In this post, I'd like to share why I consider OpenBSD a viable but often overlooked platform for building routers and firewalls. I tried to highlight the networking features of OpenBSD that in my opinion make this OS stand out.
Please, treat this post more as a collection of my personal notes and findings. It doesn't claim to be objective and comprehensive.
Since I embarked on the network automation journey, Python and Python-based utilities have always been the go-to tools for the job. I started, as maybe many of you, with Ansible. Then when dealing with its DSL grew more and more tiresome, I began writing my first Python code. And I was happy. I felt like I was learning something fundamental again, not just another niche technology that would never come in handy elsewhere. Although Python had some limitations in terms of portability and speed, it didn't bother me much.
In my previous post, I mentioned various tools meant to help implement code management best practices, but I didn't go into much detail about any of them. This time I'd like to focus on Commitizen which introduced me to the concept of conventional commit messages and automatic versioning.
Using templates for device configurations is a common practice and it has obvious benefits, such as speed and consistency. Working on many small Python automation projects made me think of employing the same approach. Previously I had to copy and adjust a lot of code-related things such as directory structure, poetry settings, CI/CD pipelines, etc. Templating all of this allowed me to reduce the initial scaffolding overhead to a minimum and jump straight into writing code. In this article, I want to share my experience in building such a template.
Yesterday I migrated my blog from Hugo to MkDocs static site generator, supercharged with Material for MkDocs theme. I've been a fan of the project for some time now and was super excited when the blog plugin was announced and finally released.
Have you ever faced a problem sharing your python scripts with the rest of your team? You need to ensure a lot of things for your script to run on a recipient's machine. This often involves ensuring that the Python interpreter's correct version and all the dependencies are installed among other things. To put it mildly, portability is not Python's strong suit. That's where Docker can come in handy.
This blog post moved to a dedicated section of this site.
In this post, I would like to make a quick introduction on how to make use of Cisco Support APIs. Cisco has several Data APIs which allow their partners and customers to consume a lot of different information about their products and services programmatically. Here is the list of all available Data APIs:
It's been a while since my last post and I want to shed some light on what I've been up to and what are my plans for the future of this site. A lot of things happened in 2019 and 2020 in my professional life and the two most important ones were changing job and becoming a CCIE R&S this February (just before the lockdown). Both of these activities were the main reason why I've been silent here for so long (not to mention living through the lockdown with a toddler).
Recently I’ve been tasked to come up with a VPN solution which must support: - All major desktop and mobile OSes as clients - Clients behind NAT - Mikrotik RouterOS as a client - Site-to-site and remote access VPNs
First, I had to decide whether it will be a dedicated hardware appliance or software running on a VM. The latter was more appealing because of its flexibility and ease of deployment.
Second, I needed to choose the actual software. The following options were considered: - IPSEC implementations such as FreeSWAN, OpenSWAN or strongSWAN - OpenVPN - SoftEther
OpenVPN was chosen because of its huge user base, cross-platform client support, and extensive customization options.