FRRouting and OSPF

Posted September 14, 2018 by Matthew McGeehan

In my previous post, I walked through how to install FRRouting. Now that FRR is installed we can get down to the fun stuff. In this post, I will walk through how to configure a simple network running OSPF. Open Shortest Path First (OSPF) is a Link State protocol. A Link State routing protocol builds a comprehensive view of the network. This view contains all possible routes along with link cost. Each device that participates in OSPF uses the Shortest Path First (Dijkstra algorithm) to determine the best path to all the other routers in the network.

Continue Reading

FRRouting for Fun and Profit

Posted August 31, 2018 by Matthew McGeehan

FRRouting allows Linux and BSD machines to participate in network routing decisions. FRR is used in Cumulus Linux as part of their open network operating system. It came into being as a fork of Quagga. One of the main reasons given for the fork was that the pace of development for Quagga was too slow.

Continue Reading

AWS - VPC Peering Restrictions

Posted August 22, 2018 by Matthew McGeehan

Not all AWS peering connections are created equal. Below are a few things to keep in mind when designing your AWS VPC environment.

Transitive Peering

In a traditional data center setup, the connected devices in A and C would be able communicate with each other. However, if you try to implement this setup with VPC peering you will be surprised to find out that it's not going to work. For resources in VPC A to communicate with devices located in VPC C a peering connection will need to be created between the two.

Continue Reading

AWS - VPC Reserved IP Addresses

Posted August 21, 2018 by Matthew McGeehan

In an AWS VPC, the first four IP addresses and the last IP address in each subnet are reserved. These IP addresses can't be assigned directly to a resource. This is something that you need to keep in mind when creating a VPC. If you end up creating a CIDR block that's too small you are out of luck.

Continue Reading

AWS - VPC Route Table Priority

Posted August 17, 2018 by Matthew McGeehan

While studying for the AWS Certified Advanced Networking exam, I came across a few things that I wanted to write down. First on the list is route priority. As a network engineer, I've been taught that the most specific route wins. That is not necessarily the case in a VPC. Instead a subnet that is marked as local in the VPC route table is always preferred. It does not matter if there is a more specific prefix pointing to a resource outside the VPC.

Continue Reading

Who hasn’t wanted to setup an F5 in their spare time?

Posted August 16, 2018 by Matthew McGeehan

A few weeks back, I got the idea in my head to setup an F5 BIG-IP for my home lab. In a previous position, I had been utilizing the F5 Rest API to manage a bunch of BIG-IP devices. I thought it was time to take another look at the API to see what it could do. Locating a copy of the BIP-IP virtual edition wasn’t that hard. I created an account on the F5 website and filled out a request for a 90-day trial license. With that out of the way, I downloaded a copy of the OVA. The install process went relatively smooth. Feel free to continue reading if you would like to learn how to setup a BIG-IP lab environment.

Continue Reading

Windows Subsystem for Linux

Posted August 10, 2018 by Matthew McGeehan

Have you ever been stuck on a Windows machine but really wanted to use a utility like grep or dig. For the longest time, Cygwin was my go to solution. As much as I like Cygwin, it is not without its faults. Enter the Windows Subsystem for Linux. Enter the Windows Subsystem for Linux. I was a little skeptical at first, but have been pleasantly surprised with the results.

Continue Reading

Book Review - Mastering Python Networking

Posted August 4, 2018 by Matthew McGeehan

Mastering Python Networking by Eric Chou covers a wide range of topics including NETCONF, vendor APIs, Ansible, and Scapy. As a network engineer, I was excited to find a book that focused on how to use python to automate network centric task. Most of the python material I've found online and in print tends to lean more towards general purpose programing and server administration.

Continue Reading

NetOps - Facebook Auto Remediation

Posted November 2, 2017 by Matthew McGeehan

While searching through NANOG presentations on YouTube, I came across a pair of interesting talks by David Swafford from Facebook. In the videos, David talks about a system called FBAR (Facebook Auto Remediation). This tool is used at Facebook to automagically remediate issues that crop up inside the company's infrastructure.

Continue Reading

Juniper ZTP Setup Part 5 - Conclusion

Posted September 23, 2017 by Matthew McGeehan

Once my ZTP test environment was setup, I decided to take it out for a spin.

  1. First, I powered up a vQFX.
  2. Once the switch had booted up, the following information scrolled across the screen.
Continue Reading

Juniper ZTP Setup Part 4 - Python and Jinja2

Posted September 22, 2017 by Matthew McGeehan

After building out the ZTP server, I was curious if I could take it a step further. My goal was to cut down on the time it takes to create and upload my switch configuration files. I accomplished this by using Python and Jinja2. Presto, I now have a quick and easy way to give each device a custom configuration file and IP address reservation.

Continue Reading

Juniper Zero Touch Configuration (ZTP) Part 3 - DHCP Server Setup

Posted September 20, 2017 by Matthew McGeehan

DHCP is a crucial part of the zero touch provisioning process. The DHCP server will need to be configured to send out specific options. These options will be used to instruct the switch on which image to install and what config file to apply.

Depending on the DHCP server that is setup there are a couple of different things that can be done. Options can be setup on a global level for all members in the DHCP scope or per reservation based on the switches mac address. For my test, I setup on installed DHCP on a Linux box running CentOS7. DHCP scopes are configured under /etc/dhcp/dhcpd.conf. An example file can be found in /usr/share/doc/dhcp-your-version/dhcpd.conf.example.

Continue Reading

Juniper Zero Touch Configuration (ZTP) Part 2 - Nginx Server Setup

Posted September 12, 2017 by Matthew McGeehan

In order for ZTP to work, a file repository will need to be created. The repository will store network device configuration files and installation media. Depending on your personal preference these files can be hosted on an FTP, TFTP, or Web server. For my test, I setup an instance of Nginx on a Linux box running CentOS7.

Continue Reading

Juniper Zero Touch Configuration (ZTP) Part 1 - Overview

Posted September 9, 2017 by Matthew McGeehan

After spending hours racking a ton of new network switches, have you ever dreamt about powering up the gear and then walking away as it magically configures itself? I have to admit that this thought has crossed my mind a couple of times.

One day after such an event, I went about seeing what I could do to make my pie in the sky dream come true. What I came across is a technology that has been around for some time that most vendors support in one way or another. It may go by slightly different names but the concept is pretty much the same. Do a little bit of pre-work and have the switch magically provision itself during the initial boot process.

Today I will briefly walk through what I've learned about zero touch provisioning (ZTP) on Juniper devices. ZTP works by leveraging DHCP options. In my mind the process is similar to the one used by Cisco phones to grab settings on startup. So how does it all work? Let's walk through the process.

Continue Reading