What network engineers can learn from web developers when thinking SDN.

Transcription

1 What network engineers can learn from web developers when thinking SDN. NETNOD Meeting October 2015 Thomas Mangin Director at various shops ( Exa Networks, IXLeeds, LINX ) Also Developer, Network Engineer, Peering Advocate, Jitsuka,

2 Unofficial Table of Contents 1. Presenting my very biased view Profit 4. Q&A on profit claims 5. Beer?

3 Table of Contents 1. Look at web vs net roles 2. Look at the free tools available 3. Present a way to automate network change 4. Q&A 5. Beer with more Q&A if you wish! This is NOT an SDN presentation.. Well, kind of.

4 What is needed Dev / Ops / Sysadmin Network Engineer To update the application easily To monitor the application To detect / prevent attacks To announce routes easily To monitor the network To detect / block DDOS Objective Provide High Availability Objective Provide High Availability

5 10 years ago: Dev/Admin - Network Engineer Scope: the application/server Little configuration Great deal of programming Did not have to understand networking Scope: the network Great deal of configuration Little programming Did not have to understand programming Nothing much to share or learn from each others

6 More recently: DevOPS - NetOPS Looking after the full stack servers and applications, but a few switches / routers Little of configuration Great deal of programming Looking after the network Mostly networking gear, but a few servers and applications Great deal of configuration Little programming Who is in charge of the TOR switch?

7 Hardware / Software Stack An open source OS ( Linux, *BSD) On commodity hardware Client Server HTTP/1.1, SPEEDY, HTML5, JSON Centralised One database (replicated / sharded) Well Automated Servers are auto-provisioned Supposed to be identical Plenty of Open-Source options Stack A buggy proprietary OS on an RE All using similar ASIC Peer-to-Peer BGP, IS-IS, OSPF Decentralised Fault tolerant design Rarely Automated Routers still manually configured Supposed to be identical Plenty of commercial solutions

8 The DevOPS is well looked after Plenty of tools Easy update / change / rollback ( ansible, chef, puppet ) Performance visibility ( statsd, graphana, ) Fault detection ( sensu, riemann, sentry ) Many cloud services ( pager duty, new relic, datadog, opsview,...) Many are big open source users And contributors Distributed database, Orchestration,

9 Is the Network Engineer so lucky? More Automation / Centralisation Router configuration generation Mostly for/by the big guys Every vendor/network has its proprietary solution which does not integrate with another YANG seems to be the industry answer to this Still some good tools exists vhttp:// Just not as many or please tell me about it during the Q&A

10 The DevOps stack web server application database Also known as LAMP stack FreeBSD, NGINX, PostGreSQL, Python.. Nowdays also needs Javascript and JSON and Every kid owning a raspberrypi knows how to write a web app beginner@home> cd ~/website; python -m SimpleHTTPServer Serving HTTP on port 8000 Every network engineer should be able to benefit from SDN

11 The Network Engineer stack BGP seems to HTTP of networking Simple, easy to understand, TCP based network protocol vhttps://github.com/exa-networks/exabgp/wiki/other-oss-bgpimplementations Could be OpenFlowone day (Ab)used by service providers since forever PERL based scripts, first RTBH Microsoft BGP as IGP in datacenter The SDN way I will speak of today, but not from far the only one

12 In the meanwhile Linux on generic ASIC Cumulus Linux on EdgeCore/Quanta/DELL Mostly on Trident + / Trident 2 chipsets NetDevOps ( a mouthful ) vhttp:// Userland fast performance TCP stack vhttps://github.com/luigirizzo/netmap vhttps://github.com/snabbco/snabbswitch/ On newer Intel chipset Filtering the DFZ to fit in TCAM vhttp:// using PMACCT

13 BGP stack BGP application database ExaBGP was created for this use Now quite widely used International backbones Large websites How to use ExaBGP is left as an exercise to the reader But I am available should you have any questions You can or jabber me at surname dot com What network engineers can learn from web developers when thinking SDN NetNOD Oct 2015

14 Monitoring, using BGP Written by a Daniel Piekacz (874 LOC)

15 Monitoring, using BGP Article by Colin Petrie RIPE experimental real-time RIS

16 Preventing DDOS, using BGP Written by Pavel Odintsov Flow collector ( SFLOW, NETFLOW, IPFIX ) Detect abnormal flows Inject IPv4/IPv6/FlowSpec using ExaBGP Other sources vhttps:// vhttps:// vhttp://perso.nautile.fr/prez/fgabut-flowspec-frnog-final.pdf

17 High Availability, using BGP Written by Vincent Bernat (534 LOC) Host HA services Announce service IP (/32) only when the service is up and running MED can be used for active / passive Or AnyCastyour DNS / NTP / HTTP service vhttp://thomas.mangin.com/data/pdf/sysadmin 4 - Mangin - BGP for sysadmin.pdf Similar solution vhttps://github.com/pyke369/exabgp-helpers

18 High Availability, using BGP Article by Allan Feid Replacing load balancer with routers Flow based balancing, controlled with BGP

19 Other possible usage, using BGP Intelligent network programming Has been done with ExaBGP (NDA, no open source solution ATM) Similar commercial offering vhttp:// vhttp:// vhttp://

20 MAD ideas, using ExaBGP Resilient Route Server My mad idea

21 ExaBGP SDN using BGP (and a little programming) Control based idea taken from SQUID Can be controlled using any language from bash to C++ Previous presentations on ExaBGP vhttp://thomas.mangin.com/data/pdf/ What network engineers can learn from web developers when thinking SDN NetNOD Oct 2015

22 Questions To help you raise your eyes from the laptop Who here already use ExaBGP What for? Where is my beer for my hard work? What other solutions exist for the Network Engineer If it is not ExaBGP based, you are doing it wrong.. :p Thank you. What network engineers can learn from web developers when thinking SDN NetNOD Oct 2015