This document discusses software-defined networking (SDN) and network automation using DevOps tools. It defines SDN as a programmatic framework to optimize network services delivery and management. It explains that SDN solutions can be either vendor-developed or custom-built. The document then discusses DevOps and how network engineers can integrate networks into DevOps workflows through practices like NetDevOps. It provides examples of controller-based and tool-based network abstraction using technologies like Ansible, Cisco ACI, and OpenDaylight. The rest of the document demonstrates network automation concepts and compares orchestration tools from vendors like Cisco, Ansible, Chef, and SaltStack.
2. At World Wide Technology, our definition of Software-Defined Networking is:
“ A flexible, programmatic framework to optimize the delivery and management
of network services”
3. SDN Landscape is …
Something you buy
• Vendor Developed SDN Solutions
Something you build
• Custom Integration
• Extensions to Vendor Solutions
Federated ACI Fabrics for
Dual Data Center Deployments
SDN Matrix Switching
Application Centric Infrastructure (ACI)
Big Cloud Fabric
NSX network virtualization
4. What Is DevOps?
DevOps is the practice of operations and development engineers participating
together in the entire service lifecycle, from design through the development
process to production support. *
* Reference: http://theagileadmin.com/what-is-devops/
Developers Operations
Communication,
Collaboration,
Continuous Integration
Features
Testing
Code Changes
High Availability
Stability
Change Control
6. Network Engineers in a Network Operations (NetOps) role
• Why do we need NetDevOps?
• Increasing number of network devices per network engineer.
• Network devices have more programmability features.
• Network configuration as a workflow to application
enablement.
• Network configurations need garbage collection,
version control.
• Manage the network holistically, increased abstraction
of routers and switches.
• Continuous deployment of network changes.
• Legacy LAN / WAN devices will continue to be
configured via CLI / SSH, but with either a
controller or automation platform.
Traditional
Networking
SSH/CLI
7. Controller Based Abstraction
• Both traditional networks and greenfield networks
can be abstracted by a controller architecture.
• Examples:
• OpenDaylight
• Cisco APIC Enterprise Module (APIC-EM)
• Cisco Application Centric Infrastructure
(ACI)
• Southbound protocols include
• OpenFlow
• OpFlex
• SSH / CLI
• NETCONF
• Automation tools are still needed with
controller based abstraction. ACI
APIC-EM
OpenDaylight
8. Tool Based Abstraction
Ansible
• Tower is the licensed GUI
• Low barrier to entry -
Open Source,
• Run in a vm
on your laptop
• Ability to easily
implement
user written
modules.
• Same framework can
manage wide range of
devices.
SSH – TCP/22
Users, API
NTP – UDP / 123
HTTP(s) TCP/80:443
HTTP(s) TCP/80:443
SSH – TCP/22
GitHub
HTTPS TCP/443
ESX
Server
Windows
Systems
Linux
DockerAmazon
Web Services
Agentless
Ansible / Tower
REST API
connection: local
feature nx-api
Nexus 3000 | 9000
CentOS
Nexus 9000
github.com/joelwking/ansible-aci
SSH TCP/22
NETCONF | Paramiko
Catalyst | IOS
9. Types of Network Automation
• Script-driven automation
• RESTful APIs, NETCONF, CLI / SSH or SNMP
• Automation tools like Ansible, Chef, Salt.
• Automatic configuration and provisioning
• Zero Touch Provisioning
• Power On Auto Provisioning (PoAP) , Open Network Install Environment (ONIE)
• Automatic operation and management
• Systems that automatically steer traffic between MPLS WANs and Internet
• Performance Routing (PfR) for iWAN
• Cloud Managed Wireless, e.g. Meraki
• High-level orchestration
• Orchestration of virtual machines, networks and storage in a coordinated manner.
• OpenStack
• Policy-based networking
• Declarative-intent SDN
• Cisco’s Application Centric Networking (ACI) and OpFlex is one example.
http://www.networkcomputing.com/data-centers/network-automation-more-than-scripting/a/d-id/1320964
10. Cisco Nexus Data Center Switching
• If you are looking to Cisco for a Data Center switch, it will be a Nexus 9000.
• Nexus 9000 runs in either of two modes:
• NX-OS
• Application Centric Infrastructure – ACI
• Networks need Automation & Programmability.
• NX-API enables a northbound REST interface on individual NX-OS switches
• Nexus 3000 NX-API supported NX-OS 6.0(2)U4(1).
• NX-OS release 7.x enables NX-API on Cisco Nexus 5000 and 6000
• APIC is the Software Defined Networking controller for ACI
• Ansible | Tower can be your automation engine.
12. Network Automation and Programming Collateral
• Network Automation with Ansible and NX-API
https://github.com/joelwking/ansible-nxapi
• Using Ansible for Cisco ACI deployment
https://github.com/joelwking/ansible-aci
• Introduction to using Chrome Postman
with Cisco ACI
• Introduction to Python Programming on
Nexus Switches
• Nexus 3K/9K Programmability and Automation
• Introduction to Git for Network Engineers
13. Demonstrations
• Ansible Tower
• Apply security policy and run Docker container based application in ACI fabric
• Ansible Command Line
• Configure Nexus 3000 series switches from Jinja2 template
./bin/ansible-playbook nexus_cfg_builder.yml
• Server Administration: Ubuntu VM in vCenter
./bin/ansible-playbook Wal*****s_playbook.yml --ask-pass
14. • Tower initiates Python modules
to apply policy to tenant in ACI
fabric.
• Tower initiates Python application
installed in Docker container
on client machine.
Ansible Tower – Apply ACI policy and run Docker app
x-docker-client
x-docker-server-1
.10
.1
.1
.10
192.0.2.0 / 24
TEST-NET-1
198.51.100.0 / 24
TEST-NET-2
Bridge Domain
TEST-NET-2
Bridge Domain
TEST-NET-1
management network
policy
app
15. Demo: Apply ACI policy, run Docker app
https://youtu.be/t03ty5Y295U?t=1m49s
16. Configure Nexus 3000 series switches from Jinja2 template
Nexus 3000 Series
Top of Rack Switches
NEX-3048-Enex-3048-bNEX-3048-A
10.255.40.87 Interface mgmt010.255.138.6910.255.40.80
Feature NX-API
17. Server Administration: Ubuntu VM in vCenter
• Batteries Included, these are all
Ansible core modules
• Download file(s) from Internet,
• Install traceroute (apt-get),
• shutdown host,
• Power up host via vCenter
• Host and vCenter are integrated
in the Cisco ACI fabric.
x-docker-server-2
.10
.1
198.51.100.0 / 24
TEST-NET-2
Bridge Domain
TEST-NET-2
management network
19. Overview UCS Director
Source: Cisco UCS Director Installation and Upgrade on VMware vSphere, Release 5.3
Virtual InfrastructurePhysical Infrastructure
20. UCS Director versus Ansible
UCS Director
• Licensed product from Cisco
• Pre-built scripts,
• All GUI,
• Purpose built,
• Infrastructure management –
deploy bare metal servers, storage,
• Automation of infrastructure,
• Not used in DevOps.
Ansible
• Open Source,
• GUI (Tower) is licensed product,
• Used everywhere,
• Great docs,
• Lots of great modules already
available, write your own in Python
• Primarily configuration
management,
• Used by DevOps
21. Cisco Data Center and Cloud Management
INTELLIGENTAUTOMATIONFORCLOUD
Cloudmanagement–private,public,hybridcloud
UCSDIRECTOR UnifiedinfrastructureAutomationforcompute,storage,network
–physical&virtual
UCSCENTRAL
UCSMANAGER
Multiple UCS
domains
Single UCS domain
APIC Heterogeneous & Integrated Infrastructure
22. Configuration management and orchestration tools
Product Primary Focus Architecture Language Licensing
CA
Process Automation
Data center orchestration and
infrastructure management, ACI modules.
Agents or agent-less, Windows,
UNIX / linux and Mainframe
Visual authoring, drag-and-drop
construction.
Licensed
UCS
Director
Data center Infrastructure management,
good ACI integration.
Agent (Powershell and Baremetal)
and agent-less, using SSH/HTTP/TCP
High learning curve
CloupiaScript = JavaScript and
Cloupia libraries.
Licensed
vRealize Cloud management
platform purpose-built for the hybrid
cloud.
Large inventory of Management
packs for storage, compute, network
Visual canvas with a drag and drop
interface.
Licensed, per processor
or per OS instance.
Ansible Data center orchestration, homogenous /
larger environments, automate NX-OS
and ACI via WWT developed module(s).
Agent-less, uses SSH or local
modules, push based. Low learning
curve, Simple for non-programmers
Python, Jinja2 for templates,
YAML for playbooks. Tower uses
Git for version control
Open source,
Tower (Web GUI) per
node per year,
Chef Data center orchestration, NX-OS agents. Master server, agents on each host,
can be installed w/ knife tool over
SSH. High learning curve.
Based on Ruby, uses certs for
authentication, config based on
Git.
Open source –
Enterprise per month
for tiers of nodes.
Salt Data center orchestration, homogenous /
larger environments
Master server, SSH or agents on
hosts. Hierarchical masters, scalable
Modules can be written in Python
or PyDSL
Open source – Enterprise
per node per year
Puppet Data center orchestration, heterogeneous
environments, NX-OS agents.
Master server and client agents on
each system. High learning curve.
Modules and configuration based
on Ruby.
Open source –
Enterprise version
per node / year
Glue
Networks
Branch / iWAN Agentless, uses SSH, High learning
curve with Lab
Glueware Lab, JavaScript / IDE for
module development.
Licensed
Quali Lab / Cloud, automate ACI via WWT
developed module.
Agentless, uses SSH, moderate
learning curve.
Visual authoring, drag-and-drop Licensed
DevOps
24. Ansible
• Ansible began as a project about February of 2012, out of a need for a simpler automation
tool than existed in Puppet and Cobbler.
• Open source system automation tool: uses OpenSSH and Python
• Biggest advantage over Puppet / Chef – Agentless, no remote agent on target system
• Designed to be easy for anyone to understand and learn.
• Ansible Design Principles:
• Simply Clear no gnarly scripts or custom code
• Simply Fast minimal learning curve
• Simply Powerful toolbox for automation
• Simply Efficient agentless - lightweight and unobtrusive
• Simply Secure no agent on managed hosts
25. Comparison of Puppet, Chef, Salt, Ansible
Head-to-head comparison of configuration
management tools,
Taste Test: Puppet, Chef, Salt, Ansible
by Matt Jaynes.
https://devopsu.com/books/taste-test-puppet-chef-salt-stack-ansible.html
Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments
http://theagileadmin.com/what-is-devops/
Network Engineers in a Network Operations (NetOps) role
Ideally need to learn basic programming skills in Python.
At the very least, need to think like a programmer.
In thinking like a programmer, you do the following:
Test cases are vetted, programmers test every scenario,
Your data files, e.g. router configuration files, are structured and version controlled,
Develop network configuration as a workflow, to automate application enablement
Manage the network holistically, invoke processes to do garbage collection
Eliminate change windows, use continuous deployment for networking gear, like servers and applications.
What if network configurations were pushed out centrally every 30 minutes?
Ideally need to learn basic programming skills in Python.
At the very least, need to think like a programmer.
In thinking like a programmer, you do the following:
Test cases are vetted, programmers test every scenario,
Your data files, e.g. router configuration files, are structured and version controlled,
Develop network configuration as a workflow, to automate application enablement
Manage the network holistically, invoke processes to do garbage collection
Eliminate change windows, use continuous deployment for networking gear, like servers and applications.
What if network configurations were pushed out centrally every 30 minutes?
An ansible is a fictional communication device that can transfer information faster than the speed of light.
Michael DeHaan took the name Ansible from the book Ender’s Game by Orson Scott Card. In that book, the ansible was used to control a large number of remote ships at once, over vast distances.
Think of it as a metaphor for controlling remote servers.