Introducing Suzieq

Simplify network operations by improving its observability.

Published on Apr 28, 2020 by Dinesh G Dutt & Justin Pietsch

“Observation, not old age, brings wisdom” - Publilius Syrus

In the time that we have both collectively spent in the industry, one on the vendor side and the other on the operator side, one of the lasting impressions on both of us is the paucity of tools that a network operator or designer has. Dinesh has particularly obsessed over the lack of tools to observe the network in meaningful ways. As the famous Greek writer Publilius Syrus–the man who penned the quote behind the naming of the classic Rock band, Rolling Stones–said, wisdom is acquired through observation, not old age.

And so it is that we’re proud to announce suzieq, a multi-vendor, open source software for network observability. Dinesh has been working on it, off and on, for over 1.5 years, while Justin joined on in 2020. This is an early release, focused on getting out something useful (and with hopefully limited embarrassing bugs). Release often, release early is a a goal we’re striving for. Continuous Improvement/Continuous Development, if you’ll pardon the pun.

If you’re a network operator who’d like simple ways to answer trivial questions such as how many unique prefixes there are in the routing tables across your entire network, or how many BGP sessions are there in your network, or more difficult ones such as how did the routing table change between 10.30 pm and midnight on Friday night, or which interface links flap the most, then Suzieq is a tool you ought to look at. If you wish you didn’t have to log into every box to piece together some information, or worry about the myriad ways the same information is presented by different vendors, then Suzieq is a tool you might find interesting. If you’re a network designer wondering about the hidden bottlenecks in your network, then Suzieq is a tool that can help answer those questions (though not in this release).

Another example from real life comes from the interviews Justin’s conducted over his years with AWS. An oft-asked question in those interviews was “OSPF cannot establish neighbor state between two routers, what would you do to check that?”. Suzieq has a command called ‘ospf assert’ which runs several checks to make sure that you have sanity in your ospf network. Modern software programmers have at hand myriad high quality libraries that help them focus on the main task instead of worrying about coding the quicksort algorithm right. In a similar fashion, Suzieq aims to take the sting out of verifying that the various OSPF peering requirements are met across interface after interface in your entire network. Because Suzieq gathers data from all your devices you can ask questions that require distributed knowledge, such as MTU checks and OSPF peering requirements.

Suzieq is both a framework and an application using that framework, that is focused on improving the observability of your network. We define observability as the property of a system to answer either trivial or complex questions about itself. How easily you can find answers to your questions is a measure of how good the system’s observability is.

Suzieq is built on what we think is a fairly novel architecture. Suzieq has been designed to not care about how you get your data, how you how store your data, or how you ask the questions ask. Suzieq is thus a disaggregated data gathering, storage and analysis framework and application. Suzieq uses a construct from modern data analysis tools, the Dataframe, which is essentially heterogeneous data gathered together in a tabular form. Modern data analysis tools such as Pandas provide the glue that stitches together the disparate data to help you answer your questions.

As an application we wanted to ship, we have had to pick how we initially collect data (SSH or REST), store data and answer the questions we ask (and the questions you can ask). But the framework provides the bulwark against which the shifting landscape of tools, transport and store can all plugin seamlessly.

Suzieq consists of two main pieces of software: an agentless, pull-based poller that gathers data from various network devices and servers, and an analysis engine that helps make sense of the data thus gathered. We’ve chosen the Big Data columnar file format, Parquet, as the data store. We’ll discuss about each of these pieces including the user experience in greater detail in subsequent blog posts.

Suzieq currently supports Cumulus Linux and Arista EOS network devices and Linux servers, because those are the platforms that we have access to (thanks to their availability as Vagrant boxes). We currently gather and analyze data about devices, interfaces, VLANs, MLAG, Routing and MAC Table support, OSPFv2, BGP, and EVPN.

We have docs at ​README.md, and an introduction to some of the things Suzieq can do.

We want to build a community around Suzieq and other open source software to help design, build, and operate networks. We feel that there is a giant need in this space to build much better tools for network engineers. We’d love your help. Here are some ways that you can help:

  • Download Suzieq (the demo or the entire code), read our docs, and try it out. Then start a discussion on how you’d like to see it go further via the googlegroups or file issues
  • Help us think about structure for documentation. You could even start writing docs for us
  • If you want to add more features or more devices, download the code and start hacking away. We don’t have great instructions or tools on how to add new devices, but if we get interest we’ll add support.

Why the name Suzieq you ask? Rock ‘n Roll runs through the veins of at least one of us, if not both. As Dinesh pondered on what useful open source software he could write, he was listening to CCR’s classic, Suzieq. The lines “say that you’ll be true, Well, say that you’ll be true and never leave me blue, Suzieq” made him think of a network operator searching for a tool that’d help him demystify the network she operates (yes, he’s not very romantic that way).

Networks and network protocols are complex and are hard to understand. With the advent of open networking and disaggregating hardware from software, the first blows were struck against vendor-driven solutions to helping with these complex problems. With the availability of multi-vendor, open source tools such as Ansible, Prometheus, ELK and now hopefully Suzieq, comes the promise of a better way to build and operate networks.