Cloud Will Block Out the Sun

I love this picture :-)

I'm not an expert in AWS Cloud computing but lately i start working and studying about the AWS Cloud and more I read about it, more I find it interesting.

I'm a Network & Security Nerd and interested in exploring all the services and features AWS offer for Network & Security. I took few AWS courses which taught and exposed me to a whole new world about AWS architecture, all the AWS services and features, how to integrate them with each other, etc.

If you are a Network or Security person and want to pursue your career in Cloud domain, i would recommend you to take below training to get in-depth knowledge.

• AWS Security Essentials

• AWS Certified Advanced Networking – Specialty

• AWS Certified Security – Specialty

Below are the some important topics in AWS. There are many more features which AWS offer but i can't cover them all in one topic.

If you are working on AWS platform, if you are going to start working on AWS, you should know all of it.

• What is VPC and how to create it? How to connect private VPC with public network?
• What is IAM? How can we create different IAM policies?
• Relationship between EC2 instance and AMI?
• Difference between ELB and ALB?
• What is CloudTrail & CloudWatch and how you integrate them?
• How do you integrate CloudWatch event to send SNS topics?
• How do you enable VPC Flow Logs?
• What is AWS KMS & HSM?
• Network ACL’s v/s Security groups?
• Can we scale-up ec2-instances virtually?
• Is it possible to peer two VPCs with matching IP address ranges?
• What is AWS Cloud Formation?
• What are the templates in Cloud Formation?
• What are the parameters that are mandatory in AWS Cloud Formation templates?
• What is Autoscaling?
• What is the min & max instances in Autoscaling configuration?
• What is Elastic Bean Stalk?
• What is managed Platform?
• What is S3? What is versioning? What is life cycle management?
• What is AWS glacier?
• What is Cloud Front? How do you configure Cloud Front in AWS?
• What is Route 53? What is the use and how to work with it?
• What is CIDR (Classless Inter-Domain Routing)

Hope this is helpful. 

"More to come, lot to do"

Kamran Rafiq!

Technology Shifting Gears

Why is it that engineers still mainly using ping, traceroute, and human verification for network validation and testing?

 #The Network is an Application, Automate it!

Network Automation is everywhere now!

Network Engineers are gradually becoming "DevOps Engineers" and start using tools like Ansible, Puppet, Chef, and Salt to automate the network infrastructure. There are several python courses, network automation classes focused on Network Engineers where they showcase how you can efficiently automate your network with minimal to no human intervention. Start with basics and do simple task-specific automation like "output from the device". Continue doing this until you reach a level where you automate the components in the network and the system will execute without any human interaction.

#Treat your Network as Cattle, not Pets!

Don't let cows leave the server farm!

IT departments have traditionally treated devices as “pets” – that is, they are lovingly nurtured, nursed back to health when they get sick (stop working) and given affectionate or amusing names. Unlike a pet that requires love, attention and more money than you ever wanted to spend, your infrastructure should be made up of components you can treat like cattle – self-sufficient, easily replaced and manageable by the hundreds or thousands. 

#CLI or API? Wait...

API = nimble and flexible. CLI = brittle and difficult to manage.

CLI is not our biggest problem. We happen to be exposed to the CLI on a daily basis due to lack of automation tools. CLIs are hardwired scripts that work well in the short term but don't evolve as gracefully as true integration. APIs provide a more dynamic, fluid integration and binding between software and infrastructure. You can create an object model by implementing RESTful API, JSON or XML, NETCONF API or any other data manipulation protocol.

#Let's go to Cloud!

The Cloud Will Block Out the Sun!

When you update your Facebook status, Checking your bank balance on your phone, chatting and calling using WhatsApp, you’re using cloud computing. You’re in the cloud.

Cloud computing services fall into three major categories: Infrastructure as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS). Today, cloud computing is recognized as an invaluable tool for any organization, regardless of its size, market niche, or annual revenue. Cloud computing increases efficiency, helps improve cash flow and offers many more benefits…Flexibility, Disaster recovery, Scalability, Integration, Data security.

#Traditional Network to Software Defined Network (SDN)

With SDN, we’re making the network programmable.

SDN is needed because networks grow too big for manual configuration. SDN is centralized programmable software networks which separate the Control and Data planes allowing for provisioning and changes to be implemented at the same accelerated rate as the servers and storage around them. When an engineer needs to provision additional capacity or make changes to existing rules or regulations about data movement they do not need to connect to multiple devices and make manual changes. Creating a more agile, open network is the fastest way to close the gap between what the customer wants and what the network can provide and that you can achieve with SDN.

#Self-healing Network - Less Troubleshooting

Wouldn’t it be great to have our servers, systems, and networks solve their own problems?

Leading to more stable systems and networks in which System & Network administrators would be free to work on higher priority activities and be more productive. Network self-healing is when network problems are resolved without the need for humans to get involved. Your network automation tools detect and remediate outages, failures, and breaches of all kinds. 

Conclusion: The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency - Bill Gates

Understand the technology before you automate it!  

What is Ansible?

Ansible is an open source IT Configuration Management, Deployment & Orchestration tool. We can use Ansibles to automate cloud provisioning, configuration management, application deployment, intra-service orchestration etc. Ansible was bought by Red Hat in October 2015, it is now referred to as Ansible by Red Hat.

Ansible uses Playbooks for express configurations, deployment, and orchestration.

The Playbook format is YAML each and Playbook maps a group of hosts to a set of roles. Each role is represented by calls to Ansible tasks. Ansible does not require an agent on the host system for SSH. As long as Ansible can make an SSH connection to the target device, we should be good. Ansible is primarily used for server & network administration. 

There are two versions for Ansibles, free and paid. The paid version is called Ansible Tower which is an enterprise framework for controlling, securing and managing your Ansible automation with a GUI and Restful API.

Here I will show you how to install Ansible on Ubuntu Server.

I'm using Ubuntu 16.04 to install Ansible on my VMWorkstation but you can use any Linux OS.

1 - Installing Ansible

The best way to get Ansible for Ubuntu is to add the project's PPA (personal package archive) to your system.

sudo apt-add-repository ppa:ansible/ansible

You will need to press ENTER to accept the PPA addition.

Next, we will refresh our system's package index so that it is aware of the packages available in the PPA. 

sudo apt-get update

sudo apt-get install ansible

Once it's completed, run the below command to verify the Ansible version

ansible --version

2 - Configuring Ansible Hosts

Ansible keeps track of all of the servers that it knows about through a "hosts" file. We need to set up the Ansible Host file.

Open the file with root privileges:

sudo nano /etc/ansible/hosts

You will see a file that has a lot of example configurations, none of which will actually work.  Let's comment out all of the lines in this file by adding a "#" before each line. Once all of the lines are commented out, we can begin adding our actual hosts.

[group_name]
variable ansible_ssh_host=server_ip

In this example, we have a server which we are going to control with Ansible. We can access the server from Ansible by typing below command:

ssh root@server_ip

[servers]
HostA ansible_ssh_host=10.10.10.1
hostB ansible_ssh_host=10.10.10.2
hostc ansible_ssh_host=10.10.10.3

If you want to enable colorful terminal in Ubuntu, below are the commands:

Edit the file .bashrc in your home directory:

vim .bashrc

Uncomment the line that says ‘force_color_prompt=yes’ and save it. Then type the following:

source ~/.bashrc

Done!

Ansible is a very powerful tool and is going to change the way of automation in future.

I hope this will be helpful for you. This was a simple tutorial and there will be more to come.

Start to Network Automation

With Network automation in full swing, I was working on setting up my personal lab using GNS3. I tried to keep simple topology with a different flavor of device/vendors like Cisco, Palo Alto, Juniper, Linux etc. I integrated all those devices in GNS3, configured each virtual device, created multiple virtual interfaces etc. but it was not a cake walk, trust me! At the end, I was able to get all the devices configured as per my requirement.

I'm a newbie to scripting but I looked up on google and found bits and pieces of scripts, amended them as per my requirement. Then I wrote some basic Python scripts to automate some of the routine work. There are multiple ways to perform network automation by using different toolset like Ansibles, RESTful APIs, Yang, Netconf, even traditional CLI-scraping. Many network operating systems support APIs like Cisco support Python API, Juniper Junos supports PyEz etc.

Here is my GitHub repository:  GitHub Repository

I encountered a few issues while configuring all those devices. Here are a few tips which will help and save your time while configuring virtual devices:

> Initial setup on Ubuntu 14.04:

• Update repositories.

root@mail:/# apt-get update
root@mail:/# apt-get upgrade

• Install SSH Server

root@mail:/# apt-get install openssh-server
root@mail:/# apt-get install openssh-client

• After installation, configure ssh server. Open ssh config file with the following command:

root@mail:/# nano /etc/ssh/sshd_config
root@mail:/# service ssh restart/reload

> JUNIPER vSRX:

• Perform the basic configuration on a vSRX machine:

root# set system host-name vSRX
root# set system domain-name XXXX
root# set system root-authentication plain-password XXXX
root# commit

root@vSRX# set interfaces ge-0/0/0 unit 0 family inet address XXXX/X
root@vSRX# set interfaces ge-0/0/1 unit 0 family inet address XXXX/X
root@vSRX# set system name-server XXXX

root@vSRX# set routing-options static route next-hop XXXX
root@vSRX# set security zones security-zone Trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all

> Palo Alto:

• Basic configuration on a vSRX machine:

admin@PA# set deviceconfig system ip-address XXXX
admin@PA# set deviceconfig system default-gateway XXXX
admin@PA# set deviceconfig system dns-setting server primary 8.8.8.8
admin@PA# commit

Now we can access GUI by web browser using https://xxxx
login using name=admin and password=admin 

Now, let's get started on more complex topology and configuration! Looking forward to create multiple scripts and services to automate network effectively. :-)