Understanding Network Automation and Orchestration with SaltStack
Explore the world of network automation and orchestration with SaltStack, addressing common concerns, streamlining workflows, leveraging NAPALM for multi-vendor support, and utilizing the SaltStack platform for automation and configuration management. Discover how to manage network gear efficiently through SaltStack with Proxy Minions, NAPALM, and custom labels.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Network Automation and Orchestration with Saltstack Adam Pavlidis
Common Problems/Concerns Orchestrating Manual Operations Provisioning and Managing Services Coordinating actions across multiple devices Reacting to disasters and emergencies Configuration Management and Compliance Updating Policies (e.g. Security) Garbage Collection Heterogeneous, Multi-vendor environments Device-specific context and capabilities Data modeling (e.g. YANG) Management API/Protocol
Network Automation & Orchestration Streamlining Workflows (Imperative Orchestration) Execute batches of actions Dependency checking (first do X then Y) Configuration Management (Declarative Automation) Describe & Apply a desired state Modeling infrastructure data Solutions Enterprise software Custom Scripts Open Source Tools & Frameworks +++ management protocols +++ SSH, SNMP, NETCONF, , vendor APIs
Network Automation and Programmability Abstraction Layer with Multivendor support - NAPALM Unified Interface for multivendor device management https://napalm-automation.net/ , https://github.com/napalm-automation Python-based library Supported OS eos, junos, ios-xr, nx-os, ios vyos, cumulus, asa, dellos10, ros, fortios Functionality NAPALM Core Functionality junos iosxr ios vyos eos ... getters bgp, routes, interfaces, ips, arp, mac junos- eznc pyIOS XR pye api ... netmiko Configuration & Templates (Jinja2) load, compare, discard, rollback, commit *Parsing and Handling Logs* *Compliance* (Desired State vs Reality)
SaltStack Platform Automation & Configuration Management Framework Python-based, Open Source and Enterprise Event-based Architecture Define, Fire and React to specific events Master Minion (agent needed) Remote Execution of commands Applying State (SaLt State Files SLS) Data Sources Grains Retrieve static data from minions, e.g. OS Pillar Master provided data for minions, e.g. Users source: https://docs.saltstack.com/en/getstarted/
But what about the network gear!? 1 minion => 1 network device Proxy Minions NAPALM, Junos, Cisco NXOS & NSO, DIY Directly installed on devices Arista EOS, Cumulus Connections maintained open (keep alive mechanism) Efficient task distribution to minions/devices Multivendor (Proxy / NAPALM driver) Grains for delegating tasks and manipulating configuration Deploy based on Custom labels: Border_Routers , Core_Switches Organizing Configuration Templates per OS/Chassis
Key Principles Service-centric data => Device-specific data Pillar data are assigned per minion Independent workflows and actions Respect Dependencies Reuse as much as possible Modular components Abstract ugly internals Developed a Python Library
@Lamda Hellix Workflows (1/2) Actions / Workflows => Configuration Lines Orchestration Workflows Primitives primitives + workflows* = workflow Low-level device agnostic actions (ospf, acl, prefix-set, swport) procedural (Sequential actions) Use Salt+NAPALM to generate device-specific configuration Create new l3 iface (disabled) Disable old l3 iface Enable new l3 iface Provision new Customer Transfer Customer Empty a device ... Workflow remove_l3_interface ... ... add_vlan_to_path add_l3_interface ... ... update_l2_paths ospf.add ... ... swport.set_vlan sw.add_vlan Primitives acl.add vrrp.set iface.add ... ... swport.add_vlan
@Lamda Hellix Workflows (2/2) Provision Customer In-house CLI Utility 1. Select workflow 2. Display related Primitive actions 3. Generate Configuration Files (Salt+NAPALM) File name represents: Device, Dependency, Action 4. Optionally: Pause and Inspect 5. Order, Aggregate, Deploy (Salt+NAPALM) Batches of Actions Salt & NAPALM Salt & NAPALM
@Lamda Hellix Config Management High-Level Files describing the desired State Network-wide Configuration Network-wide Configuration AAA & Users SNMP Logging Device-specific Device-specific Configuration Upstreams Customer Services Interfaces, ACL, VRRP/HSRP, BGP Manual Configuration Corner Cases Configuration Breakdown Well suited for Compliance
Complete Lifecycle Management External Data Sources External Pillar (Minion-specific data) e.g. mongodb, mysql, vault, etcd, consul ii SALT Master Core & Custom Modules Execution States Beacons Returners * SLS Continuous Monitoring e.g. Link Usage Device Health QoS metrics Data Sources SALT Minion /w BEACONS Templates (Jinja2) Event BUS Conditionally Emit Event i Execute commands Apply States iii SALT Proxy Minions Store command output v e.g. elasticsearch, mongodb, redis SSH iv NETCONF API
Challenges Theory vs Reality Reduce manual configs Cover corner cases Layers of abstraction Troubleshooting Consistency Maintain clean, reusable workflows Concurrency and Locking
THANK YOU! Adam Pavlidis https://gr.linkedin.com/in/adam-pavlidis