Speaker: Jeremy Schulman, Major League Baseball Abstract: In this talk Jeremy will present MLB's approach to network automation and Infrastructure as Code. This system is used to design, deploy, and validate complex multi-vendor networks, in the presence of on-going design changes. The "prime directive" focuses on validating the expected operational state. Jeremy will discuss the architectural elements and the benefits of this methodology. He will also offer a comparative analysis of traditional configuration-management IaC approaches.

1. Copyright © 2023 - Jeremy Schulman
Design Driven
Network Assurance
Jeremy Schulman
Senior Director, Major League Baseball

2. Copyright © 2023 - Jeremy Schulman
Agenda
● Motivation
● Demos from Deployments
● Some Theory
● Practitioners Details
● Q & A
2
My hope for your takeaway:
Consider different approach
towards network automation
and Infrastructure as Code
Spark ideas how you
approach your next project
For even more ….

3. Copyright © 2023 - Jeremy Schulman
Background
and
Motivation
● Multi-site enterprise network
● Multiple network vendors
● Multiple networking domains
● Complex network edge
requirements
● Quickly adapt to "in field"
project changes
● Challenging timelines due to
external factors
- Any network design
- Any vendors
- Greenfield projects
- Brownfield projects
- "Snowflakes"
- Agile
3

4. Copyright © 2023 - Jeremy Schulman
Network Quality Assurance
Ensure the network is operating as expected and
report any anomalies with as much context as
possible maximizing situational awareness.
For any given network we define a design from
which we automatically derive checks. We use
these design checks to validate the current state
of the network.
4
Design
Design
Checks
Validate
Network
Network
change
The checks are automatically recomputed when
we make changes to the design!

5. Copyright © 2023 - Jeremy Schulman
Design "Compiler"
● Builds the design and
identifies design errors
● Generates the checks for
each device, executed later
by a validation engine
● Generates design reports
● Optionally generates device
configurations
5
Design
Design
Compiler
Checks
Configs
Design
Errors
Reports
netcad

6. Copyright © 2023 - Jeremy Schulman
Network Validation
Quick Demo
6
Executing the design checks against the live
network and reporting network assurance
results
netcam

7. Copyright © 2023 - Jeremy Schulman
Four Critical Questions …
7
1. How do we know we are
building the right network?
2. How do ensure the network is
configured correctly?
3. How do we ensure the network
is operationally correct?
netcam
netcad
netcad
netcam
process
netcad

8. Copyright © 2023 - Jeremy Schulman
The Fourth Critical Question
4. How do we advance the
transformation of culture,
process, and automation? leadership
resources
"care"
process products
8

9. Copyright © 2023 - Jeremy Schulman
Demo Time!

10. Copyright © 2023 - Jeremy Schulman
NetCad + NetBox Integration
Use netcad to design a site network
Use netcad-netbox plugin to push the site design into
NetBox
● Sites
● Devices
● Interfaces
● IP Addresses
● Link-Aggregation Groups
● Cabling
10

11. Copyright © 2023 - Jeremy Schulman

12. Copyright © 2023 - Jeremy Schulman
Check Network Pre-Hardware Swap
Use netcad to build network checks
Use netcam to perform network checks
Observe work that needs to be completed
● Swap network hardware
● Transceiver to be swapped
● Interfaces to be cabled
12

13. Copyright © 2023 - Jeremy Schulman

14. Copyright © 2023 - Jeremy Schulman
Check Config Deployment
Use netcad to build device configurations
Use netcam to config-check for differences on the live
network device
● See exactly what changes will be made before they are made
● Fully automated with rollback
● Captures diff-files
14

15. Copyright © 2023 - Jeremy Schulman

16. Copyright © 2023 - Jeremy Schulman
Check Network Status after Deploy
On-site technician has swapped hardware
Need to validate operational state
Need to identify any anomalies to resolve
● Found missing cabling
● Power systems not online yet
16

17. Copyright © 2023 - Jeremy Schulman

18. Copyright © 2023 - Jeremy Schulman
What is Design Driven
Network Assurance?

19. Copyright © 2023 - Jeremy Schulman
What is a Design?
19
The set of devices
networked together
The composition of
design services that each
device uses to validate
the state of the network

20. Copyright © 2023 - Jeremy Schulman
Network Quality Assurance Matrix
20
Topology VLANs PTP BGP-Peer Multicast
dev1
dev2
dev3
dev4
dev5
dev6
dev7

21. Copyright © 2023 - Jeremy Schulman
Network Check Results … Pass/Fail
21
Topology VLANs PTP BGP-Peer Multicast
dev1
dev2
dev3
dev4
dev5
dev6
dev7

22. Copyright © 2023 - Jeremy Schulman
dev3 is Operating as Expected
22
Topology VLANs PTP BGP-Peer Multicast
dev1
dev2
dev3
dev4
dev5
dev6
dev7

23. Copyright © 2023 - Jeremy Schulman
Multicast is Operating as Expected
23
Topology VLANs PTP BGP-Peer Multicast
dev1
dev2
dev3
dev4
dev5
dev6
dev7

24. Copyright © 2023 - Jeremy Schulman
The Network is
Operating as Expected
24
Topology VLANs PTP BGP-Peer Multicast
dev1
dev2
dev3
dev4
dev5
dev6
dev7

25. Copyright © 2023 - Jeremy Schulman
Case Study:
Precision Time Protocol

26. Copyright © 2023 - Jeremy Schulman
Case Study: PTP w/primary+backup GM
26
(G) - Grand Master - Clock origin
(M) - Master - transmits clock
(S) - Slave - receives clock

27. Copyright © 2023 - Jeremy Schulman
PTP - Design Report
27
The design describes the expected PTP state(s) for each device and interface
What is the actual state of PTP in this network ?
netcad

28. Copyright © 2023 - Jeremy Schulman
PTP Network Check Report
28
Site where PTP service is NOT working as expected.
Report shows informational and potential corrective actions.
netcam

29. Copyright © 2023 - Jeremy Schulman
PTP Network Check Report
29
Site where PTP service is working as expected
netcam

30. Copyright © 2023 - Jeremy Schulman
Design Driven Network
Assurance - Python "SDK"

31. Copyright © 2023 - Jeremy Schulman
Python First Approach
● Each design consists of Python
files that use the netcad-cam
SDK toolkit
● Plugins to utilize specific NOS
and design-services
● Multiple python packages /
repositories
● Approach designed for plugin /
extensibility

32. Copyright © 2023 - Jeremy Schulman
Benefits of Python Approach
● Leverage Python ecosystem
○ packages, IDEs, debuggers, and best practices
● Async I/O for concurrency and fast execution !!!
● "NoYAML"
● Benefits Junior network automation engineers
○ environment to learn and develop skills
● Flexible - Handle network design business logic / "snowflakes"
32

33. Copyright © 2023 - Jeremy Schulman
Software Engineering Best Practices
○ Requirement gathering
○ Focus on documentation
○ Code versioning
○ Peer reviews
○ Learn collaborative development
○ Using a debugger
○ Writing test cases
○ Other systems integration
○ Large project composition
○ Not constrained by DSL
33

34. Copyright © 2023 - Jeremy Schulman
Challenges of Python Approach
● Python learning curve
● Software tooling learning curve
● Having dedicated "off project" time to practice
a new skill
● Expectation setting with stakeholders
○ developing solutions vs. going Cowboy on the
CLI
● Working collaborative vs. Cowboy | Hero
● Focusing on non-coding aspects that take time
○ documentation, testing, and software
maintenance 34
Any change is hard
Affects people,
process, and culture
Be patient

35. Copyright © 2023 - Jeremy Schulman
Summary ● Design is code - version
controlled, reviewed, lifecycle
● Design checks are quality
assurance tests that provide
operational coverage
● Encourages practice to keep
Designs "up to date" by the
nature of running the
network by Design
● Builds skill sets to manage
IaC based systems
Design Driven Network
Assurance
35

36. Copyright © 2023 - Jeremy Schulman
Thank you!
Jeremy Schulman
Senior Director, Major League Baseball

37. Copyright © 2023 - Jeremy Schulman
Q&A
Meet Up

38. Copyright © 2023 - Jeremy Schulman
Backup Slides

39. Copyright © 2023 - Jeremy Schulman
Design Services - Reusable Building Blocks
● Network Vendor/System agnostic
● Defines design validation rules so that we
cannot build "invalid" designs
● Provides service specific build automations
● Defines collections of checks that will be
generated for each device using the design
service
● Can be general purpose such as "topology"
and "vlans"
● Can be bespoke to enterprise specific needs
39
Validation
rules
Build
automations
Check
collections
Design-Service XYZ

40. Copyright © 2023 - Jeremy Schulman
Design Automation - VLAN Port Assignments
40
Acc Switch 1 Acc Switch 3
Agg Switch
Vlans A, B, C Vlans A, D, E, F
ALL ALL
Acc Switch 2
Vlans A, B, D, E
ALL
PEER
PEER PEER
ALL
Indicates this port
should be configured
will all VLANs defined
in the design for this
device
PEER
Indicates this port
should be configured
with the same VLANs
used by the connected
interface (peer)
Router
ALL
PEER

41. Copyright © 2023 - Jeremy Schulman
Design Service Validation Abstraction Example
41
Vlans
Design Service
Switchports Vlans
EOS
vlans-ds
IOS-XE
vlans-ds
NX-OS
vlans-ds
<OS …>
vlans-ds
Each OS driver will implement the vlans design-service "switchports" and
"vlans" checks, specific to their capabilities and access (API vs. SSH, etc)

42. Thank You!