Page MenuHomePhabricator
Create Task
Maniphest T361871

codfw: use old asw switches from row A and B as msw switches in row C and D
Closed, ResolvedPublic
Actions

Description

We decommissioned some juniper EX4300 switches form row A and B and my plan is to re-use those switches as management switches (msw) for row C and row D before the asw migration. Like we did in row A and B we moved all the msw switches from U 26 to U 46, we are planning on doing the same for row C and D but using the Juniper switches.
Since those are Juniper switches I need just basic configuration on them for now after racking them.

  • Root password
  • mgmt ip

so modify the ZTP cookbook to work also for the msw's. Right in the ZTP provision script we have

PROVISION_ALLOWED_ROLES = ('cloudsw', 'asw')

so the ZTP cookbook just convert cloudsw and asw.

Event Timeline

Papaul created this task.Apr 4 2024, 7:24 PM
Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptApr 4 2024, 7:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Maintenance_bot added a project: SRE.Apr 4 2024, 7:29 PM
ayounsi added a comment.Apr 5 2024, 8:03 AM

We first need to discuss if we want to start using managed switches for management switches (except the aggregation ones).
On the plus side it's convenient to have the extra visibility, but it adds a lots of management overhead to our automation, while I'm not sure we have the resources for that.

cmooney added a comment.Apr 5 2024, 11:11 AM
In T361871#9691816, @ayounsi wrote:

We first need to discuss if we want to start using managed switches for management switches (except the aggregation ones).
On the plus side it's convenient to have the extra visibility, but it adds a lots of management overhead to our automation, while I'm not sure we have the resources for that.

Yeah. There have definitely been times it'd be useful to track a MAC address to a specific port or something, but it's a rarity. The other questions that spring to mind are:

  • Are the row C-D MSW's up for renewal?
    • i.e. do we need to replace them regardless, and the option of the old Junipers is one way to address that?
  • Even if they are, does it make sense to decom them because they are old - and replace with other old boxes?
  • Would we need to continue paying support for the Juniper's if we redeploy as MSWs?

If we did go the Juniper route I guess we could get a very minimal, basic L2 config with all ports enabled and in a default vlan. And perhaps ZTP can reduce further the amount of effort, although our current ZTP setup is hard-coded for QFX5120, so there is effort to uplift that (which we want to do anyway in the longer term) to support multiple models.

But after ZTP we'd still have other manual bits to do right? Monitoring etc? We might also not want to poll and store all that additional data, so we'd potentially need to create an alternate setup for them. Also, while the mgmt network is relatively isolated, we couldn't fully ignore security updates/bugs, so we'd need to still review bugs for the EX4300s and upgrade when needed. We get away with not considering that for the netgear's as they've no IP on them.

Overall it's a relatively big change, and from the netops perspective the benefits seem slight. If there are compelling reasons from a cost perspective or other dc-ops benefits I wouldn't completely rule it out, but we need to justify the effort I think.

Papaul added a comment.Apr 5 2024, 1:10 PM

@ayounsi @cmooney thanks for all the inputs. What I am asking is to use the Juniper old switches as dummies switches(L2 config) . I need no automation or monitoring on those I will like to use those just as the existing switches . I just don't want to manually go in the 15 switches to setup the initial and basic setup that is why i was asking if it is possible to setup ZTP to work also with those switches. If it is too mush work to do, on the ZTP side I can setup manually. Please let me know if you have more questions
Thanks.

ayounsi added a comment.Mon, Apr 8, 9:19 AM

Thanks. What I don't understand is that if they go through ZTP or manual basic setup, they will by definition be managed switches (with root password, IP, etc). I don't think we can have a middle ground where we have only some config.

Papaul added a comment.Mon, Apr 8, 1:16 PM

@ayounsi yes you are right since it will have an IP address it will be managed so I was thinking over it. Disable the mgmt interface just setup the root password on the switch and use it as a L2 switch so we don't have to deal with managing it.

Thanks

Papaul moved this task from Backlog to Racking Tasks on the ops-codfw board.Mon, Apr 8, 8:51 PM
cmooney triaged this task as Low priority.Mon, Apr 15, 2:39 PM

@Papaul yeah I think if we want to go this route we can just set them up the same as we do the netgear or fs.com msw's.

So basically add no config, we don't even need to set the root password on them (we don't for the current ones). It might be worth to review the default configuration, however, see if there is anything in it that we might have problems with. If you are moving ahead with this could you log on to one and just do a show config | display set and we can double-check?

thanks.

Papaul closed this task as Resolved.Tue, Apr 16, 1:02 PM

Since Monday I setup in rack D1 and D2 the juniper switch as management switch and so far no issue. I had to :

  • Setup the root password same as the server management password
  • Disable the management interface
  • Disable the chassis alert for the management interface
  • Setup switch as management switch in Netbox to stop some Librenms and network alerts
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL