In this lesson, you will learn:
- The basics of Suzieq?
- Some of the key use cases that Suzieq can be used for.
- About the terms monitoring, telemetry and observability.
- Suzieq’s main features.
What is Suzieq?
Suzieq is an open-source multi-vendor network observability tool that allows you to analyze your network via a set of vendor-agnostic queries and methods.
Or, in other words (as per suzieq.readthedocs.io):
Suzieq is the first open source, multi-vendor network observability platform application. It is both a framework and an application using that framework, that is focused on improving your understanding of your network. We define observability as the ability of a system to answer either trivial or complex questions that you pose as you go about operating your network.
For example, Suzieq allows you to ask questions such as:
- What was the state of an interface 3 hours ago?
- What were all the changes made to a VLAN between now and 12am yesterday?
- What version (example below via the CLI) of software are our devices running?
- Is OSPF correctly running within the network?
root> device show columns="hostname model version vendor" hostname model version vendor 0 leaf3-qfx vqfx-10000 18.1R3-S2.5 Juniper 1 leaf4-qfx vqfx-10000 18.1R3-S2.5 Juniper 2 leaf5-eos vEOS 4.23.8M Arista 3 leaf6-eos vEOS 4.23.8M Arista 4 spine1-nxos Nexus9000 C9300v Chassis 9.3(7a) Cisco 5 spine2-nxos Nexus9000 C9300v Chassis 9.3(7a) Cisco
Therefore, Suzieq is perfect for things such as:
- Validating the network pre and post an NOS upgrade.
- Troubleshooting issues centrally without having to log in to each device individually.
- Understanding what is running or configured in the network such as versions, IP addresses, etc. Useful for configuration compliance auditing.
How Suzieq Works - High Level
Suzieq works (diagram shown below) by polling your network data given a time interval. The data is then normalized and stored within a database. We can then interact with this data using either the Python library, CLI, REST-based API or UI.
Monitoring vs Telemetry vs Observability
You may be thinking: this all sounds great, but what does this new term observability mean?
We have telemetry, monitoring and now observability!
Personally I don't feel it's worth spending too many cycles on the whats and whys to each term, but instead we should gain an overall understanding of them before we move on.
Monitoring is the process by which a system continuously checks the progress or quality of (something) over a period of time. In the world of networking, monitoring is used to determine failures, issues or deficiencies within the service degradation.
Telemetry is a term that is derived from the Greek roots of: tele = remote, and metron = measure. It defines the process of gathering data from multiple devices for which monitoring can then be applied.
Observability provides the basis for monitoring new variables or resources within your system. It is a way for an operator to understand what’s going on in a system by examining the outputs provided by the system. To think of it another way:
Observability requires that you not have to predefine the questions you will need to ask, or optimize those questions in advance… Observability requires interactivity, open-ended exploration.
Let’s dive into the various Suzieq features.
Time-based analysis support allows you to see the state of the network at a previous point in time or see the changes that have occurred between 2 points in time.
Suzieq provides support for multiple vendor types, such as:
- Arista EOS
- Cisco IOS
- Cisco IOS XE
- Cisco IOS XR
- Cisco NX-OS
- Cumulus Linux
- Juniper JunOS
Rather than having to perform multiple checks for a given service yourself (for example checking the MTU, area IDs, timer values etc to validate OSPF is correctly working in the network), Suzieq lets you perform assertions for a given service - it then performs a number of checks and returns a simple pass or fail based response.
Suzieq performs various summarizations, such as calculating the total number of routes with the network or the total number of down interfaces. These summarization values can then be directly used within your queries, reducing the amount of queries and code you need to write.
Suzieq allows you to analyze your network in a vendor-agnostic way, regardless of the underlying vendor or device type being used. Not only this but a great characteristic of Suzieq is that the data collected is stored in a common data structure and returned fully normalized.
"The Many Uses of Network Observability | by dinesh dutt - Medium." 24 Sept. 2020, https://medium.com/the-elegant-network/the-many-uses-of-network-observability-e1fc1d709b00. Accessed 17 Aug. 2021. ↩︎