DevOps for NetOps
Rick Shermdog Sherman
Puppet Labs
�Introduction
~9.5 years - Juniper Networks
~3.5 months - Puppet Labs
Professional Services
Release Engineering
Identity and Policy Management
Workflow systems
v
Security Business Unit
Cloud Architect
Junos Manageability
PyEZ (Python micro-framework)
Ansible Modules
Onbox scripting
NetDev Evangelism
Network Platform Expansion
�Life of a Network Engineer
Lets make some generalizations (what could go wrong?)
Networks are a complex ecosystem inter-connected devices
Services are spread over multiple systems
Equipment is often heterogeneous
Require a lot of planning, testing, and validation
A lot of time is spent fire fighting
Also a lot of mundane tasks
�How does that differ from Sys Admins?
Network devices have historically been closed systems with vendor
specific CLIs
They often differ between the same vendor device types and versions
Configurations are hundreds if not thousands of lines (per system)
Configuration != Desired state
Often peering with other systems not under our control
Vendors slow to introduce features, sometimes 18-24 months - upgrade
cycle is just as long.
Network Engineers typically do not have a Sys Admin or programming
background
�Inter-tubes? More like spaghetti o.O
�Ad-hoc management is difficult
�What is DevOps
Collaborative
Tear down silos
We should all be working towards the same goal and have each
others back
Systematic
Emphasis on the big picture. All the bandwidth and uptime in the world
means nothing if the services fail
Iterative
Work towards a series of goals
Dont have to boil the ocean - start small and get feedback often
Automated
Build, Test, and Deliver at scale. Eliminate time sucks.
Infrastructure as Code
�Change?
�State of DevOps
https://puppetlabs.com/2015-devops-report
High-performing IT organizations experience 60 times fewer failures and
recover from failure 168 times faster than their lower-performing peers. They
also deploy 30 times more frequently with 200 times shorter lead times.
Failures are unavoidable, but how quickly you detect and recover from failure
can mean the difference between leading the market and struggling to catch up
with the competition.
Burnout can be prevented, and DevOps can help. Burnout is associated with
pathological cultures and unproductive, wasteful work. The consequences
of burnout are huge, both for individuals and for organizations. Organizations
can fix the conditions that lead to burnout by fostering a supportive work
environment and ensuring work is meaningful, and that employees understand
how their own work ties to strategic objectives.
�NetEngs must become programmers
�You are not the CLI
Industry has rewarded memorizing CLI commands.
Network engineers are well versed in understanding complex problems and
distributed systems.
v
Realize the value you can provide to your
organizations - move beyond the CLI
�Think like a programmer
In basic terms, programming is the manipulation of data.
You already know the core concepts of data types and how to manipulate
them, the missing link is language and tools.
v
IT'S
SHOWTIME
BECAUSE
I'M
GOING
TO
SAY
PLEASE
a
TALK
TO
THE
HAND
"a
is
true"
BULLSHIT
TALK
TO
THE
HAND
"a
is
not
true"
YOU
HAVE
NO
RESPECT
FOR
LOGIC
YOU
HAVE
BEEN
TERMINATED
github.com/lhartikk/ArnoldC
�Separate the HOW from the WHAT
Regardless of the language you speak, you know what this is.
You know that you can open and close this object
and you may also be able to lock and unlock it.
v
�Hand crafted - artisanal configs
�A tale of two configs
Cisco
hostname
nanog
ip
domain-name
shermdog.com
ip
name-server
10.0.0.1
ntp
server
10.14.99.10
Juniper
system
{
host-name
nanog;
domain-name
shermdog.com;
name-server
{
10.0.0.1;
}
ntp
{
server
10.14.99.10;
}
}
�The How from the What
Cisco
hostname
nanog
ip
domain-name
shermdog.com
ip
name-server
10.0.0.1
ntp
server
10.14.99.10
Juniper
system
{
host-name
nanog;
domain-name
shermdog.com;
name-server
{
10.0.0.1;
}
ntp
{
server
10.14.99.10;
}
}
�Wheres the beef?
Data can come from a variety of sources - YAML, JSON, SQL,
etc. Source control it!
v
---
host_name:
nanog
domain:
shermdog.com
dns:
10.0.0.1
ntp_server:
10.14.99.10
�Templates
Cisco
hostname
{{
host_name
}}
ip
domain-name
{{
domain
}}
ip
name-server
{{
dns
}}
ntp
server
{{
ntp_server
}}
Juniper
system
{
host-name
{{
host_name
}};
domain-name
{{
domain
}};
name-server
{
{{
dns
}};
}
ntp
{
server
{{
ntp_server
}};
}
}
�Git with the program
Source control is *AMAZING*
Git is a version control tool. It create a facility to store version history of
files and folders (organized as projects). It has mechanism for teamwork and
sharing with a foundation around file and history integrity.
Unlike traditional source control where versions are stored as a set of diffs,
Git stores a snapshot of the entire project much like a file system. This
gives users great flexibility to retrieve code throughout the history.
https://www.atlassian.com/git/tutorials/
�Stop, Collaborate and Listen.
�Network Automation as Pizza
�Rise of the API
Vendors are opening up their platforms with a variety of APIs and
abstraction layers (highlights in no particular order)
Cisco
NX-API, onePK
Python API
Juniper
Python PyEZ
JET
Arista
eAPI Python Library
�IT Automation Frameworks
Ruby
Python
Agent Based (some agentless support)
Puppet DSL
Network Devices - Officially Supported
Large community
Mature commercial offering
Agentless
YAML + Jinja2 Filters
Network Devices - Vendor/Community
Supported
Growing community
Basic commercial offering
Agent Based
Ruby DSL
Network Devices - Officially Supported
Large community
Mature commercial offering
Agent Based (some agentless support)
YAML / Jinja
Minimal Network
Small community
Basic commercial offering
�GNS3
�Cisco - VIRL
�The Unicorns
Cross-Vendor Standards
and the Future of Network Automation
�NETCONF
NETCONF - IETF network management standard
XML based encoding
Vendor specific data models and implementation
Configuration RPCs
get-config, edit-config, copy-config, delete-config, lock, unlock
Operational state RPCs
Generally map to CLI show commands
Transport: SSH, HTTPS, TLS, BEEP
�YANG
YANG - IETF Data Modeling Language for Netconf
Human-readable representation of data
Hierarchical data node representation
Built-in data types
Constraints can be placed on the data
Extensible
Data is still vendor (or group) specific
WHERE TO BEGIN?
HOW CAN I HELP?
�THANK YOU!
v
shermdog@puppetlabs.com
@shermdog01
