Upload
others
View
6
Download
1
Embed Size (px)
Citation preview
Network automation at SURFsara
Diederik Vandevenne, [email protected] UvA SNE – 7 March 2018
Agenda
•What is network automation and why do you want it?•Configuration management concepts•Ansible•Network automation @SURFsara•Hands-on demo
(Zero Touch) Provisioning
• Rack, connect, power up• Install OS image and (initial) configuration• Similar to PXE boot• Based on DHCP and file transfer protocols• Implementation is vendor dependent
Configuration Management
• Automated way to put devices in a desired state• Configuration definitions are kept in a VCS
What is network automation and why do you want it?
What is network automation and why do you want it?
Benefits
•Configuration consistency•Repeatable results•Testability•Less risk of human error•Faster deployment
Configuration Management concepts
Idempotency
Configuration Management concepts
Imperative configuration
vs
Declarative configuration
Configuration Management concepts
Intent-based networking
•Cisco, Apstra …•Configuration vs intent•Natural language•Validation•Remediation•Machine learning, big data analytics •Just another layer of abstraction?
http://blog.ipspace.net/2017/09/intent-based-hype.html
Configuration Management concepts
Agent
vs
Agentless
Configuration Management concepts
Push model
vs
Pull model
Configuration Management concepts
Automation
vs
Orchestration
Configuration Management tools
Characteristics
•Agentless•Uses primarily the push model• Imperative or declarative?•Orchestration•Ad-hoc commands
Concepts and elements
• Inventory•Playbooks, plays, tasks•Templates (jinja2)•Roles•Variables•Modules
Ansible
Ansible networking modules
•http://docs.ansible.com/ansible/latest/list_of_network_modules.html
Network automation @SURFsara
0% 1% 4%
43%55%
70%
100% 99% 96%
57%45%
30%
0%
20%
40%
60%
80%
100%
120%
2013 2014 2015 2016 2017 2018
Open networking devices in SURFsara
Open networking vendors Legacy vendors
Network automation @SURFsara
Ansibleplaybook
MAC/IP in CMDB
Generate DHCP
Generate DNS switch in rack
ONIEinstall
Dynamic Ansible inventory
ZTPscript
Network automation @SURFsara
Current Ansible implementation
•Network devices managed by Ansible include Cumulus Linux and Juniper•Ansible dynamic inventory•Ansible playbooks are used on a project/cluster level•Ansible roles are used on a global level•Clear separation between data (variables) and logic•Variables are mostly device/OS independent•Cumulus Linux is configured as a Linux server (template module, not NCLU)
Network automation @SURFsara
Next steps
• (More) testing and validation•Change management pipeline (Continuous Integration)• Integration of monitoring•Self service
Questions?
Hands-on demo