Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
NETDEVOPS
NETWORK AUTOMATION AND PROGRAMMABILITY OF CLOUD HOSTED VIRTUAL APPLIANCES
FOUNDING SOFTWARE ARCHITECT
DEVBOKS
TONI YANNICK KALOMBO
AUTOMATION
WHAT IS NETWORK AUTOMATION
Basic network mapping Device discovery Network configuration management Provisioning of virtual network resources
Software Defined Networking Network Function virtualisation Network orchestration Automated provisioning of network tenants and functions
Improves efficiency Reduces human error Essential in Hyperscale data centres
The use of Software to automatically configure, provision, manage and test network devices
“TO ERR IS HUMAN, TO PROPAGATE ERRORS MASSIVELY AT A SCALE IS
AUTOMATION”
VIRTUAL APPLIANCE
WHAT IS A VIRTUAL APPLIANCE
Pre-configured software that is installed on a Virtual Machine and packaged into an image ready to run on a hypervisor
• Allows for network elements to be virtualised • Can be deployed on white box X86 bare metal • Migration of network functions into the cloud • Automation of netdevops activities • Auto scaling of network functions • Pay-as-You-Grow Licensing • Rapid service enablement • Easy way to test and use vendor appliances without
buying the whole box
BENEFITS
CONTAINERS
WHAT IS DOCKERDocker is a technology that makes it easy to create, deploy, and run applications as images and ship them as containers
• An abstraction at the app layer that packages code and dependencies together
• Multiple containers can run on the same machine and share the OS kernel with other containers
• Each container runs as isolated process in user space • Container images are light weight (typically tens of MBs) • Can handle more applications and require fewer VMs
and Operating systems
CONTAINERS
CSR 1000vCOMMON NETWORK VIRTUAL APPLIANCES Virtual-form-factor router that delivers comprehensive WAN gateway and network services functions into virtual and cloud environments. • Cisco IOS XE Software networking capabilities • Supports VMware ESXi, Citrix XenServer, Hyper-V, KVM • Public Clouds: AWS EC2, Azure cloud, or Google Cloud
Platform, Openstack • Virtualized equivalent of Cisco ASR 1000 Series
CISCO® CLOUD SERVICES ROUTER 1000V (CSR 1000V)
Cisco CSR 1000v positioned as a WAN Gateway in a Multitenant Cloud
CSR 1000v can be used as a router whereby each tenant gets its own routing instance and hence its own VPN connections, firewall policies, QoS rules, access control, etc…
JUNOS vMX
• Virtual Control Plane (VCP), Junos OS hosted on VM
• Virtual Forwarding Plane (VFP), runs packet forwarding engine. DPDK and SRIOV to enhance forwarding performance
• vMX is a virtualised equivalent of MX series
ARCHITECTURE
The vMX Virtual Router
available as licensed software for deployment on x86-based servers, Amazon Web Services (AWS), AWS GovCloud, and Microsoft Azure supports a broad range of broadband, cloud, cable, mobile, and enterprise applications
• Virtual route reflection • Virtual broadband network gateway (BNG)
capabilities • L2TP network server/Layer 2 Tunneling Protocol
(LNS/L2TP) • Point-to-Point Protocol over Ethernet (PPPoE) • Dynamic Host Configuration Protocol (DHCPv4/
DHCPv6) • Pseudowire Headend Termination (PWHT) support • Static and dynamic (RADIUS) subscriber interface
support.
KEY FEATURES
COMMON NETWORK VIRTUAL APPLIANCES
MIKROTIK ROUTEROS
Mikrotik Cloud Hosted Router (CHR)Virtual Appliance based on Linux Kernel, features include routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more CHR Uses RouterOS firewall which supports Layer7 filtering, dynamic address lists and more; VPN service or monitoring network infrastructure using The Dude! Deploy HTTP proxy with domain name filtering, centralized RADIUS server for AAA DNS cache and/or static DNS for a local network. Expand local network using BCP bridging of tunnels
• Virtual route The Dude server for monitoring network infrastructure, CAPsMAN server for rapid deployment of wireless networks.
• CHR supports IPsec, PPTP, SSTP, L2TP, EoIP, IPIP, OpenVPN, GRE, 6to4 and VPLS/MPLS tunnels.
• CHR can even be used for BGP peering, RIP route distribution and as an OSPF node in network.
KEY FEATURES
COMMON NETWORK VIRTUAL APPLIANCES
CLOUDCLOUD PLATFORMSWhat is Cloud
Global network of remote servers that operates as a single ecosystem, commonly associated with the Internet.
Cloud servers are designed to either store and manage data, run applications, or deliver content or a service.
Redundancy, low latency, reliability and high availability
AWS Google Cloud Platform Microsoft Azure Openstack
CLOUD PLATFORMS
KEY BENEFITS
Low cost of ownership Rapid deployment Security Scalability Service Quality Reliability Efficiency Automation
USE CASESVIRTUAL NETWORK APPLIANCE USE CASES
Secure VPN Gateway, offering route-based IPSec VPNs, along with a Zone-based Firewall and access control, enabling an enterprise to securely connect distributed sites directly to its cloud deployment.
WAN Gateway, ie. an MPLS Customer Edge (CE) or Provider Edge (PE) router that enables end-to-end managed connectivity with performance guarantees and increased scale
DC Interconnect/Extension: LISP and VxLAN that enable an enterprise to maintain addressing consistency across premise and cloud as it moves applications back and forth or bursts compute capacity into the cloud
Network Control Point, Application Visibility and Control (AVC) and IP SLA support for monitoring network and application performance. Measure performance, latency and packet loss end-to-end from the Enterprise Data Center to the Public Cloud
NetDevOps
NETDEVOPS
Continuous Integration Merging of development work with code base constantly so that automated testing can catch problems early
Continuous Integration
CI-CD PIPELINECI-CD PIPELINE
Software package delivery mechanism for releasing code to staging for review and inspection
Continuous Delivery
Relies on CI and CD to automatically release code into production as soon as it is ready. Constant flow of new features into production
Continuous Deployment
Consider your network configs as Code and
treat it as such
TOOL BOX
TYPICAL TOOL BOX CI-CD PIPELINE
ENVIRONMENT
TYPICAL ENVIRONMENT
VAGRANTVAGRANTFILE
ANSIBLENETWORK AUTOMATION WITH ANSIBLE
What is Ansible
Agentless (SSH-based) open source automation tool that comes with network automation features
• Config management • App deployment • Provisioning • Continuous delivery • Security and compliance • Orchestration
WHAT CAN ANSIBLE DO
PLAYBOOKCSR1000V AWS PLAYBOOK
PLAYBOOKCSR1000V AWS PLAYBOOK
DEMODEMO TIME
http://gitlab.devboks.com/academy/ansible-engine
PROJECT
FOR FURTHER DEVELOPMENT
• API’s to provision customer services based on pre-defined configs
• Translate product catalogue into pre-defined service templates
• Expose Service templates as Rest API’s for consumption by applications - Zero touch provisioning enablement
• Each API is considered a microservice. Each micro service is a docker image
Service Provisioning
• Ansible Networking Modules • Ansible Tower for config
management and versioning • Ansible Hosts: For device
grouping: i.e. Regions, Vendor, Purpose
• Config Automation • User Access Policy
management
Device Management
• CI-CD Pipeline to manage version controls of Configs
• CI-CD Pipeline to push configs to devices.
• Rollback Capability • Test Driven Development
Ensures code (config) quality before deployment
Version Control
THANK YOU Merci
TONI YANNICK KALOMBO
Mobile: +27 83 200 2115
HTTP://GITLAB.DEVBOKS.COM/ACADEMY/ANSIBLE-ENGINE