Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Automated Provisioning/Orchestration for vendor agnostic networks Kapil Agrawal, Network Engineer
Agenda • Elements of provisioning devices on a network
• Manual vs Automated
• Orchestrating a provisioning workflow with Ansible• Current workflow at NCSA
• Quick Demo
• Vendor neutral ZTP• progress, challenges and possible solutions
• Questions
Manual provisioning process• Baseline config
• per device platform • per device role (L2/L3 or both etc.)
• Add device(s) to various network management systems• Inventory• IPAM• Config backup tool (Rancid/Oxidized etc.)• Monitoring systems etc.
• Perform a software upgrade (optional)• Standard/blessed code version
Auto Provisioning Elements1. Define network infrastructure as code
- YAML based network data modeling- Base config in YAML (key : value pairs)
2. Templating- Jinja2 based config templates- per platform (Juniper, Arista etc..)
3. Automation tool (Ansible)- Playbook- gather facts- conditionals- tasks
YAML based data modeling • Identify and define common config bits
• User accounts • Loopback filters• Prefix lists• ACL’s• SNMP, Radius, Syslog, NTP etc..
• YAML defines everything in KEY : VALUE pairs
• Common across ALL your devices on the network!• Independent of the Platform/Vendor
Sample YAML’ized base config
Jinja2 templating • Contains variables and other text
• Common config elements and some CLI based syntax
• Variables are replaced by the values • Values assigned from the YAML file.
• Values are passed when the template is rendered
• Jinja2 resembles Python!
Sample Jinja2 template
WORKFLOW
Vendor neutral Zero Touch Provisioning (ZTP)• Bootstrapping config is still very much manual right now!
• Add a mgmt. IP address to the device• Enable SSH service• Add a route to talk to Ansible• Add root-auth password (Juniper)
• Challenges with bootstrapping over DHCP• Different vendors use different DHCP options!
• No common ground!
• Alternative methods : • Aeon-ZTPS by Apstra (No support for Juniper!)• Pyserial – Limited success with limited testing
• Screen scraping over console (Ew!)
• Any other known/proposed solution?
Resources/contact
https://github.com/netops2devops/auto-provisioning-techx2019
kagraw [at] ncsa.illinois.edu
https://www.linkedin.com/in/k4pil/
@netops2devops
QUESTIONS ?
THANK YOU 🙏