Cisco NSO – Create Service

In NSO, service is defined in YANG model. And once YANG model is defined and compiled, it will then be encoded to XML. There are few variations to define encode, such as “template only” and “python and template”. As name suggests, template is the most basic pattern, and it directly map the YANG model to XML. While with python some arbitrary operation can be configured based on YANG model before passing any values for XML encode.

Continue reading “Cisco NSO – Create Service”

What license is required to use Cisco API?

Basically you don’t need license to access APIs on the network devices directly, because it’s on base license.

However, if you search “Cisco API” online, or when you follow Cisco Devnet contents, it is confusing because a lot of contents are made around ACI/APIC/DNA. And DNA subscription is mandatory for some devices(e.g. Catalyst9k) now, and it sometimes misleads the customer that DNA subscription is required to use any kind of APIs on Cisco boxes.

Continue reading “What license is required to use Cisco API?”

Kubernetes CKA certification – Where to Start


  • I passed CKA exam on December 2018
  • Prepared for 4 months, before that I had little production experience on kubernetes
  • Must read: Kubernets in Action
  • Must possess: patience, curiosity
  • You cannot pass the exam if you just remember all commands in Kubernetes The Hard Way.
  • To check if you are ready, look through all the document. And if you still feel not overwhelmed by the amount of new things, it should be good timing to give it a go.
Continue reading “Kubernetes CKA certification – Where to Start”

Silverpeak SDWAN – MPLS replacement?

Silverpeak is one of the vendor listed as SDWAN leader by Gartners, besides Cisco and VMware.

As I wrote a post about the basic characteristics of SDWAN in previous post, SDWAN solution from Silverpeak also has those basic functions. In a nutshell, the noteworthy characteristics of SIlverpeak SDWAN products are as follows:

  • Best WAN Optimization
  • Best WAN Accelleration
  • Very high redundancy over the internet which may be able to replace MPLS
  • Not for internet direct access
Continue reading “Silverpeak SDWAN – MPLS replacement?”

Fortigate SDWAN – All-In-One internet resilience

SDWAN is booming, and lots of vendors are promoting their SDWAN. According to Wikipedia, any SDWAN should have these characteristics:

  • The ability to support multiple connection types, such as MPLSframe relay and higher capacity LTE wireless communications
  • The ability to do dynamic path selection, for load sharing and resiliency purposes
  • A simple interface that is easy to configure and manage
  • The ability to support VPNs, and third party services such as WAN optimization controllers, firewalls and web gateways
Continue reading “Fortigate SDWAN – All-In-One internet resilience”

Wider Network is Easy, Faster Network is Not

One of the most frequent request from my client is “Upgrade the circuit so that application performance get better”. The request itself is easy, because just upgrade 10Mbps MPLS to 20Mbps MPLS is nothing complicated than just a traffic shaping. However, the actual customer desire to get the better performance for their application is not that easy.

There are lots of factors making your application slow. It may be some network misconfiguration or it may be some security misconfiguration. But it is usually the later part when my client requests me to upgrade the circuit. At that time they usually have done all the troubleshooting they could, and still have not found a clue how to solve it. I understand how badly they want to do whatever they can to solve the problem. But, please wait for just a few days, and take a look at your slow application.

If your affected application is the one from Microsoft, it may be very chatty. Chatty application needs to talk to the data source very frequently, and it may not gain much improvement by upgrading the network bandwidth.

It is easier to see what I mean. To show how they differ, I created test environment in AWS as follows:

Test will be done from src to dst. I installed a linux instance to intercept the traffic to emulate various slowness of network.

First I use scp to transfer a bulk data through slow network. The result is as follows:

It is very simple. As the latency increases, the time to transfer the data increases. And the bandwidth increases, the time decreases.

Next, I send 1000 http get request sequentially. The result is as follows:

The lower the latency, the time to transfer gets shorter. However, the third and the fourth row, both of the time to transfer is the same even though the bandwidth are different. Why this can happen? Because this test was to send the http request sequentially, it suffered from the latency rather than the bandwidth. So it doesn’t matter how big bandwidth you have for your network as long as it has big latency.

If your application suffers from network latency, there are numbers of approaches you can take. Again it depends hugely how your application is making a network connection and need to know deeply about your application. For example, splitting database might be a good idea if your MS Access is suffering slowness.

Circuit upgrade is the easiest choice, but it is not necessarily the best solution. Various vendors have WAN optimisation/acceleration built into their product, and it might be worth trying as they usually have demo unit available for potential client. Always ask for help for your network support vendor before making decision by yourself.

Monitor HTTP endpoint from Zabbix – Cool graph

I’m a long user of Zabbix, about 9 years now. I’m using it to make sure all my services are working normal. However, it’s never been a go to tool for daily check, because the zabbix generated graph is usually very industrial and not exciting.

Zabbix 4.0.0 was released on October 2018, and it changed my mind. We can now have SVG graph on dashboard, it just looks like Grafana.

Continue reading “Monitor HTTP endpoint from Zabbix – Cool graph”