webinar: network automation [tips & tricks]

Download Webinar: Network Automation [Tips & Tricks]

Post on 09-Jan-2017

222 views

Category:

Technology

1 download

Embed Size (px)

TRANSCRIPT

Network Automation: Tips & Tricks

Network Automation: Tips & TricksA Black & White PresentationDavid Barroso, Dinesh G DuttAugust 30, 2016

v

AgendaWhy Automate ?The Work Before AutomationHow Does Automating Routers Differ From ServersTips & TricksSummaryAugust 30, 2016cumulusnetworks.com2

Audience AssumptionsInterested in network automation, but stumped or dauntedSmall to mid size enterprises 1-32 racks10-800 serversUnfamiliar with programmingUse Ansible, but the ideas apply to Puppet, Chef, Salt etc.August 30, 2016cumulusnetworks.com3

Network Systems Engineer at FastlyPreviously:Network Engineer at SpotifyNetwork Engineer at NTTNetwork & Systems Engineer at Atlas ITCreator of:N.A.P.A.L.M.SDN Internet RouterTwitter | Linkedin | Github@dbarrosop

WHY AUTOMATE?Even when you are a small shop

#1 CONSISTENCYIt's not only about automation, it's about consistent configurations, workflows and change control

Consistent errors introduced by bugs are easier to identify andfix than random errors introduced by humans

#2 SCALABILITYIf it works for 1 device it works for N devices (-ish)

#3 FAST ITERATIONSmall and incremental changes are easier to perform when you canfocus on the changes and the outcomevswhere to apply them and how

#4 FOR "FUN"It's more interesting than provisioning a VLAN or an IP for the gazillionth time

Prelude to Automation

August 30, 2016cumulusnetworks.com11

Reduce Clutter

August 30, 2016cumulusnetworks.com12

https://www.flickr.com/photos/rubbermaid/commons.wikimedia.org

Exploit order and regularity of networkSame ports across all boxes connected to uplink portsSame host connected to pair of leaves on same port on both leavesFrom this order and regularity emerge simple patternsAutomate PatternsPatternsAugust 30, 2016cumulusnetworks.com13

Spine01Spine02123123123

Spine03

Principles of Simplifying ConfigurationCookie cutter configuration a.k.a substitutabilityAs little node-specific variation as possibleNothing more than a single IP address, node name, for exampleAs little duplication of information as possibleSpecifying IP addresses on interfaces AND in OSPF/BGP network statementsAs much configuration as necessary, not more

August 30, 2016cumulusnetworks.com14

How Automating Switches/Routers Differs From ServersAugust 30, 2016cumulusnetworks.com15ScaleInterfacesVLANsMultiple pieces of information have to be configured AND coordinated across devices:IP addresses on interfaces (common subnet)If BGP, ASN number of self and peer

L1L2

L16S1S2S4S310.1.1.110.1.1.010.1.4.3310.1.4.32

How Automating Switches/Routers Differs From ServersDuplication of InformationEg.: IP address specified on interface, in network statements, in BGP neighbor statementsComplex ConfigurationMultiple protocolsAugust 30, 2016cumulusnetworks.com16

August 30, 2016cumulusnetworks.com17Tips & Tricks

August 30, 2016cumulusnetworks.com18#0: Simplicity vs Flexibility

August 30, 2016cumulusnetworks.com19#!/usr/bin/python

print Hello Mr. Barroso#!/usr/bin/python

name = Mr. Barroso

print Hello %s % name#!/usr/bin/python

class Person(object): '''class storing attributes of a person''' first_name = '' last_name = ''

def __init__(self, name, surname): self.first_name = name self.last_name = surname

def greet(self): print "Hello Mr. %s" % self.last_name

if __name__ == '__main__': name_input = input('Enter : ') print name_input prenom, nom = name_input.split() persona = Person(prenom, nom) persona.greet()

Real Life Example of a Customer1. Push device-specific files (glorified file copy)2. Look at patterns and create templates 3. Automate more of the tasks4. Add Ansible roles, fully automated

L1L2

L16S1S2S4S3

August 30, 2016cumulusnetworks.com20

Start with Automating Simple TasksAdding or removing usersAdding additional interesting packagesbwm-ng or scamper for exampleConvert ad-hoc command into playbookAugust 30, 2016cumulusnetworks.com21cumulus@dinesh-ubuntu ~/w/a/playbook> ansible leaf-1 -s -m apt -a 'name=bwm-ng state=installed'- hosts: all tasks: - name: Install bwm-ng on all hosts apt: name=bwm-ng state=installed update_cache=yes

August 30, 2016cumulusnetworks.com22#1: Pick Simple, Consistent Toolchain

Some Tools Fit Better With Some Languages Than OthersPuppet & Chef have Ruby as base language Ansible users tend to use PythonMixing Python & Ruby tool chains requires multiple language skills, can be more maintenanceFor example, Serverspec and other such validation tools will be natural for Puppet/Chef shops, but will require adding Ruby skills to Ansible shopsCumulus Linux is Linux, so any tool works out of the box, no assembly requiredAugust 30, 2016cumulusnetworks.com23

August 30, 2016cumulusnetworks.com24#2: Use Unnumbered Interfaces

Use of Unnumbered in DCUnnumbered Interfaces are those without a global IP address of their ownInterface IP addresses are never advertised inside the DCReduces IP address requirementsReduces FIB & RIB sizesReduces attack vectorAutomation simplification: Single IP address to configure per nodeAugust 30, 2016cumulusnetworks.com25

August 30, 2016cumulusnetworks.com26#3: Use Interface Names Instead of IP Addresses

Why ?Names are easier to spot errors with compared to IP addressesUnchanged configuration on renumberingWith unnumbered interfaces, interfaces have no IP addresses anywayAugust 30, 2016cumulusnetworks.com27

OSPF: Avoid network Statements, Use ip ospf area under interface:August 30, 2016cumulusnetworks.com28interface swp1 ip ospf area 0.0.0.0interface swp2 ip ospf area 0.0.0.0inerface swp17 ip ospf area 0.0.0.0!router ospf ospf router-id 10.0.0.17S1interface swp1 ip ospf area 0.0.0.0interface swp2 ip ospf area 0.0.0.0inerface swp17 ip ospf area 0.0.0.0!router ospf ospf router-id 10.0.0.20S4interface swp1 ip ospf area 0.0.0.0interface swp2 ip ospf area 0.0.0.0inerface swp4 ip ospf area 0.0.0.0!router ospf ospf router-id 10.0.0.1L1interface swp1 ip ospf area 0.0.0.0interface swp2 ip ospf area 0.0.0.0inerface swp4 ip ospf area 0.0.0.0!router ospf ospf router-id 10.0.0.16L16SPINELEAF

L1L2

L16S1S2S4S310.1.1.110.1.1.010.1.4.3310.1.4.32

Traditional BGP ConfigurationAugust 30, 201629router bgp 64501 bgp log-neighbor-changes bgp router-id 10.0.0.1 ! neighbor 10.1.1.1 remote-as 65000 neighbor 10.1.2.1 remote-as 65000 neighbor 10.1.3.1 remote-as 65000 neighbor 10.1.4.1 remote-as 65000router bgp 64502 bgp log-neighbor-changes bgp router-id 10.0.0.2 ! neighbor 10.1.1.3 remote-as 65000 neighbor 10.1.2.3 remote-as 65000 neighbor 10.1.3.3 remote-as 65000 neighbor 10.1.4.3 remote-as 65000router bgp 65000 bgp log-neighbor-changes bgp router-id 10.0.0.17 ! neighbor 10.1.1.0 remote-as 64501 neighbor 10.1.1.2 remote-as 64502 neighbor 10.1.1.32 remote-as 64517router bgp 65000 bgp log-neighbor-changes bgp router-id 10.0.0.20 ! neighbor 10.1.4.0 remote-as 64501 neighbor 10.1.4.2 remote-as 64502 neighbor 10.1.4.32 remote-as 65534router bgp 64516 bgp log-neighbor-changes bgp router-id 10.0.0.16 ! neighbor 10.1.1.33 remote-as 65000 neighbor 10.1.2.33 remote-as 65000 neighbor 10.1.3.33 remote-as 65000 neighbor 10.1.4.33 remote-as 65000L1L2L16S1S4cumulusnetworks.comSPINELEAF

L1L2

L16S1S2S4S310.1.1.110.1.1.010.1.4.3310.1.4.32

29

BGP Unnumbered ConfigurationAugust 30, 201630router bgp 64501 bgp log-neighbor-changes bgp router-id 10.0.0.1 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as externalrouter bgp 64502 bgp log-neighbor-changes bgp router-id 10.0.0.2 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as externalrouter bgp 64516 bgp log-neighbor-changes bgp router-id 10.0.0.16 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as externalrouter bgp 65000 bgp log-neighbor-changes bgp router-id 10.0.0.17 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp16 remote-as externalrouter bgp 65000 bgp log-neighbor-changes bgp router-id 10.0.0.20 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp16 remote-as externalL1L2L16S1S4

cumulusnetworks.comSPINELEAF

L1L2

L16S1S2S4S3

August 30, 2016cumulusnetworks.com31#4: A Host by any Name

Some Characteristics of a HostnamePick a base hostname that reflects the key role of the device:leaf, tor, spine, etc.Assign a unique number to device instance to construct unique hostnameleaf-1 (for leaf in rack-1), spine-1, etc.Add prefixes to make it globally unique:dc-ny-tor-1, dc-sf-tor-1, dc-sf-tor-2 etc.August 30, 2016cumulusnetworks.com32

Generate Unique ID from HostnameAn example to simulate thinking, but this is not unlike how some customers have deployed itAugust 30, 2016cumulusnetworks.com33- hosts: all any_errors_fatal: true vars_files: - properties.yml tasks: - name: Get my node ID set_fact: my_node_id: "{{ inventory_hostname.split('-')[1] }}"

Use Hostname to Derive Loopback IP addressAugust 30, 2016cumulusnetworks.com34Poor mans IPAMUses jinja2s ipsubnet filterSpine addresses are assigned from one end and the leaf addresses from the other endleaf-1 gets ipsubnet(32, 1), leaf-2 gets ipsubnet(32, 2) etc.spine-1 => ipsubnet(32, -2), spine-2 => ipsubnet(32, -3) etc.

- hosts: all any_errors_fatal: true vars_files: - properties.yml tasks: - name: Get my node ID set_fact: my_node_id: "{{ inven