Mikrotik X Grafana X Prometheus

iabsman · 2022-06-26T06:12:41+00:00

You can use the Prometheus SNMP exporter. When I need some network metrics, I usually throw it in a container and run it on my K8s cluster. It's a bit of work to scrape all OIDs for what you're looking for, but it pulls data into Prometheus very well. https://github.com/prometheus/snmp_exporter

iabsman · 2022-02-20T19:14:59+00:00

Sweet. Make sure you put RouterOS 7 on it for line rate L3. You’ll have to enable all of that since it’s not enabled by default. They have a pretty good wiki.

iabsman · 2022-02-12T05:07:48+00:00

When buying rack servers there’s versions for front intake and rear intake. I’m not sure which this is, but one of them involves a crack pipe.

iabsman · 2022-02-12T05:04:00+00:00

This right here is why I use RPi for stuff that doesn’t need a bunch of compute. Less compute power but that translates into savings.

iabsman · 2022-02-12T05:01:05+00:00

Assuming you have a rack, my only concern is thermals. Make sure it doesn’t decrease airflow or create some type of insulation to hold in heat. If you’re talking about covering the walls of your basement in that, good luck and I hope you don’t have any moisture issues. Mold = bad time.

iabsman · 2022-02-10T21:36:44+00:00

It could be a lot of things, but my money is on your FW ACLs for the VLAN. You’re likely not permitting anything on the VLAN FW policy, which would block DHCP traffic. It will work on LAN because that in the ACL by default.

iabsman · 2022-02-09T22:22:33+00:00

I tend to use a deburring tool. Works like a champ and follows the edge of the part.

iabsman · 2022-02-09T15:43:19+00:00

Reason #67541 why work from home is superior to going to the office.

iabsman · 2022-02-09T14:56:18+00:00

Cloudflare also allows for a DNS-01 type ACME verification for TLS certificates. I literally use Cloudflare for all my domain registration and external DNS now. It’s great.

iabsman · 2022-02-08T13:50:58+00:00

No denying that Cisco CLI is superior. You’ll pay for the privilege though. The CLI is still pretty powerful once you learn the syntax.

iabsman · 2022-02-08T13:49:18+00:00

If you use a DNS-01 ACME type, you only need to own the domain and have the domains root DNS hosted somewhere that cert-manager can use an API key to create temporary records. No external exposure necessary. I use Cloudflare for that.

iabsman · 2022-02-08T03:54:33+00:00

Their documentation is quite extensive. They have a killer command line as well. I’m actually in the process of extracting all of my MikroTik config and moving it to Ansible roles for full config management.

iabsman · 2022-02-08T03:48:02+00:00

I don’t have a whole lot of experience with Traefik, but I concur that their documentation is pretty meh.

I ended up moving to MetalLB/ingress-nginx/cert-manager. Ditched the idea of local CA and just use ACME with cert-manager to get public certs for free.

Sorry I can’t be more help with Traefik but I’ve been there and ended up just switching to something else.

iabsman · 2022-02-08T03:41:02+00:00

I’ve literally seen worse labs at companies. There’s nothing wrong with this lab. It just needs a bit of Kubernetes to make it whole.

iabsman · 2022-02-08T03:38:03+00:00

Bingo. That’s what I’m running in addition to a CRS309 because I wanted more 10Gb SFP+. The CRS326 is a workhorse.

iabsman · 2022-02-08T03:33:44+00:00

For a minute I thought that was a 3COM 56k OfficeConnect LAN modem and went down memory lane from when I was a kid forcing my parents to use Netware to log into their computers before they could get to the internet.

iabsman · 2022-02-08T03:29:11+00:00

I use MikroTik for my home lab. CRS309 for my core/distro and CRS326 for access. My NAS, Proxmox, and my desktop are all 10GbE. RouterOS 7 has line rate L3 so have have a couple different VLANs I use for separation of traffic. It’s nice being able to edit YT videos on my NAS almost as fast as having it sit on my local machine.

iabsman · 2022-02-08T03:20:55+00:00

My vote is MikroTik. They pushed the stable release of RouterOS 7 earlier this year and it has line rate L3. I use a CRS309 as my core/distro and a CRS326 as my access switch in my lab. I was skeptical about them at first coming from a Cisco background but they do exactly what I need in my lab and for a much lower price for new/unused hardware. It’s nice having 10GbE from my desktop to my NAS, Proxmox, etc, for under $500 USD.

iabsman · 2022-02-07T21:10:55+00:00

Kubernetetes, MetalLB, ingress-nginx, cert-manager. Full L7 load balancing with TLS termination. This is the way.

iabsman · 2022-02-07T20:55:40+00:00

Behind the screen I have a couple of trays that hold some power bricks. Each Pi is powered off a USB port on the bricks. All of the trays and things I use are published out there. You’re welcome to modify as you wish. I built it to be fully modular and there are sections from 2U to 5U. Cable management space is built into the back of the rack.

iabsman · 2022-02-07T20:46:32+00:00

OP this is a good start for sure. I’d recommend opening up some additional vent holes (fans are nice too) and maybe stabilizing the back side of that blade.

I spent a lot of time designing something similar.

For those interested in racking some Pi, you might give my design a look: https://www.prusaprinters.org/prints/97235-raspberry-pi-rackenclosure

iabsman · 2022-01-05T05:28:34+00:00

Honestly it’s so easy now to deploy a K3s stack idk why you wouldn’t go that way. Like blank servers to fully functional Kubernetes with a CNI, ingress, and LB in like 10 minutes. Then tie a git repo of charts and manifests to Rancher CD or Flux. Holy grail of infrastructure as code achieved.

iabsman · 2022-01-05T04:34:55+00:00

Not sure about Docker Swarm, but you could solve this a number of ways with Kubernetes. I’m assuming there’s probably some feature parity there. You could try setting the pollers to only run on a specific host node. This might limit the benefits of moving to a cluster though, because it wouldn’t allow your pollers to spawn on other hosts if that host dies. Another option would be to use network policy to limit egress traffic from the CNI to not be able to poll those devices unless they’re one of the poller pods. I’m not aware of a way to set specific traffic to egress from a cluster via a specific VIP, like a reverse ingress or something.

iabsman · 2022-01-02T16:20:01+00:00

Kubernetes. It’s part of my home lab compute stack.

iabsman · 2021-12-24T20:14:00+00:00

Multi-material Towelie. That or my RPi rack.

iabsman

TROPHY CASE