Tag Archives: SDN

Juniper vMX Update about QoS, Application Packages and Bandwidth Licenses

This was presented on Q115 Education and Certification webcast from Juniper, bringing it to my Lab for 90 days with all features is awesome!

vmx_features

vmx_qos

vmx_licenses

vmx_bandwidth_sku   vmx_products

References:

Juniper vMX

Juniper Networks Redefines Networking Industry With First Carrier-Grade Virtual Router

Juniper Networks doubles down on virtualization

Q115 Education and Certification webcast

Finally vMX on x86 from Juniper for the masses

We were waiting for this for a long time, and Juniper gave us a big surprise. After so many years developing and improving the MX box finally was born the vMX. This will be a amazing for Service Providers where sometimes to deploy a new box is a nightmare regarding delivery/deploy time. vMX will be available on 1Q2015

No shame to be a Virtual Route Reflector!

Architecture

The vMX scales to a minimum of 160 Gbps of unidirectional forwarding capacity that can be distributed among multiple customer and service instances.
The vMX consists of the following:

  • Virtual Control Plane (VCP), which is Junos OS hosted on a virtual machine (VM).
  • The Virtual Forwarding Plane (VCP) runs the packet forwarding engine, which is the    programmable Junos Trio microcode optimized and compiled for x86 environments.
    Juniper also leveraged Intel toolkits, including DPDK and Single Root IO Virtualization (SR-IOV), to further enhance forwarding performance.vmx_architecture

 

Specs

System Capacity 160 Gbps
Switch Fabric Capacity per slot N/A
DPCs and/or MPCs per chassis N/A
Chassis per rack N/A
Dimensions (W x H x D) N/A
Maximum Weight N/A
Mounting N/A

Features

  • Carrier-grade routing implementation optimized for the x86 environment.
  • Rapid service enablement by leveraging virtualization technology.
  • Leverages current and future Junos OS and Junos Trio R&D efforts.
  • Pay-as-you-grow licensing model for granular network scale-out.
  • Consistency with physical MX Series portfolio simplifies operations.
  • Enables new service introductions without reconfiguring current routing infrastructure.

References:

Juniper vMX

Juniper Networks Redefines Networking Industry With First Carrier-Grade Virtual Router

The New ‘Virtual’ Reality

Juniper Networks doubles down on virtualization

The Revolution is Here – Are You In? Because every Cloud needs an engine

SDN and Python in Coursera coming soon

Time to learn different things, this time i will learn SDN concepts and re-learn how to programming but in Python… Yes, i did a lot of programming while i was taking my degree at University using Java,C,C++, PHP and other technologies.

I heard really good things from my friends who took courses on Coursera, so i decided to try it.

coursera_courses_in_2015

Software Defined Networking by Georgia Institute of Technology

About the Course

This course introduces software defined networking, an emerging paradigm in computer networking that allows a logically centralized software program to control the behavior of an entire network.

Separating a network’s control logic from the underlying physical routers and switches that forward traffic allows network operators to write high-level control programs that specify the behavior of an entire network, in contrast to conventional networks, whereby network operators must codify functionality in terms of low-level device configuration.

Logically centralized network control makes it possible for operators to specify more complex tasks that involve integrating many disjoint network functions (e.g., security, resource control, prioritization) into a single control framework, allowing network operators to create more sophisticated policies, and making network configurations easier to configure, manage, troubleshoot, and debug.

 Course Syllabus

This course will cover 8 modules (one per week).

Module 1: History and evolution of SDN

Module 2: Control and data plane separation

Module 3: Control Plane

Module 4: Network Virtualization

Module 5: Data Plane

Module 6: Programming SDNs

Modules 7: Verification and Debugging

Module 8: Use Cases and Looking Forward

Recommended Background

Students should have taken at least an undergraduate-level networking course and have programming experience in Python. Experience with virtual machines and other virtual networking environments may also be useful.

Suggested Readings

There are some useful videos available online; these might be a good starting point for many people:

You may find the additional reading useful for introductory material:

Course Format

The course will consist of a series of video lectures, each about 10 minutes in length.

Assignments for the course are lab-based programming assignments, many of which build off of the Mininet software developed at Stanford University, which can run SDNs in emulated environments on networks of virtual machines.

 

Programming for Everybody (Python) by University of Michigan

About the Course

This course is specifically designed to be a first programming course using the popular Python programming language. The pace of the course is designed to lead to mastery of each of the topics in the class. We will use simple data analysis as the programming exercises through the course. Understanding how to process data is valuable for everyone regardless of your career. This course might kindle an interest in more advanced programming courses or courses in web design and development or just provide skills when you are faced with a bunch of data that you need to analyze. You can do the programming assignments for the class using a web browser or using your personal computer. All required software for the course is free.

Course Syllabus

Week One: Introduction – Why we program?
Week Two: Variables and Expressions
Week Three: Conditional code
Week Four: Functions
Week Five: Loops and Iteration
Week Six: Strings
Week Seven: Files
Week Eight: Lists
Week Nine: Dictionaries
Week Ten: Tuples
Optional Topic: Regular Expressions

Recommended Background

There are no pre-requisites for this course. We avoid any advanced mathematics. You can do the entire class using a web browser. If you are going to do the programming exercises on your own computer (optional), you should know how to download and install software and be able to make folders and organize files on your computer. We will have detailed instructional videos for both Windows and Macintosh computers for all software installation and file management tasks for those who want to do software development on their computers. All required software for this class is free.

Suggested Readings

The textbook is titled Python for Informatics: Exploring Information.  The book is free to download in all major electronic formats including: PDF, EPUB, MOBI, HTML, and Apple’s iBooks.  The free iBooks version of the book contains enhanced video materials and exercises built into the book.  You can purchase a printed copy of the book from Amazon for $8.99.   It is not necessary to purchase the printed book.   All of the book materials are available under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

Notas Estudo BCVRE 170-010 parte 4

Chapter 9 Logging

Logging Basics

As Log messages são guardadas /var/log/messages, quando o ficheiro atinge 500kb
renomeia-o para messages.0 e abre um novo ficheiro.

O vRouter mantém os logs separados para bootup messages, PPP connection setup, IPsec connection setup, e outras features

[email protected]:~$ show log | match ERROR | more
May 16 13:30:50 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#995: sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument
May 16 13:31:20 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#995: sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument
May 18 00:10:55 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#1043:sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument

show log all
!Mostra as ultimas 10 entradas
show log tail

Feature-Specific Logging

Actvar o debugging

[email protected]:~$ monitor protocol ospf enable ?
Possible completions:
database-timer
Enable OSPF database-timer debugging
events        Enable OSPF event packet debugging
ifsm          Enable OSPF ifsm debugging
lsa           Enable OSPF lsa debugging
nfsm          Enable OSPF nfsm debugging
nsm           Enable OSPF nsm debugging
packet        Enable OSPF packet debugging
route         Enable OSPF route debugging

[email protected]:~$ monitor protocol ospf enable events ?
Possible completions:
<Enter>       Execute the current command
abr           Enable OSPF abr event debugging
asbr          Enable OSPF asbr event debugging
lsa           Enable OSPF lsa event debugging
nssa          Enable OSPF nssa event debugging
os            Enable OSPF os event debugging
router        Enable OSPF router event debugging
vlink         Enable OSPF vlink event debugging

Para realizar logs de tráfego em transito (NAT,Firewall,etc) é preciso activar o log nas respectivas rules

[email protected]# set nat source rule 10 log enable

As entradas sao guardadas em /var/log/messages

Monitor Real-Time

Monitorizar em real-time

monitor protocol ospf
monitor nat source

Crtl-C para sair da captura

Sample Log Output

OSPF Hello packets:

[email protected]:~$ monitor protocol ospf enable packet hello
[email protected]:~$ monitor protocol ospf
Apr  5 20:30:51 vRouter ospfd[1949]: Hello received from [172.24.42.53] v
[eth2:192.168.13.1]
Apr  5 20:30:51 vRouter ospfd[1949]:  src [192.168.13.3],
Apr  5 20:30:51 vRouter ospfd[1949]:  dst [224.0.0.5]
Apr  5 20:30:51 vRouter ospfd[1949]: Packet 172.24.42.53 [Hello:RECV]:
Options *|-|-|-|-|-|E|*
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth1:192.168.12.1
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth2:192.168.13.1
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth1:192.168.12.1].
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth3:192.168.101.1
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth2:192.168.13.1].
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth3:192.168.101.1].

NAT packets:

[email protected]# set nat source rule 30 log enable

[email protected]# run show log nat
Apr  5 18:17:01 vRouter kernel: [595980.330716] [NAT-SRC-30-MASQ] IN=
OUT=pppoe1
SRC=192.168.2.104 DST=173.12.167.194 LEN=56 TOS=0x00 PREC=0x00 TTL=62
ID=52504 PROTO=UDP SPT=7172 DPT=64544 LEN=36
Apr  5 18:17:01 vRouter kernel: [595980.341042] [NAT-SRC-30-MASQ] IN=
OUT=pppoe1
SRC=192.168.2.104 DST=173.12.167.194 LEN=56 TOS=0x00 PREC=0x00 TTL=62
ID=16918 PROTO=UDP SPT=7172 DPT=64545 LEN=36
Output omitted

Chapter 10 OSPF Single-Area

Configuring OSPF

[email protected]# show protocols ospf
area 0 {
network 10.1.1.0/24
network 10.10.1.0/24
network 10.10.2.0/24
}

[email protected]# show protocols
ospf {
area 0 {
network 10.0.0.0/8
}
default-information {
originate {
}
}
passive-interface eth1
passive-interface eth2
}

Verifying OSPF Operations

[email protected]:~$ show ip route
Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter
area
> – selected route, * – FIB route, p – stale info
Gateway of last resort is not set
O       10.1.1.0/24 [110/1] is directly connected, eth1, 00:02:57
C    *> 10.1.1.0/24 is directly connected, eth1
O    *> 10.2.1.0/24 [110/2] via 10.10.1.2, eth2, 00:01:30
O    *> 10.2.2.0/24 [110/2] via 10.10.1.2, eth2, 00:01:30
O    *> 10.3.1.0/24 [110/2] via 10.10.2.2, eth3, 00:00:41
O    *> 10.3.2.0/24 [110/2] via 10.10.2.2, eth3, 00:00:41
O       10.10.1.0/24 [110/1] is directly connected, eth2, 00:02:57
Output omitted

[email protected]:~$ show ip ospf neighbors
OSPF Process 0:
Neighbor ID     Pri State           Dead Time Address         Interface
172.24.42.52      1 Full/DR           31.721s 10.10.1.2       eth1
172.24.42.53      1 Full/DR           35.533s 10.10.2.2       eth2

[email protected]:~$ show ip ospf database
OSPF Router with ID (172.24.42.51) (Process ID 0)
Router Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#       CkSum  Link count
172.24.42.51    172.24.42.51     869 0x80000005 0x1d44 3
172.24.42.52    172.24.42.52     884 0x80000005 0x84f7 3
172.24.42.53    172.24.42.53     836 0x80000005 0xe555 4
Net Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#       CkSum
10.10.1.1       172.24.42.51     918 0x80000001 0x04a5
10.10.2.1       172.24.42.51     869 0x80000001 0x07a0
AS External Link States
Link ID         ADV Router      Age  Seq#       CkSum  Route              Tag
0.0.0.0         192.168.200.1     10 0x80000002 0xa3f1 E2 0.0.0.0/0       254

[email protected]:~$ show ip ospf database router 172.24.42.51
OSPF Router with ID (192.168.200.1) (Process ID 0)
Router Link States (Area 0.0.0.0)
LS age: 1587
Options: 0x2 (-|-|-|-|-|-|E|-)
Flags: 0x0
LS Type: router-LSA
Link State ID: 192.168.200.1
Advertising Router: 192.168.200.1
LS Seq Number: 80000005
Checksum: 0x1d44
Length: 60
Number of Links: 3
Link connected to: Stub Network
(Link ID) Network/subnet number: 10.1.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.10.1.1
(Link Data) Router Interface address: 10.10.1.1
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.10.2.1
(Link Data) Router Interface address: 10.10.2.1
Number of TOS metrics: 0
TOS 0 Metric: 1

Referências:

Notas Estudo BCVRE 170-010 parte 1

Notas Estudo BCVRE 170-010 parte 2

Notas Estudo BCVRE 170-010 parte 3

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information

Notas Estudo BCVRE 170-010 parte 3

Chapter 7 NAT

3 tipos de NAT:
Source NAT
Destination NAT
Bidirectional NAT – combina a source e destination NAT para translation em ambas as direções

NAT Rulebases

O NAT usa rulebases diferentes para cada tipo de NAT, as rulebases são ordenadas numericamente e quando e feito um match o vRouter termina a execução da respectiva rulebase sem analisar outras rulebases.

Cada rulebase inclui 3 parâmetros:

Filtros, identificando o tráfego a ser Nated. Caso não seja definido nenhum filtro, todo e qualquer tráfego faz match.
Post-translation address, define o IP a ser substituído quando e feito o NAT. A opção masquerade usa o address da interface outbound
A interface onde a rule e aplicada e a direção.Deve ser especificada uma interface.

Caso seja especificado um port number no filtro ou post-translation address, deve ser especificado o Layer 4 protocol (TCP,UDP,ambos)

!NAT do tráfego com origem no source address usando o endereço da interface
[email protected]# show nat source
rule 10 {
source {
address 192.168.0.0/16
}
outbound-interface eth1
translation {
address masquerade
}
}

!Fazer o translate de vários port numbers de um IP Publico para um IP privado
[email protected]# show nat destination
rule 10 {
destination {
address 1.3.5.7
port 80
}
inbound-interface eth1
translation {
address 10.2.3.4
}
protocol tcp
}
rule 20 {
destination {
address 1.3.5.7
port 25
}
inbound-interface eth1
translation {
address 10.5.6.7
}
protocol tcp
}
rule 30 {
destination {
address 1.3.5.7
port 53
}
inbound-interface eth1
translation {
address 10.8.9.1
}
protocol udp
}

[email protected]:~$ show nat source rule
Disabled rules are not shown
Codes: X – exclude rule, M – masquerade rule
rule    intf              translation
—-    —-              ———–
M10     eth1             saddr 192.168.100.0/24 to 216.134.166.19
proto-all        sport ANY

[email protected]:~$ show nat destination rules
Disabled rules are not shown
Codes: X – exclude rule
rule    intf              translation
—-    —-              ———–
10      eth1             daddr 1.3.5.7 to 10.2.3.4
proto-tcp        dport 80
20      eth1             daddr 1.3.5.7 to 10.5.6.7
proto-tcp        dport 25
30      eth1             daddr 1.3.5.7 to 10.8.9.1
proto-udp        dport 53

[email protected]:~$ show nat source statistics
rule   pkts    bytes   interface
—-   —-    —–   ———10     528     38349   eth1
20     0       0       eth1
30     1359K   96M     eth1

!Ver as NAT translations activas
[email protected]:~$ show nat source trans
Pre-NAT              Post-NAT             Prot  Timeout
192.168.2.102        216.134.166.19       tcp   47
192.168.2.104        216.134.166.19       udp   0
192.168.2.102        216.134.166.19       udp   49
192.168.2.104        216.134.166.19       tcp   431740
192.168.2.104        216.134.166.19       tcp   431522
192.168.2.102        216.134.166.19       udp   179
192.168.2.104        216.134.166.19       tcp   431739
192.168.2.104        216.134.166.19       tcp   431988
192.168.2.104        216.134.166.19       tcp   431928
192.168.2.104        216.134.166.19       tcp   431810
192.168.2.106        216.134.166.19       tcp   326344
192.168.2.102        216.134.166.19       udp   28
192.168.2.102        216.134.166.19       udp   54
192.168.2.102        216.134.166.19       udp   179
192.168.2.104        216.134.166.19       udp   6
192.168.2.102        216.134.166.19       tcp   431848

Exclusion Filters

Permite excluir que sejam efetuados determinados NATs, por exemplo quando existem túneis VPN

Estes filters podem ser criados usando um ! ou “bang” como NOT Operator

[email protected]# show nat destination
rule 10 {
destination {
address 10.10.10.0/24
}
exclude
outbound-interface eth0
}
rule 40 {
outbound-interface eth0
translation {
address masquerade
}
}

Chapter 8 Licensing and Upgrades

Nota:Apartir de 1 Novembro 2013 o entitlement e processo de upgrade descrito neste documento já não se encontra disponível

Para registar o softawre e necessario configurar os seguintes parametros:
• Repository username
• Repository password
• Entitlement key

!Verificar se o vRouter foi registado com o Vyatta entitlement server
show entitlement

Upgrading the vRouter

Para efetuar upgrade usar o comando upgrade system image, este automaticamente
ira efectuar download da nova versão. É necessário ter pre-configurado os username/password de acesso ao repositório, senão serão solicitados os dados durante o upgrade

A imagem do vRouter tem 2 componentes: o próprio software vRouter e os respectivos controladores do Linux (drivers,system,..)
Caso o system template tenha sofrido alterações, e necessário efetuar um upgrade manual senão o processo de upgrade continua normalmente.

O processo manual e similar ao criar uma nova VM com alguns passos adicionais:

1. Download the new template just as you did for your initial installation.
2. Copy the configuration file from your existing virtual machine. You can use SCP or FTP to copy it to an
external server, or use simple copy-paste from a console window.
3. Edit the configuration file to remove the hardware-specific settings. We’ll show you the details of what to
remove on the next screen.
4. Install a new virtual machine using the new template.
5. When your new VM has booted up, copy your edited configuration file to /config/config.boot on the new
system. This is the default configuration file for the vRouter device.
6. Reboot your new VM. When it boots, it will read the hardware values from the hypervisor software, and
pull the rest of the configuration data from the configuration file you just copied over.
7. Once your new VM is fully operational, you can cut over operations from the old VM. This cut over
represents the only downtime your network will experience during the upgrade process, and should be
almost non-disruptive depending on your hypervisor software.
You can verify the success of your device upgrade with the commands  show version and show system image

Referências:

Notas Estudo BCVRE 170-010 parte 1

Notas Estudo BCVRE 170-010 parte 2

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information