Automating Network Infrastructure : Ansible

Automating Network Infrastructure : Ansible
Automating Network Infrastructure : Ansible Chinmay Biswas (AS10075)
Acknowledgement I have prepared this presentation with the help of many books, presentations, websites and blogs. I would like to express to deepest appreciation and a sense of gratitude to my guide Imtiaz Rahman, supervisor Simon Sohel Baroi and colleague Zobair khan. Ansible was originally written by Michael DeHaan
Agenda 1. Why Automation? 2. About Ansible 3. Why Ansible? 4. How Ansible Works? 5. Install Ansible 6. Run Ansible 7. Demos
Why Automation? • Reduce Human Errors • Make the Network More Dynamic • Simplify Network Management • Reduce Risk
Automation Tools
Why Ansible? Simple Powerful Agentless • Download and Go • Don’t need any programmer • Save time and increase speed • No Agents: Only an “Ansible Control”
About Ansible • Automation and configuration management tool • Open source • Initially deploy for Linux in 2012 • Networking modules added in release 2.x https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html
How Ansible Works?
Installation • Required Linux Box • Easy to Install • Install guide: https://docs.ansible.com/ansible/latest/installation_guide/index.html
Run Ansible • ad-hoc Command • Playbook
Run Ansible ad-hoc Command: Run individually to perform quick functions Use case: • Just validate the uptime of 1 to 200 remote devices • Just get the disk space of remote hosts • Ping and validate if the server is alive and responds • shutdown multiple remote hosts at a single command * Not used for configuration management and deployment
Run Ansible Playbook: Playbook tells Ansible what to do, in other word you can send commands to the remote devices through playbook. Module Task --- - hosts: router_bdnog11 gather_facts: false connection: local tasks: - name: PUSH THE POLICY to DEVICE ios_config: provider: "{{ provider }}" authorize: yes src: CUSTOMER-1.txt Play Inventory: Hosts and groups of hosts
Demos • Ansible 2.9.1 • bgpq3 0.1.35 • Ubuntu 18.04.3 LTS • Cisco router with IOS-XE
Demos – List of works 1. Some Basic Configuration 2. Interface Configuration 3. Save Configuration 4. Auto Prefix Announcement
Demo-1 (Some Basic Configuration) - name: BASIC CONFIGURATION ios_config: provider: "{{ provider }}" authorize: yes lines: - aaa new-model - aaa authentication login default local - aaa authentication enable default enable - no logging console - no ip domain-lookup - ipv6 unicast-routing - ipv6 cef - no ip source-route - no ipv6 source-route - snmp-server community C-DAC RO 99 - ntp server 192.168.0.250
Demo-2 (Interface Configuration) - name: CONFIGURE INTERFACE SETTINGS ios_config: provider: "{{ provider }}" authorize: yes parents: interface FastEthernet2/0 lines: - description Test Interface - ip address 172.31.1.1 255.255.255.252 - ipv6 address 2001:db8:8::9/64 - no shutdown
Demo-3 (Save Configuration) - name: IOS >> Save Configuration to NVRAM ios_config: provider: "{{ provider }}" authorize: yes save_when: always register: output - name: SHOW RUN COMMAND ios_command: provider: "{{ provider }}" authorize: yes commands: show run register: print_output - name: SAVE OUTPUT TO A FILE copy: content="{{print_output.stdout[0]}}" dest="/home/gns3/inventory/backup- configuration/{{inventory_hostname}}.txt"
Demo-4 (Auto Prefix Announcement) bgpq3 – create the filtering (Prefix-List/AS-PATH) Example: bgpq3 -l CUSTOMER-1-Prefix -A -4 CUSTOMER-AS-SET > CUSTOMER-1.txt
Demo-4 (Auto Prefix Announcement) Ansible – push that filter to Router (Prefix/AS-PATH) - name: PUSH POLICY to DEVICE ios_config: provider: "{{ provider }}" authorize: yes src: CUSTOMER-1.txt - name: BGP CONFIGURATION ios_config: provider: "{{ provider }}" authorize: yes parents: router bgp 10075 lines: - neighbor 172.31.1.2 remote-as 63996 - neighbor 172.31.1.2 description TEST-BGP - neighbor 172.31.1.2 activate - neighbor 172.31.1.2 prefix-list CUSTOMER-1-Prefix in - neighbor 172.31.1.2 prefix-list ALL-DENY out
Demo-4 (Auto Prefix Announcement) Adding Into Crontab….. BGPQ3 Cron: # run five minutes after 11AM, every day 5 11 * * * /usr/bin/bgpq3 -l CUSTOMER-1-Prefix -A -4 CUSTOMER-AS-SET > CUSTOMER-1.txt Ansible Cron: # run ten minutes after 11PM, every day 10 11 * * * /usr/bin/ansible-playbook -i inventory playbook-bgp-policy.yml https://drive.google.com/file/d/1A5EYGFKpny5ezy-abEqqtsO9PdYcUlRY/view?usp=sharing Complete Playbook Link:
Observation 1. For IOS-XR Ansible version 2.9.1 is required 2. For IOS-XR bgpq3 version 0.1.35 is required 3. Careful about iptables, the Linux Firewall
Far to Go 1. Implementation with MikroTik 2. Implementation with IOS-XR, JUNOS etc 3. Ansible Roles 4. Ansible Tower [$$$] 5. More…
References https://docs.ansible.com/ http://anastarsha.com/ https://imtiazrahman.com/ https://github.com/snar/bgpq3 https://www.ansible.com/success-stories/runnable https://www.tutorialspoint.com/ansible/index.htm https://medium.com/edureka/ansible-roles-78d48578aca1 https://www.rogerperkin.co.uk/network-automation-tools/ https://blog.technologent.com/7-good-reasons-network-automation https://www.oreilly.com/learning/network-automation-with-ansible https://www.middlewareinventory.com/blog/ansible-ad-hoc-command-examples-cheat-sheet/
chinmay.biswas@fiberathome.net

Automating Network Infrastructure : Ansible

Check these out next

Automating Network Infrastructure : Ansible

Recommended

More Related Content

Slideshows for you(20)

Similar to Automating Network Infrastructure : Ansible(20)

More from Bangladesh Network Operators Group(20)

Recently uploaded(20)

Automating Network Infrastructure : Ansible