Post on 17-Mar-2020
Fabrizio MaccioniTechnical Marketing Engineerfabrimac@cisco.com@fabrimaccioni
September 15th 2016
Network Automation with Ansible 2.1 and beyond
Session Objective:Abstract
As IT organizations adopt the cloud strategy to build agile data centers, they realize the need to move fast and drive higher levels of innovation.
One of the key components is automation for reliable provisioning and management of the datacenter network.
Join us as we discuss how Ansible can be leveraged to manage your Cisco network.
Session NOT Objective:
Explain what Ansible is
Try to sell Ansible and/or Cisco gear
Deep dive on Ansible modules
AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1What’s next?References
AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1What’s next?References
Why?“I can spin up servers in minutes with my Ansible
Playbooks, why does it take orders of magnitude more to spin up and affect change on my Network Elements?”
“IT Organizations using configuration management tools deploy 30x more frequently with 200x shorter lead times; they have 60x fewer failures and recover
168x faster”
2015 State of DevOps Report
ServicesNetwork
Data Center Automation and IT CollaborationToday: Serialized Configuration and Management
SUCCESSFUL DEPLOYMENT
SlowError Prone
ApplicationsCompute
ApplicationRequirements
ServicesNetwork
Data Center Automation and IT CollaborationToday: Serialized Configuration and Management
SUCCESSFUL DEPLOYMENTApplicationsCompute
ApplicationRequirements
Leaf
Spine
Huge Fabrics: many Spines and 100s Leaves
DC Network TransformationModern Fabrics Architecture
Border Leaf
Huge Fabrics: many Spines and 100s Leaves
ScaleConsistency
L3
Huge Fabrics: many Spines and 100s Leaves
Ansible and Cisco: Better Together
Huge Fabrics: many Spines and 100s LeavesNetwork, Servers and Applications Configurations managed by Ansible
… Cisco UCS
Cisco Nexus Fabric
AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1What’s next?References
Why Ansible?• Everybody talks about Ansible!! • Streamlined and Fast• Yaml is easy• Good Documentation• Agentless!• Agentless!!• Agentless!!!
Must be cool!!
https://clusterhq.com/assets/pdfs/state-of-container-usage-june-2015.pdf
Which container orchestration toolsare you considering?
Show clock
NXAPI Web Server(NGINX)
{"jsonrpc": "2.0","method": "cli","params": {"cmd": "show clock","version": 1
},"id": 1
}
{"jsonrpc": "2.0","result": {"body": {"simple_time": "15:00:37.762 PST Mon Aug 18 2014\n"
}},"id": 1
}
HTTP / HTTPS
Switch(config)# feature nxapi
Ansible Overview on Cisco NexusTechnology Enabler: NX-API CLI
Ansible Overview on Cisco NexusNXAPI Web Sandbox
(1) Point browser to IP Address of Network Element
(2) Enter CLI Commands
(2) See formatted input as you type (3) See formatted output in json/xml
(3) Click POST (4) Generate Python script
AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1What’s next?References
Cisco Nexus before Ansible 2.1how to
1. Install pycsco Open Source Library
2. Clone nxos-ansible Ansible Modules Repository
And follow instructions at https://github.com/jedelman8/nxos-ansible
3. Test some Playbookshttps://github.com/jedelman8/nxos-ansible/tree/master/test-playbooks
Command SNMP groupSNMP Server SNMP Community SNMP user
Interface VTP VLAN
AAA server AAA Server host
ACL
Copy
DirFeature File Copy
Get Facts
Get Interface
Get IPv4 Interface Get Neighbors HSRP IGMP
NTP Switchport VPC
UDLD
Cisco NX-OS Configuration
Cisco Nexus before Ansible 2.1Modules
https://github.com/jedelman8/nxos-ansible/tree/master/library
AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1What’s next?References
New features introduced in Ansible 2.1Key Features
• New Network Core Modules!!nxos_config Manage Cisco NXOS configuration sectionsios_command Run arbitrary command on Cisco IOS devices
• Support for different transportsSSH, NX-API
• Several new useful Optionsdelegate_to, waitfor, force, backup, retries, before/after and more!
New features introduced in Ansible 2.1How to
1. Install pycsco Library
2. Clone nxos-ansible Repository
3. Follow instructions at https://github.com/jedelman8/nxos-ansible
Test some Playbookshttps://github.com/ansible/test-network-modules.git
ServicesNetwork
Cisco And Ansible: Better Together
SUCCESSFUL DEPLOYMENTApplicationsCompute
ApplicationRequirements
ACCELERATE APPLICATION DEPLOYMENT
Open NX-OSOpen Ecosystem
Ansible Native Support
New features introduced in Ansible 2.1IOS Core Modules
• Cisco IOS/IOS-XE Core Modules• ios_command Run commands on remote devices running Cisco IOS• ios_config Manage Cisco IOS configuration sections• ios_facts Collect facts from remote devices running IOS• ios_template Manage Cisco IOS device configurations over SSH
https://docs.ansible.com/ansible/list_of_network_modules.html#ios
Consistent across Switches - Catalyst 2K through 6K
New features introduced in Ansible 2.1IOS-XR Core Modules
• Cisco IOS-XR Core Modules• iosxr_command Run commands on remote devices running Cisco IOS-XR• iosxr_config Manage Cisco IOS-XR configuration sections• iosxr_facts Collect facts from remote devices running IOS-XR• iosxr_template Manage Cisco IOS-XR device configurations over SSH
http://docs.ansible.com/ansible/list_of_network_modules.html#iosxr
nxos_interface
nxos_featurenxos_command nxos_config nxos_facts
nxos_ip_interface nxos_nxapi nxos_ping
http://docs.ansible.com/ansible/list_of_network_modules.html#nxoshttps://github.com/maccioni/cisco-ansible
https://www.youtube.com/watch?v=JQ9Q0NwiuHM
New features introduced in Ansible 2.1NX-OS Core Modules
nxos_switchport nxos_template nxos_vlan nxos_vrf
nxos_vrf_interface nxos_vrrp …
AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1What’s next?References
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3131© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicTECCRS-2700
Othervendors…
OpenDeviceProgrammability
PhysicalandVirtualNetworkInfrastructure
AutomateSet GetNETCONF RESTconf gRPC
Device Features
Interface BGP QoS ACL …SNMP
YANG Data Model
OpenModels
NativeModels
OpenModels
NativeModels
Configuration Operation
What’s next?Model-based Management
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ProtocolsNETCONF RESTconf gRPC
Device Features
Interface BGP QoS ACL …SNMP
YANG Data Model
OpenModels
NativeModels
OpenModels
NativeModels
Physical and Virtual Network Infrastructure
Configuration OperationProgrammable
Interfaces Data
3232© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicTECCRS-2700
Model-based Management Architecture
Models
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Industry definitionCompliant with standard (IETF, ITU, OpenConfig, etc) definitionMay have vendor specific extensionsExample: ietf-diffserv-policy.yang
(IETF Diffserv data model)
Cisco definitionUnique to a Cisco operating system
Example: Cisco-IOS-XR-ipv4-bgp-cfg.yang(IOS-XR BGP data model)
Open Models
NativeModels
3333© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicTECCRS-2700
Model Types
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Benefits:• Use open models where
available, giving commonality across platforms
• Use native models for functionality not yet in open models
• Platforms can advance native models as required while still maintaining open model compatibility
Open Models
Platform Native Models
Platform Config & Oper Data Stores
Map
Client Application
3434© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicTECCRS-2700
Native and Open Models
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3535© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicTECCRS-2700
Standard IETF RFC 6241 IETF draft Open source
Optimized forNetworking ✓ ✓
✗(designed for generic
client/server communications)
Encoding XML XML/JSON Proto Buffer
Connection Oriented ✓ ✗ ✓
Transport SSH HTTP/HTTPS HTTP/2
RESTconfNETCONF gRPC
Protocols
• Add support for NETCONF/RESTCONFCatalyst 3K supports Netconf on IOS-XE 16.3.1
• Use structured data instead of SSH/CLICatalyst 3K supports YANG Models on IOS-XE 16.3.1
• Add support for Cisco ASA• New Modules (NX-OS, IOS, IOS-XR)• What’s missing?
What’s next in Ansible?
https://github.com/ansible/ansible/blob/devel/docsite/rst/roadmap/ROADMAP_2_2.rst
New features introduced in Ansible 2.2ASA Modules
• Cisco ASA Extra Modules• asa_acl (E) Manage access-lists on a Cisco ASA• asa_command (E) Run arbitrary commands on Cisco ASA devices.• asa_config (E) Manage Cisco ASA configuration sections• asa_template (E) Manage Cisco ASA device configurations over SSH
http://docs.ansible.com/ansible/list_of_network_modules.html#asa
AgendaWhat problems are we trying to solve?Ansible Overview on CiscoCisco before Ansible 2.1New features introduced in Ansible 2.1References
ReferencesAnsibleansible.com/network-automationansible.com/ansible-ciscodocs.ansible.com/ansible/list_of_network_modules.htmlGitHubgithub.com/datacenter github.com/datacenter/opennxosgithub.com/datacenter/nxos-ansiblegithub.com/maccioni/cisco-ansibleCiscocisco.com/go/ansible
We are Hiring!!
https://jobs.cisco.com/PRO/job/San-Jose-Technical-Marketing-Engineer-CA-95101/361822600/
Technical Marketing Engineer
• Working with orchestration technologies using DevOps such as Puppet, Chef, Ansible, Containers
• Working with automation or cloud software to enable next generation network design and network architectures