Automation 4. Extracting and Exploring 6WING YANG Modules with NETCONF, Pyang and Ansible

Hello my friend,

Some time ago we’ve explained how to deploy a 6WING vRouter in a Linux environmennt, such as our Open Source Virtualised cloud with Debian Linux and ProxMox. One of the good things about 6WIND is that its configuration is entirely based on YANG modules and is exposable via NETCONF. Today you will learn how to get 6WIND YANG modules, how are they structured with Pyang and how to automate its extraction with Ansible.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Why Is Everyone so Passionate about Model-Driven Automation and YANG?

All we love nice configuration files made in easy readable YANG or JSON, isn’t it? The beauty of working with them is that you don’t need to create a text string parsers, which is always a difficult task. One of the reasons, why it is so difficult to create parsers, is because of ever changing CLI structures and also values in the semi-formatted text, our ascii tables we see Continue reading

How to rsync files between two remotes?

scp -3 can copy files between two remote hosts through localhost. This comes in handy when the two servers cannot communicate directly or if they are unable to authenticate one to the other.1 Unfortunately, rsync does not support such a feature. Here is a trick to emulate the behavior of scp -3 with SSH tunnels.

When syncing with a remote host, rsync invokes ssh to spawn a remote rsync --server process. It interacts with it through its standard input and output. The idea is to recreate the same setup using SSH tunnels and socat, a versatile tool to establish bidirectional data transfers.

The first step is to connect to the source server and ask rsync the command-line to spawn the remote rsync --server process. The -e flag overrides the command to use to get a remote shell: instead of ssh, we use echo.

$ ssh web04
$ rsync -e 'sh -c ">&2 echo $@" echo' -aLv /data/. web05:/data/.
web05 rsync --server -vlogDtpre.iLsfxCIvu . /data/.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(228) [sender=3.2.3]

The second step is to connect to Continue reading

Soap Opera: SRv6 Is Insecure

I heard about SRv6 when it was still on the drawing board, and my initial reaction was “Another attempt to implement source routing. We know how that ends.” The then-counter-argument by one of the proponents went along the lines of “but we’ll use signed headers to prevent abuse” and I thought “yeah, that will work really well in silicon implementations”.

Years later, Andrew Alston decided to document the state of the emperor’s wardrobe (TL&DR: of course SRv6 is insecure and can be easily abused) and the counter-argument this time was “but that applies to any tunnel technology”. Thank you, we knew that all along, and that’s not what was promised.

You might want to browse the rest of that email thread; it’s fun reading unless you built your next-generation network design on SRv6 running across third-party networks… which was another PowerPoint case study used by SRv6 proponents.

Soap Opera: SRv6 Is Insecure

I heard about SRv6 when it was still on the drawing board, and my initial reaction was “Another attempt to implement source routing. We know how that ends.” The then-counter-argument by one of the proponents went along the lines of “but we’ll use signed headers to prevent abuse” and I thought “yeah, that will work really well in silicon implementations”.

Years later, Andrew Alston decided to document the state of the emperor’s wardrobe (TL&DR: of course SRv6 is insecure and can be easily abused) and the counter-argument this time was “but that applies to any tunnel technology”. Thank you, we knew that all along, and that’s not what was promised.

You might want to browse the rest of that email thread; it’s fun reading unless you built your next-generation network design on SRv6 running across third-party networks… which was another PowerPoint case study used by SRv6 proponents.

Weekend Reads 110521


From Facebook to LinkedIn to Indeed, ads are popping up that promise well-paying jobs — if applicants provide their Social Security numbers and other details up front. Scammers then use the information to apply for unemployment benefits.


The coronavirus pandemic giveth to Amazon retail business and its Amazon Web Services cloud business, and the pandemic taketh away from the Amazon retail business.


Companies should recognize that collaboration platforms aren’t isolated, secure channels where traditional threats don’t exist.


The Federal Aviation Administration said on Tuesday it had issued a special information bulletin alerting manufacturers, operators, and pilots that action may be needed to address potential interference with sensitive aircraft electronics caused by the use of 5G telecommunications technology.


The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery.


If not handled in time, the attacks can lead to IP reputation loss and blocklisting, causing severe and expensive damage to companies, but a few precautionary steps can help keep the threats at bay.


The following resources and tutorials will enhance your understanding of container network security and help you get started.


With Continue reading

Is the M1 MacBook Pro Wi-Fi Really Slower?

I ordered a new M1 MacBook Pro to upgrade my existing model from 2016. I’m still waiting on it to arrive by managed to catch a sensationalist headline in the process:

“New MacBook Wi-Fi Slower than Intel Model!”

The article referenced this spec sheet from Apple referencing the various cards and capabilities of the MacBook Pro line. I looked it over and found that, according to the tables, the wireless card in the M1 MacBook Pro is capable of a maximum data rate of 1200 Mbps. The wireless card in the older model Intel MacBook Pro all the way back to 2017 is capable of 1300 Mbps. Case closed! The older one is indeed faster. Except that’s not the case anywhere but on paper.

PHYs, Damned Lies, and Statistics

You’d be forgiven for jumping right to the numbers in the table and using your first grade inequality math to figure out that 1300 is bigger than 1200. I’m sure it’s what the authors of the article did. Me? I decided to dig in a little deeper to find some answers.

It only took me about 10 seconds to find the first answer as to one of the differences in Continue reading

When students go back to school mobile usage goes down

When students go back to school mobile usage goes down
When students go back to school mobile usage goes down

For many (especially in the Northern Hemisphere, where about 87% of humans live), September is the “get back to school” (or work) month after a summer break and that also reflects changes in the Internet traffic, particularly in mobile usage.

Looking at our data (you can see many of these insights in Cloudflare Radar) there’s a global trend: mobile traffic lost importance (compared with desktop traffic) in September. The next chart shows there was less percentage of Internet traffic from mobile devices after Monday, September 6, 2021, with a difference of -2% in some days, compared with the previous four weeks (August), and in late September it’s more than -3%.

When students go back to school mobile usage goes down

We can also see that the percentage of desktop traffic increased in September compared to August (we compare here to complete weeks between both months because there are significant differences between weekdays and weekends).

When students go back to school mobile usage goes down

A few of weeks ago, we  saw there are considerable differences between countries regarding the importance of mobile usage. Getting back to work (or office hours) usually means an increase in desktop traffic. In that blog we highlighted the advantages that mobile devices brought to developing countries — many had their first contact with Continue reading

Video: How Can You Master Public Cloud Networking?

If you’re a regular reader of this blog, you’ve probably realized there’s still need for networking in public clouds, and mastering it requires slightly different set of skills. What could you as a networking engineer to get fluent in this different world? I collected a few hints in the last video in Introduction to Cloud Computing webinar.

Watch the video
You need Free ipSpace.net Subscription to watch the video.

Video: How Can You Master Public Cloud Networking?

If you’re a regular reader of this blog, you’ve probably realized there’s still need for networking in public clouds, and mastering it requires slightly different set of skills. What could you as a networking engineer to get fluent in this different world? I collected a few hints in the last video in Introduction to Cloud Computing webinar.

Watch the video
You need Free ipSpace.net Subscription to watch the video.

Using chpasswd to change account passwords on Linux

The chpasswd command allows admins to change account passwords by piping username and password combinations to it.This can be done one-account-at-a-time or by putting all of the accounts to be modified in a file and piping the file to the command.[Get regularly scheduled insights by signing up for Network World newsletters.] How to use chpasswd Using the chpasswd command requires root privilege. You can switch to the root account and run a command like this:# echo nemo:imafish | chpasswd Better yet, you can use sudo with a command like this:To read this article in full, please click here

Using chpasswd to change account passwords on Linux

The chpasswd command allows admins to change account passwords by piping username and password combinations to it.This can be done one-account-at-a-time or by putting all of the accounts to be modified in a file and piping the file to the command.[Get regularly scheduled insights by signing up for Network World newsletters.] How to use chpasswd Using the chpasswd command requires root privilege. You can switch to the root account and run a command like this:# echo nemo:imafish | chpasswd Better yet, you can use sudo with a command like this:To read this article in full, please click here

Rockport Networks debuts the “switchless” network

A startup called Rockport Networks has exited stealth mode with an intriguing product: a switchless network. It claims the Rockport Switchless Network product can move data faster and with better latency than switched networks.In a Rockport Switchless Network, switching functionality has been reassigned to intelligent endpoint network cards where these devices (nodes) become the network. Each device has an FPGA and can connect up to 24 endpoints to a dedicated 1U SHFL (pronounced “shuffle”) optical device using passive cabling.[Get regularly scheduled insights by signing up for Network World newsletters.] SHFLs need no power or cooling and can be linked together to scale out the network. Ethernet and InfiniBand traffic can be carried over the Rockport network. The network cards are standard, low-profile half height, half length (HHHL) PCIe cards.To read this article in full, please click here

Rockport Networks debuts the “switchless” network

A startup called Rockport Networks has exited stealth mode with an intriguing product: a switchless network. It claims the Rockport Switchless Network product can move data faster and with better latency than switched networks.In a Rockport Switchless Network, switching functionality has been reassigned to intelligent endpoint network cards where these devices (nodes) become the network. Each device has an FPGA and can connect up to 24 endpoints to a dedicated 1U SHFL (pronounced “shuffle”) optical device using passive cabling.[Get regularly scheduled insights by signing up for Network World newsletters.] SHFLs need no power or cooling and can be linked together to scale out the network. Ethernet and InfiniBand traffic can be carried over the Rockport network. The network cards are standard, low-profile half height, half length (HHHL) PCIe cards.To read this article in full, please click here

Wacky as Facebook’s metaverse sounds, enterprises will have to deal with it

In our modern world, “metaverse” is the term applied to an artificial reality, a virtual world inhabited by avatars that represent real people and perhaps other AI virtual beings, too.What makes the concept relevant to enterprises are the Facebook decision to embrace metaverse as the future, the fact that others like Microsoft are following along, and the promise that it could redefine meetings, sales calls, support, and even work overall. Network planners would then have to consider its impact on traffic and connectivity.[Get regularly scheduled insights by signing up for Network World newsletters.] One big get-it-approved problem with the metaverse for enterprise is likely to be security. Facebook has had a lot of recent bad press for favoring profit over the welfare of its users, and that sort of thing sets compliance officers a-tingle, so self-hosting might be a solution. Executing that is partly a software issue and partly a network issue.The former, we can assume, would be handled by open-source development arising out of the interest Facebook has created. The latter isn’t as easy to dismiss.To read this article in full, please click here

Hedge 107: Career Advice with Terry Slattery

Whether you’re just starting in your technology career, or you’re an old hand who likes to go back to basics and understand how to move forward in your career, this episode of the Hedge is for you. Terry Slattery joins Tom Ammon and Russ White to discuss the things you can do to build a successful career as in the world of network engineering.

download

1 624 625 626 627 628 3,835