puppet enterprise for the network

Copyright © 2013 Juniper Networks, Inc. www.juniper.netCopyright © 2013 Juniper Networks, Inc. www.juniper.net

PUPPET AND NETWORKING

Jeremy Schulman - Director | Automation Concept Engineering

@[email protected]


WHY DID WE DO IT?


Device running Junos OS

Puppet Netdev modules

Ruby Gems

Ruby Interpreter

XML

Puppet Agent (client)

Puppet Master (server)

netdev

jpuppetpackage

PUPPET FOR JUNOS

(FreeBSD)


JUNOS XML APION-BOX AND OFF-BOX AUTOMATION

Secure TCP/IP connections viaSSHv2 (RFC4742)

XML

NETCONF XML PROTOCOL (RFC4741)

SwitchingSecurity Routing

Management System

Automate config changes,remote invocation of operational commands,collection of logs

Secure and connection oriented … SSHv2 as transport Structured and transaction based … XML as RPC request / response User-class privilege aware … Native to Junos Comprehensive & Consistent ... Automate everything

NETCONF client libraries exist for a number of programming languages such as Java, Perl, Ruby, Python, and even SLAX !


PUPPET "NETDEV" MODULE

Netdev is a vendor-neutral network abstraction framework developed by Juniper Networks and contributed freely to the DevOps community

Juniper has contributed basic layer-1 and layer-2 network abstractions

DevOps can extend the framework to define any abstractions or features they need for their environment

The Netdev framework is open and free; i.e. the “DevOps” way


PUPPET FOR JUNOS

“DevOps” Approach:

Netdev module source code is in Github

All packages are stored where they should be (Puppet Forge,…)

Support done on J-Net community forum

Juniper technical documentation available

Free, “BSD-style” license


NETDEV RESOURCES TYPES

Resource Description

netdev_vlan Manages VLAN configuration

netdev_interface Manages Physical Interface configuration

netdev_l2_interface Manages VLAN to interface assignments

netdev_lag Manages Link Aggregation Group configuration

class switch_template { netdev_vlan { "Pink": vlan_id => 703 } netdev_vlan { "Green": vlan_id => 101 } netdev_l2_interface { 'ge-0/0/19': untagged_vlan => Pink, } netdev_l2_interface { 'ge-0/0/20': description => "My port, back off!", untagged_vlan => Blue, tagged_vlans => [ Green, Black, Yellow ], } }


NETDEV_VLAN MANAGE VLANS

Property Description

name The name of the VLAN, e.g. “Blue”

vlan_id The VLAN tag-ID value [ 1 .. 4095 ]

description The VLAN description. If one is not provided, then it will default to:Puppet created VLAN: <name>: <vlan-id>

VLANs are assigned to ports using the netdev_l2_interface resource


NETDEV_INTERFACE MANAGE PHYSICAL INTERFACES


name The name of the interface, e.g. “ge-0/0/0”

description Assigns the description value to the interface, defaults to:Puppet created interface: <name>

admin Configures the administrative state, defaults to up:up, down

mtu Configures the interface MTU value

speed Defaults to auto, Forces the link speed:10m, 100m, 1g, 10g, auto

duplex Defaults to autoForces the link duplex:full, half, auto


NETDEV_L2_INTERFACE MANAGE ASSIGNMENT OF VLANS TO SWITCH PORTS


name The name of the interface, e.g. “ge-0/0/0”, note: does *not* include the unit number

description Assigns the description value to the interface, defaults to:Puppet created eth-switch: <name>

untagged_vlan VLAN name for untagged packets. If the port is also processing tagged packets, then this VLAN is the "native VLAN"

tagged_vlans VLAN names for tagged packets. This could be a single value, or an array of values. When this property is set, vlan_tagging property defaults to enable

vlan_tagging Normally not used ... automatic by Puppetdisable (default) - port is in access mode, tagged packets discardedenable - port is in trunk mode, tagged packets processedAutomatically set to enable if tagged_vlans is also set


NETDEV_LAG MANAGE LINK AGGREGATION GROUPS


name The name of the interface, e.g. “ae0”

links A list of physical interfaces that makes up the LAG bundle

lacp Controls if and how the Link Aggregation Control Protocol (LACP) is used.disabled (default) – LACP is not usedactive – LACP is in the active modepassive – LACP is in the passive mode

minimum_links The number of physical links that must be in the “up” condition to declare the LAG port in the “up” condition. By default this value is not set and there is no minimum link requirement


AUTOMATION IS LIKE EATING ICE CREAM

• Everyone want it

• Everyone wants something different

• No-one wants to make it

• No-one wants to clean up the mess


HOW DO YOU EAT ICE CREAM?

Banana Splitat Baskin Robins

Self ServiceFrozen Yogurt

The Grocery Store DIY with Kitchen-Aid


FRICTIONLESS IT AUTOMATION

Return on Investment Increase revenue throughput

Reduce costs to manually do repetitive work

Reduce costs due to delays and errors

Reduce Risk Manually operated complex systems are fragile

Improve Service Network infrastructure is a "utility" that runs the business

Server and application automation is the standard

Network automation must "level-up"


Nodal Automation

( Puppet, Chef )

Ad-HocScripting

( Bash, Perl )

IT WorkflowOrchestration

Business Workflow

Orchestration

JNCIA

Associate

JNCIS

Specialist

JNCIP

Professional

JNCIE

Expert

IT

Network

Value is a function of automation programming and system integration that drives the business

Value is a function of mastering vendor CLI and networking domain knowledge


SERVER WORLD

Device running Linux

Linux Kernel

Fedora Distribution

Applications Applications

Applications Applications

Middleware

Middleware

Middleware

Middleware

Discrete collections of package / files / service

More discrete collections of package / files / service


NETWORKING WORLD

Device running Junos

Junos Image

Initial Configuration

Service Service

Service Service

Discrete collections of configuration statement

More discrete collections of configuration statement


OPPORTUNITIES FOR NETWORK AUTOMATION

Device running Junos

Junos Image

Initial Configuration

Service Service

Service Service

BUILDHOUSE

CHANGEHOUSE


LEARN MORE ABOUT PUPPET FOR JUNOS


THANK YOU !


NETDEV_L2_INTERFACEACCESS PORT EXAMPLE - EX PLATFORMS

node "ex4" { netdev_device { $hostname: }

netdev_l2_interface { "ge-0/0/9": untagged_vlan => Green } }

interfaces { ge-0/0/9 { unit 0 { description "Puppet created netdev_l2_interface : ge-0/0/9" family ethernet-switching { port-mode access; vlan { members Green; } } } }}


NETDEV_L2_INTERFACEACCESS PORT EXAMPLE - MX PLATFORMS

node "mx12" { netdev_device { $hostname: }

netdev_l2_interface { "ge-5/0/3": untagged_vlan => Green } }

interfaces { ge-5/0/3 unit 0 { description "Puppet created netdev_l2_interface: ge-5/0/3"; family bridge { interface-mode access; vlan-id 101; } } }}

puppet enterprise for the network

Technology

vlan vlan

vlan description

juniper networks

vlan configuration netdev

puppet netdev module

interface assignments

native vlan

blue vlan