Automating Cisco Nexus Switches with Ansible
For the past several years, the open source [network] community has been rallying around Ansible as a platform for network automation. Just over a year ago, Ansible recognized the importance of embracing the network community and since then, has made significant additions to offer network automation out of the box. In this post, we’ll look at two distinct models you can use when automating network devices with Ansible, specifically focusing on Cisco Nexus switches. I’ll refer to these models as CLI-Driven and Abstraction-Driven Automation.
Note: We’ll see in later posts how we can use these models and a third model to accomplish intent-driven automation as well.
For this post, we’ve chosen to highlight Nexus as there are more Nexus Ansible modules than any other network operating system as of Ansible 2.2 making it extremely easy to highlight these two models.
CLI-Driven Automation
The first way to manage network devices with Ansible is to use the Ansible modules that are supported by a diverse number of operating systems including NX-OS, EOS, Junos, IOS, IOS-XR, and many more. These modules can be considered the lowest common denominator as they work the same way across operating systems requiring you to define the Continue reading
North Korea Goes Offline
It was reported earlier today that North Korea was having Internet connectivity issues.
Now obviously given recent events with Sony, this sort of report is far more fascinating than it normally would be. The first question when you see this type of report is whether it’s purely a connectivity issue or whether an attack is behind it. While visibility into North Korean Internet is quite difficult, we are able to see quite a few attacks over the last few days.
1.) All targets are in this netblock:
inetnum: 175.45.176.0 – 175.45.179.255
netname: STAR-KP
descr: Ryugyong-dong
descr: Potong-gang District
country: KP
admin-c: SJVC1-AP
tech-c: SJVC1-AP
status: ALLOCATED PORTABLE
2.) pDNS Data on the specific targets
175.45.176.8 – This appears to be primary DNS
175.45.176.9 – This appears to be secondary DNS
175.45.176.10 – smtp.star-co.net.kp
175.45.176.67 – naenara.com.kp
175.45.176.77 – Unknown
175.45.176.79 – www.ryongnamsan.edu.kp
3.) Port Analysis
– All attacks on the 18th, 19th and 20th target port 80
– All attacks (except for one) on the 21st Continue reading
iPexpert Introduces Jarrod Mills, as CTO and Sr. Routing and Switching Product Portfolio Director / Instructor
As a former attorney, I often found myself drawn to the comfort and familiarity of my office computer. While the thought of spending countless hours toiling over legal briefs caused me much discomfort, spending that same amount of time on a computer was therapeutic. Now, many years later, I can see how my transition into IT was a natural progression, but at the time it seemed crazy to those close to me.
From my formative years on the competitive math team in middle school and high school, to attending college, graduate school and law school on full academic scholarships, I have always striven to excel. What I lacked in career path clarity, I made up for in sheer determination.
Over the past 20 years, I have been fortunate enough to pursue my passion in networking, designing and building world-class networks for Fortune 50 companies throughout the world. Through hard work and perseverance, I have been able to attain 4 CCIE’s (Routing and Switching, Security, Service Provider, Data Center – AND – Wayne has already given me a deadline for #5! ;-). I’ve also been able to amass countless other IT certifications, while simultaneously mentoring and teaching numerous friends and colleagues in Continue reading
Kyoto Tycoon Secure Replication
Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon uses timestamp-based replication to ensure eventual consistency and guarantee ordering. Kyoto Tycoon is an open source project, and in the spirit of the holidays, we’re contributing our internal changes back to the open source project.
CC BY-ND 2.0 image by Moyan Brenn
CloudFlare uses Kyoto Tycoon to replicate data from a Postgres Database to our 30 data centers around the world. In practice, it takes around 3 seconds for full propagation in normal conditions. This is our pipeline for distributing sensitive data like our session ticket keys and DNS data to the CloudFlare edge.
Protecting data in transit
If the Internet is not a dangerous place, it at least has dangerous neighborhoods. To move from one datacenter to another, data has to pass through the public Internet. Data could end up going though some network with a wire-tap in place, or through a network with an unscrupulous network operator.
Datacenter-to-datacenter encryption has been brought into the international spotlight since the surveillance revelations. One of the leaked slides contained the expression “SSL added Continue reading
Fabric visibility with Cumulus Linux
A leaf and spine fabric is challenging to monitor. The fabric spreads traffic across all the switches and links in order to maximize bandwidth. Unlike traditional hierarchical network designs, where a small number of links can be monitored to provide visibility, a leaf and spine network has no special links or switches where running CLI commands or attaching a probe would provide visibility. Even if it were possible to attach probes, the effective bandwidth of a leaf and spine network can be as high as a Petabit/second, well beyond the capabilities of current generation monitoring tools.The 2 minute video provides an overview of some of the performance challenges with leaf and spine fabrics and demonstrates Fabric View - a monitoring solution that leverages industry standard sFlow instrumentation in commodity data center switches to provide real-time visibility into fabric performance.
Fabric View is free to try, just register at http://www.myinmon.com/ and request an evaluation. The software requires an accurate network topology in order to characterize performance and this article will describe how to obtain the topology from a Cumulus Networks fabric.
Complex Topology and Wiring Validation in Data Centers describes how Cumulus Networks' prescriptive topology manager (PTM) provides Continue reading
Automation Isn’t Just About Speed
In talking with folks about automation, the conversation almost always come around to “speed, speed, speed”. It’s easy to see why this is the first benefit that pops into mind – we’ve all spent gratuitous amounts of time doing repetitive, time-consuming tasks. It’s obvious why the prospect of automating these tasks and getting the time back is such an attractive one, even though most of us that have tried know that this is an absolute reality:
All kidding (but some…..seriousing?) aside, is speed the only benefit? In the realm of IT infrastructure, should we pursue automation only when this other piece of brilliance tells us it’s worth it?
Consider a small deployment of a few switches, a router, maybe some servers. Using manual methods to configure the relatively small amount of infrastructure isn’t really sexy, but it’s also not a huge time suck either. There’s just not a lot of infrastructure in these small deployments, and manual configuration doesn’t really impact the rate of change.
As a result, when discussing automation concepts with small, and even medium-size shops, I’m usually met with understandable skepticism. There’s a huge part of IT industry that assumes that all of our Continue reading
Check your Control Plane
Here it's a short post to explain how you can monitor the control plane activity with ddos-protection's statistics and a simple op-script. ddos-protection is a default feature only available on MPC cards which allows to secure the linecard's CPU and the...Check your Control Plane
Here it's a short post to explain how you can monitor the control plane activity with ddos-protection's statistics and a simple op-script. ddos-protection is a default feature only available on MPC cards which allows to secure the linecard's CPU and the...Automation Isn’t Just About Speed
In talking with folks about automation, the conversation almost always come around to “speed, speed, speed”. It’s easy to see why this is the first benefit that pops into mind - we’ve all spent gratuitous amounts of time doing repetitive, time-consuming tasks. It’s obvious why the prospect of automating these tasks and getting the time back is such an attractive one, even though most of us that have tried know that this is an absolute reality:Automation Isn’t Just About Speed
In talking with folks about automation, the conversation almost always come around to “speed, speed, speed”. It’s easy to see why this is the first benefit that pops into mind - we’ve all spent gratuitous amounts of time doing repetitive, time-consuming tasks. It’s obvious why the prospect of automating these tasks and getting the time back is such an attractive one, even though most of us that have tried know that this is an absolute reality:Making the Most of Wi-Fi Calling
I n the time since Apple’s revelation that iOS 8 would support a form of Wi-Fi calling, the industry has seen a barrage of announcements, even TV commercials, around Wi-Fi calling. Come to find out that many of them are...Facebook’s AIs want you to stop you making a fool of yourself
I’ve always found the tendency of Facebook users to over-share a little strange. You see people exposing their lives in ways that are occasionally charming, often inexplicable, and frequently downright ridiculous or ill-advised (or often both of the latter at the same time).
Gregg O'Connell / Flickr Probably shouldn't be posted on Facebook.
In the latter category are the posts of people who are obviously in advanced states of inebriation doing things that don’t require a caption to reveal that they are being idiots. These kind of posts are the sort of thing that, once sober, will be regretted and will never, ever disappear becoming fodder for the poster’s mother’s disapproval and unwanted attention from employers both current and future.
To read this article in full or to leave a comment, please click here
My Podcasts
Since taking a new role at Cisco, my drive time is less consistent. As a result, finding opportunities to listen to podcasts is more of a challenge. Earlier this week, a road trip I took provided some time to start getting caught up on my listening. Using iCatcher allows me to easily tweet what I’m listening too. As a result of sharing what I listened to, I received some requests regarding the podcasts I listen to. I wanted to share this ever changing list with the PacketU community.
Technology Podcasts
- Cisco Champion Radio
- Cisco TAC Security Podcast Series
- No Strings Attached Show
- Packet Pushers Podcast
- Risky Business
- Software Gone Wild by ipSpace.net
- The Class-C Block
- The IPv6 Show
- The Southern Fried Security Podcast
- VUPaaS – Virtualization as a Service
Business and Leadership
- Freakonomics Radio
- Home Work
- The EntreLeadership Podcast
Also beyond the technology focus of this audience, I often listen to Cold Case Christianity–a Christian Apologetics podcast and Focus on the Family–a faith based podcast focused on strengthening families.
I’m always looking for new sources for good information. If you have podcasts that you enjoy listening to, please share them by sending them to @packetu or commenting below.
Disclaimer: This Continue reading
iPexpert’s Newest “CCIE Wall of Fame” Additions 12/19/2014
Please Join us in congratulating the following iPexpert clients who have passed their CCIE lab!
- Mark Walbank, CCIE #45915 (Data Center)
- David Vernum , CCIE #45880 (Data Center)
- Wilson Huang, CCIE #46040 (Wireless)
We Want to Hear From You!
Have you passed your CCIE lab exam using any iPexpert or Proctor Labs self-study products, or attended our CCIE Bootcamps? If so, we’d like to add you to our CCIE Wall of Fame!
Is Juniper About To Kill Their Entire Security Line? It Seems Not.
This is a quick follow up to a post I made a bit ago about rumored changes to Juniper’s security portfolio. I left that article with one big question in my mind. Is Juniper on the verge of shuttering their entire security portfolio, including the SRX firewall platform and Firefly Perimeter (vSRX)? The answer […]Policy-based Tunnel Selection (PBTS) on Cisco IOS-XR
Recently, I had to look after PBTS on Cisco ASR9K platform and faced some issues, here are some results about my tests. PBTS has the same goal as CBTS on Cisco IOS (Class-Based Tunnel selection) but for Cisco IOS-XR. It provides a tool to direct traffic into specific RSVP-TE tunnels (in the future Segment-Routing tunnels) […]
Author information
The post Policy-based Tunnel Selection (PBTS) on Cisco IOS-XR appeared first on Packet Pushers Podcast and was written by Youssef El Fathi.
PlexxiPulse—Networking For Agile Datacenters, Distributed Cloud Environments and Big Data Applications
This week, we announced new product starter kits that will make it easier for companies to adopt software-defined networking in a way that fits their unique networking environments. The kits are designed for three distinct uses — agile datacenters, distributed cloud environments and Big Data applications — avoiding the “one-size-fits-all” starter kit approach of some other vendors. Visit our product page to learn more. Below are our top picks for networking stories this week.
In this week’s PlexxiTube of the week, Dan Backman discusses the benefits of Plexxi’s Big Data fabric beyond Hadoop applications.
eWEEK: Plexxi Launches SDN Starter Kits for Cloud, Big Data
By Jeff Burt
Plexxi officials want to make it easier for organizations to adopt software-defined networking. Plexxi, a startup in the increasingly crowded software-defined networking (SDN) space, is unveiling three starter kits aimed at agile data centers, cloud environments and big data applications. Company officials said the goal of the starter kits is to give businesses and service providers the tools they need to deploy SDN infrastructures that are tailored to their particular workloads, avoiding what they said is a more one-size-fits-all approach that other vendors are taking.
TechTarget: Networking pros describe their 2015 SDN projects
Continue reading
Juniper OCX – Welcome to the Revolution
Early December 2014, Juniper announced their OCX products that are focused on open, disaggregated networking systems. As one of the instigators of the revolution, it will be intriguing to see which side Juniper is really on.
While competing with Juniper will be interesting, we’re happy to see them recognize the customer drive towards Open Networking. Juniper indicates that they are joining the ranks of start-ups like Cumulus Networks and industry leaders such as Dell in this inevitable industry transition… avoiding the “head in the sand” perspective maintained by some other networking vendors.
There were four main sources of information as part of the announcement.
Initial reading shows us a focus very aligned with Open Networking. They say things like…
Juniper announced the OCX1100 that combines … Junos® operating system with Open Compute Project (OCP) enabled hardware
Let me say that again: Customers will have the ability to remove Junos and deploy another vendor’s operating system
To some not familiar with Juniper, news that we are embracing an open hardware design might sound counterintuitive in that anything “open” is not aligned with our strategy. On the contrary, Juniper has always embraced open architectures and open Continue reading
That’s It for 2014
A dozen webinars, tens of public presentations and on-site workshops, numerous highly interesting ExpertExpress sessions, three books and over 250 blog posts. That should be enough for a year; it’s time to go offline.
I hope your company has a New Year freeze (and not let’s upgrade everything over New Year policy), so you’ll be able to do the same and enjoy some time during the rest of the year with your loved ones. See you in 2015!
