The document contains configuration for a network device using Puppet automation. It configures items like logging, SNMP, NTP, routing, interfaces, and BGP to standardize the configuration for improved operations agility, service velocity, and configuration consistency across devices. Variables are used throughout to parameterize settings like hostnames, IP addresses, and credentials.
Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...Cisco Canada
The document introduces Cisco IP SLAs, which is a feature in Cisco IOS that allows network engineers to monitor and measure performance metrics across their network. It discusses several use cases for IP SLAs including SLA verification, network monitoring, network readiness testing, availability monitoring, and troubleshooting. The document reviews how to configure various IP SLA operations including specifying the operation type, destination, and scheduling. It also discusses the accuracy, performance, and scalability of IP SLA operations.
Cisco CCNA/CCNP Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
Cisco CCNA/CCNP Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
The document describes the configuration of an MPLS VPN network with two VRF instances to provide connectivity between sites. Key steps include:
1. Configuring IS-IS routing in the backbone to establish an MPLS core network.
2. Configuring VRFs and BGP to enable MPLS VPN services between CE routers.
3. Configuring a second VRF to connect additional CE routers and establish routing between them.
The document discusses various MPLS VPN configurations including VRF Lite, MPLS LDP, MP-BGP VPNv4, PE-CE routing protocols like RIP and OSPF redistribution between MPLS and CE routers, and OSPF sham links. The key concepts covered are VRF configuration on PE routers, LDP neighbor authentication, MP-BGP to distribute VPN routes, and routing protocol redistribution between PE and CE devices.
The document discusses service provider networks and frame relay. It provides instructions on building a frame relay network with hub and spoke routers using dynamic and static frame relay mappings. It also covers configurations for loopback interfaces, RIP routing protocol, and route redistribution between protocols to share routes.
Flow-tools is a library and collection of programs used to analyze NetFlow data exported from routers. It includes flow-capture to collect NetFlow records and flow-stat to generate reports and statistics. Key information that can be extracted includes top talkers by IP/AS, traffic patterns between IP/AS pairs, and potential DoS/DDoS sources and targets. The tool provides network visibility without deep packet inspection and with minimal resources.
Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...Cisco Canada
The document introduces Cisco IP SLAs, which is a feature in Cisco IOS that allows network engineers to monitor and measure performance metrics across their network. It discusses several use cases for IP SLAs including SLA verification, network monitoring, network readiness testing, availability monitoring, and troubleshooting. The document reviews how to configure various IP SLA operations including specifying the operation type, destination, and scheduling. It also discusses the accuracy, performance, and scalability of IP SLA operations.
Cisco CCNA/CCNP Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
Cisco CCNA/CCNP Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
The document describes the configuration of an MPLS VPN network with two VRF instances to provide connectivity between sites. Key steps include:
1. Configuring IS-IS routing in the backbone to establish an MPLS core network.
2. Configuring VRFs and BGP to enable MPLS VPN services between CE routers.
3. Configuring a second VRF to connect additional CE routers and establish routing between them.
The document discusses various MPLS VPN configurations including VRF Lite, MPLS LDP, MP-BGP VPNv4, PE-CE routing protocols like RIP and OSPF redistribution between MPLS and CE routers, and OSPF sham links. The key concepts covered are VRF configuration on PE routers, LDP neighbor authentication, MP-BGP to distribute VPN routes, and routing protocol redistribution between PE and CE devices.
The document discusses service provider networks and frame relay. It provides instructions on building a frame relay network with hub and spoke routers using dynamic and static frame relay mappings. It also covers configurations for loopback interfaces, RIP routing protocol, and route redistribution between protocols to share routes.
Flow-tools is a library and collection of programs used to analyze NetFlow data exported from routers. It includes flow-capture to collect NetFlow records and flow-stat to generate reports and statistics. Key information that can be extracted includes top talkers by IP/AS, traffic patterns between IP/AS pairs, and potential DoS/DDoS sources and targets. The tool provides network visibility without deep packet inspection and with minimal resources.
The document describes the configuration of a multi-pod ACI topology with IPN connectivity. It includes steps to configure the APIC clusters, fabric pods, EVPN connectivity between pods, IPN VLANs and subnets, OSPF routing in the IPN, and interface policies for IPN traffic. The goal is to establish IP network connectivity between remote pods using ACI spine switches as IPN routers.
This document provides instructions for configuring Jumbo Frames on various Cisco and VMware networking devices. It discusses setting the MTU on Nexus switches, ACI fabrics, UCS Fabric Interconnects, and VMware vSwitches. It also provides examples of checking the MTU configuration and performing jumbo frame tests to validate the end-to-end network configuration supports larger frame sizes.
This slide is presented in Dec., 2013 as part of Triangle OpenStack meet up sponsored by Cisco System in Raleigh-Durham area, North Carolina.
We did proof of concept back in June, 2013 to evaluate IPv6 readiness of OpenStack as the initial step to make IPv6 and Cloud work together seamlessly.
After 6-week of intensive efforts, we enabled OpenStack Grizzly release over IPv6. Later on, we also successfully launched dual-stack VM in Havana release. This slide summarized what problems we tried to tackle and how we resolved them. The presentation is based on the whitepaper we published at:
http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf.
The ideas captured in this slide will be leveraged by OpenStack Neutron IPv6 sub team to fulfill mid-term goals suggested by Neutron IPv6 roadmap. The target release is IceHouse in April, 2014.
We will publish more white papers and slides when we reach next milestone. Stay tuned!
Since my previous meetup presentation in last Dec., a lot of progress has been made jointly between Nephos6, Comcast, IBM, and Cisco teams to enable IPv6 in OpenStack Icehouse. In this session, we discussed the use cases we had tried to cover, the architectural design we had proposed and the solution being implemented. A demo was provided by the end of the session to showcase the IPv6 connectivity between a dual-stack VM and its default gateway using recently released OpenStack Icehouse.
This slide, "OpenStack Icehouse on IPv6", was presented on April 24 in Triangle OpenStack Meetups sponsored by Cisco System in Raleigh-Durham area, NC, USA.
We will periodically publish more slides to share our key findings or key learnings from other stackers or our customers with respect to OpenStack and IPv6.
Stay tuned!
Shixiong
Moved to https://speakerdeck.com/ebiken/zebra-srv6-cli-on-linux-dataplane-enog-number-49
Introduction to SRv6, Linux SRv6 implementation and how to add SRv6 CLI to Zebra 2.0 Open Source Network Operation Stack.
Presented at ENOG (Echigo NOG) #49.
The document describes configuration labs for various routing protocols and technologies:
- It includes labs for static route configuration, RIP v1/v2, EIGRP, OSPF, route redistribution, switch configuration, VLANs, VTP, STP, and routing between VLANs.
- Frame relay labs cover basic configuration, static maps, routing protocols in Frame Relay networks, point-to-point and multi-point subinterfaces.
- Other labs cover PPP authentication, NAT, ACLs, IPv6, and more. The labs provide instructions to configure the protocols and verify their operation in sample network topologies.
nftables - the evolution of Linux FirewallMarian Marinov
This document provides an overview of nftables, the new packet filtering framework that replaces iptables in the Linux kernel. It discusses the history and predecessors to nftables, how nftables works, key differences from iptables like its more flexible table and chain configuration, and examples of basic nftables rulesets. It also covers topics like matches, jumps, load balancing performance, and kernel configuration options for nftables.
This document provides an overview of CCNP Switch topics including:
- How Layer 2 switches work by learning and recording MAC addresses and forwarding frames based on the MAC address table.
- The different types of multilayer switching (MLS), including demand-based switching using a MLS engine and route processor, and topology-based switching using CEF.
- How ACLs are implemented in switches using Ternary Content Addressable Memory (TCAM) tables to make packet forwarding decisions.
- Campus network design principles including redundancy protocols like HSRP, and wireless LAN configuration.
- Quality of service (QoS) features that prioritize certain traffic through ingress queueing and egress scheduling
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
Cisco CCNA/CCNP Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
The document provides instructions for configuring multicast routing on ACI. It includes 9 steps: 1) enable multicast on the tenant, 2) create a multicast bridge domain, 3) create an IGMP policy, 4) create additional IGMP policies, 5) create an L3 interface policy for border leafs, 6) create an IGMP policy for border leafs, 7) create a PIM policy for border leafs, 8) configure an RP, and 9) verify the multicast configuration. The document also provides CLI commands for troubleshooting multicast routing and lists some limitations.
This document contains configuration details for setting up an ACI Multi-Pod topology including IPN switches, APIC clusters, POD fabrics, access policies, and BGP route reflectors. It provides instructions on configuring the network topology with leaf-spine switches connected across multiple PODs, configuring the APICs with fabric profiles and settings, and setting policies for switch, interface, and fabric configurations.
This document summarizes a CDP indicator device created with a Raspberry Pi. The device displays information about connected devices that it receives from CDP packets on its Ethernet interface. It also sends its own device information via CDP. The device uses SCAPY to receive and generate CDP packets. It can be connected to LittleBits Cloudbit devices and controlled via the Cloudbit web API or integrated with other web services using IFTTT.
There are three types of First Hop Redundancy Protocols (FHRP): HSRP, VRRP, and GLBP. HSRP and VRRP elect an active router to forward traffic for a virtual IP address, while GLBP allows multiple routers to act as active forwarders. Only GLBP supports load balancing traffic across multiple routers. All FHRP protocols run per VRF and VDC.
The document discusses the evolution of Cisco's ACI fabric and policy domains from ACI 1.0 to 3.0. It defines key ACI terminology and describes ACI MultiPod, which connects multiple pods within a fabric. ACI MultiPod supports configurations with up to 12 pods and 400 leaf switches. It also discusses ACI MultiSite, which extends ACI policies and networking across multiple availability zones or data centers using an Inter-Site Network.
This document discusses various IPv6 configuration topics including:
- Link-local, unique local, and global addressing configurations on routers.
- IPv6 auto-configuration using router advertisements for address assignment.
- Configuring IPv6 routing protocols like RIPng, EIGRPv6, and OSPFv3 including route summarization, filtering, and default routing.
- IPv6 multicast configurations including PIM-SM, MLD, BSR, and SSM.
- IPv6 tunneling configurations for 6to4, manual tunnels, and NAT-PT.
Complete squid & firewall configuration. plus easy mac bindingChanaka Lasantha
1. The document details the configuration of a transparent SQUID Linux firewall to cache and filter internet traffic for internal clients. Key steps include installing and configuring Squid, setting up IP forwarding, configuring iptables firewall rules, and binding MAC addresses to IP addresses in Squid for access control.
Catalyst Smart Operations : Simplify Your NetworkCisco Russia
This document discusses several Cisco Catalyst Smart Operations technologies including Auto Secure, Interface Templates, Easy VSS, and AutoConf. Auto Secure simplifies security configuration with one command to enable DHCP snooping, ARP inspection, and port security globally and per port. Interface Templates provide predefined configurations that can be applied to interfaces with one command. AutoConf automates the application of Interface Templates to simplify network configuration.
Triển khai vpn client to site qua router gponlaonap166
The document discusses configuring a remote access VPN behind a NAT router. It provides configuration details for an ASA firewall and NAT router to establish a VPN tunnel. Users can connect directly to the ASA or through the NAT router from the internet. The ASA is configured for NAT, cryptography, VPN groups, and interfaces. Show commands confirm successful VPN connections from both internal and external networks through the NAT router.
CloudForecast is a system monitoring and visualization tool that uses Perl and RRDTool to collect data from servers and generate graphs. It collects metrics like CPU usage, network traffic, and Gearman worker status. Data is stored in RRD files and a SQLite database. A radar component collects data and a web interface is used to view graphs generated from the collected data.
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Андрей Шорин
В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети.
Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор.
Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Ontico
В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети.
Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор.
Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.
The document describes the configuration of a multi-pod ACI topology with IPN connectivity. It includes steps to configure the APIC clusters, fabric pods, EVPN connectivity between pods, IPN VLANs and subnets, OSPF routing in the IPN, and interface policies for IPN traffic. The goal is to establish IP network connectivity between remote pods using ACI spine switches as IPN routers.
This document provides instructions for configuring Jumbo Frames on various Cisco and VMware networking devices. It discusses setting the MTU on Nexus switches, ACI fabrics, UCS Fabric Interconnects, and VMware vSwitches. It also provides examples of checking the MTU configuration and performing jumbo frame tests to validate the end-to-end network configuration supports larger frame sizes.
This slide is presented in Dec., 2013 as part of Triangle OpenStack meet up sponsored by Cisco System in Raleigh-Durham area, North Carolina.
We did proof of concept back in June, 2013 to evaluate IPv6 readiness of OpenStack as the initial step to make IPv6 and Cloud work together seamlessly.
After 6-week of intensive efforts, we enabled OpenStack Grizzly release over IPv6. Later on, we also successfully launched dual-stack VM in Havana release. This slide summarized what problems we tried to tackle and how we resolved them. The presentation is based on the whitepaper we published at:
http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf.
The ideas captured in this slide will be leveraged by OpenStack Neutron IPv6 sub team to fulfill mid-term goals suggested by Neutron IPv6 roadmap. The target release is IceHouse in April, 2014.
We will publish more white papers and slides when we reach next milestone. Stay tuned!
Since my previous meetup presentation in last Dec., a lot of progress has been made jointly between Nephos6, Comcast, IBM, and Cisco teams to enable IPv6 in OpenStack Icehouse. In this session, we discussed the use cases we had tried to cover, the architectural design we had proposed and the solution being implemented. A demo was provided by the end of the session to showcase the IPv6 connectivity between a dual-stack VM and its default gateway using recently released OpenStack Icehouse.
This slide, "OpenStack Icehouse on IPv6", was presented on April 24 in Triangle OpenStack Meetups sponsored by Cisco System in Raleigh-Durham area, NC, USA.
We will periodically publish more slides to share our key findings or key learnings from other stackers or our customers with respect to OpenStack and IPv6.
Stay tuned!
Shixiong
Moved to https://speakerdeck.com/ebiken/zebra-srv6-cli-on-linux-dataplane-enog-number-49
Introduction to SRv6, Linux SRv6 implementation and how to add SRv6 CLI to Zebra 2.0 Open Source Network Operation Stack.
Presented at ENOG (Echigo NOG) #49.
The document describes configuration labs for various routing protocols and technologies:
- It includes labs for static route configuration, RIP v1/v2, EIGRP, OSPF, route redistribution, switch configuration, VLANs, VTP, STP, and routing between VLANs.
- Frame relay labs cover basic configuration, static maps, routing protocols in Frame Relay networks, point-to-point and multi-point subinterfaces.
- Other labs cover PPP authentication, NAT, ACLs, IPv6, and more. The labs provide instructions to configure the protocols and verify their operation in sample network topologies.
nftables - the evolution of Linux FirewallMarian Marinov
This document provides an overview of nftables, the new packet filtering framework that replaces iptables in the Linux kernel. It discusses the history and predecessors to nftables, how nftables works, key differences from iptables like its more flexible table and chain configuration, and examples of basic nftables rulesets. It also covers topics like matches, jumps, load balancing performance, and kernel configuration options for nftables.
This document provides an overview of CCNP Switch topics including:
- How Layer 2 switches work by learning and recording MAC addresses and forwarding frames based on the MAC address table.
- The different types of multilayer switching (MLS), including demand-based switching using a MLS engine and route processor, and topology-based switching using CEF.
- How ACLs are implemented in switches using Ternary Content Addressable Memory (TCAM) tables to make packet forwarding decisions.
- Campus network design principles including redundancy protocols like HSRP, and wireless LAN configuration.
- Quality of service (QoS) features that prioritize certain traffic through ingress queueing and egress scheduling
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
Cisco CCNA/CCNP Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
The document provides instructions for configuring multicast routing on ACI. It includes 9 steps: 1) enable multicast on the tenant, 2) create a multicast bridge domain, 3) create an IGMP policy, 4) create additional IGMP policies, 5) create an L3 interface policy for border leafs, 6) create an IGMP policy for border leafs, 7) create a PIM policy for border leafs, 8) configure an RP, and 9) verify the multicast configuration. The document also provides CLI commands for troubleshooting multicast routing and lists some limitations.
This document contains configuration details for setting up an ACI Multi-Pod topology including IPN switches, APIC clusters, POD fabrics, access policies, and BGP route reflectors. It provides instructions on configuring the network topology with leaf-spine switches connected across multiple PODs, configuring the APICs with fabric profiles and settings, and setting policies for switch, interface, and fabric configurations.
This document summarizes a CDP indicator device created with a Raspberry Pi. The device displays information about connected devices that it receives from CDP packets on its Ethernet interface. It also sends its own device information via CDP. The device uses SCAPY to receive and generate CDP packets. It can be connected to LittleBits Cloudbit devices and controlled via the Cloudbit web API or integrated with other web services using IFTTT.
There are three types of First Hop Redundancy Protocols (FHRP): HSRP, VRRP, and GLBP. HSRP and VRRP elect an active router to forward traffic for a virtual IP address, while GLBP allows multiple routers to act as active forwarders. Only GLBP supports load balancing traffic across multiple routers. All FHRP protocols run per VRF and VDC.
The document discusses the evolution of Cisco's ACI fabric and policy domains from ACI 1.0 to 3.0. It defines key ACI terminology and describes ACI MultiPod, which connects multiple pods within a fabric. ACI MultiPod supports configurations with up to 12 pods and 400 leaf switches. It also discusses ACI MultiSite, which extends ACI policies and networking across multiple availability zones or data centers using an Inter-Site Network.
This document discusses various IPv6 configuration topics including:
- Link-local, unique local, and global addressing configurations on routers.
- IPv6 auto-configuration using router advertisements for address assignment.
- Configuring IPv6 routing protocols like RIPng, EIGRPv6, and OSPFv3 including route summarization, filtering, and default routing.
- IPv6 multicast configurations including PIM-SM, MLD, BSR, and SSM.
- IPv6 tunneling configurations for 6to4, manual tunnels, and NAT-PT.
Complete squid & firewall configuration. plus easy mac bindingChanaka Lasantha
1. The document details the configuration of a transparent SQUID Linux firewall to cache and filter internet traffic for internal clients. Key steps include installing and configuring Squid, setting up IP forwarding, configuring iptables firewall rules, and binding MAC addresses to IP addresses in Squid for access control.
Catalyst Smart Operations : Simplify Your NetworkCisco Russia
This document discusses several Cisco Catalyst Smart Operations technologies including Auto Secure, Interface Templates, Easy VSS, and AutoConf. Auto Secure simplifies security configuration with one command to enable DHCP snooping, ARP inspection, and port security globally and per port. Interface Templates provide predefined configurations that can be applied to interfaces with one command. AutoConf automates the application of Interface Templates to simplify network configuration.
Triển khai vpn client to site qua router gponlaonap166
The document discusses configuring a remote access VPN behind a NAT router. It provides configuration details for an ASA firewall and NAT router to establish a VPN tunnel. Users can connect directly to the ASA or through the NAT router from the internet. The ASA is configured for NAT, cryptography, VPN groups, and interfaces. Show commands confirm successful VPN connections from both internal and external networks through the NAT router.
CloudForecast is a system monitoring and visualization tool that uses Perl and RRDTool to collect data from servers and generate graphs. It collects metrics like CPU usage, network traffic, and Gearman worker status. Data is stored in RRD files and a SQLite database. A radar component collects data and a web interface is used to view graphs generated from the collected data.
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Андрей Шорин
В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети.
Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор.
Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Ontico
В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети.
Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор.
Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.
The document provides instructions for configuring an authenticated Samba server with OpenVPN for secure remote access. Key steps include:
1. Installing Samba, CUPS and other required packages. Configuring firewall rules to allow SMB ports and sharing a directory.
2. Editing the Samba configuration file to define the shared directory and users. Starting the Samba and name resolution services.
3. Testing access from Linux and Windows clients.
4. Hardening the server with iptables firewall rules and installing ClamAV for antivirus scanning of the shared directory. Scheduling freshclam and clamscan to run periodically.
This document summarizes the /etc/services file, which defines network services and their associated port numbers. It notes that the file contains services defined by IANA in the Assigned Numbers registry, including well-known ports from 0-1023, registered ports from 1024-49151, and dynamic/private ports from 49152-65535. Each entry lists the service name, port number, transport protocol, and optional comments or aliases.
This document contains configurations for Cisco routers, including:
1. Interface configurations for E1 and serial interfaces with descriptions and multilink PPP settings.
2. Site-to-site VPN and Easy VPN configurations using IPSec.
3. Control plane policies to limit traffic like Telnet, SNMP, and ICMP.
4. Other settings like IP aliases, QoS, time ranges, route maps, NTP, TACACS, RADIUS, DHCP, and ISDN.
Network Automation (Bay Area Juniper Networks Meetup)Alejandro Salinas
Network Automation provides three examples of network automation projects and their learnings:
1. A script to find a host and change its VLAN using Python showed that small, focused scripts are good starting points and don't require extensive systems.
2. Automating a new datacenter configuration using Python templates and YAML files helped manage crises by standardizing cabling and configurations. Permanently improving requires focusing on delivery over systems.
3. Exposing network data through a REST API allowed querying operational status, configurations, and security policies. Sharing information benefits teams and moves beyond just automating the network team's work.
Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6OJavierMParra
The document provides troubleshooting scenarios for OSPF configuration issues in RouterOS. It discusses five common OSPF parameter mismatch scenarios that can prevent adjacency formation between routers: 1) Hello timer mismatch, 2) Dead timer mismatch, 3) Network type mismatch, 4) Area ID mismatch, and 5) MTU mismatch. It also covers more advanced troubleshooting scenarios such as duplicate router IDs configured on adjacent and non-adjacent routers. The presentation provides the configuration, interface status, and log output comparisons needed to diagnose the root cause of OSPF issues in each scenario.
The document discusses Linux networking commands and tools. It provides examples of using ip commands to view and configure network interfaces, routes, neighbors, and rules. It also shows tcpdump for packet capture and nmap for port scanning. Firewalls are configured using iptables to allow traffic from a specific source to a web server port.
Using routing domains / routing tables in a production network by Peter Hesslereurobsdcon
Abstract
OpenBSD has supported routing domains (aka VRF-lite) since 4.6, released in 2009. In 2014, OpenBSD 5.5 gained support for IPv6 routing domains.
At it's most basic, routing domains are simply multiple routing tables. While seeming like a simple task, there are many gotcha's involved in using routing domains in a production network. This talk will give a brief history, as well as some scenarios for why and how you would use routing domains while describing several of the issues that came up during the initial deployments.
Speaker bio
Peter Hessler is 33 and has been a developer with the OpenBSD project since 2008.
Originally from San Francisco he has an interest in how things work. An OpenBSD user since 2000, he moved to Germany in 2008 and then to Switzerland in 2013. In his spare time, Peter enjoys drinking beer and bad puns.
HaProxy is a free, very fast, and highly available load balancer and proxy. It can balance loads and act as a proxy for TCP and HTTP(s) traffic across multiple systems. The document discusses HaProxy's capabilities and configurations. Configurations include global settings, defaults, backends, frontends, and listens. Examples are provided for load balancing HTTP, HTTPS, MySQL, FTP, and RDP traffic. Sticky sessions and DDoS protection configurations are also covered. The document concludes with a summary of HaProxy's performance, configurability, documentation, multi-system support, and statistics/monitoring tools.
PLNOG 7: Rafał Szarecki - MPLS in an advanced versionPROIDEA
This document discusses MPLS and its benefits including improved route lookup times, traffic engineering capabilities, high availability, and increased scalability. It describes how MPLS provides high availability through techniques like avoiding failures, congestion, capacity planning, and traffic engineering. The document also covers MPLS label distribution protocols, how MPLS can help with failures through techniques like loop-free alternates and pre-computed backup paths, and characteristics of fast reroute which provides protection of MPLS traffic engineering (TE) label switched paths (LSPs).
Our presentation to UKNOF in September 2020
In two very long nights of maintenance we acheived:
- Full table BGP on VyOS converge time in seconds
- Routing on MikroTiks converges near-instantly
- BCP38 (customers cannot spoof source address)
- IRR filtering* (only accept where route/route6 object)
- RPKI (will not accept invalid routes from P/T)
- Templated configuration (repeatable, automated) Single source of truth (the docs become the config)
1. The document provides instructions for upgrading the image on an 8600 switch, including copying new image and configuration files from a server, formatting the flash memory, and rebooting the switch with the new image.
2. It then lists configurations for various protocols and features including OSPF, MLT, Spanning Tree, DHCP Relay, port mirroring, NTP, Radius, VRRP, MAC security, broadcast/multicast rate limiting, static routes, ATM PVCs with VLAN mapping, and RIP.
3. The document finishes with configurations for access policies, syslog server, port tagging, and global port settings.
The document discusses various techniques that internet service providers can use to prevent IP reflection attacks, including:
- Implementing BCP38 and BCP140, which involve validating the source IP address of incoming packets to prevent spoofing. This is recommended to be deployed as close to the edge of the network as possible.
- Enforcing validation using access control lists (ACLs) to filter packets and unicast reverse path forwarding (uRPF) to check the return path of source IP addresses. Strict uRPF is recommended for customers.
- Example ACL and uRPF configurations are provided for Cisco and Juniper routers to filter traffic from customer networks connected to the ISP edge router.
The document appears to be network equipment configuration or status information from multiple devices. It includes details on port configurations, link statuses, speeds and types (e.g. 10GBase-SR, 1000Base-T) for numerous switches, routers, firewalls and other networking gear spanning an organization's infrastructure.
This document provides an overview of commonly used router commands organized into the following categories: keyboard shortcuts, configuration, general commands, privileged mode commands, setting passwords, router processes and statistics, IP commands, CDP commands, IPX commands, routing protocols, access lists, WAN configurations, and miscellaneous commands. It includes brief explanations and examples of commands for configuring, monitoring, and troubleshooting a router.
Similar to Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) (20)
Puppet camp2021 testing modules and controlrepoPuppet
This document discusses testing Puppet code when using modules versus a control repository. It recommends starting with simple syntax and unit tests using PDK or rspec-puppet for modules, and using OnceOver for testing control repositories, as it is specially designed for this purpose. OnceOver allows defining classes, nodes, and a test matrix to run syntax, unit, and acceptance tests across different configurations. Moving from simple to more complex testing approaches like acceptance tests is suggested. PDK and OnceOver both have limitations for testing across operating systems that may require customizing spec tests. Infrastructure for running acceptance tests in VMs or containers is also discussed.
This document appears to be for a PuppetCamp 2021 presentation by Corey Osman of NWOPS, LLC. It includes information about Corey Osman and NWOPS, as well as sections on efficient development, presentation content, demo main points, Git strategies including single branch and environment branch strategies, and workflow improvements. Contact information is provided at the bottom.
The document discusses operational verification and how Puppet is working on a new module to provide more confidence in infrastructure health. It introduces the concept of adding check resources to catalogs to validate configurations and service health directly during Puppet runs. Examples are provided of how this could detect issues earlier than current methods. Next steps outlined include integrating checks into more resource types, fixing reporting, integrating into modules, and gathering feedback. This allows testing and monitoring to converge by embedding checks within configurations.
This document provides tips and tricks for using Puppet with VS Code, including links to settings examples and recommended extensions to install like Gitlens, Remote Development Pack, Puppet Extension, Ruby, YAML Extension, and PowerShell Extension. It also mentions there will be a demo.
- The document discusses various patterns and techniques the author has found useful when working with Puppet modules over 10+ years, including some that may be considered unorthodox or anti-patterns by some.
- Key topics covered include optimization of reusable modules, custom data types, Bolt tasks and plans, external facts, Hiera classification, ensuring resources for presence/absence, application abstraction with Tiny Puppet, and class-based noop management.
- The author argues that some established patterns like roles and profiles can evolve to be more flexible, and that running production nodes in noop mode with controls may be preferable to fully enforcing on all nodes.
Applying Roles and Profiles method to compliance codePuppet
This document discusses adapting the roles and profiles design pattern to writing compliance code in Puppet modules. It begins by noting the challenges of writing compliance code, such as it touching many parts of nodes and leading to sprawling code. It then provides an overview of the roles and profiles pattern, which uses simple "front-end" roles/interfaces and more complex "back-end" profiles/implementations. The rest of the document discusses how to apply this pattern when authoring Puppet modules for compliance - including creating interface and implementation classes, using Hiera for configuration, and tools for reducing boilerplate code. It aims to provide a maintainable structure and simplify adapting to new compliance frameworks or requirements.
This document discusses Kinney Group's Puppet compliance framework for automating STIG compliance and reporting. It notes that customers often implement compliance Puppet code poorly or lack appropriate Puppet knowledge. The framework aims to standardize compliance modules that are data-driven and customizable. It addresses challenges like conflicting modules and keeping compliance current after implementation. The framework generates automated STIG checklists and plans future integration with Puppet Enterprise and Splunk for continued compliance reporting. Kinney Group cites practical experience implementing the framework for various military and government customers.
Enforce compliance policy with model-driven automationPuppet
This document discusses model-driven automation for enforcing compliance. It begins with an overview of compliance benchmarks and the CIS benchmarks. It then discusses implementing benchmarks, common challenges around configuration drift and lack of visibility, and how to define compliance policy as code. The key points are that automation is essential for compliance at scale; a model-driven approach defines how a system should be configured and uses desired-state enforcement to keep systems compliant; and defining compliance policy as code, managing it with source control, and automating it with CI/CD helps achieve continuous compliance.
This document discusses how organizations can move from a reactive approach to compliance to a proactive approach using automation. It notes that over 50% of CIOs cite security and compliance as a barrier to IT modernization. Puppet offers an end-to-end compliance solution that allows organizations to automatically eliminate configuration drift, enforce compliance at scale across operating systems and environments, and define policy as code. The solution helps organizations improve compliance from 50% to over 90% compliant. The document argues that taking a proactive automation approach to compliance can turn it into a competitive advantage by improving speed and innovation.
Automating it management with Puppet + ServiceNowPuppet
As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization.
Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance.
In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.
This document promotes Puppet as a tool for hardening Windows environments. It states that Puppet can be used to harden Windows with one line of code, detect drift from desired configurations, report on missing or changing requirements, reverse engineer existing configurations, secure IIS, and export configurations to the cloud. Benefits of Puppet mentioned include hardening Windows environments, finding drift for investigation, easily passing audits, compliance reporting, easy exceptions, and exporting configurations. It also directs users to Puppet Forge modules for securing Windows and IIS.
Simplified Patch Management with Puppet - Oct. 2020Puppet
Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse.
Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution.
Join this webinar to learn how to do the following with Puppet:
Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems.
Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console.
Ensure your systems are compliant and patched in a healthy state
How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems.
Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.
The document discusses how Puppet can be used to accelerate adoption of Microsoft Azure. It describes lift and shift migration of on-premises workloads to Azure virtual machines. It also covers infrastructure as code using Puppet and Terraform for provisioning, configuration management using Puppet Bolt, and implementing immutable infrastructure patterns on Azure. Integrations with Azure services like Key Vault, Blob Storage and metadata service are presented. Patch management and inventory of Azure resources with Puppet are also summarized.
This document discusses using Puppet Catalog Diff to analyze the impact of changes between Puppet environments or catalogs. It provides the command line usage and options for Puppet Catalog Diff. It also discusses how to integrate Puppet Catalog Diff into CI/CD pipelines for automated impact analysis when merging code changes. Additional resources like GitHub projects and Dev.to posts are provided for learning more about diffing Puppet environments and catalogs.
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
ServiceNow and Puppet can be integrated in four key areas: 1) Self-service infrastructure allows non-Puppet experts to control infrastructure through a ServiceNow interface; 2) Enriched change management automatically generates ServiceNow change requests from Puppet changes and populates them with impact details; 3) Automated incident registration forwards details of configuration drift corrections in Puppet to ServiceNow to create incidents; and 4) Up-to-date asset management would periodically upload Puppet inventory data to ServiceNow to keep the CMDB accurate without disruptive discovery runs.
This document discusses how Puppet Relay uses Tekton pipelines to orchestrate containerized workflows. It provides an overview of how Tekton fits into the Relay architecture, with Tekton controllers managing taskrun pods to execute workflow steps defined in YAML. Triggers can initiate workflows based on events, with reusable and composable steps for tasks like provisioning infrastructure or clearing resources. Relay also includes features for parameters, secrets, outputs, and approvals to customize workflows. An ecosystem of open source integrations provides sample workflows and steps for common use cases.
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
This document discusses deploying legacy software into the AWS cloud using Puppet. It proposes modeling AWS resources like security groups, autoscaling groups, and launch configurations as Puppet resources. This would allow Puppet to provision the underlying AWS infrastructure and configure servers launched in autoscaling groups. It acknowledges challenges around server reboots but suggests they can be addressed. In summary, it argues custom Puppet resources can easily model AWS resources and using Puppet to configure autoscaling servers is possible despite some challenges around rebooting servers during deployment.
This document discusses a partnership between Republic Polytechnic's School of Infocomm and Puppet to promote DevOps practices. It introduces several people involved with the partnership and outlines their mission to prepare more IT companies and individuals for jobs in the DevOps field through training courses. The document describes some short courses offered on DevOps topics and using the Puppet and Microsoft Azure platforms. It provides an example of how Republic Polytechnic has automated infrastructure configuration using Puppet to save time and reduce errors. There is a request at the end for readers to register their interest in DevOps by completing a survey.
This document discusses continuous compliance and DevSecOps best practices followed by financial services organizations.
Continuous compliance is defined as an ongoing process of proactive risk management that delivers predictable, transparent, and cost-effective compliance results. It involves continuously monitoring compliance controls, providing real-time alerts for failures and remediation recommendations, and maintaining up-to-date policies. Best practices for continuous compliance discussed include defining CIS controls and benchmarks, achieving transparent compliance dashboards and automated fixes for breaches.
DevSecOps is introduced as bringing security earlier in the application development lifecycle to minimize vulnerabilities. It aims to make everyone accountable for security. Challenges discussed include security teams struggling to keep up with DevOps pace and
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
The document discusses using Puppet and Vault together to dynamically manage SSL certificates. Puppet can use the vault_cert resource to request signed certificates from Vault and configure services to use the certificates. On Windows, some additional logic is needed to retrieve certificates' thumbprints and bind services to certificates using those thumbprints. This approach provides automated certificate renewal and distribution across platforms.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
When it is all about ERP solutions, companies typically meet their needs with common ERP solutions like SAP, Oracle, and Microsoft Dynamics. These big players have demonstrated that ERP systems can be either simple or highly comprehensive. This remains true today, but there are new factors to consider, including a promising new contender in the market that’s Odoo. This blog compares Odoo ERP with traditional ERP systems and explains why many companies now see Odoo ERP as the best choice.
What are ERP Systems?
An ERP, or Enterprise Resource Planning, system provides your company with valuable information to help you make better decisions and boost your ROI. You should choose an ERP system based on your company’s specific needs. For instance, if you run a manufacturing or retail business, you will need an ERP system that efficiently manages inventory. A consulting firm, on the other hand, would benefit from an ERP system that enhances daily operations. Similarly, eCommerce stores would select an ERP system tailored to their needs.
Because different businesses have different requirements, ERP system functionalities can vary. Among the various ERP systems available, Odoo ERP is considered one of the best in the ERp market with more than 12 million global users today.
Odoo is an open-source ERP system initially designed for small to medium-sized businesses but now suitable for a wide range of companies. Odoo offers a scalable and configurable point-of-sale management solution and allows you to create customised modules for specific industries. Odoo is gaining more popularity because it is built in a way that allows easy customisation, has a user-friendly interface, and is affordable. Here, you will cover the main differences and get to know why Odoo is gaining attention despite the many other ERP systems available in the market.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
2. Why?
• Opera-ons
Agility
– Change
management
in
networks
is
hard
– Lots
of
moving
parts
to
consider
• Service
Velocity
– Timeframes
for
CRUD
ac-vity
unacceptable
• Configura-on
Consistency
– Number
1
reason
for
network
outages
– History
has
taught
us
to
fear
external
systems
3. !
device:
$HostnameSpine1
(DCS-‐7508,
/$Cer-fiedCode)
!
!
boot
system
flash:/$Cer-fiedCode
!
queue-‐monitor
length
!
logging
buffered
10000
no
logging
console
logging
vrf
MGMT
host
$SyslogHostAddress
logging
vrf
MGMT
host
$SyslogHostAddress
logging
vrf
MGMT
source-‐interface
Management1/1
logging
format
-mestamp
high-‐resolu-on
logging
facility
local6
!
hostname
$HostnameSpine1
ip
name-‐server
$DNSHostAddress
ip
name-‐server
$DNSHostAddress
ip
domain-‐name
$CompanyDomainName
!
ntp
source
Management1/1
ntp
server
vrf
MGMT
$NTPHostAddress1
prefer
ntp
server
vrf
MGMT
$NTPHostAddress2
!
snmp-‐server
contact
"$SNMPcontact"
snmp-‐server
loca-on
$bldg/$floor/$room/$rack
no
snmp-‐server
vrf
main
snmp-‐server
vrf
MGMT
snmp-‐server
source-‐interface
Management1/1
snmp-‐server
community
$SNMPCommunity
ro
SNMP-‐RO-‐
ACL
snmp-‐server
community
$SNMPCommunity
rw
SNMP-‐RW-‐
ACL
snmp-‐server
host
$SNMPHostAddress
traps
version
2c
$SNMPcommunity
snmp-‐server
enable
traps
en-ty
snmp-‐server
enable
traps
lldp
snmp-‐server
enable
traps
snmp
!
tacacs-‐server
key
$TacacsServerKey
tacacs-‐server
host
$TacacsServerAddress
vrf
MGMT
ip
tacacs
source-‐interface
Management1/1
!
spanning-‐tree
mode
mstp
!
aaa
authen-ca-on
login
default
group
tacacs+
local
aaa
authen-ca-on
enable
default
group
tacacs+
local
aaa
authoriza-on
console
aaa
authoriza-on
exec
default
group
tacacs+
none
aaa
authoriza-on
commands
1,15
default
group
tacacs+
none
aaa
accoun-ng
exec
default
start-‐stop
group
tacacs+
aaa
accoun-ng
commands
15
default
start-‐stop
group
tacacs
+
!
no
aaa
root
vrf
defini-on
MGMT
rd
$SpineAS01
!
Vlan
999
state
suspend
name
UNUSED-‐PORTS
i
Interface
Ethernet$ModNumber/$SubModNumber/1-‐
$HighestPortNumber
switchport
mode
access
switchport
access
vlan
999
shut
!
Interface
Ethernet3/1/1
descrip-on
-‐
P2P
Link
to
LEAF
switch-‐1
speed
forced
40gfull
mtu
9214
logging
event
link-‐status
no
switchport
ip
address
$IPAddress/30
arp
-meout
900
ip
pim
sparse-‐mode
ip
pim
bfd-‐instance
qos
trust
dscp
no
shut
!
Interface
Ethernet3/1/2
descrip-on
-‐
P2P
Link
to
LEAF
switch-‐2
speed
forced
40gfull
mtu
9214
logging
event
link-‐status
no
switchport
ip
address
$IPAddress/30
arp
-meout
900
ip
pim
sparse-‐mode
ip
pim
bfd-‐instance
qos
trust
dscp
no
shut
!
Interface
Ethernet4/1/1
descrip-on
-‐
P2P
Link
to
LEAF
switch-‐1
speed
forced
40gfull
mtu
9214
logging
event
link-‐status
no
switchport
ip
address
$IPAddress/30
arp
-meout
900
ip
pim
sparse-‐mode
ip
pim
bfd-‐instance
qos
trust
dscp
no
shut
!
Interface
Ethernet4/1/2
descrip-on
-‐
P2P
Link
to
LEAF
switch-‐2
speed
forced
40gfull
logging
event
link-‐status
no
switchport
ip
address
$IPAddress/30
arp
-meout
900
ip
pim
sparse-‐mode
ip
pim
bfd-‐instance
qos
trust
dscp
no
shut
!
interface
Loopback0
descrip-on
Router-‐ID
ip
address
$IPAddress/32
!
interface
Management1
no
snmp
trap
link-‐status
vrf
forwarding
MGMT
ip
address
$MGMTIPAddress/$MGMTSubnetMask
!
ip
route
vrf
MGMT
0.0.0.0/0
$GatewayOfLastResortAddress
!
ip
rou-ng
no
ip
rou-ng
vrf
MGMT
!
ip
mul-cast-‐rou-ng
!
ip
prefix-‐list
PREFIX-‐LIST-‐IN
seq
10
permit
$Prefix/
$PrefixLength
!
route-‐map
ROUTE-‐MAP-‐IN
permit
10
match
ip
address
prefix-‐list
PREFIX-‐LIST-‐IN
!
ip
prefix-‐list
PREFIX-‐LIST-‐OUT
seq
10
permit
$Prefix/
$PrefixLength
!
route-‐map
ROUTE-‐MAP-‐OUT
permit
10
match
ip
address
prefix-‐list
PREFIX-‐LIST-‐OUT
!
router
bgp
$SpineAS
router-‐id
<Loopback0_Address>
bgp
log-‐neighbor-‐changes
distance
bgp
20
200
200
maximum-‐paths
64
neighbor
EBGP-‐TO-‐LEAF-‐PEER
peer-‐group
neighbor
EBGP-‐TO-‐LEAF-‐PEER
password
$Password
neighbor
EBGP-‐TO-‐LEAF-‐PEER
remote-‐as
$LeafAS
neighbor
EBGP-‐TO-‐LEAF-‐PEER
send-‐community
neighbor
EBGP-‐TO-‐LEAF-‐PEER
fall-‐over
bfd
neighbor
EBGP-‐TO-‐LEAF-‐PEER
next-‐hop-‐self
neighbor
EBGP-‐TO-‐LEAF-‐PEER
route-‐map
ROUTE-‐MAP-‐IN
in
neighbor
EBGP-‐TO-‐LEAF-‐PEER
route-‐map
ROUTE-‐MAP-‐OUT
out
neighbor
EBGP-‐TO-‐LEAF-‐PEER
maximum-‐routes
25000
neighbor
$Leaf1IPAddress
peer-‐group
EBGP-‐TO-‐LEAF-‐PEER
neighbor
$Leaf2IPAddress
peer-‐group
EBGP-‐TO-‐LEAF-‐PEER
!
banner
login
This
system
is
privately
owned
and
operated.
Access
to
this
system
is
restricted
to
authorized
users
only.
Criminal
and
civil
laws
prohibit
unauthorized
use.
Violators
will
be
prosecuted.
You
must
disconnect
immediately
if
you
are
not
an
authorized
user.
EOF
!
management
console
idle-‐-meout
15
!
management
ssh
idle-‐-meout
15
!
!
…
4. !
device:
$HostnameSpine1
(DCS-‐7508,
/$Cer-fiedCode)
!
!
boot
system
flash:/$Cer-fiedCode
!
queue-‐monitor
length
!
logging
buffered
10000
no
logging
console
logging
vrf
MGMT
host
$SyslogHostAddress
logging
vrf
MGMT
host
$SyslogHostAddress
logging
vrf
MGMT
source-‐interface
Management1/1
logging
format
-mestamp
high-‐resolu-on
logging
facility
local6
!
hostname
$HostnameSpine1
ip
name-‐server
$DNSHostAddress
ip
name-‐server
$DNSHostAddress
ip
domain-‐name
$CompanyDomainName
!
ntp
source
Management1/1
ntp
server
vrf
MGMT
$NTPHostAddress1
prefer
ntp
server
vrf
MGMT
$NTPHostAddress2
!
snmp-‐server
contact
"$SNMPcontact"
snmp-‐server
loca-on
$bldg/$floor/$room/$rack
no
snmp-‐server
vrf
main
snmp-‐server
vrf
MGMT
snmp-‐server
source-‐interface
Management1/1
snmp-‐server
community
$SNMPCommunity
ro
SNMP-‐RO-‐
ACL
snmp-‐server
community
$SNMPCommunity
rw
SNMP-‐RW-‐
ACL
snmp-‐server
host
$SNMPHostAddress
traps
version
2c
$SNMPcommunity
snmp-‐server
enable
traps
en-ty
snmp-‐server
enable
traps
lldp
snmp-‐server
enable
traps
snmp
!
tacacs-‐server
key
$TacacsServerKey
tacacs-‐server
host
$TacacsServerAddress
vrf
MGMT
ip
tacacs
source-‐interface
Management1/1
!
spanning-‐tree
mode
mstp
!
aaa
authen-ca-on
login
default
group
tacacs+
local
aaa
authen-ca-on
enable
default
group
tacacs+
local
aaa
authoriza-on
console
aaa
authoriza-on
exec
default
group
tacacs+
none
aaa
authoriza-on
commands
1,15
default
group
tacacs+
none
aaa
accoun-ng
exec
default
start-‐stop
group
tacacs+
aaa
accoun-ng
commands
15
default
start-‐stop
group
tacacs
+
!
no
aaa
root
vrf
defini-on
MGMT
rd
$SpineAS01
!
Vlan
999
state
suspend
name
UNUSED-‐PORTS
i
Interface
Ethernet$ModNumber/$SubModNumber/1-‐
$HighestPortNumber
switchport
mode
access
switchport
access
vlan
999
shut
!
Interface
Ethernet3/1/1
descrip-on
-‐
P2P
Link
to
LEAF
switch-‐1
speed
forced
40gfull
mtu
9214
logging
event
link-‐status
no
switchport
ip
address
$IPAddress/30
arp
-meout
900
ip
pim
sparse-‐mode
ip
pim
bfd-‐instance
qos
trust
dscp
no
shut
!
Interface
Ethernet3/1/2
descrip-on
-‐
P2P
Link
to
LEAF
switch-‐2
speed
forced
40gfull
mtu
9214
logging
event
link-‐status
no
switchport
ip
address
$IPAddress/30
arp
-meout
900
ip
pim
sparse-‐mode
ip
pim
bfd-‐instance
qos
trust
dscp
no
shut
!
Interface
Ethernet4/1/1
descrip-on
-‐
P2P
Link
to
LEAF
switch-‐1
speed
forced
40gfull
mtu
9214
logging
event
link-‐status
no
switchport
ip
address
$IPAddress/30
arp
-meout
900
ip
pim
sparse-‐mode
ip
pim
bfd-‐instance
qos
trust
dscp
no
shut
!
Interface
Ethernet4/1/2
descrip-on
-‐
P2P
Link
to
LEAF
switch-‐2
speed
forced
40gfull
logging
event
link-‐status
no
switchport
ip
address
$IPAddress/30
arp
-meout
900
ip
pim
sparse-‐mode
ip
pim
bfd-‐instance
qos
trust
dscp
no
shut
!
interface
Loopback0
descrip-on
Router-‐ID
ip
address
$IPAddress/32
!
interface
Management1
no
snmp
trap
link-‐status
vrf
forwarding
MGMT
ip
address
$MGMTIPAddress/$MGMTSubnetMask
!
ip
route
vrf
MGMT
0.0.0.0/0
$GatewayOfLastResortAddress
!
ip
rou-ng
no
ip
rou-ng
vrf
MGMT
!
ip
mul-cast-‐rou-ng
!
ip
prefix-‐list
PREFIX-‐LIST-‐IN
seq
10
permit
$Prefix/
$PrefixLength
!
route-‐map
ROUTE-‐MAP-‐IN
permit
10
match
ip
address
prefix-‐list
PREFIX-‐LIST-‐IN
!
ip
prefix-‐list
PREFIX-‐LIST-‐OUT
seq
10
permit
$Prefix/
$PrefixLength
!
route-‐map
ROUTE-‐MAP-‐OUT
permit
10
match
ip
address
prefix-‐list
PREFIX-‐LIST-‐OUT
!
router
bgp
$SpineAS
router-‐id
<Loopback0_Address>
bgp
log-‐neighbor-‐changes
distance
bgp
20
200
200
maximum-‐paths
64
neighbor
EBGP-‐TO-‐LEAF-‐PEER
peer-‐group
neighbor
EBGP-‐TO-‐LEAF-‐PEER
password
$Password
neighbor
EBGP-‐TO-‐LEAF-‐PEER
remote-‐as
$LeafAS
neighbor
EBGP-‐TO-‐LEAF-‐PEER
send-‐community
neighbor
EBGP-‐TO-‐LEAF-‐PEER
fall-‐over
bfd
neighbor
EBGP-‐TO-‐LEAF-‐PEER
next-‐hop-‐self
neighbor
EBGP-‐TO-‐LEAF-‐PEER
route-‐map
ROUTE-‐MAP-‐IN
in
neighbor
EBGP-‐TO-‐LEAF-‐PEER
route-‐map
ROUTE-‐MAP-‐OUT
out
neighbor
EBGP-‐TO-‐LEAF-‐PEER
maximum-‐routes
25000
neighbor
$Leaf1IPAddress
peer-‐group
EBGP-‐TO-‐LEAF-‐PEER
neighbor
$Leaf2IPAddress
peer-‐group
EBGP-‐TO-‐LEAF-‐PEER
!
banner
login
This
system
is
privately
owned
and
operated.
Access
to
this
system
is
restricted
to
authorized
users
only.
Criminal
and
civil
laws
prohibit
unauthorized
use.
Violators
will
be
prosecuted.
You
must
disconnect
immediately
if
you
are
not
an
authorized
user.
EOF
!
management
console
idle-‐-meout
15
!
management
ssh
idle-‐-meout
15
!
!
…
5. Puppet
NetDev
Module
NetDev
is
a
vendor-‐neutral
network
abstrac-on
framework
contributed
freely
to
the
Puppet
community
Basic layer-1 and layer-2 network abstractions
Can extend the framework to define any abstractions or
features needed for an environment
The NetDev framework is open and free and accessible
via Puppet Forge with implementations available for
Arista, Juniper, Mellanox, Cumulus
9. How
to
take
netdev
to
the
next
phase?
You want
to run what
on my
network
device?
Devops +
NetOps
!= <3
I have 99
problems
and no time
for this
discussion
10. Lets
just
teach
every
netops
person
to
be
a
developer…
problem
solved!
11. Breaking
down
the
configura-on
into
construc-ble
blocks….
STP
MLAG
VRRP
OSPF
VLAN
L2
Interface
(access,
trunk)
Logical
Interface
(LAG)
Physical
Interface
L3
interface
(ipv4,
ipv6)
12. Paqerns
start
to
emerge…
interface
lag
l2_interface
interface
ip_interface
vrrp_interface
ospf_instance
ospf_area
ospf_interface
13. Hmm,
come
to
think
of
it…
interface
interface
ethernet1/1
descrip-on
webservers
no
shutdown
ip_interface
vrrp_interface
interface
ethernet1/1
no
switchport
ip
address
10.10.4.1/24
interface
ethernet1/1
vrrp
10
priority
200
vrrp
10
-mers
adver-se
3
vrrp
10
ip
10.10.4.10
exit
Isn’t
the
CLI
just
like
a
DSL?
14. Start
small
and
expand
the
sphere
of
influence
automa-on
Services
/
Applica9ons
Logical
Interfaces
Physical
Interfaces
VLANS
15. Feelin
the
love
What’s
taking so
long to
upgrade to
Enterprise?
Devops +
NetOps
= <3
I have 99
problems
but
automating
my network
isn’t one of
them
16. Automation with Puppet and EOS
Automation with Puppet and EOS
Standard Binaries
Native Enterprise Integration
Orchestrate Arista EOS or Linux
OS resource automation
Custom Facter integration for
collecting state information
Leverage Arista AEM for
responsive automation to state
changes
Arista EOS Provider
eAPI
Gems
Ruby Sysdb
Linux Kernel
Arista EOS Types
Netdev Types
Resource Abstraction
Enterprise
Community
Puppet Master
17. Call
to
ac-on
• Great
first
step!
• Much
more
work
to
do
• Get
Involved!!
– We
cannot
model
the
network
without
your
help