Regular Expression for Network Engineer Part-2

23 May 2018 Leave a comment

This post is continuation of the  Regular Expression for Network Engineer Part-1 , here  we  have a look for the different methods to find out the pattern in string.

Findall() – returns  list of all the  matches the pattern in a string  without overlapping

  • EXAMPLE

re.findall(pattern, string[, flags])

In [118]: ip
Out[118]: '10.10.1.10,29.10.1.10,10.10.1.20,192.168.1.0,172.16.10.1,10.10.10.121'

In [119]: out= re.findall(r'(10.10.10.\d+)' ,ip)
In [120]: out
Out[120]: ['10,10.10.1', '10.10.10.121']

#Above example help us to find out all the IP's of subnet 10.10.10.0/24 from group of ip's.

 

Match()-return a match object when pattern is found at the beginning of string, if no pattern is found ,result in None.

  • EXAMPLE

In [189]: text
Out[189]: 'Cisco IOS Software, 7200 Software (C7200-SPSERVICESK9-M), Version 12.2(33)SRE, RELEASE SOFTWARE (fc1)'

In [190]: out = re.match(r"Cisco",text)
In [191]: out
Out[191]: <_sre.SRE_Match object; span=(0, 5), match='Cisco'>
In [192]: out = re.match(r" Software",text)
In [193]: out
In [194]: out = re.search(r" Software",text)
In [195]: out
Out[195]: <_sre.SRE_Match object; span=(9, 18), match=' Software'>
In [196]:
#Match search pattern only at beginning of line ,whereas search looks for pattern anywhere in line ,not specific at beginning. Search() function is  further discussed below:  

 

 

Search()- returns a match object when pattern is found, if no patterns found ,it result in None.

  • EXAMPLE

In [126]: text
Out[126]: 'Cisco IOS Software, 7200 Software (C7200-SPSERVICESK9-M), Version 12.2(33)SRE, RELEASE SOFTWARE (fc1)'

In [127]: re.search(r"^Cisco .*, Version (.\S+), .*$",text).group(0)
Out[127]: 'Cisco IOS Software, 7200 Software (C7200-SPSERVICESK9-M), Version 12.2(33)SRE, RELEASE SOFTWARE (fc1)'

In [128]: re.search(r"^Cisco .*, Version (.\S+), .*$",text).group(1)
Out[128]: '12.2(33)SRE'

#Above example help us to find  ios version , as discussed in last post group(0) gives overall match , wheras group(1) gives the first parenthesis match .

 

Compile() -function converts expression string into a regexp ,that can be used frequently later in script.

  • EXAMPLE

In [154]: text
Out[154]: 'Cisco IOS Software, 7200 Software (C7200-SPSERVICESK9-M), Version 12.2(33)SRE, RELEASE SOFTWARE (fc1)'
In [155]: regex =r"^Cisco .*, Version (.\S+), .*$"
In [156]: comp_re = re.compile(regex)
In [157]: out =comp_re.search(text)
In [158]: out
Out[158]: <_sre.SRE_Match object; span=(0, 101), match='Cisco IOS Software, 7200 Software (C7200-SPSERVIC>
In [159]:
#Above example we have converted the pattern r"^Cisco .*, Version (.\S+), .*$" into a regex and used it further for search.We need not have to write pattern again and again in program  instead we can use compiled regex in place for search or match.

 

Advertisements

Regular Expression for Network Engineer Part-1

22 May 2018 Leave a comment

A regular expression is set of pattern used to define certain amount of text. An powerful  tool in any scripting language to match any pattern.

Lets have a look , how regular expression can be used in Python to solves the problem. Module “re’ is imported in python to support regular expression .

<< import re >>

[  ] – its for specifying character class, individual char or range of character can be mached .

 

  • [123] will match any of the character ‘1’,’2′,’3′
  • [1-3] will match any of the character  ‘1’,’2′,’3′
  • [a-d] will match any of the character a,b,c,d
  • [a-z] will match lowercase
  • [A-Z] will match uppercase
  • [^6] will match any character except 6
  • [a-zA-Z0-9] will match any alphanumeric character
  • [^a-zA-Z0-9] will not match any alphanumeric character
  •  [a-zA-Z0-9] is equivalent to \w
  •  [^a-zA-Z0-9] is equivalent to \W
  • [0-9] is equivalent to \d
  • [^0-9] is equivalent to \D
  • [  \t\n\r\f\v] is equivalent to \s
  • [ ^ \t\n\r\f\v] is equivalent to \S

 

. – Period character ,use for matching any single charcter

  • EXAMPLE :

 


In [225]: ip ='10.20.30.40'
In [226]: re.search(r".",ip)
Out[226]:&lt;_sre.SRE_Match object; span=(0, 1), match='1'_>
In [227]: re.search(r".",ip).group(0)
Out[227]: '1'

In [228]: re.search(r"..",ip).group(0)
Out[228]: '10'

In [229]: re.search(r"...",ip).group(0)
Out[229]: '10.'

In [230]: re.search(r"....",ip).group(0)
Out[230]: '10.2'

 

*- Matches zero or more Character

  • EXAMPLE:

In [233]: ip
Out[233]: '10.20.30.40'

In [234]: re.search(r".*",ip).group(0)
Out[234]: '10.20.30.40'

# Here it matches zero of more character

In [235]: re.search(r".*",' ').group(0)
Out[235]: ' '

# Here it matches zero character

 

+ – Matches one or more character ,its greedy !!

  • EXAMPLE

In [238]: re.search(r".+",ip).group(0)
Out[238]: '10.20.30.40'

In [239]: re.search(r".+",'').group(0)
Traceback (most recent call last):

File "&lt;ipython-input-239-fdddd705c7f9 line 1 in &lt;module&gt;
re.search(r".+",'').group(0)

AttributeError: 'NoneType' object has no attribute 'group'

#At least one match is necessary

 

^ and $- Matches beginning or end of line respectively

  •  EXAMPLE

In [242]: ip
Out[242]: '10.20.30.40'
In [243]: re.search(r"^.+$",ip).group(0)
Out[243]: '10.20.30.40'

 

\d and \s -Matches  digit character and  whitespace character respectively

  • EXAMPLE
  • In [251]: ip = '10.160.21.100'
    
    In [252]: re.search(r"\d",ip).group(0)
    Out[252]: '1'
    
    In [253]: re.search(r"\d\d",ip).group(0)
    Out[253]: '10'
    
    In [254]: re.search(r"\d\d\d",ip).group(0)
    Out[254]: '160'
    #\d\d\d does not match first octet of ip as it has only 2 consecutive digit
    
    In [256]: re.search(r"\d\d\d+$",ip).group(0)
    Out[256]: '100'
    
    

     

    
    In [264]: ip = " 10.160.21.100"
    #note space before 10
    
    In [266]: re.search(r"\s\d\d",ip).group(0)
    Out[266]: ' 10'
    
    In [267]: re.search(r"^\s+",ip).group(0)
    Out[267]: ' '
    
    In [268]: re.search(r"^\s+\d",ip).group(0)
    Out[268]: ' 1'
    
    In [269]: re.search(r"^\s+\d\d",ip).group(0)
    Out[269]: ' 10'
    
    

     

  • \D and \S- Matches non digit and non whitespace charcter respectively
    • EXAMPLE
    
    In [270]: ip
    Out[270]: ' 10.160.21.100'
    
    In [271]: re.search(r"^\D\d\d",ip).group(0)
    Out[271]: ' 10'
    
    In [272]: re.search(r"^\D\d\d\D",ip).group(0)
    Out[272]: ' 10.'
    
    In [273]: re.search(r"^\D\d\d\D\d",ip).group(0)
    Out[273]: ' 10.1'
    
    In [274]: re.search(r"^\D\d+\D\d",ip).group(0)
    Out[274]: ' 10.1'
    

     

    
    In [275]: ip
    Out[275]: ' 10.160.21.100'
    
    In [276]: re.search(r"^\s\S+",ip).group(0)
    Out[276]: ' 10.160.21.100'
    
    

     

  • () -Parenthesis to save things
    •  EXAMPLE
    
    In [14]: out = "IP address: 10.1.1.22"
    
    In [15]: re.search(r"^IP (\D+): (.*$)",out)
    Out[15]:&lt;_sre.SRE_Match object; span=(0, 21), match='IP address: 10.1.1.22'&gt; [16]: re.search(r"^IP (\D+): (.*$)",out).group(0)
    Out[16]: 'IP address: 10.1.1.22'
    
    In [18]: out = "IP address: 10.1.1.22"
    
    In [19]: re.search(r"^IP (\D+): (.*$)",out).group(0)
    Out[19]: 'IP address: 10.1.1.22'
    
    #group(0) give the full match
    
    In [21]: re.search(r"^IP (\D+): (.*$)",out).group(1)
    Out[21]: 'address'
    
    #group(1) gives the match for first parenthesis
    
    In [23]: re.search(r"^IP (\D+): (.*$)",out).group(2)
    Out[23]: '10.1.1.22'
    
    #group(2) gives the match for second parenthesis
    
    

 

 

Categories: NOTES, Python Tags: ,

MTU (Maximum Transmit Unit) and MSS (Maximum Segment Size)

What is difference  between MTU and MSS ? Most frequent question asked on the internet by networking guys.Hope this post will answer all queries related to MTU and MSS.

As per Wikipedia , the maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single, network layer, transaction , that means MTU is maximum length of a data that can be transmitted in single instance over the network.

Ethernet interface has MTU size of 1500 bytes by default. which excludes Ethernet header and trailer (i.e 18 Bytes). So Ethernet cannot not carry more that 1500 Bytes.We have 20 Byte IP header ,20 Byte TCP header and 1460 Byte Payload  .

This 1460 Byte Payload is TCP MSS (Maximum Segment size) .If we want to define MSS, it can be defined as the largest segment that a TCP receiver is willing to receive from the peer thus the largest size  its peer should ever used when sending.

Lets understand the same with the help of a diagram :

 

MTU.png

In normal scenario(without any additional encapsulation), device can use maximum payload of 1460 to sent without any fragmentation or drop.

MSS.PNG

 

Now considering the case when router is carrying out additional encapsulation of MPLS (VPN and LDP label ) ,it will further add 8 bytes to ethernet , if Traffic engineering too is considered ,it will further add 4 bytes.

 

Mpls

 

The IP MTU cannot be more than 1500 bytes and cannot be increased .Thus the Ethernet frame having the MPLS encapsulation may increase the maximum MTU and transit router may drop or fragment the packet .

Their is way to overcome this issue, just adjust the TCP MSS by 12 bytes that will help to create space for additional MPLS labels .

This can be done as below:

R1(config)#int ethernet 2/0
R1(config-if)#ip mtu 1488
R1(config-if)#ip tcp adjust-mss 1448

 

Command (ip mtu 1488 )  : It will  change the IP MTU to 1488 .

Command (ip tcp adjust-mss 1448 ): It will signal to source and destination device  during the 3-Way handshake ,thus prevent any fragmantion /drop on the device .

 

 

 

 

Categories: Routing Tags: , , ,

SDN : APIC Vs APIC-EM

5 Jun 2017 3 comments

Software Defined Network (SDN) is technology to allow network devices to be managed through software application, thus making configuration process automated and faster.

Network devices have its own management plane, data plane and control plane. Traditional SDN decouples Control plane from all different devices and have all these control plane go live inside  SDN controller so the controller now take care of control plane  and run the routing protocols and do all the control plane related stuff and administer or push instructions down the devices.

TRADITIONAL SDN :

 

 

This type of SDN is known as stateful approach where SDN controller acts as a control plane for each network device it manages. The SDN controller is responsible for translating policies into commands and pushed to the devices.

SDN controller communicates with the below devices through southbound interfaces .One of the popular SDN controller is called Open Daylight.

Open Daylight is an open source SDN platform, which can use the OpenFlow protocol protocol as Southbound Application programming interface(API) to communicate with network devices that support Openflow  protocol.

We have just talked about the south of controller, north of controller is the applications which communicates to controller through NorthBound Interfaces. Applications can use REST API to communication through Northbound Interface to controller.

REST (REpresentational State Transfer) APIs allows to communicate with SDN controller using http or https .Postman is such one of the application which can be used to communicate the SDN Controller through Northbound interface.

CISCO  takes a bit different approach of  their controller APIC (Application Policy Infrastructure Controller ) and APIC-EM(Enterprise Module) .

APIC and APIC-EM have control plane back to the devices means that control plane is not decoupled from the network devices as in traditional SDN.

Cisco Controller is Stateless approach where each network device has its own control Plane. SDN Controller send policies to the network devices, which are individually responsible for translating policies into commands.

APIC :

 

 

 

APIC-EM 

This is APIC which is seen in Data center whereas APIC –EM is generally seen in Campus, LAN or remote offices.

The best part of the APIC-EM is that it can communicate with our traditional devices which do not speak open flow , means that there is no requirement to run Open Flow through southbound interface to communicate with network devices which does not speak SDN languages.

 

 

APIC –EM communicate to network devices through southbound interface using TELNET,SSH or SNMP. Whereas Northbound Interface still communicates with APIC-EM using  REST  APIs so in Nutshell Application can send the instruction  to APIC-EM  through Northbound interface using REST APIs ,further APIC-EM push  instructions  to get the required information through Southbound Interface using SSH, TELNET or SNMP which is generally OpenFlow in case of APIC .

 

Characteristics of APIC

  • For use in Data Centers
  • Typical Applications found on APIC:
    • Policy Manager : Contains policy and rules that can be applied to end point groups
    • Topology Manager :Maintains Information about the topology
    • Observer :Does Monitoring of ACI Components.
    • Boot Director :Used for firmware update and booting of spine or leaf.
    • Appliance Director :Responsible for set and control APIC cluster
    • VM Manager :This acts as intermediator between hypervisor and platform such as openstack.
    • Event Manager :Stores events and faults.
    • Appliance Element :Manages individual controller

 

APIC DASHBOARD

 

APIC-EM is generally used in 2- Tier infrastructure where core and distribution switches are collapsed together.

Characteristics of APIC-EM

  • For use in campus ,LAN or WAN
    • Network Topology Visualization: Dynamically Learn Topology and give maps.
    • CISCO IWAN :Help to set up IWAN
    • Path Trace Application: It get path trace from any Point A to any point B.

APIC-EM Dashboard

 

Hope this post helped to get basic insight of Traditional SDN and CISCO approach  based APIC and APIC-EM and most importantly the difference between APIC and APIC-EM

Smiles 🙂

Categories: SDN Tags: , , , ,

Nexus 9K –ACI Mode – PART 2

31 May 2017 Leave a comment

Welcome to part 2 of ACI series,  if you want to go through  part 1 of ACI series , here is link for reference  https://crazyrouters.wordpress.com/2017/05/22/nexus-9k-aci-mode-part-1/

Let’s start with the discussion of new terms related to ACI which will be used further during ACI discussion.

1.png

 

Above Pic tells about the different relation between Tenant and other components. So the first question arise is “What is actually Tenant? “

Tenant

Customer in service provided environment is same as tenant represent in Nexus-ACI .The terminology is different but concept is same, Tenant may be understood as customer, organization or domain in enterprise.

We will configure different Bridge-Domain, Vrf, Application profile, contract and filter under the Tenant.

 

VRF

VRF can be understood same as the VRF in Service provide J .VRF defines layer 3 address domain, one or more Bridge-domain cane be associated with VRF.So next question comes to mind, what is Bridge-domain?

 

Bridge-Domain (BD)

Bridge-Domain represent layer 2 domain within fabric construct .Bridge-Domain must be linked to VRF, It is simply a container for subnets.

Consider VRF defining a unique IP address space, that address space consists of multiple subnets .These subnets can be defined in one or more bridge-domain that reference the VRF.

Bridge-Domain are in fact VXLANS (would be discussing the VXLAN in detail on next post), that allows any-to-any communication irrespective whether the communicating devices are on same subnet or not. The Important point to note is that all routing is host based, no need to worry whether devices are in same subnet or whereas in traditional routing, the IP address is important because the routing is based on subnet routing. Cool Feature J .

 

Endpoint Groups

EPGs are collection of similar endpoint representing logical grouping of objects that require a similar policy. Endpoints are devices that are connected to networks directly or indirectly.  Endpoint examples include servers, virtual machines, network-attached storage, or clients on the Internet.

An EPG can be statically configured by an administrator in the APIC, or dynamically configured by an automated system such as vCenter or OpenStack

 

Policy always applies to EPGs, never to individual endpoint.

Case 1: End point within the same EPGs can communicate freely.

Case 2: End point between the different EPGs cannot communicate freely, there is need to contract   between different EPGs. So what is Contract?

 

Contract

Contract can be referred as policy construct defining type of traffic that can be pass between EPGs.. When an EPG consumes a contract, the endpoints in the consuming EPG may initiate communication with any endpoint in an EPG that is providing that contract.

Contract is must for any communication between EPGs .Contract will refer to one or more filters.

2

Contract has some sub-component

  • Subject : Group of filters that apply to specific application or service
  • Filters : Used to classify traffic
  • Actions: Defines actions, which need to perform on filter ,permit, deny, mark all are actions.

 

Let’s take an example to understand the contract and its sub-component .Consider a server  for Web services ,let’s call as Web server which might be producing  sub applications such as HTTPS,HTTP,FTP,TFTP and so on. We have requirement to impose different policy on these different sub applications .APIC defines these sub applications or services as subjects. In other words, subjects are combined within contracts to represent the set of rules that define how an EPG communicates with other EPGs.

Filters are further define under subject like access-list for endpoint groups. What operation need to be done on filters is defined by Actions

 

 

3.png

 

 

Application Profile

Application profiles are group of EPGs and the policies that define the communication between the groups. For example, Finance application may require a web server, App server, DB server, and access to outside network to enable application transaction .This application profile contain all the necessary EPGs that are logically bind to provide the application.

A group of physical and virtual server may be grouped together in a single tier or 3 tier application. The communication between these 3 tier is necessary to make up complete application, This complete application definition is known as Application profile.

 

4.png

It is necessary to create filters within our tenant that will be utilized by the contract. These contract will be used by different EPGs to complete 3 tier application profile.

We are all most done with the major terms or components involved .Hope this post have help you to get basic insight of different components of ACI.

Smiles 🙂

 

 

Categories: SDN Tags: , , , , , ,

Learning Python: Week3 (Conditionals and For Loops) -Part 4

28 May 2017 Leave a comment

As discussed in post  ( https://crazyrouters.wordpress.com/2017/02/25/learning-python-kirk-byers-python-course/  ) , i will be sharing the my learning on weekly basis as course continues. This will not only motivate me but also help others who are in phase of learning python 3.

This post will focus on Week 3 (Conditionals and For Loops) .This post will focus on exercise 3

##################### EXERCISE ########################

IV. Create a script that checks the validity of an IP address.  The IP address should be supplied on the command line.
A. Check that the IP address contains 4 octets.
B. The first octet must be between 1 – 223.
C. The first octet cannot be 127.
D. The IP address cannot be in the 169.254.X.X address space.
E. The last three octets must range between 0 – 255.

For output, print the IP and whether it is valid or not.

#############END ########

 

In this exercise, user will enter IP address on the command line and will be checked for valid IP address depending over the conditions.

So let’s start with code to get the IP address on the command line from user using sys.argv.

As discussed in last exercise ,if the input is more than 2 argument, it will throw output as “Error Made”

import sys

if len(sys.argv) == 2:
 ip_addr = sys.argv.pop()
 print("The IP address is :",ip_addr)
else:
 print("Error Made")

If we run the above code , we will get the output as below

C:\Users\609807949\Documents\Personal\Python\kirk\week 3>py test1.py 10.10.10.1

The IP address is : 10.10.10.1

if more than 2 argument entered by user

C:\Users\609807949\Documents\Personal\Python\kirk\week 3>py test1.py 10.10.10.1
20.20.20.1
Error Made

So we have got the input as Ip address on the command line from user. Let’s split each octet of  ip address using split () method

ip_addr_new = ip_addr.split('.')

We have used the Nested If else loop to check all the below required conditions

A. Check that the IP address contains 4 octets.
B. The first octet must be between 1 – 223.
C. The first octet cannot be 127.
D. The IP address cannot be in the 169.254.X.X address space.
E. The last three octets must range between 0 – 255.

if (len(ip_addr_new)) == 4:
 if (int(ip_addr_new[0]) &amp;gt; 1 and int(ip_addr_new[0]) &amp;lt; 223 and int(ip_addr_new[0]) != 127):
 if (int(ip_addr_new[0]) != 169 and int(ip_addr_new[1]) != 254):
 if (int(ip_addr_new[1]) &amp;gt;0 and int(ip_addr_new[1])&amp;lt; 255 and int(ip_addr_new[2]) &amp;gt;0 and int(ip_addr_new[2]) &amp;lt; 255 and int(ip_addr_new[3]) &amp;gt;0 and int(ip_addr_new[3])&amp;lt; 255 ):
 print("Ip address is valid")
 else:
 print("Ip address is Invalid")
 else:
 print("Ip address is Invalid")
 else:
 print("Ip address is Invalid")
else:
 print("Ip address is Invalid")

 

Following   code Checks for condition A  that the IP address contains 4 octets.

if (len(ip_addr_new)) == 4:

 

Further belowcode Checks for condition B and C the first octet must be between 1 – 223 and first octet cannot be 127.

if (int(ip_addr_new[0]) > 1 and int(ip_addr_new[0]) < 223 and int(ip_addr_new[0]) != 127) :

Code to Check for condition D  that the IP address cannot be in the 169.254.X.X address space.
if(int(ip_addr_new[0]) != 169 and int(ip_addr_new[1]) != 254):

Now remains the last condition E that the last three octets must range between 0 – 255.

 if (int(ip_addr_new[1]) >0 and int(ip_addr_new[1])< 255 and int(ip_addr_new[2]) >0 and int(ip_addr_new[2]) < 255 and int(ip_addr_new[3]) >0 and int(ip_addr_new[3])< 255):

So we are done with all the required conditions, if any above mentioned condition fails , we should get output as “Error” otherwise output as “Valid IP”

Here is the Code from scratch for this exercise.

exercise3.PNG

Let’s check for each condition by providing valid and invalid input.

 

exercise3_out.PNG

Method 2 

The above code is not concise , lets have better code for same problem

Let’s start from scratch ,

import sys

if len(sys.argv) != 2:
 sys.exit("Usage: ./scriptarg2.py ")

ip_add = sys.argv.pop()

As discussed earlier, It will exit the script , if argument is not equal to 2 , further userlast input will be pop into ip_add

Lets define valid_ip as true , we will using for genuine ip address.

valid_ip =True

valid_ip =True

 

As user input is in decimal format , we need to split each octet

octets = ip_add.split('.')

Now lets check condition A  i.e length of octet should be 4.

if (len(octets)) != 4:
 sys.exit("The number of octet is invalid: ")

we will use for loop to get each octet and store them in different variable , also changing the type of each element into int as we will be performing checks on basis of integer

for i , octet in enumerate(octets):
 try:
 octets[i] = int(octet)
 except ValueError:
 sys.exit("\n\nInvalid IP address: {} \n".format(ip_add))

first_octet, second_octet, third_octet, fourth_octet = octets

Now task remains to check all the required conditions for input to be valid Ip address.

First checked the valid condition for first octet.

if first_octet &lt; 1:
 valid_ip = False
elif first_octet &gt; 223:
 valid_ip = False
elif first_octet == 127:
 valid_ip = False

 

Below code checks the condition that the IP address cannot be in the 169.254.X.X address space.

if first_octet == 169 and second_octet == 254:
 valid_ip = False

 

Now remains the last condition that the last three octets must range between 0 – 255.

for octet in (second_octet, third_octet, fourth_octet):
 if (octet &lt; 0) or (octet &gt; 255):
 valid_ip = False

Lets print whether the provided IP address is valid or not

if valid_ip:
 print ("\n\nThe IP address is valid:{}".format(ip_add))
else:
 sys.exit("\n\nInvalid IP address: {}".format(ip_add))

Overall Code

import sys

if len(sys.argv) != 2:
sys.exit("Usage: ./scriptarg2.py ")

ip_add = sys.argv.pop()

valid_ip =True


octets = ip_add.split('.')

if (len(octets)) != 4:
sys.exit("The number of octet is invalid: ")


for i , octet in enumerate(octets):
try:
octets[i] = int(octet)
except ValueError:
sys.exit("\n\nInvalid IP address: {} \n".format(ip_add))

first_octet, second_octet, third_octet, fourth_octet = octets

if first_octet < 1:
valid_ip = False
elif first_octet > 223:
valid_ip = False
elif first_octet == 127:
valid_ip = False

if first_octet == 169 and second_octet == 254:
valid_ip = False


for octet in (second_octet, third_octet, fourth_octet):
if (octet < 0) or (octet > 255):
valid_ip = False

if valid_ip:
print ("\n\nThe IP address is valid:{}".format(ip_add))
else:
sys.exit("\n\nInvalid IP address: {}".format(ip_add))

So done with this exercise , will be back with new post .

smiles 🙂

 

 

Nexus 9K –ACI Mode – PART 1

22 May 2017 1 comment

 

SDN is the Buzzword for Network Guys, How is it related to Nexus 9k in API mode.

Let’s Start with SDN to understand the co–relation between SDN and Nexus 9K (ACI Mode).

To understand SDN in network terms, SDN does decoupling of control plane and data Plane, thus decision making now done at centralized control plane with the help of software. This SDN technology can be termed as classical SDN.

Nexus 9K(SDN Implementation ) behaves in different way than classical SDN,  no decoupling of control and Data plane is done, but a policy agent is added  over control and data plane.

APIC (Application Policy Infrastructure Controllers) interact with Policy agent on Nexus 9K to push the required policy. Thus ACI can be said to be based of two component:

  1. Nexus 9k which forms the physical infrastructure
  2. APIC which takes care and control all aspects of fabric configuration.

 

APIC is neither the control plane nor data plane but the policy controller which holds the defined policy and can instantiate required policy.

 

 

1

Interesting part of the NEXUS 9K (ACI Mode) is that you cannot run config t on the device , the only method to config the nexus 9K is via APIC or GUI.

ACI used leaf and spine topology, where each leaf is connected to spine node in fabric and there is no direct connectivity between leaf to leaf or spine to spine. The model is well known as CLOS Model.

 

2.png

MCP (Mis Cabling Protocol) runs to avoid any interconnected between leaf. The leaf node goes to suspend in case leaf are connected to each other directly by mistake.

Traffic with the source and destination on the same leaf is treated locally, whereas all other traffic passes from ingress to egress leaf via spine switch.

All external connectivity i.e host, server, VM, router, switches etc is via leaf nodes only.

The APIC REST API is a programmatic interface to the APIC that uses REST architecture. The API accepts and returns HTTP or HTTPS messages that contain JSON or XML documents.  In other words all ACI fabric functionality is defined by the Northbound REST API and the message pushed is in form of XML or JSON.

There are different new terms involved in ACI such as Tenant, End point, Contract, application profile, switch profile, interface profile ,VXLAN ,etc  which  will be discussed in coming posts.

Smiles 🙂

Categories: Routing
%d bloggers like this: