Building Cloud Virtual Topologies with Ravello and Ansible
1. Building Cloud Virtual
Topologies with Ravello
& Ansible
SF Network Automation Meetup, Feb 13th 2017
Damien Garros
@damgarros
@dgarros
2. Agenda
● Quick introduction to Ravello
● How to Build Topology easily with Ansible
(on Ravello)
● How to use Ravello as part of a CI pipeline
3. Me
● Datacenter Networking for 10y
● Network Automation for 5y
● 6y with Juniper
● Recently joined Apstra
as Customer Enablement Engineer
No affiliation with Ravello nor Ansible
5. Ravello in a Nutshell
● Solution to build Virtual Topology in the Cloud
● Working on Top of AWS / GCE / Oracle Cloud
● Work with any VMs (ova, vmdk, img …)
● Pay by the hour
● Now part of Oracle
6. Ravello Pros / Cons
Pro
● Works with all VMs
● Can build any topology
● Everything available via REST API
● All VMs can have Public IPs
● Powerful Token system
● Powerful Blueprint system
● Pay by the hour
● “Unlimited” capacity
Cons
● Reduced Performance
Nested Virtualization
● Network design sucks
● REST API requires full objects
● Can be expensive if used for a
long period
7. Ravello / Use cases for Networking
● Training
● On Demand Labs
● Large topology reproduction
● CI Pipeline for Network
● Infrastructure as code
● ….
9. Why Not AWS ??
● L3 between VMs only,
○ no L1/L2 ( lldp, lacp)
● No notion of “topology” in AWS
● AWS do not support all VMs out of the box
● No user portal and No delegation system
(token)
10. How to build topology
easily with Ansible
(on Ravello)
11. Problem Statement
● Long & Complicated to build network topology
on Ravello
● Very difficult to Update an existing topology
I need to update the NOS version
12. Solution
● Abstract the definition of a new topology
● Use Ansible to
○ Automate the creation of new topologies
○ Automate the configuration of devices
13. Ansible Roles for Ravello
● Several Roles to:
○ Create one application from scratch
○ Create several applications from Blueprint
○ Start/Stop VMs
○ Collect Public IPs
● Published on Github / Docker
● Currently in “Alpha” mode
https://github.com/Juniper/ravello-ansible
14. Example / Spine - Leaf Topology
Spine1 Spine2
Leaf1 Leaf2 Leaf3
● Assign a unique ID
to each link
1
2 3 4 5
6
● Assign an ID to
each interface
16. Inventory File
## Ansible Inventory File
[spine]
spine1 id=11
spine2 id=21
[leaf]
leaf1 id=111
leaf2 id=121
leaf3 id=131
[all:vars]
ravello_app_name="Ip Fabric Junos"
ravello_image=vqfx10k-re-15.1X53-D60
Mandatory information
● Unique “id” per VMs
● ravello_image matching the
name of a VM image in Ravello
● ravello_app_name to define the
name of the application in Ravello
17. How to define a new topology
## Topology Definition file (yaml)
ravello_topology:
leaf3:
- link: dhcp-public
services: [ ssh, icmp ]
- link: 93 # To PFE
- link: 83 # Reserved
- link: 15 # Spine1
- link: 16 # Spine2
spine1:
- link: dhcp-public
services: [ ssh, icmp ]
- link: 94 # To PFE
- link: 84 # Reserved
- link: 11 # Leaf1
- link: 13 # Leaf2
- link: 15 # Leaf3
● Each L2 domain has a unique
identifier
● 2 interfaces connected to the same
L2 domain simulate a point-to-point
connection
● Interfaces are defined in order, to
be able to predict interfaces name.
● Both “Leaf3-Int4” and “Spine1-Int5”
are connected together (15)
21. Problem Statement
1. Continuous Integration for Network related
tools requires real Network Devices.
2. On-premise, complicated to have a dedicated
lab for CI
3. On-Internet, impossible to access Nerwork
Devices
22. Solution
1. Dynamically create Virtual Topology on Ravello
for each commit from CI tool (travis)
2. Leverage Ravello Token to be able to expose
these publically
3. Optional - Use IP Filtering to Restric the access
to the VMs
23. Solution
Project on Github/Gitlab
File .travis.yaml
Tests & Code
On Commit / PR
Travis download the project
and execute .travis.yaml
1. Create topology on Ravello
2. Collect VMs Public IP address
3. Run tests
31. Community @
http://community.apstra.com/
● Universal ZTP Server
https://github.com/Apstra/aeon-ztps
● Python Library for AOS
https://github.com/Apstra/aos-pyez
● Ansible Modules for AOS (in progress)
http://docs.ansible.com/ansible/list_of_network_modules.html#aos