network automation surfsara - os3...network automation @surfsara current ansible implementation...
TRANSCRIPT
![Page 2: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/2.jpg)
Agenda
•What is network automation and why do you want it?•Configuration management concepts•Ansible•Network automation @SURFsara•Hands-on demo
![Page 3: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/3.jpg)
(Zero Touch) Provisioning
• Rack, connect, power up• Install OS image and (initial) configuration• Similar to PXE boot• Based on DHCP and file transfer protocols• Implementation is vendor dependent
Configuration Management
• Automated way to put devices in a desired state• Configuration definitions are kept in a VCS
What is network automation and why do you want it?
![Page 4: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/4.jpg)
What is network automation and why do you want it?
Benefits
•Configuration consistency•Repeatable results•Testability•Less risk of human error•Faster deployment
![Page 5: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/5.jpg)
Configuration Management concepts
Idempotency
![Page 6: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/6.jpg)
Configuration Management concepts
Imperative configuration
vs
Declarative configuration
![Page 7: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/7.jpg)
Configuration Management concepts
Intent-based networking
•Cisco, Apstra …•Configuration vs intent•Natural language•Validation•Remediation•Machine learning, big data analytics •Just another layer of abstraction?
http://blog.ipspace.net/2017/09/intent-based-hype.html
![Page 8: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/8.jpg)
Configuration Management concepts
Agent
vs
Agentless
![Page 9: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/9.jpg)
Configuration Management concepts
Push model
vs
Pull model
![Page 10: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/10.jpg)
Configuration Management concepts
Automation
vs
Orchestration
![Page 11: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/11.jpg)
Configuration Management tools
![Page 12: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/12.jpg)
Characteristics
•Agentless•Uses primarily the push model• Imperative or declarative?•Orchestration•Ad-hoc commands
Concepts and elements
• Inventory•Playbooks, plays, tasks•Templates (jinja2)•Roles•Variables•Modules
Ansible
![Page 13: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/13.jpg)
Ansible networking modules
•http://docs.ansible.com/ansible/latest/list_of_network_modules.html
![Page 14: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/14.jpg)
Network automation @SURFsara
0% 1% 4%
43%55%
70%
100% 99% 96%
57%45%
30%
0%
20%
40%
60%
80%
100%
120%
2013 2014 2015 2016 2017 2018
Open networking devices in SURFsara
Open networking vendors Legacy vendors
![Page 15: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/15.jpg)
Network automation @SURFsara
Ansibleplaybook
MAC/IP in CMDB
Generate DHCP
Generate DNS switch in rack
ONIEinstall
Dynamic Ansible inventory
ZTPscript
![Page 16: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/16.jpg)
Network automation @SURFsara
Current Ansible implementation
•Network devices managed by Ansible include Cumulus Linux and Juniper•Ansible dynamic inventory•Ansible playbooks are used on a project/cluster level•Ansible roles are used on a global level•Clear separation between data (variables) and logic•Variables are mostly device/OS independent•Cumulus Linux is configured as a Linux server (template module, not NCLU)
![Page 17: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/17.jpg)
Network automation @SURFsara
Next steps
• (More) testing and validation•Change management pipeline (Continuous Integration)• Integration of monitoring•Self service
![Page 18: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/18.jpg)
Questions?
![Page 19: Network automation SURFsara - OS3...Network automation @SURFsara Current Ansible implementation •Network devices managed by Ansible include Cumulus Linux and Juniper •Ansible dynamic](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f0532fe7e708231d411c537/html5/thumbnails/19.jpg)
Hands-on demo