SlideShare a Scribd company logo

This is the way - Holistic (Network) Automation

Maximilan Wilhelm
Maximilan Wilhelm

The Systems Engineering / SRE world has undergone a shift of thinking towards intend driven holistic configuration management a long time ago, but it feels like the majority of network automation solutions are still following the idea of making incremental changes to the routers and switches out there, which at the same time might also be managed manually by operators typing (or copying) magic spells into a CLI. This makes the device configuration the synchronization point and we don’t really have an idea of what this configuration will look like in full without checking back on the device. I believe we as Network (Automation) Engineers need to follow suit, make the mental shift to the holistic approach, let Perl, Shell and expect scripts be, and bring software engineering methods to network automation. This way we are able to tackle the problems at hand at an abstract level, build solutions which can be reasoned with, tested on their own, and scale to our needs. For the most daunting problem of configuration management this means plugging some of those systems together and building a solution which generates and owns the full device configuration. Dealing with diverging configuration parts, across the fleet, carefully cleaning up old approaches to configure X, doing incremental changes, and figuring out how to interact with a platform API, a dialect of NETCONF, YANG, etc. would all be from the past –-- wouldn’t that be great? A recording of this talk can be found at https://media.ccc.de/v/froscon2022-2820-this_is_the_way_-_holistic_network_automation

Engineering
1 of 27
Download to read offline
This is the way Holistic (Network) Automation FrOSCon 2022 Maximilian Wilhelm 1 / 27
Agenda 1. A little bit of history 2. Software Engineering Methods 3. Applying SWE Methods to Network Automation 4. Reality check 5. Q&A 2 / 27
Who's who Maximilian Wilhelm Networker Open Source Hacker Fanboy of (Debian) Linux (Linux) networking Occupation: By day: Network Automation Engineer at Cloudflare By night: Lead Infrastructure Architect, Freifunk Hochstift In between: Freelance Infrastructure Architect for hire Contact @BarbarossaTM max@sdn.clinic 3 / 27
A little bit of history 4 / 27
History When I was a student First IT job in early 2004 Institute of Mathematics at Paderborn University More or less separate network Some hundred clients and servers Fully automated install + management Home grown solution SDeployment Written in Shell (IIRC) (Un)install packages + maintain configuration Owns full configuration files Helped to find an intruder Managed to exchange sshd binary Didn't support Kerberos, so changed the config file SDeployment changed config file back and service failed to restart 5 / 27
History Birth of new automation tools Intent driven configuration Describe the desired state Packages (un)installed Presence (+content) or absence of a file Restart services on changes ... Solution makes sure to reach/keep that state Timeline of their birth (according to Wikipedia) 2003 bcfg2* 2005 Puppet 2009 Chef 2011 SaltStack 2012 Ansible 2012 Batou* * 1st GIT commit 6 / 27
History State of network configuration today Broad spectrum Operators typing or pasting magic spells into a CLI Deployment helpers called with explicit parameters Evolution: Expect, Perl, Python scripts Vendor solutions of different colors and sizes Up to full vendor lock-in SDN solutions Home-grown solutions, anywhere on the spectrum Up to Google size full magic solution 7 / 27
History Where does this leave us now? Wouldn't it be cool ... To remove all the toil from Network config management! So Network Engineers can focus on engineering To have a vendor independent solution? That can be tested and proven to do the right thing? That scales well? That is even Open Source? But, how would we build that? 8 / 27
History SWE Methods Software Engineering Methods 9 / 27
History SWE Methods Software Engineering Methods - Abstraction Operating Systems Drivers for hardware components I/O, Keyboard, Mice, Displays File systems for data storage Networking ISO/OSI or hour glass model Internet protocols (HTTP, SMTP, ...) Routing protocols (OSPF, IS-IS, BGP ...) 10 / 27
History SWE Methods Software Engineering Methods - Testing Unit tests Test function/method, class, package with knowledge of the inside White-box testing Integration test Useful for APIs or protocols Verify BGP implementations work with others Regression testing Something broke, we fixed it Make sure we notice when it breaks again 11 / 27
History SWE Methods Software Engineering Methods - Pipeline 12 / 27
History SWE Methods Applying SWE Methods Applying SWE Methods to Network Automation 13 / 27
History SWE Methods Applying SWE Methods Abstraction Codify network architecture and processes Topology + rules Vendor configuration details One large config file vs. different smaller ones Different dialects or even languages Generate vendor neutral config and translate from there 14 / 27
History SWE Methods Applying SWE Methods Topology - Example CGN 15 / 27
History SWE Methods Applying SWE Methods Topology - Example FFHO BB/DC-POP 1 (PAD1) DC-POP 2 (PAD2) DC-POP 3 (remote) VPN CR CSW CSW CR Dark Fiber Gateway Gateway Gateway RF BB-POP (WBBL-only, w/ APs) RF RF BBR RF APs BB-POP (WBBL + VPN, w/ APs) BBR RF APs POP 4 (PAD3) [planned] CR Gateway Dark Fiber [planned] RF RF CSW RF RF BB-POP (WBBL-only) RF RF BBR RF CR Internet FFHO Topologie (schematic) Legend Router Layer3 Switch Switch WiFi PTP link Access Point CWDM MUX Gateway KVM Hypervisor KVM KVM KVM 16 / 27
History SWE Methods Applying SWE Methods Nodes Represent devices Attributes Status, Role OS IPs (on interfaces) Location (rack ... region) Edges Represent links Attributes Status, Role Bandwidth, Distance, Priority ... Abstraction - Topology as a graph 17 / 27
History SWE Methods Applying SWE Methods Abstraction - Rules What would have an operator configured manually?* *If they did the right thing™ Examples, based on FFHO infrastructure Internal routing protocols (OSPS + iBGP) Learning of edge prefixes Automagically generated firewall rules (CoPP) ... 18 / 27
History SWE Methods Applying SWE Methods Software Engineering Methods - Pipeline Input IRM / DCIM + IPAM Any solution which offers an API, e.g. NetBox or Nautobot Any local database(s) holding business relevant information E.g. subscribers / services Process(es) Controller which gathers topology information and applies rules Generate vendor neutral configuration Translate configuration into required vendor configuration(s) Apply the config as an atomic operation (if possible) Micro service approach beneficial Output The complete generated configuration Vendor independent or vendor specific, depending on POV 19 / 27
History SWE Methods Applying SWE Methods Controller generates the vendor independent config Rules could be part of code or textual Translator generates vendor specific language from that Multiple config files for Linux routers Single config file for (e.g. Cisco) switches Translator also (can) apply config SaltStack, Ansible, ... Home grown Software Engineering Methods - Pipeline 20 / 27
History SWE Methods Applying SWE Methods Software Engineering Methods - Testing Unit tests Controller can be tested without touching production network Testing Translator can be harder Integration tests New controller versions can be tested against live data source Compare result with currently running production controller Does it generate the config we expect? No risk of impacting infrastructure Translator can be tested offline or in a lab Input: Static generic config from generator Apply config to lab device (VM?) Verify device config against expected result 21 / 27
History SWE Methods Applying SWE Methods Reality check Reality check 22 / 27
History SWE Methods Applying SWE Methods Reality check Reality check Does that exist? Not as Open Source Wait, but you have logic in Salt (FFHO) Yes, and I regret that. 23 / 27
History SWE Methods Applying SWE Methods Reality check Reality check - Lessons learned Data stored in pillar only usable inside Salt Limits flexibility a lot Evolution From input in pillar to NetBox From logic in Jinja templates to Python modules inside Salt Abstract NetBox data structures away with NACL Move more and more logic into NACL (e.g. iBGP mesh computation) Use Salt as translator instead of controller 24 / 27
History SWE Methods Applying SWE Methods Reality check Q&A Questions? 25 / 27
History SWE Methods Applying SWE Methods Reality check Q&A Questions & answers Why not generate the config within Salt or Ansible? How do you test that? Automatically? Limited to Python and the environment of the solution Why not buy vendor solution here? Because it's not vendor independent What do you do if it can't do X or is discontinued? Why not use NETCONF/YANG? Because it's not vendor independent enough And it's for iterative config changes Yes NETCONF can to complete config replace, but what's the point? 26 / 27
History SWE Methods Applying SWE Methods Reality check Q&A Questions? 27 / 27

Recommended

NFV Testing
NFV TestingNFV Testing
NFV Testing
Open Networking Summit
 
Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?
OPNFV
 
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Hirofumi Iwasaki
 
Iben from Spirent talks at the SDN World Congress about the importance of and...
Iben from Spirent talks at the SDN World Congress about the importance of and...Iben from Spirent talks at the SDN World Congress about the importance of and...
Iben from Spirent talks at the SDN World Congress about the importance of and...
Iben Rodriguez
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
Nikolay Milovanov
 
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV BenchmarkingSummit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
OPNFV
 
Dynamic Hadoop Clusters
Dynamic Hadoop ClustersDynamic Hadoop Clusters
Dynamic Hadoop Clusters
Steve Loughran
 
Muves3 Elastic Grid Java One2009 Final
Muves3 Elastic Grid Java One2009 FinalMuves3 Elastic Grid Java One2009 Final
Muves3 Elastic Grid Java One2009 FinalElastic Grid, LLC.
 

Recommended

NFV Testing
NFV TestingNFV Testing
NFV Testing
Open Networking Summit
 
Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?
OPNFV
 
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Java EE 7 with Apache Spark for the World’s Largest Credit Card Core Systems ...
Hirofumi Iwasaki
 
Iben from Spirent talks at the SDN World Congress about the importance of and...
Iben from Spirent talks at the SDN World Congress about the importance of and...Iben from Spirent talks at the SDN World Congress about the importance of and...
Iben from Spirent talks at the SDN World Congress about the importance of and...
Iben Rodriguez
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
Nikolay Milovanov
 
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV BenchmarkingSummit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
OPNFV
 
Dynamic Hadoop Clusters
Dynamic Hadoop ClustersDynamic Hadoop Clusters
Dynamic Hadoop Clusters
Steve Loughran
 
Muves3 Elastic Grid Java One2009 Final
Muves3 Elastic Grid Java One2009 FinalMuves3 Elastic Grid Java One2009 Final
Muves3 Elastic Grid Java One2009 FinalElastic Grid, LLC.
 
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkThe Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
Open Networking Summits
 
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Virtualization and Cloud Management Solutions
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
 
SDN and metrics from the SDOs
SDN and metrics from the SDOsSDN and metrics from the SDOs
SDN and metrics from the SDOs
Open Networking Summit
 
Learn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFVLearn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFV
Ghodhbane Mohamed Amine
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
Fernando Lopez Aguilar
 
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overviewIntroduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Cisco DevNet
 
1.Architecture
1.Architecture1.Architecture
1.Architecturephanleson
 
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
Stefano Salsano
 
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
Scott Donald
 
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Rafael Ferreira da Silva
 
PROSE
PROSEPROSE
PROSEEric Van Hensbergen
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingNaveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingOpenSourceIndia
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingNaveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingsuniltomar04
 
WS-* Specifications Update 2007
WS-* Specifications Update 2007WS-* Specifications Update 2007
WS-* Specifications Update 2007Jorgen Thelin
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualization
idrajeev
 
Neo4j Vision and Roadmap
Neo4j Vision and Roadmap Neo4j Vision and Roadmap
Neo4j Vision and Roadmap
Neo4j
 
optimizing_ceph_flash
optimizing_ceph_flashoptimizing_ceph_flash
optimizing_ceph_flashVijayendra Shamanna
 
Dean Hagen
Dean HagenDean Hagen
Dean HagenDean Hagen
 
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Hirofumi Iwasaki
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Maximilan Wilhelm
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
Maximilan Wilhelm
 

More Related Content

Similar to This is the way - Holistic (Network) Automation

The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkThe Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
Open Networking Summits
 
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Virtualization and Cloud Management Solutions
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
 
SDN and metrics from the SDOs
SDN and metrics from the SDOsSDN and metrics from the SDOs
SDN and metrics from the SDOs
Open Networking Summit
 
Learn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFVLearn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFV
Ghodhbane Mohamed Amine
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
Fernando Lopez Aguilar
 
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overviewIntroduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Cisco DevNet
 
1.Architecture
1.Architecture1.Architecture
1.Architecturephanleson
 
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
Stefano Salsano
 
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
Scott Donald
 
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Rafael Ferreira da Silva
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingNaveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingOpenSourceIndia
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingNaveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingsuniltomar04
 
WS-* Specifications Update 2007
WS-* Specifications Update 2007WS-* Specifications Update 2007
WS-* Specifications Update 2007Jorgen Thelin
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualization
idrajeev
 
Neo4j Vision and Roadmap
Neo4j Vision and Roadmap Neo4j Vision and Roadmap
Neo4j Vision and Roadmap
Neo4j
 
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Hirofumi Iwasaki
 

Similar to This is the way - Holistic (Network) Automation (20)

The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale NetworkThe Challenges of SDN/OpenFlow in an Operational and Large-scale Network
The Challenges of SDN/OpenFlow in an Operational and Large-scale Network
 
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
Troubleshooting Storage Devices Using vRealize Operations (formerly vC Ops)
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
 
SDN and metrics from the SDOs
SDN and metrics from the SDOsSDN and metrics from the SDOs
SDN and metrics from the SDOs
 
Learn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFVLearn more about the tremendous value Open Data Plane brings to NFV
Learn more about the tremendous value Open Data Plane brings to NFV
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
 
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overviewIntroduction to Data Models & Cisco's NextGen Device Level APIs: an overview
Introduction to Data Models & Cisco's NextGen Device Level APIs: an overview
 
1.Architecture
1.Architecture1.Architecture
1.Architecture
 
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
OSHI - Open Source Hybrid IP/SDN networking @EWSDN14
 
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
A Collaborative Research Proposal To The NSF Research Accelerator For Multip...
 
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
Running Accurate, Scalable, and Reproducible Simulations of Distributed Syste...
 
PROSE
PROSEPROSE
PROSE
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingNaveen nimmu sdn future of networking
Naveen nimmu sdn future of networking
 
Naveen nimmu sdn future of networking
Naveen nimmu sdn future of networkingNaveen nimmu sdn future of networking
Naveen nimmu sdn future of networking
 
WS-* Specifications Update 2007
WS-* Specifications Update 2007WS-* Specifications Update 2007
WS-* Specifications Update 2007
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualization
 
Neo4j Vision and Roadmap
Neo4j Vision and Roadmap Neo4j Vision and Roadmap
Neo4j Vision and Roadmap
 
optimizing_ceph_flash
optimizing_ceph_flashoptimizing_ceph_flash
optimizing_ceph_flash
 
Dean Hagen
Dean HagenDean Hagen
Dean Hagen
 
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
Case Study: Credit Card Core System with Exalogic, Exadata, Oracle Cloud Mach...
 

More from Maximilan Wilhelm

Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Maximilan Wilhelm
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
Maximilan Wilhelm
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
Maximilan Wilhelm
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Maximilan Wilhelm
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
Maximilan Wilhelm
 
Anycast all the things
Anycast all the thingsAnycast all the things
Anycast all the things
Maximilan Wilhelm
 
Out-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsOut-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-Boards
Maximilan Wilhelm
 
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Maximilan Wilhelm
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learned
Maximilan Wilhelm
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
Maximilan Wilhelm
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Maximilan Wilhelm
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
Maximilan Wilhelm
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
Maximilan Wilhelm
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
Maximilan Wilhelm
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
Maximilan Wilhelm
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
Maximilan Wilhelm
 
Software Defined Freifunk Backbones
Software Defined Freifunk BackbonesSoftware Defined Freifunk Backbones
Software Defined Freifunk Backbones
Maximilan Wilhelm
 

More from Maximilan Wilhelm (19)

Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
 
Anycast all the things
Anycast all the thingsAnycast all the things
Anycast all the things
 
Out-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsOut-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-Boards
 
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learned
 
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackL2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
 
Software Defined Freifunk Backbones
Software Defined Freifunk BackbonesSoftware Defined Freifunk Backbones
Software Defined Freifunk Backbones
 

Recently uploaded

Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
MuhammadTufail242431
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
Kamal Acharya
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfCOLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
ShahidSultan24
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
Vaccine management system project report documentation..pdf
Vaccine management system project report documentation..pdfVaccine management system project report documentation..pdf
Vaccine management system project report documentation..pdf
Kamal Acharya
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
Robbie Edward Sayers
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
Jayaprasanna4
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
DuvanRamosGarzon1
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
Intella Parts
 

Recently uploaded (20)

Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfCOLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
Vaccine management system project report documentation..pdf
Vaccine management system project report documentation..pdfVaccine management system project report documentation..pdf
Vaccine management system project report documentation..pdf
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
 

This is the way - Holistic (Network) Automation

  • 1. This is the way Holistic (Network) Automation FrOSCon 2022 Maximilian Wilhelm 1 / 27
  • 2. Agenda 1. A little bit of history 2. Software Engineering Methods 3. Applying SWE Methods to Network Automation 4. Reality check 5. Q&A 2 / 27
  • 3. Who's who Maximilian Wilhelm Networker Open Source Hacker Fanboy of (Debian) Linux (Linux) networking Occupation: By day: Network Automation Engineer at Cloudflare By night: Lead Infrastructure Architect, Freifunk Hochstift In between: Freelance Infrastructure Architect for hire Contact @BarbarossaTM max@sdn.clinic 3 / 27
  • 4. A little bit of history 4 / 27
  • 5. History When I was a student First IT job in early 2004 Institute of Mathematics at Paderborn University More or less separate network Some hundred clients and servers Fully automated install + management Home grown solution SDeployment Written in Shell (IIRC) (Un)install packages + maintain configuration Owns full configuration files Helped to find an intruder Managed to exchange sshd binary Didn't support Kerberos, so changed the config file SDeployment changed config file back and service failed to restart 5 / 27
  • 6. History Birth of new automation tools Intent driven configuration Describe the desired state Packages (un)installed Presence (+content) or absence of a file Restart services on changes ... Solution makes sure to reach/keep that state Timeline of their birth (according to Wikipedia) 2003 bcfg2* 2005 Puppet 2009 Chef 2011 SaltStack 2012 Ansible 2012 Batou* * 1st GIT commit 6 / 27
  • 7. History State of network configuration today Broad spectrum Operators typing or pasting magic spells into a CLI Deployment helpers called with explicit parameters Evolution: Expect, Perl, Python scripts Vendor solutions of different colors and sizes Up to full vendor lock-in SDN solutions Home-grown solutions, anywhere on the spectrum Up to Google size full magic solution 7 / 27
  • 8. History Where does this leave us now? Wouldn't it be cool ... To remove all the toil from Network config management! So Network Engineers can focus on engineering To have a vendor independent solution? That can be tested and proven to do the right thing? That scales well? That is even Open Source? But, how would we build that? 8 / 27
  • 10. History SWE Methods Software Engineering Methods - Abstraction Operating Systems Drivers for hardware components I/O, Keyboard, Mice, Displays File systems for data storage Networking ISO/OSI or hour glass model Internet protocols (HTTP, SMTP, ...) Routing protocols (OSPF, IS-IS, BGP ...) 10 / 27
  • 11. History SWE Methods Software Engineering Methods - Testing Unit tests Test function/method, class, package with knowledge of the inside White-box testing Integration test Useful for APIs or protocols Verify BGP implementations work with others Regression testing Something broke, we fixed it Make sure we notice when it breaks again 11 / 27
  • 12. History SWE Methods Software Engineering Methods - Pipeline 12 / 27
  • 13. History SWE Methods Applying SWE Methods Applying SWE Methods to Network Automation 13 / 27
  • 14. History SWE Methods Applying SWE Methods Abstraction Codify network architecture and processes Topology + rules Vendor configuration details One large config file vs. different smaller ones Different dialects or even languages Generate vendor neutral config and translate from there 14 / 27
  • 16. History SWE Methods Applying SWE Methods Topology - Example FFHO BB/DC-POP 1 (PAD1) DC-POP 2 (PAD2) DC-POP 3 (remote) VPN CR CSW CSW CR Dark Fiber Gateway Gateway Gateway RF BB-POP (WBBL-only, w/ APs) RF RF BBR RF APs BB-POP (WBBL + VPN, w/ APs) BBR RF APs POP 4 (PAD3) [planned] CR Gateway Dark Fiber [planned] RF RF CSW RF RF BB-POP (WBBL-only) RF RF BBR RF CR Internet FFHO Topologie (schematic) Legend Router Layer3 Switch Switch WiFi PTP link Access Point CWDM MUX Gateway KVM Hypervisor KVM KVM KVM 16 / 27
  • 17. History SWE Methods Applying SWE Methods Nodes Represent devices Attributes Status, Role OS IPs (on interfaces) Location (rack ... region) Edges Represent links Attributes Status, Role Bandwidth, Distance, Priority ... Abstraction - Topology as a graph 17 / 27
  • 18. History SWE Methods Applying SWE Methods Abstraction - Rules What would have an operator configured manually?* *If they did the right thing™ Examples, based on FFHO infrastructure Internal routing protocols (OSPS + iBGP) Learning of edge prefixes Automagically generated firewall rules (CoPP) ... 18 / 27
  • 19. History SWE Methods Applying SWE Methods Software Engineering Methods - Pipeline Input IRM / DCIM + IPAM Any solution which offers an API, e.g. NetBox or Nautobot Any local database(s) holding business relevant information E.g. subscribers / services Process(es) Controller which gathers topology information and applies rules Generate vendor neutral configuration Translate configuration into required vendor configuration(s) Apply the config as an atomic operation (if possible) Micro service approach beneficial Output The complete generated configuration Vendor independent or vendor specific, depending on POV 19 / 27
  • 20. History SWE Methods Applying SWE Methods Controller generates the vendor independent config Rules could be part of code or textual Translator generates vendor specific language from that Multiple config files for Linux routers Single config file for (e.g. Cisco) switches Translator also (can) apply config SaltStack, Ansible, ... Home grown Software Engineering Methods - Pipeline 20 / 27
  • 21. History SWE Methods Applying SWE Methods Software Engineering Methods - Testing Unit tests Controller can be tested without touching production network Testing Translator can be harder Integration tests New controller versions can be tested against live data source Compare result with currently running production controller Does it generate the config we expect? No risk of impacting infrastructure Translator can be tested offline or in a lab Input: Static generic config from generator Apply config to lab device (VM?) Verify device config against expected result 21 / 27
  • 23. History SWE Methods Applying SWE Methods Reality check Reality check Does that exist? Not as Open Source Wait, but you have logic in Salt (FFHO) Yes, and I regret that. 23 / 27
  • 24. History SWE Methods Applying SWE Methods Reality check Reality check - Lessons learned Data stored in pillar only usable inside Salt Limits flexibility a lot Evolution From input in pillar to NetBox From logic in Jinja templates to Python modules inside Salt Abstract NetBox data structures away with NACL Move more and more logic into NACL (e.g. iBGP mesh computation) Use Salt as translator instead of controller 24 / 27
  • 25. History SWE Methods Applying SWE Methods Reality check Q&A Questions? 25 / 27
  • 26. History SWE Methods Applying SWE Methods Reality check Q&A Questions & answers Why not generate the config within Salt or Ansible? How do you test that? Automatically? Limited to Python and the environment of the solution Why not buy vendor solution here? Because it's not vendor independent What do you do if it can't do X or is discontinued? Why not use NETCONF/YANG? Because it's not vendor independent enough And it's for iterative config changes Yes NETCONF can to complete config replace, but what's the point? 26 / 27
  • 27. History SWE Methods Applying SWE Methods Reality check Q&A Questions? 27 / 27