www.networktocode.com

Network Automation with Ansible

Jason Edelman@jedelman8

jedelman.com

www.networktocode.com

AGENDA

• Network Architectures • Network Automation• Why Ansible?• Live Demo

www.networktocode.com

POLL

• Do you currently automate any part of the network?

• Network or Sys/DevOps?

www.networktocode.com

ABOUT ME

• Traditional Network Engineer for 14 years– Worked for Cisco, VARs, etc.– CCIE 15394, VCDX-NV

• Made the shift to programmability and automation about 2 years ago– Presently consulting on network automation

• Blog: jedelman.com • Twitter: @jedelman8

www.networktocode.com

Why Network Automation?

www.networktocode.com

INSANITY

www.networktocode.com

COOL ?

www.networktocode.com

EVOLVING ECOSYSTEMS

www.networktocode.com

CONSISTENCY

www.networktocode.com

CONSISTENCY

www.networktocode.com

NETWORK AUTOMATION

Template Building

Data Collection

Super Commands

Troubleshooting (Ops)

Conformance & Validation

Provisioning

Device Configurations, Vendor Migrations, IPv4 to IPv6 Migration, Site Rollouts, Office/DC Relocations, BYOD configs for switches

Cabling Check, Neighbors, Serial Numbers (support contracts?), Linecards, Modules, Audit Checks, PSIRT checks

Wireless Client to AP to Switchport, Phone to switchport, BGP Table + Routing Table, Integrate to UC, WLAN, IPAM

Cabling, L2 neighbors, L3 adjacencies (have it tell you WHY the neighbor relationship failed), Interface Errors, ACLs

Are the correct routes in each router? Measuring MAC/ROUTE table size, SNMP, security validation parameters

Orchestration, Configuration Management, etc.

www.networktocode.com

TEMPLATE BUILDING

www.networktocode.com

TEMPLATE CREATION

www.networktocode.com

VARIABLE EXTRACTION

www.networktocode.com

BUILD PROCESS

www.networktocode.com

CABLE VERIFICATION

• Is the cabling accurate?

• How do you know if something is mis-cabled?

• Ever work 3rd party contractors that cable based on your patch schedule and somehow it doesn’t come out right?

www.networktocode.com

DEFINE THE DESIRED STATE

www.networktocode.com

OBTAIN THE ACTUAL STATE

www.networktocode.com

DESIRED VS. ACTUAL

www.networktocode.com

TROUBLESHOOTING OSPF

• Remember how neighbors are formed in OSPF?

• Do you remember at 3am on a Saturday?

• Does the junior network engineer remember when you’re on vacation?

www.networktocode.com

TROUBLESHOOTING OSPF

• Remember how neighbors are formed in OSPF?

• Do you remember at 3am on a Saturday?

• Does the junior network engineer remember when you’re on vacation?

• How about we automate the process of a neighbor check?

• Do we really enjoy bouncing back and forth between routers?

• Let’s get to it!

www.networktocode.com

TROUBLESHOOTING OSPF

• Remember how neighbors are formed in OSPF?

• Do you remember at 3am on a Saturday?

• Does the junior network engineer remember when you’re on vacation?

• How about we automate the process of a neighbor check?

• Do we really enjoy bouncing back and forth between routers?

• Let’s get to it!

Network Rockstar

www.networktocode.com

TROUBLESHOOTING OSPF

WITH ANSIBLE

www.networktocode.com

GATHER & ANALYZE

Everything else is just printing data from facts

www.networktocode.com

AN ANSIBLE PLAYBOOK

www.networktocode.com

WHY ANSIBLE?

• Agentless– EXTREMELY important for network integrations

• Easily extendable– Add new devices as necessary, i.e. Arista, Cisco, HP,

Juniper including SDN fabrics

• Used for one-off and mass changes• Native orchestration capabilities • Tower gives push button provisioning

www.networktocode.com

DEMO TIME

• Ansible (CLI)• Ansible Tower (UI)

GitHub: jedelman8Twitter: @jedelman8Blog: jedelman.com