What network engineers can learn from web developers when thinking SDN.

(1)

What network engineers can learn from web developers when thinking SDN | NetNOD Oct 2015

What network engineers can learn from

web developers when thinking SDN.

NETNOD Meeting October 2015

Thomas Mangin

Director at various shops ( Exa Networks, IXLeeds, LINX )

Also Developer, Network Engineer, Peering Advocate, Jitsuka, …

(2)

Unofficial Table of Contents

1. Presenting my very biased view

2. …

3. Profit

4. Q&A on profit claims

5. Beer ?

(3)

1. Look at “web” vs “net” roles

2. Look at the free “tools” available

3. Present a way to automate network change

4. Q&A

5. Beer – with more Q&A if you wish !

This is NOT an SDN presentation .. Well, kind of.

(4)

What is needed

Dev / Ops / Sysadmin

• To update the application easily

• To monitor the application

• To detect / prevent attacks

• Objective

• _{Provide High Availability}

Network Engineer

• To announce routes easily

• To monitor the network

• To detect / block DDOS

• Objective

• _{Provide High Availability}

(5)

10 years ago: Dev/Admin - Network Engineer

• Scope: “the application/server”

• Little configuration

• _{Great deal of programming}

• Did not have to understand

networking

• Scope: “the network”

• Great deal of configuration

• _{Little programming}

• Did not have to understand

programming

Nothing much to share or learn from each others

(6)

More recently: DevOPS - NetOPS

• Looking after the “full stack”

• servers and applications, but a few

switches / routers

• _{Little of configuration}

• Great deal of programming

• Looking after the “network”

• Mostly networking gear, but a few

servers and applications

• _{Great deal of configuration}

• Little programming

Who is in charge of the TOR switch ?

(7)

Hardware / Software

• “Stack”

• An open source OS ( Linux, *BSD)

• On commodity hardware

• Client – Server

• HTTP/1.1, SPEEDY, HTML5, JSON

• Centralised

• One database (replicated / sharded)

• Well Automated

• Servers are auto-provisioned

• Supposed to be identical

• Plenty of Open-Source options

• “Stack”

• A buggy proprietary OS on an RE

• All using similar ASIC

• Peer-to-Peer

• BGP, IS-IS, OSPF

• Decentralised

• Fault tolerant design

• Rarely Automated

• Routers still manually configured

• Supposed to be identical

• Plenty of commercial solutions

(8)

The DevOPS is well looked after

• Plenty of tools

• _{Easy update / change / rollback ( ansible, chef, puppet )}

• Performance visibility ( statsd, graphana, …)

• _{Fault detection ( sensu, riemann, sentry )}

• Many “cloud” services ( pager duty, new relic, datadog, opsview, ...)

• Many are big open source users

• And contributors

• _{Distributed database, Orchestration, …}

(9)

Is the Network Engineer so lucky ?

• More Automation / Centralisation

• Router configuration generation

• Mostly for/by the “big guys”

• Every vendor/network has its proprietary solution

• which does not integrate with another

• YANG seems to be the industry answer to this

• Still some good tools exists

v

http://www.gns3.com

• Just not as many … or please tell me about it during the Q&A

(10)

The DevOps stack

• _{web server – application – database}

• Also known as LAMP stack

• FreeBSD, NGINX, PostGreSQL, Python ..

• Nowdays also needs Javascript and JSON and …

• Every kid owning a raspberrypi knows how to write a “web app”

beginner@home> cd ~/website; python -m SimpleHTTPServer

Serving HTTP on 0.0.0.0 port 8000 …

(11)

The Network Engineer stack

• “BGP” seems to HTTP of networking

• _{“Simple”, “easy to understand”, “TCP based” network protocol}

v

https://github.com/Exa-Networks/exabgp/wiki/Other-OSS-BGP-implementations

• Could be OpenFlowone day

• (Ab)used by service providers since forever

• PERL based “scripts”, first RTBH

• Microsoft BGP as IGP in datacenter

• The “SDN way” I will speak of today, but not from far the only one

(12)

In the meanwhile

• _{Linux on generic ASIC}

• Cumulus® Linux® on EdgeCore/Quanta/DELL

• Mostly on Trident + / Trident 2 chipsets

• “NetDevOps” ( a mouthful )

vhttp://www.slideshare.net/LeslieCarr2/what-is-netdevops-how-leslie-carr-puppetconf-2015

• _{Userland fast performance TCP stack}

v

https://github.com/luigirizzo/netmap

v

https://github.com/SnabbCo/snabbswitch/

• On newer Intel chipset

• _{Filtering the DFZ to fit in TCAM}

v

http://www.slideshare.net/proidea_conferences/plnog-14-warsaw

• using PMACCT

(13)

BGP stack

• _{BGP – application – database}

• ExaBGP was created for this use

• Now quite widely used

• International backbones

• _{Large websites}

• How to use ExaBGP is left as an exercise to the reader

• _{But I am available should you have any questions}

• You can email or jabber me at firstname @ surname dot com

(14)

Monitoring, using BGP

• https://github.com/dpiekacz/gixlg

(15)

Monitoring, using BGP

• https://labs.ripe.net/Members/colin_petrie/updates-to-the-ripe-ncc-routing-information-service

Article by Colin Petrie

• RIPE experimental real-time RIS

(16)

Preventing DDOS, using BGP

• https://github.com/FastVPSEestiOu/fastnetmon

Written by Pavel Odintsov

• Flow collector ( SFLOW, NETFLOW, IPFIX )

• Detect abnormal flows

• Inject IPv4/IPv6/FlowSpec using ExaBGP

• Other sources

v

https://www.nanog.org/sites/default/files/tuesday_general_ddos_ryburn_63.16.pdf

v

https://www.nanog.org/sites/default/files/tuesday_lt_kristoff_utrs.pdf

v

http://perso.nautile.fr/prez/fgabut-flowspec-frnog-final.pdf

(17)

High Availability, using BGP

• http://vincent.bernat.im/en/blog/2013-exabgp-highavailability.html

Written by Vincent Bernat (534 LOC)

• Host HA services

• Announce service IP (/32) only when the service is up and running

• MED can be used for active / passive

• Or AnyCastyour DNS / NTP / HTTP service

v

http://thomas.mangin.com/data/pdf/SYSADMIN 4 - Mangin - BGP for sysadmin.pdf

• High Availability, using BGP

• http://bits.shutterstock.com/2014/05/22/stop-buying-load-balancers-and-start-controlling-your-traffic-flow-with-software/