Network automation at SURFsara

Diederik Vandevenne, diederik.vandevenne@surfsara.nlColloquium UvA SNE – 7 March 2018

Agenda

•What is network automation and why do you want it?•Configuration management concepts•Ansible•Network automation @SURFsara•Hands-on demo

(Zero Touch) Provisioning

• Rack, connect, power up• Install OS image and (initial) configuration• Similar to PXE boot• Based on DHCP and file transfer protocols• Implementation is vendor dependent

Configuration Management

• Automated way to put devices in a desired state• Configuration definitions are kept in a VCS

What is network automation and why do you want it?

What is network automation and why do you want it?

Benefits

•Configuration consistency•Repeatable results•Testability•Less risk of human error•Faster deployment

Configuration Management concepts

Idempotency

Configuration Management concepts

Imperative configuration

vs

Declarative configuration

Configuration Management concepts

Intent-based networking

•Cisco, Apstra …•Configuration vs intent•Natural language•Validation•Remediation•Machine learning, big data analytics •Just another layer of abstraction?

http://blog.ipspace.net/2017/09/intent-based-hype.html

Configuration Management concepts

Agent

vs

Agentless

Configuration Management concepts

Push model

vs

Pull model

Configuration Management concepts

Automation

vs

Orchestration

Configuration Management tools

Characteristics

•Agentless•Uses primarily the push model• Imperative or declarative?•Orchestration•Ad-hoc commands

Concepts and elements

• Inventory•Playbooks, plays, tasks•Templates (jinja2)•Roles•Variables•Modules

Ansible

Ansible networking modules

•http://docs.ansible.com/ansible/latest/list_of_network_modules.html

Network automation @SURFsara

0% 1% 4%

43%55%

70%

100% 99% 96%

57%45%

30%

0%

20%

40%

60%

80%

100%

120%

2013 2014 2015 2016 2017 2018

Open networking devices in SURFsara

Open networking vendors Legacy vendors

Network automation @SURFsara

Ansibleplaybook

MAC/IP in CMDB

Generate DHCP

Generate DNS switch in rack

ONIEinstall

Dynamic Ansible inventory

ZTPscript

Network automation @SURFsara

Current Ansible implementation

•Network devices managed by Ansible include Cumulus Linux and Juniper•Ansible dynamic inventory•Ansible playbooks are used on a project/cluster level•Ansible roles are used on a global level•Clear separation between data (variables) and logic•Variables are mostly device/OS independent•Cumulus Linux is configured as a Linux server (template module, not NCLU)

Network automation @SURFsara

Next steps

• (More) testing and validation•Change management pipeline (Continuous Integration)• Integration of monitoring•Self service

Questions?

Hands-on demo