Monday, September 11, 2017

Book review of "Mastering Python Networking"

Last month I had a change to get a hold of the book “MasteringPython Networking” by Eric Chou from Packt Publishing

I worked as a software developer for a networking company writing value-added firmware on top of the hardware based switching and routing engine. With in-depth knowledge and experience I still find this book very useful for me.

Below is the table of content and brief summary of the book that I got from the Packt Publishing site:

Table of Content
  1. Review of TCP/IP Protocol Suite and Python Language
  2. Low-Level Network Device Interactions
  3. API and Intent-Driven Networking
  4. The Python Automation Framework - Ansible Basics
  5. The Python Automation Framework - Ansible Advance Topic
  6. Network Security with Python
  7.  Network Monitoring with Python - Part 1
  8. Network Monitoring with Python - Part 2
  9. Building Network Web Services with Python
  10. OpenFlow Basics
  11.  Advanced OpenFlow Topics
  12. OpenStack, OpenDaylight, and NFV
  13. Hybrid SDN

What You Will Learn
  • Review all the fundamentals of Python and the TCP/IP suite
  • Use Python to execute commands when the device does not support the API or programmatic interaction with the device
  • Implement automation techniques by integrating Python with Cisco, Juniper, and Arista eAPI
  • Integrate Ansible using Python to control Cisco, Juniper, and Arista networks
  • Achieve network security with Python
  • Build Flask-based web-service APIs with Python
  • Construct a Python-based migration plan from a legacy to scalable SDN-based network.
This book is written in a very logical manner covering from the basics to the more advanced topics. Integrating networking and Python automation into one and to show the reader how to build a lab environment to try out what is covered in the book. This hands-on adds value to this book because it is not just theory.  We engineers like to get our feet wet and try things out ourselves.

This book is pretty comprehensive as it covers automaton of networking device from Cisco, Juniper and Arista Network. The 3 main areas are:

Automation with Python/Ansible
Two chapters were dedicated to this topic and again it cover the basics of Ansible and them move on the more advanced topic of using programming techniques to make Ansible more powerful and useful in automating the network. It also covered Ansible vault and to show how we can write customized modules.

Network Security with Python
Security is also an essential element that a network engineer has to deal with. One chapter of this book is dedicated to talk about different tools that can be used to automate some day to day task for network security including packet sniffing, port scanning, searching syslog and to automate writing Access Control List (ACLs) with Ansible.  This chapter also introduces the tool PythonScapy.

Network Monitoring with Python
Two chapters were dedicated for network monitoring. It first introduced the various Python based tools for network monitoring and then moving on to the more detail description of Graphviz on how we can better visualize the network, how to parse Netflow with Python and the use of AWS based Elasticsearch for ELK stack.

Python is a powerful and easy to use framework for web based applications. In this book one chapter is used to describe how to build a Network Web Services with Python and some reader may find this useful.

The last 4 chapters of this book were about the near matured technology – SDN. Emphasis are put in talking about Open vSwitch/OpenFlow and then this book touched on briefly the SDN ecosystem such as OpenStack and OpenDayLight with instruction on how to try out OpenStack Newtron 

This book ended with a chapter on moving forward with a hybrid SDN mixing the legacy network with the newer technology of SDN.

Overall, I highly recommend this book for all network engineers and to a certain degree software developers who want to get into the field of networking.

Tuesday, April 4, 2017

Container Runtime Interface in Kubernetes 1.6

Kubernetes 1.6 was released March 26, 2017.

What’s new in Release 1.6

According to the blog post from Kubernetes, this release focuses on scale and automation. Mirantis has a very good “What’s new in Kubernetes 1.6”. In this article, it listed the following categories of major changes:
  • DaemonSet rolling updates
  • Kubernetes Federation
  • Authentication and access control improvement
  • Scheduling changes
  • Container Runtime Interface is now the default
  • Storage improvements
  • Networking Improvements
  • Other Changes
“Other changes” is the catchall category for those changes that are also important. For all the changes in release 1.6, check out the release notes on GitHub.

Kubernetes also has a blog post describing release 1.6.

Container Runtime

 Kubernetes is a container orchestration engine. For container to run on the host, it needs to have a container runtime. Back in release 1.0, Kubernetes only support the Docker container runtime – runc. In release 1.3, rkt is added. In release 1.5 the Container Runtime Interface is added to allow Kubernetes to support a wider range of container runtime to integrate with kubelet on a node. The container runtime interface in Kubernetes 1.5 release as alpha and the Docker container runtime remains to be the default. With this interface, for Kubernetes to support a new container runtime, it does not need to be integrating deep in the kubelet source code.

What is Container Runtime Interface?

 In brief, the Container Runtime Interface is an abstraction layer allowing kubelet to interface with any container runtime. Before release 1.5, without this interface, adding container runtime support will have to make coding changes to the kubelet source code.

This diagram explains how the Container Runtime Interface works:

 image source:

Container Runtime Interface interacts with kubelet uses the gRPC protocol. This blog post from Kubernetes has a more detailed description on Container Runtime Interface. Like any open source project GitHub usually has good documentation on the subject.

Container Runtime Interface is turned on as the default behavior in Kubernetes 1.6 even it is still in beta status. Beside runc and rkt, currently these container runtime are in developement to work with CRI:

cri-o: OCI conformant runtimes.
rktlet: the rkt container runtime.
frakti: hypervisor-based container runtimes.
docker CRI shim.

Kubernetes Resources