puppet enterprise for the network
DESCRIPTION
Discusses the networking community and how they approach automation - current challenges/opportunities Learn about the "Netdev" Puppet module initiative; a "standard library" of resource types for networking equipment - current and future ideas. Speaker Jeremy Schulman Global Solutions Architect, Infrastructure Automation, Juniper Networks Jeremy is a 20 year veteran in the networking industry and has been with Juniper Networks for over five year. He holds a BSCS from Georgia Tech and began his career as an embedded software engineer building network infrastructure. After 12 years in software, Jeremy transitioned into a technical sales role as a network solutions architect. In 2012 Jeremy's focus turned exclusively to Infrastructure Automation. Jeremy now directs field awareness and DevOp initiatives integrating Junos with IT automation frameworks. He was responsible for the initial development of Puppet for Junos, and he is the maintainer of the Ruby NETCONF gem.TRANSCRIPT
Copyright © 2013 Juniper Networks, Inc. www.juniper.netCopyright © 2013 Juniper Networks, Inc. www.juniper.net
PUPPET AND NETWORKING
Jeremy Schulman - Director | Automation Concept Engineering
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
WHY DID WE DO IT?
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Device running Junos OS
Puppet Netdev modules
Ruby Gems
Ruby Interpreter
XML
Puppet Agent (client)
Puppet Master (server)
netdev
jpuppetpackage
PUPPET FOR JUNOS
(FreeBSD)
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
JUNOS XML APION-BOX AND OFF-BOX AUTOMATION
Secure TCP/IP connections viaSSHv2 (RFC4742)
XML
NETCONF XML PROTOCOL (RFC4741)
SwitchingSecurity Routing
Management System
Automate config changes,remote invocation of operational commands,collection of logs
Secure and connection oriented … SSHv2 as transport Structured and transaction based … XML as RPC request / response User-class privilege aware … Native to Junos Comprehensive & Consistent ... Automate everything
NETCONF client libraries exist for a number of programming languages such as Java, Perl, Ruby, Python, and even SLAX !
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
PUPPET "NETDEV" MODULE
Netdev is a vendor-neutral network abstraction framework developed by Juniper Networks and contributed freely to the DevOps community
Juniper has contributed basic layer-1 and layer-2 network abstractions
DevOps can extend the framework to define any abstractions or features they need for their environment
The Netdev framework is open and free; i.e. the “DevOps” way
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
PUPPET FOR JUNOS
“DevOps” Approach:
Netdev module source code is in Github
All packages are stored where they should be (Puppet Forge,…)
Support done on J-Net community forum
Juniper technical documentation available
Free, “BSD-style” license
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV RESOURCES TYPES
Resource Description
netdev_vlan Manages VLAN configuration
netdev_interface Manages Physical Interface configuration
netdev_l2_interface Manages VLAN to interface assignments
netdev_lag Manages Link Aggregation Group configuration
class switch_template { netdev_vlan { "Pink": vlan_id => 703 } netdev_vlan { "Green": vlan_id => 101 } netdev_l2_interface { 'ge-0/0/19': untagged_vlan => Pink, } netdev_l2_interface { 'ge-0/0/20': description => "My port, back off!", untagged_vlan => Blue, tagged_vlans => [ Green, Black, Yellow ], } }
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_VLAN MANAGE VLANS
Property Description
name The name of the VLAN, e.g. “Blue”
vlan_id The VLAN tag-ID value [ 1 .. 4095 ]
description The VLAN description. If one is not provided, then it will default to:Puppet created VLAN: <name>: <vlan-id>
VLANs are assigned to ports using the netdev_l2_interface resource
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_INTERFACE MANAGE PHYSICAL INTERFACES
Property Description
name The name of the interface, e.g. “ge-0/0/0”
description Assigns the description value to the interface, defaults to:Puppet created interface: <name>
admin Configures the administrative state, defaults to up:up, down
mtu Configures the interface MTU value
speed Defaults to auto, Forces the link speed:10m, 100m, 1g, 10g, auto
duplex Defaults to autoForces the link duplex:full, half, auto
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_L2_INTERFACE MANAGE ASSIGNMENT OF VLANS TO SWITCH PORTS
Property Description
name The name of the interface, e.g. “ge-0/0/0”, note: does *not* include the unit number
description Assigns the description value to the interface, defaults to:Puppet created eth-switch: <name>
untagged_vlan VLAN name for untagged packets. If the port is also processing tagged packets, then this VLAN is the "native VLAN"
tagged_vlans VLAN names for tagged packets. This could be a single value, or an array of values. When this property is set, vlan_tagging property defaults to enable
vlan_tagging Normally not used ... automatic by Puppetdisable (default) - port is in access mode, tagged packets discardedenable - port is in trunk mode, tagged packets processedAutomatically set to enable if tagged_vlans is also set
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_LAG MANAGE LINK AGGREGATION GROUPS
Property Description
name The name of the interface, e.g. “ae0”
links A list of physical interfaces that makes up the LAG bundle
lacp Controls if and how the Link Aggregation Control Protocol (LACP) is used.disabled (default) – LACP is not usedactive – LACP is in the active modepassive – LACP is in the passive mode
minimum_links The number of physical links that must be in the “up” condition to declare the LAG port in the “up” condition. By default this value is not set and there is no minimum link requirement
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
AUTOMATION IS LIKE EATING ICE CREAM
• Everyone want it
• Everyone wants something different
• No-one wants to make it
• No-one wants to clean up the mess
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
HOW DO YOU EAT ICE CREAM?
Banana Splitat Baskin Robins
Self ServiceFrozen Yogurt
The Grocery Store DIY with Kitchen-Aid
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
FRICTIONLESS IT AUTOMATION
Return on Investment Increase revenue throughput
Reduce costs to manually do repetitive work
Reduce costs due to delays and errors
Reduce Risk Manually operated complex systems are fragile
Improve Service Network infrastructure is a "utility" that runs the business
Server and application automation is the standard
Network automation must "level-up"
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Nodal Automation
( Puppet, Chef )
Ad-HocScripting
( Bash, Perl )
IT WorkflowOrchestration
Business Workflow
Orchestration
JNCIA
Associate
JNCIS
Specialist
JNCIP
Professional
JNCIE
Expert
IT
Network
Value is a function of automation programming and system integration that drives the business
Value is a function of mastering vendor CLI and networking domain knowledge
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
SERVER WORLD
Device running Linux
Linux Kernel
Fedora Distribution
Applications Applications
Applications Applications
Middleware
Middleware
Middleware
Middleware
Discrete collections of package / files / service
More discrete collections of package / files / service
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETWORKING WORLD
Device running Junos
Junos Image
Initial Configuration
Service Service
Service Service
Discrete collections of configuration statement
More discrete collections of configuration statement
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
OPPORTUNITIES FOR NETWORK AUTOMATION
Device running Junos
Junos Image
Initial Configuration
Service Service
Service Service
BUILDHOUSE
CHANGEHOUSE
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
LEARN MORE ABOUT PUPPET FOR JUNOS
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
THANK YOU !
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_L2_INTERFACEACCESS PORT EXAMPLE - EX PLATFORMS
node "ex4" { netdev_device { $hostname: }
netdev_l2_interface { "ge-0/0/9": untagged_vlan => Green } }
interfaces { ge-0/0/9 { unit 0 { description "Puppet created netdev_l2_interface : ge-0/0/9" family ethernet-switching { port-mode access; vlan { members Green; } } } }}
Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_L2_INTERFACEACCESS PORT EXAMPLE - MX PLATFORMS
node "mx12" { netdev_device { $hostname: }
netdev_l2_interface { "ge-5/0/3": untagged_vlan => Green } }
interfaces { ge-5/0/3 unit 0 { description "Puppet created netdev_l2_interface: ge-5/0/3"; family bridge { interface-mode access; vlan-id 101; } } }}