0

GNMI. Part 2. Decoding Protobuf messages with Python.

Hello my friend,

In the previous blogpost we started the discussion about the gNMI/Protobof approach to network automation by creating the Protobuf message. Today we continue it showing read the Protobuf messages.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Network automation training – self-paced and live online

Network automation is a must-have technology set in all the industries these days. It is no more the matter of innovation, it is a matter of normal business operation. And we are happy to help you and your company with automation by providing the necessary holistic knowledge, skills and tools to make your automation journey successful:

At this training we teach you all the necessary concepts such as YANG data modelling, working with JSON/YAML/XML/Protobuf data formats, Linux administration basics, programming in Bash/Ansible/Python for multiple network operation systems including Cisco IOS XR, Nokia SR OS, Arista EOS and Cumulus Linux. All the most useful things such as NETCONF/RESTCONF, REST API, gNMI, OpenConfig and many others. Don’t miss Continue reading

0

Starship Prompt Install and Configure

Over the years I have customised my shell prompt to make it "cool" and "informative". Previously I have used powerline and powerlevel10k. Both were pretty nice, with powerlevel10k being the much faster of the two. I recently came across the Starship project which looks pretty rad....

0

Starship Prompt Install and Configure

Over the years I have customised my shell prompt to make it "cool" and "informative". Previously I have used powerline and powerlevel10k. Both were pretty nice, with powerlevel10k being the much faster of the two. I recently came across the Starship project which looks pretty rad....continue reading

0

Starship Prompt Install and Configure

Over the years I have customised my shell prompt to make it "cool" and "informative". Previously I have used powerline and powerlevel10k. Both were pretty nice, with powerlevel10k being the much faster of the two. I recently came across the Starship project which looks pretty rad....continue reading

0

Colorization of RFC 2992(Analysis of an ECMP Algorithm)

Motivation

I recently observed a conversation around ECMP/Hash buckets which made me realize on how the end to end concept is not very well understood. So this provided me enough motivation to write about this topic which will be covered in various upcoming blog posts. But while thinking about the subject, I ran into an interesting RFC RFC2992. This RFC goes through a simple mathematical proof which I found impressive due to the fact that someone wrote that in ASCII in 2000. My intent in this blog post is to provide some colorization to the RFC and perhaps cover a bit more in detail.

Introduction

In the RFC, the focus is on Hash-threshold implementation for mapping hash values to the next-hop. To re-iterate for completeness sake, we all know that a router computes a hash key based on certain fields, like SRC IP, DST IP, SRC Port, DST Port by performing a hash (CRC16, CRC32, XOR16, XOR32 etc.). This hash gets mapped to a region and the next-hop assigned to that region is where the flow get’s assigned.

For example,assume that we have 5-next hops to choose from and we have a key space which is 40 bits wide. Continue reading

0

SONiC and White Box switches in the Enterprise DC! – Part 3

After discussing the architecture of our design during part 1, and the underlay configuration during part 2, today i’ll show how the overlay it’s configured and hopefully we will be able to draw our conclusions to the question: Are SONiC and White Box switches ready to be used in the enterprise DC?

Our two servers will be connected with LACP and trunk interfaces. 1 VLAN will be bridged (no SVI) and both servers will have an interface into such vlan so that layer 2 can be tested.
Other 2 vlans instead will each be configured on a different pair of switches together with an SVI so that Layer 3 symmetric IRB can be tested.

VRF Configuration

First of all, let’s create a VRF. This vrf requires an VLAN and a Layer 3 VNI for symmetric IRB to function. Configuration is really simple, but a small caveat must be overlooked, specifically every vrf must contain the prefix Vrf- in the name.

From a configuration point of view, we have to follow the usual steps:

1. Create a VRF
2. Create a Vlan and allow it to the peer-link port channel
3. Create a SVI interface and assign it to the VRF itself
4. Continue reading

0

MUST READ: Attracting and Retaining Talent

If you treat your engineers like interchangeable human resources you’ll get the results you deserve ;)… but if you wonder how to make them keep them happy and production, there’s no better place to start than the Key Factors in Attracting and Retaining Talent by Daniel Dib.

0

Growing a Beard

The eternal struggle of a beard leper.

0

Wireguard Server and QR Code scan in the mobile app – It’s that simple to set-up a VPN

Fancy a VPN build in under 10 minutes? , there are many vendors outside who offer mobile App and connectivity all through the world, most of the times ofcourse they under perform. Be it for beating Apps which impose Geographical restrictions etc.

What is wireguard ?

https://www.wireguard.com/ – you can read all about it

Why do you need it ?

Simple and easy to build your own VPN service plus Pay as you Go by turning off the cloud instance and Wire-guard has some cutting edge encryption at the software level, which makes it performs better even in cloud instances.

Do i need to Install anything?

All you need is to run a docker image.

https://hub.docker.com/r/linuxserver/wireguard – and you will have all install instructions

Ok i have installed whats Next?

Get your Mobile App, and scan the QR code generated by the system.

Next ?

Nothing, download the app and you are good to by scanning this and you are on your way to your own VPN

How do i verify my traffic stats ?

Log into docker and execute wg, all stats will be readily available

-Rakesh

0

Weekend Reads 041520

Even before it announced that it would seek Chapter 11 bankruptcy, Frontier had a well-deserved reputation for mismanagement and abusive conduct. In an industry that routinely enrages its customers, Frontier was the literal poster-child for underinvestment and neglect, an industry leader in outages and poor quality of service, and the inventor of the industry’s most outrageous and absurd billing practices. —EFF

Observability matters. You should care about it. And vendors need to stop trying to confuse people into buying the same old bullshit tools by smooshing them together and slapping on a new label. Exactly how long do they expect to fool people for, anyway? —Charity

As we all know, RPKI is getting a lot of attention and traction nowadays. At the RIPE NCC, we operate one of the five Trust Anchors, a hosted RPKI service, and one of the Validator software packages. A big responsibility that we don’t take lightly. We’re constantly improving code and procedures to ensure we’re following the latest RFC and best practices. Also, security is of key(!) importance. —Nathalie Trenama

Technology always evolves and I’ve been reading about where scientists envision the evolution of 5G. The first generation of 5G, which will be rolled Continue reading

0

Heavy Networking 517: DriveNets Disaggregates SP And Cloud Networks To Boost Capacity, Control Costs(Sponsored)

Heavy Networking gets nerdy about disaggregation with sponsor DriveNets. The company's Network Cloud routing software runs on whitebox hardware and enables service providers and telcos to quickly scale capacity, control capital outlay, and support automation. Our guests are Amir Krayden, VP R&D Customers; and Yuval Moshe, VP of Products.

The post Heavy Networking 517: DriveNets Disaggregates SP And Cloud Networks To Boost Capacity, Control Costs(Sponsored) appeared first on Packet Pushers.

0

Heavy Networking 517: DriveNets Disaggregates SP And Cloud Networks To Boost Capacity, Control Costs(Sponsored)

Heavy Networking gets nerdy about disaggregation with sponsor DriveNets. The company's Network Cloud routing software runs on whitebox hardware and enables service providers and telcos to quickly scale capacity, control capital outlay, and support automation. Our guests are Amir Krayden, VP R&D Customers; and Yuval Moshe, VP of Products.

0

Anthology Product Marketing

I’m a storyteller. I realize this based on the fact that I tell them a lot. I’ve been told by a lot of people that I tell stories all the time. I’m okay with this. And a lot of the time I’m totally good at it. But one of the side effects of being someone that enjoys telling stories is that you recognize them in others and you start critiquing.

One of the more recent trends I’ve seen in product marketing revolves around stories. We’ve seen people telling all kinds of narratives about how disparate pieces of the puzzle fit together. It’s important because it frames the discussion for everyone. But I’ve also noticed some companies focus less on the framing story and more on the pieces. And it made me realize that’s a different kind of story.

Pieces and Parts

Merriam-Webster defines an anthology as a collection of selected literary pieces or passages or works of art or music. When I think of an anthology movie or video series, I think of a collection of disconnected stories around a framing device. Sometimes that device is as tenuous as a shared narrator, such as the Twilight Zone or Tales from Continue reading

0

BIER – Bit Indexed Explicit Replication

0

For Tribal Lands Ravaged by COVID-19, Broadband Access Is a Matter of Life and Death

This opinion piece was originally published in Arizona Central.

If anyone doubted the importance of the Internet before the COVID-19 pandemic, those doubts have vanished like toilet paper at Kroger. During this time, the Internet has proved to be a lifeline, delivering the latest coronavirus health and emergency updates, connecting people to coworkers and bosses, and facilitating online classes.

But this is only the case for those lucky enough to have access. The American Library Association says seven in 10 residents on rural tribal lands remain without access to fixed high-capacity broadband. Making matters worse, massive swaths of tribal land don’t even have a cellphone signal, much less a broadband Internet connection.

No Internet access means no access to the economic opportunities the Internet holds. In 2018 alone, the Internet sector accounted for $2.1 trillion of the U.S. economy. But during this pandemic, many residents of rural Indian Country don’t have the luxury of dreaming up online business plans.

They are instead fearful for their lives and the lives of their loved ones who lack access to solutions like telehealth or online counseling during this time of isolation.

A lack of access leaves us behind

The Internet was always Continue reading

0

Use Layer 7 Application Identity in Your Segmentation Policies

With the launch of VMware NSX in 2013, VMware pioneered micro-segmentation. Back then our solution was based on stateful Layer 4 filtering. We’ve added in dynamic grouping, enabling policies based on VM context such as VM Name, Operating System or Security Tags. Using dynamic grouping, the life cycle of a Service-defined Firewall policy is directly tied to the life cycle of the workloads/application it’s protecting. This is radically different from traditional firewalls which use IP-address based policies. 

Another addition to our Service-defined firewall is Layer 7 Application Identity.  You may be familiar with the concept from the perspective of a perimeter firewall where it can be used to allow access to Facebook chat but block access to Facebook games. The data center is different and so are the use cases for layer 7 Application Identity.  

In this blog I will cover why organizations should use Layer 7 Application Identity in their data center segmentation policies. 

What Are the Problems with Port-Based Rules?

While stateful Layer 4 firewalls have significantly reduced both the complexity and security gaps that come with configuring stateless Access Control Continue reading

0

Network-Layer DDoS Attack Trends for Q1 2020

As we wrapped up the first quarter of 2020, we set out to understand if and how DDoS attack trends have shifted during this unprecedented time of global shelter in place. Since then, traffic levels have increased by over 50% in many countries, but have DDoS attacks increased as well?

Traffic increases are often observed during holiday seasons. During holidays, people may spend more time online; whether shopping, ordering food, playing online games or a myriad of other online activities. This higher usage translates into higher revenue per minute for the companies that provide those various online services.

Downtime or service degradation during these peak times could result in user churn and loss of significant revenue in a very short time. ITIC estimates that the average cost of an outage is $5,600 per minute, which extrapolates to well over $300K per hour. It is therefore no surprise that attackers capitalize on the opportunity by launching a higher number of DDoS attacks during the holiday seasons.

The current pandemic has a similar cause and effect. People are forced to stay home. They have become more reliant on online services to accomplish their daily tasks which has generated a surge in the Continue reading

0

Smart NICs with Silvano Gai on Software Gone Wild

A while ago we discussed a software-focused view of Network Interface Cards (NICs) with Luke Gorrie, and a hardware-focused view of them with Or Gerlitz (Mellanox), Andy Gospodarek (Broadcom) and Jiri Pirko (Mellanox).

Why would anyone want to implement features in hardware and not in software, and what would be the best hardware implementation? We discussed these dilemmas with Silvano Gai in Episode 110 of Software Gone Wild podcast.

0

Growing a Beard

It's 2020 and the world is coming to an end. Everyone is in lock down due to some kind of killer bat virus. I have always wanted to grow a beard and seeing every one with their awesome lock down beards has inspired me to grow one of my own. The Problem I'll be 41 this year. I was...

0

Growing a Beard

It's 2020 and the world is coming to an end. Everyone is in lock down due to some kind of killer bat virus. I have always wanted to grow a beard and seeing every one with their awesome lock down beards has inspired me to grow one of my own. The Problem I'll be 41 this year. I was...continue reading