In my previous post, I walked through how to install FRRouting. Now that FRR is installed we can get down to the fun stuff. In this post, I will walk through how to configure a simple network running OSPF. Open Shortest Path First (OSPF) is a Link State protocol. A Link State routing protocol builds a comprehensive view of the network. This view contains all possible routes along with link cost. Each device that participates in OSPF uses the Shortest Path First (Dijkstra algorithm) to determine the best path to all the other routers in the network.
Continue ReadingFRRouting allows Linux and BSD machines to participate in network routing decisions. FRR is used in Cumulus Linux as part of their open network operating system. It came into being as a fork of Quagga. One of the main reasons given for the fork was that the pace of development for Quagga was too slow.
Continue ReadingNot all AWS peering connections are created equal. Below are a few things to keep in mind when designing your AWS VPC environment.
In a traditional data center setup, the connected devices in A and C would be able communicate with each other. However, if you try to implement this setup with VPC peering you will be surprised to find out that it's not going to work. For resources in VPC A to communicate with devices located in VPC C a peering connection will need to be created between the two.
Continue ReadingIn an AWS VPC, the first four IP addresses and the last IP address in each subnet are reserved. These IP addresses can't be assigned directly to a resource. This is something that you need to keep in mind when creating a VPC. If you end up creating a CIDR block that's too small you are out of luck.
Continue ReadingWhile studying for the AWS Certified Advanced Networking exam, I came across a few things that I wanted to write down. First on the list is route priority. As a network engineer, I've been taught that the most specific route wins. That is not necessarily the case in a VPC. Instead a subnet that is marked as local in the VPC route table is always preferred. It does not matter if there is a more specific prefix pointing to a resource outside the VPC.
Continue ReadingA few weeks back, I got the idea in my head to setup an F5 BIG-IP for my home lab. In a previous position, I had been utilizing the F5 Rest API to manage a bunch of BIG-IP devices. I thought it was time to take another look at the API to see what it could do. Locating a copy of the BIP-IP virtual edition wasn’t that hard. I created an account on the F5 website and filled out a request for a 90-day trial license. With that out of the way, I downloaded a copy of the OVA. The install process went relatively smooth. Feel free to continue reading if you would like to learn how to setup a BIG-IP lab environment.
Continue ReadingHave you ever been stuck on a Windows machine but really wanted to use a utility like grep or dig. For the longest time, Cygwin was my go to solution. As much as I like Cygwin, it is not without its faults. Enter the Windows Subsystem for Linux. Enter the Windows Subsystem for Linux. I was a little skeptical at first, but have been pleasantly surprised with the results.
Continue ReadingMastering Python Networking by Eric Chou covers a wide range of topics including NETCONF, vendor APIs, Ansible, and Scapy. As a network engineer, I was excited to find a book that focused on how to use python to automate network centric task. Most of the python material I've found online and in print tends to lean more towards general purpose programing and server administration.
Continue ReadingWhile searching through NANOG presentations on YouTube, I came across a pair of interesting talks by David Swafford from Facebook. In the videos, David talks about a system called FBAR (Facebook Auto Remediation). This tool is used at Facebook to automagically remediate issues that crop up inside the company's infrastructure.
Continue ReadingOnce my ZTP test environment was setup, I decided to take it out for a spin.
After building out the ZTP server, I was curious if I could take it a step further. My goal was to cut down on the time it takes to create and upload my switch configuration files. I accomplished this by using Python and Jinja2. Presto, I now have a quick and easy way to give each device a custom configuration file and IP address reservation.
Continue ReadingDHCP is a crucial part of the zero touch provisioning process. The DHCP server will need to be configured to send out specific options. These options will be used to instruct the switch on which image to install and what config file to apply.
Depending on the DHCP server that is setup there are a couple of different things that can be done. Options can be setup on a global level for all members in the DHCP scope or per reservation based on the switches mac address. For my test, I setup on installed DHCP on a Linux box running CentOS7. DHCP scopes are configured under /etc/dhcp/dhcpd.conf. An example file can be found in /usr/share/doc/dhcp-your-version/dhcpd.conf.example.
Continue ReadingIn order for ZTP to work, a file repository will need to be created. The repository will store network device configuration files and installation media. Depending on your personal preference these files can be hosted on an FTP, TFTP, or Web server. For my test, I setup an instance of Nginx on a Linux box running CentOS7.
Continue ReadingAfter spending hours racking a ton of new network switches, have you ever dreamt about powering up the gear and then walking away as it magically configures itself? I have to admit that this thought has crossed my mind a couple of times.
One day after such an event, I went about seeing what I could do to make my pie in the sky dream come true. What I came across is a technology that has been around for some time that most vendors support in one way or another. It may go by slightly different names but the concept is pretty much the same. Do a little bit of pre-work and have the switch magically provision itself during the initial boot process.
Today I will briefly walk through what I've learned about zero touch provisioning (ZTP) on Juniper devices. ZTP works by leveraging DHCP options. In my mind the process is similar to the one used by Cisco phones to grab settings on startup. So how does it all work? Let's walk through the process.
Continue Reading