Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
View
Sort
Coming soon
1

Hello everyone,

Im kinda newbie in python so please show mercy. I make a request with requests module to a system via REST API to retrieve certain data. The python3 script looks like below:

import requests
import json
import sys                      
import signal
import os
from pprint import pprint as pp

URL = 'https://netbox.a-corp.com/api/dcim/devices/?tag=router'
r = requests.get(URL, headers=headers, verify=False).json()`

devices = []
for device in r:
    ip          = r['results'][0]['name']
    device_type = r['results'][0]['platform']['slug']
    devices.append([device_type, ip])
print('='*79)
pp(devices)

From firefox i get the following data:

https://pastebin.com/cp9Q5AKP]

From python i get the following data:

pprint format = https://pastebin.com/nZGKbTsj
print format = https://pastebin.com/b73vQ08q

I want to retrieve only the "name" and "slug" under "platform" and convert that data into json format so my ideal output would be:

[{'ip': 'ACORP-HQ-EU-GR-ATHENS-DC-R1.a-corp.com', 'device_type': 'cisco_xe'},
{'ip': 'ACORP-HQ-EU-GR-ATHENS-DC-R2.a-corp.com', 'device_type': 'cisco_xe'}]

However i get the following output:

[['cisco_xe', 'ACORP-HQ-EU-GR-ATHENS-DC-R1.a-corp.com'],
 ['cisco_xe', 'ACORP-HQ-EU-GR-ATHENS-DC-R1.a-corp.com'],
 ['cisco_xe', 'ACORP-HQ-EU-GR-ATHENS-DC-R1.a-corp.com'],
 ['cisco_xe', 'ACORP-HQ-EU-GR-ATHENS-DC-R1.a-corp.com']]

I think i'm pretty far away from my ideal output because the output that i get from the script is a list of lists and the problems are:
1) I don't get the right output to begin with. I get 4 times the same device (ACORP-HQ-EU-GR-ATHENS-DC-R1) and i need to get each device once.
2) I have to pull out a single list from inside the master list and convert that into a dictionary with keys ip and device_type and values "cisco_xe" and "ACORP-HQ-EU-GR-ATHENS-DC-R1.a-corp.com"

If i do:

print(r['results'][0]['name'], r['results'][0]['platform']['slug'])
print(r['results'][1]['name'], r['results'][1]['platform']['slug'])

I get the following output:

ACORP-HQ-EU-GR-ATHENS-DC-R1.a-corp.com cisco_xe
ACORP-HQ-EU-GR-ATHENS-DC-R2.a-corp.com cisco_xe

However in this example i know there are only 2 devices, practically i can't know how many devices will be there.

So... any guidance will help!

1
2 comments
2 points · 2 days ago

Well. You get the same one 4 times because you keep calling the first item in your loop: r['results'][0]['name'] You should probably change that to a variable you're looping through.

After that, instead of using list to store the data, change it to a dict instead and put in the values like: devices.append({"ip": ip, "device_type": device_type}) Then you can use the json module with json.dumps() to get it converted into json.

see more
Original Poster1 point · 2 days ago

I gave myself a break and when i came back i said "oh f**k did i really miss this?" so i understood that i a was missing a counter to get what i wanted so i googled "python get dictionary key value pairs" and i found a some loop examples but i was still missing a "counter". However, then i noticed from the firefox response that in the begging in specifies:

"count": 2,
"next": null,
"previous": null,
"results": [

So i made my counter like this and used your solution to make it all into json format:

devices_raw = []
counter = r['count']
for i in range(counter): 
    ip =          r['results'][i]['name']
    device_type = r['results'][i]['platform']['slug']  
    devices_raw.append({'device_type': device_type, 'ip': ip})

devices = json.dumps(devices_raw)

And not it works like a charm, damn it feels good! Thank you very much :)

Original Poster1 point · 17 days ago

9-11ms and yes it is layer 2 only.

see more
5 points · 16 days ago · edited 16 days ago

Bandwidth: 1Gbps
RTT: ~10ms

1,000,000,000 x 0,010 >> 10,000,000 / 8 >> ~1,1MByte window size

https://lonesysadmin.net/2013/12/19/account-bandwidth-delay-product-larger-network-buffers/

Check MTU, MSS and also what /u/pdp10 said.

30

It's my turn to do the "Passed" post!

Network Principles         100%
Layer 2 Technologies       100%
Layer 3 Technologies       78%
VPN Technologies           50%
Infrastructure Security    86%
Infrastructure Services    85%

Study material used:

Total amount of notes: 150 word pages
Total amount of gns3 labs created: 143
Total amount of anki flash cards created: 481
Total amount of studying: Began November 2016 - Passed July 2018

It took me a while to finish ROUTE because, first i didn't want to cram just to pass the exam, i really took my time playing with technologies, protocols, etc. Second, i'm working alongside so it isn't that easy to study everyday or long hours.

Now a few notes for the exam. You absolutely need to know everything in the topics in detail. Just because a section says "Describe Easy Virtual Networking (EVN)" doesn't mean that you just need to know what EVN is, you need to go deeper, study about it from the study material, take a look at cisco docs, ciscolive, blogs, create a few labs for that topic, take notes, create flash cards ... I did this for every topic listed. If you don't want to waste too much time for ROUTE i would suggest doing a Boson exam simulation at some point to evaluate yourself.

If you really think you can get away with not giving too much focus on every topic, think twice. I suggest going through every passed / failed post here in /r/ccnp, you will find so much information.

On exam day i had a few really trivia questions which i commented. I had like 5 sims, 1 was buggy the rest were OK. Some i answered without really knowing the correct answer. What i did here was to write them down so before i leave the room, i would sit 10 minutes to try to memorize them so when i go home i research them for the next attempt. Also we had a very rainy day and the exam stopped at one point, a server rebooted, luckily we managed to continue normally after 10 minutes. I got 30 minutes bonus because my country's native language isn't English, so i had a total of 2 hours and 30 minutes and I finished the exam with 1 hour left.

I was overprepared so i knew that even if i failed it would be from trivia questions, i would write them down, go home study for 2 weeks and come back to take the exam again.

I really learned a ton and it was totally worth it and on my god i clapped so hard when i saw the "passed" in the end of the exam.

Now a question of mine. I can see in cisco.pearsoncred.com that all my certs now expire on 2021 and i can also see from my Pearson exam history that i have 300-101 listed with a status of "Pass" but i yet to receive a mail that says "i passed route" or something, did you guys receive anything?

30
11 comments

Congratulations! I'm halfway through ROUTE OCG and have already 500+ Anki cards, maybe I should slower down :D

see more
Original Poster1 point · 22 days ago

Hmm, it depends. Everyone studies a different way. The way my cards are created are for me personally. Example card of mine:

001) Management, Control & Data planes

• A router’s operational architecture can be categorized into three planes: management, control and data plane.
• The management plane is concerned with traffic that is destined to the device itself and is used for device management.
• A L3 device employs a distributed architecture in which the control plane and the data plane are relatively independent.
    o Control plane example: Exchange of routing protocol information by the route processor.
    o Data plane example: Data packets are forwarded by an interface microcoded processor.
• The main functions of the control layer between the routing protocol and the firmware data plane microcode include the following:
    o Managing the internal data and control circuits for the packet-forwarding and control functions.
    o Extracting the other routing and packet-forwarding related control information from L2 and L3 bridging and routing protocols and the configuration data, and then conveying the information to the interface module for control of the data plane.
    o Collecting the data plane information, such as traffic statistics, from the interface module to the RP.
    o Handing certain data packets that are sent from the ethernet interface modules to the RP.

Another person might add more than into a single card.

Someone else might break this down into three cards:
001) Management plane
002) Control plane
003) Data plane

Here are some useful blogs for flashcards.

https://neckercube.com/index.php/2017/06/22/on-learning-creating-meaningful-flash-cards/
https://neckercube.com/index.php/2017/06/29/on-learning-flash-card-review/
https://neckercube.com/index.php/2017/07/06/on-learning-knowledge-management/

Another thing to point out is that i created the flashcards in the end. I always start with physical notes, and slowly cookie cutter them into word. With time passing by and learning more and more i see myself rewording, adding, removing my notes.

However as everything depends, you may be using Anki for notes so later you already have them as cards so you hit 2 birds with one stone, i personally don't do that.

how do you gain access to LiveLessons (Kevin Wallace)?

Did you pay for your subscriptions out of pocket?

see more
Original Poster2 points · 22 days ago

I pay for everything. I wouldn't suggest getting the live lessons, they are pretty much some topics of the OCG in video format.

Original Poster2 points · 1 month ago

I am looking. There are a ton of logs. I am not sure what each of the logs are.

see more
3 points · 1 month ago

Open a ticket? Send them to vendor?

Source configs from a version control system (github, gitlab) and automate application. We use salt, but ansible, puppet, etc. Will also work. Treat your configs like code (and use software development practices like issues, good commit messages, etc.) and the problem solves itself.

see more

When you push new config to the device the configuration merges so how does ansible/salt/etc overcome this?

7

I think i'm at a good CCNP level right... ?

  • What TCP does / What TCP doesn't do / How TCP does what it does
  • TCP Header / options
  • TCP MSS
  • TCP SACK
  • TCP Timestamp
  • TCP ECN
  • TCP Control Flags
  • TCP FSM
  • TCP 3-way handshake / 4-way handshake process
  • TCP Keepalive
  • IPv4 and IPv6 (P)MTU
  • Latency / fiber optics latency / satellite latency
  • TCP Sliding Window
  • TCP Window Scaling
  • TCP Global Synchronization
  • BDP / BDP calculations
  • TCP Congestion Control
    • Slow Start
    • Congestion Avoidance
    • Fast Retransmit
    • Fast Recovery
  • TCP Retransmissions

Right...???

7
4 comments

I haven’t checked what is exactly asked for the CCNP ROUTE exam however keep in mind that the most important thing (in my opinion) is to have strong knowledge and skills on the mains topics (EIGRP, OSPF, redistribution, PBR, BGP...). Others topics are also important to know as well but they should represent a small part of the exam, they shouldn’t require as much expertise as the big ones.

see more
Original Poster2 points · 2 months ago

Everything in the blueprint is equally important. However with TCP i feel i could be studying till infinity so i wanna draw a line.

Comment deleted2 months ago
Original Poster1 point · 2 months ago

Youhouuu. TCP is a beast and i'm pretty sure i have only scratched the surface!

Not everyone’s on Cisco.

see more
show lldp neighbors

I have this exact setup at a customer.

Isp1 is Comcast coax. Block of 5 static. Comcast modem has 4 ports. Isp2 is fios. Block of 5 static. Only one port, so we have a 5 port switch in front.

The two firewalls are configured as such: FW1 - Comcast WanIP 1 Fios WanIP 1 Internal vrrp to 192.168.200.1, priority 100 actual IP 192.168.200.5

Fw2 - Comcast wan IP 2 Fios wan ip2 Internal vrrp to 192.168.200.1, priority 99, actual IP 192.168.200.6

Ddns is used as they have local exchange, and to ensure VPN works. Ddns client is on an internal server. VPN is handled by open VPN, with the ddns host name in the config file

This was a fun setup to put into place and (knock on wood) no issues in 2 years. Be happy to provide more info if you need it

see more

Isp1 is Comcast coax. Block of 5 static. Comcast modem has 4 ports. Isp2 is fios. Block of 5 static. Only one port, so we have a 5 port switch in front.

You basically got a /29 from each ISP right?

157 points · 3 months ago

Documentation

Original Poster-7 points · 3 months ago · edited 3 months ago

Good answer, but surely documentation isn't everything? Suppose you have a very complex network that requires a lot of documentation to cover it all. In case of an emergency even a senior network engineer might struggle to get things in order if he/she would need to go through the documentation. Time is money. To me it would seem wise to have some form of backup person or team who is kept up-to-date. But I guess staff is money, too, so I'm not saying I disagree with you.

Edit: why the downvotes? I'm not rejecting the idea of documentation. I strongly encourage documentation and if it was my decision everything should be documented. My point was something as follows: You have an airplane with a pilot and 100 passengers. In the cockpit there is a folder that explains exactly how to fly and securely land a plane. Suppose the pilot dies and the plane runs out of fuel and starts to go down. Surely you wouldn't feel comfortable knowing the pilot procedure is documented if noone else can fly the plane? Yes you can ask the passengers if they know how to fly, and maybe one of the guys do, but he's only flown a small Cessna but never without fuel in a thunderstorm and definitely never a big 747. He might be able to land it securely using the documentation but is it worth the risk? Hence the co-pilot.

Maybe a bad analogy that doesn't work well in networking but it illustrates my point. When you have a network environment that only one person knows about, it seems to me that documentation - although very useful and encouraged - wouldn't necessarily be sufficient in some emergencies where time is money. That's not the same as saying documentation isn't required. I just questioned that documentation is everything.

see more
40 points · 3 months ago

Time is money

"Your" time is "their" money and that is management's problem.

To me it would seem wise to have some form of backup person or team who is kept up-to-date

Alongside documentation, he could try to teach you what he knows or you could partner with an MSP.

To conclude, if you have such an extremely complicated network you shouldn't have a human SPOF, period.

I use PRTG for simple ping checks and alarms. I use LibreNMS for everything SNMP.

see more

You aren't using PRTG for netflow?

2 points · 3 months ago · edited 3 months ago

Nice!!!

serial-lookup - Here is a script i wrote to parse a Cisco serial number into an approximate manufacture date.

reality - Here is another that SSHs into IOS devices and runs show commands.

fantasy - Here is another that SSHs into IOS devices and runs config commands (this one uses multiprocessing)

Did you try to exclude the GNS3 folders from the A/V?

C:\Program Files\GNS3
C:\Users\%username%\GNS3
Original Poster0 points · 4 months ago

Yeah I've included all GNS3 files and directories in the exceptions and still failing.

see more

Did you try a c7200 IOS 15 image ?

2 points · 4 months ago · edited 4 months ago

We had the same problem.
We saw the problem coming out of a fresh Windows 10 Enterprise Build 15XXX image directly from Microsoft.
This is the latest image for Windows 10 Enterprise, there is no newer build available.
I did a clean install in 5 new PCs (bough in 2018) and the only thing that broke was Windows Update, was giving an error.
After much investigation and google-fu i solved it by installing and running Windows 10 Update Assistant (available from Microsoft).
It updates (doesn't format or anything) windows to build 17XXX.
After the build update Windows Update works fine.

Quoting a reddit ninja

Can you draw a diagram on the whiteboard of a network you've worked on, and explain it to me?

  • It's an exercise that can reveal a lot more about a candidates experience than any single technical question, and opens up a lot of additional possible questions, while simultaneously allowing you to observe the communication skills of the candidate.

  • Interviews aren't like tests taken in school, or certs. A proper interview question is designed to not have a simple answer, but to draw the candidate into a conversation that reveals not only their technical experience and knowledge, but how they process information, how they identify data, and how they communicate complex ideas.

2 points · 4 months ago · edited 4 months ago
  • Zabbix for data collection and alerting
  • ntopng / nProbe for netflow
  • Grafana to make Zabbix pretty
  • Ansible to talk to Git
  • Git for config management
see more

Ansible to talk to Git
Git for config management

Any links/guides/etc. on how you accomplished all that?
When you say Git you mean a local Git server or GitHub?
I'd guess you have RANCID/Oxidized backup the configs into git repo, right?
What are are some cool things you do with that setup?

5 points · 4 months ago · edited 4 months ago

I have a box that runs Ansible. We have an internal Git server. For config backup, there are cron jobs that launch some playbooks. One of those jobs is to capture the configuration of each network device in our environment and then push the config to Git. I suppose it's similar to RANCID/Oxidized, but it's a hell of a lot leaner.

For making big changes, the process is like:

  1. Someone (who knows how this works) forks the configuration repo from Git
  2. That person submits a merge request to the dev branch containing their modifications
  3. We review the request and merge dev -> master if it is not garbage
  4. My Ansible box will grab the new stuff from Git and then push to a device

I guess it's "Infrastructure as Code" or "NetDevOps" whatever the hip thing is these days. Of course, this is not used for all changes, sometimes I just need to tag a VLAN somewhere or make a small change to an ACL. Also I still want to add some automated QA somewhere in this process, and a mechanism to automatically respond to problems... Basically automate any tedious stuff so I can focus on architecture or deep troubleshooting.

I figured all this crap out with the help of Ansible documentation, Kirk Byers, and months of lab work. I have grand plans to start blogging about it, but I will need to recreate the environment completely in my own time from scratch without the notes I kept at work. I'm pretty sure I could run into some legal trouble if my company decided that the stack I built was "proprietary" in some way. :)

see more

Very interesting stuff, hope you create a blog someday! I'm still a newbie in the "Infrastruture as Code" or "NetDevOps" era.

I'm also a fan of Kirk. I've made some python scripts using netmiko, his examples and this awesome guy from youtube.

Also I still want to add some automated QA somewhere in this process, and a mechanism to automatically respond to problems...

I think these Facebook talks on NANOG can get you started.

NetOps Coding 101 Python Intro and Regular Expression Deep Dive Part 1
NetOps Coding 101 Python Intro and Regular Expression Deep Dive Part 2
NetOps Coding 201 Building Facebook's FBAR for Network Devices

One last question, how do you apply the new config as a new "version" and not merge it with the current config? Do you use the cisco's "archive" feature?

Thank you.

1 point · 4 months ago · edited 4 months ago

I would definitely go over them a few times to see them, so if i ever see something similar i immediately get a catch on what to google. I passed the previous CCNA and i didn't memorize them. Here are some notes i have.

xDizz3r commented on
r/ccnpPosted by

Congratulations on passing the beast. I want to ask, when you say you used cisco docs do you mean you read the entire Configuration Guide or individual topics that weren't covered good/deep enough from OCG/PCG/INE/CBT ?

Original Poster2 points · 4 months ago

yeah just the ones that weren't covered deeply enough in the OCG etc....

see more

cool

I have a script that checks both OS and Firmware every night

So far, it only broke IKEv2 once

see more

Interesting idea.. do you have the code on github?

Don't skip your homework.

ip access-list extended ACL
 deny ip <dmz> any

int vlan <lan>
 ip access-group ACL in
u/xDizz3r
Karma
672
Cake day
September 1, 2013
Trophy Case (2)
Four-Year Club

Verified Email

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.