Network Automation Tools
-
Upload
edwin-beekman -
Category
Internet
-
view
53 -
download
8
Transcript of Network Automation Tools
1
Devops Day Amsterdam 2014
Network Automation Tools
Chef and Zero Touch Provisioning/Replacement (ZTP/ZTR)
2
Agenda
Introduction (EB)
ZTP (MA)- Boot three bare metal switches
Chef (EB)- Orchestrate two switches with baseline interface configuration - Enforce configuration statements- Reject certain config lines
VxLAN (MA)- Create a VxLAN tunnel between leaf 1 and leaf 2 using CVX
Opendaylight (MA)- Start the Opendaylight controller on MadDog- Configure Openflow on the switches- Create a flow that ensure that all HTTP traffic from BigDog MadDog will use ethernet
interface 1
3
Prerequisites
Experience:
- Some experience with Virtualbox is a pre
Hardware:
- Notebook with at least 4GB of RAM
- 10GB available hard drive storage
Software:
- Hypervisor installed: Virtualbox (www.virtualbox.org)
- Virtualization solution supporting
Note: The workshop will be held in english, native dutch speakers are around if needed
4
Speaker Bios
Michael Amstelveen, Consulting Engineer, Arista Networks
Arista Networks: a leading supplier of cloud networking solutions that use software innovations to address the needs of large-scale Internet companies, cloud service providers and next-generation data centers for enterprises.
I’m passionate about computer networking, automation and innovation.
Mail: [email protected]
Edwin Beekman, Engineer, Schuberg Philis bv
Working at Schuberg Philis bv, a company focused on Critical Application Outsourcing.
My main focus is everything related to networking, from routing/switching/security to SDN, virtualization, programming and automation.
BsC in Telematics and CISSP Certified.
Mail: [email protected] and Twitter: FirebladeEd
5
Audiance
Why should you visit this workshop?- The workshop covers two network automation topics- - Zero Touch Provisioning and Replacement for bare metal switches- - Provisioning the switches through Chef
Who should visit this workshop? - Devops engineers interested in the network site of devops
9
Lab 0: Preparation
Copy the files from USB to your local drive
Copy the following files from the USB stick to your local workshop directory:
- ztps-ubuntu-12.04_amd64-2014-06-16T11/49/05Z.ova (1.27GB)
- veos-dc1-pod1-spine1.ova (652.5MB)
- veos-dc1-pod1-tor1.ova (842.5MB)
- veos-dc1-pod1-tor2.ova (842.5MB)
- Aboot-veos-2.0.8.iso (4.2MB)
VirtualBox pre-requisites
IMPORTANT: Regarding VirtualBox networks. The default setup places eth1 on vboxnet2. This might not be created in your Virtual Box environment.
Therefore, open Vbox and open the General Settings/Preferences menu. Click on the Network tab. Click on Host-only Networks. Add or Modify vboxnet2. Configure the IPv4 Address for 172.16.130.1, the Netmask 255.255.255.0 and ensure that DHCP server is turned off under the DHCP Server tab.
10
Lab 0: Get all VMs up and running
Import the copied .ova files in vBOX
In this activity you will need to import the .ova files. Start vBOX and goto File>Import Appliance and select the .ova file. Repeat this for all four .ova files
- Installed all VMs and have them up and running- Have management connectivity between all lab host
Required Resources - As part of the installation above, sample files were copied from the ztpserver-demo
repo and placed into the necessary locations (/etc/ztpserver/ and /usr/share/ztpserver). Follow the steps below to create a quick demo:
- type cd /usr/share/ztpserver/nodes.- copy the default spine config to a new node that has the MAC address of your local
vEOS instance. mv 005056761aae <local spine MAC>.- start ztpserver ztps.
11
Lab 0: Get all VMs up and running
Activity Objective
In this activity you will meet these objectives: - Installed all VMs and have them up and running- Have management connectivity between all lab host
Required Resources
These are the resources and equipment required to complete this activity: - Two Ubuntu servers- Three Arista vEOS switches
Command List - Ping - Ifconfig
12
Task 0: Get your virtual lab prepared for this workshop
Activity Procedure Complete these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
13
Chef controlled network
Chef is an automation platform that transforms infrastructure into code.
Chef relies on reusable definitions known as cookbooks and recipes that are written using the Ruby programming language. Cookbooks and recipes automate common infrastructure tasks.
Their definitions describe what your infrastructure consists of and how each part of your infrastructure should be deployed, configured and managed. Chef applies those definitions to servers to produce an automated infrastructure.
14
Chef controlled network
For coding the infrastructure we have chosen for Chef and rolled out our own private Chef infrastructure. We can automate an awful lot: roll-out new Hypervisors, applications, configurations, services.
But coding the underlay is still something that is in development. Cisco has an integration with OnePK/Chef/Puppet or with an expect script. But what really intrigues me are the implementations that makes directly use of the network Operating System on the device itself. Integrations which allows for off-the-shelve installation of the Chef-client, with or without an additional plugin.
Arista switches can easily be integrated in the Chef deployment and allows for easy central configuration.
But actual any (Linux) network device can be used for automation.
16
Task 1: The Chef server
Download the prepared VM from the USB stick and import the OVA file.Default installation of an Ubuntu 14.04 desktop
Install Curl:
sudo apt-get install curl
Install a SSH server
sudo apt-get install openssh-server
Install chef server from the Opscode website
sudo su -
wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.1.1-1_amd64.deb
dpkg -i chef-server_11.1.1-1_amd64.deb
chef-server-ctl reconfigure
When you browse on the VM (password: arista) to https://172.16.0.100 you will get the Chef login page (admin/p@ssw0rd1 or arista/arista). The prepared VM will show two configured nodes.
17
Task 2: The Chef client
The Chef client is already installed on the Chef server VM.Default installation of an Ubuntu 14.04 desktop
Install chef client from the Opscode website:
curl -L https://www.opscode.com/chef/install.sh sudo bash
Install Git for version control:
sudo apt-get install git
cd ~
sudo git clone https://github.com/opscode/chef-repo.git
sudo mkdir ~/chef-repo/.chef
Copy admin.pem and validator.pem from the Chef server after creating them in the UI, which are located in /etc/chef-server to ~/.chef/
Initialize knife and answer the questions for IP addresses and folders
knife configure –initial
Verify the Chef setup with for example knife node list
18
Task 3: The Chef client on vEOS Create two new machines in VirtualBox by adding a new machine with the vmdk
files from the USB stick (arista_sw1 (and 2), linux/other-linux, 2GB memory, select virtual disk: vEOS vmdk)
Enable the network interfaces in the properties and select internal network with arista_sw1
Start the VM (userid: arista, password: arista)
Set the correct time/date on the switch.
Make sure the /opt/secrets.json configuration exists. This file is being used to authenticate against the switch API.
{
"username”: “api_access",
"password”: “arista"
}
Make sure all the hosts can ping each other.
Sometimes a VM reload is required or enable promiscuous mode on the interface (and remove it again).
19
The Chef demo environment
server
client
ubuntu-arista-vm1
eth1: .100
172.16.0.0/24
arista-sw1
eth2: .11
eth0:bridge or nat
eth1
eth3
arista-sw2
eth2: .12
eth1
eth3
20
Task 4: Automate the VEOS switch
Check the arista_api cookbook on the Chef client server in /home/arista/cookbooks
The attributes can be found in the recipe. In this case simple interface configuration
# arista_api_interface "Ethernet[n]" do
# description 'something'
# interfaceForwardingModel '[bridged - routed]'
# vlanId [n - 0]
# interfaceMode '[bridged - trunk]'
# vlanExplanation '[n - null]'
# allowedtrunkvlanId [n - 0]
# linkStatus '[enabled - disabled]'
# end
21
Task 4: Automate the VEOS switch
The two switches are in this case controlled from roles in /home/arista/chef-repo/roles/
{
"name": "arista_sw1",
"description": "This roles configures the EOS sw1",
"json_class": "Chef::Role",
"default_attributes": { },
"override_attributes": {
"arista": {
"interfaces": [
{
"name": "ethernet1",
"description": "test",
"interfaceForwardingModel": "routed",
"vlanId": 15,
"interfaceMode": "bridged",
"vlanExplanation": "null",
"linkStatus": "enabled"
},
]
}
},
"chef_type": "role",
"run_list": ["recipe[arista_api]"],
"env_run_lists": { }
}
22
Task 4: Automate the VEOS switch
From the Chef client server:
Edit the ~chef-repo/roles/arista_sw1.json (or arista_sw2.json) to change the interface configuration or add an extra interface
Knife role from file arista_sw1.json (or arista_sw2.json)
Now you can wait until the Chef client runs on the switch, or run from bash: chef-client –v /persist/local/chef/client.rb
Check the switch configuration if it’s changed, if not go to the switch bash and run the Chef client manually to look for errors.
Check out www.cupfighter.net to see any updates on the cookbook and network automation developments.
23
SDN initiatives in the Netherlands
Early this year we started a new SDN MeetUp group in Amsterdam.
We held two meetings which where well received.
If you are interested make sure to check and join the group:
http://www.meetup.com/Amsterdam-SDN-Group/