Skip to main content

Posts

Showing posts from 2015

Pythonic surprises for a Java programmer - Part 1

I had been a hard core Java programmer through out my career and had moved onto Python a while ago. The transition to python was a roller coaster ride of moments of unbridled exultation, deja vu and mirth followed by those of horror, surprise and deep disgust. Just to crib a bit, Python does not provide encapsulation...arrrghhhhh!!! and the best way to prevent people from calling an internal method seems to be to request them not to do so.
"""      This method is meant to be consumed locally.      Don't call it from outside.... please please please :( """ def _do_something_internal():     -----------------     ----------------- This blog (and a few subsequent ones, hopefully) will capture my observations on some gotchas that "pleasantly" surprise people coming from the Java domain (may be relevant to other languages as well).

Variable Scoping

Scenario 1 :
def method1():     try:           x = 10     except:            pass     print x Expec…

How to setup Juniper's Openstack FWaaS Plugin

I have written a tech wiki article on how to install Juniper's OpenStack FWaaS Plugin @ http://forums.juniper.net/t5/Data-Center/How-to-set-up-OpenStack-firewall-as-a-service-plugin-for-SRX-and/ta-p/282050

This article covers the configuration that needs to be done on the OpenStack side as well as the configuration that needs to be done for the plugin. A reference topology is used and the whole configuration is done as a walk through using the reference model.

Creating Juniper VSRX 2.0 VM on Virtualbox

Juniper has come out with their latest version of VSRX 2.0 (formerly called as Firefly or VSRX 1.0). This release supports a broader set of features and is more performant than the earlier version. More details about the product can be obtained here

I had recently tried out instantiating VSRX 2.0 on Virtualbox. The process required a few minor tweaks and this blog will cover them.

Prerequisites
Download VSRX KVM Applicance from Juniper Website (You need to take care of the legal formalities)Virtualbox 4.3 and aboveDownload qemu-img converter for Windows  The image provided by Juniper is in QCOW2 format. In order to use it in Virtual box you need to convert it to VDI format. To do this you can use the tool qemu-img converter as follows:
#qemu-img.exe convert media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4.qcow2 -O vdi vsrx2.0-1.vdi
The conversion will take a few seconds and you should have the VDI created in the directory. At this piont, you can proceed to create a VM by following these steps:







O…

Scrapy : A python framework for web crawling

Scrapy in the words of its creators:
"Scrapy is an application framework for crawling web sites and extracting structured data which can be used for a wide range of useful applications, like data mining, information processing or historical archival."  A screenshot grabbed from the site shows how concise the working code can be:

Scrapy works only with Python 2.7. The objective of this blog is to get you started with Scrapy and provide you with enough information to carry further on your own. In this blog, I will setup a scrapy project and retrieve some data off my blog site.

Pre-requsites
Python 2.7pip and setuptools Python packages.lxml. Most Linux distributions ships prepackaged versions of lxml. Otherwise refer to http://lxml.de/installation.htmlOpenSSL. This comes preinstalled in all operating systems, except Windows where the Python installer ships it bundled.Setup
pip install scrapy

Create a Project
scrapy startproject blog

This command will create a 'blog' direct…

OpenStack Kilo MultiNode VM Installation using Centos 7 on VirtualBox

In this blog, I will walk you through the steps that need to performed to create a MultiNode OpenStack Kilo setup running on Centos 7 VMs. The resultant network topology will be as follows:


Pre-requisites
VirtualBoxA Laptop or Server with 16 GB RAM and around 20 GB free hard disk spaceCentOS 7 Minimal ISOInternet Connectivity

Juniper Inter VLAN routing in 3 ways explored

When inter VLAN routing needs to be configured on Juniper devices the first thing that comes to mind is to use RVI (SVI in cisco land) and be done with it. But, there are certain situations where this approach may not work and this article explores the alternative ways of configuring inter VLAN routing on Juniper devices.

Lets say we have a router on a stick topology where an MX/SRX is acting as the router. Depending upon whether its MX or SRX the approach to configure inter VLAN routing varies. The below picture acts as our reference topology for this article:





In this topology, we have a switch which has two VLANs 100 & 200 and the tagged packets are sent across to MX/SRX on a trunk port ge-0/0/1. VLAN 100 is assigned to a subnet 10.1.0.0/24 having a gateway ip set to 10.1.0.1. Similarly, VLAN 200 is assigned to a subnet 10.2.0.0/24 having a gateway ip set to 10.2.0.1

Note: In this article I will use an RI instead of the global routing table.

Scenario 1 (RVI) : Works on all MX an…

Customising the Link attribute in Horizon dashboard's DataTable

I had a quick dab at Django & Openstack Horizon frameworks in order to build a dashboard for one of our Openstack projects.

Our requirement was to show a table on the UI with the corresponding CRUD functions. I had used DataTable for this purpose, where in you define the table structure in tables.py and the view rendering is defined in views.py

If a column is defined to be a link, DataTable by default uses the object id of each row to generate the corresponding link. In my scenario, I needed the link to point to a different object. Openstack's documentation was not very helpful and a quick grep through the openstack's code gave me the idea.

The approach to generate a custom link is as follows inside a DataTable:

from django.core.urlresolvers import reverse def get_custom_link(datum):     return reverse('horizon:myproject:mydashboard:detail', kwargs={'key': datum.value}) The value of the key will be used to generate the URL. class MyD…

QuickBite: Tap Vs Veth

Linux supports virtual networking via various artifacts such as:
Soft Switches (Linux Bridge, OpenVSwitch)Virtual Network Adapters (tun, tap, veth and a few more) In this blog, we will look at the virtual network adapters tap and veth. From a practical view point, both seem to be having the same functionality and its a bit confusing as to where to use what.

A quick definition of tap/veth is as follows:

TAP

A TAP is a simulated interface which exists only in the kernel and has no physical component associated with it. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program.

When a user space program (in our case the VM) gets attached to the tap interface it gets hold of a file descriptor, reading from which gives it the data being sent on the tap interface. Writing to the file descriptor will send …

Openstack : Unable to connect to instance console at port 6080

I have a VM on virtualbox which acts as an all-in-one Openstack setup. When I spawn a VM on it the VM boots up fine but from the browser I am not able to access its console.

There are various ways to solve this issue:

1. In the latest version of devstack (as on February 2015) n-novnc is no longer a default service and needs to be added to the local.conf to enable it.
enabled_services=n-novnc  (https://ask.openstack.org/en/question/57993/dashboard-vnc-console-doesnt-work-on-devstack/)

2. See if this helps you intweaking manually : http://docs.openstack.org/admin-guide-cloud/content/nova-vncproxy-replaced-with-nova-novncproxy.html

3.Another geeky solution is that, you can grep the KVM process to figure out the port on which the VNC is getting channeled to and access the console.

openstack@Openstack-Server:~/devstack$ ps aux|grep qemu|grep vnc
libvirt+  9167  0.6  2.4 1504044 97488 ?       Sl   14:25   0:49 /usr/bin/qemu-system-x86_64 -name instance-00000001 -S -machine pc-i440fx-trusty,a…

QuickBite: Avoid Fedora qcow download during Devstack installation

While installing the latest devstack, I found that it downloads Fedora's qcow image as a part of heat installation : https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2. Its a 200MB file and is definitely not needed for Neutron related development. I see that there is an option in local.conf which will make it stick to the default Cirros. You can do it by setting the below config in local.conf:

IMAGE_URLS="http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-uec.tar.gz"

This downloads the latest 0.3.3 series image of Cirros. At a later point, you can visit http://download.cirros-cloud.net/ and download the latest version as shown there.

How to run Juniper Firefly (vSRX) on KVM -- SRX in a box setup

Juniper has released a virtual form factor SRX called Firefly Perimeter (vSRX). It provides security and networking features of the SRX Series Gateways in a virtual machine format. It can be spawned as a VM on a KVM+QEMU/VMWare hypervisor running on a X86 server.


This post will give details on how to set it up as a standalone SRX box which can be used in any of your network deployments just like a normal SRX.

Pre-requisitesHave an X86 server with atleast 4 GB ram, 4 GB harddisk space and two ethernet ports.Install Ubuntu 14.04 on it (Centos should also work provided KVM related changes are taken care of)Assumption: You have logged into the system as root user. Get the SoftwareFirefly Perimeter can be download as a part of Juniper's software evaluation program and can be tried out for 60 days. You will need a Juniper account to download it here. For the purpose of this post I will be using the appliance at "Firefly KVM Appliance - FOR EVALUATION".

Configure the ServerFirefl…

QuickBite : Verifying VLAN Tag using Wireshark CLI (tshark)

If you want to verify the flow of packets from a VM (which is connected to a OVS) to a Switch and ensure that they are getting tagged properly, you can follow the process mentioned below:




Step 1 : Are packets getting sent over eth1


Looks good. We can see that packets are getting sent over eth1.

Step 2 : Check if packets are being received on ge-0/0/10


Looks good. If you see that packet count is not increasing on the interface, it may be because the corresponding VLAN is not associated with that interface (or the packet is being sent with out the VLAN tag)

Check ge-0/0/10 configuration:



Looks good.

Step 3 : Lets check if packets are getting tagged when sent over eth1

[I have Wireshark installed on CentOS. Am using the Wireshark CLI as my server does not have gui installed on it]



Done. You are now ready to trouble shoot basic packet flow.

A few other commands that come in handy on a VM are:
To check the routes known to the system : route -nTo check the arp table : cat /proc/net/arpPing a sy…

VirtualBox Networking Modes

VirtualBox gives an option to select various types of networking modes for an adapter.


The simplest description for each mode is as follows:
NAT :VM can connect to internet but VM and Host can't talk to each other.    Bridge Adapter : The VM acts like a separate machine connected on the same network as the host. It gets an IP from the same DHCP server as the Host. Host and the outside world can talk with the VM directly.Host-only Adapter : VMs can communicate with each other and the Host but not outside.Internal Network : VMs can communicate with each other. Host and outside world can't communicate with the VMs.Not Attached : If you want to test pulling out the virtual Ethernet cable, you can set to this mode on a running VM.Generic Driver : Can be used for two purposes:
UDP TunnelThis can be used to interconnect virtual machines running on different hosts directly, easily and transparently, over existing network infras…