The document discusses the transformative potential of infrastructure automation, focusing on 1-click solutions for network discovery, deployment, verification, and reporting. It highlights the benefits of using automation tools like Ansible to reduce errors, improve efficiency, and enable rapid scaling in network operations. Various use cases are presented, demonstrating how automation can streamline tasks such as configuration management, OS upgrades, and dynamic reporting across multi-vendor environments.

1. Infrastructure Automation
Era of the 1-Click Network
Discovery | Deployment | Verification | Reporting
Paul Siri
Sr. Consultant: Networking & Security
Groupware Technology Inc.

3. PARTNERS BY PRODUCT LINE
Strong Relationships with Industry Leaders
Systems Networking
& Security
Storage Load
Balancers
Software Cloud &
Services
Professional
Services
Data Center
moves
Data Center
Smart Hands
Project-Based
Services
Proof of Concept
Lab

4. TRADITIONAL PROBLEMS
What are we looking to solve?
Traditionally, Infrastructure Has Been...
 Error-Prone
 Inconsistent
 Slow to respond
 Inefficient
 Manual

5. AUTOMATION
Streamline the deployment process
 Significantly reduce the time required to bring devices into
production
 Take your valuable resources off of trivial and/or repetitive tasks
and free them up for the heavy lifting
Eliminate human-error with reliable, repeatable, code-driven tasks
 No more one-off Notepad scripts!
 The same result... every time!
Parallelize workflows to accommodate scale
 Configure and deploy 100s or 1000s of devices in parallel
 Achieve desired device states universally
Netops supports infrastructure at scale

6. ANSIBLE
Agentless
 No need for on-device agents!
 Anything SSH-enabled can be a target
 Growing development of networking modules
Open-source
 Ansible core is completely free
 Tower was recently open-sourced!
Variable registration feature
 Crucial to performing advanced parsing
features
 Enables nearly unlimited action on the raw
data returned from modules
Management for all your devices!

7. HOW IS GROUPWARE LEVERAGING AUTOMATION TODAY?
Active Use-Cases
 Documentation & Reporting
Compliance Auditing
Config Verification
“Active” Build Documentation
Misc:
 OS Upgrades
 Configuration Backups
 VPN Account Provisioning &
Rule Creation
 Environment Discovery
State Verification
 Infrastructure Deployment
Cisco | Palo Alto | Arista | HP | Pluribus
 Multi- vendor “1-Click Network”
 Service Deployment
Syslog | SNMP
Monitoring & Alerting

8. HOW CAN SALES LEVERAGE AUTOMATION?
Reduce Delivery Time
 Hours  Minutes
Reduce Resource Overhead
 Fewer engineers
 Fewer engineering hours
Reduce Human-Error
 Code doesn’t make mistakes!
 Repeatable results every time
Increase Margin
 Position Fixed-Bid
 “Package” Automated
Services
Enhance Competitive
Advantage
 Increased cost flexibility
 Minimize turnaround time
Post-Sales Competitive Advantages

9. BEFORE YOU BEGIN - TOOLS, PLUG-INS, & RESOURCES
Simplify your transition to NetOps
NAPALM
NETMIKO
github.com/ktbyers/netmiko
Like Paramiko...
...but so much better!
github.com/networktocode
pynet.twb-tech.com/
TEXTFSM
github.com/google/textfsm
Structured data for our
legacy devices!

10. WHERE DO I BEGIN?
How do we get traditional infrastructure to adopt a devops approach?
Beginner:
No more “notepad network engineers”!
 Start building your config files dynamically
 Use Jinja2 templates to:
o Abstract-away non-essential or “default” settings
o Build all of your dependencies
o Assemble and organize files as required
Intermediate:
Deploy your configs
 Start with a dev or lab environment
 GNS3 or Cisco VIRL are perfect
Upgrade your devices
 Start with a single device
 Advance to HA-pairs, stackable SWs, etc.

11. Challenges:
 Each device needs to have a unique
 Hostname
 Management IP
 Commands differ Per-OS
 Feature sets may need to be enabled/disabled
 Best-practices need to be enforced
 Inactive ports shut down
 Telnet disabled
 ...
Workflow
 Identify template for device configuration
 NX-OS Devices pointed to “Nexus” Template
 IOS Devices pointed to “IOS” template
 EOS Devices pointed to “EOS” template
 ** Template will handle best-practice enforcement
 Dynamically create & assign unique variables
 Hostnames
 Management IP addresses
 Store a copy of each unique configuration
 (Optional) push configuration to each switch
USE CASE 1:
LARGE-SCALE SWITCH CONFIGURATION WITH TEMPLATES
Generate configurations for 100 unique devices
(25 Cisco Nexus, 50 Cisco IOS, 25 Arista EOS)

12. Upgrade the OS on 10 Cisco switches
Workflow
SCP new device image to all switches
 cat3k_caa-universalk9.SPA.03.06.06.E.152-2.E6.bin
Set boot parameters to new image
Save running-config
 Save on-device
 Create a local, dated backup directory
o Save a backup to my computer
Issue a device reboot to load new OS
Wait for device to reboot
Verify OS version and generate a dynamic report
USE CASE 2:
PARALLEL OS UPGRADES

13. PARALLEL OS UPGRADES
Upgrades In Action
Playbook ftp-image.yml FTP Server Activity
 Inventory File

14. ADVANCED NETOPS
Taking You Automation to the Next Level
Advanced:
Manage state declaratively
 Leverage (or create) idempotent modules to
manage device state
 **Not all vendor modules are created equal
NetOps Pro:
Integrate with CICD tools
 Jenkins can run or trigger your playbooks

15. USE CASE 3: STATE VERIFICATION
Idempotence is king!
Idempotent Modules
 Concerned with the desired state of the object
 Ideal tools for configuration management & verification
 Achieve desired result no matter how many times they are ran
The Idempotent Workflow
Check whether current state = desired state
 If true
 Do nothing (we’re already at the desired state!)
 Return “changed = false”
 If false
 Issue commands necessary to achieve desired state
 Return “changed = true”

16. ENHANCE YOUR WORKFLOW
Everyone hates the repetitive tasks
Automate Your Pain Away:
Build “active” documentation into your workflow
 Dynamic, self-generating documentation of your environment
 Immediate verification of existing state
 Automated auditing...Because at this point, why not?

17. TEXTFSM PARSING = STRUCTURED DATA FROM LEGACY DEVICES
So many possibilities, so little time
CLI “show ip route”
TextFSM Variables
TextFSM Template

18. ...NOW PASS THAT DATA THROUGH J2
API-level structured data from our legacy device
Now we can manipulate it to our liking...
Vendor-Agnostic output anyone?

19. USE CASE 4: DYNAMIC REPORTING
 Leverages Ansible’s ability to “register” output
as variables
 Parses raw output into useable, structured data
 TextFSM is your friend!
 Vendor agnostic, OS-independent
 Not Reliant on API(s)
 Works with any SSH-enabled device
 Completely customizable
 Options only limited by your creativity
 HTML, Markdown, XML, CSV, etc.
“This stuff changes constantly!
Wouldn’t it be neat if we could just run a report on ALL of our devices automatically?!?”

20. DYNAMIC REPORTING
SAMPLES
Palo Alto Networks PAN-OS
HA Report
Arista EOS
Inventory Report

21. Suppose you want to ...
 Harden and/or audit your environment against the latest security vulnerability
 Backup configurations for your entire production infrastructure
 Perform discovery on your customer’s entire environment
 Generate detailed, dynamic reports about your latest deployment on-the-fly
 Retrieve up-to-date inventory sheets so you know whether or not you should be
checking Ebay for that “vanishing” QSFP
All in less than the time it takes to finish a cup of coffee?
Automation is your friend!
PUTTING IT ALL TOGETHER: DEMO
ONE COMMAND TO RULE THEM ALL

22. DEMO TOPOLOGY
All built via Ansible!
User Server User ServerGuest
HA‐1
HA‐2
Stack Cables
or
MLAG | VPC Peer‐Links
SW
(Stack | VPC | MLAG)
EDGE FW‐2EDGE FW‐1
Core‐1 Core‐2
AE2.999 TRUST
AE2.50 GUEST
AE‐2AE‐2
AE‐1AE‐1
EDGE‐SW‐2EDGE‐SW‐1
ISP‐A ISP‐B
Peer Keepalive
AE1.991 ISP‐A
AE1.992 ISP‐B
Guest
MLAG | VPC

23. DEMO FEATURES
Packing some serious heat
User Server Guest
HA‐1
HA‐2
AE2.999 TRUST
GP Internal Gateway
AE‐2
AE‐1
AE1.991 ISP‐A
IKE Gateway
IPSEC VPN
MLAG | VPC
MLAG|VPC|PO
1
MLAG|VPC|PO
3
MLAG|VPC|PO
2
VRRP‐255
.3
PRI
VRRP‐255
.4
SEC
Loopback.1
GP Portal
GP External Gateway
Tunnel.1
AE2.50 GUEST
DHCP Server
VRRP‐255
VIP
.2
Remote Office
S2S VPN Tunnel
Tunnel.2
MLAG
Primary
MLAG
Secondary
SSL Decryption
SSL Forward‐Proxy
SSL Reverse‐Proxy
SSL
SSL
Internet
SSL
SSL
192.168.254.0/23
192.168.254.X
192.168.254.100
10.168.80.0/24
10.168.80.250
10.168.80.2
172.16.100.0/24
172.16.100.100
172.16.100.200
VRRP‐100
.2
PRI
VRRP‐100
.3
SEC
VRRP‐100
VIP
.1
Vmware ESXi
Win Server 2012
(AD, DNS, NPS)
Windows 10
Other Linux
RHEL
Windows 10
Other Linux

24. We Answer the Call
THANK YOU!
Paul Siri
psiri@groupwaretech.com
Groupwaretech.com