Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cumulus Networks: Automating Network Configuration

929 views

Published on

In episode 1 of our 2 part webinar series, Cumulus Networks Chief Scientist Dinesh Dutt walks our audience through the drivers behind the industry movement towards web-scale networking. We then go into the fundamentals of network automation and best practices for using tools like Puppet, Chef, Ansible and more to simplify network automation.

Published in: Technology
  • Be the first to comment

Cumulus Networks: Automating Network Configuration

  1. 1. 1 April 11, 2017 DEMYSTIFYING NETWORKING WEBINAR SERIES Network Automation: Soup to Nuts Dinesh G Dutt
  2. 2. 2 Agenda Why Automate ? Does This Apply to Me ? Does This Mean I Have to Learn Programming ? What Tools Can I Use to Automate ? Where do I Begin ? Is Automation Only For Initial Configuration ? Cumulus Networks Confidential
  3. 3. 3 Key Takeaways Automation helps build better networks Automation can be simple, iterative Automation is not a fad diet, but a way of life Cumulus Networks Confidential
  4. 4. 4Cumulus Networks Confidential Why Automate ?
  5. 5. 5 Industry revolution to web-scale networking is occurring Cumulus Networks Confidential Businesses require agility1 New application delivery models are needed 2 Network needs to be faster, cheaper, more flexible and easier 3
  6. 6. 6 — Brian Lubelczyk, Director Network & Security Infrastructure “If our network goes down, it potentially can be a safety issue, putting patients’ lives at risk” $4B provider of Electronic Health Records Benefits Reduced time to rack a switch from 45 minutes to 3 minutes Improved operational efficiency from 18 hours to 30 minutes Single touch provisioning Highly automatable network
  7. 7. 7 of global enterprises will have a web-scale networking initiative, by 2020* 40%Over of the Fortune 50 have already adopted Cumulus Networks 28% *Source: Gartner Group Next 5 years, web-scale networking will become pervasive Cumulus Networks Confidential
  8. 8. 8 Highly automated and increased agility Supply chain freedom More control and flexibility 1 admin for 200 switches Up to 45% CapEx savings Manual intervention and lack of agility Vendor lock-in with inherent complexity Increased maintenance and inflexible Specialized skillset 1 admin : 50 switches High CapEx TRADITIONAL NETWORKING WEB-SCALE NETWORKING Operational Leverage Architecture Business Model Time to Market Cost The need for web-scale networking is now Cumulus Networks Confidential
  9. 9. 9 Why Automate ? Eliminate random errors Build predictable infrastructure Build scalable infrastructure Cumulus Networks Confidential
  10. 10. 10Cumulus Networks Confidential Does this apply to me ?
  11. 11. 11 Does Automation Benefit All Networks ? Automation benefits all network operators Smaller shops have a multitasking network operator Medium to large shops cannot scale or build predictable networks Benefits brown field and green field networks
  12. 12. 12 Does This Mean I Have To Learn Programming ? Cumulus Networks Confidential
  13. 13. 13
  14. 14. 14 What Can I Use to Automate ? Cumulus Networks Confidential
  15. 15. 15 Choices Server automation tools  Puppet  Chef  Ansible  Operator proprietary Cumulus Networks Confidential Network automation tools  Netconf/Restconf  Yang/Openconfig  Vendor proprietary Cumulus Linux is Linux, so any tool works out of the box, no assembly required
  16. 16. 16 Structured I/O vs Uniform Data Models Cumulus Networks Confidential
  17. 17. 17 Recommendation If network automation team is the same as server automation team, the choice is often Puppet/Chef If network automation team has no preference, pick Ansible My prediction: YANG will go the way of SNMP
  18. 18. 18 Where do I begin? Cumulus Networks Confidential
  19. 19. 19 Assuming Ansible: Download Relevant Software Linux:  Follow instructions on Ansible web page OS X:  Install Hombrew /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"  Install Ansible with Homebrew brew install ansible Windows:  Ansible doesn’t work on Windows natively  Follow instructions on: https://www.jeffgeerling.com/blog/running- ansible-within-windows Cumulus Networks Confidential
  20. 20. 20 Versions Pick at least Ansible version 2.2  Supports multiple network operator modules  Big emphasis on supporting networking Cumulus Networks Confidential
  21. 21. 21 Start Simple Start with adhoc commands Move adhoc commands to playbooks Build a collection of playbooks Cumulus Networks Confidential
  22. 22. 22 Sample Topology Cumulus Networks Confidential
  23. 23. 23 Real Life Example of Customer Immersion 1. Push device-specific files (glorified file copy) 2. Look at patterns and create templates 3. Automate more of the tasks 4. Add Ansible roles, fully automated Cumulus Networks Confidential
  24. 24. 24 How Switch Configuration is Different From Server Configuration Cumulus Networks Confidential Scale of what’s to be configured  Tens of physical interfaces  Hundreds to thousands of logical interfaces (VLANs, VxLANs) Pair-wise node configuration  Interface IP address  BGP neighbor configuration Duplication of information  IP address repeated in interface configuration, routing protocol configuration etc. L1 L2 L16 S1 S2 S4S3 10.1.1.1 10.1.1.0 10.1.4.33 10.1.4.32
  25. 25. 25 Everybody here is a name not a number Cumulus Networks Confidential
  26. 26. 26 Benefits of Using Names Instead of Numbers Names are easier to spot errors with compared to IP addresses  Using interface names everywhere helps eyeball errors quickly
  27. 27. 27 OSPF: Avoid “network” Statements, Use “ip ospf area” under “interface: Cumulus Networks Confidentialcumulusnetworks.com interface swp1 ip ospf area 0.0.0.0 interface swp2 ip ospf area 0.0.0.0 … inerface swp17 ip ospf area 0.0.0.0 ! router ospf ospf router-id 10.0.0.17 S1 interface swp1 ip ospf area 0.0.0.0 interface swp2 ip ospf area 0.0.0.0 … inerface swp17 ip ospf area 0.0.0.0 ! router ospf ospf router-id 10.0.0.20 S4 interface swp1 ip ospf area 0.0.0.0 interface swp2 ip ospf area 0.0.0.0 … inerface swp4 ip ospf area 0.0.0.0 ! router ospf ospf router-id 10.0.0.1 L1 interface swp1 ip ospf area 0.0.0.0 interface swp2 ip ospf area 0.0.0.0 … inerface swp4 ip ospf area 0.0.0.0 ! router ospf ospf router-id 10.0.0.16 L16 SPINE LEAF L1 L2 L16 S1 S2 S4S3 10.1.1.1 10.1.1.0 10.1.4.33 10.1.4.32
  28. 28. 28 Simplifying BGP Configuration cumulusnetworks.com router bgp 64502 bgp log-neighbor-changes bgp router-id 10.0.0.2 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as external router bgp 64516 bgp log-neighbor-changes bgp router-id 10.0.0.16 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as external router bgp 65000 bgp log-neighbor-changes bgp router-id 10.0.0.17 ! neighbor swp1 remote-as external neighbor swp2 remote-as external … neighbor swp16 remote-as external router bgp 65000 bgp log-neighbor-changes bgp router-id 10.0.0.20 ! neighbor swp1 remote-as external neighbor swp2 remote-as external … neighbor swp16 remote-as external L2 L16 S1 S4 router bgp 64501 bgp log-neighbor-changes bgp router-id 10.0.0.1 ! neighbor swp1 remote-as external neighbor swp2 remote-as external neighbor swp3 remote-as external neighbor swp4 remote-as external L1 SPINE LEAF L1 L2 L16 S1 S2 S4S3
  29. 29. 29 Reuse Playbooks In Multiple Deployments Cumulus Networks Confidential - hosts: routers vars: loopback_v4_subnet: 10.1.1.0/24 - hosts: routers vars_files: - “{{ dc }}-properties.yml” vs Avoid defining variable names inside playbooks  Make them portable Store different DC variables in different files and reuse playbook Pass DC name as: ansible-playbook –e “dc=sjc” tasks.yml  Avoid duplication Multiple playbooks or plays may need them
  30. 30. 30 Evolving Cumulus Networks Confidential
  31. 31. 31 Staying the Course With Automation Playbooks (or any other automation code) is not meant for a one time use  When the box is first configured or upgraded To use the playbook in three month’s time, it needs to be readable and simple To hand over the playbook to someone else to maintain, it needs to be simple Don’t complicate the code by using every feature a tool provides
  32. 32. 32 Pick the Correct Ecosystem Puppet & Chef have Ruby as base language Ansible users tend to use Python Mixing Python & Ruby tool chains requires multiple language skills, can be more maintenance  For example, Serverspec and other such validation tools will be natural for Puppet/Chef shops, but will require adding Ruby skills to Ansible shops
  33. 33. 33 Commit/Rollback in the Age of Automation Master state is in the playbooks (or recipes), not the device specific configuration themselves Use source control (git is easy to get) to manage playbook versions Ansible’s validate ensures commands don’t fail due to syntactic errors Verifying Configuration ensures final state is as desired Testing changes in virtual land ensures you don’t hose the box Cumulus Networks Confidential
  34. 34. 34 Zen of Coding Beautiful is better than ugly. Explicit is better than implicit. Simple is better than complex. Complex is better than complicated. Flat is better than nested. Sparse is better than dense. Readability counts. Special cases aren't special enough to break the rules. Cumulus Networks Confidential
  35. 35. 35 Part 2 of Network Automation Going from the basics of automating network configuration to a CI/CD model Using virtual environments to take the sting out of unforeseen consequences Guest Speaker: Pete Lumbis When: April 27, 2017 Cumulus Networks Confidential
  36. 36. 36 Thank you! Visit us at cumulusnetworks.com or follow us @cumulusnetworks © 2017 Cumulus Networks. Cumulus Networks, the Cumulus Networks Logo, and Cumulus Linux are trademarks or registered trademarks of Cumulus Networks, Inc. or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.

×