How to Use Ansible with CML

How can Ansible help people building simulations with Cisco Modeling Labs (CML)?

Similar to Terraform, Ansible is a common, open-source automation tool often used in Continuous Integration/Continuous Deployment (CI/CD) DevOps methodologies. They are both a type of Infrastructure as Code (IaC) or Infrastructure as Data that allow you to render your infrastructure as text files and control it using tools such as Git. The advantage is reproducibility, consistency, speed, and the knowledge that, when you change the code, people approve, and it gets tested before it’s pushed out to your production network. This paradigm allows enterprises to run their network infrastructure in the same way they run their software and cloud practices. Afterall, the infrastructure is there to support the apps, so why manage them differently? 

Although overlaps exist in the capabilities of Terraform and Ansible, they are very complementary. While Terraform is better at the initial deployment and ensuring ongoing consistency of the underlying infrastructure, Ansible is better at the initial configuration and ongoing management of the things that live in that infrastructure, such as systems, network devices, and so on. 

In a common workflow in which an operator wants to make a change to the network, let’s say adding a new network to be advertised via BGP, a network engineer would specify that change in the code or more likely as configuration data in YAML or JSON. In a typical CI workflow, that change would need to be approved by others for correctness or adherence to corporate and security concerns, for instance. In addition to the eyeball tests, a series of automated testing validates the data and then deploys the proposed change in a test network. Those tests can be run in a physical test network, a virtual test network, or a combination of the two. That flow might look like the following:

The advantage of leveraging virtual test networks is profound. The cost is dramatically lower, and the ability to automate testing is increased significantly. For example, a network engineer can spin up and configure a new, complex topology multiple times without the likelihood of old tests messing up the accuracy of the current testing. Cisco Modeling Labs is a great tool for this type of test. 

Here’s where the Ansible CML Collection comes in. Similar to the CML Terraform integration covered in a previous blog, the Ansible CML Collection can automate the deployment of topologies in CML for testing. The Ansible CML Collection has modules to create, start, and stop a topology and the hosts within it, but more importantly, it has a dynamic inventory plugin for getting information about the topology. This is important for automation because topologies can change. Or multiple topologies could exist, depending on the tests being performed. If your topology uses dynamic host configuration protocol (DHCP) and/or CML’s PATty functionality, the information for how Ansible communicates with the nodes needs to be communicated to the playbook. 

Let’s go over some of the features of the Ansible CML Collection’s dynamic inventory plugin. 

First, we need to install the collection: 

ansible-galaxy collection install cisco.cml 

Next, we create a cml.yml in the inventory with the following contents to tell Ansible to use the Ansible CML Collection’s dynamic inventory plugin: 

plugin: cisco.cml.cml_inventory 

group_tags: network, ios, nxos, router

In addition to specifying the plugin name, we can also define tags that, when found on the devices in the topology, add that device to an Ansible group to be used later in the playbook:

In addition to specifying the plugin name, we can also define tags that, when found on the devices in the topology, add that device to an Ansible group to be used later in the playbook:

• CML_USERNAME: Username for the CML user
• CML_PASSWORD: Password for the CML user
• CML_HOST: The CML host
• CML_LAB: The name of the lab 

Once the plugin knows how to communicate with the CML server and which lab to use, it can return information about the nodes in the lab: 

ok: [hq-rtr1] => { 

    "cml_facts": { 

        "config": "hostname hq-rtr1\nvrf definition Mgmt-intf\n!\naddress-family ipv4\nexit-address-family\n!\naddress-family ipv6\nexit-address-family\n!\nusername admin privilege 15 secret 0 admin\ncdp run\nno aaa new-model\nip domain-name mdd.cisco.com\n!\ninterface GigabitEthernet1\nvrf forwarding Mgmt-intf\nip address dhcp\nnegotiation auto\nno cdp enable\nno shutdown\n!\ninterface GigabitEthernet2\ncdp enable\n!\ninterface GigabitEthernet3\ncdp enable\n!\ninterface GigabitEthernet4\ncdp enable\n!\nip http server\nip http secure-server\nip http max-connections 2\n!\nip ssh time-out 60\nip ssh version 2\nip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr\nip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr\n!\nline vty 0 4\nexec-timeout 30 0\nabsolute-timeout 60\nsession-limit 16\nlogin local\ntransport input ssh\n!\nend", 

        "cpus": 1, 

        "data_volume": null, 

        "image_definition": null, 

        "interfaces": [ 

            { 

                "ipv4_addresses": null, 

                "ipv6_addresses": null, 

                "mac_address": null, 

                "name": "Loopback0", 

                "state": "STARTED" 

            }, 

            { 

                "ipv4_addresses": [ 

                    "192.168.255.199" 

                ], 

                "ipv6_addresses": [], 

                "mac_address": "52:54:00:13:51:66", 

                "name": "GigabitEthernet1", 

                "state": "STARTED" 

            } 

        ], 

        "node_definition": "csr1000v", 

        "ram": 3072, 

        "state": "BOOTED" 

    } 

} 

The first IPv4 address found (in order of the interfaces) is used as `ansible_host` to enable the playbook to connect to the device. We can use the cisco.cml.inventory playbook included in the collection to show the inventory. In this case, we only specify that we want devices that are in the “router” group created by the inventory plugin as informed by the tags on the devices: 

mdd % ansible-playbook cisco.cml.inventory --limit=router 

ok: [hq-rtr1] => { 

    "msg": "Node: hq-rtr1(csr1000v), State: BOOTED, Address: 192.168.255.199:22" 

} 

ok: [hq-rtr2] => { 

    "msg": "Node: hq-rtr2(csr1000v), State: BOOTED, Address: 192.168.255.53:22" 

} 

ok: [site1-rtr1] => { 

    "msg": "Node: site1-rtr1(csr1000v), State: BOOTED, Address: 192.168.255.63:22" 

} 

ok: [site2-rtr1] => { 

    "msg": "Node: site2-rtr1(csr1000v), State: BOOTED, Address: 192.168.255.7:22" 

} 

In addition to group tags, the CML dynamic inventory plugin will also parse tags to pass information from PATty and to create generic inventory facts:

If a CML tag is specified that matches `^pat:(?:tcp|udp)?:?(\d+):(\d+)`, the CML server address (as opposed to the first IPv4 address found) will be used for `ansible_host`. To change `ansible_port` to point to the translated SSH port, the tag `ansible:ansible_port=2020` can be set. These two tags tell the Ansible playbook to connect to port 2020 of the CML server to automate the specified host in the topology. The `ansible:` tag can also be used to specify other host facts. For example, the tag `ansible:nso_api_port=2021` can be used to tell the playbook the port to use to reach the Cisco NSO API. Any arbitrary fact can be set in this way. 

Getting started 

Trying out the CML Ansible Collection is easy. You can use the playbooks provided in the collection to load and start a topology in your CML server. To start, define the environment variable that tells the collection how to access your CML server: 

% export CML_HOST=my-cml-server.my-domain.com 

% export CML_USERNAME=my-cml-username 

% export CML_PASSWORD=my-cml-password 

The next step is to define your topology file. This is a standard topology file you can export from CML. There are two ways to define the topology file. First, you can use an environment variable: 

% export CML_LAB=my-cml-labfile 

Alternatively, you can specify the topology file when you run the playbook as an extra–var. For example, to spin up a topology using the built in cisco.cml.build playbook: 

% ansible-playbook cisco.cml.build -e wait='yes' -e cml_lab_file=topology.yaml 

This command loads and starts the topology; then it waits until all nodes are running to complete. If -e startup=’host’ is specified, the playbook will start each host individually as opposed to starting them all at once. This allows for the config to be generated and fed into the host on startup. When cml_config_file is defined in the host’s inventory, it is parsed as a Jinja file and fed into that host as config at startup. This allows for just-in-time configuration to occur. 

Once the playbook completes, you can use another built-in playbook, cisco.cml.inventory, to get the inventory for the topology. In order to use it, first create a cml.yml in the inventory directory as shown above, then run the playbook as follows: 

% ansible-playbook cisco.cml.inventory 

PLAY [cml_hosts] ********************************************************************** 

TASK [debug] ********************************************************************** 

ok: [WAN-rtr1] => { 

    "msg": "Node: WAN-rtr1(csr1000v), State: BOOTED, Address: 192.168.255.53:22" 

} 

ok: [nso1] => { 

    "msg": "Node: nso1(ubuntu), State: BOOTED, Address: my-cml-server.my-domain.com:2010" 

} 

ok: [site1-host1] => { 

    "msg": "Node: site1-host1(ubuntu), State: BOOTED, Address: site1-host1:22" 

} 

In this truncated output, three different scenarios are shown. First, WAN-rtr1 is assigned the DHCP address it received for its ansible_host value, and ansible port is 22. If the host running the playbook has IP connectivity (either in the topology or a network connected to the topology with an external connector), it will be able to reach that host. 

The second scenario shows an example of the PATty functionality with the host nso1 in which the dynamic inventory plugin reads those tags to determine that the host is available through the CML server’s interface (i.e. ansible_host is set to my-cml-server.my-domain.com). Also, it knows that ansible_port should be set to the port specified in the tags (i.e. 2010). After these values are set, the ansible playbook can reach the host in the topology using the PATty functionality in CML. 

The last example, site1-host1, shows the scenario in which the CML dynamic inventory script can either find a DHCP allocated address or tags to specify to what ansible_host should be set, so it uses the node name. For the playbook to reach those hosts, it would have to have IP connectivity and be able to resolve the node name to an IP address. 

These built-in playbooks show examples of how to use the functionality in the CML Ansible Collection to build your own playbooks, but you can also use them directly as part of your pipeline. In fact, we often use them directly in the pipelines we build for customers. 

Source: cisco.com

Continue reading

Inside the Cisco Modeling Labs 2.6 Workbench Revamp

Cisco Modeling Labs (CML) 2.6, the latest version of our premier network virtualization platform, is finally here. CML 2.6 offers quite a list of useful tools, with additions like Amazon Web Services (AWS) Cloud deployment and a new Maintenance mode for system admins.

However, I’m here to discuss the feature I’m most excited about:

CML 2.6 includes a revamped Workbench that allows users to see multiple devices, tools, and configs in the same view.

New features within revamped Workbench include:

• a menu to add nodes to your workplace.
• a sidebar hub to modify lab elements.
• multi-select and right-click action menus.
• keyboard shortcuts.
• lab actions.
• a panes panel for a more flexible workspace.

Continue reading for an in-depth look inside the Workbench revamp available in Cisco Modeling Labs’ latest feature release.

Inside the CML 2.6 Workbench revamp

CML 2.6’s revamped Workbench includes UI enhancements that allow its users to contain multiple devices, tools, and configs in a single, integrated view. (Pictured: [1] Toolbar [2] Sidebar [3] Panes panel showing two open panes.)

Adding nodes with—or without—a mouse 

Incorporating new nodes into your workspace is still a straightforward process, whereby you can drag and drop your chosen type of node onto the canvas. But prior to CML 2.6, the interactive drag menu was on the right-side menu. Now, it’s activated by selecting the Add Nodes icon in the Workbench toolbar. 

Select the “Add Nodes” icon (1) in the Workbench toolbar to activate the interactive drag menu.

In addition to this traditional method of adding nodes, we’ve introduced a brand-new feature called Bulk Add. It is designed with accessibility in mind, so you can add as many nodes as you need—using only your keyboard, eliminating the need for a mouse.  

Now you can add nodes in bulk, mouse-free. Available in CML 2.6’s revamped Workbench.

Editing elements in the Sidebar 

We have redesigned the user interface to provide a more streamlined and unified experience for users as they edit elements within a lab. Now, in CML 2.6, the Sidebar serves as the single, consolidated hub for changing all your lab elements. Whether you want to edit a node, link, or annotation, simply select it, and the Sidebar will display the relevant editing options. 

Select an element within your lab to instantly activate the Sidebar, a single, consolidated hub that offers a convenient menu of relevant editing options. (Pictured: [1] Node has been selected; [2] Sidebar appears with tabs categorized by property: SETTINGS, CONNECTIVITY, CONFIG, INTERFACES.) 

This streamlined way to manage your lab elements eliminates the need for the bottom panel to shift in response to the Workbench state. In turn, you benefit from a more focused experience. With this setup, you can keep your attention on the bottom pane while simultaneously editing the properties of a lab element using the Sidebar. 

Using the Multi-select Action menu 

You can activate the Multi-Select action menu by selecting multiple elements and right-clicking anywhere on the canvas. This action opens a Context-sensitive menu with a distinct section for each element type. 

Select multiple elements and right-click anywhere on the canvas to activate the multi-action menu in the CML Workbench.

Within each section, you can perform actions on the corresponding element type. Please note: the system currently does not verify the validity of an action. Also, when you select multiple nodes, an Alignment section becomes available in the menu, providing options to align the selected nodes. 

Using the Right-click Context menu 

The Right-Click Context menu displays when you right-click a type of element: annotation, node, or link. This menu presents a list of actions specifically tailored to the selected element type. 

Pictured above is an example of the Right-click Context menu for a link.

Note: the Right-click Context menu typically provides more actions for each element type compared to the Multi-select Action menu.

Keyboard shortcuts 

Lab Actions menu 

You can find the Lab Actions menu in the toolbar under the “LAB” section. You can also activate this menu by right-clicking the canvas while no elements are selected. 

Panes panel 

The Panes panel is a versatile tool designed to give you a flexible workspace. For one, the Panes panel allows you to open multiple tabs, each hosting a Console, VNC, or PCAP session. You can also choose how you want to host tabs: in only one pane or across multiple. For instance, you can have one pane containing an open console session while another runs a packet capture.

What to keep in mind when using the Panes panel:

• One single pane is set by default, but you can add others by selecting the “+” icon.
• If you have more than one pane, you will see one pane highlighted with a blue square, which indicates it will be the target for any new sessions you open. (You can change this by clicking in a different pane, which sets it as the new target.) 

To open a tab, simply right-click a running link or node, and open the corresponding session for VNC, Console, or PCAP. As an added convenience, you also have the option to select multiple nodes and simultaneously launch multiple sessions, streamlining your workflow. 

Once you have a tab open, you can easily reposition it by dragging it from one pane to another. This drag-and-drop functionality provides a straightforward way to organize your workspace according to your preference or need. 

The panes and their respective tabs are designed to retain their state on a per-browser and per-lab basis. This means your arrangement of panes and tabs, as well as the content within them, will remain as you set them (even if you navigate away or close your browser), providing a persistent working environment. 

Each pane tab is equipped with a context menu, which you can access by right-clicking the tab. This context menu contains options and actions that pertain specifically to the type of tab, giving you a set of relevant controls right at your fingertips. 

If you have more than one pane, you will see one pane highlighted with a blue square (pictured above). This blue square indicates the target for any new sessions you open. You can change this by clicking in a different pane, which sets it as the new target.

To make your workspace even more customizable, you can rename tabs to reflect their content or purpose. You can either double-click on the tab, which will allow you to edit the name directly, or right-click on the tab and choose the Rename option from the context menu. 

The Carrot Down icon associated with each pane (see below) serves as a gateway to a menu. This menu displays a searchable list of all currently open sessions, making it easy for you to navigate directly to the session you need. 

Using the Carrot Down menu option (1), you can quickly view all open sessions at a glance.

To help you track the relationship between your tabs and their associated elements, you can select a tab to view its corresponding node (or link) on the canvas. This means you can instantly see which parts of your lab you are currently interacting with via your session. 

If you need more canvas space temporarily, you can hide and show the Panes panel by clicking the “PANES” toolbar option.

Source: cisco.com

Continue reading

Make your network yours with CML 2.5 annotations

Cisco Modeling Labs (CML) 2.5 arrives with annotations, a new feature for all CML license levels. When learning and designing, annotations let you get the most out of your labs. Annotations allow you to include all the documentation on how parts of the network work, details about your learning objectives and next steps, or ways the network elements fit together. In short, the annotations feature in CML 2.5 lets you make your network yours. Here’s how it works.

Add context with annotations in CML

Annotations allow you to provide additional context to your lab topology and organize the elements in a helpful, meaningful way. For example, you can use annotations to show routing, IP addressing, and VLAN information, as shown below: 

Annotations in CML are persistent. This means annotations will be included in the lab definition if exported, allowing you to share your annotated labs with others.  

A grid background and node/annotation grid snapping are enabled by default. Snapping will automatically snap nodes and annotations to ensure they are properly aligned when drawing or moving them. You can turn off snapping for a lab by unchecking the snap to grid option in the toolbar settings. You can also temporarily disable snapping by holding the Alt key when you add or move a node/annotation. 

Additionally, annotations support transparency and layering, allowing you to stack annotations.

How to add annotations to labs in CML 2.5

You can add annotations to labs in the workbench via one of the four annotation tools in the toolbar. 

 There is one tool for each type of annotation: 

◉ Rectangle  

◉ Ellipsis 

◉ Text 

◉ Line

For all annotation types except text, you can add the annotations by first selecting the tool. Then click and hold the mouse where you want the annotation to start, and drag it to where you want it to end. Releasing the mouse will create the annotation, and you will see a sidebar with other properties you can change for the annotation. 

The process of adding a text annotation is similar, starting with selecting the tool. Next, click and release where you want the text. Finally, the sidebar will open, allowing you to enter the text you wish to use. 

New options in toolbar settings

Click the gear icon in the toolbar to open the canvas settings menu, which provides these new options for CML 2.5: 

1. Toggles the grid on/off 

2. Turns node/annotation snapping on/off 

3. Turns annotations off, hiding the drawn annotations and annotation tools 

NOTE: You can temporarily disable the snap-to-grid option by holding the Alt key (or Option key on a Mac) when moving or resizing an annotation/node. This lets you keep snapping enabled while precisely placing an annotation/node.  

Edit annotations

Selecting an annotation will toggle the visibility of the resize handles for the currently selected annotation. Additionally, a sidebar will be opened, allowing you to edit the annotation properties further

1. Resize Handles 

2. Sidebar 

Future annotations in CML

The CML development team is currently exploring adding an image annotation type in a future release to allow the addition of images inside a topology. 

Source: cisco.com

Continue reading

Cisco Modeling Labs 2.5: Now with Resource Limiting

Whether you’re using a large virtual machine or beefy hardware server, running labs with a lot of nodes or labs with resource-hungry nodes in Cisco Modeling Labs (CML) can require a lot of memory/RAM and CPUs. But this can become especially problematic in a multi-user system—until now.

Cisco Modeling Labs offers a new feature called resource limiting, available now in CML 2.5 for Enterprise and Higher Education. Read on to learn more about resource limiting, how to set up resource limits in CML 2.5, and what you need to know as you configure the new feature on your CML server or cluster.

What is resource limiting in CML 2.5?

Resource limiting is one of the new features of the CML 2.5 release. The basic idea here is to limit the resources an individual user or group of users can consume with an administrative policy configured on the CML server or cluster. Since this feature only makes sense within a multi-user system, resource limiting is only available in CML Enterprise and CML for Higher Education. Obviously, there is no reason to have a single user restrict themselves.  

Resources on a CML deployment, defined

Prior to the introduction of resource limiting, a user could grab all resources on a CML deployment. And, as a result, other users were unable to launch their labs and nodes.

For context, resources in a CML deployment refer to: 

◉ Memory 

◉ CPU cores 

◉ Node licenses 

◉ External connectors 

The first three elements of this list are indeed resources with limited availability. The external connectors, however, can be restricted from a policy point of view. Even though external connectors are almost free in terms of memory and CPU cost, it can make sense to restrict their usage for different users/groups. 

How to configure CML resource limits

By default, no resource limits are present. An administrator can put resource limits in place by creating resource pools, which then are assigned to a user or group of users. 

Create and assign resource pools

You can manage resource pools by navigating to Tools → System Administration → Resource Pools.

From there, you can create and assign pools. The system differentiates between a template and an actual pool, which is always based on a template and has a user or multiple users connected to it. 

When assigning a template to a group of users, all users of this group will be in one of these two categories: 

◉ They’ll be assigned an individual pool cloned from the chosen template.  

◉ They’ll share the same pool cloned from the chosen template. 

The shared pool switch controls this assignment, as the following screenshot shows: 

When adding CML users to the resource pool (via the Next step button in the Add workflow), the administrator can choose which users (or groups of users) are assigned to the pool, as shown in the following screenshot: 

Create and define your template(s)

Resource pools are always based on a template. This also means that, at the very minimum, you must configure one underlying template (a base template) first. Templates allow us to automatically associate a new resource pool with a new user, whether they are manually created by an administrator or when they are created based on a new lightweight directory access protocol (LDAP) user login. 

Templates also allow you to quickly change a setting for all the pools inherited from a template. In addition, you can override values for individual pools.  That is, the values in the individual pool take precedence over the values defined in the individual pool’s template. 

When a pool has multiple users assigned, then all users share the resources configured in this pool. 

Limit access to external connectors 

External connectors provide outside connectivity. In shared environments with additional network interface cards (NICs), which connect to different outside networks, you might want to control which user or group has access to which outside networks. You can also achieve this by leveraging resource limiting.

A resource pool can define which external network configuration is allowed or denied. As shown in the following screen shot, the administrator can give users of this resource pool one of two options:  

◉ They can use no external connector at all (see: Block all). 

◉ They can decide which specific external connector configuration to use by selecting the appropriate one

In the absence of a specific external connector limit, users with this policy can select all existing external connectors. 

How to check resource usage 

The administrator, as well as individual users, can check the resource limit status. For administrators, the overall system state is shown. (For example, all existing resource pools, including their current usage.) The resource limit use is available via the Tools → Resource limits menu entry, as the following graphic shows: 

Here, the administrator sees that there are two pools and that node licenses are in use in the pool named Max50. In addition, the CPU and Memory usage of that pool also appears. However, since the usage is not limited, the bar appears in gray. The external connector and user column show the external connectors the pool is using and the users assigned to the pool, respectively. 

As for the users, their view appears in the following graphic (also via Tools → Resource limits): 

Node licenses are limited, 6 out of 50 or 12% are in use, and 13 CPU cores and 6.5GB of memory are in use. Both CPUs and RAM are not limited, indicated by the infinity symbol in the gauge.

NOTE: Resource limiting does not check for over-subscription. In other words: If the CML system has, for example, 32 CPUs, and the administrator puts a 64 CPU limit into a pool, then the system would not prevent this. It is up to the administrator to put reasonable limits in place! 

Consequently, if no limit is put in place, resources are obviously not infinite. 

Highlights and benefits of CML 2.5 resource limits

The new resource limiting feature of Cisco Modeling Labs 2.5 provides a granular way to ensure fair consumption of resources on a shared system. In addition, it allows better policy control and is also a useful way to quickly determine resource usage by users or groups of users via the Resource Limits status page.

Source: cisco.com

Continue reading

The Rise and Rise of DevOps Adoption

Thriving in the fast-changing world of technology means staying abreast of the latest trends and advancements. In recent years, one such trend—DevOps— has surged in popularity and usage. DevOps has become one of the most sought-after cultures to be adopted by organizations, with DevOps engineering roles among the IT industry’s highest in demand.

What led to the rise of DevOps? Why are organizations prioritizing DevOps adoption? Let’s take a step back and review what the term refers to, its benefits, and what we can learn from its impact on organizations and tech professionals shifting to the DevOps approach.

Demystifying DevOps

What is DevOps? Allow me to explain how the term received its name. The Development (Dev) team writes the code and performs extensive testing. The Operations (Ops) team builds the platform and manages the product’s infrastructure. As the software development lifecycle gets complex over time, it becomes difficult to assign responsibilities. The result is delayed rollouts and shortcomings in the feature’s quality.

That is exactly what DevOps fixes.

DevOps combines the Development and Operations team into a single cohesive unit. (See Figure 1.)

Figure 1. DevOps collaboration cycle between Development and Operations teams.

DevOps aims to improve the collaboration between the two teams. When development and operations work together, the result is a lessened delivery time for a feature to make its way from ‘whiteboard’ to ‘production.’

Benefits of DevOps adoption

DevOps offers a wide range of benefits to organizations, as well. Here are several reasons they choose to adopt DevOps:

1. Helps organizations move faster with feature rollouts maintaining product quality.

2. Defines the role and responsibilities of everyone involved, thus streamlining the delivery process.

3. Promotes transition to a more automated and integrated system management approach.

4. Provides reduced deployment frequency, lesser failure of new releases, and shorter time between patch fixes.  

Statistics on DevOps adoption

Figure 2. Impact of DevOps on organizations. (Source: Atlassian)

Recent surveys and studies complement the steady increase in the adoption of DevOps in organizations. In a Global Market Insights study, the DevOps market size exceeded US$7 billion in 2021 and is expected to grow at a CAGR of over 20% from 2022 to 2028 to a value of over US$30 billion.*

Predictive analysis reveals Asia-Pacific’s DevOps market size is set to experience massive growth of around 25% by 2028. And with the staggering growth of the DevOps market, organizations are actively hiring engineers skilled in DevOps technologies.

Presently, there are over 17,000 DevOps engineer roles advertised on Indeed in the United States alone, with an average salary range of $96,600-$122,000.

Extensive research by Atlassian showed that once DevOps impacted their organization, 78% of the total respondents had to learn a new skill, 61% say it helped them produce higher quality deliverables and 49% say they see a faster time to market.

Organizations experience a multitude of positive impacts post-DevOps adoption, as shown in Figure 2. As DevOps practices continue to gain traction, businesses need to ensure it fits into their objectives and adds value to deliveries. As such, 83% of IT decision-makers report their organization is implementing DevOps practices.

The transition has its challenges, however. Only 18% of organization’s and teams have adopted a DevOps approach. Meanwhile, 78% consider themselves to be evolved to a middle level and 4% to a low level.**

Figure 3. (Source: Atlassian)

Atlassian’s trend survey showed 84% of respondents have faced barriers to their DevOps implementation. As illustrated in Figure 3, the most common hurdles are a lack of skills in employees, legacy infrastructure and adjusting corporate culture. 

Outlook for DevOps in the  Future

While the transition to DevOps is rewarding for organizations, it comes with challenges. Management needs to carefully plan DevOps’ integration in the development lifecycle. Ideally, organizations should promote learnings on DevOps technologies to their employees and encourage them to take DevOps training and certifications to hone their skills in the area.

The Cisco Certified DevNet Expert certification recognizes NetDevOps leaders with the expertise to leverage automation methodologies, technologies and practices to improve networking—securely and at scale.

As we move further into future, DevOps will continue to evolve along with its rising compatriots; Cloud, Edge and IoT. Coming up, I’ll take a deep dive into DevOps and touch base with the technologies associated and provide a complete learning roadmap. Stay tuned! 

How has the adoption of DevOps impacted your organization? Have you faced challenges such as learning barriers or skills shortages? Please share your experience with me in the comments below. If you are an IT professional, I invite you to join me in the DevNet Certifications Community, where we can continue the conversation about how you can upskill into this highly sought-after field. 

* DevOps Market Size By Component (Solution [Management DevOps {Continuous Business Planning, Testing & Development, DevOps Analytics}, Delivery DevOps {Continuous Integration, Software Delivery Management}, Operation DevOps {Continuous Deployment, Monitoring & Performance Management}], Service [Professional Service, Managed Service]), By Deployment Model (On-premise, Cloud [Public Cloud, Private Cloud, Hybrid Cloud]), By Enterprise Size (Large Enterprises, SMEs), By Application (BFSI, IT & Telecom, Healthcare, Retail, Government, Manufacturing, Media & Entertainment), COVID-19 Impact Analysis, Regional Outlook, Growth Potential, Competitive Market Share & Forecast, 2022 – 2028, Global Market Insights, March 2022

** DevOps Stats And Facts – All The Numbers You Might Ever Need On DevOps In 2022, K&C, May 27, 2022

Source: cisco.com

Continue reading

CML 2.4 Now Supports Horizontal Scale With Clustering

When will CML 2 support clustering?

This was the question we heard most when we released Cisco Modeling Labs (CML) 2.0 — and it was a great one, at that. So, we listened. CML 2.4 now offers a clustering feature for CML-Enterprise and CML-Higher Education licenses, which supports the scaling of a CML 2 deployment horizontally.

But what does that mean? And what exactly is clustering? Read on to learn about the benefits of Cisco Modeling Labs’ new clustering feature in CML 2.4, how clustering works, and what we have planned for the future.

CML clustering benefits

When CML is deployed in a cluster, a lab is no longer restricted to the resources of a single computer (the all-in-one controller). Instead, the lab can use resources from multiple servers combined into a single, large bundle of Cisco Modeling Labs infrastructure.

In CML 2.4, CML-Enterprise and CML-Higher Education customers who have migrated to a CML cluster deployment can leverage clustering to run larger labs with more (or larger) nodes. In other words, a CML instance can now support more users with all their labs. And when combining multiple computers and their resources into a single CML instance, users will still have the same seamless experience as before, with the User Interface (UI) remaining the same. There is no need to select what should run where. The CML controller handles it all behind the scenes, transparently!

How clustering works in CML v2.4 (and beyond)

A CML cluster consists of two types of computers:

◉ One controller: The server that hosts the controller code, the UI, the API, and the reference platform images

◉ One or more computes: Servers that run node Virtual Machines (VMs), for instance, the routers, switches, and other nodes that make up a lab. The controller controls these machines (of course), so users will not directly interact with them. Also, a separate Layer 2 network segment connects the controller and the computes. We chose the separate network approach for security (isolation) and performance reasons. No IP addressing or other services are required on this cluster network. Everything operates automatically and transparently through the machines participating in the cluster.

This intracluster network serves many purposes, most notably:

    ◉ serving all reference platform images, node definitions, and other files from the controller via NFS sharing to all computes of a cluster.

    ◉ transporting networking traffic in a simulated network (which spans multiple computes) on the cluster network between the computes or (in case of external connector traffic) to and from the controller.

    ◉ conducting low-level API calls from the controller to the computes to start/stop VMs, for example, and operating the individual compute.

Defining a controller or a compute during CML 2.4 cluster installation

During installation, and when multiple network interface cards (NICs) are present in the server, the initial setup script will ask the user to choose which role this server should take: “controller” or “compute.” Depending on the role, the person deploying the cluster will enter additional parameters.

For a controller, the important parameters are its hostname and the secret key, which computes will use to register with the controller. Therefore, when installing a compute, the hostname and key parameters serve to establish the cluster relationship with the controller.

Every compute that uses the same cluster network (and knows the controller’s name and secret) will then automatically register with that controller as part of the CML cluster.

CML 2.4 scalability limits and recommendations

We have tested clustering with a bare metal cluster of nine UCS systems, totaling over 3.5TB of memory and more than 630 vCPUs. On such a system, the largest single lab we ran (and support) is 320 nodes. This is an artificial limitation enforced by the maximum number of node licenses a system can hold. We currently support one CML cluster with up to eight computes.

Plans for future CML releases

While some limitations still exist in this release in terms of features and scalability, remember this is only Phase 1. This means the functionality is there, and future releases promise even more features, such as the:

◉ ability to de-register compute

◉ ability to put computes in maintenance mode.

◉ ability to migrate node VMs from one compute to another.

◉ central software upgrade and management of compute

Source: cisco.com

Continue reading

Exploring the Linux ‘ip’ Command

I’ve been talking for several years now about how network engineers need to become comfortable with Linux. I generally position it that we don’t all need to become “big bushy beard-bearing sysadmins.” Rather, network engineers must be able to navigate and work with a Linux-based system confidently. I’m not going to go into all the reasons I believe that in this post (if you’d like a deeper exploration of that topic, please let me know). Nope… I want to dive into a specific skill that every network engineer should have: exploring the network configuration of a Linux system with the “ip” command.

A winding introduction with some psychology and an embarrassing fact (or two)

If you are like me and started your computing world on a Windows machine, maybe you are familiar with “ipconfig” on Windows. The “ipconfig” command provides details about the network configuration from the command line.

A long time ago, before Hank focused on network engineering and earned his CCNA for the first time, he used the “ipconfig” command quite regularly while supporting Windows desktop systems.

What was the IP assigned to the system? Was DHCP working correctly? What DNS servers are configured? What is the default gateway? How many interfaces are configured on the system? So many questions he’d use this command to answer. (He also occasionally started talking in the third person.)

It was a great part of my toolkit. I’m actually smiling in nostalgia as I type this paragraph.

For old times’ sake, I asked John Capobianco, one of my newest co-workers here at Cisco Learning & Certifications, to send me the output from “ipconfig /all” for the blog. John is a diehard Windows user still, while I converted to Mac many years ago. And here is the output of one of my favorite Windows commands (edited for some privacy info).

Windows IP Configuration

   Host Name . . . . . . . . . . . . : WINROCKS

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : example.com

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home

   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (12) I219-V

   Physical Address. . . . . . . . . : 24-4Q-FE-88-HH-XY

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::31fa:60u2:bc09:qq45%13(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.122.36(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : July 22, 2022 8:30:42 AM

   Lease Expires . . . . . . . . . . : July 25, 2022 8:30:41 AM

   Default Gateway . . . . . . . . . : 192.168.2.1

   DHCP Server . . . . . . . . . . . : 192.168.2.1

   DHCPv6 IAID . . . . . . . . . . . : 203705342

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-7B-B2-1D-24-4Q-FE-88-HH-XY

   DNS Servers . . . . . . . . . . . : 192.168.122.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : home

   Description . . . . . . . . . . . : Intel(R) Wi-Fi 6 AX200 160MHz

   Physical Address. . . . . . . . . : C8-E2-65-8U-ER-BZ

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

   Physical Address. . . . . . . . . : C8-E2-65-A7-ER-Z8

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

It is still such a great and handy command. A few new things in there from when I was using it daily (IPv6, WiFi, Bluetooth), but it still looks like I remember.

The first time I had to touch and work on a Linux machine, I felt like I was on a new planet. Everything was different, and it was ALL command line. I’m not ashamed to admit that I was a little intimidated. But then I found the command “ifconfig,” and I began to breathe a little easier. The output didn’t look the same, but the command itself was close. The information it showed was easy enough to read. So, I gained a bit of confidence and knew, “I can do this.”

When I jumped onto the DevNet Expert CWS VM that I’m using for this blog to grab the output of the “ifconfig” command as an example, I was presented with this output.

(main) expert@expert-cws:~$ ifconfig

Command 'ifconfig' not found, but can be installed with:

apt install net-tools

Please ask your administrator.

This brings me to the point of this blog post. The “ifconfig” command is no longer the best command for viewing the network interface configuration in Linux. In fact, it hasn’t been the “best command” for a long time. Today the “ip” command is what we should be using.  I’ve known this for a while, but giving up something that made you feel comfortable and safe is hard. Just ask my 13-year-old son, who still sleeps with “Brown Dog,” the small stuffed puppy I gave him the day he was born. As for me, I resisted learning and moving to the “ip” command for far longer than I should have.

Eventually, I realized that I needed to get with the times. I started using the “ip” command on Linux. You know what, it is a really nice command. The “ip” command is far more powerful than “ifconfig.”

When I found myself thinking about a topic for a blog post, I figured there might be another engineer or two out there who might appreciate a personal introduction to the “ip” command from Hank.

But before we dive in, I can’t leave a cliffhanger like that on the “ifconfig” command.

root@expert-cws:~# apt-get install net-tools

(main) expert@expert-cws:~$ ifconfig

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255

        ether 02:42:9a:0c:8a:ee  txqueuelen 0  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 172.16.211.128  netmask 255.255.255.0  broadcast 172.16.211.255

        inet6 fe80::20c:29ff:fe75:9927  prefixlen 64  scopeid 0x20

        ether 00:0c:29:75:99:27  txqueuelen 1000  (Ethernet)

        RX packets 85468  bytes 123667981 (123.6 MB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 27819  bytes 3082651 (3.0 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10

        loop  txqueuelen 1000  (Local Loopback)

        RX packets 4440  bytes 2104825 (2.1 MB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 4440  bytes 2104825 (2.1 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

There it is, the command that made me feel a little better when I started working with Linux.

Exploring the IP configuration of your Linux host with the “ip” command!

So there you are, a network engineer sitting at the console of a Linux workstation, and you need to explore or change the network configuration. Let’s walk through a bit of “networking 101” with the “ip” command.

First up, let’s see what happens when we just run “ip.”

(main) expert@expert-cws:~$ ip

Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }

       ip [ -force ] -batch filename

where  OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |

                   tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |

                   netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |

                   vrf | sr | nexthop }

       OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |

                    -h[uman-readable] | -iec | -j[son] | -p[retty] |

                    -f[amily] { inet | inet6 | mpls | bridge | link } |

                    -4 | -6 | -I | -D | -M | -B | -0 |

                    -l[oops] { maximum-addr-flush-attempts } | -br[ief] |

                    -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |

                    -rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] |

                    -c[olor]}

There’s some interesting info just in this help/usage message. It looks like “ip” requires an OBJECT on which a COMMAND is executed. And the possible objects include several that jump out at the network engineer inside of me.

◉ link – I’m curious what “link” means in this context, but it catches my eye for sure

◉ address – This is really promising. The ip “addresses” assigned to a host is high on the list of things I know I’ll want to understand.

◉ route – I wasn’t fully expecting “route” to be listed here if I’m thinking in terms of the “ipconfig” or “ifconfig” command. But the routes configured on a host is something I’ll be interested in.

◉ neigh – Neighbors? What kind of neighbors?

◉ tunnel – Oooo… tunnel interfaces are definitely interesting to see here.

◉ maddress, mroute, mrule – My initial thought when I saw “maddress” was “MAC address,” but then I looked at the next two objects and thought maybe it’s “multicast address.” We’ll leave “multicast” for another blog post.

The other objects in the list are interesting to see. Having “netconf” in the list was a happy surprise for me. But for this blog post, we’ll stick with the basic objects of link, address, route, and neigh.

Where in the network are we? Exploring “ip address”

First up in our exploration will be the “ip address” object. Rather than just go through the full command help or man page line (ensuring no one ever reads another post of mine), I’m going to look at some common things I might want to know about the network configuration on a host. As you are exploring on your own, I would highly recommend exploring “ip address help” as well as “man ip address” for more details.  These commands are very powerful and flexible.

What is my IP address?

(main) expert@expert-cws:~$ ip address show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

    link/ether 00:0c:29:75:99:27 brd ff:ff:ff:ff:ff:ff

    inet 172.16.211.128/24 brd 172.16.211.255 scope global dynamic ens160

       valid_lft 1344sec preferred_lft 1344sec

    inet6 fe80::20c:29ff:fe75:9927/64 scope link 

       valid_lft forever preferred_lft forever

3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 

    link/ether 02:42:9a:0c:8a:ee brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

       valid_lft forever preferred_lft forever

Running “ip address show” will display the address configuration for all interfaces on the Linux workstation. My workstation has 3 interfaces configured, a loopback address, the ethernet interface, and docker interface. Some of the Linux hosts I work on have dozens of interfaces, particularly if the host happens to be running lots of Docker containers as each container generates network interfaces. I plan to dive into Docker networking in future blog posts, so we’ll leave the “docker0” interface alone for now.

We can focus our exploration by providing a specific network device name as part of our command.

(main) expert@expert-cws:~$ ip add show dev ens160

2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

    link/ether 00:0c:29:75:99:27 brd ff:ff:ff:ff:ff:ff

    inet 172.16.211.128/24 brd 172.16.211.255 scope global dynamic ens160

       valid_lft 1740sec preferred_lft 1740sec

    inet6 fe80::20c:29ff:fe75:9927/64 scope link 

       valid_lft forever preferred_lft forever

Okay, that’s really what I was interested in looking at when I wanted to know what my IP address was. But there is a lot more info in that output than just the IP address. For a long time, I just skimmed over the output. I would ignore most output and simply look at the address and for state info like “UP” or “DOWN.” Eventually, I wanted to know what all that output meant, so in case you’re interested in how to decode the output above…

• Physical interface details
• “ens160” – The name of the interface from the operating system’s perspective.  This depends a lot on the specific distribution of Linux you are running, whether it is a virtual or physical machine, and the type of interface.  If you’re more used to seeing “eth0” interface names (like I was) it is time to become comfortable with the new interface naming scheme.
• “<BROADCAST,MULTICAST,UP,LOWER_UP>” – Between the angle brackets are a series of flags that provide details about the interface state.  This shows that my interface is both broadcast and multicast capable and that the interface is enabled (UP) and that the physical layer is connected (LOWER_UP)
• “mtu 1500” – The maximum transmission unit (MTU) for the interface.  This interface is configured for the default 1500 bytes
• “qdisc mq” – This indicates the queueing approach being used by the interface.  Things to look for here are values of “noqueue” (send immediately) or “noop” (drop all). There are several other options for queuing a system might be running.
• “state UP”- Another indication of the operational state of an interface.  “UP” and “DOWN” are pretty clear, but you might also see “UNKNOWN” like in the loopback interface above.  “UNKNOWN” indicates that the interface is up and operational, but nothing is connected.  Which is pretty valid for a loopback address.
• “group default” – Interfaces can be grouped together on Linux to allow common attributes or commands.  Having all interfaces connected to “group default” is the most common setup, but there are some handy things you can do if you group interfaces together.  For example, imagine a VM host system with 2 interfaces for management and 8 for data traffic.  You could group them into “mgmt” and “data” groups and then control all interfaces of a type together.
• “qlen 1000” – The interface has a 1000 packet queue.  The 1001st packet would be dropped.
• “link/ether” – The layer 2 address (MAC address) of the interface
• “inet” – The IPv4 interface configuration
• “scope global” – This address is globally reachable. Other options include link and host
• “dynamic” – This IP address was assigned by DHCP.  The lease length is listed in the next line under “valid_lft”
• “ens160” – A reference back to the interface this IP address is associated with
• “inet6” – The IPv6 interface configuration.  Only the link local address is configured on the host.  This shows that while IPv6 is enabled, the network doesn’t look to have it configured more widely

Network engineers link the world together one device at a time. Exploring the “ip link” command.

Now that we’ve gotten our feet wet, let’s circle back to the “link” object. The output of “ip address show” command gave a bit of a hint at what “link” is referring to. “Links” are the network devices configured on a host, and the “ip link” command provides engineers options for exploring and managing these devices.

What networking interfaces are configured on my host?

(main) expert@expert-cws:~$ ip link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000

    link/ether 00:0c:29:75:99:27 brd ff:ff:ff:ff:ff:ff

3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 

    link/ether 02:42:9a:0c:8a:ee brd ff:ff:ff:ff:ff:ff

After exploring the output of “ip address show,” it shouldn’t come as a surprise that there are 3 network interfaces/devices configured on my host.  And a quick look will show the output from this command is all included in the output for “ip address show.”  For this reason, I almost always just use “ip address show” when looking to explore the network state of a host.

However, the “ip link” object is quite useful when you are looking to configure new interfaces on a host or change the configuration on an existing interface. For example, “ip link set” can change the MTU on an interface.

root@expert-cws:~# ip link set ens160 mtu 9000

root@expert-cws:~# ip link show dev ens160

2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 1000

    link/ether 00:0c:29:75:99:27 brd ff:ff:ff:ff:ff:ff

Note 1: Changing network configuration settings requires administrative or “root” privileges.

Note 2: The changes made using the “set” command on an object are typically NOT maintained across system or service restarts. This is the equivalent of changing the “running-configuration” of a network device. In order to change the “startup-configuration” you need to edit the network configuration files for the Linux host.  Check the details for network configuration for your distribution of Linux (ie Ubuntu, RedHat, Debian, Raspbian, etc.)

Is anyone else out there? Exploring the “ip neigh” command

Networks are most useful when other devices are connected and reachable through the network. The “ip neigh” command gives engineers a view at the other hosts connected to the same network. Specifically, it offers a look at, and control of, the ARP table for the host.

Do I have an ARP entry for the host that I’m having trouble connecting to?

A common problem network engineers are called on to support is when one host can’t talk to another host.  If I had a nickel for every help desk ticket I’ve worked on like this one, I’d have an awful lot of nickels. Suppose my attempts to ping a host on my same local network with IP address 172.16.211.30 are failing. The first step I might take would be to see if I’ve been able to learn an ARP entry for this host.

(main) expert@expert-cws:~$ ping 172.16.211.30

PING 172.16.211.30 (172.16.211.30) 56(84) bytes of data.

^C

--- 172.16.211.30 ping statistics ---

3 packets transmitted, 0 received, 100% packet loss, time 2039ms

(main) expert@expert-cws:~$ ip neigh show

172.16.211.30 dev ens160  FAILED

172.16.211.254 dev ens160 lladdr 00:50:56:f0:11:04 STALE

172.16.211.2 dev ens160 lladdr 00:50:56:e1:f7:8a STALE

172.16.211.1 dev ens160 lladdr 8a:66:5a:b5:3f:65 REACHABLE

And the answer is no. The attempt to ARP for 172.16.211.30 “FAILED.”  However, I can see that ARP in general is working on my network, as I have other “REACHABLE” addresses in the table.

Another common use of the “ip neigh” command involves clearing out an ARP entry after changing the IP address configuration of another host (or hosts). For example, if you replace the router on a network, a host won’t be able to communicate with it until the old ARP entry ages out and the system tries ARPing again for a new address. Depending on the operating system, this can take minutes — which can feel like years when waiting for a system to start responding again. The “ip neigh flush” command can clear an entry from the table immediately.

How do I get from here to there? Exploring the “ip route” command

Most of the traffic from a host is destined somewhere on another layer 3 network, and the host needs to know how to “route” that traffic correctly. After looking at the IP address(es) configured on a host, I will often take a look at the routing table to see if it looks like I’d expect. For that, the “ip route” command is the first place I look.

What routes does this host have configured?

(main) expert@expert-cws:~$ ip route show

default via 172.16.211.2 dev ens160 proto dhcp src 172.16.211.128 metric 100 

10.233.44.0/23 via 172.16.211.130 dev ens160 

172.16.211.0/24 dev ens160 proto kernel scope link src 172.16.211.128 

172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 

It may not look exactly like the output of “show ip route” on a router, but this command provides very usable output.

◉ My default gateway is 172.16.211.2 through the “ens160” device.  This route was learned from DHCP and will use the IP address configured on my “ens160” interface.

◉ There is a static route configured to network 10.233.44.0/23 through address 172.16.211.130

◉ And there are 2 routes that were added by the kernel for the local network of the two configured IP addresses on the interfaces.  But the “docker0” route shows “linkdown” — matching the state of the “docker0” interface we saw earlier.

The “ip route” command can also be used to add or delete routes from the table, but with the same notes as when we used “ip link” to change the MTU of an interface. You’ll need admin rights to run the command, and any changes made will not be maintained after a restart. But this can still be very handy when troubleshooting or working in the lab.

And done… or am I?

So that’s is my “brief” look at the “ip” command for Linux. Oh wait, that bad pun attempt reminded me of one more tip I meant to include. There is a “–brief” option you can add to any of the commands that reformats the data in a nice table that is often quite handy. Here are a few examples.

(main) expert@expert-cws:~$ ip --brief address show

lo               UNKNOWN        127.0.0.1/8 ::1/128 

ens160           UP             172.16.211.128/24 fe80::20c:29ff:fe75:9927/64 

docker0          DOWN           172.17.0.1/16 

(main) expert@expert-cws:~$ ip --brief link show

lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 

ens160           UP             00:0c:29:75:99:27 <BROADCAST,MULTICAST,UP,LOWER_UP> 

docker0          DOWN           02:42:9a:0c:8a:ee <NO-CARRIER,BROADCAST,MULTICAST,UP> 

Not all commands have a “brief” output version, but several do, and they are worth checking out.

There is quite a bit more I could go into on how you can use the “ip” command as part of your Linux network administration skillset. (Checkout the “–json” flag for another great option). But at 3,000+ words on this post, I’m going to call it done for today. If you’re interested in a deeper look at Linux networking skills like this, let me know, and I’ll come back for some follow-ups. 

Source: cisco.com

Continue reading