cumulus networks: automating network configuration

1

April 11, 2017

DEMYSTIFYING NETWORKING WEBINAR SERIES

Network Automation: Soup to Nuts

Dinesh G Dutt

2

Agenda

Why Automate ?

Does This Apply to Me ?

Does This Mean I Have to Learn Programming ?

What Tools Can I Use to Automate ?

Where do I Begin ?

Is Automation Only For Initial Configuration ?

Cumulus Networks Confidential

3

Key Takeaways

Automation helps build better networks

Automation can be simple, iterative

Automation is not a fad diet, but a way of life


4Cumulus Networks Confidential

Why Automate ?

5

Industry revolution to web-scale networking is occurring


Businesses require agility1 New application delivery models

are needed2 Network needs to be faster,

cheaper, more flexible and easier3

6

— Brian Lubelczyk, Director Network & Security Infrastructure

“If our network goes down, it potentially can be a

safety issue, putting patients’ lives at risk”

$4B provider of

Electronic Health Records

Benefits

Reduced time to rack a switch from 45 minutes to 3 minutes

Improved operational efficiency from 18 hours to 30 minutes

Single touch provisioning

Highly automatable network

7

of global enterprises will

have a web-scale networking

initiative, by 2020*

40%Over

of the Fortune 50 have

already adopted Cumulus

Networks

28%

*Source: Gartner Group

Next 5 years, web-scale networking will become pervasive


8

Highly automated

and increased agility

Supply chain

freedom

More control

and flexibility

1 admin

for 200 switches

Up to 45%

CapEx savings

Manual

intervention and

lack of agility

Vendor lock-in with

inherent complexity

Increased

maintenance and

inflexible

Specialized skillset

1 admin : 50 switchesHigh CapEx

TRADITIONAL

NETWORKING

WEB-SCALE

NETWORKING

Operational

LeverageArchitecture

Business

Model

Time to

MarketCost

The need for web-scale networking is now


9

Why Automate ?

Eliminate random errors

Build predictable infrastructure

Build scalable infrastructure


10Cumulus Networks Confidential

Does this apply to me ?

11

Does Automation Benefit All Networks ?

Automation benefits all network operators

Smaller shops have a multitasking network operator

Medium to large shops cannot scale or build predictable networks

Benefits brown field and green field networks

12

Does This Mean I Have To Learn Programming ?


14

What Can I Use to Automate ?


15

Choices

Server automation tools

Puppet

Chef

Ansible

Operator proprietary


Network automation tools

Netconf/Restconf

Yang/Openconfig

Vendor proprietary

Cumulus Linux is Linux, so any tool works out of the box,

no assembly required

16

Structured I/O

vs

Uniform Data Models


17

Recommendation

If network automation team is the same as server automation team, the choice is often Puppet/Chef

If network automation team has no preference, pick Ansible

My prediction: YANG will go the way of SNMP

18

Where do I begin?


19

Assuming Ansible: Download Relevant Software

Linux: Follow instructions on Ansible web page

OS X: Install Hombrew

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Install Ansible with Homebrewbrew install ansible

Windows: Ansible doesn’t work on Windows natively

Follow instructions on: https://www.jeffgeerling.com/blog/running-ansible-within-windows


20

Versions

Pick at least Ansible version 2.2

Supports multiple network operator modules

Big emphasis on supporting networking


21

Start Simple

Start with adhoc commands

Move adhoc commands to playbooks

Build a collection of playbooks


22

Sample Topology


23

Real Life Example of Customer Immersion

1. Push device-specific files (glorified file copy)

2. Look at patterns and create templates

3. Automate more of the tasks

4. Add Ansible roles, fully automated


24

How Switch Configuration is Different From Server Configuration


Scale of what’s to be configured

Tens of physical interfaces

Hundreds to thousands of logical interfaces (VLANs, VxLANs)

Pair-wise node configuration

Interface IP address

BGP neighbor configuration

Duplication of information

IP address repeated in interface configuration, routing protocol configuration etc.

L1 L2 L16

S1 S2 S4S310.1.1.1

10.1.1.0

10.1.4.33

10.1.4.32

25

Everybody here is a name not a number


26

Benefits of Using Names Instead of Numbers

Names are easier to spot errors with compared to IP addresses

Using interface names everywhere helps eyeball errors quickly

27

OSPF: Avoid “network” Statements, Use “ip ospf area” under “interface:

Cumulus Networks Confidentialcumulusnetworks.com

interface swp1ip ospf area 0.0.0.0


…inerface swp17ip ospf area 0.0.0.0

!router ospfospf router-id 10.0.0.17

S1





S4





L1interface swp1ip ospf area 0.0.0.0




L16

SPINE

LEAF L1 L2 L16

S1 S2 S4S310.1.1.1

10.1.1.0

10.1.4.33

10.1.4.32

28

Simplifying BGP Configuration

cumulusnetworks.com

router bgp 64502bgp log-neighbor-changesbgp router-id 10.0.0.2!neighbor swp1 remote-as externalneighbor swp2 remote-as externalneighbor swp3 remote-as externalneighbor swp4 remote-as external


router bgp 65000bgp log-neighbor-changesbgp router-id 10.0.0.17!neighbor swp1 remote-as externalneighbor swp2 remote-as external…neighbor swp16 remote-as external

router bgp 65000bgp log-neighbor-changesbgp router-id 10.0.0.20!neighbor swp1 remote-as externalneighbor swp2 remote-as external…neighbor swp16 remote-as external

L2 L16

S1

S4


L1

SPINE

LEAF L1 L2 L16

S1 S2 S4S3

29

Reuse Playbooks In Multiple Deployments


- hosts: routersvars:

loopback_v4_subnet: 10.1.1.0/24

- hosts: routersvars_files:

- “{{ dc }}-properties.yml”vs

Avoid defining variable names inside playbooks

Make them portableStore different DC variables in different files and reuse playbook

Pass DC name as: ansible-playbook –e “dc=sjc” tasks.yml

Avoid duplicationMultiple playbooks or plays may need them

30

Evolving


31

Staying the Course With Automation

Playbooks (or any other automation code) is not meant for a one time use

When the box is first configured or upgraded

To use the playbook in three month’s time, it needs to be readable and simple

To hand over the playbook to someone else to maintain, it needs to be simple

Don’t complicate the code by using every feature a tool provides

32

Pick the Correct Ecosystem

Puppet & Chef have Ruby as base language

Ansible users tend to use Python

Mixing Python & Ruby tool chains requires multiple language skills, can be more maintenance

For example, Serverspec and other such validation tools will be

natural for Puppet/Chef shops, but will require adding Ruby skills

to Ansible shops

33

Commit/Rollback in the Age of Automation

Master state is in the playbooks (or recipes), not the device specific configuration themselves

Use source control (git is easy to get) to manage playbook versions

Ansible’s validate ensures commands don’t fail due to syntactic errors

Verifying Configuration ensures final state is as desired

Testing changes in virtual land ensures you don’t hose the box


34

Zen of Coding

Beautiful is better than ugly.

Explicit is better than implicit.

Simple is better than complex.

Complex is better than complicated.

Flat is better than nested.

Sparse is better than dense.

Readability counts.

Special cases aren't special enough to break the rules.


35

Part 2 of Network Automation

Going from the basics of automating network configuration to a CI/CD model

Using virtual environments to take the sting out of unforeseen consequences

Guest Speaker: Pete Lumbis

When: April 27, 2017


36

Thank you!Visit us at cumulusnetworks.com or follow us @cumulusnetworks

© 2017 Cumulus Networks. Cumulus Networks, the Cumulus Networks Logo, and Cumulus Linux are trademarks or registered trademarks of Cumulus

Networks, Inc. or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The registered trademark

Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.

cumulus networks: automating network configuration

Technology