#ArubaAirheads

Network Automation Guest-Starring AnsibleJoe Neville

Sept 19

2#ArubaAirheads

AgendaNetwork Automation – Why, How etc

Ansible for Network Automation

Ansible Demo

3@ArubaEMEA | #ATM19EMEA

Network Automation

Why, How etcQuick Show of Hands 👋

Network Automation

Why, How etc

5#ArubaAirheads

Network Automation : WhyAKA Why we need to move on from just CLI

More devices

• IoT• Larger network estates

Business Agility

• IT central to business transformation• Yet networking yet to evolve

Increase Reliability

• Drive lower costs• Quicker deployments

Typos = 🥀

Lower Cost! 💸

6#ArubaAirheads

Genuine Interest

In the boardroom

7#ArubaAirheads

Genuine Interest

Amongst Networkers

Ok some is just marketing and ‘coding is cool’

8#ArubaAirheads

No Surprises

“Network Automation is nothing new”

9#ArubaAirheads

No Surprises

• True and that’s good.

• PERL/Expect > Python/Go

• Not just rebadging ideas from cooler software folk.

10#ArubaAirheads

Networks be Automating

No surprise that we want to automate. Networking has been automating Day One for years

ZTPZero-Touch Provisioning automate

initial provisioning on boot

SLAACGlobally routable address generation

‘baked in’

DHCPAutomated address allocation

11#ArubaAirheads

What Went Wrong?

Network Automation is Network Management.Failure to automate is a network mgmt failure.

• Lack of adoption for SNMP Write• Cost of writing SNMP Agent vs CLI• Vendor doing their own thing

• Lack of interest for NETCONF (?)

12#ArubaAirheads

Network Automation is HARD

Real-time traffic

ConfigEasy

Dynamic State

Hard

Needs Networking experience

Config:• Interface up• VLAN 199 configured

Dynamic State• Is the int up (line

protocol)?• ARP cache• Routing table

Real-time trafficIs TCP / UDP flowing?

13#ArubaAirheads

The Gartner Hype Cycle

By Jeremykemp at English Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=10547051

14#ArubaAirheads

The Gartner Hype Cycle

By Jeremykemp at English Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=10547051

Coding is HARD!

• 100 Days of Code – Abandoned after 3 days• The Expert Beginner• Stuck in the labyrinth of ‘Getting Started’

15#ArubaAirheads

Network Automation is HardCommon Automation Story

• One or two engineers are interested.• Go to bootcamps / code academy.• Very excited to start.

16#ArubaAirheads

Common Automation Story

• Piece together some scripts, ansible playbooks.• Mix of Python, ansible, YAML• Add a front-end (flask, django).• ”See how easy it is!”

Caution! This is a team sport.

17#ArubaAirheads

• Then someone goes on holiday

• Or pulls a sickie• Or the on-call engineer runs

the wrong script

And….

Cue automation horror stories

Failure at scale!

18#ArubaAirheads

Automation is Not Just the Network

Automation

Change Management

Monitoring Ticketing

PEOPLE

19#ArubaAirheads

Change the Networking Skillset

• Education is key• Expand the Networking skill set

Linux Python Git

NetOps 2020 Tool Kit

Fundamentals

CI/CD ToolchainsCloud

IPv6

20#ArubaAirheads

Breaking this down 🔎

21#ArubaAirheads

Network Automation – Three Methods

Aruba Product

• Automation Built-in:AOS8, ClearPass Roles

• Automation Tools:Netedit, Airwave

Do-It-Yourself

• Python, Go scripting• Custom ansible

modules

Third-Party Tools

• Core ansible• Salt• NMS systems

22#ArubaAirheads

Focus On Ansible

23#ArubaAirheads

Ansible

• Open Source Project written by Michael De Haan

• Now run by Red Hat• Started as Configuration Mgmt for Linux Servers• Modular – expanding way beyond initial scope• Supports Windows, containers, cloud….and

networks.

24#ArubaAirheads

Ansible

Agentless No installs on remote hosts

Open Source Hosted on github

Cross-platform support Manage servers and

switches

Idempotent Only change if required

Low Time to Automate

Easier to start automation if no coding skills

25#ArubaAirheads

Ansible

Ansible architecture:• Clients (Windows, linux, network device)• Control Machine – run command on this to control clients. Windows not supported.• Original model: ansible interacts using SSH with clients.• Adapted to use REST API.

Control Machine

Client (hosts)

Ansible Files

26#ArubaAirheads

Ansible

Ansible architecture:• Very adaptable – can be a single line command AKA ad-hoc command:

ansible all -m service -a "name=httpd state=started"

Target hostsClients to run command on

TaskSpecific action to takeModule

Feature to run

27#ArubaAirheads

Ansible

Ansible architecture:• Scales up with adaptable file structure:

Host File / InventoryList of clientsINI or YAML

ansible.cfgBasic operation variables

mail.example.com

[webservers]foo.example.combar.example.com[dbservers]one.example.comtwo.example.com

all:hosts:

core:switch1switch2

leaf:switch3switch4

INI

YAML

28#ArubaAirheads

YAML – Yet Another Markup Language

Humanly readable data-serialization language (thanks Wikipedia)Way of presenting data object (lists, key-value pairs) in a config fileStructure is significant. Indented block or in-line

---- bread- milk- eggs

[one, two, three]

name: bruce waynejob: spiderman

{name: peter parker, job: jedi knight}

Key-value pair

List

29#ArubaAirheads

Ansible

Ansible playbookWritten in YAML

- name: Turn up isc dhcp serverbecome: yeshosts: alltasks:

- name: update & upgradeapt: update_cache=yes upgrade=full

- name: install isc dhcpapt: name=isc-dhcp-server

- name: copy dhcpd6 configcopy:

src: dhcpd6.confdest: /etc/dhcp/dhcpd6.confowner: rootgroup: rootmode: 0644backup: yes

- name: start and enable dhcpv6systemd:

state: startedname: isc-dhcp-server6enabled: yes

Hosts to run on

Task

module

actionSimple Linux Example

• Install ISC DHCP pkg• Build DHCPv6 Server• Configure .conf• Start Service

30#ArubaAirheads

Ansible – Our support

AOS-Switch

34 Modules

AOS-CX

31#ArubaAirheads

ArubaOS-Switch Ansible ModulesVLAN Creation

Update Interface 5 description

Creates VLAN 300

32#ArubaAirheads

ArubaOS-Switch ModulesAvailable modules

Apply ACLs to interfaces Restore Configurations Attach VRFs to VLAN interfaces

Manage User Information Configure DNS Server Configure NTP

Manage VLANs Configure Radius Profile Update/Configure PoE Ports

Configure QoS rate on interfaces Configure/Delete QoS Policies Configure SNMP Traps

Configure STP Configure/Manage AAA Configure Syslog

33#ArubaAirheads

ArubaOS-CX ModulesAvailable modules

Apply ACLs to L3 interfaces Enable/Disable interfaces Attach VRFs to VLAN interfaces

Attach VLANs to L2 interfaces Assign IP helper addresses to interfaces Assign VSX MAC Address virtual gateway to VLAN interface

Create/Delete VLAN interfaces Assign IP addresses to VLAN interfaces Create/Delete L2 VLANs

Configure QoS rate on interfaces Delete/Create L2 interfaces Attach VRFs to L3 interfaces

Delete/Create L3 interfaces Attaching QoS schedule profile to interfaces

Assign active IP gateway to VLAN interface

34#ArubaAirheads

NEW: Ansible Galaxy CX Roles

• Recently posted to ansible community site.• Roles = defined ansible file structure, imported into

playbooks. Eases sharing.• 11 tasks for ArubaOS-CX:

o L2 Interface creationo L3 Interface creationo Static routeo Vlano Vlan interface configurationo VRF creationo ACL configuration

35#ArubaAirheads

Demo

36#ArubaAirheads

Can be confusing

Ansible – Scaled Up

Ansible scales up by abstracting and expanding functionality into separate directories and files

Examples:

• Inventory• Variables – for use in playbooks • Playbooks• Tasks• Templates - for jinja2 templating• Files - to be copied to clients

https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#playbooks-best-practices

😳

37#ArubaAirheads

Ansible AWX/Tower

38#ArubaAirheads

Ansible Or Python?

Written in Python but users do not need to know Python

YAML easier to work with than native Python for beginners.

Pro Users write playbooks for actions in YAML.

39#ArubaAirheads

Ansible Or Python?

Ansible Playbooks create abstraction layer, hiding complexity of tasks, roles, hosts etc into a single command

Lower skilled staff empowered with automation tooling

Running playbooks can constitute day-to-day NetOps

40#ArubaAirheads

Ansible Or Python?

The more ansible deviates from initial config mgmt goal, the more the structure becomes a restriction

Think training wheels on a bike

41#ArubaAirheads

Ansible Or Python?

Long-term automation pro-users need real coding skills.

42#ArubaAirheads

Aruba & Ansible

• Aruba Ansible Modules GitHub:• Link: https://github.com/aruba/aruba-ansible-modules

• Aruba Ansible Workflows GitHub:• Link: https://github.com/aruba/aruba-switch-ansible

• Switching Automation Series on ABC Networking• Link: https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ