Infrastructure as Code for Network
-
Upload
damien-garros -
Category
Technology
-
view
149 -
download
2
Transcript of Infrastructure as Code for Network
Infrastructure as CodeDamien Garros, Technical Marketing Engineer
2 © 2016 Juniper Networks, Inc. All rights reserved.
• What is Infrastructure as Code ?• Tips and Tricks to Get Started• Demo• How to get started
Agenda
What is Infrastructure as Code ?
4 © 2016 Juniper Networks, Inc. All rights reserved.
Infrastructure as code represent the idea that everything needed to run an infrastructure can be
consider as Software
and as such can leverage development
technics for Collaboration, Deployment and Continuous
Integration.
5 © 2016 Juniper Networks, Inc. All rights reserved.
CI/CD for Networks
6 © 2016 Juniper Networks, Inc. All rights reserved.
CI/CD for Networks
CI/CD what ??
7 © 2016 Juniper Networks, Inc. All rights reserved.
CI/CD Pipeline for Software Development
Code Build Test Deploy Monitor
Dev
CIContinuous Integration
CDContinuous Deployment
8 © 2016 Juniper Networks, Inc. All rights reserved.
What is the impact ? • Customers who embraced this
new way of building infrastructure for servers observed:
200x more
frequent deployment
24x faster
recovery from failure
3x lower
change failure rate
2.5x Shorter
lead time
Source: 2016 State of Devops Report (from puppet)
9 © 2016 Juniper Networks, Inc. All rights reserved.
Infrastructure as Code is about
Operation Efficiency
Who is not interested to operate the network more efficiently ?
10 © 2016 Juniper Networks, Inc. All rights reserved.
Fall 2016 NetDevOps Survey
Series1
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
No interest Thinking about it Evaluating In Production
18% are already in production60% are thinking about it or evaluating it
Infrastructure as code
Example of Workflows
12 © 2016 Juniper Networks, Inc. All rights reserved.
Version ControlVirtual Lab
Master
Feature B
Looks good please can you add description
Done
Approved
Approved
Virtual Lab1 – Create virtual topology2 – Deploy new configurations3 – Run all tests
Report tests result
Pull Request
Example of workflow
Production
Configuration store in version control
New branch for each modification
1
2
Pull request for each modification3
Review process as part of pull request
Automated test as part of pull request
4
5
Delete virtual env once report is available
6
Deploy in production when pull request is merged
7
Deploy
Validate
13 © 2016 Juniper Networks, Inc. All rights reserved.
Infrastructure as Code is a Journey
• There is not only one story for Infrastructure as Code
• All aspects may or may not be present• Only Change control is mandatory
Start small and evolve from there
14 © 2016 Juniper Networks, Inc. All rights reserved.
Infrastructure as Code is a Journey
Infrastructure as CodeNetwork
Continuous DeliveryAutomated Deployment
Generate and deploy configuration automatically
Run continuous tests in your network to identify
issue as quickly as possible
Test/Validate your changes
before deploying them in production
15 © 2016 Juniper Networks, Inc. All rights reserved.
Change Control
Version controlReview process
Virtual Lab
Build Virtual Lab on demand
TestTest network device statusContinuous integration
Telemetry
Collect,Visualize and Correlate
Config Automation
Templatize and automate configuration
Event Driven
Actively monitor events
Infra As
Code
Infrastructure as code / Building Block
Mandatory
16 © 2016 Juniper Networks, Inc. All rights reserved.
Compelling for all customers
Change Control
Virtual Lab
Test
Telemetry
Config Automation
Event Driven
Conservative Early Adopter
Tips and Tricksto Get Started
Change Control
19 © 2016 Juniper Networks, Inc. All rights reserved.
ScriptsCode
Device configuration
Documentation
Bug tracker
Everything is moving to Github or Gitlab
20 © 2016 Juniper Networks, Inc. All rights reserved.
Fall 2016 NetDevOps Survey
Series1
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
No interest Thinking about it Evaluating In Production
60% are already in production34% are thinking about it or evaluating it
Git
21 © 2016 Juniper Networks, Inc. All rights reserved.
Change Control - fundamentalsGithub or Gitlab
Master
Feature B
Looks good please can you add description
Done
Approved
Approved
Pull Request
Branch Master always represent what is deployed in production.
Every change must be proposed using a Pull Request
Change can be discussed and adjusted before being merged
22 © 2016 Juniper Networks, Inc. All rights reserved.
Why is Git so popular ?
GIT Subversion CVS
23 © 2016 Juniper Networks, Inc. All rights reserved.
Why is Git so popular ?
Enable CollaborationAcross Team
Without losing ownership
24 © 2016 Juniper Networks, Inc. All rights reserved.
Collaboration Platforms
Git
Issue Tracker
DocsWiki
Release mgmt
DockerThird party Doc
Code Coverage Ansible
CI/CD
Pull Request
Stats
Build-In Ecosystem
Continuous Integration
26 © 2016 Juniper Networks, Inc. All rights reserved.
Continuous Integration
Travis-CI External tools that will execute some tests for EACH change/commit:
1. Download the project2. Setup Environment3. Run tests4. Report results in Github/GitlabGitlab-CI
27 © 2016 Juniper Networks, Inc. All rights reserved.
Gitlab-CI – setupstages:
- test- deploy
before_script: - pip install -r requirements.txt - pip install -q ansible
generate_config: stage: test script:
- ansible-playbook pb.generate.config.yaml
deploy_config: stage: deploy script:
- ansible-playbook pb.conf.all.commit.yaml
.gitlab-ci.yaml• Configuration defined inside the project with a config file (.gitlab.yaml)
• Can define a pipeline of stages and actions for each stage
• Some stages can be applicable to some branches only
28 © 2016 Juniper Networks, Inc. All rights reserved.
Validate
Deploy
Gitlab-CI – Infrastructure as Code Pipeline
Test
Build
• Validate new configurations on physical lab or virtual lab
• Validate that network is behaving properly after new configurations have been deployed
• Deploy New configurations in production environment
• Create new configurations, make sure
BranchMaster
Only
Config Automation
30 © 2016 Juniper Networks, Inc. All rights reserved.
Configuration Generation Project
Configuration Generation Project• A project to generate
configurations is mainly composed of :– Templates– Variables– Scripts/Playbooks
Templates Variables
junos-system.j2bgp.j2Acl.j2
Interfaces nameDevice namesMgmt IPIP addressesEtc ..
ScriptsPlaybooks
deploy_configcheck_connectivity
31 © 2016 Juniper Networks, Inc. All rights reserved.
1 project – multiple environments
Lab Production
• Between environments, templates are shared but some variables and playbooks can be different
• Everything need to be tested and if there are too many environment specific variables, the chance to not find a bug increase.
Configuration Generation
Project
Shared Templates
Lab Vars Prod VarsShared Var
Lab Pbs Prod PbsShared Playbooks
32 © 2016 Juniper Networks, Inc. All rights reserved.
Topology Independent w/ Ansible
• Topology file name defined in the inventory file under the variable “topology_file
• File loaded with pre_tasks in each playbook
hosts.ini
Playbooks
33 © 2016 Juniper Networks, Inc. All rights reserved.
Topology Independent w/ Ansible
• Centralize information related to physical topology
• Access these information from other files by using variable name
sample-topology.yaml
host_vars/fabric-01/underlay.yaml
34 © 2016 Juniper Networks, Inc. All rights reserved.
Topology Independent / Inventory w/ Ansible
ansible-playbook -i pre-production.ini pb.conf.all.commit.yaml
ansible-playbook -i production.ini pb.conf.all.commit.yaml
Virtual Lab
36 © 2016 Juniper Networks, Inc. All rights reserved.
The VMs itself is not enough
On-Premise
Cloud
When building a virtual lab for testing, the VM itself is not enough.
We need to have a solution to : • Create the topology, L1/L2 links• Spin up and down devices, • Configure devices etc … • Assign IP addresses
Ravello System
Vagrant
37 © 2016 Juniper Networks, Inc. All rights reserved.
What is Vagrant ?
A tool for building and distributing virtualized environment
Open Source and modular
VagrantfileDefine what type of VM/BoxDefine the physical topology
Vagrantcloud
Automatic download
Provisioning
OpenStackHypervisor
VM App Store
38 © 2016 Juniper Networks, Inc. All rights reserved.
Ravello System
• Layer 2 ‘data-center-like’ networking• Easy replication through Blueprint• Public IP for all VMs • Isolated Networking• Self-service & on-demand access • Unlimited capacity• Usage based pricing • Scalable• Robust REST APIs
Cloud Based Virtual Lab
Oracle Cloud
Google Compute Engine
AWS
39 © 2016 Juniper Networks, Inc. All rights reserved.
Ravello - Automation
• Automate creation / deployment of virtual topologies on Ravello using Ansible
• Open Source library developed by Juniper
https://github.com/Juniper/ravello-ansible
Demo
41 © 2016 Juniper Networks, Inc. All rights reserved.
Demo / topologyspine-01 spine-02
leaf-01 leaf-02 leaf-03 leaf-04
• Physical network based on Spine/Leaf topology
• Each device has a unique ASN
• eBGP between all members
• Simple IP routing
42 © 2016 Juniper Networks, Inc. All rights reserved.
Demo / building Bloc
Gitlab-CIGitlab vQFX
Change control Config
Virtual Lab Tests
43 © 2016 Juniper Networks, Inc. All rights reserved.
Testing w/ Ansiblespine-01 spine-02
leaf-01 leaf-02 leaf-03 leaf-04
Testing is done using Ansible
• Check Physical layer– Check all interfaces are UP – Check LLDP neighbors
• Check Underlay– Ping all neighbors– Check BGP status– Ping ANY2ANY between leaf
44 © 2016 Juniper Networks, Inc. All rights reserved.
Testing w/ Ansiblespine-01 spine-02
leaf-01 leaf-02 leaf-03 leaf-04
• Testing is done using Ansible
• Check Physical layer– Check all interfaces are UP – Check LLDP neighbors
• Chech Underlay– Ping all neighbors– Check BGP status– Ping ANY2ANY between leaf
45 © 2016 Juniper Networks, Inc. All rights reserved.
Gitlab-CI pipeline
NonMasterBranch
MasterBranch
How to Get Started
47 © 2016 Juniper Networks, Inc. All rights reserved.
What Professional Services Bring
Industry leading expertise in designing and implementing network automation
Delivering an integrated software framework for automation
Sharing knowledge throughout delivery
Maintaining rigor so that projects are delivered on time and within budget
Knowledge Transfer & Customer Focus
Network Design, Implementation and Testing Expertise
Open Source Framework Expertise
Project Management
48 © 2016 Juniper Networks, Inc. All rights reserved.
Network Automation Services
Network Automation Services
PS Practice
Software DefinedNetworking
Core & Edge
Cloud & Data Center
Security
Design Deploy AuditTest
Design Automation
Automated Deployment
TestAutomation
Audit Automation
Thank you
50 © 2016 Juniper Networks, Inc. All rights reserved.
Get Started with examples online
Ravello
Ansible Library to automate Ravellohttps://github.com/Juniper/ravello-ansibleExample of Project to build an IP fabric on Ravello using Ansiblehttps://github.com/dgarros/rav-ipfabric-demo
51 © 2016 Juniper Networks, Inc. All rights reserved.
Get Started with examples online
AnsibleAnsible project to configure and test an IP Fabric + EVPN/VXLANhttps://github.com/JNPRAutomate/ansible-junos-evpn-vxlan Playbook to check physical and underlay layer using Ansiblehttps://github.com/JNPRAutomate/ansible-junos-evpn-vxlan/blob/master/pb.check.physical.yamlhttps://github.com/JNPRAutomate/ansible-junos-evpn-vxlan/blob/master/pb.check.physical.yaml
52 © 2016 Juniper Networks, Inc. All rights reserved.
Get Started with examples online
Telemetry / OpenNTIOpen Source Telemetry Collector for Telemetry, Netconf and Event (syslog)https://github.com/Juniper/open-nti
Fluentd plugin for Juniper Telemetry Streaminghttps://github.com/JNPRAutomate/fluent-plugin-juniper-telemetry
53 © 2016 Juniper Networks, Inc. All rights reserved.
Associated products/tools (1/2)
Change control
Version controlReview process
Github/GitlabTravis-CIJenkins
Virtual Lab
Build virtual Lab on demand
vMX/vQFX/vSRXRavelloVagrantJunosphere
TestTest network device statusContinuous integration
JSNAPyPyezNITARobot FrameworkAnsible
54 © 2016 Juniper Networks, Inc. All rights reserved.
Associated products/tools (2/2)
Telemetry
Collect,Visualize and Correlate
JTIOpenconfigNetconfOpenNTIKapacitorThird party integration
Config Automation
Execute more automated tests
AnsibleSaltstackPyezNetconf
Event Driven
SaltstackjEDI