Blog Posts in February 2017
Navigating Complex Data Structures in Ansible Playbooks
Have you ever tried to navigate complex data structures within Ansible playbooks using awkward looping constructs and convoluted map filters?
It might be easier to munge the data structure into a more appropriate format first and then use the munged data in subsequent tasks. Wondering how to do it?
Leaf-and-Spine Fabrics versus Fabric Extenders
One of my readers wondered what the difference between fabric extenders and leaf-and-spine fabrics is:
We are building a new data center for DR and we management is wanting me to put in recommendations to either stick with our current Cisco 7k to 2k ToR FEX solution, or prepare for what seems to be the future of DC in that spine leaf architecture.
Let’s start with “what is leaf-and-spine architecture?”
Newer Docker Networking Options
In the last part of the free Docker Networking Fundamentals webinar Dinesh Dutt described the newer high-performance networking options (Macvlan and Ipvlan) introduced in Docker version 1.12.
Facebook Backpack Behind the Scenes
When Facebook announced 6-pack (their first chassis switch) my reaction was “meh” (as well as “I would love to hear what Brad Hedlund has to say about it”). When Facebook announced Backpack I mostly ignored the announcement. After all, when one of the cloud-scale unicorns starts talking about their infrastructure, what they tell you is usually low on detail and used primarily as talent attracting tool.
NextGenDC: Securing a Hybrid Cloud with Matthias Luft
Imagine you were asked to migrate some of the workloads running in your data center into a public (or managed) cloud. These workloads still have to access the data residing in your data center – a typical hybrid cloud deployment.
Next thing you know you have to deal with your (C)ISO and his/her usual concerns as well as the variety of articles on tech sites stating that "security is the biggest challenge of cloud adoption".
Network Automation and Undifferentiated Heavy Lifting
I got this tweet after publishing the “use Ansible to execute a single command on all routers” blog post (and a few similar comments on the blog post itself)
Or use Python, Netmiko and a simple For loop
I never cease to be amazed by the urge to do undifferentiated heavy lifting in the IT industry.
Q&A: Migrating to Modern Data Center Infrastructure
One of my readers sent me a list of questions after watching some of my videos, starting with a generic one:
While working self within large corporations for a long time, I am asking myself how it will be possible to move from messy infrastructure we grew over the years to a modern architecture.
Usually by building a parallel infrastructure and eventually retiring the old one, otherwise you’ll end up with layers of kludges. Obviously, the old infrastructure will lurk around for years (I know people who use this approach and currently run three generations of infrastructure).
OpenConfig: From Basics to Implementations
In 2013, large-scale cloud providers and ISPs decided they had enough of the glacial IETF process of generating YANG models used to describe device configuration and started OpenConfig – a customer-only initiative that quickly created data models covering typical use cases of the founding members (aka “What Does Google Need”).
More Thoughts on OSPF Forwarding Address
Angelos Vassiliou sent me an interesting lengthy email after I published my OSPF Forwarding Address series (part 1, part 2, part 3, part 4). I asked him whether it’s OK to publish his email together with my responses as a blog post and he gracefully agreed, so here it is.
EVPN: All that Glitters Is Not Gold
Cumulus Linux 3.2 shipped with a rudimentary EVPN implementation and everyone got really excited, including smaller ASIC manufacturers that finally got a control plane for their hardware VTEP functionality.
However, while it’s nice to have EVPN support in Cumulus Linux, the claims of its benefits are sometimes greatly exaggerated.
Use Ansible to Execute a Single Command on All Routers
I was using Ansible playbooks to configure Cisco IOS routers running in VIRL and wanted to extract the router configurations before stopping the simulation.
You can download the playbooks from my Github repository, and here’s how you can run Ansible with VIRL.
Network Automation 101: Featured Webinar in February 2017
The featured webinar in February 2017 is the Network Automation 101 webinar, and the featured video describes the reasons you should be interested in network automation, its basics, and the difference between automation and orchestration.
Video: Simplify BGP Configurations
Running BGP instead of an IGP in your leaf-and-spine fabric sounds interesting (mainly if your fabric is large enough). Configuring a zillion BGP knobs on every box doesn’t.
However, BGP doesn’t have to be complex. In the Simplify BGP Configurations video (part of leaf-and-spine fabric designs webinar) Dinesh Dutt explains how you can make BGP configurations simple and easy-to-understand.
The Unintended Consequences of NSSA Kludges
Remember the kludges needed to make OSPF NSSA areas work correctly? We concluded that saga by showing how the rules of RFC 3101 force a poor ASBR to choose an IP address on one of its OSPF-enabled interfaces as a forwarding address to be used in Type-7 LSA.
What could possibly go wrong with such a “simple” concept?
New Webinar: Automating Network Services
In the next session of Network Automation Use Cases webinar (on Thursday, February 16th) I’ll describe how you could implement automatic deployment of network services, and what you could do to minimize the impact of unintended consequences.
If you attended one of the previous sessions of this webinar, you’re already registered for this one, if not, visit this page and register.
And This Is Why Relying on Linux Makes Sense
Most networking operating systems include a mechanism to roll back device configuration and/or create configuration snapshots. These mechanisms usually work only for the device configuration, but do not include operating system images or other components (example: crypto keys).
Now imagine using RFC 1925 rule 6a and changing the “configuration rollback” problem into “file system snapshot” problem. That’s exactly what Cumulus Linux does in its newest release. Does it make sense? It depends.
Updated: Using Ansible Playbooks with Cisco VIRL
Some of the engineers building Ansible-with-VIRL lab in my Building Network Automation Solutions online course experienced interesting challenges, so I made the how-to instructions more explicit and added a troubleshooting section to the Using Ansible Playbooks with Cisco VIRL document. Hope you’ll find them useful.
Linux Networking Update from NetDev Conference on Software Gone Wild
When I recorded the first podcast with Thomas Graf we both found it so much fun that we decided to do it again. Thomas had attended the NetDev 1.2 conference so when we met in November 2016 we warmed up with What’s NetDev and then started discussing the hot new networking stuff being added to Linux kernel:
Why OSPF Needs Forwarding Address With NSSA Areas
In the previous blog posts I described how OSPF tries to solve some broken designs with Forwarding Address field in Type-5 LSA – a kludge that unnecessarily increases the already too-high complexity of OSPF.
NSSA areas make the whole thing worse: OSPF needs a Forwarding Address in Type-5 LSAs generated from Type-7 LSAs to ensure optimal packet forwarding. Here’s why:
Managing Network Services Configuration with Ansible
In the last few weeks I’ve seen numerous questions along the lines of “how do I manage VLANs on my switch with Ansible”. You can look at this question from two perspectives: the low-level details (which modules do I use, how do I push commands to the box…) or the high-level challenges (how do I make sure actual device state matches desired device state). Obviously I’m interested in the latter.