Anyone from OpenAI?

2023-10-02 Thread Yan Filyurin 
Is there anyone from OpenAI on this list who could reach out to me?  This
has to do with OpenAI access.  Thank you!

Yan Filyurin
Oracle Cloud Infrastructure
yan.filyu...@oracle.com

Re: JunOS config yacc grammar?

2023-08-24 Thread Yan Filyurin 
It may have been covered already, but another place to look is at code for
Batfish

https://github.com/batfish/batfish

https://www.batfish.org/

Its goal. and there are even podcast episodes that cover it:

https://www.podchaser.com/podcasts/episode-archive-packet-pushers-1755/episodes/heavy-networking-658-using-bat-156733916

https://blog.ipspace.net/2019/09/intent-based-networking-with-batfish-on.html

was to parse configs and out of that derive overall topology forwarding
graph and do config verification, so the tool itself may be of some use,
but for their parsing they use ANTLR, so you can reuse some of the code.

Which would be a pretty useful functionality, because then you could build
router stack independent policy processors and verification.

And it would be nice to have RC9067 policy parser and compiler into
proprietary config schema of one's choice.  With some verification.

Yan



On Thu, Aug 24, 2023 at 1:04 PM Warren Kumari  wrote:

>
>
>
>
> On Thu, Aug 24, 2023 at 10:10 AM, Christopher Morrow <
> morrowc.li...@gmail.com> wrote:
>
>> On Tue, Aug 22, 2023 at 11:39 PM Grant Taylor via NANOG 
>> wrote:
>>
>> On 8/21/23 7:09 PM, Diogo Montagner wrote:
>>
>> I would first try to understand what you are trying to achieve. JUNOS is
>> very flexible on this front and I am wondering why you think yacc is the
>> right way to achieve what you are trying to do.
>>
>> Drive by comment:
>>
>> Perhaps the OP is trying to parse a (pile of) config file(s) downstream
>> of the generation thereof and has no ability to alter their generation.
>>
>> this is a common problem (or is common when I look at things, perhaps I'm
>> looking wrongly, but...)
>> I'd love to have something that parsed all of my device type configs and
>> output the results into a
>> 'database' that i could then ask questions of like:
>> "Hey, what NTP servers are configured on all devices?"
>> "Hey, which devices have this  configured on
>> them?"
>>
>>
>>
>
> Isn't this YANG/NETCONF, and squish it all into DB/directory full of files?
>
> Basically a more standardized format for representing device
> configurations / states?
>
> W
>
>
> There are a host of other things I could ask those are but 2 simple
>> examples, and YES I can
>> grep/sed/awk|sort|uniq|sort-rn my way to success for the 2 examples I
>> provided... but really
>> that's NOT the way I want to do this, and I do really have a bunch of
>> other questions I'd
>> like to ask, regularly, to solve rollout-of-new-feature / compliance /
>> legal / troubleshooting / etc
>> questions.
>>
>> In looking around there are examples of some of this, in a way, the most
>> common thing
>> I end up looking at, and getting sad about, is some java monstrosity
>> (who's name escapes me)
>> but has shown up in a few nanog presentations over the years... it makes
>> me sad because it's
>> not super useful in my world :( 'hard to use' is probably the best way to
>> describe it.
>>
>> One note about XML and Juniper, the schema changes by OS version, it
>> changes quite a bit :(
>> You CAN parse through it reasonably well with python lxml.Etree, because
>> (I think) python's parse
>> is VERY forgiving. If you attempt this path with golang :( you will be
>> sad, very sad :( because
>> the go->xml world is very 'build a struct of structs that mirrors the xml
>> tree' and 'changes at every
>> OS version' means now you have a LOT of versions of that :( maintenance
>> gets back to saku's
>> comment about feature velocity :(
>>
>> I do see:
>> https://pypi.org/project/juniper-nxpy/
>>
>> which may be useful to you as well Lyndon.
>> (I'd also point to tftp as not being the super best option from a
>> security and reliability perspective,
>> but if that's what you've got that's what you've got... you COULD have
>> the switch cronjobs curl/post
>> to an https destination with little hard work, and a gain in
>> reliabilty/security)
>>
>> -chris
>>
>
>

Re: 10G CPE w/VXLAN - vendors?

2023-06-14 Thread Yan Filyurin 
There may be a few more places to go searching.  I am not saying you will
find anything, but worth looking into, assuming Mikrotik won't help. :)

Check out what various SD-WAN vendors have to offer.  Now, SD-WAN has about
46 definitions, as many as vendors (surviving vendors that is), but
underneath all of them, it is some sort of box with a CPU, a semi-smart NIC
with a bunch of ports and routing stack that happens to support L2
transport and can overlay it on top of any WAN transport, including regular
IP underlay that can run on these fiber paths. The one of note is Versa.
Besides BGP and overlaying, you may even get a useful multi-layer control
plane out of it, which under the hood of all marketing definitions is all
the things you are familiar with.   And data plane that can actually do
10G.

Check out some of the Broadcom Qumran half-ru switches.  Something like
that:

https://www.etb-tech.com/dell-networking-s4112f-on-switch-12-x-10gb-sfp-3-x-qsfp28-ports-sw00237.html

There are a few other vendors besides Dell and Dell OS does have your basic
P2P VXLAN and EVPN as VXLAN control plane. There are a few others including
open source options. But you are using these small half-ru Broadcom Qumran
and Trident reference designs.

And finally as you go on that search, you can always build your own.  All
you need is $100-200 mini-pc, Linux on it, some form of optimized forwarder
and open source routing stack.

There are people out there who supposedly did that with Raspberry Pis and
used Linksys routers.  Not that you should do it, but shows that there are
options and don't count on 10G!

Yan



On Wed, Jun 14, 2023 at 4:46 PM Arie Vayner  wrote:

> Not sure how much of "CPE" it needs to be, but for example the whole Cisco
> Catalyst 9K product line (including the smaller C9300 switches) support the
> whole EVPN/VXLAN stack).
> A similar set of products exist on the Arista side (e.g. 7xx switches) as
> well as Juniper EX4400 products...
>
> On Wed, Jun 14, 2023, 11:53 Adam Thompson  wrote:
>
>> Hello, all.
>>
>> I’m having difficulty finding vendors, never mind products, that fit my
>> need.
>>
>>
>>
>> We have a small but growing number of L2 (bridged) customers that have
>> diverse fiber paths available, and, naturally, want to make use of them.
>>
>> We have a solution for this: we extend the edge of our EVPN VXLAN fabric
>> right to the customer premise.  The customer-prem device needs 4x10G SFP+
>> cages (2 redundant paths, plus LAG to customer), and the switches we
>> currently use, Arista 7020Rs, are quite expensive if I’m deploying one one
>> per customer.  (Nice switches, but overkill here – I don’t need 40/100G,
>> and I don’t need 24 SFP+ ports.  And they still take forever to ship.)
>>
>>
>>
>> We use RFC7438 §6.3 “vlan-aware-bundle” mode, not §6.1 “vlan-based” mode,
>> which limits our choices somewhat.  I might be willing to entertain
>> spinning up a separate VXLAN mesh using RFC7438 §6.1 (“vlan-based”) and
>> static VTEPs if it saves me a lot of pain.
>>
>>
>>
>> However, I’m having trouble finding small & cheap*er* 1U (or even
>> desktop/wallmount) devices that have 4 SFP+ cages, and can do VXLAN, in the
>> first place.
>>
>> Who even makes CPE gear with SFP+ ports?  (Other than Mikrotik
>> CRS309-1G-8S+IN / CRS317-1G-16S+RM, which are nice, but our policy requires
>> vendor support contracts, so… no-go.)
>>
>>
>>
>> Vendors?  Model#s, if you happen to know any?
>>
>>
>>
>> Reply here or privately, whatever floats your boat – any pointers
>> appreciated!
>>
>>
>>
>> *Adam Thompson*
>>
>> Consultant, Infrastructure Services
>>
>> [image: [MERLIN logo]]
>>
>> 100 - 135 Innovation Drive
>>
>> Winnipeg, MB R3T 6A8
>>
>> (204) 977-6824 or 1-800-430-6404 (MB only)
>>
>> https://www.merlin.mb.ca
>>
>> Chat with me on Teams
>> 
>>
>>
>>
>

Re: End to End testing

2019-12-12 Thread Yan Filyurin 
I had relatively little experience, but this may fit the requirement.

https://www.rad.com/products/Pluggable-PNFs-SFPs/MiNID-Ethernet-Demarcation-SFP 


There two other vendors that make something similar. 



Also this had positive feedback from some people. 

https://www.sproute.com/ 

And almost anything that markets as “SD-WAN”, but you may have to sort out 
through a lot of vendors. But some run on some pretty cheap under $200 devices. 
 



> On Dec 12, 2019, at 10:35 AM, Dovid Bender  wrote:
> 
> Are you looking to see what happens if latency is added? Have a look at  
> https://iwl.com/products-solutions/products/maxwell-pro 
> 
> 
> 
> 
> On Thu, Dec 12, 2019 at 9:54 AM Fawcett, Nick via NANOG  > wrote:
> Anyone have any suggestions on devices that I can put at two points in the 
> network to test packet loss, latency, jitter etc.  I was thinking of maybe 
> engineering my own using a couple of pi’s,  but the downfall is they don’t 
> have SFP ports.  I’m looking for something that’s portable and easy to 
> configure and drop in.  Thanks.
> 
>  
> 
> ~Nick
> 
>  
> 
> -- 
> Checked by SOPHOS http://www.sophos.com

Re: Viability of GNS3 network simulation for testing features/configurations.

2019-10-16 Thread Yan Filyurin 
This also depends on your scale.  If you have lots of routers, you would end up 
with lots of compute to run the VM instances.  If you get the compute (which is 
cheap comparing to actual network hardware), you would need a "cloud 
orchestration” tool and a a system to connections from host to host like some 
form of overlay networking. 

GNS3 would do a good job, but for something with a bit more orchestration APIs. 
 There is this:

https://networkop.co.uk/post/2019-01-k8s-vrnetlab/ 


And the nice people who even show up to NANOG every once in a while:

https://www.tesuto.com/ 

There are a few other tools that people built on their own if you scrub GitHub. 
 I even felt into that trap and exploring VRnetlab. 

But numerous things were achieved.  Yes, you would miss out on all the hardware 
bugs, hardware adaption layer issues and maybe a scale issue or two, but with 
enough instances, route generators and maybe even some application (some of 
these things can even forward traffic), you could discover 90% of things that 
can go wrong. 

And you get the flexibility of downloading evaluation images of all kinds of 
things, so maybe you can avoid spending any money. 

Yan




> On Oct 16, 2019, at 12:03 PM, Jason Kuehl  wrote:
> 
> I did this at my current company with also using VM Palo Alto.
> 
> Greeting of testing out a plan to make sure its insane. 
> 
> The key it keeping its all up todate down to the firmware version (I know its 
> not possible for some because virtual) 
> 
> The things this wont find are hardware related faults or issues.
> 
> On Wed, Oct 16, 2019 at 11:52 AM Ryland Kremeier  > wrote:
> Hello,
> 
>  
> 
> I’m currently in the process of setting up a near identical network to our 
> own in GNS3 for testing purposes. Has anyone here tried this before to any 
> success? We need to buy the Cisco IOSv image to continue with the sim so I 
> figured I would inquire here first before diving in.
> 
>  
> 
> All info is appreciated,
> 
> --
> 
> Ryland Kremeier
> 
> 
> 
> -- 
> Sincerely,
>  
> Jason W Kuehl
> Cell 920-419-8983
> jason.w.ku...@gmail.com

Re: Graphical databases ?

2019-10-11 Thread Yan Filyurin 
I am also in the process of consideration, but there are people out there who 
did a lot more more.  

https://github.com/corestate55/netomox 

Some ideas could be borrowed. And the use of RFC8345 is very interesting 
because it is hopefully an evolving standard.  If only someone could do 
something similar with Openconfig models. 

With that being said there are all kinds of other database alternatives.  I can 
think of several other graph databases and I even heard of people using MongoDB 
as graph database.

There are also tools like Gephi that are more in line as graphical tools as 
opposed to graph databases.  So it is a matter of finding the right frontend 
and with the right graph database backend. 

There was some experimentation with Cytoscape and and the idea was not 
necessarily to keep inventory, but be able to simulate dependencies and do 
analysis like indirect impacts.  

It does not directly answer the question, but hopefully gives some ideas. 

Yan

> On Oct 11, 2019, at 5:05 AM, Simone Ricci  wrote:
> 
> Hello Craig,
> 
> although I think we’re slightly off topic here, please be aware that neo4j is 
> not a graphical database (eg. it doesn’t aim to be gui-driven), but a *graph* 
> one: this characteristic tells you about the paradigm the db engine uses to 
> organize and indicize data; it’s just another flavour, the others being - for 
> example - relational and document databases.
> 
> Operationally wise is quite hassle free, also has an integrated backup tool 
> which does its job; being a java application it consumes a fair amount of ram 
> just to run :-)…it uses lucene under the hood (just as elasticsearch does), 
> so memory wise you should take dataset size into account and plan 
> accordingly. Our dataset is very small so I can’t be very helpful on this 
> matter. Runs nicely in docker and there’s also an official image.
> 
> I use it for outside plant documentation, for me does its job definitely 
> better than an excel file, but it’s not so user friendly: the data 
> visualization tool does its job but feels more a PoC than a mature 
> application, and it’s read only…so for data entry you have to manually write 
> queries. I’m looking to integrate it with a proper GIS solution in the future.
> 
> TL;DR: it’s fine if you want to use it as a database for your application, 
> but it’s not a complete application by itself (even if the integrated data 
> visualization tool does its job pretty well). Operationally wise is a piece 
> of cake, also runs nicely in docker.
> 
> Regards
> Simone
> 
>> Il giorno 11 ott 2019, alle ore 04:14, Craig > > ha scritto:
>> 
>> Has anyone used the graphical data base software:
>> https://neo4j.com/ 
>> 
>> I looked at this software several years ago, but it will still relatively 
>> new. 
>> We are exploring using this to create dependencies of our network 
>> infrastructure hardware, customer information, etc. etc. 
>> 
>> here is an example:
>> https://neo4j.com/graphgist/network-dependency-graph 
>> 
>> 
>> For those that have used it:
>> Has anyone been able to successfully use this for their networks? 
>> pros/cons/good/bad
>> 
>> Is maintaining the data a chore? 
>> Has it helped operationally?
>> 
>> if anyone has any input would appreciate hearing from you;
>> 
>> thanks;
>> 
>> CPV
> 
>

Re: Ingress filtering from an external cloud service to the internal network

2017-05-05 Thread Yan Filyurin 
I just read an article about these people.  They are even more interesting
than Illumio or these other VPN solutions. The important part is that you
get to stitch tunnels together on some other host, so the changing IP of
endpoints is irrelevant.

http://zentera.net/



On Fri, May 5, 2017 at 11:13 AM, George William Herbert <
george.herb...@gmail.com> wrote:

> You can usually run OpenVPN from a cloud host. The source IP changing
> possibly should require only one open exception to the local VPN
> termination point.
>
> Better, find a cloud that doesn't do that shit with changing endpoints and
> gives you real VPNs.  What sort of cloud doesn't these days?...?...
>
>
> Sent from my iPhone
>
> > On May 4, 2017, at 10:08 AM, Torres, Matt 
> wrote:
> >
> > Unfortunately, a private connection or VPN to the cloud service provider
> is not available right now, but I can see how that could help solve my
> problem. :-)
> > ~Matt
> >
> >> Is it possible for you to get a private/direct connect service from
> your network perimeter to the cloud provider and eliminate using the public
> connectivity?
> >>
> >> Or because its Internet-based you have to use public connectivity?
>

Re: Ingress filtering from an external cloud service to the internal network

2017-05-05 Thread Yan Filyurin 
Since you can't change the design you may not be able to put some kind of
overlay solution in place, which is just a fancy way of saying a VPN
solution.  What if you look at it in a different way and put some kind of
endpoint security cloud solution like Illumio.

But if you at least had the freedom to put something like this:

http://www.sproute.com/span

in place or 20 other similar solutions. As in you do VPN, but right from
the cloud instance itself or another instance.  There is also a set of
various solutions that do specialized metadata like Cilium, but they get
into container networking and that is definitely application redesign.

On Thu, May 4, 2017 at 1:08 PM, Torres, Matt 
wrote:

> Unfortunately, a private connection or VPN to the cloud service provider
> is not available right now, but I can see how that could help solve my
> problem. :-)
> ~Matt
>
> > Is it possible for you to get a private/direct connect service from your
> network perimeter to the cloud provider and eliminate using the public
> connectivity?
> >
> >Or because its Internet-based you have to use public connectivity?
>

Re: TE offline tools

2014-11-06 Thread Yan Filyurin 
And Open Source tool called TOTEM (Toolbox of Traffic Engineering Methods)
exists.  It has not been maintained since 2008 and was done as a university
research project.  You can do some things with it that you can do with the
likes of Cariden and WANDL and it takes XML files.  It is a bit of a pain
to use, but can be extended.  Another Open Source tool with similar issues
and no GUI is CSPF simulator, which runs some algorithms and you can give
it topology and demands and it can give you optimal LSP placement.  Again,
requires a learning curve and was actually Cisco side project a while ago.

And finally, if you can program, you can take Python NetworkX library which
provides SPF algorithm, which can be adopted for CSPF and you can look up
some popular algorithms on the Internet and implement them. And then use
some tool to create graphs.

But in reality Cariden and WANDL are actually pretty vendor agnostic, and
you can easily adapt them for anything.  There are people who run Juniper
networks and use Cariden and Cisco NSPs that use WANDL.   And they are
entering DC underlay world as well.  They cost money, but you do get what
you pay for.

Yan



On Sun, Nov 2, 2014 at 9:22 PM, Phil Bedard bedard.p...@gmail.com wrote:

 You can look at tools like NS2/NS3 or OMNet++, but these are not going to
 do what you want out of the box, they are a framework for network
 simulation but you'll have to program them to do what you want, they are
 more used in academic settings.

 If you want a nice interface you are kind of stuck right now with the
 commercial offerings from Cariden, OpNet, WANDL (now Juniper), and Aria
 Networks.  Most of those packages are extensible via scripting if you want
 to do additional things.


 Phil

 On 11/2/14, 3:15 AM, Mohamed Kamal mka...@noor.net wrote:

 
 I'm aware about the Cisco MATE software, but I'd prefer an open-source,
 vendor-agnostic one, something that in-house imporvements can also be
 achieved.
 
   On 11/2/2014 12:01 PM, mohamed Osama Saad Abo sree wrote:
  You can use Caridan tool, Cisco own it currently and it does all the
  computation needed and can draw your network topology
 
 Mohamed Kamal
 Core Network Engineer