SlideShare a Scribd company logo

Network Automation with Salt and NAPALM: a self-resilient network

APNIC
APNIC

Presentation by Mircea Ulinic at APRICOT 2017 on Tuesday, 28 February 2017.

Internet
1 of 35
Download to read offline
Network Automation with Salt and NAPALM Mircea Ulinic Cloudflare, London APRICOT 2017 Ho Chi Minh City, VN 1 A self-resilient network
2 Cloudflare (a quick background) ● Once a website is part of the Cloudflare community, its web traffic is routed through our global network of 100+ locations ● How big? ○ Four+ million zones/domains ○ Authoritative for ~40% of Alexa top 1 million ○ 43+ billion DNS queries/day ■ Second only to Verisign ● 100+ anycast locations globally ○ 49 countries (and growing) ● Origin CA
Why automate? ● Deploy new PoPs ● Human error factor ● Replace equipment ● Monitor ● Much faster recovery 3
Automation framework requirements ● Very scalable ● Concurrency ● Easily configurable & customizable ● Config verification & enforcement ● Periodically collect statistics ● Native caching and drivers for useful tools 4
Why Salt? 5
Orchestration vs. Automation https://flic.kr/p/5EQe2dCC BY 2.0 6
7 Orchestrator E.g.: Salt Configuration management only E.g.: Ansible ● Long standing sessions ● Real-time job ● Job scheduling ● REST API ● High Availability ● GPG encryption ● Pull from Git, SVN ● open/close session per module ● Real-time job (Tower: $$) ● Job Scheduling (Tower: $$) ● REST API (Ansible Tower: $$) ● HA (Ansible Tower: $$) ● Security (Tower: $$) ● Pull from Git, SVN (Tower, $$)
Salt at Cloudflare: used for years Multiple thousands of servers managed by Salt Same tool for both servers and net devices 8
Why NAPALM? 9 NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) https://github.com/napalm-automation
10
11 NAPALM integrated in SaltStack https://docs.saltstack.com/en/develop/topics/releases/2016.11.0.html
Network automation in two steps 1. Install 2. Use 12
NAPALM-Salt (examples): 1. salt “edge*” net.traceroute 8.8.8.8 2. salt -N EU transit.disable telia # disable Telia in EU 3. salt -G “os:junos” net.cli “show version” 4. salt -C “os:iosxr and version:6.0.2” net.arp 5. salt -G “model:MX480” probes.results 6. salt -I “type:router” ntp.set_peers 10.1.130.10 10.1.130.18 10.1.130.22 13 Targeting minions: https://docs.saltstack.com/en/latest/topics/targeting/index.html
Abstracting configurations protocols { bgp { group 4-PUBLIC-ANYCAST-PEERS { neighbor 192.168.0.1 { description "Amazon [WW HOSTING ANYCAST]"; family inet { unicast { prefix-limit { maximum 500; } } peer-as 16509; } } } router bgp 13335 neighbor 192.168.0.1 remote-as 16509 use neighbor-group 4-PUBLIC-ANYCAST-PEERS description "Amazon [WW HOSTING ANYCAST]" address-family ipv4 unicast maximum-prefix 500 bgp.neighbor: ip: 192.168.0.1 group: 4-PUBLIC-ANYCAST-PEERS description: "Amazon [WW HOSTING ANYCAST]" remote_as: 16509 prefix_limit: 500 Abstracted 14
Example ● Edge router with 1000 BGP peers ● Device is manufactured by VendorA ● Replaced by a device from VendorB 15
Most network engineers 16
Us 17 proxy: driver: VendorA proxytype: napalm host: edge01.sgn01 username: apricot passwd: xxxx proxy: driver: VendorB proxytype: napalm host: edge01.sgn01 username: apricot passwd: xxxx vi /etc/salt/pillar/edge01_sgn01.sls More about pillars: https://docs.saltstack.com/en/latest/topics/pillar/
Scheduled operations - all integrated! 18 2071) "traceroute:edge01.sjc01-edge01.lhr01-Tata-4" 2072) "traceroute:edge01.iad02-edge01.sjc01-GTT-4" 2074) "traceroute:edge01.fra03-edge01.sea01-Cogent-4" 2075) "traceroute:edge01.yul01-edge01.lax01-Cogent-4" 2076) "traceroute:edge01.zrh01-edge01.fra03-GTT-4" 2077) "traceroute:edge01.mxp01-edge01.ams01-GTT-4" 2078) "traceroute:edge01.mia01-edge01.lhr01-GTT-4" 2079) "traceroute:edge01.msp01-edge01.scl01-Telefonica-4" 2080) "traceroute:edge01.fra03-edge01.mia01-Telia-4" 2081) "traceroute:edge01.lim01-edge01.scl01-Telefonica-4" 2082) "traceroute:edge01.arn01-edge01.mia01-GTT-4" 2083) "traceroute:edge01.prg01-edge01.lax01-GTT-4" 2084) "traceroute:edge01.osl01-edge01.lhr01-GTT-4" # Redis details: redis.host: localhost redis.port: 6379 # Schedulers schedule: traceroute_runner: function: traceroute.collect hours: 4
Maintain configuration updated 19 schedule: ntp_config: function: state.sls args: router.ntp returner: smtp days: 1 bgp_config: function: state.sls args: router.bgp hours: 2 probes_config: function: state.sls args: router.probes days: 3 users_config: function: state.sls args: router.users returner: hipchat weeks: 1 ntp.peers: - 10.1.130.22 - 10.1.130.18 - 10.1.128.10 - 10.1.131.10 - 10.1.132.10 - 10.2.52.10 - 10.2.48.10 - 10.2.55.10 - 10.2.50.10 - 10.2.56.10 Define NTP peers in the Pillar Schedule config enforcement checks More about states: https://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
20
A self-resilient network 21
Monitoring carriers (transit providers) mircea@re0.edge01.sgn01> show configuration services rpm | display set | match 1299 | match probe-type set services rpm probe transit test t-edge01.scl01-1299-12956-4 probe-type icmp-ping set services rpm probe transit test t-edge01.eze01-1299-6762-4 probe-type icmp-ping set services rpm probe transit test t-edge01.lax01-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.eze01-1299-12956-4 probe-type icmp-ping set services rpm probe transit test t-edge01.mia01-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.lhr01-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.ams01-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.fra03-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.iad02-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.sea01-1299-1299-4 probe-type icmp-ping JunOS: RPM https://www.juniper.net/documentation/en_US/junos12.1x46/topics/concept/security-rpm-overview.html IOS-XR: ISPLA http://www.cisco.com/c/en/us/td/docs/ios/ipsla/command/reference/sla_book/sla_02.html 22
How many probes? $ sudo salt-run transits.probes show_count=True Generated 7248 probes. Generated using: ● net.ipaddrs ● net.interfaces ● bgp.neighbors ● bgp.config All integrated by default in SaltStack. 23
How are they installed? $ sudo salt ‘edge*’ state.sls router.probes edge01.sgn01: ---------- ID: cf_probes Function: probes.managed Result: True Comment: Configuration updated Started: 23:00:17.228171 Duration: 10.206 s Changes: ---------- added: ---------- transit: ---------- t-edge01.sjc01-1299-1299-4: ---------- probe_count: 15 probe_type: icmp-ping source: 1.2.3.4 target: 5.6.7.8 test_interval: 3 removed: ---------- updated: ---------- $ cat /etc/salt/pillar/probes_edge01_sgn01.sls probes.config: transit: t-edge01.sjc01-1299-1299-4: source: 1.2.3.4 target: 5.6.7.8 t-edge01.den01-1299-1299-4: source: 10.11.12.13 target: 14.15.16.17 t-edge01.den01-174-174-4: source: 18.19.20.21 target: 22.23.24.25 t-edge01.den01-4436-4436-4: source: 26.27.28.29 target: 30.31.32.33 24
Spaghetti 25
Retrieving probes results $ sudo salt ‘edge*’ probes.results edge01.sgn01: ---------- out: ---------- transit: ---------- t-edge01.sjc01-1299-1299-4: ---------- current_test_avg_delay: 24.023 current_test_max_delay: 28.141 current_test_min_delay: 23.278 global_test_avg_delay: 23.936 global_test_max_delay: 480.576 global_test_min_delay: 23.105 26
The Internet (during a good day) 27
But usually the Internet looks like that 28
Self-resilient network 29
Self-resilient network: HipChat alerts 30
How often? 1688 request-reply pairs during a random window of 7 days ~ 120 config changes / day in average 0 human intervention 31
How can you use it? # apt-get install salt-master (install guide) # pip install napalm Examples: https://github.com/napalm-automation/napalm-salt 32
How can you contribute? ● NAPALM Automation: https://github.com/napalm-automation ● SaltStack https://github.com/saltstack/salt 33
Need help/advice? Join https://networktocode.herokuapp.com/ rooms: #saltstack #napalm By email: ● Mircea Ulinic: mircea@cloudflare.com ● Jerome Fleury: jf@cloudflare.com 34
Questions 35 By email: ● Mircea Ulinic: mircea@cloudflare.com ● Jerome Fleury: jf@cloudflare.com ?

Recommended

2015.7.17 JANOG36 BGP Flowspec Interoperability Test @ Interop Tokyo 2015 Sho...
2015.7.17 JANOG36 BGP Flowspec Interoperability Test @ Interop Tokyo 2015 Sho...2015.7.17 JANOG36 BGP Flowspec Interoperability Test @ Interop Tokyo 2015 Sho...
2015.7.17 JANOG36 BGP Flowspec Interoperability Test @ Interop Tokyo 2015 Sho...Shuichi Ohkubo
 
OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?Yongyoon Shin
 
flowspec @ APF 2013
flowspec @ APF 2013flowspec @ APF 2013
flowspec @ APF 2013Tom Paseka
 
BKK16-410 SoC Idling & CPU Cluster PM
BKK16-410 SoC Idling & CPU Cluster PMBKK16-410 SoC Idling & CPU Cluster PM
BKK16-410 SoC Idling & CPU Cluster PMLinaro
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Netwax Lab
 
Eincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsEincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsNetwax Lab
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunkingNetwax Lab
 
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OpenvSwitch
 

Recommended

2015.7.17 JANOG36 BGP Flowspec Interoperability Test @ Interop Tokyo 2015 Sho...
2015.7.17 JANOG36 BGP Flowspec Interoperability Test @ Interop Tokyo 2015 Sho...2015.7.17 JANOG36 BGP Flowspec Interoperability Test @ Interop Tokyo 2015 Sho...
2015.7.17 JANOG36 BGP Flowspec Interoperability Test @ Interop Tokyo 2015 Sho...Shuichi Ohkubo
 
OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?Yongyoon Shin
 
flowspec @ APF 2013
flowspec @ APF 2013flowspec @ APF 2013
flowspec @ APF 2013Tom Paseka
 
BKK16-410 SoC Idling & CPU Cluster PM
BKK16-410 SoC Idling & CPU Cluster PMBKK16-410 SoC Idling & CPU Cluster PM
BKK16-410 SoC Idling & CPU Cluster PMLinaro
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Netwax Lab
 
Eincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsEincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsNetwax Lab
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunkingNetwax Lab
 
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OpenvSwitch
 
LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OpenvSwitch
 
Nxll26 bgp ii
Nxll26 bgp iiNxll26 bgp ii
Nxll26 bgp iiNetwax Lab
 
Eincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiEincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiNetwax Lab
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6Netwax Lab
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iiiNetwax Lab
 
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructure
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructurePilot Use Case 3: BoD services over the intercontinental FIBRE infrastructure
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructureFIBRE Testbed
 
BKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleBKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleLinaro
 
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric Vanderburg
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric VanderburgCCNA Routing and Switching Lesson 06 - IOS Basics - Eric Vanderburg
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric VanderburgEric Vanderburg
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
BKK16-400A LuvOS and ACPI Compliance Testing
BKK16-400A LuvOS and ACPI Compliance TestingBKK16-400A LuvOS and ACPI Compliance Testing
BKK16-400A LuvOS and ACPI Compliance TestingLinaro
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OpenvSwitch
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성Woo Hyung Choi
 
Ixiaexplorer
IxiaexplorerIxiaexplorer
Ixiaexplorernlekh
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Netwax Lab
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep diveTrinath Somanchi
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionNetwax Lab
 
Eincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiEincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiNetwax Lab
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNTe-Yen Liu
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiNetwax Lab
 
Using Altera Signal tap
Using Altera Signal tapUsing Altera Signal tap
Using Altera Signal tapRafe Husain
 
The Death of Transit and Beyond
The Death of Transit and BeyondThe Death of Transit and Beyond
The Death of Transit and BeyondAPNIC
 

More Related Content

What's hot

LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OpenvSwitch
 
Eincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiEincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiNetwax Lab
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iiiNetwax Lab
 
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructure
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructurePilot Use Case 3: BoD services over the intercontinental FIBRE infrastructure
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructureFIBRE Testbed
 
BKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleBKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleLinaro
 
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric Vanderburg
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric VanderburgCCNA Routing and Switching Lesson 06 - IOS Basics - Eric Vanderburg
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric VanderburgEric Vanderburg
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
BKK16-400A LuvOS and ACPI Compliance Testing
BKK16-400A LuvOS and ACPI Compliance TestingBKK16-400A LuvOS and ACPI Compliance Testing
BKK16-400A LuvOS and ACPI Compliance TestingLinaro
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OpenvSwitch
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Ixiaexplorer
IxiaexplorerIxiaexplorer
Ixiaexplorernlekh
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Netwax Lab
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep diveTrinath Somanchi
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionNetwax Lab
 
Eincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiEincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiNetwax Lab
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNTe-Yen Liu
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiNetwax Lab
 

What's hot (20)

LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.
 
Nxll26 bgp ii
Nxll26 bgp iiNxll26 bgp ii
Nxll26 bgp ii
 
Eincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiEincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iii
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iii
 
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructure
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructurePilot Use Case 3: BoD services over the intercontinental FIBRE infrastructure
Pilot Use Case 3: BoD services over the intercontinental FIBRE infrastructure
 
BKK16-502 Suspend to Idle
BKK16-502 Suspend to IdleBKK16-502 Suspend to Idle
BKK16-502 Suspend to Idle
 
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric Vanderburg
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric VanderburgCCNA Routing and Switching Lesson 06 - IOS Basics - Eric Vanderburg
CCNA Routing and Switching Lesson 06 - IOS Basics - Eric Vanderburg
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack Neutron
 
BKK16-400A LuvOS and ACPI Compliance Testing
BKK16-400A LuvOS and ACPI Compliance TestingBKK16-400A LuvOS and ACPI Compliance Testing
BKK16-400A LuvOS and ACPI Compliance Testing
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitch
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
 
Ixiaexplorer
IxiaexplorerIxiaexplorer
Ixiaexplorer
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep dive
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: Redistribution
 
Eincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiEincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List ii
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDN
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking ii
 

Viewers also liked

Using Altera Signal tap
Using Altera Signal tapUsing Altera Signal tap
Using Altera Signal tapRafe Husain
 
The Death of Transit and Beyond
The Death of Transit and BeyondThe Death of Transit and Beyond
The Death of Transit and BeyondAPNIC
 
Running a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneRunning a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneAPNIC
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Securing Internet Routing: RPSL & RPKI
Securing Internet Routing: RPSL & RPKISecuring Internet Routing: RPSL & RPKI
Securing Internet Routing: RPSL & RPKIAPNIC
 
EMC World 2016 - Deep Dive with Mesos and Persistent Storage for Applications
EMC World 2016 - Deep Dive with Mesos and Persistent Storage for ApplicationsEMC World 2016 - Deep Dive with Mesos and Persistent Storage for Applications
EMC World 2016 - Deep Dive with Mesos and Persistent Storage for ApplicationsDavid vonThenen
 
Getting started with the JNI
Getting started with the JNIGetting started with the JNI
Getting started with the JNIKirill Kounik
 
Internet Resource Management (IRM) & Internet Routing Registry (IRR)
Internet Resource Management (IRM) & Internet Routing Registry (IRR)Internet Resource Management (IRM) & Internet Routing Registry (IRR)
Internet Resource Management (IRM) & Internet Routing Registry (IRR)APNIC
 
OpenFlow Aware Network Processor
OpenFlow Aware Network ProcessorOpenFlow Aware Network Processor
OpenFlow Aware Network ProcessorMahesh Dananjaya
 
Prepping Your Engineering Candidates to Reduce Your False Negatives
Prepping Your Engineering Candidates to Reduce Your False NegativesPrepping Your Engineering Candidates to Reduce Your False Negatives
Prepping Your Engineering Candidates to Reduce Your False NegativesGayle McDowell
 
SCaLE 15x - How Container Schedulers and Software-Defined Storage will Change...
SCaLE 15x - How Container Schedulers and Software-Defined Storage will Change...SCaLE 15x - How Container Schedulers and Software-Defined Storage will Change...
SCaLE 15x - How Container Schedulers and Software-Defined Storage will Change...David vonThenen
 
Minimum Viable FIB
Minimum Viable FIBMinimum Viable FIB
Minimum Viable FIBAPNIC
 
Cracking the Algorithm & Coding Interview
Cracking the Algorithm & Coding InterviewCracking the Algorithm & Coding Interview
Cracking the Algorithm & Coding InterviewGayle McDowell
 
Logging/Request Tracing in Distributed Environment
Logging/Request Tracing in Distributed EnvironmentLogging/Request Tracing in Distributed Environment
Logging/Request Tracing in Distributed EnvironmentAPNIC
 
First few months with Kotlin - Introduction through android examples
First few months with Kotlin - Introduction through android examplesFirst few months with Kotlin - Introduction through android examples
First few months with Kotlin - Introduction through android examplesNebojša Vukšić
 
Umbrella Fabric/IXP SDN OpenFlow: The TouiX to TouSIX Experience
Umbrella Fabric/IXP SDN OpenFlow: The TouiX to TouSIX ExperienceUmbrella Fabric/IXP SDN OpenFlow: The TouiX to TouSIX Experience
Umbrella Fabric/IXP SDN OpenFlow: The TouiX to TouSIX ExperienceAPNIC
 
The Proto-Burst Buffer: Experience with the flash-based file system on SDSC's...
The Proto-Burst Buffer: Experience with the flash-based file system on SDSC's...The Proto-Burst Buffer: Experience with the flash-based file system on SDSC's...
The Proto-Burst Buffer: Experience with the flash-based file system on SDSC's...Glenn K. Lockwood
 
Journey to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for MobilesJourney to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for MobilesAPNIC
 
How to Interview Like Google (But Better) - SVCC
How to Interview Like Google (But Better) - SVCCHow to Interview Like Google (But Better) - SVCC
How to Interview Like Google (But Better) - SVCCGayle McDowell
 

Viewers also liked (20)

Using Altera Signal tap
Using Altera Signal tapUsing Altera Signal tap
Using Altera Signal tap
 
The Death of Transit and Beyond
The Death of Transit and BeyondThe Death of Transit and Beyond
The Death of Transit and Beyond
 
Running a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root ZoneRunning a Local Copy of the DNS Root Zone
Running a Local Copy of the DNS Root Zone
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
 
Securing Internet Routing: RPSL & RPKI
Securing Internet Routing: RPSL & RPKISecuring Internet Routing: RPSL & RPKI
Securing Internet Routing: RPSL & RPKI
 
The Awesomeness of Go
The Awesomeness of GoThe Awesomeness of Go
The Awesomeness of Go
 
EMC World 2016 - Deep Dive with Mesos and Persistent Storage for Applications
EMC World 2016 - Deep Dive with Mesos and Persistent Storage for ApplicationsEMC World 2016 - Deep Dive with Mesos and Persistent Storage for Applications
EMC World 2016 - Deep Dive with Mesos and Persistent Storage for Applications
 
Getting started with the JNI
Getting started with the JNIGetting started with the JNI
Getting started with the JNI
 
Internet Resource Management (IRM) & Internet Routing Registry (IRR)
Internet Resource Management (IRM) & Internet Routing Registry (IRR)Internet Resource Management (IRM) & Internet Routing Registry (IRR)
Internet Resource Management (IRM) & Internet Routing Registry (IRR)
 
OpenFlow Aware Network Processor
OpenFlow Aware Network ProcessorOpenFlow Aware Network Processor
OpenFlow Aware Network Processor
 
Prepping Your Engineering Candidates to Reduce Your False Negatives
Prepping Your Engineering Candidates to Reduce Your False NegativesPrepping Your Engineering Candidates to Reduce Your False Negatives
Prepping Your Engineering Candidates to Reduce Your False Negatives
 
SCaLE 15x - How Container Schedulers and Software-Defined Storage will Change...
SCaLE 15x - How Container Schedulers and Software-Defined Storage will Change...SCaLE 15x - How Container Schedulers and Software-Defined Storage will Change...
SCaLE 15x - How Container Schedulers and Software-Defined Storage will Change...
 
Minimum Viable FIB
Minimum Viable FIBMinimum Viable FIB
Minimum Viable FIB
 
Cracking the Algorithm & Coding Interview
Cracking the Algorithm & Coding InterviewCracking the Algorithm & Coding Interview
Cracking the Algorithm & Coding Interview
 
Logging/Request Tracing in Distributed Environment
Logging/Request Tracing in Distributed EnvironmentLogging/Request Tracing in Distributed Environment
Logging/Request Tracing in Distributed Environment
 
First few months with Kotlin - Introduction through android examples
First few months with Kotlin - Introduction through android examplesFirst few months with Kotlin - Introduction through android examples
First few months with Kotlin - Introduction through android examples
 
Umbrella Fabric/IXP SDN OpenFlow: The TouiX to TouSIX Experience
Umbrella Fabric/IXP SDN OpenFlow: The TouiX to TouSIX ExperienceUmbrella Fabric/IXP SDN OpenFlow: The TouiX to TouSIX Experience
Umbrella Fabric/IXP SDN OpenFlow: The TouiX to TouSIX Experience
 
The Proto-Burst Buffer: Experience with the flash-based file system on SDSC's...
The Proto-Burst Buffer: Experience with the flash-based file system on SDSC's...The Proto-Burst Buffer: Experience with the flash-based file system on SDSC's...
The Proto-Burst Buffer: Experience with the flash-based file system on SDSC's...
 
Journey to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for MobilesJourney to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for Mobiles
 
How to Interview Like Google (But Better) - SVCC
How to Interview Like Google (But Better) - SVCCHow to Interview Like Google (But Better) - SVCC
How to Interview Like Google (But Better) - SVCC
 

Similar to Network Automation with Salt and NAPALM: a self-resilient network

Network Automation with Salt and NAPALM: a self-resilient network
Network Automation with Salt and NAPALM: a self-resilient networkNetwork Automation with Salt and NAPALM: a self-resilient network
Network Automation with Salt and NAPALM: a self-resilient networkCloudflare
 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationAPNIC
 
Network Automation with Salt and NAPALM: Introuction
Network Automation with Salt and NAPALM: IntrouctionNetwork Automation with Salt and NAPALM: Introuction
Network Automation with Salt and NAPALM: IntrouctionCloudflare
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
 
Apache Pulsar with MQTT for Edge Computing - Pulsar Summit Asia 2021
Apache Pulsar with MQTT for Edge Computing - Pulsar Summit Asia 2021Apache Pulsar with MQTT for Edge Computing - Pulsar Summit Asia 2021
Apache Pulsar with MQTT for Edge Computing - Pulsar Summit Asia 2021StreamNative
 
Salt for Network Engineers
Salt for Network EngineersSalt for Network Engineers
Salt for Network EngineersAndrew Dampf
 
Martin Zeiser, Universal Pwn n Play - pacsec -final
Martin Zeiser, Universal Pwn n Play - pacsec -finalMartin Zeiser, Universal Pwn n Play - pacsec -final
Martin Zeiser, Universal Pwn n Play - pacsec -finalPacSecJP
 
Extensible Messaging and Presence Protocol (XMPP)
Extensible Messaging and Presence Protocol (XMPP)Extensible Messaging and Presence Protocol (XMPP)
Extensible Messaging and Presence Protocol (XMPP)Sean Tsai
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsBangladesh Network Operators Group
 
HTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF serversHTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF serversJean-Frederic Clere
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPROIDEA
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1n|u - The Open Security Community
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingTimothy Spann
 
2pm-Wilson-Wang-5G-Mobile-Platform-with-P4-Enabled-Network-Slicing-and-MEC.pdf
2pm-Wilson-Wang-5G-Mobile-Platform-with-P4-Enabled-Network-Slicing-and-MEC.pdf2pm-Wilson-Wang-5G-Mobile-Platform-with-P4-Enabled-Network-Slicing-and-MEC.pdf
2pm-Wilson-Wang-5G-Mobile-Platform-with-P4-Enabled-Network-Slicing-and-MEC.pdfHngDngc
 
Dynamic Classification in a Silicon-Based Forwarding Engine
Dynamic Classification in a Silicon-Based Forwarding EngineDynamic Classification in a Silicon-Based Forwarding Engine
Dynamic Classification in a Silicon-Based Forwarding EngineTal Lavian Ph.D.
 

Similar to Network Automation with Salt and NAPALM: a self-resilient network (20)

Network Automation with Salt and NAPALM: a self-resilient network
Network Automation with Salt and NAPALM: a self-resilient networkNetwork Automation with Salt and NAPALM: a self-resilient network
Network Automation with Salt and NAPALM: a self-resilient network
 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and Orchestration
 
Network Automation with Salt and NAPALM: Introuction
Network Automation with Salt and NAPALM: IntrouctionNetwork Automation with Salt and NAPALM: Introuction
Network Automation with Salt and NAPALM: Introuction
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
 
Apache Pulsar with MQTT for Edge Computing - Pulsar Summit Asia 2021
Apache Pulsar with MQTT for Edge Computing - Pulsar Summit Asia 2021Apache Pulsar with MQTT for Edge Computing - Pulsar Summit Asia 2021
Apache Pulsar with MQTT for Edge Computing - Pulsar Summit Asia 2021
 
Salt for Network Engineers
Salt for Network EngineersSalt for Network Engineers
Salt for Network Engineers
 
Martin Zeiser, Universal Pwn n Play - pacsec -final
Martin Zeiser, Universal Pwn n Play - pacsec -finalMartin Zeiser, Universal Pwn n Play - pacsec -final
Martin Zeiser, Universal Pwn n Play - pacsec -final
 
Extensible Messaging and Presence Protocol (XMPP)
Extensible Messaging and Presence Protocol (XMPP)Extensible Messaging and Presence Protocol (XMPP)
Extensible Messaging and Presence Protocol (XMPP)
 
Otimizando servidores web
Otimizando servidores webOtimizando servidores web
Otimizando servidores web
 
Stun turn poc_pilot
Stun turn poc_pilotStun turn poc_pilot
Stun turn poc_pilot
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for Operators
 
Template
TemplateTemplate
Template
 
HTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF serversHTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF servers
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2
 
Go with the Flow
Go with the Flow Go with the Flow
Go with the Flow
 
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networks
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
 
2pm-Wilson-Wang-5G-Mobile-Platform-with-P4-Enabled-Network-Slicing-and-MEC.pdf
2pm-Wilson-Wang-5G-Mobile-Platform-with-P4-Enabled-Network-Slicing-and-MEC.pdf2pm-Wilson-Wang-5G-Mobile-Platform-with-P4-Enabled-Network-Slicing-and-MEC.pdf
2pm-Wilson-Wang-5G-Mobile-Platform-with-P4-Enabled-Network-Slicing-and-MEC.pdf
 
Dynamic Classification in a Silicon-Based Forwarding Engine
Dynamic Classification in a Silicon-Based Forwarding EngineDynamic Classification in a Silicon-Based Forwarding Engine
Dynamic Classification in a Silicon-Based Forwarding Engine
 

More from APNIC

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 

More from APNIC (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 

Recently uploaded

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 

Network Automation with Salt and NAPALM: a self-resilient network

  • 1. Network Automation with Salt and NAPALM Mircea Ulinic Cloudflare, London APRICOT 2017 Ho Chi Minh City, VN 1 A self-resilient network
  • 2. 2 Cloudflare (a quick background) ● Once a website is part of the Cloudflare community, its web traffic is routed through our global network of 100+ locations ● How big? ○ Four+ million zones/domains ○ Authoritative for ~40% of Alexa top 1 million ○ 43+ billion DNS queries/day ■ Second only to Verisign ● 100+ anycast locations globally ○ 49 countries (and growing) ● Origin CA
  • 3. Why automate? ● Deploy new PoPs ● Human error factor ● Replace equipment ● Monitor ● Much faster recovery 3
  • 4. Automation framework requirements ● Very scalable ● Concurrency ● Easily configurable & customizable ● Config verification & enforcement ● Periodically collect statistics ● Native caching and drivers for useful tools 4
  • 7. 7 Orchestrator E.g.: Salt Configuration management only E.g.: Ansible ● Long standing sessions ● Real-time job ● Job scheduling ● REST API ● High Availability ● GPG encryption ● Pull from Git, SVN ● open/close session per module ● Real-time job (Tower: $$) ● Job Scheduling (Tower: $$) ● REST API (Ansible Tower: $$) ● HA (Ansible Tower: $$) ● Security (Tower: $$) ● Pull from Git, SVN (Tower, $$)
  • 8. Salt at Cloudflare: used for years Multiple thousands of servers managed by Salt Same tool for both servers and net devices 8
  • 9. Why NAPALM? 9 NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) https://github.com/napalm-automation
  • 10. 10
  • 11. 11 NAPALM integrated in SaltStack https://docs.saltstack.com/en/develop/topics/releases/2016.11.0.html
  • 12. Network automation in two steps 1. Install 2. Use 12
  • 13. NAPALM-Salt (examples): 1. salt “edge*” net.traceroute 8.8.8.8 2. salt -N EU transit.disable telia # disable Telia in EU 3. salt -G “os:junos” net.cli “show version” 4. salt -C “os:iosxr and version:6.0.2” net.arp 5. salt -G “model:MX480” probes.results 6. salt -I “type:router” ntp.set_peers 10.1.130.10 10.1.130.18 10.1.130.22 13 Targeting minions: https://docs.saltstack.com/en/latest/topics/targeting/index.html
  • 14. Abstracting configurations protocols { bgp { group 4-PUBLIC-ANYCAST-PEERS { neighbor 192.168.0.1 { description "Amazon [WW HOSTING ANYCAST]"; family inet { unicast { prefix-limit { maximum 500; } } peer-as 16509; } } } router bgp 13335 neighbor 192.168.0.1 remote-as 16509 use neighbor-group 4-PUBLIC-ANYCAST-PEERS description "Amazon [WW HOSTING ANYCAST]" address-family ipv4 unicast maximum-prefix 500 bgp.neighbor: ip: 192.168.0.1 group: 4-PUBLIC-ANYCAST-PEERS description: "Amazon [WW HOSTING ANYCAST]" remote_as: 16509 prefix_limit: 500 Abstracted 14
  • 15. Example ● Edge router with 1000 BGP peers ● Device is manufactured by VendorA ● Replaced by a device from VendorB 15
  • 17. Us 17 proxy: driver: VendorA proxytype: napalm host: edge01.sgn01 username: apricot passwd: xxxx proxy: driver: VendorB proxytype: napalm host: edge01.sgn01 username: apricot passwd: xxxx vi /etc/salt/pillar/edge01_sgn01.sls More about pillars: https://docs.saltstack.com/en/latest/topics/pillar/
  • 18. Scheduled operations - all integrated! 18 2071) "traceroute:edge01.sjc01-edge01.lhr01-Tata-4" 2072) "traceroute:edge01.iad02-edge01.sjc01-GTT-4" 2074) "traceroute:edge01.fra03-edge01.sea01-Cogent-4" 2075) "traceroute:edge01.yul01-edge01.lax01-Cogent-4" 2076) "traceroute:edge01.zrh01-edge01.fra03-GTT-4" 2077) "traceroute:edge01.mxp01-edge01.ams01-GTT-4" 2078) "traceroute:edge01.mia01-edge01.lhr01-GTT-4" 2079) "traceroute:edge01.msp01-edge01.scl01-Telefonica-4" 2080) "traceroute:edge01.fra03-edge01.mia01-Telia-4" 2081) "traceroute:edge01.lim01-edge01.scl01-Telefonica-4" 2082) "traceroute:edge01.arn01-edge01.mia01-GTT-4" 2083) "traceroute:edge01.prg01-edge01.lax01-GTT-4" 2084) "traceroute:edge01.osl01-edge01.lhr01-GTT-4" # Redis details: redis.host: localhost redis.port: 6379 # Schedulers schedule: traceroute_runner: function: traceroute.collect hours: 4
  • 19. Maintain configuration updated 19 schedule: ntp_config: function: state.sls args: router.ntp returner: smtp days: 1 bgp_config: function: state.sls args: router.bgp hours: 2 probes_config: function: state.sls args: router.probes days: 3 users_config: function: state.sls args: router.users returner: hipchat weeks: 1 ntp.peers: - 10.1.130.22 - 10.1.130.18 - 10.1.128.10 - 10.1.131.10 - 10.1.132.10 - 10.2.52.10 - 10.2.48.10 - 10.2.55.10 - 10.2.50.10 - 10.2.56.10 Define NTP peers in the Pillar Schedule config enforcement checks More about states: https://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
  • 20. 20
  • 22. Monitoring carriers (transit providers) mircea@re0.edge01.sgn01> show configuration services rpm | display set | match 1299 | match probe-type set services rpm probe transit test t-edge01.scl01-1299-12956-4 probe-type icmp-ping set services rpm probe transit test t-edge01.eze01-1299-6762-4 probe-type icmp-ping set services rpm probe transit test t-edge01.lax01-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.eze01-1299-12956-4 probe-type icmp-ping set services rpm probe transit test t-edge01.mia01-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.lhr01-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.ams01-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.fra03-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.iad02-1299-1299-4 probe-type icmp-ping set services rpm probe transit test t-edge01.sea01-1299-1299-4 probe-type icmp-ping JunOS: RPM https://www.juniper.net/documentation/en_US/junos12.1x46/topics/concept/security-rpm-overview.html IOS-XR: ISPLA http://www.cisco.com/c/en/us/td/docs/ios/ipsla/command/reference/sla_book/sla_02.html 22
  • 23. How many probes? $ sudo salt-run transits.probes show_count=True Generated 7248 probes. Generated using: ● net.ipaddrs ● net.interfaces ● bgp.neighbors ● bgp.config All integrated by default in SaltStack. 23
  • 24. How are they installed? $ sudo salt ‘edge*’ state.sls router.probes edge01.sgn01: ---------- ID: cf_probes Function: probes.managed Result: True Comment: Configuration updated Started: 23:00:17.228171 Duration: 10.206 s Changes: ---------- added: ---------- transit: ---------- t-edge01.sjc01-1299-1299-4: ---------- probe_count: 15 probe_type: icmp-ping source: 1.2.3.4 target: 5.6.7.8 test_interval: 3 removed: ---------- updated: ---------- $ cat /etc/salt/pillar/probes_edge01_sgn01.sls probes.config: transit: t-edge01.sjc01-1299-1299-4: source: 1.2.3.4 target: 5.6.7.8 t-edge01.den01-1299-1299-4: source: 10.11.12.13 target: 14.15.16.17 t-edge01.den01-174-174-4: source: 18.19.20.21 target: 22.23.24.25 t-edge01.den01-4436-4436-4: source: 26.27.28.29 target: 30.31.32.33 24
  • 26. Retrieving probes results $ sudo salt ‘edge*’ probes.results edge01.sgn01: ---------- out: ---------- transit: ---------- t-edge01.sjc01-1299-1299-4: ---------- current_test_avg_delay: 24.023 current_test_max_delay: 28.141 current_test_min_delay: 23.278 global_test_avg_delay: 23.936 global_test_max_delay: 480.576 global_test_min_delay: 23.105 26
  • 27. The Internet (during a good day) 27
  • 28. But usually the Internet looks like that 28
  • 31. How often? 1688 request-reply pairs during a random window of 7 days ~ 120 config changes / day in average 0 human intervention 31
  • 32. How can you use it? # apt-get install salt-master (install guide) # pip install napalm Examples: https://github.com/napalm-automation/napalm-salt 32
  • 33. How can you contribute? ● NAPALM Automation: https://github.com/napalm-automation ● SaltStack https://github.com/saltstack/salt 33
  • 34. Need help/advice? Join https://networktocode.herokuapp.com/ rooms: #saltstack #napalm By email: ● Mircea Ulinic: mircea@cloudflare.com ● Jerome Fleury: jf@cloudflare.com 34
  • 35. Questions 35 By email: ● Mircea Ulinic: mircea@cloudflare.com ● Jerome Fleury: jf@cloudflare.com ?