How many times have you locked yourself out of your device? In my professional career, this happened to me several times when I was either configuring AAA or making any routing related changes. Usually, the reason for this is the human error associated with invalid configuration. Some vendors offer a commit model that allows you to apply the configuration and then save it to the system by committing the change. As we know not all vendors offer the commit model approach and when a change is introduced in the system, such a change is pushed immediately. This approach means that sometimes, as a result of an erroneous change, we may lose access to the device, create loops, shutdown the interface we didn’t want, etc. In such a situation, we often have to use the console to gain access back to the device, if we have one, in the worst case, if the configuration has not been saved to the device, we can ask someone who has physical access to the device to reboot the device.Continue reading
Useful Arista commands
In this post I would like to show you some useful commands available on the Arista switches that you can use in your daily work.
The first command that is very useful is the watch command, which repeats the given command at a specified interval and can additionally display the differences between individual performances.
For example, if we want to monitor CRC errors on a given interface, instead of repeating the show int x / x several times, we can use the watch command, which will run the above mentioned command automatically every 2s and display information as shown below.Continue reading
CloudVision Portal – Part 1
In this blog I will show you how to install Arista CloudVision Partal (CVP) and discuss the basic functions that can be performed through the portal. CloudVision is a solution for network management and work automation. The CloudVision portal can be managed via the interactive interface EOS CLI, eAPI or directly from the GUI. This tool allows you to build hierarchical configurations, monitor various system parameters in real time, change software versions and much more. The CVP works on ESX or KVM hypervisors and can be configured as a single server or cluster. Due to the scalability and redundancy, it is recommended to implement the cluster.
In this post I intend to demonstrate the implementation with one node due to the lack of computing resources on my home server. Arista’s official documentation says ESX and KVM are the recommended hypervisors for CVP. Due to the fact that I do not have ESX and KVM on my computer, I intend to run CVP on a VMWare workstation. Before I show you how to install CPV, I must first possess the right CVP image. CVP can be downloaded from the official Arista website, but only with a valid technical support contract.
In this example I will use OVA cvp-2019.1.2.ova template. I will first import the OVA template and then show you the basic steps required during the first installation.Continue reading
NSX Edge Packet Capture
Packet capture on the NSX Edge is relatively simple and can be helpful during troubleshooting process. In this blog I will go through required steps to run packet capture and export a file to external ftp server to view it in the Wireshark.
In my example I have few interfaces on the NSX Edge as shown below.
I am going to run packet capture on the DMZ interface which is vNic_1. You can check the interface status on the NSX Edge running following command show interface vNic_1Continue reading
My CCDE journey.
I have been asked so many times what I did or what was my learning path to achieve my CCDE. I have never shared my story before however many people asked for more information so I decided to write up something, which I am hoping will be helpful for other people dreaming about the CCDE certification..
One thing to note that before you start your own journey to achieve the CCDE certification, you have to understand that this is a huge time and energy commitment, and you will have to put your family, friends, hobbies, etc. aside to fully dedicate yourself to this program in order to be successful.
On November 17th 2017, I was able to pass the CCDE Practical exam in London and became certified as CCDE #20170060.Continue reading
Arista – BGP EVPN virtual L4-L7 service insertion.
In this blog I am going to show you how to provide L4-L7 service insertion within BGP EVPN fabric especially using eBGP between appliance and leaf pair switches. The challenge with L4-L7 service insertion is that such appliance can be deployed as virtual machine and could be easily migrated (vMotion) at any point across different ESX hosts connected to different leaf switches. That’s often seen in multi tenant environments where end customers are not big enough and they don’t need powerful physical appliance to provide L4-L7 service. If this is a case and there is a business requirement to engaged dynamic routing protocol between fabric and appliance, you must be sure that after migration of the appliance it can re-establish adjacency fast enough to minimize business impact.
Below is a network diagram which I am going to use to show configuration steps and some design consideration to achieve end-to-end connectivity for such design requirements.Continue reading
LISP (Locator/ID Separation Protocol) – Part II PxTR
In previous blog I described basics functional keys of the LISP and how it works for LISP-to-LISP site communication. In this part I am going to focus on how to interconnect LISP site to non LISP site. There is a challenge to provide communication between LISP and no LISP sites because they have completely separate database of connectivity information and use different control plane protocols. The whole idea behind the LISP is a separation of EID and RLOC so using any redistribution mechanism between LISP and non LISP site would contradict the entire purpose of LISP, which is locator and identifier separation.Continue reading
LISP (Locator/ID Separation Protocol) – Part I
This is first blog about the LISP (Locator/ID Separation Protocol) defined in RFC 6830 https://tools.ietf.org/html/rfc6830, which is a future reach routing architecture. First I am going to provide some information about the LISP and then focus on some practical examples for LISP-to-LISP site communication. The LISP separates the location from the identity, in other word it separates the end user device identifiers (EID) from the routing locators (RLOC). Let’s look at some main components of the LISP. The following are some of the key components that build the LISP architecture:Continue reading
Citrix SD-WAN – part 2
In this blog I will describe how to setup and configure BGP between Citrix SD-WAN appliance and rest of the network infrastructure when deploying Citrix SD-WAN in gateway deployment. Also I am going to show how to create custom rule to match specific flow and steer such traffic over virtual path
I am going to use below topology to setup BGP for SD-WAN in in-line deployment and test some its functionalities.
Let’s configure BGP at DC site first, for Branch side process will be exactly the same. To configure dynamic BGP peering go to Configuration->Connections->BGP enable BGP process, provide BGP router-id and AS number. Make sure that Advertise Citrix SD-WAN Routes option is tick, otherwise routes which are learned on the Citrix appliance won’t be advertised to other BGP peers.Continue reading
Citrix SD-WAN basic deployment part 1
In this blog I will show you how to deployed basic Citrix SD-WAN. To demonstrate this I am going to use simple below topology.
First you have to create new configuration and to do so go to Configuration->Virtual WAN->Configuration Editor and press New to start new configuration. Then you can save this configuration file with default name or you can create your own.
The next step is to define new Sites and in this example for simplicity one site is called DC and the other is called Branch. Navigate to Configuration Editor – > Sites, and click the “+” Add button to create new sites. First lets start with DC. This example is based on the virtual appliance VPX but in real scenario you have to pickup your specific model. DC site is configured as primary MCN and branch as client.Continue reading