ExaBGP and python: Getting Started

This entry is part 1 of 6 in the series Influence Routing Decisions with python and ExaBGP

I’m really excited about these next few posts. I’ve been doing some research on BGP and automating routing decisions with python, which led to my discovery of ExaBGP. ExaBGP is dubbed “The BGP swiss army knife”, and I’m early in my experimentation with this tool, but it seems to be a very easy way to peer with your BGP routers and control the advertisement of networks.

This post will cover basic setup of ExaBGP and peering with a router, as well as how you can tie in python to present control for the advertisement of routes. The next post will use the Flask web framework to offer a simple HTTP API for adding/removing routes. I hope the following posts will be along the lines of receiving the BGP UPDATE messages from peered routers to monitor and analyze advertised networks.

Continue reading

OnePK – Connecting to a Network Element

This entry is part 2 of 5 in the series Getting started with Cisco OnePK

The first step in managing your network with Cisco’s OnePK is learning how to connect to a switch or router, what Cisco calls a Network Element. In the early OnePK days this was a very straightforward task using vanilla TCP but in the newest version of OnePK (1.3) and IOS (15.4), unencrypted communications were disabled and we are forced to use TLS. This makes sense from a network security point-of-view; it just makes it a little more difficult to get started.

Fortunately, amongst Cisco’s vast resources I found a document that helps outline a process that makes it easier to use TLS between our OnePK apps and Cisco IOS devices. The guide uses a technique called TLS pinning which allows our OnePK app to bypass certificates but still encrypt communications via TLS. Read more about this technique here: Cisco – TLS Pinning Guide. (Please note that this should not be used for production as it does not verify the endpoints. Certificates should be used for TLS in a production network.)

Continue reading

Python and onePK Offer the Power of SDN Today

This entry is part 1 of 5 in the series Getting started with Cisco OnePK

Cisco announced their entry into the Software Defined Networking (SDN) arena with OnePK in early 2013. If you haven’t heard of Cisco’s OnePK yet, please read their introductions before continuing (only because they do a better job of explaining it than I do):

It took Cisco a while to deliver something tangible after the initial announcement, but it was certainly worth the wait. Cisco has a large amount of resources for onePK that range from videos, tutorials, code examples, SDKs in 3 languages (Java, C, python), and full API docs. I’ve been digging through these resources and there is plenty of good info to get people started with SDN. Continue reading

TFTP copy from a non-global VRF

I’ve been running a Cisco CSR-1000v box on my Mac in Parallels for a bit now. I love the convenience of being able to test on a real IOS XE device anywhere I am (airplane, coffee shop, maybe even my office)! I’ve been running the CSR-1000v since version 3.09 and I wanted to upgrade to 3.12.0S since it’s got some new features, bug fixes, and most importantly (for me) a lower memory footprint. I downloaded the new .bin file and proceeded to try and upgrade the image as I would any physical device, with TFTP. Well, here’s how well that went:

Continue reading