Network Automation with CUE – Working with YANG-based APIs
In the previous post, I mentioned that CUE can help you work with both “industry-standard” semi-structured APIs and fully structured APIs where data is modelled using OpenAPI or JSON schema. However, there was an elephant in the room that I conveniently ignored but without which no conversation about network automation would be complete. With this post, I plan to rectify my previous omission and explain how you can use CUE to work with YANG-based APIs. More specifically, I’ll focus on OpenConfig and gNMI and show how CUE can be used to write YANG-based configuration data, validate it and send it to a remote device.
Automating YANG-based APIs with CUE
Working with YANG-based APIs is not much different from what I’ve described in the two previous blog posts [1] and [2]. We’re still dealing with structured data that gets assembled based on the rules defined in a set of YANG models and sent over the wire using one of the supported protocols (Netconf, Restconf or gNMI). One of the biggest differences, though, is that data generation gets done in one of the general-purpose programming languages (e.g. Python, Go), since doing it in Ansible is not feasible due to the Continue reading
How Modern, Open Technologies Can Boost Recruiting and Retention
From languages to tools to culture and methodologies, adopting and using open technologies – of the sort exemplified in many DevOps toolchains, for example – will have a compounding positive impact on tech talent in your organization.New! Free self-paced workshops for containers and Kubernetes
There’s no better way to learn something than to get hands-on. Tigera is excited to present its brand new (and completely free!) self-paced workshops for containers and Kubernetes. Each workshop comes with your own provisioned sample application (Hipstershop) and Calico Cloud lab environment for a limited time.
The first self-paced workshop we’ve launched is on compliance for containers and Kubernetes. Let’s take a closer look at why you should enroll in our compliance workshop and what you’ll gain.
Why get hands-on with achieving compliance?
From the Payment Card Industry Data Security Standard (PCI DSS) to the Health Insurance Portability and Accountability Act (HIPAA) to the General Data Protection Regulation (GDPR), most industries must meet certain compliance requirements when it comes to handling personal data. This could mean implementing resource access control, isolating workloads with sensitive data, or enforcing more advanced security controls such as logging all customer confidential data transactions. No matter what sort of controls you need to implement, the compliance auditor will require proof of compliance, such as what security controls are currently in place, whether control changes can be detected, and if compliance can be verified on demand. The ephemeral nature of Kubernetes can make it Continue reading
Running Routing Protocols over MLAG Links
It took vendors like Cisco years to start supporting routing protocols between MLAG-attached routers and a pair of switches in the MLAG cluster. That seems like a no-brainer scenario, so there must be some hidden complexities. Let’s figure out what they are.
We’ll use the familiar MLAG diagram, replacing one of the attached hosts with a router running a routing protocol with both members of the MLAG cluster (for example, R, S1, and S2 are OSPF neighbors).
Running Routing Protocols over MLAG Links
It took vendors like Cisco years to start supporting routing protocols between MLAG-attached routers and a pair of switches in the MLAG cluster. That seems like a no-brainer scenario, so there must be some hidden complexities. Let’s figure out what they are.
We’ll use the familiar MLAG diagram, replacing one of the attached hosts with a router running a routing protocol with both members of the MLAG cluster (for example, R, S1, and S2 are OSPF neighbors).
The DNS at the IGF
I was invited to participate in a session at IGF 2022 that was devoted to the workings of the DNS. I’d like to share my contribution to this session with my thoughts on where the DNS is headed.Hedge December 22 Update
The Hedge December update contains information about upcoming episodes and training—listen in for the inside scoop!
Troubleshooting Live Training
My next live training course is coming up on the 16th of December: Troubleshooting. This is one of those classes where I’m taking formal training from a former life (electronic engineering) and applying it to the networking world. From the description—
Troubleshooting is a fundamental skill for all network engineers, from the least to most experienced. However, there is little material on correct and efficient troubleshooting techniques in a network engineering context, and no (apparent) live training in this area. Some chapters in books exist (such as the Computer Networking Problems and Solutions, published in December 2017), and some presentations in Cisco Live, but the level of coverage for this critical skill is far below what engineers working in the field to develop solid troubleshooting skills.
This training focuses on the half-split system of troubleshooting, which is widely used in the electronic and civil engineering domains. The importance of tracing the path of the signal, using models to put the system in context, and the use of a simple troubleshooting “loop” to focus on asking how, what, and why are added to the half-split method to create a complete theory of troubleshooting. Other concepts covered in this course are the Continue reading