building your own SDN with linux/saltstack/python - Maximilian Wilhelm

Tags: pycon, python

(One of my summaries of a talk at the 2017 conference).

SDN? Software defined networking. You can just give a lot of money to cisco, right? Well, such money isn’t always available. And it doesn’t always do what we want.

They needed an SDN for a city-wide point-to-point wifi network between various buildings in Paderborn.

Recently he installed a new linux and typed in ifconfig, route, arp? It isn’t there anymore. iproute2 is now the swiss army knife for networkers.

VXLAN, VRF, MPLS, VLAN-aware bridges, IPsec, OpenVPN: linux has it all build-in. You can use it.

Network configuration? It used to be ifupdown, but that is not easily automated. You can change the config file, but reloading is not possible… Restarting the network disrupts the connections…

So there’s now ifupdown2 written in python. You can extend it. Batteries included: dependency resolution, ifreload, VRFs, VXLAN, VLAN-aware bridges. And: they’re open for ideas. You can send pull requests.

For their network, they needed a routing solution. There are many open source implementations you can use. One of them, ExaBGP, is even written in Python. They used bird for OSPF.

Configuring it all? Salt stack. Continuous management. Extensible. Salt stack works on basis of “states”. You tell it the state something should have, usually in a YAML format. Salt stack then makes sure the state on the server matches.

(You can find everything at

State is one thing, you also need to know how much how often where. Pillar is used for that. Pillar outputs its data via jinja2 templates. He had to write a regex extension to jinja2 for it.

Now the SDN. He made a library for salt stack to set up everything. Pillar is the “central point of truth”, everything is extracted from there. The library generates the config file that is used by the servers.

He then showed some pictures of their hardware.

Photo explanation: picture from our recent cycling holiday (NL+DE). Small stream near Renkum (NL). logo

About me

My name is Reinout van Rees and I work a lot with Python (programming language) and Django (website framework). I live in The Netherlands and I'm happily married to Annie van Rees-Kooiman.

Weblog feeds

Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):