Network Automation with Ansible 2.1 and beyondfiles.meetup.com/16465302/AnsibleMeetupSF-Sep-2016 (1).pdf · Network Automation with Ansible 2.1 ... ACCELERATE APPLICATION DEPLOYMENT

Fabrizio MaccioniTechnical Marketing [email protected]@fabrimaccioni

September 15th 2016

Network Automation with Ansible 2.1 and beyond

Session Objective:Abstract

As IT organizations adopt the cloud strategy to build agile data centers, they realize the need to move fast and drive higher levels of innovation.

One of the key components is automation for reliable provisioning and management of the datacenter network.

Join us as we discuss how Ansible can be leveraged to manage your Cisco network.

Session NOT Objective:

Explain what Ansible is

Try to sell Ansible and/or Cisco gear

Deep dive on Ansible modules

AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1What’s next?References


Why?“I can spin up servers in minutes with my Ansible

Playbooks, why does it take orders of magnitude more to spin up and affect change on my Network Elements?”

“IT Organizations using configuration management tools deploy 30x more frequently with 200x shorter lead times; they have 60x fewer failures and recover

168x faster”

2015 State of DevOps Report

ServicesNetwork

Data Center Automation and IT CollaborationToday: Serialized Configuration and Management

SUCCESSFUL DEPLOYMENT

SlowError Prone

ApplicationsCompute

ApplicationRequirements

ServicesNetwork

Data Center Automation and IT CollaborationToday: Serialized Configuration and Management

SUCCESSFUL DEPLOYMENTApplicationsCompute


Access

Core

Network TransformationLegacy 3 tiers Architecture

Aggregation

Leaf

Spine

Huge Fabrics: many Spines and 100s Leaves

DC Network TransformationModern Fabrics Architecture

Border Leaf


ScaleConsistency

L3


Ansible and Cisco: Better Together

Huge Fabrics: many Spines and 100s LeavesNetwork, Servers and Applications Configurations managed by Ansible

… Cisco UCS

Cisco Nexus Fabric


Why Ansible?• Everybody talks about Ansible!! • Streamlined and Fast• Yaml is easy• Good Documentation• Agentless!• Agentless!!• Agentless!!!

Must be cool!!

https://clusterhq.com/assets/pdfs/state-of-container-usage-june-2015.pdf

Which container orchestration toolsare you considering?

(Via SSH/HTTP[S])

(Via ssh)

Ansible Overview on CiscoHow Ansible Typically Works

CLI

Show clock

NXAPI Web Server(NGINX)

{"jsonrpc": "2.0","method": "cli","params": {"cmd": "show clock","version": 1

},"id": 1

}

{"jsonrpc": "2.0","result": {"body": {"simple_time": "15:00:37.762 PST Mon Aug 18 2014\n"

}},"id": 1

}

HTTP / HTTPS

Switch(config)# feature nxapi

Ansible Overview on Cisco NexusTechnology Enabler: NX-API CLI

Ansible Overview on Cisco NexusNXAPI Web Sandbox

(1) Point browser to IP Address of Network Element

(2) Enter CLI Commands

(2) See formatted input as you type (3) See formatted output in json/xml

(3) Click POST (4) Generate Python script


Cisco Nexus before Ansible 2.1how to

1. Install pycsco Open Source Library

2. Clone nxos-ansible Ansible Modules Repository

And follow instructions at https://github.com/jedelman8/nxos-ansible

3. Test some Playbookshttps://github.com/jedelman8/nxos-ansible/tree/master/test-playbooks

Command SNMP groupSNMP Server SNMP Community SNMP user

Interface VTP VLAN

AAA server AAA Server host

ACL

Copy

DirFeature File Copy

Get Facts

Get Interface

Get IPv4 Interface Get Neighbors HSRP IGMP

NTP Switchport VPC

UDLD

Cisco NX-OS Configuration

Cisco Nexus before Ansible 2.1Modules

https://github.com/jedelman8/nxos-ansible/tree/master/library

Cisco Nexus before Ansible 2.1Sample Playbook: VLAN configuration


New features introduced in Ansible 2.1Network Automation

New features introduced in Ansible 2.1Key Features

• New Network Core Modules!!nxos_config Manage Cisco NXOS configuration sectionsios_command Run arbitrary command on Cisco IOS devices

• Support for different transportsSSH, NX-API

• Several new useful Optionsdelegate_to, waitfor, force, backup, retries, before/after and more!

New features introduced in Ansible 2.1How to

1. Install pycsco Library

2. Clone nxos-ansible Repository

3. Follow instructions at https://github.com/jedelman8/nxos-ansible

Test some Playbookshttps://github.com/ansible/test-network-modules.git

New features introduced in Ansible 2.1 Sample Playbook

ServicesNetwork

Cisco And Ansible: Better Together

SUCCESSFUL DEPLOYMENTApplicationsCompute


ACCELERATE APPLICATION DEPLOYMENT

Open NX-OSOpen Ecosystem

Ansible Native Support

New features introduced in Ansible 2.1IOS Core Modules

• Cisco IOS/IOS-XE Core Modules• ios_command Run commands on remote devices running Cisco IOS• ios_config Manage Cisco IOS configuration sections• ios_facts Collect facts from remote devices running IOS• ios_template Manage Cisco IOS device configurations over SSH

https://docs.ansible.com/ansible/list_of_network_modules.html#ios

Consistent across Switches - Catalyst 2K through 6K

New features introduced in Ansible 2.1IOS-XR Core Modules

• Cisco IOS-XR Core Modules• iosxr_command Run commands on remote devices running Cisco IOS-XR• iosxr_config Manage Cisco IOS-XR configuration sections• iosxr_facts Collect facts from remote devices running IOS-XR• iosxr_template Manage Cisco IOS-XR device configurations over SSH

http://docs.ansible.com/ansible/list_of_network_modules.html#iosxr

nxos_interface

nxos_featurenxos_command nxos_config nxos_facts

nxos_ip_interface nxos_nxapi nxos_ping

http://docs.ansible.com/ansible/list_of_network_modules.html#nxoshttps://github.com/maccioni/cisco-ansible

https://www.youtube.com/watch?v=JQ9Q0NwiuHM

New features introduced in Ansible 2.1NX-OS Core Modules

nxos_switchport nxos_template nxos_vlan nxos_vrf

nxos_vrf_interface nxos_vrrp …


© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3131© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicTECCRS-2700

Othervendors…

OpenDeviceProgrammability

PhysicalandVirtualNetworkInfrastructure

AutomateSet GetNETCONF RESTconf gRPC

Device Features

Interface BGP QoS ACL …SNMP

YANG Data Model

OpenModels

NativeModels

OpenModels

NativeModels

Configuration Operation

What’s next?Model-based Management

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

ProtocolsNETCONF RESTconf gRPC

Device Features

Interface BGP QoS ACL …SNMP

YANG Data Model

OpenModels

NativeModels

OpenModels

NativeModels

Physical and Virtual Network Infrastructure

Configuration OperationProgrammable

Interfaces Data

3232© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicTECCRS-2700

Model-based Management Architecture

Models


Industry definitionCompliant with standard (IETF, ITU, OpenConfig, etc) definitionMay have vendor specific extensionsExample: ietf-diffserv-policy.yang

(IETF Diffserv data model)

Cisco definitionUnique to a Cisco operating system

Example: Cisco-IOS-XR-ipv4-bgp-cfg.yang(IOS-XR BGP data model)

Open Models

NativeModels


Model Types


Benefits:• Use open models where

available, giving commonality across platforms

• Use native models for functionality not yet in open models

• Platforms can advance native models as required while still maintaining open model compatibility

Open Models

Platform Native Models

Platform Config & Oper Data Stores

Map

Client Application


Native and Open Models

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3535© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicTECCRS-2700

Standard IETF RFC 6241 IETF draft Open source

Optimized forNetworking ✓ ✓

✗(designed for generic

client/server communications)

Encoding XML XML/JSON Proto Buffer

Connection Oriented ✓ ✗ ✓

Transport SSH HTTP/HTTPS HTTP/2

RESTconfNETCONF gRPC

Protocols

• Add support for NETCONF/RESTCONFCatalyst 3K supports Netconf on IOS-XE 16.3.1

• Use structured data instead of SSH/CLICatalyst 3K supports YANG Models on IOS-XE 16.3.1

• Add support for Cisco ASA• New Modules (NX-OS, IOS, IOS-XR)• What’s missing?

What’s next in Ansible?

https://github.com/ansible/ansible/blob/devel/docsite/rst/roadmap/ROADMAP_2_2.rst

New features introduced in Ansible 2.2ASA Modules

• Cisco ASA Extra Modules• asa_acl (E) Manage access-lists on a Cisco ASA• asa_command (E) Run arbitrary commands on Cisco ASA devices.• asa_config (E) Manage Cisco ASA configuration sections• asa_template (E) Manage Cisco ASA device configurations over SSH

http://docs.ansible.com/ansible/list_of_network_modules.html#asa

AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1References

ReferencesAnsibleansible.com/network-automationansible.com/ansible-ciscodocs.ansible.com/ansible/list_of_network_modules.htmlGitHubgithub.com/datacenter github.com/datacenter/opennxosgithub.com/datacenter/nxos-ansiblegithub.com/maccioni/cisco-ansibleCiscocisco.com/go/ansible

http://developer.cisco.com

Cisco Open Initiative: DevNet

CommunityDeveloper SupportEvents

We are Hiring!!

https://jobs.cisco.com/PRO/job/San-Jose-Technical-Marketing-Engineer-CA-95101/361822600/

Technical Marketing Engineer

• Working with orchestration technologies using DevOps such as Puppet, Chef, Ansible, Containers

• Working with automation or cloud software to enable next generation network design and network architectures

Managing Your Cisco Network with Ansible

Fabrizio MaccioniTechnical Marketing EngineerE-mail: [email protected]: @fabrimaccioni

Thank You!

Documents

Network Automation with Ansible 2.1 and beyondfiles.meetup.com/16465302/AnsibleMeetupSF-Sep-2016 (1).pdf · Network Automation with Ansible 2.1 ... ACCELERATE APPLICATION DEPLOYMENT