The Systems Engineering / SRE world has undergone a shift of thinking towards intend driven holistic configuration management a long time ago, but it feels like the majority of network automation solutions are still following the idea of making incremental changes to the routers and switches out there, which at the same time might also be managed manually by operators typing (or copying) magic spells into a CLI. This makes the device configuration the synchronization point and we don’t really have an idea of what this configuration will look like in full without checking back on the device.
I believe we as Network (Automation) Engineers need to follow suit, make the mental shift to the holistic approach, let Perl, Shell and expect scripts be, and bring software engineering methods to network automation. This way we are able to tackle the problems at hand at an abstract level, build solutions which can be reasoned with, tested on their own, and scale to our needs. For the most daunting problem of configuration management this means plugging some of those systems together and building a solution which generates and owns the full device configuration.
Dealing with diverging configuration parts, across the fleet, carefully cleaning up old approaches to configure X, doing incremental changes, and figuring out how to interact with a platform API, a dialect of NETCONF, YANG, etc. would all be from the past –-- wouldn’t that be great?
A recording of this talk can be found at https://media.ccc.de/v/froscon2022-2820-this_is_the_way_-_holistic_network_automation
A key tenant of moving NFV from a Proof of Concept (Poc) to deployment is testing. NFV solutions that pull from open source projects such as OPNFV, OpenStack, OpenDaylight, and others must be integrated and tested in an environment that fully supports the performance and availability requirements of service provider networks. Testing criteria and solutions are also required to ensure NFV interoperability between hardware and software systems that comprise NFV. In this tutorial, you’ll learn best practices for open source NFV testing, including: methodology; mapping to ETSI NFV use-case/s; open source project integration; testing dashboards; Continuous Integration and Continuous Deployment (CI/CD); and testing acceleration.
Summit 16: How to Compose a New OPNFV Solution Stack?OPNFV
This session showcases how a new OPNFV solution stack (a.k.a. ""scenario"") is composed and stood up. We'll use a new solution stack framed around a new software forwarder (""VPP"") provided by the FD.io project as example for this session. The session discusses how an evolution/change of upstream components from OpenStack, OpenDaylight and FFD.io are put in place for the scenario, how installers and tests need to be evolved to allow for integration into OPNFV's continuous integration, deployment and test pipeline.
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...Hirofumi Iwasaki
Financial companies need Java EE to power its business today. Rakuten Card, one of the largest credit card companies in Japan, adopted Java EE 7 for its credit card core systems rearchitecture, from one of the oldest COBOL based mainframe in Japan. Additionally, we chose Apache Spark for super rapid batch execution platform. We completed this big core system migration project successfully.
You can learn why we choose Java EE, and Apache Spark for super rapid batch execution, and our experiences and lessons we learned. How to start such a big project? Why we choose it, how we ported, how use Apache Spark for performance improvements, and launched with? We’ll answer these questions and any that you may have.
Iben from Spirent talks at the SDN World Congress about the importance of and...Iben Rodriguez
@Iben Rodriguez from @Spirent talks at the SDN World Congress about the importance of and issues with NFV VNF and SDN Testing in the cloud.
#Layer123 Dusseldorf Germany 20141016
Presentation of the status of my PhD in 2012 done to ABLE group at Carnegie Mellon.
Years later from that appeared
https://github.com/iTransformers/netTransformer
Summit 16: The Hitchhiker/Hacker's Guide to NFV BenchmarkingOPNFV
The landscape of emerging NFV benchmarking can be very confusing to navigate for anybody who is not immersed in the relevant industry communities. There are specifications, standards and methodologies as well as frameworks, test-cases, traffic-profiles, KPIs, metrics, traffic generators with open-source and proprietary tools. Furthermore platform characterization includes VNFs, the VNFI as well as network controllers and managers all which have an impact on performance. This presentation will increase your NFV benchmarking IQ by explaining the history and state-of-art NFV benchmarking in ETSI NFV, IETF, OPNFV with examples of recent results. For anybody not actively working in benchmarking groups across NFV industry forums this presentation is sure to get your performance pulse racing.
A key tenant of moving NFV from a Proof of Concept (Poc) to deployment is testing. NFV solutions that pull from open source projects such as OPNFV, OpenStack, OpenDaylight, and others must be integrated and tested in an environment that fully supports the performance and availability requirements of service provider networks. Testing criteria and solutions are also required to ensure NFV interoperability between hardware and software systems that comprise NFV. In this tutorial, you’ll learn best practices for open source NFV testing, including: methodology; mapping to ETSI NFV use-case/s; open source project integration; testing dashboards; Continuous Integration and Continuous Deployment (CI/CD); and testing acceleration.
Summit 16: How to Compose a New OPNFV Solution Stack?OPNFV
This session showcases how a new OPNFV solution stack (a.k.a. ""scenario"") is composed and stood up. We'll use a new solution stack framed around a new software forwarder (""VPP"") provided by the FD.io project as example for this session. The session discusses how an evolution/change of upstream components from OpenStack, OpenDaylight and FFD.io are put in place for the scenario, how installers and tests need to be evolved to allow for integration into OPNFV's continuous integration, deployment and test pipeline.
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...Hirofumi Iwasaki
Financial companies need Java EE to power its business today. Rakuten Card, one of the largest credit card companies in Japan, adopted Java EE 7 for its credit card core systems rearchitecture, from one of the oldest COBOL based mainframe in Japan. Additionally, we chose Apache Spark for super rapid batch execution platform. We completed this big core system migration project successfully.
You can learn why we choose Java EE, and Apache Spark for super rapid batch execution, and our experiences and lessons we learned. How to start such a big project? Why we choose it, how we ported, how use Apache Spark for performance improvements, and launched with? We’ll answer these questions and any that you may have.
Iben from Spirent talks at the SDN World Congress about the importance of and...Iben Rodriguez
@Iben Rodriguez from @Spirent talks at the SDN World Congress about the importance of and issues with NFV VNF and SDN Testing in the cloud.
#Layer123 Dusseldorf Germany 20141016
Presentation of the status of my PhD in 2012 done to ABLE group at Carnegie Mellon.
Years later from that appeared
https://github.com/iTransformers/netTransformer
Summit 16: The Hitchhiker/Hacker's Guide to NFV BenchmarkingOPNFV
The landscape of emerging NFV benchmarking can be very confusing to navigate for anybody who is not immersed in the relevant industry communities. There are specifications, standards and methodologies as well as frameworks, test-cases, traffic-profiles, KPIs, metrics, traffic generators with open-source and proprietary tools. Furthermore platform characterization includes VNFs, the VNFI as well as network controllers and managers all which have an impact on performance. This presentation will increase your NFV benchmarking IQ by explaining the history and state-of-art NFV benchmarking in ETSI NFV, IETF, OPNFV with examples of recent results. For anybody not actively working in benchmarking groups across NFV industry forums this presentation is sure to get your performance pulse racing.
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkOpen Networking Summits
Jun Bi
Professor & Director
Tsinghua University
Outline
• Intra-AS (campus level) IPv6 source address validation using OpenFlow (with extension)
– Good for introducing new IP services to network
• Planning next step if we run SDN as a common infrastructure for new services and architectures
– Some personal viewpoints and thoughts on design challenges
– Forwarding abstraction for Post-IP architectures
– Control abstraction for scalable NOS and programmable/manageable virtualization platform
– Inter-AS policies negotiation abstraction
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
In this presentation you will discover:
- The challenges facing today’s storage environment
- How vR Ops solves storage troubleshooting
- When to use vR Ops
- Where to get a Management Pack for Storage Devices (MPSD)
- Partner Solutions
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...ir. Carmelo Zaccone
This workshop will start with a presentation of results of a study that was conducted for the European Commission on IPv6 and security. This will be followed by presentations from a technology provider who will focus on the security issues related to IPv6. The last presentation will be done by an organisation that has implemented IPv6 and it will share its experiences with the focus on security. At the end of the session, there is a Q&A.
http://ipv6-ghent.fi-week.eu/ipv6-security/
Learn more about the tremendous value Open Data Plane brings to NFV
Bob Monkman, Networking Segment Marketing Manager, ARM
Bill Fischofer, Senior Software Engineer, Linaro Networking Group
Moderator:
Brandon Lewis, OpenSystems Media
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overviewCisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. The need to automate interactions with the network is ever more obvious. We have a plethora of tools built around legacy technologies, such as SNMP and screen scraping, but these are coming to the end of their useful lives. In this introductory talk we will look at how YANG data models are becoming ever more pervasive across networking, and how they may be used to more efficiently automating network configuration and operational management.
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14Stefano Salsano
The introduction of SDN in IP backbones requires the coexistence of regular IP forwarding and SDN based forwarding. The former is typically applied to best effort Internet traffic, the latter can be used for different types of advanced services (VPNs, Virtual Leased Lines, Traffic Engineering…). In this paper we first introduce the architecture and the services of an “hybrid” IP/SDN networking scenario. Then we describe the design and implementation of an Open Source Hybrid IP/SDN (OSHI) node. It combines Quagga for OSPF routing and Open vSwitch for OpenFlow based switching on Linux. The availability of tools for experimental validation and performance evaluation of SDN solutions is fundamental for the evolution of SDN. We provide a set of open source tools that allow to facilitate the design of hybrid IP/SDN experimental networks, their deployment on Mininet or on distributed SDN research testbeds and their test. Finally, using the provided tools, we evaluate key performance aspects of the proposed solutions. The OSHI development and test environment is available in a VirtualBox VM image that can be downloaded.
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...Rafael Ferreira da Silva
Scientific workflows are used routinely in numerous scientific domains, and Workflow Management Systems (WMSs) have been developed to orchestrate and optimize workflow executions on distributed platforms. WMSs are complex software systems that interact with complex software infrastructures. Most WMS research and development activities rely on empirical experiments conducted with full-fledged software stacks on actual hardware platforms. Such experiments, however, are limited to hardware and software infrastructures at hand and can be labor- and/or time-intensive. As a result, relying solely on real- world experiments impedes WMS research and development. An alternative is to conduct experiments in simulation.
In this work we present WRENCH, a WMS simulation framework, whose objectives are (i) accurate and scalable simula- tions; and (ii) easy simulation software development. WRENCH achieves its first objective by building on the SimGrid framework. While SimGrid is recognized for the accuracy and scalability of its simulation models, it only provides low-level simulation abstractions and thus large software development efforts are required when implementing simulators of complex systems. WRENCH thus achieves its second objective by providing high- level and directly re-usable simulation abstractions on top of SimGrid. After describing and giving rationales for WRENCH’s software architecture and APIs, we present a case study in which we apply WRENCH to simulate the Pegasus production WMS. We report on ease of implementation, simulation accuracy, and simulation scalability so as to determine to which extent WRENCH achieves its two above objectives. We also draw both qualitative and quantitative comparisons with a previously proposed workflow simulator.
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...Hirofumi Iwasaki
For increasing business opportunity, the Financial industry companies requires the power, flexibility and scalability of latest enterprise technologies for its 24/7 services. Rakuten Card, one of the largest credit card companies in Japan, recently renewed their credit card core processing systems utilizing with Java EE. Among the myriad of available technologies, why did we choose Exalogic and Exadata, with Apache Spark distributed configuration? How did we ported from one of the oldest COBOL based mainframe in Japan? What were the key of the success factors into launching and operating this mission critical service? This session unveils our great results, and how our selections are effective for financial enterprise systems.
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
Linux has become a 1st class Network Citizen for many years and doesn't fall short compared to commercial solutions. It in fact is the very essence many of those are build on and is used as the foundation for nearly all cloud solutions out there.
This talk will touch on methods and features to set up Layer3 network separation and will walk through and show case
* Policy-based routing
* VRFs (with and without MPLS)
* Network Namespaces
We will compare features and options and go through a number of use cases, covering Linux as a router, VPN server, load balancer, etc.
A basic understanding of networking, routing and how the Internet works certainly help, some aha moments will be there in any way.
This talk will show how to build your own simple, cheap and scalable CGN solutions with stateful-failover with commodity servers with a decent NIC running Linux, nftables, and bird.
We were in need to introduce NAT into the network and a commercial solution would have required a 6 figure invest, so we build it ourselves for <10% of that cost.
Two Dell servers with a recent CPU, two Mellanox NICs and nftables as well as bird do the trick and make for a simple, cheap and scalable CGN box, supporting ECMP, simple draining and orchestration by your usual Linux tool chain as well as stateful-failover.
Video at: https://www.youtube.com/watch?v=qHsHkjhGibA
More Related Content
Similar to This is the way - Holistic (Network) Automation
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkOpen Networking Summits
Jun Bi
Professor & Director
Tsinghua University
Outline
• Intra-AS (campus level) IPv6 source address validation using OpenFlow (with extension)
– Good for introducing new IP services to network
• Planning next step if we run SDN as a common infrastructure for new services and architectures
– Some personal viewpoints and thoughts on design challenges
– Forwarding abstraction for Post-IP architectures
– Control abstraction for scalable NOS and programmable/manageable virtualization platform
– Inter-AS policies negotiation abstraction
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
In this presentation you will discover:
- The challenges facing today’s storage environment
- How vR Ops solves storage troubleshooting
- When to use vR Ops
- Where to get a Management Pack for Storage Devices (MPSD)
- Partner Solutions
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...ir. Carmelo Zaccone
This workshop will start with a presentation of results of a study that was conducted for the European Commission on IPv6 and security. This will be followed by presentations from a technology provider who will focus on the security issues related to IPv6. The last presentation will be done by an organisation that has implemented IPv6 and it will share its experiences with the focus on security. At the end of the session, there is a Q&A.
http://ipv6-ghent.fi-week.eu/ipv6-security/
Learn more about the tremendous value Open Data Plane brings to NFV
Bob Monkman, Networking Segment Marketing Manager, ARM
Bill Fischofer, Senior Software Engineer, Linaro Networking Group
Moderator:
Brandon Lewis, OpenSystems Media
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overviewCisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. The need to automate interactions with the network is ever more obvious. We have a plethora of tools built around legacy technologies, such as SNMP and screen scraping, but these are coming to the end of their useful lives. In this introductory talk we will look at how YANG data models are becoming ever more pervasive across networking, and how they may be used to more efficiently automating network configuration and operational management.
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14Stefano Salsano
The introduction of SDN in IP backbones requires the coexistence of regular IP forwarding and SDN based forwarding. The former is typically applied to best effort Internet traffic, the latter can be used for different types of advanced services (VPNs, Virtual Leased Lines, Traffic Engineering…). In this paper we first introduce the architecture and the services of an “hybrid” IP/SDN networking scenario. Then we describe the design and implementation of an Open Source Hybrid IP/SDN (OSHI) node. It combines Quagga for OSPF routing and Open vSwitch for OpenFlow based switching on Linux. The availability of tools for experimental validation and performance evaluation of SDN solutions is fundamental for the evolution of SDN. We provide a set of open source tools that allow to facilitate the design of hybrid IP/SDN experimental networks, their deployment on Mininet or on distributed SDN research testbeds and their test. Finally, using the provided tools, we evaluate key performance aspects of the proposed solutions. The OSHI development and test environment is available in a VirtualBox VM image that can be downloaded.
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...Rafael Ferreira da Silva
Scientific workflows are used routinely in numerous scientific domains, and Workflow Management Systems (WMSs) have been developed to orchestrate and optimize workflow executions on distributed platforms. WMSs are complex software systems that interact with complex software infrastructures. Most WMS research and development activities rely on empirical experiments conducted with full-fledged software stacks on actual hardware platforms. Such experiments, however, are limited to hardware and software infrastructures at hand and can be labor- and/or time-intensive. As a result, relying solely on real- world experiments impedes WMS research and development. An alternative is to conduct experiments in simulation.
In this work we present WRENCH, a WMS simulation framework, whose objectives are (i) accurate and scalable simula- tions; and (ii) easy simulation software development. WRENCH achieves its first objective by building on the SimGrid framework. While SimGrid is recognized for the accuracy and scalability of its simulation models, it only provides low-level simulation abstractions and thus large software development efforts are required when implementing simulators of complex systems. WRENCH thus achieves its second objective by providing high- level and directly re-usable simulation abstractions on top of SimGrid. After describing and giving rationales for WRENCH’s software architecture and APIs, we present a case study in which we apply WRENCH to simulate the Pegasus production WMS. We report on ease of implementation, simulation accuracy, and simulation scalability so as to determine to which extent WRENCH achieves its two above objectives. We also draw both qualitative and quantitative comparisons with a previously proposed workflow simulator.
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...Hirofumi Iwasaki
For increasing business opportunity, the Financial industry companies requires the power, flexibility and scalability of latest enterprise technologies for its 24/7 services. Rakuten Card, one of the largest credit card companies in Japan, recently renewed their credit card core processing systems utilizing with Java EE. Among the myriad of available technologies, why did we choose Exalogic and Exadata, with Apache Spark distributed configuration? How did we ported from one of the oldest COBOL based mainframe in Japan? What were the key of the success factors into launching and operating this mission critical service? This session unveils our great results, and how our selections are effective for financial enterprise systems.
Similar to This is the way - Holistic (Network) Automation (20)
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
Linux has become a 1st class Network Citizen for many years and doesn't fall short compared to commercial solutions. It in fact is the very essence many of those are build on and is used as the foundation for nearly all cloud solutions out there.
This talk will touch on methods and features to set up Layer3 network separation and will walk through and show case
* Policy-based routing
* VRFs (with and without MPLS)
* Network Namespaces
We will compare features and options and go through a number of use cases, covering Linux as a router, VPN server, load balancer, etc.
A basic understanding of networking, routing and how the Internet works certainly help, some aha moments will be there in any way.
This talk will show how to build your own simple, cheap and scalable CGN solutions with stateful-failover with commodity servers with a decent NIC running Linux, nftables, and bird.
We were in need to introduce NAT into the network and a commercial solution would have required a 6 figure invest, so we build it ourselves for <10% of that cost.
Two Dell servers with a recent CPU, two Mellanox NICs and nftables as well as bird do the trick and make for a simple, cheap and scalable CGN box, supporting ECMP, simple draining and orchestration by your usual Linux tool chain as well as stateful-failover.
Video at: https://www.youtube.com/watch?v=qHsHkjhGibA
Contemporary network configuration for linux - ifupdown-ngMaximilan Wilhelm
There are many different ways to configure networking on Linux. Debian and Alpine use ifupdown1, and Cumulus Networks invented ifupdown2; other distributions have various other systems, such as systemd-networkd and NetworkManager.
This talk will present ifupdown-ng, a new project by the Network Services Association intended as a drop-in replacement for ifupdown1 and ifupdown2 installations. Presently, Alpine and Debian are the primary supported environments. Support for other Linux distributions and BSD is planned.
With its modular design, ifupdown-ng intends to allow flexibility for today's modern networking setups, while being easy to extend.
ifupdown-ng is Open Source and can be found on GitHub at: https://github.com/ifupdown-ng/ifupdown-ng/
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Maximilan Wilhelm
Dieses Jahr versuchen wir uns auf vielfachen Wunsch an einem noch praktischer orientierten Grundlagen-Vortrag. Wir fangen an bei Verkabelung (Kupfer, Glasfasern, Stecker, etc.), gehen weiter zu Ethernet (STP, VLANs, LAGs / Bonding) und enden unseren Ausflug bei IP und Grundlagen des Debugging (Ping, Traceroute).
Intent driven, fully automated deployment of anycasted load balancers with ha...Maximilan Wilhelm
Keeping your service configuration aligned over hundreds of hosts is not a simple task. In this talk, we illustrate how we automated the integration of HAProxy into our infrastructure at University of Paderborn.
As our current generation of commercial load balancer appliances approached end of life, we thought about replacement options and improving how we manage our services while being at it. The main goal was building a scaleable, consistent, active-active setup of load balancers which could be easily automated with open source tools.
We needed a way to define what a service is and how/where it should be configured, balanced and monitored we created a simple service defintion format in YAML and small Python library to help with parsing, inheritence, defaults etc. The automation framework bcfg2 was a given as it was already in use to manage hundreds of Linux and Windows systems and services. As it's written in Python it's easily extendable.
As load balacing options we implemented anycast (for examples for Kerberos KDCs) as well balancing by HAproxy nodes where the HAproxy frontend IPs might be anycasted as well. When running production services it's important to know when things break before the user does, so setting up monitoring for frontend and backend services is part of the picture, too. All bits of configuration for HAproxy, anycast, route reflection, monitoring with Icinga2, netfilter (nftables) rules, etc. are automagically generated based on the service configuration. This talk will lay out how all those parts fit together and are generated.
Of course, we also explain the pitfalls of this setup and what we (hopefully) learned from it.
Es gibt viele Möglichkeiten hoch verfügbare und/oder skalierbare Dienste zu bauen, die weitläufig im Einsatz sind: DNS Round-Robin, ein Satz Loadbalancer oder Reverse-Proxies, etc. pp. An Anycast und BGP im eigenen Rechenzentrum trauen sich einige Admins und Entscheider nicht heran.
Warum es OK ist, wenn einige bis viele Server die selbe IP-Adresse haben, viele Wege nach Rom führen und wie man so ein Setup aufbaut und betreibt soll in diesem Vortrag praxisnah gezeigt werden. Wir bauen auf Basis von Debian Linux, Bird und Bind einen Cluster von Webservern und spielen ein bisschen damit herum (wenn noch genug Zeit ist).
APUs als Backbonerouter sind toll, klein, kraftvoll genug[tm] und einfach zu handlen.
Aber was tun, wenn das Board beim reboot (remote aus gelöst natürlich) hängen bleibt? Man das Netzwerk kaputtkonfiguriert hat, oder der Kernel Schluckauf hat? OOB muss her!
Wir zeigen, wie wir das in unserem Backbone mit einer "Management-Backboor" und einem Raspberry PI pro APU gelöst habe, sodass wir eine serielle Konsole und einen remote-reset-Knopf für unseren Backbonerouter haben.
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Maximilan Wilhelm
Der Freifunk Hochstift betreibt seit 2014 ein Richtfunkbackbone, das im Laufe der Jahre stark gewachsen ist und sie an einigen Stellen weiterentwickelt hat.
Wir wollen Euch die Geschichte unseres Richtfunkbackbones erzählen mit allen ihren hellen und dunklen Seiten und allen Ideen die mal gut schienen und sich als "eher so mittel" herausgestellt haben.
Best Current Operational Practices - Dos, Don’ts and lessons learnedMaximilan Wilhelm
Max und Falk versammeln knapp 42 Jahre Erfahrung in der Netzwerk- und Open-Source Praxis. In diesem Vortrag stellen sie schmerzhafte Erfahrungen vor und leiten daraus Best Practices für den Netzwerkbetrieb ab. Zusätzlich werden Best Community Practices vorgestellt und der ein oder andere Schwank aus den Anfangszeiten des Internet in Deutschland erzählt.
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackMaximilan Wilhelm
Der Switch in meinem Linux-Rechner - was ist eine Bridge und wie benutze ich sie? Was sind VLANs und gar vlan-aware-Bridges? Fesselspiele mit Netzwerkkabeln - Bonding/Channel/Trunks mit und ohne LACP.
Auf Layer 3 tauchen wir ab in die Routingtabellen jedes Linux-Systems (derer gibt’s immer mindestens 3) sowie fortschrittlichere Magie wie policy-based Routing, VRFs und Network Namespaces; Beispiele aus dem echten Leben zeigen, wozu das alles gut ist und wie man damit arbeitet.
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Maximilan Wilhelm
SDN ist in aller Munde und Ohren, mindestens auf den Golfplätzen. Welche Technologien Software Defined Netzwerke ermöglichen und warum ein geswitchtes Underlay ab einer bestimmten Größe unhandlich wird und warum Netzwerker gerne Dinge in Dingen einpacken, wird in diesem Vortrag erklärt.
Dieser Vortrag erklärt Begriffe wie GRE, VXLAN und EVPN und erläutert wie man diese unter Linux benutzt, um entsprechende Overlay Strukturen zu etablieren und welchen realweltichen Probleme man damit lösen kann.
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
Sie möchten Ihr großes internes Netzwerk - ein Autonomes System - mit dem Internet verbinden, eine IP-Fabric aufbauen oder interne Dienste per Anycast in Ihrem Netzwerk anbieten. Für all diese Dinge ist das Border Gateway Protokoll entwickelt worden und auch hervorragend geeignet.
Dieser Vortag vermittelt die Funktionsweise von BGP im externen und internen Einsatz, gibt einen Überblick über die Steuermechanismen und Stellschrauben und zeigt den praktischen Einsatz mit dem Bird Internet Routing Daemon auf.
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
Herzlichen Glückwunsch! Sie dürfen ein Netzwerk mit mehr als 2 Routern administrieren. Dieser Vortrag erläutert, warum statisches Routing keine Lösung ist und schneller als einem lieb ist zum Problem werden kann. Als Einführung in dynamisches Routing und OSPF, erklärt dieser Vortrag wie sich Router gegenseitig finden, Routen austauschen, was eine Area ist und wie die Link-State Datenbank funktioniert.
OSPF wird praktisch am Beispiel des Bird Internet Routing Daemons und in Zusammenspiel mit klassischen Herstellern gezeigt.
Nach 20 Jahren IPv6 (RFC2460 erschien im Dezember 1998) und knapp 40% Verbreitung an Deutschlands Internetzugängen stellt sich IPv6 für die meisten Admins immer noch als Mysterium dar. Teilweise wird sogar von führenden Experten empfohlen IPv6 abzuschalten "weil das nur Probleme macht". Warum das nicht so ist, und warum man sich doch auf die "neue" Welt einlassen sollte erklärt dieser praxisorientierte Vortrag.
Der Vortag führt ein in Adresskonzepte, Adressvergabe und -auflösung (SLAAC, DHCPv6, DHCPv6-PD, ND, RDNSS, etc.) und zeigt einen typischen Adressierunsplan auf. Brückentechnologien wie NAT64, DS-lite und Teredo werden vorgestellt und eingeordnet. Die Konfiguration von IPv6 unter Linux wird am Beispiel von iproute2 bzw. Debian Netzwerkkonfiguration sowie sysctls aufgezeigt.
Was ist dieses Ethernet, was haben wir da für Geräte und warum? Was tun die? Was hat das mit Bäumen zu tun und wer ist dieses MAC?
Was ist eine IP-Adresse? Wie funktioniert Subnetting mit CIDR und was sind eigentlich diese Netzwerkklassen von denen immernoch Menschen reden? Was sind private und öffentliche IPs und wo bekomme ich die her? Wie konfiguriere ich das alles unter Linux? Was sind Routingtabellen und warum habe ich davon eigentlich mindestens drei Stück?
Dieser Vortrag gibt Antworten auf alle diese Fragen und noch einige mehr. Subnetting nach CIDR bildet die Grundlagen für Routing in heutigen IP-Netzwerken;
RFC1918, RFC3927 und RFC6598 definieren jeweils “private” IP-Bereich für interne Nutzung, für öffentliche IPs haben wir in Europa das RIPE. Eine Einführung in iproute2 zeigt, wie man all das unter Linux “zu Fuß” konfiguriert und wie man die Netzwerkkonfiguration am Beispiel von Debian reboot-save einrichtet.
This talk will provide a brief overview about some of the latest developments in the Linux networking world: Things like VLAN-aware-bridges, VXLAN, VRF-Lites, as well as MPLS support will be shown with practical examples.
Everyone still using »ifconfig«, »route«, »arp« etc. might want to attend to get an idea how to use the Linux swiss army knife for networkers (»ip«) which already has replaced or will replace all the old tools on current distributions.
For Debian based systems ifupdown2 provides a convenient replacement for the old ifupdown toolchain including configuration for VLAN interfaces and LAGs which previously required auxiliary tools.
At the end you will get a glimpse into building your own SDN with Debian Linux, ifupdown2, Salt Stack and Python.
back to top
Building your own sdn with debian linux salt stack and pythonMaximilan Wilhelm
Topics like Infrastructure Automation / Orchestration, Cloud, and Software Defined Networks are on everyones tongue and nearly all network vendors who think highly of themselves provide products and maybe even solutions in this sphere of buzzwords.
Within the last years there has been a paradigm shift towards host and segment routing – think »IP Fabric« – as well as a focus on open protocols and standards like OSPF, IS-IS, BGP & MPLS not only in the data center. This even brought us some new standards like VXLAN and a bunch of open source based “open networking” platforms. Now we aren't always locked to the operating systems of a networking vendor but can choose the control plane software from a variety of Linux based solutions which can be managed and orchestrated by lots of different means.
Thanks to the Linux basis and the Open Source spirit of some vendors, some features (VRFs, MPLS forwarding plane, …) today are part of the upstream Linux kernel and available for everyone! Most notable are the contributions of the Debian Linux based platform from Cumulus Networks, which include the VRF support for Linux, some MPLS patches for FRR and ifupdown2 (which is written in Python :-)).
Putting a bunch of these technologies and ideas together will open up a lot of powerful options for building low budget yet mighty networks. This talk will lay out how to build a SDN based service provide like infrastructure with the help of Salt Stack, some 1000 lines of Python and a bunch of affordable hardware where overlay networks and anycast aren't things to be scared of. The Freifunk Hochstift network and server infrastructure will be used as an example.
The target audience mainly consists of (Linux-) system and network engineers / architects, who already have some experience with the other world. A positive attitude towards automation and magic is a plus.
AS201701 - Building an Internet backbone with pure 1he servers and LinuxMaximilan Wilhelm
Talk held at May 9th 2017 at #RIPE74 in Budapest about the german Freifunk Backbone running as AS201701 and the efforts it took to build it and keep in running.
See https://ripe74.ripe.net/programme/meeting-plan/plenary/ for a video recording of the talk.
Die Themen Infrastructure Automation / Orchestration, Cloud und Software Defined Networks sind in aller Munde und nahezu jeder Netzwerkhersteller, der etwas auf sich hält,bietet Produkte und stellenweise sogar Lösungen in dieser Buzzwordblase an.
Der in den letzten Jahren vollzogene Paradigmenwechsel hin zu mehr (Host/Segment-)Routing und weniger Layer2-Magie – Stickwort >>IP Fabric<< - sowie die Besinnung auf offene Standards (OSPF, ISIS, BGP, MPLS) nicht nur in Data-Center-Netzwerken hat neue Standards (z.B. VXLAN) beschert und Open-Source-basierte "Open Networking"-Plattformen auf dem Markt erscheinen lassen. Auf einmal ist man nicht mehr an das Betriebsystem und die Vorgaben des Hardwarevendors gebunden, sondern kann die Control-Plane einiger Gerate mit verschiedenen Linux-basierten Produkten nahezu vollstandig selbst kontrollieren und orchestrieren.
Dank der Linux-Basis und Freude am Open-Source-Gedanken mancher Hersteller sind einige Features in Open-Source-Komponenten (Linux-VRFs, MPLS-Forwarding-Plane im Kernel, etc.) gewandert und stehen somit überall zur Verfügung. Besonders zu erwähnen ist hier das Debian-basierte System von Cumulus Networks, aus deren Feder ifupdown2 sowie VRF-Support in Linux stammen. Eine Sammlung dieser Technologien und Ansätze lassen sich auch in Low-Budget- und/oder Eigenbau-Netzwerken anwenden und können hier erstaunliche und mächtige Optionen eröffnen.
Der Vortrag wird am Beispiel der Netzwerk- und Server-Infrastruktur des Freifunk Hochstift darlegen, wie man mit ein bisschen SaltStack, knapp 1000 Zeilen Python und erschwinglicher Hardware eine SDN-basierte Service-Provider Infrastruktur bereitstellen kann, in der Overlay-Netze und Anycast keine Fremdworte sind.
Neben einem “Technology-Overview” wird es eine Failosophy und Lessons Learned aus dem echten Leben eines Freifunker geben ;-)
Das Zielpublikum des Vortrags umfasst in erster Linie (Linux-)Administratoren und Netzwerker, die bereits Erfahrungen mit der jeweils anderen Welt haben und wissen was Routing ist. Eine positive Einstellung zu Automatisierung ist von Vorteil.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
Vaccine management system project report documentation..pdfKamal Acharya
The Division of Vaccine and Immunization is facing increasing difficulty monitoring vaccines and other commodities distribution once they have been distributed from the national stores. With the introduction of new vaccines, more challenges have been anticipated with this additions posing serious threat to the already over strained vaccine supply chain system in Kenya.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
1. This is the way
Holistic (Network) Automation
FrOSCon 2022
Maximilian Wilhelm
1 / 27
2. Agenda
1. A little bit of history
2. Software Engineering Methods
3. Applying SWE Methods to Network Automation
4. Reality check
5. Q&A
2 / 27
3. Who's who Maximilian Wilhelm
Networker
Open Source Hacker
Fanboy of
(Debian) Linux
(Linux) networking
Occupation:
By day: Network Automation Engineer at Cloudflare
By night: Lead Infrastructure Architect, Freifunk Hochstift
In between: Freelance Infrastructure Architect for hire
Contact
@BarbarossaTM
max@sdn.clinic
3 / 27
5. History When I was a student
First IT job in early 2004
Institute of Mathematics at Paderborn University
More or less separate network
Some hundred clients and servers
Fully automated install + management
Home grown solution
SDeployment
Written in Shell (IIRC)
(Un)install packages + maintain configuration
Owns full configuration files
Helped to find an intruder
Managed to exchange sshd binary
Didn't support Kerberos, so changed the config file
SDeployment changed config file back and service failed to restart
5 / 27
6. History Birth of new automation tools
Intent driven configuration
Describe the desired state
Packages (un)installed
Presence (+content) or absence of a file
Restart services on changes
...
Solution makes sure to reach/keep that state
Timeline of their birth (according to Wikipedia)
2003 bcfg2*
2005 Puppet
2009 Chef
2011 SaltStack
2012 Ansible
2012 Batou*
* 1st GIT commit 6 / 27
7. History State of network configuration today
Broad spectrum
Operators typing or pasting magic spells into a CLI
Deployment helpers called with explicit parameters
Evolution: Expect, Perl, Python scripts
Vendor solutions of different colors and sizes
Up to full vendor lock-in SDN solutions
Home-grown solutions, anywhere on the spectrum
Up to Google size full magic solution
7 / 27
8. History Where does this leave us now?
Wouldn't it be cool ...
To remove all the toil from Network config management!
So Network Engineers can focus on engineering
To have a vendor independent solution?
That can be tested and proven to do the right thing?
That scales well?
That is even Open Source?
But, how would we build that?
8 / 27
10. History
SWE Methods
Software Engineering Methods - Abstraction
Operating Systems
Drivers for hardware components
I/O, Keyboard, Mice, Displays
File systems for data storage
Networking
ISO/OSI or hour glass model
Internet protocols (HTTP, SMTP, ...)
Routing protocols (OSPF, IS-IS, BGP ...)
10 / 27
11. History
SWE Methods
Software Engineering Methods - Testing
Unit tests
Test function/method, class, package with knowledge of the inside
White-box testing
Integration test
Useful for APIs or protocols
Verify BGP implementations work with others
Regression testing
Something broke, we fixed it
Make sure we notice when it breaks again
11 / 27
14. History
SWE Methods
Applying SWE
Methods
Abstraction
Codify network architecture and processes
Topology + rules
Vendor configuration details
One large config file vs. different smaller ones
Different dialects or even languages
Generate vendor neutral config and translate from there
14 / 27
16. History
SWE Methods
Applying SWE
Methods
Topology - Example FFHO
BB/DC-POP 1 (PAD1) DC-POP 2 (PAD2)
DC-POP 3 (remote)
VPN
CR
CSW
CSW
CR
Dark Fiber
Gateway Gateway
Gateway
RF
BB-POP (WBBL-only, w/ APs)
RF
RF
BBR
RF
APs
BB-POP (WBBL + VPN, w/ APs)
BBR
RF APs
POP 4 (PAD3) [planned]
CR Gateway
Dark Fiber [planned]
RF
RF CSW
RF
RF
BB-POP (WBBL-only)
RF
RF
BBR
RF
CR
Internet
FFHO Topologie (schematic)
Legend
Router Layer3 Switch Switch
WiFi PTP link
Access Point
CWDM MUX Gateway KVM
Hypervisor
KVM
KVM
KVM
16 / 27
17. History
SWE Methods
Applying SWE
Methods
Nodes
Represent devices
Attributes
Status, Role
OS
IPs (on interfaces)
Location (rack ... region)
Edges
Represent links
Attributes
Status, Role
Bandwidth, Distance, Priority
...
Abstraction - Topology as a graph
17 / 27
18. History
SWE Methods
Applying SWE
Methods
Abstraction - Rules
What would have an operator configured manually?*
*If they did the right thing™
Examples, based on FFHO infrastructure
Internal routing protocols (OSPS + iBGP)
Learning of edge prefixes
Automagically generated firewall rules (CoPP)
...
18 / 27
19. History
SWE Methods
Applying SWE
Methods
Software Engineering Methods - Pipeline
Input
IRM / DCIM + IPAM
Any solution which offers an API, e.g. NetBox or Nautobot
Any local database(s) holding business relevant information
E.g. subscribers / services
Process(es)
Controller which gathers topology information and applies rules
Generate vendor neutral configuration
Translate configuration into required vendor configuration(s)
Apply the config as an atomic operation (if possible)
Micro service approach beneficial
Output
The complete generated configuration
Vendor independent or vendor specific, depending on POV
19 / 27
20. History
SWE Methods
Applying SWE
Methods
Controller generates the vendor
independent config
Rules could be part of code or
textual
Translator generates vendor specific
language from that
Multiple config files for Linux
routers
Single config file for (e.g. Cisco)
switches
Translator also (can) apply config
SaltStack, Ansible, ...
Home grown
Software Engineering Methods - Pipeline
20 / 27
21. History
SWE Methods
Applying SWE
Methods
Software Engineering Methods - Testing
Unit tests
Controller can be tested without touching production network
Testing Translator can be harder
Integration tests
New controller versions can be tested against live data source
Compare result with currently running production controller
Does it generate the config we expect?
No risk of impacting infrastructure
Translator can be tested offline or in a lab
Input: Static generic config from generator
Apply config to lab device (VM?)
Verify device config against expected result
21 / 27
24. History
SWE Methods
Applying SWE
Methods
Reality check
Reality check - Lessons learned
Data stored in pillar only usable inside Salt
Limits flexibility a lot
Evolution
From input in pillar to NetBox
From logic in Jinja templates to Python modules inside Salt
Abstract NetBox data structures away with NACL
Move more and more logic into NACL (e.g. iBGP mesh computation)
Use Salt as translator instead of controller
24 / 27
26. History
SWE Methods
Applying SWE
Methods
Reality check
Q&A
Questions & answers
Why not generate the config within Salt or Ansible?
How do you test that? Automatically?
Limited to Python and the environment of the solution
Why not buy vendor solution here?
Because it's not vendor independent
What do you do if it can't do X or is discontinued?
Why not use NETCONF/YANG?
Because it's not vendor independent enough
And it's for iterative config changes
Yes NETCONF can to complete config replace, but what's the point?
26 / 27