Network Automation 101Ivan Pepelnjak (ip@ipSpace.net)Network ArchitectipSpace.net AG
Who is Ivan Pepelnjak (@ioshints)Past Kernel programmer, network OS and web developer Sysadmin, database admin, network engineer, CCIE Trainer, course developer, curriculum architect Team lead, CTO, business ownerPresent Network architect, consultant, blogger, webinar and book authorFocus Network automation and SDN Large-scale data centers, clouds and network virtualization Scalable application design Core IP routing/MPLS, IPv6, VPN2More@ ipSpace.net/About ipSpace.net2016Network Automation 101
Every Well-DefinedRepeatable TaskCan Be Automated
What Would You Automate?Common answers: Device provisioning Service provisioning ( device configurations) VLANs ACLs Firewall rulesHow about Troubleshooting Consistency checks Routing adjustments Failure remediation4 ipSpace.net 2016Network Automation 101
AutomationRepeatabilityConsistencyValidation
Automation EliminateRepeatable Manual TasksOrchestration GroupAutomated Tasks inCoordinated Workflows
A Few Reasons for Lack of Network AutomationMajor ones Mission-critical nature of the networks Unique snowflakes that are impossibleto automate Ad-hoc solutions and non-standardkludges Blast radius Lack of trustThere’s also Lack of programming skills Lack of reliable automation tools and programmatic interfaces Lack of (semi)standardized multi-vendor configuration schema Lack of affordable test environment7 ipSpace.net 2016Network Automation 101
Hierarchy of Network NeedsAutomated RemediationAutomated ProvisioningAbstraction of network stateOperated networkFunctioning NetworkSource: Jeremy Stretch, packetlife.net8 ipSpace.net 2016Network Automation 101
Operated Network
Operated Network Box-by-box mentality Manual configuration through CLI Relationships between boxes aremanaged in brain-space Tight control of changes and maintenancewindows due to inherently unreliableconfiguration processesImmediate improvement opportunities Configuration repository single source of truth Change tracking (version control) Configuration changes tied to user requirements or business needsTools to use RANCID – collect network configurations Subversion or Git – version control10 ipSpace.net 2016Network Automation 101
Typical WorkflowPropose device configuration changesReviews and approvalsSchedule maintenance windowChange device configuration11 ipSpace.net 2016Network Automation 101
Store Device Configurations in a RepositoryPropose device configuration changesReviews and approvalsSchedule maintenance windowChange device configurationCollect device configurationsStore new configurations into repository12 ipSpace.net 2016Network Automation 101
Start with Configuration Repository13Fork codebase, make proposed changesStart with a singlesource of truthSubmit changes to the repositoryEasy to identify original andchanged versionsReview and approve changeUsing standard tools forreviews and approvalsMake changeRollbacks are easierCollect device configurationsProposed versusimplemented changeStore new configurations into repositoryRepository again containssingle source of truth ipSpace.net 2016Network Automation 101
The Final TwistsFork codebase, make proposed changesAllow your customers topropose changesSubmit changes to the repositoryReview and approve changeDeploy changes automaticallyMore @ What Is NetDevOps? Why? – Leslie Carr (SFMIX), RIPE71 NAPALM –Elisa Jasinska & David Barroso, NANOG6414 ipSpace.net 2016Network Automation 101
Abstraction ofNetwork State
Hierarchy of Network NeedsAutomated RemediationAutomated ProvisioningAbstraction of network stateOperated networkFunctioning NetworkSource: Jeremy Stretch, packetlife.net16 ipSpace.net 2016Network Automation 101
SimplifyStandardizeAbstractAutomate
Network State Abstraction: Before and Afterupgrade fpd autoversion 15.0service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname R2!boot-start-markerboot-end-marker!logging buffered 4096!no aaa new-model!interface Loopback0ip address 10.0.1.5/32!!interface Fa0/0ip address 172.16.11.1/24 18 ipSpace.net 2016Network Automation 101hostname: 'R2'loopback: { ip: 10.0.1.5 }LAN:interface: 'Fa0/0'ip: 172.16.11.1
Network Deployment: Before and AfterBusiness needsNetwork designDesired network stateConfiguration templatesDevice configurations19 ipSpace.net 2016Device configurationsNetwork Automation 101
Benefits of Abstracted Network State Explicit mapping from network design to desired state and deviceconfigurations Separation of infrastructure state and service state Simplified multi-vendor deploymentsEasier to: Validate configuration compliance Compare current state withdesired state Identify mismatches or manualchanges Change device configurationsBusiness needsNetwork designDesired network stateConfiguration templatesDevice configurations20 ipSpace.net 2016Network Automation 101Device configurations
AutomaticProvisioning
Automated Network and Service ProvisioningAutomation required by Large scale deployment Self-service requirements Faster service deployment Need to improve reliabilityPrerequisites Standardized services, configurations anddeployment processes Reliable method of configuring andmonitoring network devices (API)Tools to use Configuration state management tools: Chef, Puppet Automation frameworks: Ansible Workflow and continuous integration tools: Gerrit, Jenkins22 ipSpace.net 2016Network Automation 101
Go for Low-HangingFruits
Read-Only AccessDevice ProvisioningService ProvisioningTraffic ReroutingReal-Time and Data Plane
AutomatedRemediation
Automated Network RemediationHoly Grail: Networks that fix themselves or adapt to changesA few examples: Identify links with degraded performance reroute traffic Identify router problems (memory leaks) drain the traffic, reload thedevice ToR switch failure migrate the virtual machinesGetting there: Don’t expect a vendor-supplied miracle Someone will have to do extensive customization Try to use small, reusable components26 ipSpace.net 2016Network Automation 101
Example: Facebook-Defined NetworkingSource: How Facebook Learned to Stop Worrying and Love the Network (Jose Leitao, David Rothera, RIPE 71)27 ipSpace.net 2016Network Automation 101
Network AutomationCaveats
Source: http://xkcd.com/1319
More Information
Network Automation TrackNetwork Automation Use CasesJinja2,YAMLand AnsibleBGP SDNNETCONF& YANGOpenFlowDeepDeepDive DiveREST APINetworkToolsSDN NetworkAutomationWhatis SDN? 101Network Programmability 101Inter-DCMoreinformationFCoE has@veryhttp://www.ipSpace.net/NetOpslimiteduseand ipSpace.net2016NetworkAutomation101 requires no bridging33
Stay in onsulting35 ipSpace.net 2016Network Automation 101
Even More to ExploreBlogs and web sites: Matt Oswalt (keepingitclassless.net) Scott Lowe (blog.scottlowe.org) Michael Kashin (networkop.github.io) Jason Edelman (jedelman.com) Chris Young (kontrolissues.net) Patrick Ogenstad (networklore.com) Josh O’Brien (staticnat.com)Github repositories: NAPALM (https://github.com/napalm-automation) David Barroso (https://github.com/dbarrosop/) – SIR, NAPALM demos Jason Edelman (https://github.com/jedelman8) Patrick Ogenstad (https://github.com/networklore/)36 ipSpace.net 2016Network Automation 101
Questions?Send them to ip@ipSpace.net or @ioshints
Network Automation 101 Ivan Pepelnjak (ip@ipSpace.net) Network Architect . Lack of programming skills Lack of reliable automation tools and programmatic interfaces . NetworkAutomation 101 Network Programmability 101 Network Automation Tools Network Automation Use Cases.
Ivan The Terrible And Philip The Prudent 15 UN russian history 47 (2020) 11-35 1 Diplomacy and Representation Ivan and Philip communicated via diplomatic and trade agents. In his capacity of king-consort of England, Philip ii and his wife, Mary I Tudor sent a mission to Ivan to negotiate English trade privileges in Muscovy, promising reciprocal
Locke - Shooting Script - Feb 21st 2013 2. 2 EXT. SITE THROUGH CCTV CAMERA 2 We see Ivan pulling out of the site through the lens of a CCTV camera. 3 INT. LAND ROVER/EXT. . Silence. A long pause. DONAL (OOV) (CONT’D) Ivan, what the fuck has happened? IVAN LOCKE I need you to just do this. A long pause.
Some of Ivan’s most famous findings came from his experiments using dogs. As mentioned in 1904, Ivan Pavlov was the first Russian theorist to be awarded the Nobel Peace Prize. He was awarded this honor due to his research on digestion which led to discovering conditioned reflexes. This is often referred to as one of
Danse Macabre has never been performed since; IVAN could not face re-staging it. In fact, IVAN never danced again after injuring himself, on the original first night. Now, in 20 , aged 74, IVAN is a world-renowned choreographer and teacher. Aware that his retire-
Aug 20, 2021 · Ivan the Terrible Ivan’s “bad period” began in 1560 after his wife, Anastasia died. He organized his own police force, whose chief duty was to hunt down and murder people Ivan considered traitors Peter brought the Russian Orthodox Church under state control. He
Ivan the Terrible (1533-84): Russia’s first tsar Mother was poisoned when he was 7yrs old. Ivan developed a dangerous paranoia. Would throw live animals from the palace towers for fun. After his wife, Anastasia died, Ivan developed a really nasty streak – sentenced thousands to death, would give detailed instructions on
network.edgecount Return the Number of Edges in a Network Object network.edgelabel Plots a label corresponding to an edge in a network plot. network.extraction Extraction and Replacement Operators for Network Objects network.indicators Indicator Functions for Network Properties network.initialize Initialize a Network Class Object
Alfredo López Austin* I. NECESIDAD CONCEPTUAL Soy historiador; mi objeto de estudio es el pensamiento de las sociedades de tradición mesoamericana, con énfasis en las antiguas, anteriores al dominio colonial europeo. Como historiador no encuentro que mi trabajo se diferencie del propio del antropólogo. Más bien, ignoro si existe alguna conveniencia en establecer un límite entre la .