140 likes | 160 Views
This comprehensive guide explores networking automation and orchestration with a focus on SaltStack and NAPALM solutions. Covering topics such as managing services, disaster response, configuration management, and compliance, the text provides insights into network automation principles, tools, and best practices. Delve into SaltStack's platform capabilities, event-based architecture, and Python-based framework for configuration management. Learn how to leverage NAPALM's unified device management interface supported across multiple vendors. Discover key principles for efficient configuration management, service-centric data organization, and network lifecycle management. Explore hands-on examples of workflow creation, configuration generation, and deploying actions using SaltStack and NAPALM for streamlined network operations. This resource offers practical guidance to implement automation, minimize manual configurations, improve consistency, and enhance overall network management efficiency.
E N D
Network Automation and Orchestration with Saltstack Adam Pavlidis
Common Problems/Concerns • Orchestrating Manual Operations • Provisioning and Managing Services • Coordinating actions across multiple devices • Reacting to disasters and emergencies • Configuration Management and Compliance • Updating Policies (e.g. Security) • Garbage Collection • Heterogeneous, Multi-vendor environments • Device-specific context and capabilities • Data modeling (e.g. YANG) • Management API/Protocol
Network Automation & Orchestration Configuration Management (Declarative Automation) • Describe & Apply a desired state • Modeling infrastructure data Streamlining Workflows (Imperative Orchestration) • Execute batches of actions • Dependency checking (first do X then Y) Solutions • Enterprise software • Custom Scripts • Open Source Tools & Frameworks +++ management protocols +++ SSH, SNMP, NETCONF, …, vendor APIs
Network Automation and ProgrammabilityAbstraction Layer with Multivendor support - NAPALM Unified Interface for multivendor device managementhttps://napalm-automation.net/, https://github.com/napalm-automation • Python-based library • Supported OS • eos, junos, ios-xr, nx-os, ios • vyos, cumulus, asa, dellos10, ros, fortios • Functionality • “getters” • bgp, routes, interfaces, ips, arp, mac • “Configuration & Templates (Jinja2)” • load, compare, discard, rollback, commit • *Parsing and Handling Logs* • *Compliance* (Desired State vs Reality)
SaltStack Platform • Automation & Configuration Management Framework • Python-based, Open Source and Enterprise • Event-based Architecture • Define, Fire and React to specific events • Master – Minion (agent needed) • Remote Execution of commands • Applying State (SaLtState Files – SLS) • Data Sources • GrainsRetrieve “static” data from minions, e.g. OS • PillarMaster provided data for minions, e.g. Users source: https://docs.saltstack.com/en/getstarted/
But what about the network gear!? • 1 minion => 1 network device • Proxy Minions • NAPALM,Junos, Cisco NXOS & NSO, DIY • Directly installed on devices • Arista EOS, Cumulus • Connections maintained open (keep alive mechanism) • Efficient task distribution to minions/devices • Multivendor (Proxy / NAPALM driver) • “Grains” for delegating tasks and manipulating configuration • Deploy based on Custom labels: “Border_Routers”, “Core_Switches” • Organizing Configuration Templates per OS/Chassis
Key Principles • Service-centric data => Device-specific data • Pillar data are assigned per minion • Independent workflows and actions • Respect Dependencies • Reuse as much as possible • Modular components • Abstract “ugly” internals • Developed a Python Library
@LamdaHellix – Workflows (1/2) Actions / Workflows => Configuration Lines • Primitives • Low-level device agnostic actions(ospf, acl, prefix-set, swport) • Use Salt+NAPALM to generate device-specific configuration • Orchestration Workflows • primitives + workflows* = workflow • procedural (Sequential actions) • Create new l3 iface (disabled) • Disable old l3 iface • Enable new l3 iface Workflow Primitives
@LamdaHellix – Workflows (2/2) In-house CLI Utility • Select workflow • Display related Primitive actions • Generate Configuration Files (Salt+NAPALM)File name represents: Device, Dependency, Action • Optionally: Pause and Inspect • Order, Aggregate, Deploy (Salt+NAPALM)
@LamdaHellix – Config Management High-Level Files describing the desired State • Network-wide Configuration • AAA & Users • SNMP • Logging • Device-specific • Upstreams • Customer Services • Interfaces, ACL, VRRP/HSRP, BGP Well suited for Compliance
Challenges • Theory vs Reality • Reduce manual configs • Cover corner cases • Layers of abstraction • Troubleshooting • Consistency • Maintain clean, reusable workflows • Concurrency and Locking
Adam Pavlidis https://gr.linkedin.com/in/adam-pavlidis Thank you!