[SDN] Arista CVP and Phyton
Hello guys! I’m learning and studying ARISTA programming, could you suggest some book or article to study? Regards, Rodrigo Almeida.
CVP VM Maximum Resource Allocation on DCA-CV-100
Introduction This document describes a procedure and tooling to reallocate the RAM and CPUs in the DCA-CV-100 in order to maximize the performance of the CVP virtual machine. By scavenging resources from the CVX VM and allocating them to the CVP VM the CVP application can achieve higher scale. Prerequisites The scripts and procedures in this document are first available in CVA Version 2.1.3. In CVA 2.1.3 this procedure only runs on the DCA-CV-100. Procedure Allocating Maximum Resources to the CVP VM Find the script reallocateVM.py in the folder /cva/scripts. Run the script as ./reallocateVM --maxCvp This will stop the...
Continue reading →
Enabling CloudVision Wifi container on CVP
The CloudVision WiFi (CVW) service is available as a container on the Arista CloudVision platform from its 2019.1.0/Grant release. Once you activate the CVW service, you can configure, monitor, troubleshoot, and upgrade Arista WiFi access points using the cognitive CVW UI. This chapter gives an overview of the CVW containerization on CV and explains how to set up the service. An appendix lists the CLI commands you can run on the CVW service. Overview of CVW on CV The figure below shows a conceptual overview of the Arista CVW solution. As shown in the figure, CVW is containerized within the...
Continue reading →
Expedited CVP Upgrades
Introduction This document presents several procedures to reduce the time taken to upgrade CVP between major releases. This can reduce the CVP outage window from 10s of hours to under an hour. The trade off with these procedures is that some or all telemetry data will be discarded. Upgrading from 2018.1.x to 2018.2.x See the 2018.2.x release notes for details on the upgrade process, there are other upgrade requirements and restrictions beyond what’s discussed here. When upgrading from 2018.1.x to 2018.2.x there are two migrations that take place. The first migration is to move the provisioning data from hbase to...
Continue reading →
CVP with Terminattr certificates
Introduction This document describes the TerminAttr certificate authentication feature introduced in the CVP 2019.1.0 release. TerminAttr Authentication with CVP Every switch managed by CVP uses TerminAttr to stream updates to CVP and every one of these TerminAttr connections needs to be authenticated. Authentication is provided via shared key or certificates. Certificate-based authentication provides additional security by (1) eliminating the shared key from the switch’s configuration and (2) by uniquely authenticating each connection between the switch and CVP. Enabling Certificate Authentication In 2019.1.x CVP is configured, by default, to authenticate using shared keys. The TerminAttr certificate authentication can be turned ON...
Continue reading →
ChangeControl API
Overview The ChangeControl APIs offer a way to programmatically interact with the ChangeControl service on CVP. Description Data Model From the data model perspective a ChangeControl is a collection of stages that could be executed in sequence (series) or simultaneously (parallel). An action is the executable unit of work (for instance Task is an action). Each stage can either have an action or a list of stage_rows. The list of stage_rows are executed in series. A stage_row has a list of stages that are executed in parallel. In summary action: Executable unit of work. stage: ...
Continue reading →
Change Control Script Actions
Introduction Script action is a very effective feature to enable customers to add their own custom actions to Change controls. Examples of customized script action could be To check or configure third party devices including other switches, storage devices etc Adding specific checks on Arista devices which isn’t already available as a prebuilt action Interacting with third party messaging systems or git repositories Script and config file CVP supports running only python scripts as a script action. Each script runs in its own container. Uploaded python scripts cannot make any changes to the CVP’s underlying filesystem. We additionally also need...
Continue reading →
BGP Maintenance Mode and MLAG ISSU Change control actions
Introduction This document describes the BGP Maintenance Mode (MM) and MLAG ISSU Actions for Change Control to support hitless image updates for EOS switches managed by CVP. References The following documents provide some background on EOS’s BGP MM and MLAG ISSU functionality: EOS Users Manual: MLAG EOS Users Manual: MLAG Maintenance EOS Users Manual: BGP Maintenance Mode BGP Maintenance Mode Hitless upgrade with BGP MM is typically achieved by wrapping an Image Upgrade Action with Enter and Exit BGP MM Actions. The basic sequence is shown below where first the device enters MM, executes the task and then exits MM....
Continue reading →
REST API Client
Hello, Im using a REST API Client called Postman to send APIs to CVP. I’m receiving a “401” Response due to failed authentication. I was able to make the API call using the FQDN/web/api/ but I noticed it works only when a user is logged in to the CVP console. If no user is logged in then the API call fails with the failed authentication error. Also, I noticed when I used Postman or any other REST client the CVP console user was logged out automatically. Im doing something simple (a new label). I added the content-type and the authentication...
Continue reading →
Download CVP
Hey everyone, Do we need a special account privilege to download CVP for testing? I have a customer account, but the software download page doesn\’t have any links to CVp download and there is a message indicating that I might not have necessary privileges for downloads. Note: cEOS and vEOS are available for download Any hint? Thanks a lot!
CVP AAA TACACS+ authorization with Cisco ISE
CVP AAA TACACS+ authorization with Cisco ISE Introduction We saw last time how to correctly integrate Aruba ClearPass CPPM with CVP so TACACS+ users can authenticate with the correct network role. The purpose of this document is to show the same for Cisco ISE (successor of ACS) TACACS+. Our goal is to make Cisco ISE send us the cvp-roles=network-admin attribute in the Authorization reply packet. NOTE If you are running CVP versions 2018.2.0 and 2018.2.1 you might hit BUG 345723 due to which in tacacs-provider authorization we are not checking for TAC_PLUS_AUTHOR_STATUS_PASS_ADD flag. We can provide a binary patch...
Continue reading →
CVP to K8s: full-scale production network simulation
Intro Network simulation environments have always been limited to a single compute node, which made the labbing of a full-scale production network an exercise in compromise and trade-offs. At the same time compute resources are cheap and abundant and modern application designs are making use of them by adopting meshed scale-out architectures, treating multiple hosts as a single pool of resources. In this post, we’ll see how (with just a few clicks*) we can build a replica of a real production network, orchestrated by Kubernetes based on information extracted from Arista’s CloudVision Portal (CVP). * Assuming all the prerequisites are met
Using CloudVision Portal to Manage Arista AnyCloud
Introduction There are many advantages to using Arista’s vEOS Router and CloudVision Portal (CVP) in hybrid cloud environments. Among those advantages are: Arista EOS is a proven and stable network operating system used in some of the largest networks in the world. The same EOS that runs on our physical switches also runs in the public cloud. CloudVision Portal provides a common management model for network devices whether running in a customer’s private data center or in public cloud environments. CloudVision Portal provides turn-key automation and real-time telemetry across private and public cloud environments. One of the primary challenges to...
Continue reading →
ClearPass TACACS+ Authorization with CVP
ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →
Automated SSL/TLS Cert in CVP
Hi, since CVP 2018.1 introduced the SSL/TLS certificate management to the web ui I wondered if there is also a supported way to change it via the cli on the system itself? I would like to automatically deploy and update the certificates with letsencrypt. Since the renewal happens every few weeks that would be better done via a cron job than by hand in the gui. I guess replacing the file on disk and then restarting nginx is not the best or supported way for our multinode cluster ;) What would you recommend to to besides buying a certificate with...
Continue reading →
Error handling within CVP Configlet builder
What’s the best way of handling error conditions in a python configlet builder? My script takes data from a git repository to generate the configlet, the script validates the data before generating the configuration. If it’s invalid it will need to signal an error to CVP. What’s the best way to do this? I’m thinking I should raise and exception, however this simple test doesn’t seem to do the right thing:- <pre> from cvpServices import CvpErrorimport errorCodes CvpError(errorCodes.CONFIGLET_GENERATION_ERROR, ‘error an error occured’) </pre> Any suggestions?
CloudVision Portal RESTful API Client
Arista Cloudvision® Portal (CVP) provides a central point of management for Arista network switches through shared snippets of configuration (configlets) enabling Network Engineers to provision the network more consistently and efficiently. While CVP highlights a graphical user interface for configuration and management of devices, it also includes a full-featured RESTful API that provides all of the same functionality available via the GUI which can be used to automate workflows and integrate with other tools. CVPRAC is a wrapper client for CVP’s RESTful APIs which greatly simplifies usage of the API and more elegantly handles the connections to the CVP nodes....
Continue reading →
CVP APIs: A Non-Programmer’s Guide
1. What are CVP APIs? Most CloudVision Portal (CVP) users are familiar with the web user interface (UI) that facilitates network provisioning, inventory management, tasks management, change control and so on. CVP application programming interfaces (APIs) offer an alternative means of realizing the same functionality. The key difference is that, with the CVP APIs, the functionality is realized over a programmatic interface (i.e typically by a piece of software communicating with another piece of software) rather than by a user navigating over a web page and clicking and/or typing. Figure 1 shows a simplified example of these two methods of...
Continue reading →
Demo: CloudVision skill for Amazon Alexa
Great APIs accelerate development of new applications and integration with existing tools and services. Check out the sample CloudVision skill for Amazon Alexa that the EOS+ Consulting Services team put together one afternoon! Please share and use the comments to tell us about other integrations that you would find interesting and useful!
Export CVP Functionality to Ansible
In some network environments there is a separation of responsibility for the network infrastructure and the server side equipment. In these environments, different groups responsible for managing different equipment could use different tools for the job. This guide will discuss one of the several options for integrating Arista’s network management tool, CloudVision Portal (CVP), into an Ansible environment. Summary In this example, the environment uses Ansible as the configuration management tool for server provisioning but uses CVP for network management. The environment is set up to allow the server team to provision top of rack switch ports for servers using...
Continue reading →