TEX in industry IItex.world/drawings.pdfTEX in industry II Designing and drawing network...

TEX in industry II

Designing and drawing network architectures

Stefan Kottwitz

Oxford, October 15, 2016

Lufthansa Industry Solutions

Table of contents

1. The challenge

2. Our toolset

3. Getting drawings done

4. Summary

1

The challenge

Scope of work

Remember the complexity of networks from the last talk.

• Thousands of devices

• Hundreds of logical subnets

• Routed, secured, interfacing

2

Scope of work

All these ships need their drawings. . .

Drawing each manually with Visio?

Or program \ship with TEX? TikZ!

3

Our toolset

About TikZ

• Graphics package for drawing natively with TEX

• Extremely capable

• Very readable programming language

• Excellent documentation

See:

• https://sourceforge.net/projects/pgf/

• http://texample.net

4

https://sourceforge.net/projects/pgf/

http://texample.net

All in TikZ?

Drawing device symbols in TikZ:

R1 R2

R3

eth0 eth0100 Mbps

S0

S1

115200bpsS0

S0

64000bps

Much effort needed to get a comprehensive shape library.

5

Importing shapes

Manufacturers often already provide

• Visio stencils

• Powerpoint cliparts

• Postscript images

for a lot of devices.

• Convert (ps2pdf, ghostscript)

• Use as small pdf images via \includegraphics• Define a named style for each image

6

Samples of imported shapes

Nexus 5kLayer 3 Core

Nexus 5kLayer 2 Aggregation

Nexus 2kFabrix extender

Catalyst 3650Layer 2 Access switch

Palo Alto 3020Firewall

ISR 4451WAN router

Server (virtual)

1

7

Getting drawings done

Back to work. . .

8

Building and testing

9

Objective

To setup, for testing, and for explaining to customers, we need drawings

of

• Physical connections (cabling)

• Logical network structure

• Routing information

• Firewall security concept

• Architecture of systems: Telephony, WiFi, CCTV, . . .

10

Using calculated IP addresses for easy address space changes

Core Corp

Vendors

DMZ

SecCorp

VLAN 90010.10.207.1 10.10.207.6

VLAN 910: 10.10.207.86VLAN 911: 10.10.207.94

VLAN 901

10.10.207.9

10.10.207.14

VLAN 902

10.10.207.17

10.10.207.22

VLAN 903

10.10.207.25

10.10.207.30

VoIP CCTV TechOps Entertainment Broadcast

VLAN1900

10.12.255.6

10.12.255.1

VLAN

190110.1

2.25

5.14

10.12.255.9

VLA

N19

0210

.12.

255.

22

10.12.255.17

VLAN1903

10.12.255.30

10.12.255.25

VLAN1904

10.12.255.38

10.12.255.33

GuestVLAN 40410.14.129.200 10.14.129.254

IPTV

VLAN 590

10.12.135.6

10.12.135.1

iCafe pax

VLAN 450

10.24.131.6

10.24.131.1

iCafe VIP

VLAN45510.24.131.46

10.24.131.41

iCafe crew

VLAN

45110

.24.

131.

14

10.24.131.9

WAN

WAN

VLAN 2901

VLANs 910, 911

VLAN 2901

VLAN 2901VLAN 2901

149.193.182.250

149.193.182.249

149.193.182.251

VLAN 2901VLANs

910, 911

1

11

To be repeated for several ships with predictable IP addresses

Identity Service Engine10.10.199.81

Prime Infrastructure10.10.199.83

Identity Service Engine10.10.199.82

10.10.198.2 10.10.198.3

10.10.199.51 10.10.199.52 10.10.199.53 10.10.199.5410.10.199.1

10.10.199.2

10.10.199.3

10.10.199.4

10.10.199.5

...

10.10.199.19

HSRP: 10.10.198.1

10.10.199.79 10.10.199.80

HA cluster10.10.199.75

10.10.199.76 10.10.199.77

Perimeter switch10.10.199.61

mgt

Perimeter switch10.10.199.62

mgt

Riverbed10.10.199.75

mgt

Riverbed10.10.199.76

mgt

Perimeter router10.10.199.65

mgt

Perimeter router10.10.199.66

mgt

1

12

Define styles

\tikzset{%

image/.style 2 args = {path picture = {% image node

\node at (path picture bounding box.center) {

\includegraphics[width =#1cm] {#2}};}} ,

Switch /.style = { image = {2.4}{ nexus7k },% pdf

minimum width = 2cm,

inner ysep = 1.5cm },

Link/.style = { color=green !60! black , thick },

label/.style = { rounded corners = 8pt, fill=blue},

channel /.style = { white , double = black ,

line width = 1.2pt,

double distance = 0.8pt },

basearc /.style = { start angle = 90, double ,

delta angle = 180},

...

}

13

Use styles

\path (corelevel -left) edge [draw=none]

node[Switch , pos=0.5- \distcore] (Core1) {}

node[Switch , pos =0.5+ \distcore , mirror] (Core2) {}

(corelevel -right);

\draw [channel] (Core1) -- (Core2);

\coordinate (middle) at ($( Core1) !0.5!( Core2)$);

\drawArc{middle }{ \loopwidth }{ \loopheight}

14

Using styles

1/47-48 1/47-48

2/47-48 2/47-48

1-2/46 1-2/46

1-2/45 1-2/45

1/47 1/48 1/47 1/48 1/47 1/48 1/47 1/48

1/43

1/43

1/44

1/442/43

2/43

2/44

2/44

Core Nexus 7k Core Nexus 7k

Aggregation-Switch Nexus 5k Aggregation-Switch Nexus 5k Aggregation-Switch Nexus 5k Aggregation-Switch Nexus 5k

Rack-Switches Nexus 2k Rack-Switches Nexus 2k Rack-Switches Nexus 2k Rack-Switches Nexus 2k

1

Using node styles, and \foreach or multi-part nodes.

15

Easily change image style

vPC keepalive

Peer

Layer3

Peer Peer

vPC keepalive vPC keepalive

Core Nexus 5k L3 Core Nexus 5k L3

Aggregation-Switch Nexus 5k L2 Aggregation-Switch Nexus 5k L2 Aggregation-Switch Nexus 5k L2 Aggregation-Switch Nexus 5k L2

Fabric Extenders Nexus 2k

Servers and Storage Servers and Storage

1

Using \foreach loops for so many nodes and edges.

16

Use loops

Sample loops of previous drawings:

\foreach \agg/\device in {1/ FEXmirror ,2/ FEXmirror ,

3/FEX ,4/FEX} {

\foreach \fex in {1,..., \FEXcount} {

\coordinate [below=\distaggfex+\fex*\distfex]

(FEX \agg \fex) at (Agg \agg);

\path node [\device] at (FEX \agg \fex) {};

}

}

\foreach \aggregation in {1,...,4} {

\foreach \core/\port in {1/47 ,2/48} {

\node [AggLabel] at (Agg \aggregation Core \core)

{1/ \port};

}

}

17

The same base drawing with different label content

4x10G channel 4x10G channel

1G vPC keepalive (mgnt port)

4x10G Peer

2x10G Layer3

1x40G Quad SFP Peer 1x40G Quad SFP Peer

1G vPC keepalive (mgnt port) 1G vPC keepalive (mgnt port)

48x10G SFP+ ports6 Quad SFP ports






4x10G FET Uplinks

Each set of 4 rack switches:3 pcs 32x10G CAT1 pcs 48x10G CAT

Each server blade and storage2x10G Uplinks

Each server blade and storage2x10G Uplinks

2x10G

IDF

2x10G

IDF...

118

This one begs for macros in a TikZ matrix

DK9

DK7

DK6

DK5

DK4

FZ1 FZ2 FZ3 FZ4 FZ5

1 21

11/1

2/1/4

1/1

1/1/4

IC/106RK10.10.199.1

CSTX-FZ1D6-ACC-SW01

1 22

11/2

2/1/4

1/2

1/1/4

IC/205RKC10.10.199.2

CSTX-FZ2D5-ACC-SW01

1 23

11/3

2/1/4

1/3

1/1/4

IC/206RK10.10.199.3

CSTX-FZ2D6-ACC-SW01

1 26

11/6

2/1/4

1/6

1/1/4

IC/305RK10.10.199.6

1 27

11/7

2/1/4

1/7

1/1/4

IC/305RK10.10.199.7

CSTX-FZ3D5-ACC-SW01 /02

1 28

11/8

2/1/4

1/8

1/1/4

IC/307RK10.10.199.8

CSTX-FZ3D7-ACC-SW01

1 210

11/10

2/1/4

1/10

1/1/4

IC/404RK10.10.199.10

1 211

11/11

2/1/4

1/11

1/1/4

IC/404RK10.10.199.11

CSTX-FZ4D4-ACC-SW01/02

1 212

11/12

2/1/4

1/12

1/1/4

IC/406RK10.10.199.12

1 213

11/13

2/1/4

1/13

1/1/4

IC/406RK10.10.199.13


1 214

11/14

2/1/4

1/14

1/1/4

IC/409RK10.10.199.14

1 215

11/15

2/1/4

1/15

1/1/4

IC/409RK10.10.199.15


1 216

11/16

2/1/4

1/16

1/1/4

IC/504RKA10.10.199.16

1 217

11/17

2/1/4

1/17

1/1/4

IC/504RKB10.10.199.17


1

19

Sample sub system (VoIP) based on earlier drawings

black

Core IPs:10.10.210.1 (WiFi)10.10.221.1 (Server)

10.14.<IDF No.>.1 (Phones)10.14.127.1 (Watertight Phones)

VLANs 12, 18, 1802, 2101-2134, 2199 VLANs 12, 18, 1802, 2101-2134, 2199

VLANs 18, 1802 VLANs 18, 1802 VLANs 18, 1802 VLANs 18, 1802

black

VLAN id Description IP subnet12 VoIP WiFi 10.10.210.0/2318 VoIP server 10.10.221.0/26

2101 VoIP clients IDF 1 10.14.64.0/242102 VoIP clients IDF 2 10.14.65.0/24

......

...2119 VoIP clients IDF 34 10.14.82.0/242199 Watertight phones 10.14.127.0/24

180221012199

IDF

180221022199

IDF

180221032199

IDF...

M

10.10.221.11M

10.10.221.12M

10.10.221.13

LCCI

10.10.221.14

LPAS

10.10.221.15

VIP

ATA

WLAN

53

21022102

Watertight

2199

VoIP WiFi VLAN 5310.10.210.5

10.10.221.20

63

10.10.221.21

63

1

20

Using the fit library

Core IPs:10.10.210.1 (WiFi)10.10.221.1 (Server)

10.14.<IDF No.>.1 (Phones)10.14.127.1 (Watertight Phones)

M

10.10.221.11M

10.10.221.12M

10.10.221.13

Callmanager

10.10.221.20 10.10.221.21

Voicerouter

LCCI

10.10.221.14

LPAS

10.10.221.15

VoIP Server VLAN 1810.10.221.0/26

WLAN

. . .

VoIP WiFi VLAN 1210.10.210.0/23

V

IP

Voice client VLANs 2101,. . . ,2119,219910.14.64.0/24,. . . , 10.14.82.0/24, 10.14.127.0/24

1

21

Another setup

Gi 0/0 Gi 0/030

06Gi 0/1

3006

Gi 0/1

Corp VSS4500-X

Firewall

Core 3850

iCafe router

Internet & Corp HQ

WAN 1 WAN 2

3005

Eth 12Eth 12

Gi 0/0/3

3005

Gi 0/0/3

MTN

LTE1 LTE2

3005Gi 0/0/0 Gi 0/0/0

Distribution 2Distribution 1 Distribution 3

Po11

Te 1/1/4Te 2/1/4

Po12

Te 1/1/4Te 2/1/4

Te 1/1/4Te 2/1/4

Po13

Te 1/1/1Te 2/1/1

/2/2

Te 1/1/3Te 2/1/3

Te 1/0/11Te 2/0/12

Te 1/0/12Te 2/0/12

Te 1/1/15Te 2/1/15

Te 1/1/16Te 2/1/16

Eth 1Eth 2

Eth 1Eth 2

Eth 3Eth 4

Eth 3Eth 4

Po1

Po2

Po41

Po42

AccessAccess Access

Po4

Te 1/1/10

Te 2/1/10

1

22

Added routing information

3006

10.X.254.25

10.X.254.26

3006

10.X.254.25

10.X.254.26

Corp VSS 4500-X

FirewallPalo Alto

Core 3850

iCafe virtual Router10.13.X.X

iCafe Server VM

3004

10.X.254.14

10.X.254.13

3001 10.X.254.210.X.254.1300210.X.254.6 10.X.254.5

3003

10.X.254.10

10.X.254.9

4001, 4002, 4003

20022004

10.X.2.110.X.4.1

Internet & Corp HQ

WAN 1 WAN 2

3005 3005

192.168.X.XRIP

LTE 1 LTE 2

10.X.254.19 10.X.254.20

192.168.X.X 192.168.X.X

3005HSRP

10.X.254.18

10.X.254.17

2000: 10.X.0.12001: 10.X.1.1

998: X.X.X.12016: 10.X.16.12017: 10.X.17.1· · · · · ·

2044: 10.X.44.1

4001: 10.13.7.254/214002: 10.13.16.254/244003: 10.13.15.254/21 10.X.16.1210.X.16.11 10.X.16.13

Distributionswitches

10.X.17.21-251

Accessswitches

10.X.16-127.0 via 3001:10.X.254.2

0.0.

0.0/

00.

0.0.

0/0

sourcecorp

10.X

.0.0

/16

10.X.0.0/23 via 3002:10.X.254.6

0.0.0.0/0 via 3002:10.X.254.5 0.0.0.0/0 via 3001:10.X.254.1

0.0.

0.0/

0

policy basedsource non-corp

0.0.

0.0/

0

policy basedsource non-corp

1

23

Again fitting, with color, and colored edges

Corp-VSS 4500-X

Telephone system

Telephone system

Corporate clients

Corporateclients

inout

Corp Routing

Corp Switchports

Core Routing

Firewall

Distribution Switch

Trunk

2002 2004 2016 2017 2018 2019 2020

2024

WiFi

iCafe Server

Policy based routing:source VLAN 2024 destination Internet to iCafe

Core 3850

Internet

WAN 1 WAN 2

SAT LTE LTE SAT

1

24

Providing the Visio “source”

Boss: “Gimme the Visio source file for modifying!”

Hm. Export and import options limited by Microsoft Visio - via

• PDF, PS, DVI: not supported (can MS ever import PDF?)

• DWG: bad shapes

• SVG: dvisvgm driver, Inkscape: browsers show it fine, Visio fails

(blacked nodes, rotated nodes)

• WMF: best result, fine and scalable, but single object - via Inkscape

Boss satisfied, TEX not doubted.

25

Summary

Tips for drawing efficiently

• Use styles

• Inheritance: let styles base on other styles

• Define and use macros

• Define and use constants

• Give names to everything for referring

• Use relative positioning

• Use loops for repeated things

• Let TikZ calculate for you (intersections, fitting)

If all is done with macros, relative positioning, calculations even for

content (IP addresses), whole sets of drawings can be adjusted and

re-used for various projects.

26

Thank you!

26

TEX in industry IItex.world/drawings.pdfTEX in industry II Designing and drawing network...

Documents

Transcript of TEX in industry IItex.world/drawings.pdfTEX in industry II Designing and drawing network...