Archive

Category Archives for "Life As A Network Engineer – Rakesh"

Poweron and Poweroff Esxi instance from CLI using a Python script

Hi,

I have to agree that to start a esxi node i was depending heavily on a windows VM and then was using a VSphere client to connect to a Esxi 5.5.

In a typical day all of my VM’s are hosted on Esxi and am not any advanced user of esxi by any stretch of Imagination.

It came down to a point where i had to manually click close to 8 VMS in order to boot up and all this was sort of irriatating for me, so i wrote a very basic script which can do this for me. Most of the experienced VM admins have been doing this for very long, for someone like me or anyone who is new to Esxi this is going to help.

Here is the code for the script, all you need to do is to copy to your lab esxi, obviously if any one using production esxi they already know how to manage this.

https://github.com/yukthr/auts/tree/master/vmware_scripts

Requirement – I have 5 Vm-machines and i would like  to start them via script and also power them off.

First things, list the Vm-instances

 

 

Now that we have it, let explore the Continue reading

Integrating the configuration build – Next steps

Hi,

The last post link below, I got introduced to a CI System and basics of it.

https://r2079.wordpress.com/2018/04/03/using-travis-ci-continuous-
integration-with-github/

This post goes further in actually using the CI system.

All the code is hosted here

https://github.com/yukthr/auts.git

-> Requirement is very simple

This is a very basic program which introduces anyone to Jinja2 and
 yaml syntaxing 


Problem  - Have two interfaces ge-0/0/0 and ge-0/0/1, we have to use 
Yaml / Jinja2 and Pyez to develop the configurational 
syntax for this and later on a CI system need to validate the build. 

The code hosted in Github above.
intf.yml    - will have all the interfaces 
template.j2 - will have the appropriate Jinja2 
template.py - will have the python program combining these two

So, we write the code 





Finally build the CI file, but here we also buld the dependencies 
because when CI starts to validate it needs to have all the 
appropriate software installed. It amuses me to the point, 
it spins up the VM and then install the dependencies and then

it validates our code. I have come a long way from manual 
verificaitons / lab testing / CI testing now




This is how  Continue reading

Using Travis CI (Continuous Integration) with GitHub

Hi ,

Am Planning to write a in detail usage of how we can leverage
Aws cloud - ansible - github - travis-(ci/cd) with in our networking 
deployment space. As of now, I will quickly author how you can 
leverage the usage of Travis CI in our 
experimental space. 

You can find more about Travis CI - Here - .org of travis will 
help to run Opensource Projects 

https://travis-ci.org/

I am using AWS cloud desktop to do the changes to the code, 
get it pushed to git-hub and then integrate everything 
if Travis CI passes the checks 

To let you know the workflow in a very simpler way 

-> You write any code or config related to networks on AWS cloud 
desktop
-> push the code into git-hub in a branch later to be integrated 
into Master Branch
-> Setup Travis to automatically run some pre-defined tests 
-> If all successful, we will merge the code into our master branch 

-> Lets write a very basic code in a branch and push to git-hub 

 




The github page has been integrated with Travis-CI 

 




Travis CI peforms the required checks, here it just 
checks for syntax, obvious this can be exetended  Continue reading

Filtering EVPN Routes with PyEZ

Hi,

From the previous EVPN Blog post, the next logical thing was to do is to filter out EVPN routes from the device and have them analyzed for a task.

I have made the program to analyze Type 2 and Type 3 routes

Things to take-away:

-> Understand what module has what advantages – For example OP here has route-table level calls which can extract routing information from the device, while Device has the specific usecase of opening a connection to the device.

-> Understand there are many more efficient ways of doing the same thing, but goal here is to make the script work, there is no impact on the Device as the script parses the data offline once we get it, so even if there was a better way, just do the things the way you want.

Below is the sample program which is written to analyze the routes from vQFX series

 

 

Am not a Programmer by any stretch of imagination as you can see my code ;), but this helps and gets my tasks done, if any one of you want to download this here is the below github link

https://github.com/r2079/JDC/blob/master/evpn_pyez.py

 

Regards

Continue reading

VxLan – Short Story Lab

Hi,

Note: Its perfectly possible to do VXLAN/EVPN on VQFX and VMX, all you have to do is to setup a good lab over ESXI or if you want you can do it over Eve-ng emulator. I personally did it via ESXI.

Am not covering the petty BGP configuration of Full-Mesh and Evpn-BGP configuration, its very simple, this post mainly Aims at show-casing the quick and short way of setting up EVPN/VXLAN in Vqfx and over vMX

On the way to some DC Lab Practise, I wanted to quickly show you guys how to lab up Vxlan on Vqfx and Vmx.

Intention – I was reading on VxLan and as most of my learning comes around seeing things first and understanding the later, I felt uncomfortable too soon reading at the Documentation, I wanted to learn it by doing.

Here is the topology

 

 

Goal – Build Vxlan / Evpn with a very small set-up to under the workings.

First things first

-> In order to build any VxLan, you need to have some underlay and some overlay. Our underlay is BGP (It can be anything you see, as long as it can exchange Loopback Space and establish IP Continue reading

MC-LAG

MC-Lag

 

Everyone  mostly know what MC-Lag does, for the benefit its a variant of LAG where the Down stream Devices share LAG interface on two Physical devices instead of One, I know its confusing let see a  sample topology

 

 

Vqfx1 will see the upstream as 1 ae1 instead of two different VMX devices, this has its own advantage and the entire discussion is something out of scope of this blog post.

 

Blog Post Goal – Demonstrate MC-Lag on VMX and Quickly highlight the options Common and different in MC-LAG, a ready reference for someone going for an exam or a implementation.

 

Take-Away’s

-> ICCP is the protocol between the nodes

 

  • Uses TCP/IP to replicates control plane and forwarding traffic between peers
  • One stand-by and one active (active responsible status control)
  • ICCP messages exchange configuration information to ensure both peers use correct LACP Parameters
  • ICL-PL (interface between Mx1 and Mx2 ex) supports Multiple MC-Lag Between the peers so its recommended to be a AE.

 

-> ICL-PL HA

 

  • A Keep-alive message is exchanged between MC-LAG peers which is recommended to be the management connection
  • If ICL-PL fails, keep alive is still through the management Continue reading

My DC Virtual Lab Setup – Insights

Hi,

I have been getting a lot of requests offline and online on the lab setup I use, I have to say I have tested many things and finally settled with Vmware ESXi 5.5. Eve-ng was good but not good enough when spawned with multiple instances of qemu, maybe because my host operating system might be slow enough for it.

I will cover the connectivity for two VMX devices but the logic Remains same for any device connectivity.

What I have Already

-> Vmware Esxi5.5

-> Dell R810

-> Insane amount of time to waste :), I hope you won’t fall into the same path.

 

You need to have the OVA files, all settings are straightforward, don’t even worry about Memory allocations yet, there is time for that and also the networking part, import the OVA

There will be two OVA images

Vfp – forwarding plane

VCP – Control Plane

General import – No Rocket science – Don’t worry about any settings as of now

 

This is how my VCP looks like – Again don’t worry about any networking here, catch here – VCP has only two networking Adapters – One for Fxp0 which is the Continue reading

PYEZ Script – Commit the configuration or Indicate the Diff

Requirement – Connect to a MX device to commit a configuration on the Device, if there is any un-committed configuration, Script should hold and display the un-committed configuration.

Basically,

JNPR.JUNOS – Device – helps us to connect to device

JNPR.JUNOS – Util.Config – helps to issue config related (Rollback/Config) etc

\033 – Helps the print statement to display in colored Format, [91m – Red , [1m – Bold , [0m indicates to end the color format

 

 

I have some uncommitted configuration on the device and hence we expect the script to indicate us the uncommitted configuration

 

 

Once i Fix the config, on the device, lets see if the configuration from the script gets fixed

 

This is an Intro to how we can start deploying or to check any devices which has any UnCommitted configuration on the Devices and Proceed Accordingly.

 

-Rakesh

JAUT Course – Review Midweek

Hi,

Its been 3/5 Days in JAUT training and I should say Juniper has done a great job in introducing various training concept and methodologies towards Network scripting / automation.

Here are some-thing that helped

– No high stress on learning programming , they kept it to minimal and interestingly they made it more on how automation works and done instead of programming concepts – this is done in many courses

– Stress on PYEZ and Good Introduction to Ansible, simple labs  and then making the lab cover all the concepts is another great way Juniper helped to Learn us the course

– Main take-away till now is Ansible / intro to Jinja2 & YAML and templating configuration which i felt very refreshing and all my fears about templating has atleast vanished  till now.

I cant wait to blog on things that i have learnt during the training and implement it in my own lab, i will keep this topic alive for a while.

 

Cheers

Rakesh M

J-AUT Course

Hi ,

I have enrolled for Juniper-JAUT Course and looking forward to it.

Below are the details. Its a 5 Day course and am expecting more out of this course.

https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=5186

My main interest lies in YAML / JSON use cases with Juniper Devices and their interaction. I will let you know how the course goes as the day progresses and over all efficiency of the course.

 

-Rakesh

Passed JNCIP-DC

I took JNCIP-DC Exam and could pass it. My review on the exam and Prep strategy.

Materials

-> Juniper Documentation

-> Cisco Implementing EVPN Video series – Safari press

-> Juniper Qfx1000 Github and vagrant images

-> DCX , ADCX , TDCX Materials

-> Hand’s on Implementation and 4 months Study (Not including any weekends)

 

Exam in itself was not that tough to be frank, but depth of questions covered all the concepts. There is no topic that you could leave from official blue-print, everything is touched and everything is touched at a fairly equal way.

 

Recommendations

-> Use the Github page for Juniper QFX1000 and download the vagrant images for practise

-> Revise Evpn and QFX-Series Books and you should be good

-> If you can, go through the official course-ware as they are good for review and exam prep

-> Evpn from Cisco’s standpoint is pretty much covered by Many learning instructors like INE,CBT use them to learn the technology if you are Video based learning individual.

 

-RAKESH

 

 

 

 

IP CLOS – EBGP – Multipath Multiple-as

Hi,

We have seen how iBGP was used to do the IP Clos with a RR Setup, how about eBGP.

Configurations / EVE Topology – https://github.com/r2079/JDC

Two simple rules

  • All spines have connections to all leaves – eBGP
  • No leaf or No spine devices have interconnected BGP.

Here is the topology.

 

 

The picture says 1000 words here – How the physical links are connected that’s how the bgp flows.

 

Lets see the BGP Status on R1 and R2

 

Since the hurdles of multipath has been explained. The use ADD-Path is not required here, instead since the update comes from Different AS numbers (R4 and R5) giving out the same update, we have to use another knob called MULTIPLEAS. This has to be on all Spine and leaf devices so that proper Load Balancing can be done along with EXPORTLB policy in the forwarding table.

Lets see one of the routers

 

Verification from R6

 

Regards

Rakesh

 

BGP ADD-PATH – Summary

Hi,

First things first, I have been getting a lot of requests to upload the lab’s which i illustrate as is, so i shall be uploading them to a Github page with initial and final-configs and Instead of vagrant i shall be using EVE-NG as a tool so that you guys can import them easily.

https://github.com/r2079/JDC

Going through Fabric-Path and CLOS concepts, got myself started with 3 Stage Clos and as a part of understanding it, discovered something.

Why –  To make sure Servers at one end have equal cost path to the servers-at other end, at scale the spine accordingly optimizing the CAPEX.

Simple words, in the below topology, we need to make sure that R6 has equal cost to R7 and vice-versa.

 

Protocols and setup

-> OSPF for the entire domain and Ibgp to peer between RR (R2) and all other loopbacks, we use OSPF so that Ibgp peering will be over Loopback and also for load-balancing protocol Next-hops

-> Default routes on R6 and R7, load-balance (per-packet) on all-routers (where technically required)

-> R3 AND R4,R5 has static back to loopbacks of R6 and R7 respectively, advertising them into OSPF will defeat the purpose obviously Continue reading

1 4 5 6