Ivan Pepelnjak (ip@ipSpace ) Network Architect IpSpace .

3y ago
132 Views
8 Downloads
4.03 MB
37 Pages
Last View : 22d ago
Last Download : 9m ago
Upload by : Troy Oden
Transcription

Network Automation 101Ivan Pepelnjak (ip@ipSpace.net)Network ArchitectipSpace.net AG

Who is Ivan Pepelnjak (@ioshints)Past Kernel programmer, network OS and web developer Sysadmin, database admin, network engineer, CCIE Trainer, course developer, curriculum architect Team lead, CTO, business ownerPresent Network architect, consultant, blogger, webinar and book authorFocus Network automation and SDN Large-scale data centers, clouds and network virtualization Scalable application design Core IP routing/MPLS, IPv6, VPN2More@ ipSpace.net/About ipSpace.net2016Network Automation 101

Every Well-DefinedRepeatable TaskCan Be Automated

What Would You Automate?Common answers: Device provisioning Service provisioning ( device configurations) VLANs ACLs Firewall rulesHow about Troubleshooting Consistency checks Routing adjustments Failure remediation4 ipSpace.net 2016Network Automation 101

AutomationRepeatabilityConsistencyValidation

Automation EliminateRepeatable Manual TasksOrchestration GroupAutomated Tasks inCoordinated Workflows

A Few Reasons for Lack of Network AutomationMajor ones Mission-critical nature of the networks Unique snowflakes that are impossibleto automate Ad-hoc solutions and non-standardkludges Blast radius Lack of trustThere’s also Lack of programming skills Lack of reliable automation tools and programmatic interfaces Lack of (semi)standardized multi-vendor configuration schema Lack of affordable test environment7 ipSpace.net 2016Network Automation 101

Hierarchy of Network NeedsAutomated RemediationAutomated ProvisioningAbstraction of network stateOperated networkFunctioning NetworkSource: Jeremy Stretch, packetlife.net8 ipSpace.net 2016Network Automation 101

Operated Network

Operated Network Box-by-box mentality Manual configuration through CLI Relationships between boxes aremanaged in brain-space Tight control of changes and maintenancewindows due to inherently unreliableconfiguration processesImmediate improvement opportunities Configuration repository single source of truth Change tracking (version control) Configuration changes tied to user requirements or business needsTools to use RANCID – collect network configurations Subversion or Git – version control10 ipSpace.net 2016Network Automation 101

Typical WorkflowPropose device configuration changesReviews and approvalsSchedule maintenance windowChange device configuration11 ipSpace.net 2016Network Automation 101

Store Device Configurations in a RepositoryPropose device configuration changesReviews and approvalsSchedule maintenance windowChange device configurationCollect device configurationsStore new configurations into repository12 ipSpace.net 2016Network Automation 101

Start with Configuration Repository13Fork codebase, make proposed changesStart with a singlesource of truthSubmit changes to the repositoryEasy to identify original andchanged versionsReview and approve changeUsing standard tools forreviews and approvalsMake changeRollbacks are easierCollect device configurationsProposed versusimplemented changeStore new configurations into repositoryRepository again containssingle source of truth ipSpace.net 2016Network Automation 101

The Final TwistsFork codebase, make proposed changesAllow your customers topropose changesSubmit changes to the repositoryReview and approve changeDeploy changes automaticallyMore @ What Is NetDevOps? Why? – Leslie Carr (SFMIX), RIPE71 NAPALM –Elisa Jasinska & David Barroso, NANOG6414 ipSpace.net 2016Network Automation 101

Abstraction ofNetwork State

Hierarchy of Network NeedsAutomated RemediationAutomated ProvisioningAbstraction of network stateOperated networkFunctioning NetworkSource: Jeremy Stretch, packetlife.net16 ipSpace.net 2016Network Automation 101

SimplifyStandardizeAbstractAutomate

Network State Abstraction: Before and Afterupgrade fpd autoversion 15.0service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname R2!boot-start-markerboot-end-marker!logging buffered 4096!no aaa new-model!interface Loopback0ip address 10.0.1.5/32!!interface Fa0/0ip address 172.16.11.1/24 18 ipSpace.net 2016Network Automation 101hostname: 'R2'loopback: { ip: 10.0.1.5 }LAN:interface: 'Fa0/0'ip: 172.16.11.1

Network Deployment: Before and AfterBusiness needsNetwork designDesired network stateConfiguration templatesDevice configurations19 ipSpace.net 2016Device configurationsNetwork Automation 101

Benefits of Abstracted Network State Explicit mapping from network design to desired state and deviceconfigurations Separation of infrastructure state and service state Simplified multi-vendor deploymentsEasier to: Validate configuration compliance Compare current state withdesired state Identify mismatches or manualchanges Change device configurationsBusiness needsNetwork designDesired network stateConfiguration templatesDevice configurations20 ipSpace.net 2016Network Automation 101Device configurations

AutomaticProvisioning

Automated Network and Service ProvisioningAutomation required by Large scale deployment Self-service requirements Faster service deployment Need to improve reliabilityPrerequisites Standardized services, configurations anddeployment processes Reliable method of configuring andmonitoring network devices (API)Tools to use Configuration state management tools: Chef, Puppet Automation frameworks: Ansible Workflow and continuous integration tools: Gerrit, Jenkins22 ipSpace.net 2016Network Automation 101

Go for Low-HangingFruits

Read-Only AccessDevice ProvisioningService ProvisioningTraffic ReroutingReal-Time and Data Plane

AutomatedRemediation

Automated Network RemediationHoly Grail: Networks that fix themselves or adapt to changesA few examples: Identify links with degraded performance reroute traffic Identify router problems (memory leaks) drain the traffic, reload thedevice ToR switch failure migrate the virtual machinesGetting there: Don’t expect a vendor-supplied miracle Someone will have to do extensive customization Try to use small, reusable components26 ipSpace.net 2016Network Automation 101

Example: Facebook-Defined NetworkingSource: How Facebook Learned to Stop Worrying and Love the Network (Jose Leitao, David Rothera, RIPE 71)27 ipSpace.net 2016Network Automation 101

Network AutomationCaveats

Source: http://xkcd.com/1319

More Information

Network Automation TrackNetwork Automation Use CasesJinja2,YAMLand AnsibleBGP SDNNETCONF& YANGOpenFlowDeepDeepDive DiveREST APINetworkToolsSDN NetworkAutomationWhatis SDN? 101Network Programmability 101Inter-DCMoreinformationFCoE has@veryhttp://www.ipSpace.net/NetOpslimiteduseand ipSpace.net2016NetworkAutomation101 requires no bridging33

Stay in onsulting35 ipSpace.net 2016Network Automation 101

Even More to ExploreBlogs and web sites: Matt Oswalt (keepingitclassless.net) Scott Lowe (blog.scottlowe.org) Michael Kashin (networkop.github.io) Jason Edelman (jedelman.com) Chris Young (kontrolissues.net) Patrick Ogenstad (networklore.com) Josh O’Brien (staticnat.com)Github repositories: NAPALM (https://github.com/napalm-automation) David Barroso (https://github.com/dbarrosop/) – SIR, NAPALM demos Jason Edelman (https://github.com/jedelman8) Patrick Ogenstad (https://github.com/networklore/)36 ipSpace.net 2016Network Automation 101

Questions?Send them to ip@ipSpace.net or @ioshints

Network Automation 101 Ivan Pepelnjak (ip@ipSpace.net) Network Architect . Lack of programming skills Lack of reliable automation tools and programmatic interfaces . NetworkAutomation 101 Network Programmability 101 Network Automation Tools Network Automation Use Cases.

Related Documents:

Ivan The Terrible And Philip The Prudent 15 UN russian history 47 (2020) 11-35 1 Diplomacy and Representation Ivan and Philip communicated via diplomatic and trade agents. In his capacity of king-consort of England, Philip ii and his wife, Mary I Tudor sent a mission to Ivan to negotiate English trade privileges in Muscovy, promising reciprocal

Locke - Shooting Script - Feb 21st 2013 2. 2 EXT. SITE THROUGH CCTV CAMERA 2 We see Ivan pulling out of the site through the lens of a CCTV camera. 3 INT. LAND ROVER/EXT. . Silence. A long pause. DONAL (OOV) (CONT’D) Ivan, what the fuck has happened? IVAN LOCKE I need you to just do this. A long pause.

Some of Ivan’s most famous findings came from his experiments using dogs. As mentioned in 1904, Ivan Pavlov was the first Russian theorist to be awarded the Nobel Peace Prize. He was awarded this honor due to his research on digestion which led to discovering conditioned reflexes. This is often referred to as one of

Danse Macabre has never been performed since; IVAN could not face re-staging it. In fact, IVAN never danced again after injuring himself, on the original first night. Now, in 20 , aged 74, IVAN is a world-renowned choreographer and teacher. Aware that his retire-

Aug 20, 2021 · Ivan the Terrible Ivan’s “bad period” began in 1560 after his wife, Anastasia died. He organized his own police force, whose chief duty was to hunt down and murder people Ivan considered traitors Peter brought the Russian Orthodox Church under state control. He

Ivan the Terrible (1533-84): Russia’s first tsar Mother was poisoned when he was 7yrs old. Ivan developed a dangerous paranoia. Would throw live animals from the palace towers for fun. After his wife, Anastasia died, Ivan developed a really nasty streak – sentenced thousands to death, would give detailed instructions on

network.edgecount Return the Number of Edges in a Network Object network.edgelabel Plots a label corresponding to an edge in a network plot. network.extraction Extraction and Replacement Operators for Network Objects network.indicators Indicator Functions for Network Properties network.initialize Initialize a Network Class Object

Alfredo López Austin* I. NECESIDAD CONCEPTUAL Soy historiador; mi objeto de estudio es el pensamiento de las sociedades de tradición mesoamericana, con énfasis en las antiguas, anteriores al dominio colonial europeo. Como historiador no encuentro que mi trabajo se diferencie del propio del antropólogo. Más bien, ignoro si existe alguna conveniencia en establecer un límite entre la .