Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - wintermute000

#2
Forum Lobby / discord?
March 22, 2019, 03:29:16 AM
I know we tried the slack thing and it didn't work out, but anyone up for a discord channel?
#3
As per title.


Meraki instructions have no references to High availability, redundancy or anything of that sort :/


There's no point running a traditional HA cluster as you need the second unit to be standalone in its own subnet and separate AZ for obvious reasons.


I was thinking run it as a lower priority hub then use a lambda to rewrite VPC route tables if the primary EC2 instance goes down?
#4
Forum Lobby / surface convert
July 29, 2018, 03:17:37 AM

I had a surface pro 2, thought it was mediocre and was always wishing for either a real laptop or a real tablet. Sold it for ~70% of the price after 6 months.



Typing this now on the low end m3/4Gb/128Gb Surface Pro 2017 and I am totally converted.
Bought it as a home laptop/tablet-in-1 and it absolutely rocks - there's a pricing deal where you get it and the keyboard for basically the same price as an ipad pro, so why not.
The only downside is the somewhat crappy touch interface but seeing as 99% of my touch use-case is reading PDFs, ebooks, browsing and movies its not really a big deal.


I'm so convinced that I'm going to go full surface instead of upgrading my desktop once the following criteria is met


- 8th gen procs
- LTE
- USB-C with 4-lane thunderbolt for eGPU support


Here's hoping my desktop and work laptop can hold out long enough LOL
#5
Routing and Switching / 3850 funny QoS counters
July 03, 2018, 08:01:28 PM
Am I missing something here or does below QOS counter output (C3850) not make any sense?


Output counters differ between parent and child (But there's only 1 child and 1 parent...)

       
  • Bytes are allegedly output in priority queue but the priority class matches 0
  • No packets match any classes but packets are being output not dropped (confirmed via show interface as well)
Only sane conclusion is that counters are not to be trusted


Note: this is a lab switch - reproducing a field issue (basically reproduced it, in a roundabout way... the 'real' unit has 0s across the board as to counters but there are no drops either)


me-ld8r07-esw04#sh policy-map int g1/0/3
GigabitEthernet1/0/3

  Service-policy output: PM-TESTQOS-50M-PARENT

    Class-map: class-default (match-any)
      0 packets
      Match: any
      Queueing

      (total drops) 0
      (bytes output) 366228586
      shape (average) cir 990000000, bc 3960000, be 3960000
      target shape rate 990000000

      Service-policy : PM-TESTQOS-50M-CHILD

        queue stats for all priority classes:
          Queueing

          (total drops) 0
          (bytes output) 112407452

        Class-map: CM-TESTQOS-VOICE (match-any)
          0 packets
          Match:  dscp ef (46)
            0 packets, 0 bytes
            30 second rate 0 bps
          Priority: 20000 kbps, burst bytes 500000,


        Class-map: class-default (match-any)
          0 packets
          Match: any


          (total drops) 0
          (bytes output) 253821134

Config is bare-bones testing

class-map match-any CM-TESTQOS-VOICE
  match  dscp ef

policy-map PM-TESTQOS-50M-CHILD
class CM-TESTQOS-VOICE
    priority 20000
class class-default

policy-map PM-TESTQOS-50M-PARENT
class class-default
    shape average 990000000
   service-policy PM-TESTQOS-50M-CHILD
#6



https://github.com/wintermute000/csr-netconf-config


NETCONF python scripts to get and edit config - tested on CSR1000V IOS-XE 16.5+


csr-netconf-get-config.py
csr-netconf-edit-config
requires: ncclient



csr-netconf-get-config.py:
Usage
Uses ncclient to connect and pull raw NETCONF XML configuration using get-config operation.
Raw output saved to [hostname].config.xml - includes full NETCONF XML wrappers ( etc.)
Use parameter to input the XML filter - defaults to "< native > < /native >" as per IOS-XE native YANG model



csr-netconf-edit-config.py:
Usage
Uses ncclient to connect and edit NETCONF XML configuration using edit-config operation.
Builds proper NETCONF payload by wrapping "config" tag around input XML
Use parameter to input the appropriate tag that includes the appropriate input XML element - e.g. use 'native' for IOS-XE native YANG model container - do this if you only want to send a sub-section (tag) of a larger XML configuration

       
#7
After wrestling with YDK (YANG development kit) installation for more time than I'd like to admit, I automated the thing in Ansible so I can reliably instantiate it at will.

0.7.1 has a convoluted install, hacks involved, and the documentation is.... eh.... (lets just say that parts contradict other parts, and parts that don't work aren't removed/caveated).

https://github.com/wintermute000/testvm-ansible/tree/master/roles/configure-yanghosts

YDK is this
https://github.com/CiscoDevNet/ydk-py



#8
https://learningnetworkstore.cisco.com/on-demand-e-learning/designing-and-implementing-cisco-network-programmability-npdesi-v-1-0-elt-npdesi-v1-0-020749

Around halfway through it and enjoying it. Though a lot of people will find the first few (1-7) modules laughably easy or redundant (no I don't need to learn how to navigate a linux CLI or learn lists vs tuples in python... ), but it ramps up - just look at the topics. You could argue that its too broad and not deep enough which may be fair, but the breath of exposure you get is good in itself.

You really get a good chance to touch a vast range of APIs and understand the complete mess the CSCO ecosystem is where every OS family/product seems to have a different API model :p
They don't shy away from the nasty NETCONF/XML which is where I've found the most value so far. Lots of labs. For example, to close out the NX-OS module, you have to program and/or fix a bunch of NX-API scripts (yeah they give you broken scripts and tell you to figure it out lol), then NETCONF scripts against a live NXOSv box (like a open book test). I'm esp keen to get my teeth into the two very meaty YANG sections

The material is well structured assuming you are comfortable with basic python - if you're a total n00b then you may find it hard going even with the intro modules.

The only big gripe is that programming in a linux VNC session in a browser is the absolute pits. No IDE, can't cut and paste from your normal desktop/browser, and even terminal sessions lag interminably. Also crappy screen resolution FTW. I really wish they'd let you SSH directly into the lab boxes then it would be fine, and only use the VNC session for browser stuff (mostly postman as u would expect). Or even better, do it all on your own linux box (pull down the code samples from git etc.) and just have a ssh or VPN + ssh session into the live test devices. oh well (they do actually even mark some of the labs!)

It is expensive for sure but it is a fraction of the price of your standard 5-day on-site training so a pretty good case can be made to management. Also Cisco partners get a discount (came out 35% off for me, you'll see it if your CCO is correctly associated)

Section 1:
Introduction to Network Programmability
1.1 Introduction
1.2 Understanding Software-Defined Networking
1.3 Traditional versus Software-Defined Networks
1.4 Current Industry Trends
1.5 Network Programmability and Automation
1.6 Introduction to Cisco Platforms and APIs
1.7 Challenge




Section 2:
Linux Primer for Network Engineers
2.1 Introduction
2.2 Why Learn Linux?
2.3 Navigating the Linux File System
2.4 Linux Distributions and Package Managers
2.5 Working with Files and Directories
2.6 Linux Processes
2.7 Using the Linux Command Line
2.8 Challenge




Section 3:
Linux Networking
3.1 Introduction
3.2 Basic Linux Networking Commands
3.3 Persistent Network Configuration
3.4 Linux Networking
3.5 Challenge




Section 4:
Python Foundations for Network Engineers – Part 1
4.1 Introduction
4.2 Understanding Python
4.3 Data Types: Strings
4.4 Data Type: Numbers
4.5 Data Type: Booleans
4.6 Conditionals
4.7 Python Foundations - Part 1
4.8 Challenge




Section 5:
Python Foundations for Network Engineers – Part 2
5.1 Introduction
5.2 Lists
5.3 Dictionaries
5.4 Loops
5.5 Function
5.6 Working with Files
5.7 Python Foundations – Part 2
5.8 Challenge




Section 6:
Writing and Troubleshooting Python Scripts
6.1 Introduction
6.2 Writing Scripts
6.3 Executing Scripts
6.4 Analyzing Code
6.5 Error Handling
6.6 Writing and Troubleshooting Python Scripts
6.7 Challenge




Section 7:
Python Libraries
7.1 Introduction
7.2 Python Libraries
7.3 Python Module
7.4 Python Package
7.5 Custom Python Libraries
7.6 Challenge




Section 8:
Introduction to Network APIs and Protocols
8.1 Introduction
8.2 Evolution of Device Management and Programmability
8.3 Data Encoding Formats
8.4 JSON
8.5 Working with JSON Objects in Python
8.6 XML
8.7 Using XML in Python
8.8 Data Models
8.9 Model-Driven Programmability Stack
8.10 REST
8.11 NETCONF
8.12 NETCONF Capabilities Exchange
8.13 RESTCONF
8.14 gRPC
8.15 Challenge




Section 9:
Cisco ASA REST API
9.1 Introduction
9.2 Cisco ASA REST API Overview
9.3 REST API Agent Pre-requisites
9.4 Cisco ASA REST API Documentation and Console
9.5 Cisco ASA REST API Examples
9.6 Challenge




Section 10:
NX-OS Programmability
10.1 Introduction
10.2 Nexus Programmability Overview
10.3 NX-API CLI—Part 1
10.4 NX-API Developer Sandbox
10.5 NX-API CLI—Part 2
10.6 NETCONF
10.7 NX-API REST
10.8 Python on the Nexus Switch
10.9 Using Python on the Nexus Switch
10.10 Challenge




Section 11:
Cisco IOS XE APIs
11.1 Introduction
11.2 Cisco IOS XE APIs Overview
11.3 IOS XE RESTCONF API
11.4 IOS XE NETCONF API
11.5 Challenge




Section 12:
Cisco IOS XR APIs
12.1 Introduction
12.2 IOS XR NETCONF APIs
12.3 Challenge




Section 13:
Securing the Management Plane
13.1 Introduction
13.2 Management Plane
13.3 Access Control Lists
13.4 Challenge




Section 14:
YANG Data Modeling
14.1 Introduction
14.2 YANG Overview
14.3 YANG Module
14.4 YANG Module Header
14.5 YANG Leaf Statement
14.6 YANG Leaf-List Statement
14.7 YANG List Statements
14.8 Putting Things Together
14.9 YANG Types
14.10 YANG Typedef Statement
14.11 YANG Choice Statement
14.12 YANG Grouping Statement
14.13 YANG Miscellaneous Statements
14.14 YANG RPC Statement
14.15 YANG Imports and Includes
14.16 YANG Modules and Submodules
14.17 YANG Model Examples
14.18 Challenge




Section 15:
YANG Tools
15.1 Introduction
15.2 YANG Validator
15.3 Validating YANG Models Using Yang Validator
15.4 pyang
15.5 Viewing and Validating YANG Models with pyang
15.6 Writing a Custom YANG Model
15.7 YANG Development Kit
15.8 YDK-Py API Structure
15.9 Generate Python Bindings with ydk-gen
15.10 YANG Explorer
15.11 Navigating YANG Explorer
15.12 References
15.13 Challenge




Section 16:
Introduction to Controller Networking
16.1 Introduction
16.2 Origins of Controller Based Networking
16.3 OpenFlow
16.4 OpenFlow Deployment Models
16.5 Challenge




Section 17:
OpenDaylight
17.1 Introduction
17.2 OpenDaylight Overview
17.3 OpenDaylight Architecture
17.4 OpenDaylight Use Cases
17.5 Challenge




Section 18:
Cisco APIC-EM
18.1 Introduction
18.2 APIC-EM Overview
18.3 APIC-EM Platform Architecture
18.4 Network Discovery Configuration
18.5 Performing APIC-EM Tasks
18.6 APIC-EM Network Discovery and RBAC
18.7 APIC-EM Applications
18.8 APIC-EM APIs
18.9 Consuming the APIC-EM API
18.10 Challenge




Section 19:
Cisco Application Centric Infrastructure
19.1 Introduction
19.2 ACI Overview
19.3 ACI Fabric Discovery
19.4 Creating Objects with APIC GUI
19.5 ACI Object Model
19.6 Navigating the Object Model
19.7 APIC REST API
19.8 Using API Inspector
19.9 Using Postman REST Client
19.10 Cobra SDK
19.11 Arya
19.12 Using ARYA
19.13 ACI Toolkit
19.14 ACI Toolkit Applications — CLI
19.15 CLI Emulation
19.16 ACI Toolkit Applications — Diagrams Tool
19.17 ACI Diagram Tool
19.18 ACI Toolkit Applications — Lint
19.19 ACI Toolkit — Lint
19.20 ACI Toolkit Applications — Cable Plan
19.21 ACI Toolkit Applications — Event Feeds
19.22 ACI Toolkit Applications — Fake APIC
19.23 Using the APIC REST API
19.24 Challenge




Section 20:
Cisco Element and Domain Managers
20.1 Introduction
20.2 Cisco Virtual Topology System
20.3 Cisco Nexus Data Broker
20.4 Cisco Network Service Orchestrator
20.5 WAN Automation Engine
20.6 Cisco UCS Manager
20.7 Cisco UCS Director
20.8 Challenge




Section 21:
Software Development Methodologies
21.1 Introduction
21.2 Software is Everywhere
21.3 Waterfall
21.4 Lean
21.5 Agile
21.6 Challenge




Section 22:
Introduction to DevOps
22.1 Introduction
22.2 Dev and Ops – The Problem
22.3 DevOps Demystified
22.4 DevOps Tools and Technologies
22.5 Challenge




Section 23:
Version Control
23.1 Introduction
23.2 Version Control Systems
23.3 Overview of Git
23.4 Git Commands
23.5 Git Workflow
23.6 Git Branches
23.7 Using Git
23.8 Collaborating with GitHub
23.9 GitHub Pull Request: Fork and Pull
23.10 Working with Git
23.11 Challenge




Section 24:
Automated Testing
24.1 Introduction
24.2 Network Test Infrastructure
24.3 VIRL
24.4 DevNet
24.5 DevNet Sandbox
24.6 DevNet Learning Labs
24.7 DevNet GitHub
24.8 Network Testing
24.9 Unit Tests
24.10 Integration Testing
24.11 Challenge




Section 25:
Continuous Integration
25.1 Introduction
25.2 Introduction to Continuous Integration
25.3 Travis CI
25.4 Challenge




Section 26:
Configuration Management and Automation Tools
26.1 Introduction
26.2 Configuration Management
26.3 Ansible Overview
26.4 Ansible Base Modules
26.5 Compliance Checks with Ansible
26.6 NXOS Features Modules
26.7 Tenant Provisioning with Ansible
26.8 Puppet
26.9 Puppet Node and Agent
26.10 Final Steps: Puppet Agent Setup
26.11 Challenge
#9
Hey guys


Has anyone run into issues with 40Gb LR over short distances burning out or damaging the optics after a sustained period of time?


This definitely used to happen with 1Gb LX, but with 40Gb I'm not sure the issue is there. Can't find any literature via a quick goog.
#10
This topic has been moved to Home and Small Office Networking.

https://www.networking-forums.com/index.php?topic=1906.0

This subforum is for enterprise/service provider routing and switching discussions, moved to appropriate subforum
#11
Routing and Switching / MOVED: Ip address
September 24, 2017, 05:03:22 AM
This topic has been moved to Home and Small Office Networking.

https://www.networking-forums.com/index.php?topic=1874.0


NOTE: this section is for enterprise / service provider routing and switching discussions, not home/consumer grade questions.
#13
Forum Lobby / Cloud cloud cloud
July 15, 2017, 07:27:28 AM
https://www.crn.com.au/feature/why-australian-companies-reverse-out-of-the-cloud-468197

As the great Ivan Pep keeps saying, the correct answer to any question is.... it depends.

That, and those who don't think things through are going to screw it up (and end up running to consultants who DO think things through. Its not rocket science to start with capturing accurate requirements, which implies an accurate understanding of the current state and the solution(s) on the table...)

This is also why networking is great. You want to get cloudy? Great, more networks. You want to back out of the cloud? Great, more (on-premise) networks. This is not to mention messing around with Azure CLI or cloudformation to do the network IN the cloud :p

This has more detail into the specific case referred to in page 3. Way too much detail, I'm amazed they green-lit publication (3k headcount pet food company in Aust, acquired by overseas, run out of Queensland (as why else would you go to a Brisbane consultancy), can't be too many of them...). Sounds absolutely hilarious and I bet you dollars to donuts that any one of my colleagues would have caught at least 70% of the potential issues within the first 2 requirements gathering rounds.

https://www.crn.com.au/feature/when-a-cloud-migration-goes-horribly-wrong-468196

Magic bullet WANOP solve bad cloud or WAN migration hmmm I've never seen consultancies and an orange vendor starting with R making out like bandits from that ever before... what no free trial? Those monsters.

I really like how our jobs are completely bulletproof due to peoples' inability to behave in a competent fashion, but at the same time I despair for humanity. This isn't rocket fscking science, and I'm sure that the victim company had their engineers screaming out their concerns from day zero, whilst the suits went along to their corporate functions and patted themselves on the back for making decisions about things they know nothing about except for the misleading headline dollar figure in the spreadsheet.
#14
Routing and Switching / leaf-spine ECMP in overlay
July 09, 2017, 06:43:01 PM
Trying to firm up some detailed level understanding re: a reference leaf-spine architecture and the interplay between underlay ECMP, overlay ECMP and multi-path vs add-path, then again for specific address families.


Assume a vendor-C reference design using OSPF underlay and IBGP overlay with RRs (no discussions pls on protocol X vs Y for underlay... lets just assume it is what it is).
Lets assume we are using border gateways, not spine borders (again no religious debates lol).


Let's assume a vanilla leaf-spine underlay where equal metric OSPF routes result in normal ECMP behaviour at the underlay.


Now for the overlay


- Do I even need multi-path on non-border ToRs for purposes of endpoint VXLAN traffic? All destinations are VTEPs, all VTEPs are loopbacks which recurse to equal cost underlay routes and get ECMP via underlay.
- So following on from this, is my assessment correct that the main use of multi-path would be to get multiple paths via BGP to routes that come in from the border i.e. external routes?
- Do I even need PIC Edge i.e. add-path for these border routes? If they are coming in from identical border gateways, translated into iBGP with identical attributes, then multi-path takes care of it? Or just add it on the RRs?
#16
I have a scenario where I'm potentially considering an internet VPN failover (in addition to a standard L3VPN WAN) for a branch site, however, the customer has a stupid ASA at their DC internet.


Its been awhile for me but I recall that you can't do route-based VPNs and are left with old school policy based crypto maps (maybe in latest 9.7 but lets assume that's not feasible, because if we take that open then yeah just GRE and route over it).


What are my options? IP-SLA + PBR/floating statics at the branch side? How about the DC side - how do I get failover from the WAN (separate DC router, obviously) to the ASA if I don't have routing, do I have to use bloody IP-SLA and floating statics etc?
#17
Everything Else in the Data Center / Ansible NXOS
July 03, 2017, 01:46:43 AM
Anyone played around with the latest NXOSv and Ansible?


Is it just me, or the bug reports, or are things horrifically buggy with these particular modules? I never recalled having this kind of mess with Arista or even ios_config/ios_template.


https://github.com/ansible/ansible/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20%20NXOS


I'm having issues such as OSPF flat out not configuring even with static variables in the play using syntax straight copypasta from the documentation, and NXAPI transport not working for some modules (but CLI transport works, and then NXAPI works for other modules....)


Either that or I have suddenly become really crap with ansible syntax
#18
As per the title :)


What exactly is the intersection between BGP add-path and ECMP via maximum-paths?


Add-Paths merely sends the additional number of BGP paths specified between BGP neighbours BUT ECMP behaviour is still governed by maximum-paths plus the usual criteria? (i.e. matching attributes blah blah and blah can't remember exactly but y'all know what I mean)
#19
What the heck are the dlink/netgears/belkins of the world doing when they offer 'QoS' on their home/SOHO grade kit?


- there is only 1 router facing the internet
- there is no control of your upstream egress
- you're dealing often with variable speed links e.g. ADSL or badly contended connections, and I hardly think they got adapative QOS working better than Cisco LOL
- they often claim to be able to QoS downloads, are they shaping the output of the LAN port(s), or playing with TCP windows like Riverbeds, or what?


So how the heck do they 'qos' anything when in a classic enterprise QoS scenario none of the tools are available? You don't control both ends of the link and your carrier isn't participating, you don't even define the overall shaper or queues or anything, WTF


I've noticed for example on my home netgear, if I 'Qos for gaming', it actually shapes my UPLOADS of everything else to 500kb (and its using dumb layer-4 not layer-7 DPI), how the f--k is that QoS