Join NTC for Networking Field Day 27!

Blog Detail

Hello and Happy New Year everyone! Network to Code is very excited to start this new year presenting at Networking Field Day 27. Here is a list of our speakers and their topics:

John Anderson – Nautobot App Platform Overview

This session briefly covers Nautobot as a Source of Truth (SoT) and then moves on to cover, in depth

  • Nautobot as an App Platform
  • Why the concept of a platform is important
  • Open source Nautobot apps currently available

Tim Fiola – Automating Circuit Maintenances

Managing circuit maintenances and notifications is a well-known problem by network operators. Circuit maintenances are scheduled by Network Service Providers (NSPs) and temporarily affect the actual state of a circuit. There are steps that must be done to ensure network operators and automation tools know the state of a circuit that is ultimately dictated by an NSP.

This session explains how you can let Nautobot automatically take care of fetching notifications, normalizing their data (most common case is that every NSP has its own notification template), and finally updating the SoT to keep track of past, present, and future changes related to circuit maintenances.

Tim Schreyack – NetDevOps-Driven Configuration Compliance

Network Automation is a journey and there are still growing trends around NetDevOps and learning skills and tools such as JSON, YAML, Jinja2 templating, Python, and Ansible.

This session walks through how you can take a gradual path to learning and how you can apply those skills to achieve NetDevOps-Driven Configuration Compliance.

Tim Schreyack – Using ChatOps to Talk to Your Network

With network automation, you must consider how users will interact with the automation infrastructure. Who opens every network request you work on? How often are you fielding requests just to get data and relay it to another team? Wouldn’t it be great to have a bot respond to requests to bounce a port, check an interface’s VLANs, check a rack elevation diagram, view inventory, view dashboards in tools like Grafana, and a whole lot more?!

This session showcases network-centric ChatOps showcasing demos that combine Microsoft Teams, Webex Teams, Slack, and Mattermost chatting with Arista CloudVision, Cisco ACI, Cisco Meraki, Grafana, Nautobot, IP Fabric, Kentik, and Ansible, and more!

John Anderson – Synchronizing Data to Create a Single Source of Truth

It is extremely important that the Source of Truth (SoT) hold data on the intended state of the network. However, it is near impossible to store all authoritative data required to manage network configurations in any single application. This is why it is critical to have a framework that synchronizes data across multiple authoritative sources for different types of data into your SoT, including:

  • IPAM/DDI platforms
  • CMDBs
  • Circuit databases
  • Any other tool that is the authoritative source for a specific dataset

In this sense, the SoT acts as an aggregation layer across all your authoritative sources. This aggregation allows users to leverage existing tools while getting the data into a Single Source of Truth that then has a unified view into ALL data and can be used to power network automation.


Conclusion

Please do join us and tune in at this link at 10:30am-12:30pm Pacific (10:30-12:30 PT / 1:30pm-3:30pm ET) to view the livestream!

Thank you, and have a great week!

-Tim Fiola, Senior Solutions Architect at NTC



ntc img
ntc img

Contact Us to Learn More

Share details about yourself & someone from our team will reach out to you ASAP!

NFD21 – Network Automation Journey

Blog Detail

In early October, I had the chance and the opportunity to be part of the team that represented Network to Code at Networking Field Day 21. Participating in Network Field Day is always a challenging exercise as you’re expected to present in front of a group of industry experts that are not shy about asking the hard questions. On top of that they love demos, but only live demos, which adds another level of stress on top of this exercise.

A few weeks ago, while we were brainstorming on what we wanted to demonstrate this time, we decided to try something different. Instead of building the most complex and impressive demo about network automation, we decided to walk the delegates through a journey into network automation. What would it look like to start automating an existing network and step by step turn it into a modern environment? We also wanted to take this opportunity to explain how at Network to Code we are working hand-in-hand with our customers to automate their networks.

Network to Code methodology

When we are engaging with a new customer, the first order of business is usually to do an assessment of the current situation. What are the most important business requirements? What is the current status of the network? Which tools are already in place and which one should stay or be replaced?

Based on this initial assement we build a personalized action plan with each customer, composed of multiple phases. These phases will be different for each customer based on what they already have in place.

As we start implementing these phases and making progress in the network automation journey, we are also working on both formal and informal training to ensure that the team in place is able to follow along what we are doing and feels comfortable with the solution that we are building. It’s very important for the long-term success of the project.

Journey into network automation

For this exercise, we built a virtual topology composed of 5 different Network OS (NOS): NX-OS, IOS XE, IOS XR, Junos and EOS. It’s very common to find a heterogeneous network composed of very different NOS and its part of the challenge in taking an existing network into automation. Automating a brownfield network is hard, but it’s the most common use case.

Phase 1 – Standardization

When we want to automate a network it’s critical to start thinking about standardization. When it comes to standardization make sure you consider at least the following items at the beginning of a project:

  • Network design standardization
  • Naming convention
  • Document workflows
You can't automate a big mess

More is not always merrier when it comes to standardization. Not all standards are automation friendly and it’s usually best to keep it simple. For example, most networks already have a naming convention in place, in most cases, it’s trying to fit as much information as possible into the hostname of the device because it’s the only place we can store information.
It usually works well at first but overtime as the network evolves, these very complex rules tend to get in the way of evolution. In an automated environment, where all devices are inventoried properly, you have the ability to store as much metadata/attribute and additional information per device in a structured way as you want, so it’s not required to put everything in the hostname anymore.

The discussion around workflows is usually very interesting and an eye-opening moment for a lot of our customers. Everyone has workflows but in a lot of cases they are not properly documented. It’s not unusual to hear we don’t have a lot of workflows, maybe 1 or 2 with a few steps” at the beginning of the workshop and by the end of the session we have identified 5 to 10 workflows, with more than 10 steps each.
At the end, automation is all about workflow, so this part is very important in a similar way to the naming convention described previously–not all workflows are automation friendly. It’s important to identify the requirements and the dependencies of your workflows and identify where and how this information is available. If some critical information requires a manual intervention late in the process, it will be hard to fully automate this workflow. In this case, it’s important to redesign the workflow and see what information is really mandatory and what’s optional.

Phase 2 – Build an inventory

To start automating your first workflow, even the simplest, it’s important to have an inventory of your system. It’s not possible to automate without an inventory that contains critical information such as: ip address, platform, role, credentials, etc. An inventory can be as simple as a structured text file (like an ansible inventory) or it can be saved in a database. How you store it is not important as long as you have a proper inventory.

Once you have your inventory, it’s possible to automate the population of all your other tools that maintains their own list of devices. Monitoring tools, DCIM, IPAM etc…

Phase 3 – Quick wins, read only workflows

Once you have an inventory, you are ready to start implementing some read-only workflows that won’t harm the network, the most commons are:

  • Configurations backup, Save all configurations in version control
  • Synchronize Inventory across all tools, monitoring, alerting, etc.
  • Compliance Checks, ACL Verification, Configuration Standard
  • Ops / Chatops, Gather data from the network, assisted troubleshooting

During the NFD presentation I demonstrated how from an inventory file I was able to populate all my devices into an DCIM solution like Netbox, including some information like the rack elevation. Then, using a Chatbot that we developed at Network to Code, I was able to gather information from my network directly within Slack leveraging Netbox and Napalm. In this example, among other things, I showed how to gather the LLDP information from a device using Slack, Netbox and Napalm.

Chatbot

You can watch this part of the demo starting around 8:20min

Phase 4 – Source of Truth

The next step in a network automation journey is to build a Source of Truth (SOT) to capture the intended state of the network. The Source of Truth is a very important component in your automation framework, if not the most important, but surprisingly it’s not often discussed. John Anderson gave a great introduction to SOT during his presentation earlier at NFD21, you can watch it (around 2:56).

One of the goals is to be able to regenerate all your configurations for your network devices from the Source of Truth and your configuration templates. We’ll address this part in the next section. Now to be able to do that, you need to ensure that your Source of Truth has all the right information:

  • If you are working on a greenfield environment, you’ll need some tools to be able to convert your design/your intent and populate all the information required to create this design into your SOT: ip, cabling, device attributes etc.
  • If you are working on a brownfield environment, like we did during the NFD presentation, your running network is currently the Source of Truth so you need to find a way to extract everything from the network and reimport it into your SOT.

You probably don’t want to import everything all the time, because it wouldn’t be defined as a Source Of Truth. But, to get started you need to extract as much information as you can, and then you’ll need to curate the data to ensure that everything is in order. This process can take a lot of time and effort, but the outcome is worth it.

During the NFD presentation, I introduced an new tool that we’ve been working on called the network-importer, the idea of the network-importer is to help you import an existing network into a SOT at the beginning of a project, but it can also help you to analyze the differences between the network and the SOT if you already have one. This can also help identify the drift between the SOT and the network if you are not yet ready to generate and deploy your configurations from your SOT. Internally, the network-importer is leveraging multiple open source libraries to extract the relevant information from the network.

  • Batfish: A network configuration analysis tool that is able to extract and normalize the parameters and the properties of a device based on its configuration.
  • Napalm: A python library that is able to get and normalize various information from the most common Network Operating systems.
Network Importer

Right now, the network-importer only supports Netbox as a SOT but the goal would be to add more SOT in the future. This project is still at its early stage but once it reaches the right level of maturity, we would like to open source it.
If you are interested in helping beta test, please fill this form and we’ll get back to you when it’s ready

You can watch the demo here starting around 14:41

Phase 5 – Generate Configurations

The last part of my presentation was about configurations generation and especially how to generate configurations from the Source of Truth. Generating configurations from a configuration template is a topic that has been covered many times, and if you’re not familiar with Jinja as a templating language I encourage you to read this great blog about Jinja from my colleague Jeremy Stretch.

In my experience there are other challenges before and after the configuration templating that are important to talk about:

  1. Data Gathering and pre-processing What data do you pass to your configuration template? Usually everything you need to build a configuration will be stored in multiple places, and it can be challenging to gather everything and present it in a format that will be easy to consume in Jinja.
  2. Test your generated configurations How do you test the new generated configuration without deploying in production?

Data Gathering and pre-processing

As an example, if you are building the configuration for a Leaf in a spine-leaf design, you’ll need at a minimum this information: hostname, loopback address, asn, all interfaces, all ip addresses, peers ip addresses, peers ASN, vlans information.

In most cases the list is much longer but this list sufficiently highlights the challenges that we need to solve here.

Where you do you get this information and how do you present it in your configuration templates? Usually this information is available in multiple places (multiple Source of Truth) and even if you managed to put everything into a single Source of Truth like we did in step 4, you’ll need to make multiple API calls to get all the information you are looking for. As an example, when working with Netbox, we’ll need to make at least 3 API calls per device:

  • Get interfaces for each device
  • Get all Ips for each device
  • Get all Vlans (to get the vlan names)

When using Ansible to build your configurations, the first method could be to make each API call a task in your playbook and register the output of each call into a variable that will be passed to your template. This solution will work, but the format of the data you’ll get in your template won’t be easy to work with and you’ll end up with a very complex Jinja.

Another method would be to build a custom Ansible module in charge of gathering all the information you need and pre-processing the data as required. In this second method, you’ll be able to do some pre-processing of the data before presenting it to the configuration template, which will lead to an easier template.

The picture below shows both approaches side by side.

Generate Configurations

The difference of the length of the playbooks is obvious here but it’s usually not a good indicator to compare 2 playbooks. In this case, the data provided to the configuration template on the right will be easier to work with.

How to test your generated configurations

Having a way to test your generated configurations is very important at the beginning of the project of course, but it also helps each time you want to refactor your configuration templates or refactor how you are collecting and gathering your data. Having a robust solution to safely iterate on your automation stack is going to play a big role in your ability to adapt quickly to your environment.

Like in software development, a proper testing strategy should have different level of tests. In software development we called them : unit tests, functional tests, integration tests. The solution that we are exploring in this article would qualify as functional test. We won’t cover the other type of tests in this article.

If you have an example of what your final configuration should look like (the reference), this can be either the current running configuration or a previously generated configuration, you can generate a diff between your newly generated configuration and the reference one. Usually the goal is that both should be identical and the diff should return nothing. If the diff is returning an unexpected change then you know something is not right either in your data or in your configuration template.

Ansible provides an easy solution to generate diff between 2 files when using the option --diff. If you combine that with the dry-run mode (--check), you’ll be able to see the changes that you are about to make without touching your reference file.

Below is an example of a playbook that will generate a new configuration from your template and compare it with the last backup configuration (reference) without changing it. The key here is to use the options check_mode: yes and diff: yes on the second task in the playbook.


- name: Generate and Compare Configuration (do not save it)
  tasks:
    - name: Get Information from netbox
      nb_device_model:
        device_name: "{{ inventory_hostname }}"
        site_name:  "{{ site }}"
        netbox_url: "{{ lookup('env','NETBOX_ADDRESS') }}"
        netbox_api_token: "{{ lookup('env','NETBOX_TOKEN') }}"

    - name: Check Configuration
      template:
        src: "{{ platform }}.j2"
        dest:  "configs_backup/configs/{{ inventory_hostname }}.conf"
        mode: 0644
      check_mode: yes
      diff: yes

Below is an example of what you will get if there is a difference between your new configuration and the reference one. In this case, my new configuration is missing vlan 1001. I need to check my Source of Truth to ensure that it’s properly defined there.

Diff Configurations

Unfortunately, I wasn’t able to present this part because we were running a bit late so no video this time

-Damien (@damgarros)



ntc img
ntc img

Contact Us to Learn More

Share details about yourself & someone from our team will reach out to you ASAP!

NFD21 – Network Automation Architecture

Blog Detail

This past week I had the honor and privilege of traveling out to Santa Clara, CA with some of my esteemed colleagues to participate in Networking Field Day 21 on behalf of Network to Code. My contribution to our joint presentation was an overview of the various components that go into building a successful network automation platform. While this was only one section of our overall presentation, the delegates proved to be very engaged with these concepts. At Network to Code, we try not to focus on individual technologies, and instead focus on transformational ideas and workflows which bring value to our clients. To that end, this section dealt with the higher level concepts and components that go into building a successful network automation platform. I want to call out a couple of sections and points here, but be sure to checkout the full video from NFD21 that goes into even more detail and covers other architectural components such as Configuration Management, Orchestration, and Verification & Testing.

Human & Business Interaction

The tools and technologies that fall into this section deal with directly exposing interfaces to the automation that we build for the network. These are things like our IT Service Management (ITSM) ticketing applications, but also chat and communication platforms. ChatOps is a term used a lot in the industry and is continuing to pick up steam in network automation. Integrations with chat platforms allow a business to push network data and workflows into channels where conversations are already taking place. Perhaps more importantly, these avenues allow our network automation to be exposed to business stakeholders outside of the networking teams directly.

Data Management

If I were to pick a single section in my talk to call out as the most important, it would be this one. In terms of network automation, the industry is not talking about data enough. As with any other vertical in the tech space, data underpins everything we do, and network automation is no different. As the network automation community has grown, so has understanding in the concept of using a Source of Truth (SoT), which is an authoritative system of record for a particular data domain. That last part is key, because we can actually (and realistically do) have multiple sources of truth that do not overlap. For example, our IPAM and DCIM can be different systems because they control different domains of data. This is valid as long as we do not have more than one IPAM or DCIM tool, as this is where the phrase “Single Source of Truth” comes from, not that there is only one total system.

Still though, having many different systems creates problems of its own. At first pass, each system in our network automation toolbox would potentially need to reference many different systems to get the data needed to perform automation. More importantly, this tightly couples the client to the data source and format. To combat this, we strive to implement an aggregation layer between the sources of truth and the systems consuming their data. This aggregation serves a couple of important use cases.

First, it creates a single pane of glass for accessing all of the data from our various authoritative systems, thus allowing our tooling to reference a single place. Second, the aggregator implements a data translation layer which transforms the data coming from each source of true into an abstracted data model. This data model intentionally strips away any features of the data or its structure which make it identifiable with any vendor or source implementation.

In doing so, we segway into the third point, which is that the aggregator interacts with the various source of true systems in a pluggable way. By implementing an adapter, the aggregator understands the data and format coming from an individual source of true and how to transform the data to conform to the abstracted data model. This allows the aggregator to easily implement support for different source of true platforms, such that they can be swapped out at anytime. If you want to switch IPAM vendors, all you have to do is create (or engage with NTC) an adaptor for the aggregator that understands what the data looks like coming out of the new IPAM.

Monitoring, Alerting, and Visibility

It may seem a bit odd to be talking about monitoring and alerting in the context of network automation, but there is more to what we do than just configuration management. In fact, the core of this topic is centered around the concept of “closed loop automation,” or manufacturing a feedback loop into the automation platform that we build. In the video, you will hear me talk about the automation platform as a stack, and on one side we travel down the stack to the actual network infrastructure, but on the other side, events come out of the network and travel back up the stack. Indeed those events come in the traditional forms of SNMP polling, syslog messages, etc. They can also come in new forms such as time series metrics, and streaming telemetry. We have also revisited the storage and processing layer to implement more modern time series databases which allow for tagging data points with metadata labels which opens the door to more intelligent querying and visualization. Speaking of visualization, we want to empower business stakeholders with network data, and we want to do it in a self service fashion through modern dashboarding tools. Again, this is a case of bringing the network data and workflows to the business.

Back to the storage engine, we need to get those network events out of their monitoring silos, and fed back into the automation platform. We do this with the aid of rules processing engines which assert business logic based on the metadata which is attached to the collected data points. Once the event streams have been plumbed back into our network automation platform, our feedback loop begins to take shape. We can now build automated remediation workflows which allow engineers to focus on actual engineering and architecture, and less on troubleshooting and remediating known, repeated events. In situations where human involvement is needed, the platform can at least collect important context from the network as a form of first level triage, obviating the need for manual data collection and reducing the overall time necessary to respond to network events.


Conclusion

The final topic I want to bring up is the idea that no one network automation platform will ever suit the needs of all networks and organizations. The more important takeaways from this talk are the various components that go into architecting the platform that best suits your needs. It is true that company A may be able to purchase an off the shelf automation product from a vendor and be perfectly happy, while company B may require an entirely custom solution over a longer evolution timeline. In all cases, Network to Code is here to provide training, enablement, and implementation services.

-John Anderson (@lampwins)



ntc img
ntc img

Contact Us to Learn More

Share details about yourself & someone from our team will reach out to you ASAP!