An automation journey

Once NetDevOps becomes a part of your DNA, you will surely have some code or techniques to mix again and create new features that will significantly enhance your operations, just like this one. On this occasion, the image speak for itself. Every week, I receive a detailed report and a Jira ticket outlining necessary fixes for any deviations. This allows me to monitor the overall status, prioritize the top 10 deviations in each category, and track their progress over time. We’re just beginning with this methodology, but our aim is to expand it by adding more checks and sites. ...

In this case I was trying to identify which DNS resolver would be the best for my infrastructe in remote sites. Usually configuring 8.8.8.8 would be ok, yes is simple, but there are a couple of things going on in the background that deserves some checking if you want to achieve best performance. Which was my case since we have high perfomance robots in the remote sites infrastructure. So the first step is to measure right? If you don’t measure you don’t know if you are improving or even what to improve. ...

Last year was an incredible journey with my network automation projects! I had the opportunity to simplify Network Operations and gain valuable visibility at a low cost by leveraging cloud services to run the code. Welcome to the world of NetDevOps! This time around, I won’t give code details, but I’ll share some of the main ideas. Eureka! Take your time reading because there’s a lot of valuable information here. ...

In my previous 2 posts I played around Linux Networking with the module iproute2. How to configure 1 Linux host with 2 NICs and 2 default gateways How to setup 2 network isolated Docker containers (front-end and back-end) Now that pure routing is done, the next step is iptables, as a Firewall module. I’ve to admit that coming from traditional networking it will be weird, but in this new context of Software Defined “Everything” and Clouds, it is important to get over with it. ...

Making this work might sound crazy, but if Docker has to be comparable in functionalities already provided by other types of virtualization, then this has to work right? Ok, this is the scenario, is a classic one: I need to deploy in one Docker host, 2 isolated containers, let’s say front-end and back-end. The Linux host will have 2 NICs, each one with a different subnet. Each container will use a different NIC and external subnet. For Docker this means 2 docker networks (fe-bridge and be-bridge), which translates to 2 Linux bridges. Traffic between containers is not allowed internally, it has to go to the external network where there is a Firewall. External management traffic will go directly to the containers but each one through its respective physical NIC. And of course, everything is connected to Internet. ...

Historically, it was not possible to have 2 default gateways in a Linux host. You can SEND traffic to both NICs, but the reply will always come from the NIC which has the default gateway. This will generate asymmetric traffic and it will be denied in the network or by the originating host. Asymmetric traffic means that the packets will go back using a different path. In this case by ping to NIC1 the return will be sent by NIC2. ...

Some time ago I was asked for help to develop a “simple and quick” Python script to monitor the status of a Linux service. They were in the middle of a deployment and they needed something fast. They added, keep the result in a JSON file with the date, serve the directory with HTTP for quick view, and finally post it to ELK for graphics. Ok, this looks simple part by part, but the sum ends up in a very complete solution at the same time! ...

In the previous post, we tried Netmiko from: the most basic command to one device, to the whole inventory, and as a bonus filtering devices to stay in a loop to keep throwing command, very useful for troubleshooting scenarios. The timing was already good in comparison to doing it completely manually. Between 6 and 10 seconds per device (in my lab), against long typing minutes. Now we are going to try different options for concurrency. In other words multiprocessing, multithreading (sync and async). ...

Start using Netmiko is easier than you might think. Going from being a pure network guy to network automation with software development skills is NOT easy, and it is a long shot. Usually, people (like me) start with Ansible just because it is easier when you don’t know much about Python. Plus you can get some things done pretty fast. But at some point when you already acquired some Python skills you need to come back to review fundamentals to close the loop. In this case, I will start with Netmiko. Thanks Kirk for this awesome library! He also offers a free Python for network engineers training course <- This is a must! ...

This part of the challenge will cover the setup of the infrastructure at AWS with Terraform, and since I’m a fan of Python I will use/learn FastAPI for web front server effect, plus a picture embedded in the served web page will come from a secured S3 bucket. All of this was part of this great training course Networking in Public Cloud Deployments. We will create all the basic infrastructure from your PC just to follow the training course and gain the fundamental knowledge that we will need for what is to come. ...