SlideShare a Scribd company logo
This is the way
Holistic (Network) Automation
FrOSCon 2022
Maximilian Wilhelm
1 / 27
Agenda
1. A little bit of history
2. Software Engineering Methods
3. Applying SWE Methods to Network Automation
4. Reality check
5. Q&A
2 / 27
Who's who Maximilian Wilhelm
Networker
Open Source Hacker
Fanboy of
(Debian) Linux
(Linux) networking
Occupation:
By day: Network Automation Engineer at Cloudflare
By night: Lead Infrastructure Architect, Freifunk Hochstift
In between: Freelance Infrastructure Architect for hire
Contact
@BarbarossaTM
max@sdn.clinic
3 / 27
A little bit of history
4 / 27
History When I was a student
First IT job in early 2004
Institute of Mathematics at Paderborn University
More or less separate network
Some hundred clients and servers
Fully automated install + management
Home grown solution
SDeployment
Written in Shell (IIRC)
(Un)install packages + maintain configuration
Owns full configuration files
Helped to find an intruder
Managed to exchange sshd binary
Didn't support Kerberos, so changed the config file
SDeployment changed config file back and service failed to restart
5 / 27
History Birth of new automation tools
Intent driven configuration
Describe the desired state
Packages (un)installed
Presence (+content) or absence of a file
Restart services on changes
...
Solution makes sure to reach/keep that state
Timeline of their birth (according to Wikipedia)
2003 bcfg2*
2005 Puppet
2009 Chef
2011 SaltStack
2012 Ansible
2012 Batou*
* 1st GIT commit 6 / 27
History State of network configuration today
Broad spectrum
Operators typing or pasting magic spells into a CLI
Deployment helpers called with explicit parameters
Evolution: Expect, Perl, Python scripts
Vendor solutions of different colors and sizes
Up to full vendor lock-in SDN solutions
Home-grown solutions, anywhere on the spectrum
Up to Google size full magic solution
7 / 27
History Where does this leave us now?
Wouldn't it be cool ...
To remove all the toil from Network config management!
So Network Engineers can focus on engineering
To have a vendor independent solution?
That can be tested and proven to do the right thing?
That scales well?
That is even Open Source?
But, how would we build that?
8 / 27
History
SWE Methods
Software Engineering Methods
9 / 27
History
SWE Methods
Software Engineering Methods - Abstraction
Operating Systems
Drivers for hardware components
I/O, Keyboard, Mice, Displays
File systems for data storage
Networking
ISO/OSI or hour glass model
Internet protocols (HTTP, SMTP, ...)
Routing protocols (OSPF, IS-IS, BGP ...)
10 / 27
History
SWE Methods
Software Engineering Methods - Testing
Unit tests
Test function/method, class, package with knowledge of the inside
White-box testing
Integration test
Useful for APIs or protocols
Verify BGP implementations work with others
Regression testing
Something broke, we fixed it
Make sure we notice when it breaks again
11 / 27
History
SWE Methods
Software Engineering Methods - Pipeline
12 / 27
History
SWE Methods
Applying SWE
Methods
Applying SWE Methods to Network Automation
13 / 27
History
SWE Methods
Applying SWE
Methods
Abstraction
Codify network architecture and processes
Topology + rules
Vendor configuration details
One large config file vs. different smaller ones
Different dialects or even languages
Generate vendor neutral config and translate from there
14 / 27
History
SWE Methods
Applying SWE
Methods
Topology - Example CGN
15 / 27
History
SWE Methods
Applying SWE
Methods
Topology - Example FFHO
BB/DC-POP 1 (PAD1) DC-POP 2 (PAD2)
DC-POP 3 (remote)
VPN
CR
CSW
CSW
CR
Dark Fiber
Gateway Gateway
Gateway
RF
BB-POP (WBBL-only, w/ APs)
RF
RF
BBR
RF
APs
BB-POP (WBBL + VPN, w/ APs)
BBR
RF APs
POP 4 (PAD3) [planned]
CR Gateway
Dark Fiber [planned]
RF
RF CSW
RF
RF
BB-POP (WBBL-only)
RF
RF
BBR
RF
CR
Internet
FFHO Topologie (schematic)
Legend
Router Layer3 Switch Switch
WiFi PTP link
Access Point
CWDM MUX Gateway KVM
Hypervisor
KVM
KVM
KVM
16 / 27
History
SWE Methods
Applying SWE
Methods
Nodes
Represent devices
Attributes
Status, Role
OS
IPs (on interfaces)
Location (rack ... region)
Edges
Represent links
Attributes
Status, Role
Bandwidth, Distance, Priority
...
Abstraction - Topology as a graph
17 / 27
History
SWE Methods
Applying SWE
Methods
Abstraction - Rules
What would have an operator configured manually?*
*If they did the right thing™
Examples, based on FFHO infrastructure
Internal routing protocols (OSPS + iBGP)
Learning of edge prefixes
Automagically generated firewall rules (CoPP)
...
18 / 27
History
SWE Methods
Applying SWE
Methods
Software Engineering Methods - Pipeline
Input
IRM / DCIM + IPAM
Any solution which offers an API, e.g. NetBox or Nautobot
Any local database(s) holding business relevant information
E.g. subscribers / services
Process(es)
Controller which gathers topology information and applies rules
Generate vendor neutral configuration
Translate configuration into required vendor configuration(s)
Apply the config as an atomic operation (if possible)
Micro service approach beneficial
Output
The complete generated configuration
Vendor independent or vendor specific, depending on POV
19 / 27
History
SWE Methods
Applying SWE
Methods
Controller generates the vendor
independent config
Rules could be part of code or
textual
Translator generates vendor specific
language from that
Multiple config files for Linux
routers
Single config file for (e.g. Cisco)
switches
Translator also (can) apply config
SaltStack, Ansible, ...
Home grown
Software Engineering Methods - Pipeline
20 / 27
History
SWE Methods
Applying SWE
Methods
Software Engineering Methods - Testing
Unit tests
Controller can be tested without touching production network
Testing Translator can be harder
Integration tests
New controller versions can be tested against live data source
Compare result with currently running production controller
Does it generate the config we expect?
No risk of impacting infrastructure
Translator can be tested offline or in a lab
Input: Static generic config from generator
Apply config to lab device (VM?)
Verify device config against expected result
21 / 27
History
SWE Methods
Applying SWE
Methods
Reality check
Reality check
22 / 27
History
SWE Methods
Applying SWE
Methods
Reality check
Reality check
Does that exist?
Not as Open Source
Wait, but you have logic in Salt (FFHO)
Yes, and I regret that.
23 / 27
History
SWE Methods
Applying SWE
Methods
Reality check
Reality check - Lessons learned
Data stored in pillar only usable inside Salt
Limits flexibility a lot
Evolution
From input in pillar to NetBox
From logic in Jinja templates to Python modules inside Salt
Abstract NetBox data structures away with NACL
Move more and more logic into NACL (e.g. iBGP mesh computation)
Use Salt as translator instead of controller
24 / 27
History
SWE Methods
Applying SWE
Methods
Reality check
Q&A
Questions?
25 / 27
History
SWE Methods
Applying SWE
Methods
Reality check
Q&A
Questions & answers
Why not generate the config within Salt or Ansible?
How do you test that? Automatically?
Limited to Python and the environment of the solution
Why not buy vendor solution here?
Because it's not vendor independent
What do you do if it can't do X or is discontinued?
Why not use NETCONF/YANG?
Because it's not vendor independent enough
And it's for iterative config changes
Yes NETCONF can to complete config replace, but what's the point?
26 / 27
History
SWE Methods
Applying SWE
Methods
Reality check
Q&A
Questions?
27 / 27

More Related Content

Similar to This is the way - Holistic (Network) Automation

The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkThe Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
Open Networking Summits
 
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Virtualization and Cloud Management Solutions
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
 
SDN and metrics from the SDOs
SDN and metrics from the SDOsSDN and metrics from the SDOs
SDN and metrics from the SDOs
Open Networking Summit
 
Learn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFVLearn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFV
Ghodhbane Mohamed Amine
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
Fernando Lopez Aguilar
 
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overviewIntroduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Cisco DevNet
 
1.Architecture
1.Architecture1.Architecture
1.Architecture
phanleson
 
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
Stefano Salsano
 
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF  Research Accelerator For Multip...A Collaborative Research Proposal To The NSF  Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
Scott Donald
 
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Rafael Ferreira da Silva
 
PROSE
PROSEPROSE
Naveen nimmu sdn future of networking
Naveen nimmu sdn   future of networkingNaveen nimmu sdn   future of networking
Naveen nimmu sdn future of networking
OpenSourceIndia
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn   future of networkingNaveen nimmu sdn   future of networking
Naveen nimmu sdn future of networking
suniltomar04
 
WS-* Specifications Update 2007
WS-* Specifications Update 2007WS-* Specifications Update 2007
WS-* Specifications Update 2007
Jorgen Thelin
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualization
idrajeev
 
Neo4j Vision and Roadmap
Neo4j Vision and Roadmap Neo4j Vision and Roadmap
Neo4j Vision and Roadmap
Neo4j
 
optimizing_ceph_flash
optimizing_ceph_flashoptimizing_ceph_flash
optimizing_ceph_flash
Vijayendra Shamanna
 
Dean Hagen
Dean HagenDean Hagen
Dean Hagen
Dean Hagen
 
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Hirofumi Iwasaki
 

Similar to This is the way - Holistic (Network) Automation (20)

The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkThe Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
 
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
 
SDN and metrics from the SDOs
SDN and metrics from the SDOsSDN and metrics from the SDOs
SDN and metrics from the SDOs
 
Learn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFVLearn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFV
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
 
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overviewIntroduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
 
1.Architecture
1.Architecture1.Architecture
1.Architecture
 
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
 
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF  Research Accelerator For Multip...A Collaborative Research Proposal To The NSF  Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
 
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
 
PROSE
PROSEPROSE
PROSE
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn   future of networkingNaveen nimmu sdn   future of networking
Naveen nimmu sdn future of networking
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn   future of networkingNaveen nimmu sdn   future of networking
Naveen nimmu sdn future of networking
 
WS-* Specifications Update 2007
WS-* Specifications Update 2007WS-* Specifications Update 2007
WS-* Specifications Update 2007
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualization
 
Neo4j Vision and Roadmap
Neo4j Vision and Roadmap Neo4j Vision and Roadmap
Neo4j Vision and Roadmap
 
optimizing_ceph_flash
optimizing_ceph_flashoptimizing_ceph_flash
optimizing_ceph_flash
 
Dean Hagen
Dean HagenDean Hagen
Dean Hagen
 
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
 

More from Maximilan Wilhelm

Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Maximilan Wilhelm
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
Maximilan Wilhelm
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
Maximilan Wilhelm
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Maximilan Wilhelm
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
Maximilan Wilhelm
 
Anycast all the things
Anycast all the thingsAnycast all the things
Anycast all the things
Maximilan Wilhelm
 
Out-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsOut-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-Boards
Maximilan Wilhelm
 
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Maximilan Wilhelm
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learned
Maximilan Wilhelm
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
Maximilan Wilhelm
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Maximilan Wilhelm
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
Maximilan Wilhelm
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
Maximilan Wilhelm
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
Maximilan Wilhelm
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
Maximilan Wilhelm
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
Maximilan Wilhelm
 
Software Defined Freifunk Backbones
Software Defined Freifunk BackbonesSoftware Defined Freifunk Backbones
Software Defined Freifunk Backbones
Maximilan Wilhelm
 

More from Maximilan Wilhelm (19)

Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
 
Anycast all the things
Anycast all the thingsAnycast all the things
Anycast all the things
 
Out-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsOut-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-Boards
 
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learned
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
 
Software Defined Freifunk Backbones
Software Defined Freifunk BackbonesSoftware Defined Freifunk Backbones
Software Defined Freifunk Backbones
 

Recently uploaded

SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptxSENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
b0754201
 
Mechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdfMechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdf
21UME003TUSHARDEB
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Sinan KOZAK
 
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICSUNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
vmspraneeth
 
5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf
AlvianRamadhani5
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
uqyfuc
 
Accident detection system project report.pdf
Accident detection system project report.pdfAccident detection system project report.pdf
Accident detection system project report.pdf
Kamal Acharya
 
P5 Working Drawings.pdf floor plan, civil
P5 Working Drawings.pdf floor plan, civilP5 Working Drawings.pdf floor plan, civil
P5 Working Drawings.pdf floor plan, civil
AnasAhmadNoor
 
Generative AI Use cases applications solutions and implementation.pdf
Generative AI Use cases applications solutions and implementation.pdfGenerative AI Use cases applications solutions and implementation.pdf
Generative AI Use cases applications solutions and implementation.pdf
mahaffeycheryld
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
ecqow
 
smart pill dispenser is designed to improve medication adherence and safety f...
smart pill dispenser is designed to improve medication adherence and safety f...smart pill dispenser is designed to improve medication adherence and safety f...
smart pill dispenser is designed to improve medication adherence and safety f...
um7474492
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
ydzowc
 
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
MadhavJungKarki
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Transcat
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
Roger Rozario
 
Zener Diode and its V-I Characteristics and Applications
Zener Diode and its V-I Characteristics and ApplicationsZener Diode and its V-I Characteristics and Applications
Zener Diode and its V-I Characteristics and Applications
Shiny Christobel
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
Gino153088
 
Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...
Prakhyath Rai
 
2. protection of river banks and bed erosion protection works.ppt
2. protection of river banks and bed erosion protection works.ppt2. protection of river banks and bed erosion protection works.ppt
2. protection of river banks and bed erosion protection works.ppt
abdatawakjira
 
Blood finder application project report (1).pdf
Blood finder application project report (1).pdfBlood finder application project report (1).pdf
Blood finder application project report (1).pdf
Kamal Acharya
 

Recently uploaded (20)

SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptxSENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
 
Mechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdfMechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdf
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
 
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICSUNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
 
5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Accident detection system project report.pdf
Accident detection system project report.pdfAccident detection system project report.pdf
Accident detection system project report.pdf
 
P5 Working Drawings.pdf floor plan, civil
P5 Working Drawings.pdf floor plan, civilP5 Working Drawings.pdf floor plan, civil
P5 Working Drawings.pdf floor plan, civil
 
Generative AI Use cases applications solutions and implementation.pdf
Generative AI Use cases applications solutions and implementation.pdfGenerative AI Use cases applications solutions and implementation.pdf
Generative AI Use cases applications solutions and implementation.pdf
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
 
smart pill dispenser is designed to improve medication adherence and safety f...
smart pill dispenser is designed to improve medication adherence and safety f...smart pill dispenser is designed to improve medication adherence and safety f...
smart pill dispenser is designed to improve medication adherence and safety f...
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
 
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
 
Zener Diode and its V-I Characteristics and Applications
Zener Diode and its V-I Characteristics and ApplicationsZener Diode and its V-I Characteristics and Applications
Zener Diode and its V-I Characteristics and Applications
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
 
Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...
 
2. protection of river banks and bed erosion protection works.ppt
2. protection of river banks and bed erosion protection works.ppt2. protection of river banks and bed erosion protection works.ppt
2. protection of river banks and bed erosion protection works.ppt
 
Blood finder application project report (1).pdf
Blood finder application project report (1).pdfBlood finder application project report (1).pdf
Blood finder application project report (1).pdf
 

This is the way - Holistic (Network) Automation

  • 1. This is the way Holistic (Network) Automation FrOSCon 2022 Maximilian Wilhelm 1 / 27
  • 2. Agenda 1. A little bit of history 2. Software Engineering Methods 3. Applying SWE Methods to Network Automation 4. Reality check 5. Q&A 2 / 27
  • 3. Who's who Maximilian Wilhelm Networker Open Source Hacker Fanboy of (Debian) Linux (Linux) networking Occupation: By day: Network Automation Engineer at Cloudflare By night: Lead Infrastructure Architect, Freifunk Hochstift In between: Freelance Infrastructure Architect for hire Contact @BarbarossaTM max@sdn.clinic 3 / 27
  • 4. A little bit of history 4 / 27
  • 5. History When I was a student First IT job in early 2004 Institute of Mathematics at Paderborn University More or less separate network Some hundred clients and servers Fully automated install + management Home grown solution SDeployment Written in Shell (IIRC) (Un)install packages + maintain configuration Owns full configuration files Helped to find an intruder Managed to exchange sshd binary Didn't support Kerberos, so changed the config file SDeployment changed config file back and service failed to restart 5 / 27
  • 6. History Birth of new automation tools Intent driven configuration Describe the desired state Packages (un)installed Presence (+content) or absence of a file Restart services on changes ... Solution makes sure to reach/keep that state Timeline of their birth (according to Wikipedia) 2003 bcfg2* 2005 Puppet 2009 Chef 2011 SaltStack 2012 Ansible 2012 Batou* * 1st GIT commit 6 / 27
  • 7. History State of network configuration today Broad spectrum Operators typing or pasting magic spells into a CLI Deployment helpers called with explicit parameters Evolution: Expect, Perl, Python scripts Vendor solutions of different colors and sizes Up to full vendor lock-in SDN solutions Home-grown solutions, anywhere on the spectrum Up to Google size full magic solution 7 / 27
  • 8. History Where does this leave us now? Wouldn't it be cool ... To remove all the toil from Network config management! So Network Engineers can focus on engineering To have a vendor independent solution? That can be tested and proven to do the right thing? That scales well? That is even Open Source? But, how would we build that? 8 / 27
  • 10. History SWE Methods Software Engineering Methods - Abstraction Operating Systems Drivers for hardware components I/O, Keyboard, Mice, Displays File systems for data storage Networking ISO/OSI or hour glass model Internet protocols (HTTP, SMTP, ...) Routing protocols (OSPF, IS-IS, BGP ...) 10 / 27
  • 11. History SWE Methods Software Engineering Methods - Testing Unit tests Test function/method, class, package with knowledge of the inside White-box testing Integration test Useful for APIs or protocols Verify BGP implementations work with others Regression testing Something broke, we fixed it Make sure we notice when it breaks again 11 / 27
  • 12. History SWE Methods Software Engineering Methods - Pipeline 12 / 27
  • 13. History SWE Methods Applying SWE Methods Applying SWE Methods to Network Automation 13 / 27
  • 14. History SWE Methods Applying SWE Methods Abstraction Codify network architecture and processes Topology + rules Vendor configuration details One large config file vs. different smaller ones Different dialects or even languages Generate vendor neutral config and translate from there 14 / 27
  • 16. History SWE Methods Applying SWE Methods Topology - Example FFHO BB/DC-POP 1 (PAD1) DC-POP 2 (PAD2) DC-POP 3 (remote) VPN CR CSW CSW CR Dark Fiber Gateway Gateway Gateway RF BB-POP (WBBL-only, w/ APs) RF RF BBR RF APs BB-POP (WBBL + VPN, w/ APs) BBR RF APs POP 4 (PAD3) [planned] CR Gateway Dark Fiber [planned] RF RF CSW RF RF BB-POP (WBBL-only) RF RF BBR RF CR Internet FFHO Topologie (schematic) Legend Router Layer3 Switch Switch WiFi PTP link Access Point CWDM MUX Gateway KVM Hypervisor KVM KVM KVM 16 / 27
  • 17. History SWE Methods Applying SWE Methods Nodes Represent devices Attributes Status, Role OS IPs (on interfaces) Location (rack ... region) Edges Represent links Attributes Status, Role Bandwidth, Distance, Priority ... Abstraction - Topology as a graph 17 / 27
  • 18. History SWE Methods Applying SWE Methods Abstraction - Rules What would have an operator configured manually?* *If they did the right thing™ Examples, based on FFHO infrastructure Internal routing protocols (OSPS + iBGP) Learning of edge prefixes Automagically generated firewall rules (CoPP) ... 18 / 27
  • 19. History SWE Methods Applying SWE Methods Software Engineering Methods - Pipeline Input IRM / DCIM + IPAM Any solution which offers an API, e.g. NetBox or Nautobot Any local database(s) holding business relevant information E.g. subscribers / services Process(es) Controller which gathers topology information and applies rules Generate vendor neutral configuration Translate configuration into required vendor configuration(s) Apply the config as an atomic operation (if possible) Micro service approach beneficial Output The complete generated configuration Vendor independent or vendor specific, depending on POV 19 / 27
  • 20. History SWE Methods Applying SWE Methods Controller generates the vendor independent config Rules could be part of code or textual Translator generates vendor specific language from that Multiple config files for Linux routers Single config file for (e.g. Cisco) switches Translator also (can) apply config SaltStack, Ansible, ... Home grown Software Engineering Methods - Pipeline 20 / 27
  • 21. History SWE Methods Applying SWE Methods Software Engineering Methods - Testing Unit tests Controller can be tested without touching production network Testing Translator can be harder Integration tests New controller versions can be tested against live data source Compare result with currently running production controller Does it generate the config we expect? No risk of impacting infrastructure Translator can be tested offline or in a lab Input: Static generic config from generator Apply config to lab device (VM?) Verify device config against expected result 21 / 27
  • 23. History SWE Methods Applying SWE Methods Reality check Reality check Does that exist? Not as Open Source Wait, but you have logic in Salt (FFHO) Yes, and I regret that. 23 / 27
  • 24. History SWE Methods Applying SWE Methods Reality check Reality check - Lessons learned Data stored in pillar only usable inside Salt Limits flexibility a lot Evolution From input in pillar to NetBox From logic in Jinja templates to Python modules inside Salt Abstract NetBox data structures away with NACL Move more and more logic into NACL (e.g. iBGP mesh computation) Use Salt as translator instead of controller 24 / 27
  • 25. History SWE Methods Applying SWE Methods Reality check Q&A Questions? 25 / 27
  • 26. History SWE Methods Applying SWE Methods Reality check Q&A Questions & answers Why not generate the config within Salt or Ansible? How do you test that? Automatically? Limited to Python and the environment of the solution Why not buy vendor solution here? Because it's not vendor independent What do you do if it can't do X or is discontinued? Why not use NETCONF/YANG? Because it's not vendor independent enough And it's for iterative config changes Yes NETCONF can to complete config replace, but what's the point? 26 / 27
  • 27. History SWE Methods Applying SWE Methods Reality check Q&A Questions? 27 / 27