Using guestfish container image#

Once in a while, one still needs to get down to a VM-land and dust off some guestfish skills.

Like today I got the IPInfusion OcNOS qcow2 image whose devs decided it is best to use VNC console by default. VNC console for a text-based terminal...

So along come guestfish commands.

DIY YANG Browser#

Here comes the second episode of the NetRel show: NetRel episode 002 - DIY YANG Browser. Be ready to dive into the paths we took to create a YANG Browser for Nokia SR Linux platform.

YANG data models are the map one should use when looking for their way to configure or retrieve any data on SR Linux system. A central role that is given to YANG in SR Linux demands a convenient interface to browse, search through, and process these data models.

To answer these demands, we created a web portal - https://yang.srlinux.dev - it offers:

  • Fast Path Browser to effectively search through thousands of available YANG paths
  • Beautiful Tree Browser to navigate the tree representation of the entire YANG data model of SR Linux
  • Source .yang files neatly stored in nokia/srlinux-yang-models repository for programmatic access and code generation

Decoding gNMI with Wireshark#

Okay, here goes my first attempt fitting the shoes of a content creator.

Please welcome the NetRel episode 001 - Decoding gNMI with Wireshark, it is a 35min journey of using Wireshark to parse the gNMI traffic (both non-secured and secured).

I won't spend your time explaining the first episode; instead, let me tell you what I want the NetRel series to be about. I am interested in covering the aspects of network automation that are not widely covered.

Using scrapligo with kubectl exec#

As the networking industry is (slowly) moving towards forklifting networking functions to the cloud-native space we often become the witnesses of mixing decade old tools with cloud-native approaches and architectures.

This post is about one such crazy mixture of using screen scraping library scrapligo with kubectl exec and docker exec commands.

Nokia SR Linux goes public#

It's been almost two years since Nokia announced its Data Center Fabric solution. The three-layered solution ranged from hardware platforms all the way up in the stack to the DC fabric lifecycle management suite - Fabric Services System (FSS).

pic1

At the very heart of the DC Fabric solution lies a purpose-built, modern Network OS - SR Linux.

pic2

SR Linux comes with quite some interesting and innovative ideas. By being able to design the NOS from the ground up, the product team was freed from the legacy burdens which will be there have they decided to built the NOS on top of the existing one. Features like:

  • YANG-first APIs
  • Protobuf based SDK
  • Disaggregated application stack
  • Programmable CLI

are the result of taking a fresh look at the modern data center networks and building the NOS for the Netdevops era.

No wonders engineers around the world wanted to play with SR Linux and take those features for a spin first hand. And today it is finally possible!

Network automation options in Go with scrapligo#

Just recently the network automation folks witnessed a great library to be ported from Python to Go - scrapligo.

For me personally this was a pivotal point because with scrapligo the Go-minded netengs can now automate their networks with a solid and performant library.

One of the things that scrapligo packs is, of course, the ability to reliably talk to the network devices using the same command line interface as a human would normally do. That means that scrapligo would send and receive the pieces of data that an operator would send/receive if they were connected with a terminal over SSH.

Containerlab - your network-centric labs with a Docker UX#

With the growing number of containerized Network Operating Systems (NOS) grows the demand to easily run them in the user-defined, versatile lab topologies. Unfortunately, container runtimes alone and tools like docker-compose are not a particularly good fit for that purpose, as they do not allow a user to easily create p2p connections between the containers.

Containerlab provides a framework for orchestrating networking labs with containers. It starts the containers, builds a virtual wiring between them to create a topology of users choice and then manages a lab lifecycle.

Containerlab focuses on containerized Network Operating Systems such as:

In addition to native containerized NOSes, containerlab can launch traditional virtual-machine based routers using vrnetlab integration:

  • Nokia virtual SR OS (vSim/VSR)
  • Juniper vMX
  • Cisco IOS XRv
  • Arista vEOS

And, of course, containerlab is perfectly capable of wiring up arbitrary linux containers which can host your network applications, virtual functions or simply be a test client. With all that, containerlab provides a single IaaC interface to manage labs which can span contain all the needed variants of nodes:

Building and publishing deb/rpm packages with goreleaser and gemfury#

I am a huge fan of a goreleaser tool that enables users to build Go projects and package/publish build artifacts in a fully automated and highly customizable way. We've have been using goreleaser with all our recent projects and we couldn't be any happier since then.

But once the artifacts are built and published, the next important step is to make them easily installable. Especially if you provide deb/rpm packages which are built with NFPM integration.

The "challenge" with deb/rpm packages comes to light when project owners want to add those packages to Apt/Yum repositories. Goreleaser doesn't provide any integrations with 3rd party repositories nor there are Apt/Yum repositories which are free and provide an API to upload artifacts. Or are there?

Transparently redirecting packets/frames between interfaces#

Lately I have been consumed by an idea of running container-based labs that span containerized NOSes, classical VM-based routers and regular containers with a single and uniform UX.

Luckily the foundation was already there. With plajjan/vrnetlab you get a toolchain that cleverly packages qemu-based VMs inside the container packaging, and with networkop/docker-topo you can run, deploy and wire containers in meshed topologies.

One particular thing though we needed to address, and it was the way we interconnect containers which host vrnetlab-created routers inside.

Vrnetlab uses its own "overlay datapath" to wire up containers by means of an additional "vr-xcon" container that stitches the exposed sockets. Although this approach allows to re-wire containers in different topologies after the start, this was not something that we could use if we wanted use non-vrnetlab containers in our topology. Ideally I wanted to emulate p2p links between the routers (running inside containers) by veth pairs stretched between them, pretty much like docker does when it launches containers. And that is also the way docker-topo works.

How to patch Ubuntu 20.04 Focal Fossa with UKSM?#

Running multiple VMs out of the same disk image is something we, network engineers, do quite often. A virtualized network usually consists of a few identical virtualized network elements that we interconnected with links making a topology.

topo

In the example above we have 7 virtualized routers in total, although we used only two VM images to create this topology (virtualized Nokia router and it's Juniper vMX counterpart). Each of this VMs require some memory to run, for the simplicity, lets say each VM requires 5GB of RAM.

So roughly, the above topology will claim 30-35GB of RAM in order to operate. Enriching the topology by adding more VMs of the same type will continue to push for more memory, thus running big topologies often becomes an exercise of hunting for RAM.

Luckily, there are technologies like Kernel Same Merging (KSM) and it's enhanced version Ultra-KSM (UKSM) that are able to lift the memory requirement for use cases like above. In a nutshell, they allow to merge mem pages of the same content, effectively reusing the same memory pages between virtual machines.