- fortios_config is based on pyFG which is not updated for 2 years
- If you have non-ascii characters in Fortigate, you should not use it
- Compare the result and your manual backup. Know what is omitted.
In NSO, service is defined in YANG model. And once YANG model is defined and compiled, it will then be encoded to XML. There are few variations to define encode, such as “template only” and “python and template”. As name suggests, template is the most basic pattern, and it directly map the YANG model to XML. While with python some arbitrary operation can be configured based on YANG model before passing any values for XML encode.Continue reading “Cisco NSO – Create Service”
Late last year, Cisco posted “Get NSO for Free!” and since NSO is available for Lab/PoC use for developers. This post is to introduce how to install NSO on Ubuntu16.04, and brief introduction of what it can do.Continue reading “Cisco NSO introduction – vendor agnostic network management”
Basically you don’t need license to access APIs on the network devices directly, because it’s on base license.
However, if you search “Cisco API” online, or when you follow Cisco Devnet contents, it is confusing because a lot of contents are made around ACI/APIC/DNA. And DNA subscription is mandatory for some devices(e.g. Catalyst9k) now, and it sometimes misleads the customer that DNA subscription is required to use any kind of APIs on Cisco boxes.Continue reading “What license is required to use Cisco API?”
Silverpeak is one of the vendor listed as SDWAN leader by Gartners, besides Cisco and VMware.
As I wrote a post about the basic characteristics of SDWAN in previous post, SDWAN solution from Silverpeak also has those basic functions. In a nutshell, the noteworthy characteristics of SIlverpeak SDWAN products are as follows:
SDWAN is booming, and lots of vendors are promoting their SDWAN. According to Wikipedia, any SDWAN should have these characteristics:
One of the most frequent request from my client is “Upgrade the circuit so that application performance get better”. The request itself is easy, because just upgrade 10Mbps MPLS to 20Mbps MPLS is nothing complicated than just a traffic shaping. However, the actual customer desire to get the better performance for their application is not that easy.
There are lots of factors making your application slow. It may be some network misconfiguration or it may be some security misconfiguration. But it is usually the later part when my client requests me to upgrade the circuit. At that time they usually have done all the troubleshooting they could, and still have not found a clue how to solve it. I understand how badly they want to do whatever they can to solve the problem. But, please wait for just a few days, and take a look at your slow application.
If your affected application is the one from Microsoft, it may be very chatty. Chatty application needs to talk to the data source very frequently, and it may not gain much improvement by upgrading the network bandwidth.
It is easier to see what I mean. To show how they differ, I created test environment in AWS as follows:
Test will be done from src to dst. I installed a linux instance to intercept the traffic to emulate various slowness of network.
First I use scp to transfer a bulk data through slow network. The result is as follows:
It is very simple. As the latency increases, the time to transfer the data increases. And the bandwidth increases, the time decreases.
Next, I send 1000 http get request sequentially. The result is as follows:
The lower the latency, the time to transfer gets shorter. However, the third and the fourth row, both of the time to transfer is the same even though the bandwidth are different. Why this can happen? Because this test was to send the http request sequentially, it suffered from the latency rather than the bandwidth. So it doesn’t matter how big bandwidth you have for your network as long as it has big latency.
If your application suffers from network latency, there are numbers of approaches you can take. Again it depends hugely how your application is making a network connection and need to know deeply about your application. For example, splitting database might be a good idea if your MS Access is suffering slowness.
Circuit upgrade is the easiest choice, but it is not necessarily the best solution. Various vendors have WAN optimisation/acceleration built into their product, and it might be worth trying as they usually have demo unit available for potential client. Always ask for help for your network support vendor before making decision by yourself.
I’m a long user of Zabbix, about 9 years now. I’m using it to make sure all my services are working normal. However, it’s never been a go to tool for daily check, because the zabbix generated graph is usually very industrial and not exciting.
Zabbix 4.0.0 was released on October 2018, and it changed my mind. We can now have SVG graph on dashboard, it just looks like Grafana.Continue reading “Monitor HTTP endpoint from Zabbix – Cool graph”
In this post, I’m going to configure Google Cloud Function as an interface among Fortigate, Slack and Github. Once all deploy completed, all the configuration changes on Fortigate will be automatically notified to Slack, and it will be uploaded to Github for version control.Continue reading “Fortigate Config version management”