network automation at shapeways

Network Automation at ShapewaysDecember 6th, 2016

Carl Caum: Sr. Technical Marketing Manager at Puppet

Martín Beauchamp: Site Reliability Engineer at Shapeways

Paul Hortiatis: Site Reliability Team Lead at Shapeways

Speakers

Every company is a software company.

It feels like a breaking point.

Change is necessary.

We help great companies:Become great software companies

Deliver fantastic experiences to their usersProvide better software, faster

And do it simply, at scale and securely

Automate for speed, reliability and security

Define with a common language

Gain situational awareness

Orchestrate change intelligently

Ensure security & compliance

What’s needed to deliver and operate modern software simply, at scale and securely

Across devices, through the stack

Define with a common language

● Easy to read, understand, write & share

● Write once, use everywhere

● Testing built in

● No code clobbering

● Choose from thousands of free modules, backed by a vibrant ecosystem

Standard way for teams to deliver and operate software

Puppet code example

Gain situational awareness

● Real-time change visibility

● Unique dependency visualizations

● Continual drift monitoring and reporting

● Audit and compliance reporting

● Built-in, custom and 3rd party visualizations

Know exactly what is going on with all your software

Event inspection in Puppet Enterprise

Cumulus Linux

Cumulus Linux

Native Linux Operating Model

Robust Hardware Ecosystem

Extensible Automation Ready

Cumulus Linux is a native Linux Network OS that is deeply rooted in Debian.

Network Management with Puppet and Cumulus LinuxManage switches like servers

Networking before DevOps

Siloed Teams Siloed tools and processes

Slow collaboration and limited information

sharing

Different processes and tasks for provisioning vs

ongoing management

Siloed, slow, and costly

Networking with Puppet

Unified teams

Puppet’s common language and tooling provides a single source

of truth to enable IT teams to unify the way they work

Unified processes

Making changes that span network and compute are made with the same change process

and tools.

Unified and efficient

Increased collaboration

Anyone can contribute to the infrastructure code base and

anyone can see how any part of the infrastructure is being

managed.

Unify Day 1 to Day 100

The same code that provisions the switch configuration also continuously monitors and

remediates the configuration.

The Automation Advantage

Ordering/Delivery

Days/Weeks Hours/Days(Manual)

ProductionPhysical Install

Ordering/Delivery ProductionPhysical Install

ONIEBoot

CLInstall

Agent PullInstall Config

Manually Install

Manually Configure

The New Way

Seconds/Minutes (Automated)

Days/Weeks

The Traditional Way

Ordering/Delivery Production

Ordering/Delivery Production

AutomatedConfigure

AutomatedInstall(ONIE BOOT)

Continuous

DriftManagement

DriftManagement

Manual/Custom

A 3D printing marketplace where you can design, make, buy and sell amazing products

Challenges

● Limited networking team size

● Fast evolving infrastructure - networking wasn’t always top priority

● Vendor hardware wasn’t suitable for rapid change or didn’t have the desired capabilities

17

Goals

● Manage the network like we manage our servers

● Leverage existing Linux expertise

● Cultivate DevOps culture

●Reliability

● Scalability

18

Why Puppet

● Maturity of the solution

● Existing knowledge

● Flexibility

19

Why Cumulus Linux

● It was Linux, and we know Linux

● Well supported by other tools already in place

● Improved reliability with Routing on the Host

● Network agility and lower risk of change

Cumulus’ Linux based OS and wide range of hardware support meant we could use the expertise we already had to have a successfully managed network.

20

Remove Operational Complexity

● Puppet code is portable between environments

● Puppet modules house reusable abstractions for underlying system configurations

● Puppet modules provide simple interfaces with controls we care about

● OS differences are handled behind the abstraction interface

● Hiera and data bindings enable simplified interfaces

Puppet enables us to build abstractions to complex implementations so we can focus on the controls we care about and reuse the implementation in as many places as necessary.

21

How We Did It

22

● Automated network topology is generated, starting with the network leafs (servers)

● Children configure their parent

● In-house developed build script builds the connection configuration for the switch

"swp49": parent: "r1-spine" port: "swp1" "swp50": parent: "r2-spine" port: "swp1"

p2p1: parent: r3-leaf-a port: swp44p3p1: parent: r3-leaf-b port: swp44

p2p1: parent: r3-leaf-a port: swp43p3p1: parent: r3-leaf-b port: swp43

p2p1: parent: r3-leaf-a port: swp42p3p1: parent: r3-leaf-b port: swp42

"swp49": parent: "r1-spine" port: "swp1""swp50": parent: "r2-spine" port: "swp1"

The Rollout

● Rolled out with a datacenter migration● The second datacenter went smoother

because we codified what we learned from the first migration

23

Gotchas

● Don’t assume that networking works the same between similar OSes, or even different versions of the same OS

● Don’t take on too much at once● Finish and validate your current

change before moving on to the next one

24

The DevOoops

Where Are We Now?

● Puppet manages all of our switches

● Network configs are versioned in Git and proposed changes get team review

● Our network is fast and reliable

25

Questions?