Basically you don’t need license to access APIs on the network devices directly, because it’s on base license.
However, if you search “Cisco API” online, or when you follow Cisco Devnet contents, it is confusing because a lot of contents are made around ACI/APIC/DNA. And DNA subscription is mandatory for some devices(e.g. Catalyst9k) now, and it sometimes misleads the customer that DNA subscription is required to use any kind of APIs on Cisco boxes.
Silverpeak is one of the vendor listed as SDWAN leader by Gartners, besides Cisco and VMware.
As I wrote a post about the basic characteristics of SDWAN in previous post, SDWAN solution from Silverpeak also has those basic functions. In a nutshell, the noteworthy characteristics of SIlverpeak SDWAN products are as follows:
Best WAN Optimization
Best WAN Accelleration
Very high redundancy over the internet which may be able to replace MPLS
One of the most frequent request from my client is “Upgrade the circuit so that application performance get better”. The request itself is easy, because just upgrade 10Mbps MPLS to 20Mbps MPLS is nothing complicated than just a traffic shaping. However, the actual customer desire to get the better performance for their application is not that easy.
There are lots of factors making your application slow. It may be some network misconfiguration or it may be some security misconfiguration. But it is usually the later part when my client requests me to upgrade the circuit. At that time they usually have done all the troubleshooting they could, and still have not found a clue how to solve it. I understand how badly they want to do whatever they can to solve the problem. But, please wait for just a few days, and take a look at your slow application.
If your affected application is the one from Microsoft, it may be very chatty. Chatty application needs to talk to the data source very frequently, and it may not gain much improvement by upgrading the network bandwidth.
It is easier to see what I mean. To show how they differ, I created test environment in AWS as follows:
Test will be done from src to dst. I installed a linux instance to intercept the traffic to emulate various slowness of network.
First I use scp to transfer a bulk data through slow network. The result is as follows:
It is very simple. As the latency increases, the time to transfer the data increases. And the bandwidth increases, the time decreases.
Next, I send 1000 http get request sequentially. The result is as follows:
The lower the latency, the time to transfer gets shorter. However, the third and the fourth row, both of the time to transfer is the same even though the bandwidth are different. Why this can happen? Because this test was to send the http request sequentially, it suffered from the latency rather than the bandwidth. So it doesn’t matter how big bandwidth you have for your network as long as it has big latency.
If your application suffers from network latency, there are numbers of approaches you can take. Again it depends hugely how your application is making a network connection and need to know deeply about your application. For example, splitting database might be a good idea if your MS Access is suffering slowness.
Circuit upgrade is the easiest choice, but it is not necessarily the best solution. Various vendors have WAN optimisation/acceleration built into their product, and it might be worth trying as they usually have demo unit available for potential client. Always ask for help for your network support vendor before making decision by yourself.
I’m a long user of Zabbix, about 9 years now. I’m using it to make sure all my services are working normal. However, it’s never been a go to tool for daily check, because the zabbix generated graph is usually very industrial and not exciting.
Zabbix 4.0.0 was released on October 2018, and it changed my mind. We can now have SVG graph on dashboard, it just looks like Grafana.
In this post, I’m going to configure Google Cloud Function as an interface among Fortigate, Slack and Github. Once all deploy completed, all the configuration changes on Fortigate will be automatically notified to Slack, and it will be uploaded to Github for version control.
After Github opened its free repository function to free users, I’m using Github private repository to store lots of my applications config file. I usually don’t use version management because they usually never changes after initial deployment. However, especially while I write blog post I need to make changes just to check the functionality. And sometimes I forgot to rollback config and need to check manually on the device.
In this post, I show you how to integrate Fortigate config backup script and Github API. And in the next post I will deploy them in CloudFunction so that it can be invoked by Fortigate automation stitch.
Previously I wrote a post how to backup the Fortigate config using session based authentication. As per the API reference, this is considered legacy, and other authentication method –API token, is preferred. In this post, I demonstrate how to use FortiOS RestAPI with API token. And I will introduce how to parse current configuration.
I used FortiOS 6.0.4 to deploy this, and it is most likely not working with other version(especially 5.x).