What network engineers can learn from web developers when thinking SDN.

What network engineers can learn from web developers when thinking SDN. NETNOD Meeting October 2015 Thomas Mangin Director at various shops ( Exa Networks, IXLeeds, LINX ) Also Developer, Network Engineer, Peering Advocate, Jitsuka,

Unofficial Table of Contents 1. Presenting my very biased view 2. 3. Profit 4. Q&A on profit claims 5. Beer?

Table of Contents 1. Look at web vs net roles 2. Look at the free tools available 3. Present a way to automate network change 4. Q&A 5. Beer with more Q&A if you wish! This is NOT an SDN presentation.. Well, kind of.

What is needed Dev / Ops / Sysadmin Network Engineer To update the application easily To monitor the application To detect / prevent attacks To announce routes easily To monitor the network To detect / block DDOS Objective Provide High Availability Objective Provide High Availability

10 years ago: Dev/Admin - Network Engineer Scope: the application/server Little configuration Great deal of programming Did not have to understand networking Scope: the network Great deal of configuration Little programming Did not have to understand programming Nothing much to share or learn from each others

More recently: DevOPS - NetOPS Looking after the full stack servers and applications, but a few switches / routers Little of configuration Great deal of programming Looking after the network Mostly networking gear, but a few servers and applications Great deal of configuration Little programming Who is in charge of the TOR switch?

Hardware / Software Stack An open source OS ( Linux, *BSD) On commodity hardware Client Server HTTP/1.1, SPEEDY, HTML5, JSON Centralised One database (replicated / sharded) Well Automated Servers are auto-provisioned Supposed to be identical Plenty of Open-Source options Stack A buggy proprietary OS on an RE All using similar ASIC Peer-to-Peer BGP, IS-IS, OSPF Decentralised Fault tolerant design Rarely Automated Routers still manually configured Supposed to be identical Plenty of commercial solutions

The DevOPS is well looked after Plenty of tools Easy update / change / rollback ( ansible, chef, puppet ) Performance visibility ( statsd, graphana, ) Fault detection ( sensu, riemann, sentry ) Many cloud services ( pager duty, new relic, datadog, opsview,...) Many are big open source users And contributors Distributed database, Orchestration,

Is the Network Engineer so lucky? More Automation / Centralisation Router configuration generation Mostly for/by the big guys Every vendor/network has its proprietary solution which does not integrate with another YANG seems to be the industry answer to this Still some good tools exists vhttp://www.gns3.com Just not as many or please tell me about it during the Q&A

The DevOps stack web server application database Also known as LAMP stack FreeBSD, NGINX, PostGreSQL, Python.. Nowdays also needs Javascript and JSON and Every kid owning a raspberrypi knows how to write a web app beginner@home> cd ~/website; python -m SimpleHTTPServer Serving HTTP on 0.0.0.0 port 8000 Every network engineer should be able to benefit from SDN

The Network Engineer stack BGP seems to HTTP of networking Simple, easy to understand, TCP based network protocol vhttps://github.com/exa-networks/exabgp/wiki/other-oss-bgpimplementations Could be OpenFlowone day (Ab)used by service providers since forever PERL based scripts, first RTBH Microsoft BGP as IGP in datacenter The SDN way I will speak of today, but not from far the only one

In the meanwhile Linux on generic ASIC Cumulus Linux on EdgeCore/Quanta/DELL Mostly on Trident + / Trident 2 chipsets NetDevOps ( a mouthful ) vhttp://www.slideshare.net/lesliecarr2/what-is-netdevops-how-leslie-carr-puppetconf-2015 Userland fast performance TCP stack vhttps://github.com/luigirizzo/netmap vhttps://github.com/snabbco/snabbswitch/ On newer Intel chipset Filtering the DFZ to fit in TCAM vhttp://www.slideshare.net/proidea_conferences/plnog-14-warsaw using PMACCT

BGP stack BGP application database ExaBGP was created for this use Now quite widely used International backbones Large websites How to use ExaBGP is left as an exercise to the reader But I am available should you have any questions You can email or jabber me at firstname @ surname dot com What network engineers can learn from web developers when thinking SDN NetNOD Oct 2015

Monitoring, using BGP https://github.com/dpiekacz/gixlg Written by a Daniel Piekacz (874 LOC)

Monitoring, using BGP https://labs.ripe.net/members/colin_petrie/updates-to-the-ripe-nccrouting-information-service Article by Colin Petrie RIPE experimental real-time RIS

Preventing DDOS, using BGP https://github.com/fastvpseestiou/fastnetmon Written by Pavel Odintsov Flow collector ( SFLOW, NETFLOW, IPFIX ) Detect abnormal flows Inject IPv4/IPv6/FlowSpec using ExaBGP Other sources vhttps://www.nanog.org/sites/default/files/tuesday_general_ddos_ryburn_63.16.pdf vhttps://www.nanog.org/sites/default/files/tuesday_lt_kristoff_utrs.pdf vhttp://perso.nautile.fr/prez/fgabut-flowspec-frnog-final.pdf

High Availability, using BGP http://vincent.bernat.im/en/blog/2013-exabgp-highavailability.html Written by Vincent Bernat (534 LOC) Host HA services Announce service IP (/32) only when the service is up and running MED can be used for active / passive Or AnyCastyour DNS / NTP / HTTP service vhttp://thomas.mangin.com/data/pdf/sysadmin 4 - Mangin - BGP for sysadmin.pdf Similar solution vhttps://github.com/pyke369/exabgp-helpers

High Availability, using BGP http://bits.shutterstock.com/2014/05/22/stop-buying-loadbalancers-and-start-controlling-your-traffic-flow-with-software/ Article by Allan Feid Replacing load balancer with routers Flow based balancing, controlled with BGP

Other possible usage, using BGP Intelligent network programming Has been done with ExaBGP (NDA, no open source solution ATM) Similar commercial offering vhttp://www.noction.com vhttp://www.border6.com vhttp://www.internap.com/network-services/ip-services/mirocontroller/

MAD ideas, using ExaBGP Resilient Route Server My mad idea

ExaBGP https://github.com/exa-networks/exabgp SDN using BGP (and a little programming) Control based idea taken from SQUID Can be controlled using any language from bash to C++ Previous presentations on ExaBGP vhttp://thomas.mangin.com/data/pdf/ What network engineers can learn from web developers when thinking SDN NetNOD Oct 2015

Questions To help you raise your eyes from the laptop Who here already use ExaBGP What for? Where is my beer for my hard work? What other solutions exist for the Network Engineer If it is not ExaBGP based, you are doing it wrong.. :p Thank you. What network engineers can learn from web developers when thinking SDN NetNOD Oct 2015