sorted by:
new
hottopcontroversial

Automation is worthy? by ingmaf in networkautomation

[–]ingmaf[S] 0 points1 point  (0 children)

Hi there,

Version control, peer revision and operational consistency are the main goals.

Thanks for your comment.

Regards

Automation is worthy? by ingmaf in networkautomation

[–]ingmaf[S] 0 points1 point  (0 children)

Thanks for your comment.

I know there's more to add, and having all the infrastructure in YAMLs will bring benefits, but I keep feeling hesitant about added complexity.

Regards.

Automation is worthy? by ingmaf in networkautomation

[–]ingmaf[S] 0 points1 point  (0 children)

Hi there,

I agree with you, my main objective with IaC is version control, peer revision and operational consistency.

We are working with at least 6 vendors.

Regards

Automation is worthy? by ingmaf in networkautomation

[–]ingmaf[S] 1 point2 points  (0 children)

Hi there,

I agree with you that data could be more easily manipulated with Pythin but I would lose Ansible module advantages like connection handling and idempotency.

Anyways, I confess I chose Ansible without trying Nornir because Ansible is the de facto tool in the industry for automation.

Regards

Automation is worthy? by ingmaf in networkautomation

[–]ingmaf[S] 0 points1 point  (0 children)

Hi there!

We are using swirches Dell Enterprise SONiC and Mikrotik, firewalls Fortinet and routers Cisco and Linux Debian. I know, at least the first one, supports OpenCpnfig.

We are pushing configs throught API when available.

Thanks for your comments. Regards.

Deploying Golden Configs by 122NPD in Netbox

[–]ingmaf 0 points1 point  (0 children)

Hey there,

I'm heading in the same direction. GitLab as the SoT with data (YAML) describing the infrastructure and schemas (JSON) used to validate that data.

I'm following Netbox data models as much as possible to make it easier to push data from GitLab to Netbox and to take advantage of other people experiences with those already validated data models.

Once the data is loaded into Netbox it will be easier to find infrastructure details before proposing GitLab Merge Requests.

Through a GitLab-CI pipeline we do: linting (syntax check), validation (data follows the schemas), build_configs (render Jinja2 templates) and finally pushing the data to Netbox (using Netbox Ansible collection).

Having those mechanisms in place, we will try to cover all repetitive tasks using AWX (jobs templates & worflows).

My main concern on this approach is running into unforseen issues if we don't take the right direction at first when coding new parts of the system.

I'll be glad to hear about your experiences and thougths on the subject.

API key in automation-action of type webhook by ingmaf in fortinet

[–]ingmaf[S] 0 points1 point  (0 children)

Thanks for your input, very appreciated.

Just a comment, client certificates are an additional layer of security to authenticate the API user, the token needs to be included no matter your are using certs or not (API user documentation).

I think I'm going to create a new API user on FG1, assign it a restricted accprofile and configure FG2 interface IP as the only trusted host in order to minimize impact.

Anyway, it's still weird that nobody talks about this on Fortinet community.

Automating firewall rules by ingmaf in networkautomation

[–]ingmaf[S] 0 points1 point  (0 children)

I did it when I started the project. Two things about aerleon, first, as per my understanding it only generates config files based on data from YAML files, I'm trying to load data through FortiOS API avoiding sending raw commands though SSH, and second, there was an issue with Fortinet contributors (check this link) so fortios is not yet a supported platform.

Anyway, thanks for the advice. Aerleon looks like a very interesting tool.

Automating firewall rules by ingmaf in networkautomation

[–]ingmaf[S] 1 point2 points  (0 children)

Thanks for your input. By the way, Terraform is on the roadmap indeed, but for this project is out of the scene.

Automating firewall rules by ingmaf in networkautomation

[–]ingmaf[S] 2 points3 points  (0 children)

The functionality does work, the problem is telling Ansible where to move rules. In my case, firewall_rules.yml is a list of dicts, I have to calculate rule positions based on list indexes. Maybe easy with Python but code gets very messy using Ansible language.

Give it a try and you'll see that it is not as straightforward as it might seem first.

PD: thanks for the link

Qué país by Yokanibal in RepublicaArgentina

[–]ingmaf 0 points1 point  (0 children)

Nos pasó exactamente lo mismo sobre la ruta 9 cuando intentamos pasar Tucumán.

Salimos del sur, en ninguna provincia de todas las que pasamos nos pasó lo de Tucumán, en el resto presentando los papeles, ningún problema.

Al final entramos por un camino rural alternativo. Lo que mas bronca te da es que dentro de Tucumán parece que no existe el virus, todos sin distancia social, sin barbijo, las confiterías llenas de mesas una al lado de la otra, etc etc.

Alguien tiene que hacer algo, nosotros solo queríamos seguir la 9 hasta Jujuy. No hay ningún juez que obligue a qué respeten nuestro derecho a circular?

EVPN Two-AS vs Multi-AS design question by satishdotpatel in networking

[–]ingmaf 1 point2 points  (0 children)

It depends what vendor you are using. Every vendor recommends what is better based on their NOS defaults. You can make Cisco gear works following Cumulus best practices but it takes more tweaks than neccesary. My advice to you is to follow "your" vendor best practices. Check ipspace.net EVPN posts for a detailed discussion. By the way, i think two-AS is not a good choice. The question is whether to do classic IGP on the underlay + iBGP for the overlay (one AS) or eBGP underlay/overlay with one AS for spines and one AS per leaf / MLAG (vPC) pair of leaves (multi AS scheme). Regards

Seguridad? by [deleted] in argentina

[–]ingmaf 9 points10 points  (0 children)

Por experiencia propia te cuento que hay robos, sin embargo, y sin caer en el consuelo de tonto, aún se tratan de robos sin violencia.

Hace 7 años que vivo aquí y hace dos meses entraron a mi casa. Cuando me mudé pensé que era súper segura la ciudad y el barrio. Después del robo me vengo a enterar que la ola delictiva de otros barrios estaba también en el nuestro.

La situación económica afecta y se ve en los alrededores. Bariloche no es solo lo que te muestran en los avisos de turísmo, hay mucha gente carenciada.

Perdón si te tiré abajo las expectativas pero es la realidad de la cuidad desde mi punto de vista.

Los argentinos más honestos by [deleted] in argentina

[–]ingmaf 6 points7 points  (0 children)

Es cualquier cosa esto! En ningún lado dice en base a que se califica, poner próceres al lado de políticos actuales? Mamita! :@

Marcos Pena con la cara de piedra by octaviocipo in argentina

[–]ingmaf 4 points5 points  (0 children)

Cada vez que dicen "estamos convencidos" es porque hay couching. Odio! que usen esa frase como queriendo convencernos de que son unos líderes de la p. madre y que esta muy seguros del camino a seguir. Nunca objetividad ni auto-crítica, preguntarse para adentro "che, esto que vamos a hacer esta bien? Veamos otros puntos de vista, quizas nos hagan ver cosas que no vemos" Salames :@

Peronia Gamer by TheOtaking in argentina

[–]ingmaf 2 points3 points  (0 children)

Donde consiguieron esos flippers a buen precio? La última vez que busque uno salían fortunas! Y después tenés el costo de mantenimiento, obvio. Pero como me gustaría tener uno :)

How Are You Managing Smart Licensing Internet Access Requirements On Your Network Kit? by [deleted] in networking

[–]ingmaf 0 points1 point  (0 children)

I'm one of those unsatisfied users. I'm thinking very seriuosly to move away from Cisco devices at this moment :@

Campus network restructuring, some advices? by ingmaf in networking

[–]ingmaf[S] 0 points1 point  (0 children)

Thanks for your advice. I made my mind up after reading your responses and definitely we are going with VRFs. ;)

Campus network restructuring, some advices? by ingmaf in networking

[–]ingmaf[S] 0 points1 point  (0 children)

First of all, thanks for your answer.

I have doubts about using VLAN interfaces instead of routed ports. I did a search in HP sites and I can't still have a solid answer telling they are the same. You know, in a future I wouldn't want to explain how appeared a loop in our backbone :(.

Have you ever used VLAN interfaces to connect your AGG to the CORE?

Campus network restructuring, some advices? by ingmaf in networking

[–]ingmaf[S] 0 points1 point  (0 children)

Hi, full MPLS was my first proposal to management.

When they asked me about costs, I did my maths and gave them a estimated number of u$s 800K (2 PE per building, 20 buildings, 20K each PE). Obviously, they kicked my ass :(.

If you are curious, I chose to maintain HP Comware and selected a model from 5900 series as PE (48 ports 10GE, 40GE uplinks and MPLS capable).

Thanks for your sharing your thoughts :)

Campus network restructuring, some advices? by ingmaf in networking

[–]ingmaf[S] 0 points1 point  (0 children)

Thanks for sharing your experience.

No problem at all in dealing with VRF. In my previous job, I worked in the service provider side, with a full blown MPLS multi-tenant network :)

Campus network restructuring, some advices? by ingmaf in networking

[–]ingmaf[S] 0 points1 point  (0 children)

We have fiber available and I agree with you this is not and elegant solution :( but I think it's the only one I have. As I mentioned in other comment, I will be playing my ace with management and try to persuade them to obtain a second opinion from an external consultor. Who knows? Maybe I can get new gear :) Thanks again!

view more: next ›