Overall rating: 4.81 Instructor: 4.89 Materials: 4.79 more …
This webinar describes several real-life network automation use cases including:
- Simple reports and network diagrams;
- Configuration consistency checks;
- Device- and service configuration solutions;
- Abstracting network state and using abstracted state in checking network correctness;
- Automating IPv6 deployments
- Automatic deployment of data center fabrics
- Automating network services
- Intent-based networking and data models
- Managing secrets
Contents
Real-Life Automation Wins
While vendor marketers keep confusing customer engineers with buzzwords like “software-defined” and “intent-driven”, an increasing number of network- and security engineers decided to go another way and solve their problems the way system administrators did years ago: by combining simple tools into a system that delivers real-life solutions to real-life problems. This section focuses on several simple use cases including:
- Simple report;
- Creating network diagrams and graphs from operational data;
- Configuration consistency checks;
- Simple network device configurations;
- Automated equipment staging;
- Automating site hardware refresh;
- Large-scale firewall deployments;
- Full-blown MPLS/VPN service provisioning.
Abstracting Network State
David Barroso described how building abstractions can help you get to your goals faster, improve your daily operations and reliability and how it can help your organization work together.
Automating IPv6 Deployments
Deploying IPv6 on all servers, switches, routers, firewalls and load balancers is absolutely boring (once you figure out what needs to be done) and error-prone, resulting in potentially awesome troubleshooting experiences.
However, every well-defined repeatable process can be automated, and IPv6 deployment is no exception. This section will help you get started on your journey to automated IPv6 network deployment.
Automating Data Center Fabric Deployments
In this section of the webinar Dinesh Dutt (Cumulus Networks) described a data center fabric automation use case:
- Simplifying the fabric design and corresponding device configuration;
- Generating device configurations with Jinja2 templates;
- Deploying configurations and managing devices with Ansible.
Automating Network Services
Why can the big public cloud provider offer automated firewalling and load balancing services but you can't replicate that feat in your enterprise environment? This section will give you several guidelines you can use to modernize the network services deployment including:
- Reduce the blast radius;
- Decompose complex security policies into their simple elements;
- Integrate network services deployment into application development process.
Intent-Based Networking and Data Models
This section starts with a debunking of the $vendor-driven intent-based hype and explores numerous levels of intent you could encounter in an automated network:
- Actual device configurations and desired configurations;
- Infrastructure and services definition;
- Feedback loop and unit tests based on infrastructure and services definitions.
We'll also touch on unicorns like machine-learning-driven intent and automated remediation, and try to figure out what could go wrong in an intent-based orchestration system.
Managing and Using Secrets
Secrets are an important part of our jobs; they allow us to authenticate users and systems, to keep communications confidential and to verify the integrity of the information. Leaking secrets can have catastrophic consequences as it can allow an attacker to infiltrate our network and steal information, or even to perform denial of service attacks.
In this section we are going to look at two things:
- How to manage and consume secrets safely in our automation platform; from traditional methods like encrypted files to modern systems like Hashicorp Vault
- How to leverage modern platforms to dynamically provision certificates and SSH keys so we can keep communications with our devices secure.
Using Arista EOS Ansible Collections
In this section, Fred, Carl, and Thomas will describe how you can leverage Ansible to manage the configuration of Arista network devices directly or through the use of Ansible collections for Arista CloudVision. This presentation focuses on two Ansible collections (sets of Ansible roles and modules):
- arista.avd automates the deployment of an EVPN based network with Arista best practices;
- arista.cvp provides integration to the Arista CloudVision management platform respectively.
You’ll also learn how to leverage these roles and how you can customize and extend them to your needs!
About the Authors
David Barroso is Network Systems Engineer at Fastly, a real-time CDN, where he focuses on network architecture, SDN and automation. Previously he has been working for companies like NTT Communications and Spotify. He's the author of SDN Internet Router and co-author of NAPALM, a network automation abstraction library.
His everyday life involves a lot of coding, hacking network equipment, using protocols in ways they weren't originally intended for and taking all the steps necessary to make sure network engineers stay away from the CLI.
More about David…
Dinesh Dutt has been in the networking industry for the past 20 years, most of it at Cisco Systems. Most recently, he was the Chief Scientist at Cumulus Networks, working on simplifying configuration and operations with inventions such as BGP Unnumbered and NetQ. Before Cumulus, he was a Fellow at Cisco Systems. He has been involved in enterprise and data center networking technologies, including the design of many of the ASICs that powered Cisco's mega-switches such as Cat6K and the Nexus family of switches. He also has experience in storage networking from his days at Andiamo Systems and in the design of FCoE. He is a co-author of TRILL and VxLAN and has filed for over 40 patents.
Ivan Pepelnjak (CCIE#1354 Emeritus) has been analyzing OpenFlow technology and SDN ideas (and being pretty vocal about their shortcomings) since March 2011, resulting in a number of high-impact events, on-site SDN workshops for large enterprises and service providers, and vendor-sponsored webinars.
Ivan is the author of several SDN-related books, highly praised webinars, and dozens of OpenFlow and SDN-related technical articles published on his blog.
More about Ivan Pepelnjak
Fred Hsu is a distinguished solutions engineer at Arista Networks. He leads technical marketing of partner solutions, NetDevOps, public cloud, and Kubernetes. Fred has worked in the networking industry for over 20 years and has a Master's degree in Computer Science from the University of Illinois Urbana-Champaign. He can be found on Twitter and Github at @fredhsu.
Carl Buchmann is a Systems Engineer at Arista Networks. Having worked in technology for the last 20 years, he's worn a lot of different hats! Here at Arista, Carl works on the customer engineering team and member of the Ansible Working group, contributing to the development of Ansible modules and roles for Arista. When Carl is not busy automating networks, he loves to spend time with his family in the great outdoors! He can be found on various Slack channels and Github at @carlbuchmann.
Thomas Grimonet is an Advanced Services Consultant at Arista Networks. Having worked in technology for the last 20 years, mostly in the network and open-source spaces! Here at Arista, Thomas works on the customer engineering team and contributes to the Ansible Working group for modules and roles for Arista. When Thomas is not busy automating and routing packets, he loves to spend time discovering the world! He can be found on Twitter and Github at @titom73.
Happy Campers
About the webinar
- Excellent in depth approach to tackling the technical challenges for automating networks
- Wim Gerrits
- This webinar is a great exposure to the overall power of Ansible. Also, shows how as network designers and engineers, we can approach a project with a programmable approach from the beginning. The Ansible specifics flew by way too fast for me to absorb, but what i got out of it is key to journey of re-tooling and re-thinking our jobs. Very valuable. Dinesh is wonderfully articulate as well.
- (Anonymous)
- in-depth knowledge gained and relevant topics
- Stephen Eaton
- I really like Ivan's perspective on reality versus hype.
- jim warner
- The topic was presented and explained in a very clear and understandable way.
- Jakub Hajek
- This is a very good introduction to the subject of data models, and intent based networking, bar marketing fluff. After watching this I have a good idea of what we're trying to achieve by using data models and how to get started. I now also know what questions to ask vendors in order to find out what truly hides behind the "intent" this-or-that facade.
- Przemek Rogala
- I'm a big fan of the content on ipspace.net. I attended a free session first and was incredibly impressed with both the depth of knowledge disseminated and the simplicity with which it was communicated. I've since enjoyed working through the automation technology webinars, and I'm trying to get the rest of my engineering team initiated.
In regards to this webinar, I don't think I have anything specific to say. It's just more amazing content which meets the high standard I've come to expect from ip space. Thanks for all you do.
- Steven Phillip Simonds
- Great webinar.
- Gabriel Sulbaran
- This session really helped me solved the problem of how to deal with secrets in production. The solutions discussed were straight forward and easy to understand. The fact that a self-contained environment was provided to test them really elevated the quality of this webinar.
- Laura
- David did a great job in demoing real world problems, that some of the listeners might have already faced while writing scripts or software in general. Also thumbs up for the continuous warnings on not rolling your own crypto code. The supplementary material for the webinar in the Git repository is also a great resource.
- (Anonymous)
- Managing and using Secrets gave me options for ways to deal with scripts and the higher expectation of security. It pointed out some of the strengths and weaknesses that I was missing. I liked the step by step approach for increasing protection and how to get there.
Thanks! Great session.
- (Anonymous)
- Its nice to see network equipment focused examples of automation.
- Alexander Cousins
About the instructor
- Articulate. Intelligent.
- (Anonymous)
- I would have liked a live walkthrough of how to run the scripts (deploying docker image, running scripts) to compliment the slides.
- Laura
About the materials
- More use cases would be great, as networks are so diverse.
- Wim Gerrits
- Both segments (NAPALM and IPv6)
provided both deep insight as well
as just a basic introduction to these
really powerful tools/clutch use cases
that are not available anywhere else
in the world, no matter how many
sources you try to synthesize them from
Priceless
- buck huppmann
- keep up the great work!
- Stephen Eaton