BGP Visualization Using Python

KSA

During my Network study, I always admire the way that BGP works and operate. The black magic that handle how the packets are exit from one country (Autonomous System=ASN for short!) and enter the another without any “Boarding-Pass” or “Visa”. Not just that, but BGP strive to make the travel time and path is the shortest one amongst the available routes to destination using of exchanged path attributes between those ASN. very clever, robust and old Winking smile

But as the internet routing table grows and number of assigned ASN increase each day, I think it’s become harder to visualize the interconnection between ASNs. Everyday a new ASN is being connected to a bunch of other ASNs and it’s really hard to trace those connections with just a raw data provided by Route Glass Servers or RIRs.

So I think it’s time to involve Python to solve this problem. Basically I tried to build a python module that answer the below questions:

1- How ASNs are being connected to each other given a list of ASNs?

2- How ASNs are being connected in one country?

3- Which ASNs are considered as an Service Provider or IXP? (has more than 15 BGP peering with other ASN)

4- Which ASN is considered an Upstream to a specific ASN? That will help in defining the ASN gateway for a country for example.

5- Which ASN is considered a Downstream (Customer) to a specific Service Provider (Operator)? and how are they distributed comparing to other Service Providers?

6- Finally I need all of that in one picture, visually! You know the old say,

A picture is worth a thousand words

and those thousand words are being stored in a lot of  RIRs like RIPE and AFRNIC that provide useful BGP data publically but in raw format.

I started developing a python module to address the above questions and in two days I have a promising prototype and able to visualize the first country then later on added a capability to visualize a portion set of ASNs. Final stage is adding some console logs for troubleshooting and publishing the package into PyPI . I called it  (bgp_visualize) , Yeah, Couldn’t find a better one Open-mouthed smile.

I tried to design the bgp_visualize to work with a minimum set of possible data. For  example in case of visualizing BGP in specific country, you need to just provide the country code. However you can customize the way and look for the generated graph by providing few parameters like node_color , node_size , desired_background  and so on.

Working on Module

First you need to install it (and install python 2.7 of course if you didn’t have it already in your machine)

Using CLI

pip install bgp_visualize

Using GUI (Pycharm IDE)

Open Settings | Project Interpreter | | Add New

Then search for bgp_visualize python module and install it

Then Run the below code to visualize a set of ASNs (You can run it also from Python native IDLE if you’re using Windows OS)

from bgp_visualize import bgp_visualize_asn
ASNs= bgp_visualize_asn.bgp_visualize(asns=[8452,24835],dark=True)
ASNs.Draw()

The resulting graph will be something like below (Click on Image for better resolution) and to visualize all autonomous systems in specific country, you need to provide the country code to the object

from bgp_visualize import bgp_visualize_asn
country= bgp_visualize_asn.bgp_visualize(country='sa')
country.Draw()

There’re a lot of screenshots for different BGP graphs are available in my Github page, so please check them out!. Also you can send me your generated graph and I’ll add it to the Github

Color Map

bgp_visualize module use different colors to represent the Autonomous System role in the graph. below is the list of colors and meaning of each in the generated graph

First if AS is considered to be  a service provider or IXP, then it will be colored with one of below colors

if AS is an upstream for specific ASN, then it will be colored as blue

ASN is Downstream:

Transit or not defined

Wrapping Up

I really enjoyed working on this package!.You can use it to troubleshoot and visualize any ASN in your network or in your country and understand the upstreams and downstreams for each one and easily identify the service providers, All in one graph!

For me, I had that idea long time ago to visualize every ASN, every connection, every prefix in the planet and draw them in nice and presentable way and I think this package is a good start, That’s my dream!.

Finally , I hope this has been informative for your and I’d like to thank you for reading.

Introduction to SDN and NFV

If you’re confused about what’s the difference between SDN, NFV, Overlays and automation or what’s the role of each technology and how they’re connected

These are introductory slides for explaining the SDN and NFV technologies. what’s the difference between them and when each one is used. Also it talk about some of Cisco products in each area either SDN or NFV or the Automation with some of real use cases deployed in today’s service provider network.

Hope it’s useful and you like it.

signature_thumb1

NFV ETSI Lab in Egypt

in last few weeks, I’ve been involved on building and designing the NFV lab according to ETSI standard in my company. The ETSI standard is shown in below snapshotimage

The concept of NFV is simple. it tends to convert the functions that exist in your “physical network” to a virtual. functions like DPI, BNG and route reflectors will be converted to Virtual machines.

The left hand side of the picture is called “MANO = Management and Orchestration” where the right hand side of the standard is the real hardware and bunch of hypervisors (KVM, ESXI)

image

This allow to create many use cases such as service chaining on which subscriber traffic could be easily passed by any type of VNFs (Virtual Network Functions) regardless of it’s physical location. For example the below subscriber traffic is passed by virtual firewall, DDoS and virtual DPI before sending it out to the internet. Other subscriber traffic could be passed by a different “chains”

image

Cisco has a wide portfolio that cover most of the ETSI components, Let’s explore them in brief

image

NFV-O : Orchestrator

Cisco has the NSO product (Network Service Orchestrator, before it’s called Tail-F NCS). Tail-F has a huge contribution in defining the YANG language used in service modeling in the NFV. Cisco acquire the Tail-F company two years ago and it’s one of the most successful acquisition in cisco. You can read more about the Tail-F in thislink. The orchestrator job is to orchestrate the service creation over the VNFs and push the correct configuration on them based on many triggers

NSO use a concept of NEDs (Network Element Drivers) that capable of communicate with many many vendors like Sandvine, Palo-alto, Juniper and of course Cisco. it also capable of communicate using the NetConf protocol that allow it to not only orchestrate the VNF but also the PNF (Physical Network Functions – The real hardware and ASICs).

VNF-M: VNF Manager

because your network functions will be a bunch of VMs (Firewall, DPI,..etc). You will need to have a “manager” that manage the CRUD(Creation, Redeploy, Update and Deletion) operation of those VMs. Cisco has a product that called ESC (Elastic Service Controller) that integrate very well with NSO and any type of orchestrator in northbound. In southbound it ‘s capable to communicate with Openstack and VMware through standard RESful services.

VIM

The virtual infrastructure manager (openstack or vcenter) are responsible of creating the actual HDD, RAM and CPU for the VNF. Cisco recommend to integrate with RedHat Openstack (RDO)

EMS (or VNF)

This is the network function that become virtual! . I used in this lab the Cisco Cloud Service Router (CSRv) that capable on running most of the ASR functions without a problem (side note: I used it to build a complete SP-WiFi lab for one of the operator here in Egypt and it work very well in EAP-SIM and Portal based scenarios). below is the available VNFs from cisco

image

My NFV Lab

image

First I tried  to integrate the Cisco Elastic Service controller with Vmware vCenter but not having much luck on this integration. I stucked in starting the orchestrator service in vCenter process on which I’m thinking it’s one of the component that used by cisco ESC for communicating with VMware infrastructure. also vCenter seems complex solution to me on which limiting my options

image

Although the ESC is connected to vCenter, and able to read all “tenants” or VMs from it, but it was unable to administrate them

image

image

Hmmm, Ok. let’s seal to the other destination, The Openstack Smile

Second I imported the ESC to the openstack and installed it using the bootvm.py python script.

image

Great. next step is to integrate the ESC with Openstack that took only two minutes! (Thank you VMware for wasting my time!!)

Third, Once Integration is done, You can see that ESC can successfully retrieve all the tenants from the openstack

image

Also it’s capable of communicating with Openstack services like nova, cinder

image

And finally it’s capable of reading all compute hosts and hosted instances

image

Fourth, Push the configuration from orchestrator to ESC and watch Openstack create the images, flavors and attach all networks to CSRv (through the ESC)

image

image

Instances page

image

if you check the ESC portal, you will see immediately the CSR VNF Active, up and running in the ESC

image

And you can access the CSRv console directly from the ESC through the built-in VNC utility

image

But really, what’s the job of the ESC?

ESC play a vital role as a VNF manager in monitoring the VNF operations.  for example if one of the VNF that created through the ESC is deleted by mistake. the ESC will detect this event and immediately re-deploy the impacted machine without any intervention from your side. You can program it with many events to be monitored like overloading the VM, underloading, License experience..etc

image

The ESC communicate with openstack through REST messages over HTTP and order it to create VM (VNF) with specific flavor, Image ID and attached networks) as shown in blow snoop between ESC and Openstack

image

Conclusion

NFV is one of the hottest topics in service provider area and it soonest they will convert to this model to save much power and space in datacenter and more important is to introduce agility and harmony in today’s complex network. I really recommend you to choose open standard solutions and not limit your options to propriety software. Learn openstack and YANG modeling and be open minded to automation mythology

Finally I’ve the complete NFV lab integrated components (Orchestrator, VNF-Manager, Openstack and VNF) up and running in my company lab. I think it’s the first lab of it’s type here in Egypt to the best of my knowledge Smile

for any questions, please post a comment and we can discuss it together

Thank You

S

Juniper MX BRAS – Part 3

As you notice from previous configuration. We have to configure the unit 1 with static VLAN (800) to create only ONE SUBSCRIBER INTERFACE . However in real world scenario this not necessarily the case. we need to make MX check the incoming vlan id from DSLAM and handle the creation of both VLANS and Units that hold the PPPoE sessions. BTW, Here’s a golden rule. One Vlan per Unit!

clip_image001

 

You can find below the interface structure in dynamic configuration. The physical interface is ae(Active Ethernet) and beneath it the auto-configure command that “instantiate” the VLAN and SVLAN from dynamic-profile

image

Read More »

Introduction to Diameter Protocol – Part 1

Introduction

Diameter is an authentication, authorization, and accounting protocol. used primarily for Service provider networks . It evolved from and replaces the much less capable RADIUS protocol that preceded it.

in this presentation I will try to familiarize you with the new AAA protocol and deep dive into the diameter protocol details, Credit Control Application (Gx,Gy and GZ) and sample use case for peering Sandvine PTS (Working as PCEF) with freePCRF.server and finally introduce you with seagull, a popular test tool to test different diameter-based scenarios

Hope You like it.

Juniper MX BRAS – Part 2

In this post I will continue to deep dive into the Juniper MX configuration and tweak it to work as a BRAS. Please refer to my previous blog post for more information on PPP protocol Stack

Let’s start

to configure MX as a BRAS,  The Following configuration is needed on BRAS

Basics Configuration

  • Interface creation –>configuration inside dynamic profile
    • Vlan Interface
    • PPP Interface
  • PPP Handling(PAP) –>configuration inside dynamic profile
  • Creating loopback
  • Radius Authentication – – >configuration inside access-profile
  • Radius Accounting – – >configuration inside access-profile
  • Address Assignment – – >configuration inside access-profileService and speed allocation

Advanced(Optional)

  • Advanced QoS
  • Change Of Authorization
  • Captive portal/redirection configuration
  • Wholesale

Read More »

Juniper MX BRAS – Part 1

 

In last few weeks, I Spent most of my time working on Juniper MX and try to evaluate it as a BRAS. Previously I was working on Juniper E Series Broadband routers and now some of my customers need to move to the new MX especially after EOL announcement of E series platform. So let’s start

 

Part 1: Introduction To PPP Protocol

Part2: Juniper Mx BRAS Configuration

Part3: Juniper Steel-Belted Radius Configuration

Part4: Final Thoughts and wrapping up!

 

First Here’s my topology that I will work on it

image

 

Nodes Name and Function

Node Name

Platform

PPPoE_Client Windows 7 with PPPoE Interface
PPPoE_server Juniper vMX router working as BRAS and with SM license installed on it RE14.1
AAA Juniper Steel-Belted Radius (SBR)
LDAP Any Open source LDAP , OpenLdap is OK

 

Read More »