Cumulus Networks: Automating Network Configuration
Download as PPTX, PDF5 likes1,575 views
The document discusses the importance of network automation, highlighting its benefits in creating scalable, predictable, and efficient network infrastructures. It emphasizes that automation is crucial for organizations to meet the demands for agility and new application delivery models while providing practical tools and guidelines for implementation. Key recommendations include leveraging tools like Ansible and maintaining simplicity in code to facilitate readability and collaboration.
Cumulus Networks: Automating Network Configuration
- 1. 1 April 11, 2017 DEMYSTIFYING NETWORKING WEBINAR SERIES Network Automation: Soup to Nuts Dinesh G Dutt
- 2. 2 Agenda Why Automate ? Does This Apply to Me ? Does This Mean I Have to Learn Programming ? What Tools Can I Use to Automate ? Where do I Begin ? Is Automation Only For Initial Configuration ? Cumulus Networks Confidential
- 3. 3 Key Takeaways Automation helps build better networks Automation can be simple, iterative Automation is not a fad diet, but a way of life Cumulus Networks Confidential
- 4. 4Cumulus Networks Confidential Why Automate ?
- 5. 5 Industry revolution to web-scale networking is occurring Cumulus Networks Confidential Businesses require agility1 New application delivery models are needed 2 Network needs to be faster, cheaper, more flexible and easier 3
- 6. 6 — Brian Lubelczyk, Director Network & Security Infrastructure “If our network goes down, it potentially can be a safety issue, putting patients’ lives at risk” $4B provider of Electronic Health Records Benefits Reduced time to rack a switch from 45 minutes to 3 minutes Improved operational efficiency from 18 hours to 30 minutes Single touch provisioning Highly automatable network
- 7. 7 of global enterprises will have a web-scale networking initiative, by 2020* 40%Over of the Fortune 50 have already adopted Cumulus Networks 28% *Source: Gartner Group Next 5 years, web-scale networking will become pervasive Cumulus Networks Confidential
- 8. 8 Highly automated and increased agility Supply chain freedom More control and flexibility 1 admin for 200 switches Up to 45% CapEx savings Manual intervention and lack of agility Vendor lock-in with inherent complexity Increased maintenance and inflexible Specialized skillset 1 admin : 50 switches High CapEx TRADITIONAL NETWORKING WEB-SCALE NETWORKING Operational Leverage Architecture Business Model Time to Market Cost The need for web-scale networking is now Cumulus Networks Confidential
- 9. 9 Why Automate ? Eliminate random errors Build predictable infrastructure Build scalable infrastructure Cumulus Networks Confidential
- 10. 10Cumulus Networks Confidential Does this apply to me ?
- 11. 11 Does Automation Benefit All Networks ? Automation benefits all network operators Smaller shops have a multitasking network operator Medium to large shops cannot scale or build predictable networks Benefits brown field and green field networks
- 12. 12 Does This Mean I Have To Learn Programming ? Cumulus Networks Confidential
- 13. 13
- 14. 14 What Can I Use to Automate ? Cumulus Networks Confidential
- 15. 15 Choices Server automation tools Puppet Chef Ansible Operator proprietary Cumulus Networks Confidential Network automation tools Netconf/Restconf Yang/Openconfig Vendor proprietary Cumulus Linux is Linux, so any tool works out of the box, no assembly required
- 16. 16 Structured I/O vs Uniform Data Models Cumulus Networks Confidential
- 17. 17 Recommendation If network automation team is the same as server automation team, the choice is often Puppet/Chef If network automation team has no preference, pick Ansible My prediction: YANG will go the way of SNMP
- 18. 18 Where do I begin? Cumulus Networks Confidential
- 19. 19 Assuming Ansible: Download Relevant Software Linux: Follow instructions on Ansible web page OS X: Install Hombrew /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" Install Ansible with Homebrew brew install ansible Windows: Ansible doesn’t work on Windows natively Follow instructions on: https://www.jeffgeerling.com/blog/running- ansible-within-windows Cumulus Networks Confidential
- 20. 20 Versions Pick at least Ansible version 2.2 Supports multiple network operator modules Big emphasis on supporting networking Cumulus Networks Confidential
- 21. 21 Start Simple Start with adhoc commands Move adhoc commands to playbooks Build a collection of playbooks Cumulus Networks Confidential
- 22. 22 Sample Topology Cumulus Networks Confidential
- 23. 23 Real Life Example of Customer Immersion 1. Push device-specific files (glorified file copy) 2. Look at patterns and create templates 3. Automate more of the tasks 4. Add Ansible roles, fully automated Cumulus Networks Confidential
- 24. 24 How Switch Configuration is Different From Server Configuration Cumulus Networks Confidential Scale of what’s to be configured Tens of physical interfaces Hundreds to thousands of logical interfaces (VLANs, VxLANs) Pair-wise node configuration Interface IP address BGP neighbor configuration Duplication of information IP address repeated in interface configuration, routing protocol configuration etc. L1 L2 L16 S1 S2 S4S3 10.1.1.1 10.1.1.0 10.1.4.33 10.1.4.32
- 25. 25 Everybody here is a name not a number Cumulus Networks Confidential
- 26. 26 Benefits of Using Names Instead of Numbers Names are easier to spot errors with compared to IP addresses Using interface names everywhere helps eyeball errors quickly
- 27. 27 OSPF: Avoid “network” Statements, Use “ip ospf area” under “interface: Cumulus Networks Confidentialcumulusnetworks.com interface swp1 ip ospf area 0.0.0.0 interface swp2 ip ospf area 0.0.0.0 … inerface swp17 ip ospf area 0.0.0.0 ! router ospf ospf router-id 10.0.0.17 S1 interface swp1 ip ospf area 0.0.0.0 interface swp2 ip ospf area 0.0.0.0 … inerface swp17 ip ospf area 0.0.0.0 ! router ospf ospf router-id 10.0.0.20 S4 interface swp1 ip ospf area 0.0.0.0 interface swp2 ip ospf area 0.0.0.0 … inerface swp4 ip ospf area 0.0.0.0 ! router ospf ospf router-id 10.0.0.1 L1 interface swp1 ip ospf area 0.0.0.0 interface swp2 ip ospf area 0.0.0.0 … inerface swp4 ip ospf area 0.0.0.0 ! router ospf ospf router-id 10.0.0.16 L16 SPINE LEAF L1 L2 L16 S1 S2 S4S3 10.1.1.1 10.1.1.0 10.1.4.33 10.1.4.32
- 28. 28 Simplifying BGP Configuration cumulusnetworks.com router bgp 64502 bgp log-neighbor-changes bgp router-id 10.0.0.2 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as external router bgp 64516 bgp log-neighbor-changes bgp router-id 10.0.0.16 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as external router bgp 65000 bgp log-neighbor-changes bgp router-id 10.0.0.17 ! neighbor swp1 remote-as external neighbor swp2 remote-as external … neighbor swp16 remote-as external router bgp 65000 bgp log-neighbor-changes bgp router-id 10.0.0.20 ! neighbor swp1 remote-as external neighbor swp2 remote-as external … neighbor swp16 remote-as external L2 L16 S1 S4 router bgp 64501 bgp log-neighbor-changes bgp router-id 10.0.0.1 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as external L1 SPINE LEAF L1 L2 L16 S1 S2 S4S3
- 29. 29 Reuse Playbooks In Multiple Deployments Cumulus Networks Confidential - hosts: routers vars: loopback_v4_subnet: 10.1.1.0/24 - hosts: routers vars_files: - “{{ dc }}-properties.yml” vs Avoid defining variable names inside playbooks Make them portable Store different DC variables in different files and reuse playbook Pass DC name as: ansible-playbook –e “dc=sjc” tasks.yml Avoid duplication Multiple playbooks or plays may need them
- 31. 31 Staying the Course With Automation Playbooks (or any other automation code) is not meant for a one time use When the box is first configured or upgraded To use the playbook in three month’s time, it needs to be readable and simple To hand over the playbook to someone else to maintain, it needs to be simple Don’t complicate the code by using every feature a tool provides
- 32. 32 Pick the Correct Ecosystem Puppet & Chef have Ruby as base language Ansible users tend to use Python Mixing Python & Ruby tool chains requires multiple language skills, can be more maintenance For example, Serverspec and other such validation tools will be natural for Puppet/Chef shops, but will require adding Ruby skills to Ansible shops
- 33. 33 Commit/Rollback in the Age of Automation Master state is in the playbooks (or recipes), not the device specific configuration themselves Use source control (git is easy to get) to manage playbook versions Ansible’s validate ensures commands don’t fail due to syntactic errors Verifying Configuration ensures final state is as desired Testing changes in virtual land ensures you don’t hose the box Cumulus Networks Confidential
- 34. 34 Zen of Coding Beautiful is better than ugly. Explicit is better than implicit. Simple is better than complex. Complex is better than complicated. Flat is better than nested. Sparse is better than dense. Readability counts. Special cases aren't special enough to break the rules. Cumulus Networks Confidential
- 35. 35 Part 2 of Network Automation Going from the basics of automating network configuration to a CI/CD model Using virtual environments to take the sting out of unforeseen consequences Guest Speaker: Pete Lumbis When: April 27, 2017 Cumulus Networks Confidential
- 36. 36 Thank you! Visit us at cumulusnetworks.com or follow us @cumulusnetworks © 2017 Cumulus Networks. Cumulus Networks, the Cumulus Networks Logo, and Cumulus Linux are trademarks or registered trademarks of Cumulus Networks, Inc. or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.