Archive

Category Archives for "Networking"

On the ‘net: Directory Services

Have you ever decided you needed to contact someone in another area of the world, only to discover you do not have their email address, nor any way to find their email address? You could go to your favorite social media site, of course, but if they are not on any form of social media? Or if they do not put their contact information there? Or—perhaps—this little situation happened before the rise of social media? GASP! From some of the younger readers.

3 Stumbling Blocks for Network Engineers Adopting Ansible

Ansible, ansible, ansible seems to be all we hear these days. There are lots of resources out there all trying to convince us this is the new way get stuff done. The reality is quite different – adoption of tools like this is slow in the networking world, and making the move is hard for command-line devotees.

Here are the three main problems I encountered in my adoption of Ansible as a modern way to manage devices:

1. Most network devices don’t support Python

Ansible is derived from the systems world, and is only latterly coming to be used for managing network devices. It is often said that Ansible is agentless, but when managing a Linux host (for example) the control machine pushes the Ansible playbook to that host and executes it there. In effect, *Python* is the agent.

Most network devices don’t have on-box Python, so when using Ansible against a router or a switch you have to have ‘connection: local’ in your playbook:






---
 name: Get info 
 hosts: all
 roles:
 Juniper.junos          # Invokes the Junos Ansible module
 connection: local        # Tells it to run locally
 gather_facts: no 





What this does is run the playbook using the local  Continue reading
				

	

			
		




														



														

		

		
		
		
		
BrandPost: Micro Data Centers Evolve to Fit New Business Requirements of Edge Computing

		
		
					

	
Recent breakthroughs in technology have expanded the possibilities for where data is gathered, processed, stored and analyzed. IT staffs and their business counterparts now have the flexibility of deciding whether their applications are more efficient residing in the cloud, within a traditional data center, or on the network edge. In fact, for the first time, the nature of the applications themselves is determining where they best should run. Over the last several months, micro data centers have emerged as a technology of choice for helping to manage the growing computing needs across edge environments.To read this article in full, please click here
				

	

			
		




														

		

		
		
		
		
QoS Is Dead. Long Live QoS!

		
		
					


Ah, good old Quality of Service. How often have we spent our time as networking professionals trying to discern the archaic texts of Szigeti to learn how to make you work? QoS is something that seemed so necessary to our networks years ago that we would spend hours upon hours trying to learn the best way to implement it for voice or bulk data traffic or some other reason. That was, until a funny thing happened. Until QoS was useless to us.


Rest In Peace and Queues


QoS didn’t die overnight. It didn’t wake up one morning without a home to go to. Instead, we slowly devalued and destroyed it over a period of years. We did it be focusing on the things that QoS was made for and then marginalizing them. Remember voice traffic?


We spent years installing voice over IP (VoIP) systems in our networks. And each of those systems needed QoS to function. We took our expertise in the arcane arts of queuing and applied it to the most finicky protocols we could find. And it worked. Our mystic knowledge made voice better! Our calls wouldn’t drop. Our packets arrived when they should. And the world was  Continue reading
				

	

			
		




														

		

		
		
		
		
Juniper vSRX 15.1X49 on QEMU

		
		
					


Recently, I have been quite busy running into some problems with deployment of Junos 15.1X49-D15.4 on Qemu image. So, I want make your lifer easier and I share my quick installation steps with you.


1. Download vSRX VMware Appliance


Download the file media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4.ide.ova. The good news is that you do not need to enter a licence key after you download the image. The bad new is that you still need a valid contract with Juniper in order to download the file. Luckily, you can find the installation file flying somewhere on the Internet.


2. Extract Archive and OVA files


$ unrar e media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4.ide.rar

$ tar xvf media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4.ide.ova


3. Convert StreamOptimized Virtual Machine Disk to Format 


Details ale explained in my original vSRX article.


$ qemu-img convert -O qcow2 media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4-disk1.vmdk media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4-disk1.img 


4. Hack Image To Support QEMU


Unfortunately, vSRX 15.1 image boots to “Wind River Linux 6.0.0.15” prompt but it would not launch the freebsd VM within the nested KVM instance. The workaround along with the detailed explanation of the issue is originally posted here.


$ /usr/local/bin/qemu-system-x86_64 -m 4192M  Continue reading
				

	

			
		




														

		

		
		
		
		
Pulling Configs from Cisco NSO using curl and json2yaml.py

		
		
					

We’re using Cisco NSO in our lab at the moment to provision L3VPNs across multi-vendor environments as part of a demo.  Just noting down a few things here for future reference:









You can use the curl (command-line URL) utility to query NSO’s API and retrieve the configuration of a device it knows about.  You probably know that NSO syncs a device’s config locally, so this will be a way to retrieve the device config that NSO knows about – if the device is out of sync, of course this won’t quite be the latest:





curl -u username:password -H "Accept: application/vnd.yang.data+json" http://192.168.8.172:8080/api/config/devices/device/CPE-3/config | json2yaml





I’ll break this down:





curl -u username:password – provides the username and password of your NSO installation





-H “Accept: application/vnd.yang.data+json” – specifies an HTTP header to send in the request.  In this instance, we are saying that we are expecting a JSON response.   Alternatively you could specify ‘vnd.yang.data+xml’ to receive an XML response.





http://192.168.8.172:8080/api/config/devices/device/CPE-3/config – this is the API request we are making.  CPE-3 is the device we are requesting the configuration of.





| json2yaml – this pipes the JSON response through a python module  Continue reading
				

	

			
		




														

		

		
		
		
		
Using Screen Scraping in Network Automation

		
		
					
The first time I encountered screen scraping was in mid-1990. All business applications were running on IBM mainframes those days, and IBM used proprietary terminal system (remember 3270) that was almost impossible to interact with, so some people got the “bright” idea of emulating that screen, scraping information off the emulated screen and copying it into HTML pages… thus webifying their ancient apps.
Guess what – we’re still doing the very same thing in network automation as Andrea Dainese succinctly explained in the latest addition to his Automation for Cisco NetDevOps article.
Keep reading
				

	

			
		




														

		

		
		
		
		
Introduction to DNS Privacy

		
		
					DNSSEC
Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map a human-friendly domain name to a set of IP addresses that can be used to deliver packets over the Internet. DNS transactions can therefore be correlated to the applications we use, the websites we visit, and sometimes even the people we communicate with.


While the domain name information itself is public, the transactions performed by the hosts are not. Unfortunately, the DNS does not inherently employ any mechanisms to provide confidentiality for these transactions, and the corresponding information can therefore easily be logged by the operators of DNS resolvers and name servers, as well as be eavesdropped by others.


So we are publishing our Introduction to DNS Privacy to raise awareness of the privacy implications of the DNS, and the mechanisms that have been recently developed to improve user privacy.


Please also check our DNS Privacy page for more information!


Further Information







The post Introduction to DNS Privacy appeared first on Internet Society.

				

	

			
		




														

		

		
		
		
		
The State of DNSSEC Validation

		
		
					
Many aspects of technology adoption in the Internet over time show simple "up and to the right" curves. What lies behind these curves is the assumption that once a decision is made to deploy a technology the decision is not subsequently "unmade." When we observe an adoption curve fall rather than rise, then it’s reasonable to ask what is going on.
				

	

			
		




														



														



														

		

		
		
		
		
BrandPost: What’s the Difference between OFDMA and MU-MIMO in 11ax?

		
		
					

	
The IEEE's latest standard, 802.11ax, has been designed inside and out for high efficiency. Also known as Wi-Fi 6, 11ax promises real-world performance improvements that will keep today’s mobile users and IoT devices connected and happy. To achieve that, over 50 features have been proposed as part of the 11ax standard. Once adopted into the standard, they will be rolled out to the market in phases – Wave 1 and Wave 2, just like with 802.11ac.Multi-user Multiple-Input, Multiple-Output (MU-MIMO) and Orthogonal Frequency-Division Multiple Access (OFDMA) are two of the most significant technical enhancements in 11ax. Both MU-MIMO and OFDMA are multiuser technologies that enable simultaneous bidirectional communication between an access point (AP) and end users. So how are they different?To read this article in full, please click here
				

	

			
		




														

		

		
		
		
		
BrandPost: The First SD-WAN ‘App Store’

		
		
					

	
The incredible power and automation offered by today’s more advanced SD-WAN platforms is transforming how enterprises are building and managing their networks. Operations that were once massive resource-intensive projects for network teams, have now been reduced to mere minutes of work. Need to change how an application operates across 1000+ locations, modify QoS settings across every site in your network or enforce a common security policy simply? Just point and click.What’s been missing from this incredible transformation is how the power of automation can be extended to ecosystem partners. Today is the day we’re going to change all of that.To read this article in full, please click here
				

	

			
		




								

															

						

							
1

1,090
1,091
1,092
1,093
1,094

3,455