Ansible for Networking - Part 2: The Lab environment

This is the second part in my ongoing series on using Ansible for Networking, showing how to use Ansible to configure and manage equipment from multiple networking vendors. In the “Start of the series” post, I mentioned that the lab would consist of: - The KVM hypervisor running on Linux A virtual machine, running CentOS 8, that will run: - FRR - Acting as a route server Syslog Tacplus (for TACACS+ integration) Two routers/virtual machines of each vendor, one running as an “edge” router, one running as an “internal” router A control machine that Ansible will run from, over a management network to all machines This post goes through the Hypervisor, setting up the CentOS 8 virtual machine, and the control machine. [Read More]

Ansible for Networking - Part 1: The start of the series

For those who have been reading my posts for a while, they’ll know that while currently I’m a DevOps Engineer, I spent the previous decade managing and configuring service provider networks. For the majority of that time, the network was configured by hand. The closest most people in the industry had to an automation toolset was either using a spreadsheet with variables, their own scripts they had created, or delegating the task to multiple junior engineers. [Read More]

OpenBSD: High-Availability Firewalling

While most posts on this site usually concern Linux, I have a bit of a soft spot for OpenBSD. OpenBSD is an operating system from the Unix lineage, started in Bell Labs many years ago, eventually giving rise to the Berkley Software Distribution (BSD). The most known versions of BSD are NetBSD (who focus on portability, running on pretty much any hardware), FreeBSD (who focus on covering as many purposes as possible) and OpenBSD (who focus on security, sometimes at the expense of performance). [Read More]

DNS Anycast: Using BGP for DNS High-Availability

DNS has a number of mechanisms for redundancy and high availability. More often than not, clients will have a primary and secondary nameserver to talk to. However, if the primary nameserver fails for whatever reason, then the queries to the primary usually need to timeout before attempting queries to the secondary. Also the speed of general web browsing can often be dictated by how long it takes to receive a valid DNS response to the query. [Read More]