| Date post: | 06-Aug-2015 |
| Category: |
Technology |
| Upload: | joel-king |
| View: | 126 times |
| Download: | 1 times |
Copyright © 2015 World Wide Technology, Inc. All rights reserved.
Software-Defined NetworkingNetDevOps: Integrating the Network into DevOps
Joel W. King Technical Solutions ArchitectEnterprise Networking Solutions Engineering and Innovations
At World Wide Technology, our definition of Software-Defined Networking is:
“ A flexible, programmatic framework to optimize the delivery and management of network services”
SDN Landscape is …
Something you buy
• Vendor Developed SDN Solutions
Something you build
• Custom Integration• Extensions to Vendor Solutions
Federated ACI Fabrics for Dual Data Center Deployments
SDN Matrix Switching
Application Centric Infrastructure (ACI) Big Cloud Fabric
NSX network virtualization
What Is DevOps?
DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support. *
* Reference: http://theagileadmin.com/what-is-devops/
Developers Operations
Communication, Collaboration,
Continuous Integration
FeaturesTesting
Code ChangesHigh AvailabilityStabilityChange Control
Network automation going mainstream#netdevops
Network Engineers in a Network Operations (NetOps) role• Why do we need NetDevOps?
• Increasing number of network devices per network engineer.• Network devices have more programmability features.• Network configuration as a workflow to application
enablement.• Network configurations need garbage collection,
version control.• Manage the network holistically, increased abstraction
of routers and switches.• Continuous deployment of network changes.
• Legacy LAN / WAN devices will continue to beconfigured via CLI / SSH, but with either a controller or automation platform.
Traditional Networking
SSH/CLI
Controller Based Abstraction • Both traditional networks and greenfield networks
can be abstracted by a controller architecture.• Examples:
• OpenDaylight• Cisco APIC Enterprise Module (APIC-EM)• Cisco Application Centric Infrastructure
(ACI)• Southbound protocols include
• OpenFlow• OpFlex• SSH / CLI• NETCONF
• Automation tools are still needed with controller based abstraction.
ACI
APIC-EM
OpenDaylight
Tool Based AbstractionAnsible• Tower is the licensed GUI• Low barrier to entry -
Open Source, • Run in a vm
on your laptop• Ability to easily
implementuser written modules.
• Same framework canmanage wide range of devices.
SSH – TCP/22
Users, API
NTP – UDP / 123
HTTP(s) TCP/80:443
HTTP(s) TCP/80:443SSH – TCP/22
GitHubHTTPS TCP/443
ESXServer
WindowsSystems
LinuxDockerAmazon
Web Services
Agentless
Ansible / Tower
REST API
connection: local
feature nx-api
Nexus 3000 | 9000CentOS
Nexus 9000
github.com/joelwking/ansible-aci
SSH TCP/22NETCONF | Paramiko
Catalyst | IOS
Types of Network Automation• Script-driven automation
• RESTful APIs, NETCONF, CLI / SSH or SNMP• Automation tools like Ansible, Chef, Salt.
• Automatic configuration and provisioning• Zero Touch Provisioning• Power On Auto Provisioning (PoAP) , Open Network Install Environment (ONIE)
• Automatic operation and management• Systems that automatically steer traffic between MPLS WANs and Internet• Performance Routing (PfR) for iWAN• Cloud Managed Wireless, e.g. Meraki
• High-level orchestration• Orchestration of virtual machines, networks and storage in a coordinated manner. • OpenStack
• Policy-based networking• Declarative-intent SDN• Cisco’s Application Centric Networking (ACI) and OpFlex is one example.
http://www.networkcomputing.com/data-centers/network-automation-more-than-scripting/a/d-id/1320964
Cisco Nexus Data Center Switching
• If you are looking to Cisco for a Data Center switch, it will be a Nexus 9000.• Nexus 9000 runs in either of two modes:
• NX-OS • Application Centric Infrastructure – ACI
• Networks need Automation & Programmability.• NX-API enables a northbound REST interface on individual NX-OS switches
• Nexus 3000 NX-API supported NX-OS 6.0(2)U4(1).• NX-OS release 7.x enables NX-API on Cisco Nexus 5000 and 6000
• APIC is the Software Defined Networking controller for ACI• Ansible | Tower can be your automation engine.
Network AutomationDemonstrations
Network Automation and Programming Collateral• Network Automation with Ansible and NX-API
https://github.com/joelwking/ansible-nxapi
• Using Ansible for Cisco ACI deploymenthttps://github.com/joelwking/ansible-aci
• Introduction to using Chrome Postman with Cisco ACI
• Introduction to Python Programming on Nexus Switches
• Nexus 3K/9K Programmability and Automation• Introduction to Git for Network Engineers
Demonstrations
• Ansible Tower • Apply security policy and run Docker container based application in ACI fabric
• Ansible Command Line • Configure Nexus 3000 series switches from Jinja2 template
./bin/ansible-playbook nexus_cfg_builder.yml
• Server Administration: Ubuntu VM in vCenter./bin/ansible-playbook Wal*****s_playbook.yml --ask-pass
• Tower initiates Python modulesto apply policy to tenant in ACIfabric.
• Tower initiates Python applicationinstalled in Docker containeron client machine.
Ansible Tower – Apply ACI policy and run Docker app
x-docker-client
x-docker-server-1
.10
.1
.1
.10
192.0.2.0 / 24TEST-NET-1
198.51.100.0 / 24TEST-NET-2
Bridge DomainTEST-NET-2
Bridge DomainTEST-NET-1
management network policy
app
Demo: Apply ACI policy, run Docker apphttps://youtu.be/t03ty5Y295U?t=1m49s
Configure Nexus 3000 series switches from Jinja2 template
Nexus 3000 SeriesTop of Rack Switches
NEX-3048-Enex-3048-bNEX-3048-A
10.255.40.87 Interface mgmt010.255.138.6910.255.40.80
Feature NX-API
Server Administration: Ubuntu VM in vCenter• Batteries Included, these are all
Ansible core modules• Download file(s) from Internet,• Install traceroute (apt-get), • shutdown host, • Power up host via vCenter
• Host and vCenter are integratedin the Cisco ACI fabric.
x-docker-server-2
.10
.1198.51.100.0 / 24TEST-NET-2
Bridge DomainTEST-NET-2
management network
Comparisons
Overview UCS Director
Source: Cisco UCS Director Installation and Upgrade on VMware vSphere, Release 5.3
Virtual InfrastructurePhysical Infrastructure
UCS Director versus Ansible
UCS Director
• Licensed product from Cisco• Pre-built scripts, • All GUI,• Purpose built, • Infrastructure management –
deploy bare metal servers, storage,• Automation of infrastructure, • Not used in DevOps.
Ansible
• Open Source, • GUI (Tower) is licensed product,• Used everywhere, • Great docs, • Lots of great modules already
available, write your own in Python• Primarily configuration
management,• Used by DevOps
Cisco Data Center and Cloud Management
INTELLIGENT AUTOMATION FOR CLOUD Cloud management – private, public, hybrid cloud
UCS DIRECTOR Unified infrastructure Automation for compute, storage, network – physical & virtual
UCS CENTRAL
UCS MANAGER
Multiple UCS domains
Single UCS domain
APIC Heterogeneous & Integrated Infrastructure
Configuration management and orchestration toolsProduct Primary Focus Architecture Language Licensing
CA Process Automation
Data center orchestration and infrastructure management, ACI modules.
Agents or agent-less, Windows, UNIX / linux and Mainframe
Visual authoring, drag-and-drop construction.
Licensed
UCS Director
Data center Infrastructure management, good ACI integration.
Agent (Powershell and Baremetal) and agent-less, using SSH/HTTP/TCPHigh learning curve
CloupiaScript = JavaScript and Cloupia libraries.
Licensed
vRealize Cloud management platform purpose-built for the hybrid cloud.
Large inventory of Management packs for storage, compute, network
Visual canvas with a drag and drop interface.
Licensed, per processor or per OS instance.
Ansible Data center orchestration, homogenous / larger environments, automate NX-OS and ACI via WWT developed module(s).
Agent-less, uses SSH or local modules, push based. Low learning curve, Simple for non-programmers
Python, Jinja2 for templates, YAML for playbooks. Tower uses Git for version control
Open source, Tower (Web GUI) per node per year,
Chef Data center orchestration, NX-OS agents. Master server, agents on each host, can be installed w/ knife tool over SSH. High learning curve.
Based on Ruby, uses certs for authentication, config based on Git.
Open source – Enterprise per month for tiers of nodes.
Salt Data center orchestration, homogenous / larger environments
Master server, SSH or agents on hosts. Hierarchical masters, scalable
Modules can be written in Python or PyDSL
Open source – Enterprise per node per year
Puppet Data center orchestration, heterogeneous environments, NX-OS agents.
Master server and client agents on each system. High learning curve.
Modules and configuration based on Ruby.
Open source – Enterprise version per node / year
Glue Networks
Branch / iWAN Agentless, uses SSH, High learning curve with Lab
Glueware Lab, JavaScript / IDE for module development.
Licensed
Quali Lab / Cloud, automate ACI via WWT developed module.
Agentless, uses SSH, moderate learning curve.
Visual authoring, drag-and-drop Licensed
Dev
Ops
www.ansible.com/pricing
Discounts available for multi-year purchases and larger volumes.
Ansible• Ansible began as a project about February of 2012, out of a need for a simpler automation
tool than existed in Puppet and Cobbler.• Open source system automation tool: uses OpenSSH and Python• Biggest advantage over Puppet / Chef – Agentless, no remote agent on target system• Designed to be easy for anyone to understand and learn. • Ansible Design Principles:
• Simply Clear no gnarly scripts or custom code• Simply Fast minimal learning curve• Simply Powerful toolbox for automation• Simply Efficient agentless - lightweight and unobtrusive• Simply Secure no agent on managed hosts
Comparison of Puppet, Chef, Salt, Ansible
Head-to-head comparison of configuration management tools, Taste Test: Puppet, Chef, Salt, Ansible by Matt Jaynes.
https://devopsu.com/books/taste-test-puppet-chef-salt-stack-ansible.html
Questions, comments, next steps?
