Plumbing the Internet, BSD-style

Video in TIB AV-Portal: Plumbing the Internet, BSD-style

Formal Metadata

Title
Plumbing the Internet, BSD-style
Subtitle
Building your Internet presence with BSD
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English

Content Metadata

Subject Area
Abstract
If you have ever delved into the world of BGP routing on the Internet, you know that it can be quite an undertaking. Fortunately, we can utilize BSD and a couple of open source tools to build a solution that will provide high availability and easy management, at a fraction of the cost of commercial solutions. This talk is an introduction to the basics of building a BGP presence on the Internet, and orchestrating it with Ansible. If you have ever delved into the world of routing on the Internet, you probably know that it can be daunting. You learned that BGP is the protocol used to build the global routing table, but likely discover that every answer leads to two more questions. Bureaucracy and expensive, proprietary solutions are everywhere. BSD can't stop the red tape, but it does offer a fantastic solution for your technical dilemma. This talk is a whirlwind tour of building an Internet presence in three parts (and an opportunity to learn from my mistakes). Act one is a brief introduction to the BGP protocol, the process to obtain numbering resources, and connectivity. The basics of rigging a FreeBSD host for routing are covered, and the routing daemon BIRD. Next up is discussion of network design for high-availability, and the FreeBSD/BIRD configuration to make it happen. Setting up one router may be fun, but we're going to want automation. Enter Ansible. After a quick introduction, we'll use it to deploy a live demo of our configuration Finally, now that we have a fault-tolerant solution; so let's introduce some faults, and see what happens! We'll induce some failures, and watch how our network responds. Time-permitting, I will wrap up with some discussion of resources for checking the status of your installation. I'll also discuss some more complex tasks, such as multi-site failover, and taking a router out of service.
Loading...
Torus Group action Presentation of a group Context awareness Execution unit Numbering scheme Client (computing) Disk read-and-write head Tracing (software) Fluid statics Web service Velocity Different (Kate Ryan album) Computer configuration Single-precision floating-point format Core dump Cloning Damping Estimation Physical system Enterprise architecture Block (periodic table) Structural load Electronic mailing list Quadrilateral Bit Instance (computer science) Fisher information Radical (chemistry) Arithmetic mean Message passing Digital rights management Process (computing) Internet service provider Order (biology) Summierbarkeit Figurate number Quicksort Reading (process) Point (geometry) Windows Registry Slide rule Twin prime Computer file Open source Robot Firewall (computing) Online help Streaming media Rule of inference Product (business) Number Template (C++) Session Initiation Protocol Goodness of fit Bridging (networking) Term (mathematics) Intrusion detection system Computer hardware Energy level Data structure Lie group Router (computing) Booting Address space Default (computer science) Information Weight Interface (computing) Physical law Plastikkarte Directory service Line (geometry) Cartesian coordinate system System call Word Uniform resource locator Loop (music) Software Personal digital assistant Mixed reality Network topology Data center Interpreter (computing) Video game Musical ensemble Window Building Greatest element Digital media Code Differential (mechanical device) Interior (topology) State of matter INTEGRAL Multiplication sign Direction (geometry) View (database) Sheaf (mathematics) Set (mathematics) Insertion loss Mereology Formal language Optical disc drive Heegaard splitting Mathematics Bit rate Cuboid Diagram Endliche Modelltheorie Extension (kinesiology) Logic gate Resource allocation Decision tree learning Simulation Rational number File format Data storage device Physicalism Knot Perturbation theory Variable (mathematics) Measurement Substitute good Connected space Repository (publishing) Website Configuration space Self-organization Right angle Bounded variation Row (database) Thomas Bayes Implementation Functional (mathematics) Backup Server (computing) Game controller Link (knot theory) Real number Information and communications technology Data recovery Information systems Virtual machine Inclined plane Heat transfer Portable communications device 2 (number) Normal operator Power (physics) Revision control Causality Internetworking Operator (mathematics) String (computer science) Gastropod shell Software testing Hydraulic jump Task (computing) Noise (electronics) Addition Multiplication Dependent and independent variables Cellular automaton Boilerplate (text) Interactive television Icosahedron Planning Subgroup Approximation Peer-to-peer Pointer (computer programming) Fuzzy logic Point cloud Speech synthesis Fiber bundle Pressure Communications protocol Routing Local ring
the i.a.a. did good a tian dates fricken in bith the is boning the unit than when in be talking belt nw and the chea p odd in ation in in and be as t. i.v. slee gers that's when i'm the he or his and so first lol an curious is who news what new rouen and.
who's swe irk with the g.p. before have all p.g.p. and the a sti ing.
of awe rd out of nation hope they have when in the room iwo with an supple awesome.
so we can skip cer some of the some the boring parts then i hope we and i'm you'd be cruise in on long here at high rate of speed so if i a if i lose you buy on the ins fleck mieux nam.
and so before were get going here.
my name's thomas johnson i'm to many sly chills so it's a little refer on the eye ges and and how i got to be here i get started with be a sti in twenty ten and twenty thirteen we started planning for high veil ability eve disaster recovery solution we and decide to that that was going to.
a nis eh status figuring of beat u.p. so i bought a book can starred to reading and uf really twenty fourteen we turned up our primary sipe for key g.p. ion we turned up d.r. site a couple months later and and then twenty fifteen we got started withing ants uppal now on and then new early.
when he eighty in we had or first furred auction test of des za r d r site because and this is the parking lot of our primary data center the wheat before the soup herbal he and we decided that we didn't really want to have our production there you and but but it wasn't all bad because when you get your.
hoop in a group an nde and actually use your d r facility then he get away was stuff like this he it it but.
so in going to start here ba talking little bit a bot ing an supple he a on and since part of the presentation here is to femme a straight what you can do with with automating or b.g.p. with anse uppal seem like i'd a great a really great tim probably really foolish thing to build the demonstration lab it as we go here he.
so will be turning that loose in a couple mm a nets ombre real quick couple of things bought an spel that are worth noting knots written and pif on its i damp attempt operations some much like pop that are or the other now ott of nation systems you're telling anse bui high you want things to be nut necessarily what you want them to be doing on its a a it's a very.
finn lay here so your client nodes don't really need much an the way of an out prix ruckus its are the than stuff that you probably already running in your network anyways nas far is requirements and like i said this not a whole lot you need twin stole anse uppal an your mm master know woods and and then your client nodes are going to mead.
now as a say h pif on stuff that we are a-t. have and stalled.
sown.
you can be up and running with though you know going to great lank pts and.
to your started jump right into you some of the configuration of anse uppal here he and we're going start with inventory which is that can point of anse full where we're were even retell way anse uppal everything that we wanted to do no boat our network and that a everything who will under for know but our network in the hot at the harder they had it is though a hosts file i'll which.
she is where we define all of the host said we want to an spel the know about oat i.i. and we can also org unai though a organize those into groups to simple fi can figuration we can run run an spore plays against a group of hosts a haas on the left hand side here we've got we've got a group called beehive guests and.
a got a bunch of www now i guessed their awry list jenner neath that the right hand side is a variation a fim it's a group can sss composed of groups so we're were acre gating up bunch of subgroups an to one pru pp mix it really handy to share can figuration mung ste other things.
moving deeper into the inventory an hour we get into the host fars and grew pars files and this is a this is where we really kind of get into the heart of what inventories all about iod ce a free for me i'm a file a our an spel doesn't really put might it much in the way i've restrictions on how you can format they to the chapels.
putting in to into this faial a aam in fact pretty much everything on the on the left hand side which is a host lars file is completely arbitrary you know you it's the it's put together the way that that i waun he use it in my in from the taishan so if this is a host fars file on couple things.
is that are b'rith noting here can even use by mm he's a pointer and were defining arar post configuration path where we mont anse bull to going look for can fig ration files a fin me means sim now on and then down blow over starting to i'll starting to describe how we won to ants uppal to struck.
for the network build for this particular whole ste but he and the nice thing boat that is its you know we're defining at all in one single faial were a group of files not spread al acct old her of her a hold ness a files on the right hand side riff going example of the group fars file an aam which there again it's can figures noon applies tune in ky heard tight group and it.
brings up a be a sti got gia a which is that hance the ll use is user been pif on has pts to fall pah off full were the python interpreter solo and he in less you've somehow got that in your be a sti implementation you're going in duff date that and and and at this point we have enough configuration a ne anse bl that we can zz.
actually start doing things and.
it yoder p stance pull bets just is him porn does in been tory it is going t. play books and playbooks i really the hood them topple evel unit of how we how we do things an and supple play books nothing more than a text file a are guen it's written written largely in yum all and or entire than hell a.
ike compte can pose it's composed of one or more plays that's run against a odd a whole store a group of hosts eye and within that play we hell of an owl one or more siro or more tasks that are actually applied to dat howells order the whole say in the flecked.
and soul we haven't another example here hob ca never won read the small taxed its thang the oak at.
a hey to he if you can't read things in the back when we know in on all do what i kanda make in bigger a spy she when ice star pl ing up kerman ul's the now ah but this is in example play our running this plague eh nz the be had guests group noun and then we've got a couple a tasks their lists stick to your were basically we're just checking a couple variables that heard a find.
and word were standing path the doing nothing more than net it this point.
and the other interesting part of ant anse bull sim ler to other systems is there's a concept if roles which is basically just des pre-defined structure to on n't for code reuse so if you have a piece of of the a group of tasks that it that our self contain dynion want to be your evel he use all over the place roles aunt the way to do it.
a i've they have a pre-defined i'll directory structure which is what we see on the right hand side here and the we've got directories for tasks for default there he abut lse handlers i we can even include other roles from from a single whirl so there's a lot of flexibility their fa and the other thing all.
of point out here before we go too much further he is the m. beehive which is a tool the i found nda and get how when i was looking for something to something i could use to avoid having did figure islet all vta beehive provisioning by hand he and its to basically just a light dusts seelye interface front.
and ted to fee hive let's he lou www do all of your net were can figure a sz to net i to matic lee and the question is says beppe these pointed owed earlier is why does and freebie a sti out something like this him place aready.
and.
so at this point a little bit of booked the the demel the ridding to be that i'm you be building up here on its really sss essentially starting with nothing more than att a beehive host and reeve gotten the anse spel guest running on neck on that hole ste eye and from that we've got on the host we have i prix build stem cell of our about as.
izzie vol and all of our guest star going to be clone from they had and then bootstrapped us necessary to build our network.
and so ho once we get this going of seventy minutes later from that those first two to host swe end up with should end up with a fully routed network and and if you guy sell the get help alee links at the beginning in the presentation and pull that puller the diagram that i forgot to mention he should palop then.
the already have a copied this in fron of your and.
so row quick hear it a high level few of what the hood the boots strep process looks like for these these routers on the first thing that we're doing in see we're doing izzie if s. clone to clone the stem cell into you that have the whole psni in that we want i then we import that that hw.
all ume so that we can do or put strap operations on it.
fw we col a couple of very minimal roles that are going to build up the basic configuration that we need for this whole sta run which really him own ce to building elop the can fig files for the routing damon and tem plating r.c. ducked on and really there's nothing more than natta mean and we're going and up with a a working router at that point we export.
that as evolved and boot the gassed and.
a and this is my reminder to go in x. a start the playbook.
so flook over here.
and honeyed can everybody see this well enough anyway ce good.
so our what we're looking asst here is we're looking at the anse anse plate book command zero zahraa one bill demel is just are a real light way play book the calls a role they at does the boots strapping of of the entire network and were skipping a take here for some.
kloet hasc so we don't really new der run because intake you can longer and.
and will said it loose and.
and the first thing that it's it's doing here is something i didn't mention it's going through in stewing some an ish ol shacks of the beehive hosts to make sure that our the bridge just and says and such that we're going need for for all of the guest sir and place and readied are ready to gal so.
well that's running min to foot back and start talking about the jeep he and will start by talking boat what the internet is and yoon are net as as i'm sher many of us are where is just a handful of the tanah nguema systems that need to cme eunuch eight with each other and the way that everybody communicates with each other for better.
or for worse is using b.g.p..
the ana now you guys can read wikipedia just as well as i can regurgitated probably better sell just going to point dough to couple of things on b.g.p. that are are worth noting hear a it's a dissed inspector protocol in measures the short a stay s. paf ob between to a town i'm a systems aam which base going he gns word of were doing pav to termination based on the number of.
morgan is aisha gns that are our traffic is going to be passings or room are theirs to for ayat is of eg p there's an int ek stern ol in and internal friday the x. turn ol friday's use to pass routing information between organizations now how the internal friday's ease to pass that information a monk pssst i internal beachy spe he b.g.p..
he kers within an organization are the one got she hears that generally you still nida a second tear awry you need a out it interior protocol to discover your own internal nat work on generally b.g. of he doesn't handle that for you.
so in this case will be using all us piaf but and he sort of interior protocol works so we're in do b.g.p. what are we needed ofer sim we need as money but fortune one we don't need a whole heckle lot of a to get started on us pp eh sheaf your ce us smaller organization and our going to need a numbers ring needn't eight s. number we need i.
it he addresses were going need roaders some are going to econic to biti and for those last two points were going to want more than one if you're going to go those time an nde time in trouble of deploying b.g.p. there is there's no point din deploying it on just a single singur router single connection your waist yr time.
but you.
internet registries are the place to go to get number re sources on if you're in the knighted states or canada you're going be talking to air in iod that's where my experience is and your mileage may vary if you're from ultz side a that region but these are the folksy need to go tock to odd the one thing that i will mention his.
that if you start down this process of getting numbering re sources and you have questions a on speaking the context of air an aaron is your friend our they're not a gate keeper they're not the bed guy their their their mission is to help you get resources to do things on the internet and so there are they're generally willing to go fla lot of their wayda to.
now p.o..
and.
bhutan i'm assist numbers and simply his number that i'd and fi's your organization there's to bite in for buy it for ids to bite fryatt are the legacy for ride he a out it i don't even know if there are issuing to bite a hass numbers anymore.
i do they have ocha who are you with a ocha and ha and who'll i ought or hw or.
you ok.
ok i had i have a to bite number because i was because we were in early enough and.
and some thanks for the clarification.
i i p v six you get out address is from your registrar your allocation is going to pen dine your ein your organization size them on and the one thing that all of point out here what two things all point out here minimal uno its mm unt size it's going to be except to gen really is going to be a slash forty eight and as you start to work.
now it your address ing scheme i really wreck men not not el a-k. ting anything less than a slash sixty four even if you deploy smaller sum that l. a-k. to slush sixty four.
the.
i peed before so like a sue protocol i'm the internet everyone in this room knows abode a you it's ick sa stood min i'm unknown sme an sizes a slash twenty four thank is enough said their its fars attaining resources we.
you can and i'm going to get to that and but i like that picture.
and so up locks can be had the inner at registries have waiting lists either za transfer market the you can take your chances on if your cell inclined.
but there's another trick now wheeze for ear and there's the for tem rule which refers to that the section in their numbering pala save it's a slash ten that set a side four i p. these six transition and.
be that a but the bottom line here the big take away here is that if you already have an i p p six allocation and you want to do all stacker application you have jus flick ation to request of the four block.
a why i you a.
whoa a are you the hw or i'm got.
ok that's going to know does ripe still have a that ob pool of hua ck sys him ok good you know.
or top.
ocha an.
ok that's good know.
kind of tivoli real quick now there's generally three e three methods of a pain in kind of hte iv a-t. our you can either buy trands that which means or pang somebody else to provide you a path to the foot the larger internet i internet exchange points are really crate way to exchange traffic with geologic lee local peer.
years a on their also great source of information an and then there's peer ing leyshon ships where your exchanging routes with with another single organization.
couple kind of hte iv a-t. got ges real quick i if you're starting to deploy b.g.p. in and and bring of trans and things like that you should be you should expect to be providing a letter of af to state or letter of agency to use me on basically of knowledge xing the they you are off to rise to announce the block see.
the say that you waun a announce noun expecting are in pih cross connect fees if you're in a data center called location on an nda but of the last point their human you may want at lee sta make some effort tem ick sure that your your fancy were dundon fiver isn't running through the same conduit because akon cause problems to a.
ft he so switching back to freebie a sti hear a on the talk about what we need to turn or freebie a sti into or outer and in a nut show you're looking at it ob pretty much everything we we need out a high level is he is done through our see got conned on what we're looking at here were defining our network in or faces.
now we're enabling route in and were enabling are routing dane and to and there's really not too much more than net in in reality on things like the land carp leg bundles are going to make this more complicated but wilma that's can happen anyway.
for how real quick on fire walling you you could now fire walling gen really i try to separate the filtering in the routing functionality it rolls on different machines but there are cases where it's it's useful the do filtering on your fire wall on the one thing to be aware of is keeping state on connections now when nw.
if you moved to a hood he if you're moving to a b.g.p. model where you've got multiple routers and up links it's entirely likely improbable that you traffic's going to come a commune one direction in goal awed another direction and if we're keeping state for that you're going have all sorts of hard to diagnose problems in you'll lose hair and just don't do it.
and so moving on tour routing dane an eye the running damon and using here is bird a on.
but its open source it's pretty wide lee whiteley used and couple highlights on at this to two version cent or current now we're going to talking about version one point six that's ports most to the common protocols that you're going a going to run into stool stacked i've the but can figuration structure is is simple in.
easy to get your head around now and it has a you till the call bird see which is very useful for more i controlling your it rodding in stenson an monitoring it is well.
i sell.
as we start to look back an r. and it at the tess network he or and now we're going take a look at some of these different relationships that that we're we're creating with bird and so we're looking at a portion of the tess network here on and we're going to be looking at it largely in the context i have this a hess one twenty three.
outer one a cell.
so are first really shun ship here is our relationship to another hass and that's going to be where we're using eby chea p.d..
and.
whit within the a hass we have multiple b.g.p. speakers a on in this is where we're going to be using ib cheapie to to share in communicate that x. turn or routing data to all of the different order routers on done on the network internal to the network were using ole us piaf fuzz i mention pte earlier ont to.
cover all the relet sir available eternally.
and then in additionally were using a couple of us static protocols i'll largely to as an means of injecting routes in to b.g.p. so rather than especially from the point of you have an end user rather than then blindly ie redistributing things in des b.g.p. we want to be.
very sure or re know what we're were injecting into that the global internet and so.
what with that in mind will take a look at how these relationships actually manifests themselves on a running bird and sort this point i've been moving to quicken the network isn't totally up yat.
and but hoped wih it is arpa nus here and that we can at least take a look at a couple of couple of things that are going on in bird me's or popol of the commands that i use most frequently just a get at and idea of what's going on.
and so show protocols is going to give you a i a quick bird's eye view of all he different protocol instance is that are running on your on your bird and what the status of the mark.
a if you want to diddy into a particular protocol instance i in see more d. tells about it we can do they out and this one fortunately has come up so we can talk about it a little that and so this is our or this is our be eby ge u p instance from this router out to its its up stream neighbor a.
a aam and we can see that the protocols up a ob than you nw trusting thing the usually the first thing that i go to look at ion when i'm pull in protocol is to see how many how many wrote sar being imported from this from this peer how many were ek sporting and which is which should correspond to just the stadd.
a grow pts that were injecting manually and then there's a prefer bl counter here this is how many routes that were knack sz lee per furring this this paf four.
i r bird see is also an n. interactive.
shell if i can spell it correctly.
which is actually probably even more useful because that has in lined help ron so we can do thes whatever waun from here like tell ppb or do re load its configuration if we've mates him configuration changes to it now our but generally we don't at do that because reem were running everything if through rance floor ict now an aunt's bulls going to handle that for us and.
and so i'm no when a long here we din look at the burgh can figure issue much is lie put the slide in here so i want forget about it and.
the so this is the the actual configuration that's striving what's going on on this router soul looking at the left hand side hear a lot of what we see it the at the very top is his bore loot boilerplate definition i'm liken spend a whole lot a time on it here the eye out the more interesting bits ours we at down into oil s. p.f. we can see that.
we've defined now interface is for each of the all us p.a each of the interface is we waun renno us p.f. on are some of them are rennie normal all us p of some of them are just step interfaces a ein particular are our were up link interfaces we home waun renno us piaf ion and i.u. can see the couple of static instances defined.
he or an os for static b.g.p. portable b.g.p. this is where rid finding the routes who huhne inject in to be ge u.p. a aam and the did the distinction between the two is more plec uppal in a in on mulled by site can figuration i'm going to get into that it in a little bet on and then up a bottom here we see our definitions for more art you be cheap you he and i pp.
i be cheapie sessions on and they look pretty bare here now we're really just don't defining what our neighbor is and the reason that they look so bear is because we're tem plating numb.
so these configurations or tem plated by an included file which i forgot to point out it to topple a faial where we plug all of our common configuration that's going to be the same for all of our p.g.p. hoon eby ch u p instances on this router we just plug it into a single template and then we can reuse in rees that in.
rees it and panned.
the there there's not a whole lot more there were worth fining here were defining or eight s. number and we are to fining ol a little bit of a hack your now to allow are our own eighty s. number to a pure in the a s. pah half a on the this is not generally allowed by b.g.p. on to prevent loops i.
on but it is useful if you're running mult i cite can figuration you don't have a prod up point to point lee in ck aam if we want to rope between the two sites we have to be able to allow the a ass number.
so looking at the bottom of the spy ol here and kind of cut off your butt a on out of the id g.p. temp ll age as largely largely the same has eby g.p. with just a cupped which changes.
snow the we've looked at the bird can figuration will look at the the actual template that that can figure ish an phylis is generated from and we're doing that with with an supple the you an spel uses the ginja template ing language now afer all of its tem plating plays.
and i use the sif for the play books and configurations well now nw.
and it's it's very fleck split dries information in from in vin tory you which is why refining it all there and it's basically what allows me to generate fifteen routers in the stem ince pte ration from what amounts to about one set of configurations.
you'll https jump to have and.
so we will take a look at these templates an so first will look back a the the in vin tory a little bit here and this is the inventory a again for router one a and our we've ghats the again some boilerplate at the top that's that's less interesting a but as we get down here into the network.
configuration again this is all arbitrary you can structure itn whatever way make sense to you now ha but were defining the ad dressing for each of our interfaces a owl refining what the yoon or what interface name it should be associated with on the case of some interfaces were defining cart addresses if we wanted to do if we won do high val billeted.
if they're refining what the all as p.f. or leyshon ship it is and then is we move down in to the bird section of this dictionary our restarting to see all of our are a roading relaid configuration mike what ari s. number is on we've got to section here that's that's defining what prix fixe as for going to be.
now add putting into the stadd a can portable protocols and if you look here we've got.
additional variables that are being pulled in using the double pp or aces aam which basically just means that i'm or i'm defining what these these lists are else were in the can figuration actually in group fars files because their common across a s one twenty three and then i'm pulling them in here you at the bonn.
with a file risi the definitions for or b.g.p. sessions an des gan because sss everything's very tem plated there's really not a whole lot that we need to define here looking over here on that a and right side and we're actually looking at the burdock conned file that's before its tem play to buy.
i nan supple noun so again here we see we see double braces which indicate that we're doing a variable substitution bringing something in from inventory and plug an it into the faial a aam.
a real.
the all us p.f. ft section here we're starting to see some wa ge ick being years re starring see a for loop where it's looping through all of the in finn the interfaces that are find in invent tory looking to see if it should be configured for owe us piaf on again we're doing looping to define then the static protocols a on basically taking everything that's in.
a list of a a lis tim in been tory and plugging it into this static protocol.
and and then at the bottom here we have another couple a sections again to define our b.g.p. instances.
i.
fine my slide show and.
and scheck to see if indeed our play book finished in the did and.
and so at this point are or are network should be fully route a bl fully built than routing an in now that that's done let's break it.
so what i'm going to do is run a a create a couple of fort failures within the network and and hw we can watch an see how b.g.p. response to those also going to demonstrate a couple it couple of useful management functions a eve that are pretty easily implemented using anse uppal a soul.
to the first thing that we're going to do is talk abut link failures because they happen soul looking again here to a lot of this is going to be in the context ob wv these bottom two clouds here which are both a este lund twenty three they're just two different sites think of it as a primary site d r site backup sate what have you.
so and.
it in our first case we're going to thes we're going to look at what happens to traffic flowing between the two site its if we if we happen to just fail lank soul under normal operations traffic going from sight a over to say the is going to take the short his path through a us one hundred.
a.s. three hundred and then back into the other site one ces link goes down obvious city one p.g.p. to figure it out and just do the right thing and use its other available uplink through a has two hundred one hundred three hundred and life is good.
so free flook will over her to my other consul's that are running and were got a couple things going on here we've got regatta connection into router one a and we're just.
wh watching the ould the db ago put coming from that damon and we have a trace rot running from the fire wall that set site a h. the pyre well sss at site be so nothing particularly fancy there.
and this is a case where we can use anse uppal.
we can use stay anse uppal command to do run a one uf command against anything that's in inventory sawn this case we're going tell the eight us one hundred aroud or that we wanted to shut down its the tea annette to blink.
the.
i.
so it's going to connect an do that in success and restart to sit pack and loss on our trace wrote and then within a couple seconds here answerer b.g. peep is going to pick up on the fact that it can't talk to its neighbor anymore ria justice roading table.
and if we're gri start the trace trace roj we see the were ste were still communicating were just communicating over a slightly different pasche and.
the next thing will talk about here and his site fail over.
an this is useful if you're running production service is from one site and you want to pick those service is up an start running them from your backup site and i with out having date to monk you with d.n. ass and and in and other resort other tricks like that sell it the process to do this is actually really simple.
and if lee look at the anse will configuration hear it it's really just riven by the it's just a reuse of the dennett roles and play book said we've already define for booed strapping the router's how aam if we look over in in vin to hoary out we're looking at a couple of group far files for eight us one.
when he three on on the left hand side here and the ta pain is is just for the site a a routers and rda fining but our location is a dumb below for the in tigray hass rir dis lining but that it the active wook ation as a lso a so really the the process of doing the fail over is just running a play book in telling.
when you anse bull passing euna very bl that said as you should re for med everything so that site be becomes active and then re load the an split can or reload that purred can figs and will be active it the new site din and not time flat.
or something approx known lee that.
in reality that id the fail a verse actually pretty quick come the order of of a couple a seconds.
i and.
so whole looking back that our windows hear her.
starting from what is actually are our anse uppal whole as ste.
in a star to trace row it into dub dip dub duddy s. one twenty three which is.
like going to work for me and.
fw.
but that well i.
and so we've got to trace right running and soul.
what than how work looks like you're.
now and you an had nother slide here so looking again at our network we have our an spel host way up here which is currently routing in torre portable address space which didn't make it on the diagram but it's just nother slashed twenty four in other slash forty eight that were knelt sing from whatever site is active the.
i so it's its roading into cited a.
to those portable address as so we won do is pick those addresses up and run than bring them in here we want to bring them in over here to cite been.
and so to do that we have a pre cook play book that here guen we own all we need do is fired a ob.
and suh looking at this playbook invocation.
and lo a if we open up the playbook there's rhyl yi fis really nothing going on there are the than.
now i was going chop bought than than i des an and.
this is the pl this is the extent of the play book that's going day to hand of us fail owe her and most interesting bits are really these last three tasks where we are or last for tasks here where which template are bird configuration files by colling the bird configuration rell we actually going update the an spel an inventory once.
threave made the change so the changes persistent within this so pssst i'm and then we reload the burgh configuration.
and then we make noise warning you that you've you dumb something they you should probably be aware of and.
so looking at the playbook in buik ation which wrecker playbook naiman were sp s. fang a couple of a gish unal variables on the clans line were telling at that its new active location shun be be and that once it's done doing what it wants to do that ish ould rican figure the bird instance as an active eighth the changes so.
now as that runs here.
row.
there are there is one one sani pte he check in the play book where pass' an and and has you confirm that yes in gene ied you're sure that you won an move your service is to the other site and yes for sher so it's going to go on can figure it's bird files.
and.
a dates a the inventory reloads spurred configuration.
wheat we see that a they debug star to update the palling and then a ff we look back at this trace route rather than going in des sate site a wee knell see that it's starting to go into sight be on its whey he into that portable service.
so next thing will will talk a bone terms of management is what happens of for want to d. prioritise aroud or if we want to bring or rod or downed for matan a nz i-aa or were having trouble with our upstream provider we just want to keep us much traffic off of that routers possible to reduce that isra pp shun id.
i roar a ties ing id is the way to gal.
fw so coming back tort trust you network diagram we already have a a link failure the and crudely our traffic between sites is coming in through a s three hundred for what happens if we want to bring this this roeder dallan perform eight inside it well we're fail over to our.
the our site you which may be getting a little bui contrived that it could happen so the way that we do that again is by loveridge ing the at it the an spool ll roles that we already have to find and here again just passing them a couple of different variables so that they thin manipulate the burgh configuration files a little bit different plane.
and.
and i have an example of the hat raise hear what we're looking at here is the eye bird b.g.p. include file on that's template id up by anse uppal and fick couple of parts that are our most interesting here is based on based on a variable death.
mission were changing the preference ob www the b.g. pete protocols for this router down from the default one hundred down to ninety nine so that any routes that come in over this protocol instance are going to be a are are going to be skipped in in the presence of the better aroud odd dal i'm below here.
we've got an export filter for routes that are being sent doll owed of this beach he p.a nz pte a nz and weird going to do b.g.p. path per pending.
which basically of mullen ce to inserting our own aid ass a number of additional times into the a yeah spath be ford we send a tore up string router are basically makes the path look art officially lawn andrs going to cause the recce to the internet to gul well i've got a better path over there i'm not going to send any traffic to this roeder.
perot so-o. here again it's it's just to case of of running another play book.
pp.
where once again we have a couple of variables defined aam.
huet names a side were telling an spel that we indeed want to then we indeed waun two d. prior ties aroud or are telling it which per or router that we want to d. pride or or ties which in this case is to be and we're telling it again that we want to to can figure the burj changes item had ical early and then a the can figure bird.
and variable is just in other sanity check that i like to use ion for cases where i may want to stage configurations but night necessarily activate them right away to but in this case we do so if we ft look back and at our trace roath that's running between sites we can says we can.
nw see that here again it's running through a s two hundred one hundred three hundred and back in torre are their site.
what once we run this play book this route is going become hackable lot less attractive and so-o. what p.g. pews actually going to do is it's going to say well this it this is a really long rao it but i've got this short or route by going up and around through a s..
fifty and back into our other uplink.
i so with that.
we'll see if it does what it's pl stir.
your gan its tits tem plating bird configurations.
i.
and there's there's no changes being made to the main bird configuration sol happening in the included files we rican figure bird we start to see changes immediately on our other router.
and our are wrote changes.
and if we reset that trace route we see that we have we still have kind of hte iv d. just over much longer path and.
joe forgot all my other.
things that are a to talked about through the very less thing that we're going to talk about and is what happens if we cause some or miss jeff because failing the link what's and fun enough what happens if we blow per hour.
so we have or link down we have our d. prioritise drought or but what's going to happen if we take outta router some were in he has fifty.
and and the of the answer here is that even though this this rohner is d. prioritised it's still a route into our network that will use if we don't have any other option.
sobel.
looking a guen we still have or tree sort running still av or law go put and if we flew pp over trier v hot beehive host.
we can tell beehive gia just power off the whole the sed.
and we media lee start seem pack a loss on are on or paf and once again one speech up you cut figures out that there's a problem starts to reconfigure itself.
than the network comes back to life.
and we can see that once again.
it is taking that what is actually short or path through two hundred one hundred and three hundred.
and life goes on your your pager goes off you say everything's good me go back that.
and with that that is what i have sole i'm interested freni questions e.u. may have.
i see the you weigh their simple you were a sheet years it here.
we're odds bitten bit it beat use would you.
which you we you you you can per hour exe iker or i use it you want you'd and him who that your heels hers a row the he it here and rapid ing their rate between sites a between between routers iod what when xer ok a on and supple i don't know that i would use it for failing.
for servers a klosters things like that i'm because the a it is slok now on.
you now i karpas a lot faster i'm so actually for case is i don't really talk about it on the in the slide show ein he were here and on but.
the between our two pp order rodders now regatta are our routers swith got a fire wall heard a cluster fi wall sitting behind it i'm actually use in carp on the border routers so that fire waugh can just seta des fall gate way it doesn't actually have to run b.g.p. and so than a firm for it a furrowed or fails within a second were or were back up in running life is good.
your buddy else.
a yes.
you it.
but are but will now i'm where in production or running freebie a steve physical hardware ion the anse bl does havel bay pham putting a lot of afer des into an building out my choules asked for controlling various now we're card where are so at this point there is their support for.
the skull a june a pair are it or.
it back to what it it and he.
numb am not a i'm not from the like without mn and from but on i'm night using i'm ny using an split control any and he fender hard were a on i haven't had a use case my free via sti boxes work great for b.g.p. and my switch an doesn't change enough for for me to a have.
have a good reason der to integrate anse abut with that.
will.
it hw hw.
but.
oh.
but.
heim and.
a.
now a fecund mish like kumpel it up your row quick.
fw.
as pl has a huge why burry of ob marjah waals that are are provided by core on you what a way.
it.
but.
it's get on.
it yet has it.
it it and.
and will.
on a he it and you jun.
old with a you're here i think the the acquisition by red had does has really puts him pressure nd of him don't a support a lot of enterprise products which is a good thing selvy am were support it of us support his got me huge.
so there's just a time no of flexibility that you don't have to reinvent.
and enter dish an we there there's ansa bullough galaxy which is now i a repository of pre-built roles and and other reuse bull cold that other people assam edited that their that's useful as well.
if you can read ist bake sack weight but uh uh i think going or think n using when exactly one one mohd shull from from galaxy does your to question hw or a it's i are so as the wh ll.
it's pp ce hwy ices it so using will as you them are you.
and i to and supple has a lot of built dan protection again send their bene number of phone abilities that a ben hw than an ben sss figured out surrounding badness scaping quoting now hr things like they how sheekey noun an ansa ples actually pretty good about acct now warning you when you're when you're doing something when you doing something you.
a should in be you know such a oh the known trusting klein din put that ume they you shouldn't be i with its whim some was a a exum a m will as is its and yeah.
it's it.
yeah that's son you notes it's our was or it's our is a pos a go ing in a concern.
yao up a it or or.
there are a are you know auc change paul a's that.
if you owe it your kick you you're on grams haroun there but and is here you there he knows where all your will were ghraib your quad here and graying and lme you it and it and you buddy also you should you.
now write than hang to add but but a and a nk could yes that should big and now now per protector controller i think as the bottom ein it and.
wh wealth nobody else has an he think like to thank if or come to you.
Loading...
Feedback

Timings

  382 ms - page object

Version

AV-Portal 3.19.2 (70adb5fbc8bbcafb435210ef7d62ffee973cf172)
hidden