A RECAP OF RIPE76

It's May 2018, on the south coast of France. Several hundred people are converging (heh) on Marseille for a week-long event, filled with tech talks, policy, discussions about the future (and past) of the Internet, questions and comments and statements, cheese and a lot of socializing with like-minded people. Below you will find my record and impressions of this trip, together with a few photos and links to other write-ups.

20180530 | net | #conference #notes #story

A TINY FLASK WEBAPP BLUEPRINT

Python scripts are great for getting stuff done (especially repetitive tasks or pulling and aggregating information). In some cases it makes a lot of sense to put a minimal graphical interface on top so that others can enjoy the results of said scripts without having to bother with all the details of actually running it.

20180226 | dev | #automation #howto #linux #python #docker

NX-OSV 9000 AUTOMATION (3)

I've been documenting my quest to make building and destroying a local lab using NXOSv 9000 as painless as possible in part 1 and part 2. This post is pretty much the TL;DR of the series, as in the meantime I figured out the best way to run multiple instances of this image through Vagrant. So here's what I've been using for the past half year together with a few Ansible playbooks to perform some basic but very necessary tasks.

20180205 | net | #cisco #nexus #automation #howto #labs

DOCKER OVERLAYS ON CISCO ACI

I started the new year troubleshooting Docker Overlay network traffic pushed through a Cisco ACI fabric that was not working despite physical connectivity and contracts being in place. Or so we thought... as VXLAN encapsulated packets (used by Docker overlays) do not follow the usual expected pattern.

20180104 | net | #cisco #dc #docker #linux #tshoot

NOTES: DOCKER NETWORKING

I've been having a lot of fun recently with Docker containers, from packaging and running my own Python scripts, to building the Pocket Internet proof of concept at the recent RIPE Hackathon and, finally, designing a solution for integrating a multi-datacentre, multi-environment Docker Swarm with a Cisco ACI fabric and the rest of the network for one of my customers. Below you will find my notes accumulated from going through official documentation, blog posts and experimentation in the lab.

20171127 | sys | #docker #notes #linux

NX-OSV 9000 AUTOMATION (2)

In part one of this series we looked at starting up a couple of Nexus9000v machines using a tool called vagrant. It went OK, but we had some unfinished business. In this post we'll look at how I try to address the MAC address issues and run my first ansible playbook against this lab.

20170623 | net | #cisco #nexus #automation #howto #labs

NX-OSV 9000 AUTOMATION (1)

A recent tweet caught my eye: a new version of NX-OSv was available, together with instructions on setting it up in vagrant. Very good timing too, as I'm building automation (a bit of orchestration and a lot of validation) for a couple projects including for both the 7K and the 9K flavours of NX-API and could really use a decent machine-local lab.

20170531 | net | #cisco #nexus #automation #howto #labs

PYTHON AND GIT ON WINDOWS

I do most of my development under Linux so I have python out of the box and git is only an apt install away. But recently a colleague needed to generate configs based on templates built by yours truly (Jinja2 syntax) so I pointed him at my gencfg script on GitHub. What I realized only later was that he only had a Windows machine and no idea how to create an environment to fetch repositories, install dependencies and run python scripts. Let's fix that.

20170317 | dev | #howto #windows #python #automation

DMVPN-OVER-MOBILE BLUES

It all started a while ago with a log message found on the hub of a large DMVPN/IPSEC deployment over mobile Internet connections. Given the increasing number of deployments that use the Internet as a cheaper, faster WAN for either primary or backup, I thought it would be useful to document the problems and the two main solutions.

20170211 | net | #cisco #routing #wan #tshoot

DEFINING AN IMPROVED WAN

In the past couple of years I've had quite a bit of exposure to customers with large WANs in various industries (many non-IT centric) - with xDSL and DMVPN/FlexVPN playing a big role alongside simpler things like fibre based L3VPN and Internet access.

Depending on customer requirements, WAN solutions can range from simple to CCIE lab worthy (and I've seen …

20161102 | net | #wan #design

SSL PERFORMANCE

In a recent discussion with fellow network engineers about encryption in a DC network, I made an observation that in some cases it might be better to simply enforce end-to-end encryption directly between applications rather than in the underlying infrastructure (MACsec, IPSEC etc.).

Looking at MACsec for example, as crypto is done by the ASIC, the general opinion was that …

20160926 | net | #crypto #dc

AUTOMATION, ONE STEP AT A TIME (1)

Not long ago I did a short demo at the sixth iNOG meeting, which saw around one hundred netengs get together at Facebook's Dublin HQ for an amazing evening. The point of the demo was to show people to how easy it is to write a bit of code to quickly generate device configuration from a template.

20160324 | dev | #conference #python #automation