Learn to Code! (Or, An Easy Way to Create AWS Site-to-Site VPNs)

For the past several months, I’ve been attending school full time to learn how to program. Specifically for C#, ASP.NET Core MVC, SQL, and using this to develop web applications for hosting on the Azure platform. To say I learned a lot would be an understatement.

My background is mostly in Network Engineering, but for the past few years, I’ve seen the writing on the wall that programming skills are becoming more and more of a requirement for “infrastructure” folks. As we leverage cloud and virtualization solutions more and more, there is more and more which can be done with code, and for good reason. I can programmatically build out my infrastructure with code, and test and deploy it in a fraction of the time it would take to build out a physical environment. Moreover, if something in this virtual infrastructure should break, I can simply redeploy the infrastructure with the existing code instead of spending hours (or maybe even days) troubleshooting why it broke and then fixing it.

So, I decided I wanted to learn how to code. I had gone through previous spurts of tinkering with programming but felt I just didn’t have the chops to leverage it and just wanted to finally immerse myself. The course I enrolled in (Microsoft Software and Systems Academy) was geared more towards the application developer, and not towards us infrastructure folks. But, this was okay: I wanted to learn the deeper concepts, beyond scripting, and use that to supplement my existing knowledge.

So as my course came to a close, I decided I wanted to revisit some infrastructure tasks I had completed previously in the AWS GUI (or the long way), and build those out using code. A test, of sorts, to see what I had really learned…It was refreshing.

A result of that revisit is a Python script which performs the following:

  1. Creates all the components required in AWS for a Site-to-Site VPN with default settings (default meaning AWS generated pre-shared keys, inside IPs, DH algorithms, AWS-side private BGP AS, etc.), in a default region (as per AWS CLI config). These components are:
    • Customer Gateway
    • Virtual Private Gateway
    • Virtual Private Network
    • Enable Route Table Propagation
  2. Generates on-prem side configuration templates for various types of equipment.

You can find this on my GitHub account: aws-s2s-vpn-config

The big takeaway I have from this, now that I’m more familiar with coding concepts, is that cloud providers are really geared towards being interacted with programmatically, and the documentation for doing so is actually really good.

So, if you are an older-school server or network guy/gal (or other infrastructure type), dive in and get some coding skills because it will keep you relevant, make your job easier, and hugely benefit your organization. If you’re looking to get started, Al Sweigart has his “Automate The Boring Stuff With Python” available for free, and the accompanying course on Udemy is usually fairly cheap.

Good luck!

Azure Advanced Networking

Previously, I wrote about setting up hybrid networks utilizing AWS and GNS3 as a way to lab out and get familiar with hybrid network concepts and technology. Recently, I’ve been digging into Azure and decided to perform a bake-off, of sorts, between setting up the exact same type of topology discussed in my blog post on AWS Advanced Networking – Part 2 but with Microsoft Azure.

To recap: The general idea is to connect a cloud virtual network back to a GNS3 network hosted on your local workstation/laptop. The GNS3 network simulates an on-premises environment from where you would normally host your local services, such as active directory or perhaps a web server. The configuration notes and scripts for this lab can be found on my corresponding GitHub repository.

In this tutorial, I’ll perform a walk through, and a general comparison to performing the same task in AWS for how to connect your GNS3 lab topology to Microsoft Azure. To start, let’s take a look at the reference architecture for what we are about to build:

Figure 1. The Reference Architecture
Continue reading Azure Advanced Networking

AWS Advanced Networking – Part 2

In this walk-through, we’ll look at forming a hybrid cloud architecture utilizing an AWS VPC and a mock “On-Premise” site, connecting the two via a site-to-site VPN. In my first post on this topic (Part 1), we leveraged another VPC to mimic the on-prem environment utilizing a Cisco Cloud Service Router, linking the two via a AWS VPN Gateway and an AWS Customer Gateway. In this post, we’ll be performing the exact same actions on the AWS side; however, to mimic the “on-prem” side, we won’t use another AWS VPC. This time, we’ll use GNS3 on your local computer to form a site-to-site VPN from your GNS3 topology to the AWS VPC. In this setup, there are a few advantages. First, flexibility: you’ll be able to connect any topology you dream up in GNS3 to an AWS VPC to truly test out complex routing and switching connectivity. Second, lower cost for testing; in this case, you’ll only burn $0.05 per hour for the VPN connection in AWS, instead of $0.096 per hour for both the VPN and CSR running. So with that…

Continue reading AWS Advanced Networking – Part 2

AWS Advanced Networking – Part 1

For the past few weeks, I’ve been studying for the AWS Certified Advanced Networking Specialty exam. So far, I’ve been primarily using A Cloud Guru. They have great content, engaging instructors, and it all treated me very well during my preparation for the AWS Solutions Architect exam. However, one thing I’ve noticed so far that is missing from the Advanced Networking course are labs: pre-canned scenarios where I can put into practice the topics discussed and covered in the course.

Continue reading AWS Advanced Networking – Part 1

AWS SSM Automation: Cheaper Than Spot Instances

In my last post, I talked about how running spot instances for my flexible workload (pushing Logstash-consumed logs to Elasticsearch) saved me about 70% when compared to continuously running an on-demand EC2 instance.  However, I’ve discovered a new way to tweak this cost savings even more.  By utilizing AWS System Manager, to spin up an instance on a specific schedule, I now have an 83% cost savings over running an on-demand instance.  Let’s breakdown the cost:

Continue reading AWS SSM Automation: Cheaper Than Spot Instances

My *Serverless Website

Just last year I became aware of serverless as a real thing:  Running entire architectures without using a single server, and not having to maintain all the aspects of those servers.  Instead, leveraging Cloud offerings to pick up the various functions of running applications in the cloud, spread across a potentially wide array of microservices.  It wasn’t until I watched this video, from Serverless Conference 2017,that I became aware of how much of a game changer serverless technology is and will become.  Spoiler alert:  The gentlemen in this video serves hundreds of thousands of users per year and streams 4TB of content per day with a total serverless compute bill of just $700…still shocking to think about.

In my work environment, there are regulatory restrictions which currently prevent us from moving to serverless (or full cloud, for that matter), so I decided to tinker with it in my spare time.  In fact, it’s where this website came from.  Up until a few days ago, this website was built upon a serverless architecture which look something like this:

Mostly hosted on AWS, the individual components breakdown as Continue reading My *Serverless Website

Setup a GNS3 Server on AWS EC2

In this video, we’ll walk through the processing of setting up a GNS3 server on AWS, which you can access anywhere and scale to your needs.

Here’s the commands we’ll use in this configuration:

cd /tmp

curl https://raw.githubusercontent.com/GNS3/gns3-server/master/scripts/remote-install.sh > gns3-remote-install.sh

bash gns3-remote-install.sh --with-openvpn --with-iou --with-i386-repository