that I used is a 10000mAh power-bank and it lasted for 2-3 days
  • The box that I used is a baby food box and I nailed them to the boundary wooden poles from inside.
  • This Bird Feeder is not the one I 3d Printed, this is an old bird feeder that someone gave it to me

Glad to see these pics, many more to come with Idea to install and make it sustain through solar power

-Rakesh

A Bird feeder from re-usable plastics – we have to start something small to protect other beings.

Disclaimer: I speak about reducing plastic and still I use a 3d printer to print a very specific fixture, I have weighed in options and plastic that I end up printing will be out there hopefully feeding birds or can safely be re-cycled until I come up with something innovative, as of now this is the least I could come upon re-using old bottles, helping birds feed and using some plastic to print a fixture. If I have to buy a commercial one, that is again some plastic and I won’t end up re-using it as well, so 3d printing this small fixture for me outweighs the other currently viable solution and this is something I can give out to neighbours and they can easily associate with.

Am proud to say that I have started to take some responsibility towards the environment and other living beings, that to say it’s my first step and now I appreciate even more what environmentalists and other people do to protect other beings, earth and fellow human beings which we don’t have any time to notice and appreciate them.

Once I started doing the below things which are very trivial I feel good and Continue reading

Aws Advanced Networking — Enhanced Networking — 3— Intel 82599 VF

The first two posts covered SRIOV/ ENA settings and use-cases, the next one in the series is about using Intel 82599 Virtual Functions adapter.

Post 1: https://r2079.wordpress.com/2021/12/28/enhanced-networking-1-sriov-aws/

Post 2: https://r2079.wordpress.com/2022/01/08/enhanced-networking-2-verifying-ena/

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sriov-networking.html

Instance Types: Select from the following supported instance types: C3, C4, D2, I2, M4 (excluding m4.16xlarge), and R3.

How can we verify:

At instance Level:

aws ec2 describe-instance-attribute --instance-id i-xx --attribute sriovNetSupport

[cloudshell-user@ip-10-0-119-152 ~]$ aws ec2 describe-instance-attribute --instance-id i-xx --attribute sriovNetSupport
{
    "InstanceId": "i-xx",
    "SriovNetSupport": {
        "Value": "simple"      -> Simple indicates its enabled, if not enabled its empty
    }
}

At an AMI Level

aws ec2 describe-images --image-id ami-07d8796a2b0f8d29c --query "Images[].EnaSupport"

[cloudshell-user@ip-10-0-119-152 ~]$ aws ec2 describe-images --image-id ami-07d8796a2b0f8d29c --query "Images[].SriovNetSupport"
[
    "simple"
]

At an Interface Level

ubuntu@ip-172-31-25-23:~$ ethtool -i ens3
driver: ixgbevf
version: 4.1.0-k
firmware-version:
expansion-rom-version:
bus-info: 0000:00:03.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: no
supports-register-dump: yes
supports-priv-flags: yes
ubuntu@ip-172-31-25-23:~$

Latest Ubuntu HVM and Amazon Linux AMI have drivers for Enhanced Networking, IXGBEVF module and required modules for sriovNetSupport.

There is also the best practices Github guide for ENA Linux best practices and operating system optimisation.

https://github.com/amzn/amzn-drivers/blob/master/kernel/linux/ena/ENA_Linux_Best_Practices.rst

Enhanced Networking – 2 – Verifying ENA

Previous Post – https://r2079.wordpress.com/2021/12/28/enhanced-networking-1-sriov-aws/

As Discussed in Part-1 SRIOV (Enhanced Networking on EC2) can be enabled in two ways, the first in the series is by far the simplest one, Enabling it with using ENA (Elastic Network Adapter).

Great, would that work for any instance – The answer is NO!, below are the specifications, to make summarize any Instance other than C4, D2, M4 instances smaller than m4.16xlarge, or T2 from current generation Instances.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html

How do I Check:

The Latest Ubuntu / Amazon Linux AMI include the module required for Enhanced networking with ENA installed and enabled for support, if you happen to use the old AMI’s the procedure listed in the above webpage will help

Testing:

I spin up a T3.large instance and below is how it looks like

You also have the option to verify it in a Cloud shell

How do you know if AMI supports it?

Finally on the interface itself

The next post will be similar but would cover an Intel specific Network Adapter.

-Rakesh

Tello Drone — Initial Review and Python Programming

What is this about ?

A small starter programmable drone that is meant for mostly indoor and has 80 grams of weight with a flight time of 13 minutes.

Some Highlights

https://www.ryzerobotics.com/tello

– Small Drone with under 100 grams weight
– Suitable for kids and anyone who is starting out to get into drones and programmable ones
– Two sites (Tello and tello.edu) offers various addons to support learning and make it more customised for learning
– 13 minutes of Flight time
– 100m Flight distance
– 720p HD Transmission
– 2 Antennas
– you can also have VR headset compatibility
– In collab with DJI and Intel
– Operation via various Apps (Paid and Free ones), Programming Languages ( we are interested in this)

Fancy Features

– Throw and Go — you can just toss Tello into the air
– 8d Flips (needs battery more than 50%)
– Bounce mode (flies up and down from your hand)

Things that I didn’t like :

-First and foremost, there is no way this connects to your home Wifi, Drone goes into an AP Broadcast mode (meaning this starts broadcasting its own AP and we have to connect to it)

This Continue reading

Enhanced Networking – 1. SRIOV – AWS

In preparation for AWS Advanced Networking Speciality Track, I have come across Enhanced Networking and application in various scenarios. I am going to cover this in a few different parts in the blog posts.

Enhanced Networking

Enhanced Networking – boils down to speeds (100Gbps vs 10Gbps) , from the picture below you can use enable Enhanced Networking either by choosing ENA stands for Elastic Network Adapter (which is supported by most of current gen instances) or by using Intel 82599 Virtual Function Interface which supports speeds upto 10Gbps with specific Instances.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

I have heard about SR-IOV but never did a deep dive into what exactly it does, to be honest. While going through Enhanced Networking documentation on AWS documentation, I have seen mention of SR-IOV at several places.

What is SR-IOV ?

More on SR-IOV is written in this blog-post, but in short SR-IOV which stands for Single Root I/O Virtualisation provides device virtualisation by using virtual-functions/DMA(Direct memory access)/virtual function devices (VFD’s) and lowering CPU interrupts.

So, the first question is if this enabled by default ? No. you have to manually enable it, per Amazon website https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#current-gen-instances , all current generation instances Continue reading

Image/Data set collection – ML Hobby Post 2

Why is this required?

  • While Deep Learning is in many different categories ( like Vision, Text (NLP), Audio, Recommendation system), My interest is always in Vision or anything which involves images, I somehow to find it closer to embed into a hobby than other aspects
  • Any Part of Image-based Learning, involves a set of Images that are needed to train the model on what is our intention to recognize parameters, for example, consider the below image set called CIFAR-10.
    • https://www.cs.toronto.edu/~kriz/cifar.html — This is the URL, this has a predefined collection of 10 different categories of Images that can be used for training the classifier of an image if the Image is among any of the 10 categories.
  • Ordinarily, Let us say you wanted to categorize a Dog in a given picture or you had a scenario where you had months collected time-lapse photos and wanted to categorize Dog and filter out the images which involved Dog in it, you don’t have to collect so many images to train, test and build the model, Data is readily available
  • Other Popular datasets — https://docs.fast.ai/data.external.html has lot of pre-collected Datasets at our disposal and https://www. Continue reading

ML Models – Random Notes 1

As always been interested to explore technology, Machine Learning has been in my mind for quite some time now. The pre-requisites to know or get into ML have always been associated with a Ph.D. Degree, High-end mathematics, and obviously a ton of understanding around software engineering. As the platform and technology evolved ease of learning machine learning is becoming more and more approachable for most people.

I tried to understand ML and implemented a few models before using different frameworks. I have started with Tensorflow in my free time and then took some internal training and each training had each frame work, initially, it was Apache MXNet, later it was Pytorch, my head was both in the right place and not in the right place I should say, I prefer widely a practical approach to things and was trying to deploy few models from everyday scenarios that am around, I focussed mostly on getting the model deployment with the platform/framework while I have pushed the technicalities for later part of the study which usually works for me, this time as this is not a full-time profession nor I have any intentions to get into this as a full-time ML Continue reading

Having a Cloud Router – Always handy!

Note:

This can be set up for free of cost in a sense of having 100$ cloud credit and Trial license for vMX and is for testing for a limited amount of time for and setting a router in the cloud, In the long run, even this testing would cost some money.

This will guide you on how to set up a prod system properly on AWS – https://www.juniper.net/documentation/us/en/software/vmx/vmx-aws/topics/concept/vmx-aws-overview.html

I Wish

Often I wish that I have some sort of online cloud router (either Cisco or Juniper) to look around some knobs and also to do some rapid testing or rehash of some of the concepts. I prefer mostly Juniper for their awesome logical-systems concept and it’s easy to build a good number of 14 routers that can also run MPLS.

Solution

With Docker and Kubernetes, many of the NFV functions are even easier, I came across implementations of Juniper cRPD Route Reflectors in production environments and its all based on docker-containers, and their orchestration and vMX and other product lines are very well engineered at this point in time and no longer they are at starting stage.

cRPD – https://www.juniper.net/documentation/us/en/software/crpd/crpd-deployment/topics/concept/understanding-crpd.html

What is that Continue reading

Vodfaone NB-IOT, Fipy and AWS

Timeline : 2-4 months on a occasional weekends

Having a sensor to sense things is one story, Having an on-field sensor is another story in itself. While powering up the sensor and weather proofing is not the intention of this blog post but sure they are the other aspects that one needs to address before moving to higher layer communications.

Growth In Green House – Problem is this Indian variant likes very specific Humidity and Temp and I have to measure Humidity/ Temperature/Ambient Light to know what is helping it. I got great
success only once out of 3 times of sowing

Issue – Have a sensor on Field, make sure it communicates itself to AWS IOT end platform. This is not that simple, that too without using high cost end products which abstracts everything from end-user. To put it in simple terms, you have a field or a farm which is quite away from your home and without a power resource, what would you do ?

Lora is one the most effective option that works for us, while I did setup a Gateway and end-node Lora Device, this post aims at something more simple without involving Lora, I will cover Continue reading