Automated Provisioning/Orchestration for vendor agnostic networks Kapil Agrawal, Network Engineer

Agenda • Elements of provisioning devices on a network

• Manual vs Automated

• Orchestrating a provisioning workflow with Ansible• Current workflow at NCSA

• Quick Demo

• Vendor neutral ZTP• progress, challenges and possible solutions

• Questions

Manual provisioning process• Baseline config

• per device platform • per device role (L2/L3 or both etc.)

• Add device(s) to various network management systems• Inventory• IPAM• Config backup tool (Rancid/Oxidized etc.)• Monitoring systems etc.

• Perform a software upgrade (optional)• Standard/blessed code version

Auto Provisioning Elements1. Define network infrastructure as code

- YAML based network data modeling- Base config in YAML (key : value pairs)

2. Templating- Jinja2 based config templates- per platform (Juniper, Arista etc..)

3. Automation tool (Ansible)- Playbook- gather facts- conditionals- tasks

YAML based data modeling • Identify and define common config bits

• User accounts • Loopback filters• Prefix lists• ACL’s• SNMP, Radius, Syslog, NTP etc..

• YAML defines everything in KEY : VALUE pairs

• Common across ALL your devices on the network!• Independent of the Platform/Vendor

Sample YAML’ized base config

Jinja2 templating • Contains variables and other text

• Common config elements and some CLI based syntax

• Variables are replaced by the values • Values assigned from the YAML file.

• Values are passed when the template is rendered

• Jinja2 resembles Python!

Sample Jinja2 template

WORKFLOW

Vendor neutral Zero Touch Provisioning (ZTP)• Bootstrapping config is still very much manual right now!

• Add a mgmt. IP address to the device• Enable SSH service• Add a route to talk to Ansible• Add root-auth password (Juniper)

• Challenges with bootstrapping over DHCP• Different vendors use different DHCP options!

• No common ground!

• Alternative methods : • Aeon-ZTPS by Apstra (No support for Juniper!)• Pyserial – Limited success with limited testing

• Screen scraping over console (Ew!)

• Any other known/proposed solution?

Resources/contact

https://github.com/netops2devops/auto-provisioning-techx2019

kagraw [at] ncsa.illinois.edu

https://www.linkedin.com/in/k4pil/

@netops2devops

QUESTIONS ?

THANK YOU 🙏