Search This Blog

Thursday, June 20, 2013

Best programming languages for network appliance command line management

Automation options for network devices

There are various networking vendors out there (example Cisco, Juniper, F5, ...). Every vendor provides command line access to its device. The networking shell is usually something unique for a vendor and requires some time to master it. The most popular way to access the shell is to use SSH protocol although.

It is sad that many networking vendors doesn't supply any form of API for device configuration and management (only very few, example F5 iControl). Usually there is only command line shell or GUI.

From operational point of view it is a tedious job to try to automate your routine tasks. In practice, at the end you are going to be forced to write your own scripts and programs. Below is a list of   frameworks and libraries I've found to help me to get my job done.

As a site note, the good thing is that it is changing. Probably the most significant force behind the new technologies is SDN, Openflow and cloud.

What Perl libraries can I use to write my scripts to manage Cisco devices

http://search.cpan.org/~oliver/Net-Appliance-Session-4.131260/lib/Net/Appliance/Session.pm
http://search.cpan.org/~oliver/Net-CLI-Interact-2.131260/lib/Net/CLI/Interact.pm
http://search.cpan.org/~mingzhang/Angel_101/

What Python libraries can I use to manage Cisco devices

http://pydoc.net/Python/ciscolib/0.1/

More like a source code browser.

http://code.ohloh.net/search?s=cisco&browser=Default&pp=0&fl=Python&mp=1&ml=0&me=1&md=1&ff=1&filterChecked=true

You can always mange your SSH session manually using Python SSH libraries

http://stackoverflow.com/questions/5238000/persistent-ssh-session-to-cisco-router
http://linuxdynasty.org/219/howto-manage-your-networked-devices-using-python-and-pexpect/

What Ruby libraries can I use to manage Cisco devices

https://github.com/net-ssh?tab=repositories

Summary

From my investigation it looks that Perl has the most mature option when it comes to network devices automation libraries.

There is only few Python code available that natively supports network appliance management over SSH command line. Situation looks identical with Ruby. To write a bigger thing you would have need to manually write all code including SSH session(s) management, command execution, output delivery and redirections as well as error handling.

Wednesday, June 19, 2013

F5 Network BigIp cheat sheet

This post is a work in progress...
  • How to generate a list with one self ip and vlans per line 
# tmsh list /net self  | egrep 'self|vlan' | xargs -n 6 echo
net self 10.2.2.2/30 { vlan FAILOVER
net self 10.176.30.100/19 { vlan hybridServiceNet-140
net self 10.176.30.102/19 { vlan hybridServiceNet-140
net self 10.176.94.132/19 { vlan hybridServiceNet-142

Or 


# tmsh list net self | egrep -v 'floating|unit|allow-service' | xargs -n 7
net self 10.178.191.49/18 { vlan rackconnect110 }
net self 10.179.63.181/18 { vlan rackconnect112 }


  • How to simulate F5 health check requests with empty Host header
  • How to parse tmsh output
http://rtomaszewski.blogspot.co.uk/2013/07/ways-to-parse-tmsh-output-and-automate.html

Tuesday, June 18, 2013

How does SFTP work

Every network administrator knows how painful is it to troubleshoot FTP protocol issues. Many of them are related to the FTP design concept of independent control and data channels. Because both FTP data and control channels are handled in separate TCP session often network devices are allowing one TCP session but blocking the other. The end result is that you can't connect to FTP server or you can't download a file or your download hangs and never completes.

There are number of alternatives. On of them is SFTP (Secure File Transfer Protocol). The design of this protocols is very different from FTP even though it shares its name.

In FTP we have concept of separate control and data channels. The client can sent commands over the control TCP session and data transfers happens in the data TCP sessions. Both the control and data TCP session has its own TCP conventions. Passive and active FTP mode make it even more convoluted.

In SFTP there is one session (by default the client connect on port 22 from random source port). The single session is used to exchange a mix of control and data commands. This is still truth that for a file transfer you need a new TCP session but the session is initiated in a similar way on port 22. From network point of view there is not much difference how the first or second TCP session looks. The sessions are independent but connected.

Example tcpdump showing a single file transfer (100* is client, 200* is server):
 
Nr      Time        Source             Destination         Protocol flags      Length      vlan hsrc                  hdst             sport  dport  Window size value Seq#       Ack#       Info

# connecting to the SFTP server
    130 0.017634    100.0.0.1          200.0.0.1           TCP      0x02       66          Dell_75:49:e3         Cisco_ee:08:c0        55373  22     65535             0                     55373 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=128 SACK_PERM=1
    131 0.002186    200.0.0.1           100.0.0.1          TCP      0x12       66          Cisco_ee:08:c0        Dell_75:49:e3         22     55373  8192              0          1          ssh > 55373 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1380 WS=256 SACK_PERM=1
    132 0.000033    100.0.0.1          200.0.0.1           TCP      0x10       54          Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32768             1          1          55373 > ssh [ACK] Seq=1 Ack=1 Win=4194304 Len=0
    133 0.004121    200.0.0.1           100.0.0.1          SSHv2    0x18       87          Cisco_ee:08:c0        Dell_75:49:e3         22     55373  258               1          1          Server Protocol: SSH-2.0-1.82_sshlib GlobalSCAPE\r
    134 0.000234    100.0.0.1          200.0.0.1           SSHv2    0x18       97          Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32767             1          34         Client Protocol: SSH-2.0-PuTTY_Local:_Jan__8_2012_14:40:35\r
    135 0.000055    100.0.0.1          200.0.0.1           TCP      0x18       566         Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32767             44         34         [TCP segment of a reassembled PDU]
    136 0.000018    100.0.0.1          200.0.0.1           SSHv2    0x18       182         Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32767             556        34         Client: Key Exchange Init
    137 0.002431    200.0.0.1           100.0.0.1          SSHv2    0x18       542         Cisco_ee:08:c0        Dell_75:49:e3         22     55373  258               34         44         Server: Key Exchange Init
    138 0.000001    200.0.0.1           100.0.0.1          TCP      0x10       60          Cisco_ee:08:c0        Dell_75:49:e3         22     55373  256               522        684        ssh > 55373 [ACK] Seq=522 Ack=684 Win=65536 Len=0
    139 0.000076    100.0.0.1          200.0.0.1           SSHv2    0x18       70          Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32763             684        522        Client: Diffie-Hellman Key Exchange Init
    140 0.002168    200.0.0.1           100.0.0.1          SSHv2    0x18       334         Cisco_ee:08:c0        Dell_75:49:e3         22     55373  256               522        700        Server: Diffie-Hellman Key Exchange Reply
    141 0.018620    100.0.0.1          200.0.0.1           SSHv2    0x18       326         Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32761             700        802        Client: Diffie-Hellman GEX Init
    142 0.024606    200.0.0.1           100.0.0.1          SSHv2    0x18       902         Cisco_ee:08:c0        Dell_75:49:e3         22     55373  254               802        972        Server: Diffie-Hellman GEX Reply
    144 0.005229    100.0.0.1          200.0.0.1           SSHv2    0x18       70          Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32768             972        1650       Encrypted request packet len=16[Malformed Packet]
    145 0.000113    100.0.0.1          200.0.0.1           SSHv2    0x18       142         Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32768             988        1650       Encrypted request packet len=88
    146 0.001946    200.0.0.1           100.0.0.1          TCP      0x10       60          Cisco_ee:08:c0        Dell_75:49:e3         22     55373  254               1650       1076       ssh > 55373 [ACK] Seq=1650 Ack=1076 Win=65024 Len=0
    147 0.000001    200.0.0.1           100.0.0.1          SSHv2    0x18       174         Cisco_ee:08:c0        Dell_75:49:e3         22     55373  254               1650       1076       Encrypted response packet len=120
    148 0.000249    100.0.0.1          200.0.0.1           SSHv2    0x18       158         Dell_75:49:e3         Cisco_ee:08:c0        55373  22     32767             1076       1770       Encrypted request packet len=104
    149 0.002327    200.0.0.1           100.0.0.1          SSHv2    0x18       122         Cisco_ee:08:c0        Dell_75:49:e3         22     55373  254               1770       1180       Encrypted response packet len=68
......

# we initiated a file transfer 
# new tcp session is created, similar like in passive FTP mode
   1683 0.064012    100.0.0.1          200.0.0.1           TCP      0x02       66          Dell_75:49:e3         Cisco_ee:08:c0        55375  22     65535             0                     55375 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=128 SACK_PERM=1
   1684 0.002196    200.0.0.1           100.0.0.1          TCP      0x12       66          Cisco_ee:08:c0        Dell_75:49:e3         22     55375  8192              0          1          ssh > 55375 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1380 WS=256 SACK_PERM=1
   1685 0.000035    100.0.0.1          200.0.0.1           TCP      0x10       54          Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32768             1          1          55375 > ssh [ACK] Seq=1 Ack=1 Win=4194304 Len=0
   1686 0.004089    200.0.0.1           100.0.0.1          SSHv2    0x18       87          Cisco_ee:08:c0        Dell_75:49:e3         22     55375  258               1          1          Server Protocol: SSH-2.0-1.82_sshlib GlobalSCAPE\r
   1687 0.000506    100.0.0.1          200.0.0.1           SSHv2    0x18       97          Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32767             1          34         Client Protocol: SSH-2.0-PuTTY_Local:_Jan__8_2012_14:40:35\r
   1688 0.000053    100.0.0.1          200.0.0.1           TCP      0x18       566         Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32767             44         34         [TCP segment of a reassembled PDU]
   1689 0.000015    100.0.0.1          200.0.0.1           SSHv2    0x18       182         Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32767             556        34         Client: Key Exchange Init
   1690 0.002266    200.0.0.1           100.0.0.1          SSHv2    0x18       542         Cisco_ee:08:c0        Dell_75:49:e3         22     55375  258               34         44         Server: Key Exchange Init
   1691 0.000001    200.0.0.1           100.0.0.1          TCP      0x10       60          Cisco_ee:08:c0        Dell_75:49:e3         22     55375  256               522        684        ssh > 55375 [ACK] Seq=522 Ack=684 Win=65536 Len=0
   1692 0.000109    100.0.0.1          200.0.0.1           SSHv2    0x18       70          Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32763             684        522        Client: Diffie-Hellman Key Exchange Init
   1693 0.002230    200.0.0.1           100.0.0.1          SSHv2    0x18       334         Cisco_ee:08:c0        Dell_75:49:e3         22     55375  256               522        700        Server: Diffie-Hellman Key Exchange Reply
   1697 0.000446    100.0.0.1          200.0.0.1           SSHv2    0x18       326         Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32761             700        802        Client: Diffie-Hellman GEX Init
   1698 0.023470    200.0.0.1           100.0.0.1          SSHv2    0x18       902         Cisco_ee:08:c0        Dell_75:49:e3         22     55375  254               802        972        Server: Diffie-Hellman GEX Reply
   1699 0.027365    100.0.0.1          200.0.0.1           SSHv2    0x18       70          Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32768             972        1650       Encrypted request packet len=16[Malformed Packet]
   1700 0.000111    100.0.0.1          200.0.0.1           SSHv2    0x18       142         Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32768             988        1650       Encrypted request packet len=88
   1701 0.001906    200.0.0.1           100.0.0.1          TCP      0x10       60          Cisco_ee:08:c0        Dell_75:49:e3         22     55375  254               1650       1076       ssh > 55375 [ACK] Seq=1650 Ack=1076 Win=65024 Len=0
   1702 0.000001    200.0.0.1           100.0.0.1          SSHv2    0x18       174         Cisco_ee:08:c0        Dell_75:49:e3         22     55375  254               1650       1076       Encrypted response packet len=120
   1703 0.000303    100.0.0.1          200.0.0.1           SSHv2    0x18       158         Dell_75:49:e3         Cisco_ee:08:c0        55375  22     32767             1076       1770       Encrypted request packet len=104
   ...

# once the tranfer is finished both sessions are closed

   2498 0.015696    100.0.0.1          200.0.0.1           TCP      0x14       54          Dell_75:49:e3         Cisco_ee:08:c0        55373  22     0                 3768       3158       55373 > ssh [RST, ACK] Seq=3768 Ack=3158 Win=0 Len=0

Example loggin session from FileZilla:
 
Status: Connecting to 200.0.0.1...
Response:   fzSftp started
Command:    open "user_name@200.0.0.1" 22
Command:    Trust new Hostkey: Once
Command:    Pass: **********
Status: Connected to 200.0.0.1
Status: Retrieving directory listing...
Command:    pwd
Response:   Current directory is: "/"
Command:    ls
Status: Listing directory /
Status: Calculating timezone offset of server...
Command:    mtime "Archive"
Response:   1365109008
Status: Timezone offsets: Server: 0 seconds. Local: 3600 seconds. Difference: 3600 seconds.
Status: Directory listing successful
Status: Connecting to 200.0.0.1...
Response:   fzSftp started
Command:    open "user_name@200.0.0.1" 22
Command:    Trust new Hostkey: Once
Command:    Pass: **********
Status: Connected to 200.0.0.1
Status: Starting download of /paht/to/the/file.txt
Command:    cd "/"
Response:   New directory is: "/"
Command:    get "/paht/to/the/file.txt" "c:\Users\file.txt"
Status: remote:/paht/to/the/file.txt => local:c:\Users\file.txt
Status: File transfer successful, transferred 360 bytes in 1 second
Status: Disconnected from server
Status: Disconnected from server

References
  1. http://blog.asmallorange.com/the-difference-between-ftp-sftp-and-ftps/
  2. https://wiki.filezilla-project.org/SFTP_specifications
  3. http://en.wikipedia.org/wiki/SFTP (some info about FTP alternatives)
  4. http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13

Monday, June 17, 2013

Tables in Bash

There are many situation where a simple Bash script is more than enough to get a job done. But as much as I like Bash its primitive and quite sensitive syntax make me think twice before I code something more complex. Below is a nice trick I found how to deal with tables in Bash.

The most up to date gist can be found here: https://gist.github.com/rtomaszewski/5799274
 
#!/bin/bash
 
TESTS[0]=a,b,c
TESTS[1]=1,2,3
 
for row in "${TESTS[@]}"; do
    IFS=","
    set $row
    col1=$1
    col2=$2
    col3=$3
 
    echo "row was: $row"
    echo "col1 is $col1, col2 is $col2, col3 is $col3"
done

Openstack or Linux or bash cheat sheet

This post is a work in progress.
  • How to generate a list of commands base on input list. 
Per one input line one output command
# echo a b c | xargs -n 1 echo 'this is ' 
this is  a
this is  b
this is  c

Practical demo of how to delete all your cloud servers
# nova --no-cache list | grep '[|]' | awk '{print $2}' | tail -n +2 | xargs -n1 echo nova delete
nova delete 0dafascd-e7e5-4531-9542-25132338a3fc
nova delete ffasff56-ef5a-42e8-aa96-594d14538def
nova delete ad509afa-0cc8-111b-a681-7c56cc354957
nova delete b9bfafaf-073d-4732-a9c0-2e6720938357
  • Testing if you can establish a TCP session
$ nc -v -p 1185 92.52.111.222 80
Connection to 92.52.111.222 80 port [tcp/http] succeeded!
  • some of the useful CLIs
fold - Filter for folding lines. This breaks the lines to have a maximum of x width column position (or bytes).
column - columnate lists

  • How to check TCP / UDP network and socket statistics 
export file=/tmp/netstat.txt
netstat  -nntulpa &> $file

cat $file | grep tcp | awk ' { print $6 } ' | sort | uniq
cat $file 2 | grep udp

cat $file | grep tcp | awk ' { print $6 } ' | sort | uniq
CLOSE_WAIT
CLOSING
ESTABLISHED
FIN_WAIT1
FIN_WAIT2
LAST_ACK
LISTEN
SYN_RECV
SYN_SENT
TIME_WAIT

cat $file | grep tcp | awk ' { print $6 } ' | sort | uniq | while read STATE; do echo $STATE; grep $STATE $file | wc -l; done
CLOSE_WAIT
2
CLOSING
8
ESTABLISHED
53
FIN_WAIT1
15
FIN_WAIT2
0
LAST_ACK
136
LISTEN
20
SYN_RECV
166
SYN_SENT
0
TIME_WAIT
2

Other useful links: link1link2link3
  • How to sort files based on file size 
$ find . -mount -type f -ls|sort -rnk7 |head -30|awk '{printf "%10d MB\t%s\n",($7/1024)/1024,$NF}'

        52 MB   ./lib/libwireshark.so.2.0.2
        17 MB   ./lib/x86_64-linux-gnu/libicudata.so.48.1.1

  • How to cat and highlight a word in text
$ cat file | egrep --color=always "pattern|$"
$echo -n 'ello' | ( read a; read -u1 b ; echo "1st read : - $a -"; echo "2th read : = $b =" )
test
1st read : - ello -
2th read : = test =
  • How to truncated and shrink the text output to your terminal screen width
$ tcpdump -l -s0 -nn -i 0.0 'host 192.168.99.126 and port 443 and ( tcp[13]=2 )' | cut -c -$(tput cols)

  • How to print a file without the first line

  • $ cat tmp1
    a1
    a2
    a3
    a4
    

    Remove the fist line
    $ cat tmp1 | tail -n+2
    a2
    a3
    a4
    

    Remove the line #2 and #3
    cat tmp1 | sed '2,3d'
    a1
    a4
    

    Remove the first 2 lines
    $ cat tmp1 | tail -n+3
    a3
    a4
    

  • How to extract IP address from tcpdump output

  • $ tcpdump -nr attack.log
    21:35:49.553423 IP 162.13.0.27.22 > 82.44.149.5.51227: Flags [P.], seq 567291273:567291325, ack 2916928547, win 312, length 52
    21:35:49.573227 IP 82.44.149.5.51227 > 162.13.0.27.22: Flags [.], ack 52, win 16516, length 0
    

    Extract source IP and port
    $ tcpdump -nr attack.log | tmp.xt |awk '{print $3}'
    162.13.0.27.22
    82.44.149.5.51227
    

    Strip of the port number
    $ tcpdump -nr attack.log | awk '{print $3}' | grep -oE '[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}'
    162.13.0.27
    82.44.149.5
    
  • How to count strings in a text using awk
$ cat  | awk '  { count+=NF } END { print count;}'
1 2 aaaa :rrr :ddjf -dd rrd ccc zz
1 2 3 4 444; -d df
16

Devops language

Devops is a new discipline that brings a mix of experience from the operational and development area. You definitely need to understand what the development team is doing but not necessarily be able to do yourself. You need to know as well hows live in the operational/admin team looks like ;).

This is a nice slide that brings some of the hot/buzz words you hear often when people talk about devops:

 The full presentation can be found here: http://www.slideshare.net/mtesauro/devops-ci-apis-oh-my-texas-linux-fest-2012.

References
  1. http://rtomaszewski.blogspot.co.uk/2013/06/devops-chalanges-in-companies.html
  2. http://rtomaszewski.blogspot.co.uk/2012/12/what-does-devops-means-for-you-vs-ops.html

Thursday, June 13, 2013

How to crash your PC with fork-bomb Denial-of-service attack

You learn something new every day. When it comes to computer attacks I've thought I saw many things but this little one really make me smile.

THIS ONE WILL CRASH YOU LINUX BOX. DON'T RUN IN ON YOUR PRODUCTION SYSTEM. If you want to test it create some cloud server or better read the explanation of what it does on the wiki.
 
:(){ :|: & };:

References
  1. http://en.wikipedia.org/wiki/Fork_bomb

PS.
I dedicate this post to Tim ;)

Tuesday, June 11, 2013

Sublime keyboard shortcat list

This is work in progress...
  • Below is a list of most common keyboard shortcats I use in Sublime (this is a work in progress post)
Ctrl-Shift-Space - select whole string in brackets
Ctrl-B - show/hide results panel
Ctrl-D - highlight a word
Alt-F3 - multi selection for all highlighted words
F4 - (in the search results Ctrl+Shift+F) opens a file and takes you to highlighted line
Ctrl-F2 - marks a point in a line and create a point for multi selection if needed
Alt-F2 - edit all the marked lines at once (create a multi selection from all the marks above)
Alt-F2, Ctrl-F2 - removes all the marks in the file
Ctrl+Alt+Enter - In the Find/Replace window at the bottom it 'Replace All' matches
More keyboard shortcats https://gist.github.com/eteanga/1736542

Sublime has a built in console terminal with ctrl+` . When type sublime.log_commands(True) there you enable verbose logging. When enabled you are going to see all commands that Sublime is executes as you use it. Just remember to turn logging off when you’re done :)

More function to play with can be found here: http://www.sublimetext.com/docs/2/api_reference.html

Monday, June 10, 2013

Remote execution and configuration management framework written in Python

There are number of tools out there that you can use for automation and/or configuration management. Many of these tools are flexible and offer a range of command and GUI applications interfaces as well as programming libraries and API. If you are paranoid or have very unique requisitions you can writhe with a help of them the automaton scripts yourself. This is a simple example code to automate a task using the paramiko Python library.

Likely, the most popular one are puppet and chef. Puppet is written in Ruby where Chef is in Ruby and Erlang (the newest version).

Problem

Is there any automation and configuration framework that is natively written in Python.

Analisis and results description

Automation tool called Salt or Saltstack is written in Python and provide a native support for modules written in Python.

The tool is rapidly evolving and getting popular. On the main project page we can find number of resources like email group, wiki and IRC (http://saltstack.com/community). There is even a YouTube channel. Below is an introduction and example how salt works.

http://docs.saltstack.com/topics/tutorials/walkthrough.html
http://www.linuxjournal.com/content/getting-started-salt-stack-other-configuration-management-system-built-python


Sunday, June 9, 2013

SR-IOV technology enables low level network virtualization

In the virtualization space the SR-IOV technology was introduced in about 2008/2010 [1]. The technical details can be found under the links in the reference section but in plain English the technology allows to create many virtual devices base on single a physical device. For this to work the hardware (CPU, North chip) and operating system need to have SR-IOV support.

Below is a video demonstrating packet processing for an Intel Ethernet card that supports SR-IOV.


Interesting slides showing the concept from the video and  reference links:
  • After the frame enters the physical port on the NIC the low level driver/firmware (supporting the SR-IOV) distributes the packet (based on header classifications/hash value/etc) to separate virtual queues 
  • Each virtual queue is assigned directly to a virtual device 
  • Once the packet is in the queue it can be deliver to the VM DIRECTLY without the usual software hypervisor overhead
  • Packets don't have to be copied from physical port buffer(s) to OS RAM and than from OS RAM to VM OS buffers. The data can be sent directly from the physical port to VM OS buffers. That way the hypervisor processing overhead can be minimised.
  • Critical part for the technology is CPU and chipset virtualization support
  • As access to physical RAM need to be protected between hypervisor and VMs as well as VMs themselves the virtual memory address is translated to the physical location by the north chipset
  • For the DMA request to copy the packets the address translation between the hypervisor address space and the VM address space is transparent (north chip take care of it)
  • Another view how the packet is delivered from physical port to the VM
References
  1. http://www.intel.com/content/dam/doc/application-note/pci-sig-sr-iov-primer-sr-iov-technology-paper.pdf
  2. http://www.intel.com/content/dam/doc/white-paper/pci-sig-single-root-io-virtualization-support-in-virtualization-technology-for-connectivity-paper.pdf
  3. http://communities.intel.com/community/wired/blog/2010/09/07/sr-iov-explained

Thursday, June 6, 2013

Network appliance architecture

Networking is a fascinating topic. There are thousands of books and RFC describing protocols from layer 1 to layer 7. In every big network we find variety of network devices that handle traffic and provide additional enhanced services. Example of such devices can be switches, routers, load balancers, traffic accelerators, firewalls, IDS, DDOS mitigation devices and others. Services could be QoS, security and traffic deduplication etc.

Looking at the network devices someone could ask one interesting questions: how to build a network device; how would you describe an internal device architecture?

Of course every company has its own patents, secrets, methods etc. how they built, manage and operate network appliances. Below are some information I found when working with them or reading about them.

What OS is used to manage data centre class network appliances from Dell

Dell acquired Force10 in 2011 and that way gained access to data center networking technologies like 10 and 40 Gigabit Ethernet switches.

Like many hardware devices a network appliance needs an (network) operating system (NOS) to control resources and to provide monitoring and management interface. Base on the publicly available information a simplified view of a hardware and software architecture for Force10 network devices can be described as:
References
  1. http://i.dell.com/sites/doccontent/shared-content/data-sheets/en/Documents/Dell_Force10_FTOS_Spec_Sheet.pdf
  2. http://i.dell.com/sites/doccontent/shared-content/data-sheets/en/Documents/Dell_Force10_Product_Quick_Reference_Guide.pdf
This is more like a bonus material in reference to [1] how to build a network using the latest Z9000 switches from Dell: http://bradhedlund.com/2012/01/25/construct-a-leaf-spine-design-with-40g-or-10g-an-observation-in-scaling-the-fabric/

Cisco is leaving the ADC market and recommends NetScaler from Citrix

The networking giant Cisco is leaving the competitive Application Delivery Controller (ADC) market. The Cisco CSS and Cisco ACE products were not able to keep the pace with the competitors like F5 Networks, Citrix, Radware and Brocade.

The doc [3] provides some guidance how to choice the right hardware.

References
  1. http://www.citrix.com/products/netscaler-application-delivery-controller/how-it-helps/cisco.html
  2. http://www.networkworld.com/community/blog/ciscos-exit-adcs-should-come-no-surprise
  3. http://www.citrix.com/content/dam/citrix/en_us/documents/products/ACE_Product_Migration_Guide_final.pdf

Wednesday, June 5, 2013

Devops chalanges in companies

Devops team in your company 

The DevOps name has been used for a while in IT industry. After we established what the name mean there is a time now to ask another questions:
  • What is DevOps in your company and how your company/team is using it
  • Would you consider yourself a devops engineer
  • In what tasks is devops paradigm helping you and why do you like it
These are only examples. To help to spread the knowledge further and to increase understanding of devops mentality even more Puppet Labs has conducted a survey. You can find more about it on its blog Get More Agile: Learn How to Automate One Small Thing with Puppet Enterprise ( a direct link to the survey report is there 2013 State of DevOps ).

I've copied 2 interesting facts from it: (a) what skills are essential and (b) what obstacles you may face if you would like to join a devops team :). More can be found in the report.




Sunday, June 2, 2013

Sublime multi-selection keyboard shortcats

We have discussed the benefit of Sublime editor in our previous posts. In this one we will show how to use efficiently the multi selection feature.

Keyboard shortcat for random multi selection

With Ctrl + D you can create multiple selections when editing text. But when combining it with Ctrl + K you can skip some matches.

Example:
Copy the following text into your editor:

`Example text. This is an example text. Text has only one line`

Test 1:
Ctrl-F to find all `text` string.
Press Ctrl+D twice times.
Escape to get back to editor from the search dialogue.

You created a three word multi selection. You can edit word in 3 different places at once.

Test 2:

Ctrl-F to find all `text` string.
Press Ctrl+D once. It creates 2 word multi-selection.
Press Ctrl+K once. It ignores the last selected work. It gets back to single word selection.
Press Ctrl+D second time. It creates 2 word multi-selection.
Escape to get back to editor from the search dialogue.

You created a 2 word multi selection. You can edit the 2 words simultaneously. We skipped the word in the middle.

Of course you can always use ctrl+u to return to a previous selection :).

Sublime Cheat sheet 

A short summary (more can be found here and on internet)

Ctrl + D    repeat multi-­select word
Ctrl + K    skip multi-­select word