infrastructure as code for network

Infrastructure as CodeDamien Garros, Technical Marketing Engineer

2 © 2016 Juniper Networks, Inc. All rights reserved.

• What is Infrastructure as Code ?• Tips and Tricks to Get Started• Demo• How to get started

Agenda

What is Infrastructure as Code ?


Infrastructure as code represent the idea that everything needed to run an infrastructure can be

consider as Software

and as such can leverage development

technics for Collaboration, Deployment and Continuous

Integration.


CI/CD for Networks


CI/CD for Networks

CI/CD what ??


CI/CD Pipeline for Software Development

Code Build Test Deploy Monitor

Dev

CIContinuous Integration

CDContinuous Deployment


What is the impact ? • Customers who embraced this

new way of building infrastructure for servers observed:

200x more

frequent deployment

24x faster

recovery from failure

3x lower

change failure rate

2.5x Shorter

lead time

Source: 2016 State of Devops Report (from puppet)


Infrastructure as Code is about

Operation Efficiency

Who is not interested to operate the network more efficiently ?


Fall 2016 NetDevOps Survey

Series1

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

No interest Thinking about it Evaluating In Production

18% are already in production60% are thinking about it or evaluating it

Infrastructure as code

Example of Workflows


Version ControlVirtual Lab

Master

Feature B

Looks good please can you add description

Done

Approved

Approved

Virtual Lab1 – Create virtual topology2 – Deploy new configurations3 – Run all tests

Report tests result

Pull Request

Example of workflow

Production

Configuration store in version control

New branch for each modification

1

2

Pull request for each modification3

Review process as part of pull request

Automated test as part of pull request

4

5

Delete virtual env once report is available

6

Deploy in production when pull request is merged

7

Deploy

Validate


Infrastructure as Code is a Journey

• There is not only one story for Infrastructure as Code

• All aspects may or may not be present• Only Change control is mandatory

Start small and evolve from there


Infrastructure as Code is a Journey

Infrastructure as CodeNetwork

Continuous DeliveryAutomated Deployment

Generate and deploy configuration automatically

Run continuous tests in your network to identify

issue as quickly as possible

Test/Validate your changes

before deploying them in production


Change Control

Version controlReview process

Virtual Lab

Build Virtual Lab on demand

TestTest network device statusContinuous integration

Telemetry

Collect,Visualize and Correlate

Config Automation

Templatize and automate configuration

Event Driven

Actively monitor events

Infra As

Code

Infrastructure as code / Building Block

Mandatory


Compelling for all customers

Change Control

Virtual Lab

Test

Telemetry

Config Automation

Event Driven

Conservative Early Adopter

Tips and Tricksto Get Started

Change Control


ScriptsCode

Device configuration

Documentation

Bug tracker

Everything is moving to Github or Gitlab


Fall 2016 NetDevOps Survey

Series1

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

No interest Thinking about it Evaluating In Production

60% are already in production34% are thinking about it or evaluating it

Git


Change Control - fundamentalsGithub or Gitlab

Master

Feature B

Looks good please can you add description

Done

Approved

Approved

Pull Request

Branch Master always represent what is deployed in production.

Every change must be proposed using a Pull Request

Change can be discussed and adjusted before being merged


Why is Git so popular ?

GIT Subversion CVS


Why is Git so popular ?

Enable CollaborationAcross Team

Without losing ownership


Collaboration Platforms

Git

Issue Tracker

DocsWiki

Release mgmt

DockerThird party Doc

Code Coverage Ansible

CI/CD

Pull Request

Stats

Build-In Ecosystem

Continuous Integration


Continuous Integration

Travis-CI External tools that will execute some tests for EACH change/commit:

1. Download the project2. Setup Environment3. Run tests4. Report results in Github/GitlabGitlab-CI


Gitlab-CI – setupstages:

- test- deploy

before_script: - pip install -r requirements.txt - pip install -q ansible

generate_config: stage: test script:

- ansible-playbook pb.generate.config.yaml

deploy_config: stage: deploy script:

- ansible-playbook pb.conf.all.commit.yaml

.gitlab-ci.yaml• Configuration defined inside the project with a config file (.gitlab.yaml)

• Can define a pipeline of stages and actions for each stage

• Some stages can be applicable to some branches only


Validate

Deploy

Gitlab-CI – Infrastructure as Code Pipeline

Test

Build

• Validate new configurations on physical lab or virtual lab

• Validate that network is behaving properly after new configurations have been deployed

• Deploy New configurations in production environment

• Create new configurations, make sure

BranchMaster

Only

Config Automation


Configuration Generation Project

Configuration Generation Project• A project to generate

configurations is mainly composed of :– Templates– Variables– Scripts/Playbooks

Templates Variables

junos-system.j2bgp.j2Acl.j2

Interfaces nameDevice namesMgmt IPIP addressesEtc ..

ScriptsPlaybooks

deploy_configcheck_connectivity


1 project – multiple environments

Lab Production

• Between environments, templates are shared but some variables and playbooks can be different

• Everything need to be tested and if there are too many environment specific variables, the chance to not find a bug increase.

Configuration Generation

Project

Shared Templates

Lab Vars Prod VarsShared Var

Lab Pbs Prod PbsShared Playbooks


Topology Independent w/ Ansible

• Topology file name defined in the inventory file under the variable “topology_file

• File loaded with pre_tasks in each playbook

hosts.ini

Playbooks


Topology Independent w/ Ansible

• Centralize information related to physical topology

• Access these information from other files by using variable name

sample-topology.yaml

host_vars/fabric-01/underlay.yaml


Topology Independent / Inventory w/ Ansible

ansible-playbook -i pre-production.ini pb.conf.all.commit.yaml

ansible-playbook -i production.ini pb.conf.all.commit.yaml

Virtual Lab


The VMs itself is not enough

On-Premise

Cloud

When building a virtual lab for testing, the VM itself is not enough.

We need to have a solution to : • Create the topology, L1/L2 links• Spin up and down devices, • Configure devices etc … • Assign IP addresses

Ravello System

Vagrant


What is Vagrant ?

A tool for building and distributing virtualized environment

Open Source and modular

VagrantfileDefine what type of VM/BoxDefine the physical topology

Vagrantcloud

Automatic download

Provisioning

OpenStackHypervisor

VM App Store


Ravello System

• Layer 2 ‘data-center-like’ networking• Easy replication through Blueprint• Public IP for all VMs • Isolated Networking• Self-service & on-demand access • Unlimited capacity• Usage based pricing • Scalable• Robust REST APIs

Cloud Based Virtual Lab

Oracle Cloud

Google Compute Engine

AWS


Ravello - Automation

• Automate creation / deployment of virtual topologies on Ravello using Ansible

• Open Source library developed by Juniper

https://github.com/Juniper/ravello-ansible


Demo / topologyspine-01 spine-02

leaf-01 leaf-02 leaf-03 leaf-04

• Physical network based on Spine/Leaf topology

• Each device has a unique ASN

• eBGP between all members

• Simple IP routing


Demo / building Bloc

Gitlab-CIGitlab vQFX

Change control Config

Virtual Lab Tests


Testing w/ Ansiblespine-01 spine-02


Testing is done using Ansible

• Check Physical layer– Check all interfaces are UP – Check LLDP neighbors

• Check Underlay– Ping all neighbors– Check BGP status– Ping ANY2ANY between leaf


Testing w/ Ansiblespine-01 spine-02


• Testing is done using Ansible

• Check Physical layer– Check all interfaces are UP – Check LLDP neighbors

• Chech Underlay– Ping all neighbors– Check BGP status– Ping ANY2ANY between leaf


Gitlab-CI pipeline

NonMasterBranch

MasterBranch

How to Get Started


What Professional Services Bring

Industry leading expertise in designing and implementing network automation

Delivering an integrated software framework for automation

Sharing knowledge throughout delivery

Maintaining rigor so that projects are delivered on time and within budget

Knowledge Transfer & Customer Focus

Network Design, Implementation and Testing Expertise

Open Source Framework Expertise

Project Management


Network Automation Services

Network Automation Services

PS Practice

Software DefinedNetworking

Core & Edge

Cloud & Data Center

Security

Design Deploy AuditTest

Design Automation

Automated Deployment

TestAutomation

Audit Automation

Thank you


Get Started with examples online

Ravello

Ansible Library to automate Ravellohttps://github.com/Juniper/ravello-ansibleExample of Project to build an IP fabric on Ravello using Ansiblehttps://github.com/dgarros/rav-ipfabric-demo

https://github.com/Juniper/ravello-ansible

https://github.com/dgarros/rav-ipfabric-demo



AnsibleAnsible project to configure and test an IP Fabric + EVPN/VXLANhttps://github.com/JNPRAutomate/ansible-junos-evpn-vxlan Playbook to check physical and underlay layer using Ansiblehttps://github.com/JNPRAutomate/ansible-junos-evpn-vxlan/blob/master/pb.check.physical.yamlhttps://github.com/JNPRAutomate/ansible-junos-evpn-vxlan/blob/master/pb.check.physical.yaml

https://github.com/JNPRAutomate/ansible-junos-evpn-vxlan

https://github.com/JNPRAutomate/ansible-junos-evpn-vxlan/blob/master/pb.check.physical.yaml





Telemetry / OpenNTIOpen Source Telemetry Collector for Telemetry, Netconf and Event (syslog)https://github.com/Juniper/open-nti

Fluentd plugin for Juniper Telemetry Streaminghttps://github.com/JNPRAutomate/fluent-plugin-juniper-telemetry

https://github.com/Juniper/open-nti

https://github.com/Juniper/open-nti




Associated products/tools (1/2)

Change control

Version controlReview process

Github/GitlabTravis-CIJenkins

Virtual Lab

Build virtual Lab on demand

vMX/vQFX/vSRXRavelloVagrantJunosphere

TestTest network device statusContinuous integration

JSNAPyPyezNITARobot FrameworkAnsible


Associated products/tools (2/2)

Telemetry

Collect,Visualize and Correlate

JTIOpenconfigNetconfOpenNTIKapacitorThird party integration

Config Automation

Execute more automated tests

AnsibleSaltstackPyezNetconf

Event Driven

SaltstackjEDI

infrastructure as code for network

Technology