SlideShare a Scribd company logo

Banog meetup August 30th, network device property as code

Damien Garros
Damien Garros

Managing Network Device Properties as Code: Device configuration templates have simplified a lot of things for the network industry but most people are still managing their device properties (aka variables) manually which is very tedious and error prone. This talk will present a new approach to generate and manage network device properties easily using infrastructure as code principles.

Engineering
1 of 37
Download to read offline
Damien Garros, Network Reliability Engineer | August 30th Network device Properties As Code @damgarros @dgarros
● Network device properties definition ● How are we managing device properties today ● How to manage Network device properties as code Open for questions at the end of each section Agenda
Network device properties 1
Network device properties ● Name ● IP addresses ● Cabling information / Peer properties ● Vlans ● BGP Peering ● Device specific info (ASN, etc.. )
Each device has a unique set of properties P5 P6P3 P4 T2 ● Unique set of properties per device T1 P1 P2 ● 1 template per role
Your properties reflect your network design P5 P6P3 P4 P1 P2Network Design Naming Convention Cabling Convention Datacenter Layout Vendor Specific Information
People are failing to automate their network because they simplify the problem and assume that everything is homogeneous
Example Console server SFO NYC
Be prepared to manage MANY version of your properties Network Design Naming Convention Cabling Convention Datacenter Layout Vendor Specific Information v1 v2 v2.1 v1.1 v2.2 v2.1 v1.2 v2.4 v2.1 v1 v2 v2.1 v1.1 v2.2 v2.1 v1.2 v2.4 v2.1
For every rule, there is an exception. So you always follow the rule, except when there is an exception In which case you follow a new rule based on that exception.
Be prepared to manage MANY version of your properties Network Design Naming Convention Cabling Convention Datacenter Layout Vendor Specific Information v1 v2 v2.1 v1.1 v2.2 v2.1 v1.2 v2.4 v2.1 v1 v2 v2.1 v1.1 v2.2 v2.1 v1.2 v2.4 v2.1
Properties @ Roblox In 9 months we had to manage ● 600 Devices ● 15 000 IP addresses ● 3000 Prefixes ● 35 different design revision just for the network ● Up to 7 versions for a given network device role We also added
How are people managing Network device properties today ? 2
How are people generating these properties today By Hand By Script / Code
Pros / Cons with Script / Code approach Cons ● Hard to support multiple version of properties ● Need to “Write code” to adapt the design ● Hard to maintain Pros ● Can generate large number of properties quickly ● Very flexible
How are people storing these properties ? P1 P2 P3 P4 P7 P7 P6 P5 File per device saved in Version control / Git Database P1 P2P3 P4 A mix of both The properties store is usually referred as the Source of Truth (SOT)
How are WE storing our properties today VVV V Github ● We are storing in Netbox : ○ Device info, device role, ○ Cabling ○ IP addresses & prefixes ● Extrapolating most BGP sessions from Cabling ● We are storing in Github ○ Some BGP info and role properties in Yaml ○ Configuration template ○ Ansible project (pb, modules ..)
How to manage network device properties as Code ? 3
Infrastructure as Code concept ● Idempotent > Always the same results ● Version Control Friendly > Input as text file, peer review ● Safe & Predictable > Plan everything before, know what changes will be made before you run it.
High Level Workflow Source of Truth P1P2P3 P4 P7P7P6P5 v1 Generate Read Network Builder
High Level Workflow - Plan & Apply v1 PLANAPPLY Generate Diff Read Source of Truth Source of Truth Network Builder P3P4 Read Network Builderv1
Infrastructure as Code concept ● Idempotent > Always the same results ● Version Control Friendly > Input as text file, peer review ● Safe & Predictable > Plan everything before, know what changes will be made before you run it.
How to capture your design for a rack switch ● Device Name should be: ○ rsw, id of the cluster, name of the site separated by dash ● Loopback IP should be: ○ Any IP from the management network of the site ● Console port should be connected to: ○ the nearest console server ● Uplinks should be ○ 1x100G interface connected to each aggregation device ○ 1 /31 allocated per interface from the /22 block reserved for point to point links ● Server interface should have: ○ A /24 network allocated from the /16 block reserved for server
Network Builder - Building Block Create Properties Manage Diff Source of Truth Resource Manager Network Builder
Resource Manager Manage all your resources as you manage IPs with DHCP 1. Possible to reserve resource in advance 2. Each resource allocated is associated with an ID 3. Same ID always get the same response.
Resource Manager - Example asn: [ 65100, 65200 ] prefixes: loopback: 10.10.10.0/24 point-to-point:10.128.0.0/22 Site SFO● Create Pools of resource Identifiable with name or roles ● Query resources by defining ○ WHAT type of resource ○ From WHICH pool ○ WHO is requesting Resource Manager WHAT : Loopback (/32) WHICH : Loopback in SFO WHO : device1 Query Resp 10.10.10.1/32
Represent a query in a compact way <LO4::sfo/loopback> Variable Type ASN LO4 NET_IP INT DEV_INT VLAN Pool Name / Path Can be different per Variable Type WHAT WHICH WHO is determined based on when this query is invoked
name: "rsw1-1-sfo" elevation: 30 rack_face: front type: qfx5100 nb_role: rack-switch ASN: "<ASN::sfo/private>" network: lo0.0: ips: - addr: "<LO4::sfo/internal-loopbacks>" - addr: "<LO6::external-loopbacks>" p2p: et-0/0/48: peer: "<DEV_INT::psw1-sfo/rack-switch>" ips: - addr: "<NET_IP4::sfo/point-to-point/31>" et-0/0/49: peer: "<DEV_INT::psw1-sfo/rack-switch>" ips: - addr: "<NET_IP4::sfo/point-to-point/31>" Define your device properties with variables
name: "rsw1-1-sfo" elevation: 30 rack_face: front type: qfx5100 nb_role: rack-switch ASN: 65100 network: lo0.0: ips: - addr: 10.10.10.1/32 - addr: 2020:1234:beef::756/128 p2p: et-0/0/48: peer: psw1-sfo::et-0/0/1 ips: - addr: 10.128.195.124/31 et-0/0/49: peer: psw2-sfo::et-0/0/1 ips: - addr: 10.128.195.126/31 Define your device properties with variables
rack_switch_v1: name: "rsw{{id}}-1-sfo" elevation: 30 rack_face: front type: qfx5100 nb_role: rack-switch ASN: "<ASN::sfo/private>" network: lo0.0: ips: - addr: "<LO4::sfo/internal-loopbacks>" - addr: "<LO6::external-loopbacks>" p2p: et-0/0/48: peer: "<DEV_INT::psw1-sfo/rack-switch>" ips: - addr: "<NET_IP4::sfo/point-to-point/31>" Create template of design
site: sfo racks: 101: racks: rack_switch_v1 id: 1 102: racks: rack_switch_v1 id: 2 103: racks: rack_switch_v1 id: 3 Reuse templates across site and racks site: sfo racks: 101: name: rsw1-1-sfo ASN: 62100 [ .. ] 102: name: rsw2-1-sfo ASN: 62101 [ .. ] 103: name: rsw3-1-sfo ASN: 62102 [ .. ]
Design is often dependent on the location ● Which Console Server should I connect to ? ● Which Cluster / Pod is this rack part of ? ● Which out-of-band device should I connect to ? ● What is the out-of-band network for this rack ? ● ...
Context Resolution Input File text / yaml Convert Back to Txt extract Site and Rack info YML TXT Import site: name: sfo elevation: 30 pod_id: 1 rack: console: co1-sfo mgmt_nwk: 10.0.0.0/16 Calculate / Resolve Rack Specific info YMLJinja
name: "rsw{{ id }}-{{rack.pod_id}}-sfo" elevation: 30 rack_face: front type: qfx5100 nb_role: rack-switch ASN: "<ASN::{{site.name}}/private>" network: lo0.0: ips: - addr: "<LO4::{{site.name}}/internal-loopbacks>" - addr: "<LO6::external-loopbacks>" p2p: et-0/0/48: peer: "<DEV_INT::psw1-{{site.name}}/rack-switch>" ips: - addr: "<NET_IP4::{{site.name}}/point-to-point/31>" et-0/0/49: peer: "<DEV_INT::psw1-{{site.name}}/rack-switch>" ips: - addr: "<NET_IP4::{{site.name}}/point-to-point/31>" Use Jinja to add contextual information
Network Builder - 3 main components Context Resolution Pull information specific per site and rack Pod and Cluster Info Console Server PDU OOB devices, Ips… Variables Resolution Resolve/generate properties using the resource manager Apply / Create Understand what already exist what needs to be created Apply the diff PLAN APPLY
Next Steps ● Get feedback on this approach ● Open Source the resource manager ● Open Source the network builder
Thank you!

Recommended

Ansiblefest 2018 Network automation journey at roblox
Ansiblefest 2018 Network automation journey at robloxAnsiblefest 2018 Network automation journey at roblox
Ansiblefest 2018 Network automation journey at robloxDamien Garros
 
Nanog75, Network Device Property as Code
Nanog75, Network Device Property as CodeNanog75, Network Device Property as Code
Nanog75, Network Device Property as CodeDamien Garros
 
Building Cloud Virtual Topologies with Ravello and Ansible
Building Cloud Virtual Topologies with Ravello and AnsibleBuilding Cloud Virtual Topologies with Ravello and Ansible
Building Cloud Virtual Topologies with Ravello and AnsibleDamien Garros
 
How to Achieve more through Collaboration
How to Achieve more through Collaboration How to Achieve more through Collaboration
How to Achieve more through Collaboration Damien Garros
 
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...Docker, Inc.
 
How to Prepare for CKA Exam
How to Prepare for CKA ExamHow to Prepare for CKA Exam
How to Prepare for CKA ExamAlfie Chen
 
Network services on Kubernetes on premise
Network services on Kubernetes on premiseNetwork services on Kubernetes on premise
Network services on Kubernetes on premiseHans Duedal
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OSCisco DevNet
 

Recommended

Ansiblefest 2018 Network automation journey at roblox
Ansiblefest 2018 Network automation journey at robloxAnsiblefest 2018 Network automation journey at roblox
Ansiblefest 2018 Network automation journey at robloxDamien Garros
 
Nanog75, Network Device Property as Code
Nanog75, Network Device Property as CodeNanog75, Network Device Property as Code
Nanog75, Network Device Property as CodeDamien Garros
 
Building Cloud Virtual Topologies with Ravello and Ansible
Building Cloud Virtual Topologies with Ravello and AnsibleBuilding Cloud Virtual Topologies with Ravello and Ansible
Building Cloud Virtual Topologies with Ravello and AnsibleDamien Garros
 
How to Achieve more through Collaboration
How to Achieve more through Collaboration How to Achieve more through Collaboration
How to Achieve more through Collaboration Damien Garros
 
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...Docker, Inc.
 
How to Prepare for CKA Exam
How to Prepare for CKA ExamHow to Prepare for CKA Exam
How to Prepare for CKA ExamAlfie Chen
 
Network services on Kubernetes on premise
Network services on Kubernetes on premiseNetwork services on Kubernetes on premise
Network services on Kubernetes on premiseHans Duedal
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OSCisco DevNet
 
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - RuianCNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - RuianHanLing Shen
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeAcademy
 
It takes a Village to do the Impossible - Jeff Lindsay
It takes a Village to do the Impossible - Jeff LindsayIt takes a Village to do the Impossible - Jeff Lindsay
It takes a Village to do the Impossible - Jeff LindsayDocker, Inc.
 
Hot to build continuously processing for 24/7 real-time data streaming platform?
Hot to build continuously processing for 24/7 real-time data streaming platform?Hot to build continuously processing for 24/7 real-time data streaming platform?
Hot to build continuously processing for 24/7 real-time data streaming platform?GetInData
 
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen..."Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...ConSol Consulting & Solutions Software GmbH
 
Docker at and with SignalFx
Docker at and with SignalFxDocker at and with SignalFx
Docker at and with SignalFxSignalFx
 
Spring Boot to Quarkus: A real app migration experience | DevNation Tech Talk
Spring Boot to Quarkus: A real app migration experience | DevNation Tech TalkSpring Boot to Quarkus: A real app migration experience | DevNation Tech Talk
Spring Boot to Quarkus: A real app migration experience | DevNation Tech TalkRed Hat Developers
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSCody Thomas
 
Containers & Security
Containers & SecurityContainers & Security
Containers & SecurityAll Things Open
 
Develop and Deploy Cloud-Native Apps as Resilient Microservice Architectures
Develop and Deploy Cloud-Native Apps as Resilient Microservice ArchitecturesDevelop and Deploy Cloud-Native Apps as Resilient Microservice Architectures
Develop and Deploy Cloud-Native Apps as Resilient Microservice ArchitecturesAll Things Open
 
Bash-ing brittle indicators: Red teaming mac-os without bash or python
Bash-ing brittle indicators: Red teaming mac-os without bash or pythonBash-ing brittle indicators: Red teaming mac-os without bash or python
Bash-ing brittle indicators: Red teaming mac-os without bash or pythonCody Thomas
 
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSWalking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSCody Thomas
 
Introduction to GitHub Actions - How to easily automate and integrate with Gi...
Introduction to GitHub Actions - How to easily automate and integrate with Gi...Introduction to GitHub Actions - How to easily automate and integrate with Gi...
Introduction to GitHub Actions - How to easily automate and integrate with Gi...All Things Open
 
Stranger Things: The Forces that Disrupt Netflix
Stranger Things: The Forces that Disrupt NetflixStranger Things: The Forces that Disrupt Netflix
Stranger Things: The Forces that Disrupt NetflixC4Media
 
Provisioning Servers Made Easy
Provisioning Servers Made EasyProvisioning Servers Made Easy
Provisioning Servers Made EasyAll Things Open
 
Docker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker NetworkingDocker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker NetworkingDocker, Inc.
 
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFDocker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...Docker, Inc.
 
IoT in the DataCenter @ Container Camp, London
IoT in the DataCenter @ Container Camp, LondonIoT in the DataCenter @ Container Camp, London
IoT in the DataCenter @ Container Camp, LondonAlex Ellis
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibilityDocker, Inc.
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
 

More Related Content

What's hot

CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - RuianCNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - RuianHanLing Shen
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeAcademy
 
It takes a Village to do the Impossible - Jeff Lindsay
It takes a Village to do the Impossible - Jeff LindsayIt takes a Village to do the Impossible - Jeff Lindsay
It takes a Village to do the Impossible - Jeff LindsayDocker, Inc.
 
Hot to build continuously processing for 24/7 real-time data streaming platform?
Hot to build continuously processing for 24/7 real-time data streaming platform?Hot to build continuously processing for 24/7 real-time data streaming platform?
Hot to build continuously processing for 24/7 real-time data streaming platform?GetInData
 
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen..."Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...ConSol Consulting & Solutions Software GmbH
 
Docker at and with SignalFx
Docker at and with SignalFxDocker at and with SignalFx
Docker at and with SignalFxSignalFx
 
Spring Boot to Quarkus: A real app migration experience | DevNation Tech Talk
Spring Boot to Quarkus: A real app migration experience | DevNation Tech TalkSpring Boot to Quarkus: A real app migration experience | DevNation Tech Talk
Spring Boot to Quarkus: A real app migration experience | DevNation Tech TalkRed Hat Developers
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSCody Thomas
 
Develop and Deploy Cloud-Native Apps as Resilient Microservice Architectures
Develop and Deploy Cloud-Native Apps as Resilient Microservice ArchitecturesDevelop and Deploy Cloud-Native Apps as Resilient Microservice Architectures
Develop and Deploy Cloud-Native Apps as Resilient Microservice ArchitecturesAll Things Open
 
Bash-ing brittle indicators: Red teaming mac-os without bash or python
Bash-ing brittle indicators: Red teaming mac-os without bash or pythonBash-ing brittle indicators: Red teaming mac-os without bash or python
Bash-ing brittle indicators: Red teaming mac-os without bash or pythonCody Thomas
 
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSWalking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSCody Thomas
 
Introduction to GitHub Actions - How to easily automate and integrate with Gi...
Introduction to GitHub Actions - How to easily automate and integrate with Gi...Introduction to GitHub Actions - How to easily automate and integrate with Gi...
Introduction to GitHub Actions - How to easily automate and integrate with Gi...All Things Open
 
Stranger Things: The Forces that Disrupt Netflix
Stranger Things: The Forces that Disrupt NetflixStranger Things: The Forces that Disrupt Netflix
Stranger Things: The Forces that Disrupt NetflixC4Media
 
Provisioning Servers Made Easy
Provisioning Servers Made EasyProvisioning Servers Made Easy
Provisioning Servers Made EasyAll Things Open
 
Docker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker NetworkingDocker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker NetworkingDocker, Inc.
 
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFDocker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...Docker, Inc.
 
IoT in the DataCenter @ Container Camp, London
IoT in the DataCenter @ Container Camp, LondonIoT in the DataCenter @ Container Camp, London
IoT in the DataCenter @ Container Camp, LondonAlex Ellis
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibilityDocker, Inc.
 

What's hot (20)

CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - RuianCNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
 
It takes a Village to do the Impossible - Jeff Lindsay
It takes a Village to do the Impossible - Jeff LindsayIt takes a Village to do the Impossible - Jeff Lindsay
It takes a Village to do the Impossible - Jeff Lindsay
 
Hot to build continuously processing for 24/7 real-time data streaming platform?
Hot to build continuously processing for 24/7 real-time data streaming platform?Hot to build continuously processing for 24/7 real-time data streaming platform?
Hot to build continuously processing for 24/7 real-time data streaming platform?
 
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen..."Using Automation Tools To Deploy And Operate Applications In Real World Scen...
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
 
Docker at and with SignalFx
Docker at and with SignalFxDocker at and with SignalFx
Docker at and with SignalFx
 
Spring Boot to Quarkus: A real app migration experience | DevNation Tech Talk
Spring Boot to Quarkus: A real app migration experience | DevNation Tech TalkSpring Boot to Quarkus: A real app migration experience | DevNation Tech Talk
Spring Boot to Quarkus: A real app migration experience | DevNation Tech Talk
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
 
Containers & Security
Containers & SecurityContainers & Security
Containers & Security
 
Develop and Deploy Cloud-Native Apps as Resilient Microservice Architectures
Develop and Deploy Cloud-Native Apps as Resilient Microservice ArchitecturesDevelop and Deploy Cloud-Native Apps as Resilient Microservice Architectures
Develop and Deploy Cloud-Native Apps as Resilient Microservice Architectures
 
Bash-ing brittle indicators: Red teaming mac-os without bash or python
Bash-ing brittle indicators: Red teaming mac-os without bash or pythonBash-ing brittle indicators: Red teaming mac-os without bash or python
Bash-ing brittle indicators: Red teaming mac-os without bash or python
 
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSWalking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
 
Introduction to GitHub Actions - How to easily automate and integrate with Gi...
Introduction to GitHub Actions - How to easily automate and integrate with Gi...Introduction to GitHub Actions - How to easily automate and integrate with Gi...
Introduction to GitHub Actions - How to easily automate and integrate with Gi...
 
Stranger Things: The Forces that Disrupt Netflix
Stranger Things: The Forces that Disrupt NetflixStranger Things: The Forces that Disrupt Netflix
Stranger Things: The Forces that Disrupt Netflix
 
Provisioning Servers Made Easy
Provisioning Servers Made EasyProvisioning Servers Made Easy
Provisioning Servers Made Easy
 
Docker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker NetworkingDocker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker Networking
 
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
 
IoT in the DataCenter @ Container Camp, London
IoT in the DataCenter @ Container Camp, LondonIoT in the DataCenter @ Container Camp, London
IoT in the DataCenter @ Container Camp, London
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibility
 

Similar to Banog meetup August 30th, network device property as code

DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
 
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kevin Lynch
 
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...Puppet
 
packet traveling (pre cloud)
packet traveling (pre cloud)packet traveling (pre cloud)
packet traveling (pre cloud)iman darabi
 
Known basic of NFV Features
Known basic of NFV FeaturesKnown basic of NFV Features
Known basic of NFV FeaturesRaul Leite
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
 
Snabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporterSnabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporterIgalia
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
P4+ONOS SRv6 tutorial.pptx
P4+ONOS SRv6 tutorial.pptxP4+ONOS SRv6 tutorial.pptx
P4+ONOS SRv6 tutorial.pptxtampham61268
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux DeviceAdding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux DeviceSamsung Open Source Group
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...NGINX, Inc.
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFoholiab
 

Similar to Banog meetup August 30th, network device property as code (20)

DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the Datacenter
 
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
 
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
 
packet traveling (pre cloud)
packet traveling (pre cloud)packet traveling (pre cloud)
packet traveling (pre cloud)
 
Linux network tools (Maarten Blomme)
Linux network tools (Maarten Blomme)Linux network tools (Maarten Blomme)
Linux network tools (Maarten Blomme)
 
Known basic of NFV Features
Known basic of NFV FeaturesKnown basic of NFV Features
Known basic of NFV Features
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
 
Snabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporterSnabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporter
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network Interfaces
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
P4+ONOS SRv6 tutorial.pptx
P4+ONOS SRv6 tutorial.pptxP4+ONOS SRv6 tutorial.pptx
P4+ONOS SRv6 tutorial.pptx
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux DeviceAdding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
 
Monkey Server
Monkey ServerMonkey Server
Monkey Server
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
 

Recently uploaded

Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 

Recently uploaded (20)

Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacing
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 

Banog meetup August 30th, network device property as code

  • 1. Damien Garros, Network Reliability Engineer | August 30th Network device Properties As Code @damgarros @dgarros
  • 2. ● Network device properties definition ● How are we managing device properties today ● How to manage Network device properties as code Open for questions at the end of each section Agenda
  • 4. Network device properties ● Name ● IP addresses ● Cabling information / Peer properties ● Vlans ● BGP Peering ● Device specific info (ASN, etc.. )
  • 5. Each device has a unique set of properties P5 P6P3 P4 T2 ● Unique set of properties per device T1 P1 P2 ● 1 template per role
  • 6. Your properties reflect your network design P5 P6P3 P4 P1 P2Network Design Naming Convention Cabling Convention Datacenter Layout Vendor Specific Information
  • 7. People are failing to automate their network because they simplify the problem and assume that everything is homogeneous
  • 9. Be prepared to manage MANY version of your properties Network Design Naming Convention Cabling Convention Datacenter Layout Vendor Specific Information v1 v2 v2.1 v1.1 v2.2 v2.1 v1.2 v2.4 v2.1 v1 v2 v2.1 v1.1 v2.2 v2.1 v1.2 v2.4 v2.1
  • 10. For every rule, there is an exception. So you always follow the rule, except when there is an exception In which case you follow a new rule based on that exception.
  • 11. Be prepared to manage MANY version of your properties Network Design Naming Convention Cabling Convention Datacenter Layout Vendor Specific Information v1 v2 v2.1 v1.1 v2.2 v2.1 v1.2 v2.4 v2.1 v1 v2 v2.1 v1.1 v2.2 v2.1 v1.2 v2.4 v2.1
  • 12. Properties @ Roblox In 9 months we had to manage ● 600 Devices ● 15 000 IP addresses ● 3000 Prefixes ● 35 different design revision just for the network ● Up to 7 versions for a given network device role We also added
  • 13. How are people managing Network device properties today ? 2
  • 14. How are people generating these properties today By Hand By Script / Code
  • 15. Pros / Cons with Script / Code approach Cons ● Hard to support multiple version of properties ● Need to “Write code” to adapt the design ● Hard to maintain Pros ● Can generate large number of properties quickly ● Very flexible
  • 16. How are people storing these properties ? P1 P2 P3 P4 P7 P7 P6 P5 File per device saved in Version control / Git Database P1 P2P3 P4 A mix of both The properties store is usually referred as the Source of Truth (SOT)
  • 17. How are WE storing our properties today VVV V Github ● We are storing in Netbox : ○ Device info, device role, ○ Cabling ○ IP addresses & prefixes ● Extrapolating most BGP sessions from Cabling ● We are storing in Github ○ Some BGP info and role properties in Yaml ○ Configuration template ○ Ansible project (pb, modules ..)
  • 18. How to manage network device properties as Code ? 3
  • 19. Infrastructure as Code concept ● Idempotent > Always the same results ● Version Control Friendly > Input as text file, peer review ● Safe & Predictable > Plan everything before, know what changes will be made before you run it.
  • 20. High Level Workflow Source of Truth P1P2P3 P4 P7P7P6P5 v1 Generate Read Network Builder
  • 21. High Level Workflow - Plan & Apply v1 PLANAPPLY Generate Diff Read Source of Truth Source of Truth Network Builder P3P4 Read Network Builderv1
  • 22. Infrastructure as Code concept ● Idempotent > Always the same results ● Version Control Friendly > Input as text file, peer review ● Safe & Predictable > Plan everything before, know what changes will be made before you run it.
  • 23. How to capture your design for a rack switch ● Device Name should be: ○ rsw, id of the cluster, name of the site separated by dash ● Loopback IP should be: ○ Any IP from the management network of the site ● Console port should be connected to: ○ the nearest console server ● Uplinks should be ○ 1x100G interface connected to each aggregation device ○ 1 /31 allocated per interface from the /22 block reserved for point to point links ● Server interface should have: ○ A /24 network allocated from the /16 block reserved for server
  • 24. Network Builder - Building Block Create Properties Manage Diff Source of Truth Resource Manager Network Builder
  • 25. Resource Manager Manage all your resources as you manage IPs with DHCP 1. Possible to reserve resource in advance 2. Each resource allocated is associated with an ID 3. Same ID always get the same response.
  • 26. Resource Manager - Example asn: [ 65100, 65200 ] prefixes: loopback: 10.10.10.0/24 point-to-point:10.128.0.0/22 Site SFO● Create Pools of resource Identifiable with name or roles ● Query resources by defining ○ WHAT type of resource ○ From WHICH pool ○ WHO is requesting Resource Manager WHAT : Loopback (/32) WHICH : Loopback in SFO WHO : device1 Query Resp 10.10.10.1/32
  • 27. Represent a query in a compact way <LO4::sfo/loopback> Variable Type ASN LO4 NET_IP INT DEV_INT VLAN Pool Name / Path Can be different per Variable Type WHAT WHICH WHO is determined based on when this query is invoked
  • 28. name: "rsw1-1-sfo" elevation: 30 rack_face: front type: qfx5100 nb_role: rack-switch ASN: "<ASN::sfo/private>" network: lo0.0: ips: - addr: "<LO4::sfo/internal-loopbacks>" - addr: "<LO6::external-loopbacks>" p2p: et-0/0/48: peer: "<DEV_INT::psw1-sfo/rack-switch>" ips: - addr: "<NET_IP4::sfo/point-to-point/31>" et-0/0/49: peer: "<DEV_INT::psw1-sfo/rack-switch>" ips: - addr: "<NET_IP4::sfo/point-to-point/31>" Define your device properties with variables
  • 29. name: "rsw1-1-sfo" elevation: 30 rack_face: front type: qfx5100 nb_role: rack-switch ASN: 65100 network: lo0.0: ips: - addr: 10.10.10.1/32 - addr: 2020:1234:beef::756/128 p2p: et-0/0/48: peer: psw1-sfo::et-0/0/1 ips: - addr: 10.128.195.124/31 et-0/0/49: peer: psw2-sfo::et-0/0/1 ips: - addr: 10.128.195.126/31 Define your device properties with variables
  • 30. rack_switch_v1: name: "rsw{{id}}-1-sfo" elevation: 30 rack_face: front type: qfx5100 nb_role: rack-switch ASN: "<ASN::sfo/private>" network: lo0.0: ips: - addr: "<LO4::sfo/internal-loopbacks>" - addr: "<LO6::external-loopbacks>" p2p: et-0/0/48: peer: "<DEV_INT::psw1-sfo/rack-switch>" ips: - addr: "<NET_IP4::sfo/point-to-point/31>" Create template of design
  • 31. site: sfo racks: 101: racks: rack_switch_v1 id: 1 102: racks: rack_switch_v1 id: 2 103: racks: rack_switch_v1 id: 3 Reuse templates across site and racks site: sfo racks: 101: name: rsw1-1-sfo ASN: 62100 [ .. ] 102: name: rsw2-1-sfo ASN: 62101 [ .. ] 103: name: rsw3-1-sfo ASN: 62102 [ .. ]
  • 32. Design is often dependent on the location ● Which Console Server should I connect to ? ● Which Cluster / Pod is this rack part of ? ● Which out-of-band device should I connect to ? ● What is the out-of-band network for this rack ? ● ...
  • 33. Context Resolution Input File text / yaml Convert Back to Txt extract Site and Rack info YML TXT Import site: name: sfo elevation: 30 pod_id: 1 rack: console: co1-sfo mgmt_nwk: 10.0.0.0/16 Calculate / Resolve Rack Specific info YMLJinja
  • 34. name: "rsw{{ id }}-{{rack.pod_id}}-sfo" elevation: 30 rack_face: front type: qfx5100 nb_role: rack-switch ASN: "<ASN::{{site.name}}/private>" network: lo0.0: ips: - addr: "<LO4::{{site.name}}/internal-loopbacks>" - addr: "<LO6::external-loopbacks>" p2p: et-0/0/48: peer: "<DEV_INT::psw1-{{site.name}}/rack-switch>" ips: - addr: "<NET_IP4::{{site.name}}/point-to-point/31>" et-0/0/49: peer: "<DEV_INT::psw1-{{site.name}}/rack-switch>" ips: - addr: "<NET_IP4::{{site.name}}/point-to-point/31>" Use Jinja to add contextual information
  • 35. Network Builder - 3 main components Context Resolution Pull information specific per site and rack Pod and Cluster Info Console Server PDU OOB devices, Ips… Variables Resolution Resolve/generate properties using the resource manager Apply / Create Understand what already exist what needs to be created Apply the diff PLAN APPLY
  • 36. Next Steps ● Get feedback on this approach ● Open Source the resource manager ● Open Source the network builder