This article provides a high level look at the reasons for automation with networking and what is possible with using off the shelf tools that are available today for use with Cumulus Linux.
Available DevOps Tools
At Cumulus Networks we see the following 5 tools commonly used.
|Ansible||Free; GUI free up to 10 nodes|
|CFEngine||Free up to 25 nodes (GUI included)|
|Chef||Free; GUI free up to 25 nodes|
|Puppet||Free; GUI free up to 10 nodes|
|SaltStack||Free; GUI in beta (coming soon)|
They are all free but offer paid add-ons (like a GUI or support), include easy to follow demos, and are used by sysadmins around the world today. This means there is already a lot of documentation, many experienced individuals and free and paid support models.
By not reinventing the wheel with proprietary automation tools, Cumulus Linux becomes as easy to manage as the servers within the network today. And since Cumulus Linux is Linux, the "hello world" examples that come with these DevOps tools work just like that do on servers today.
Automation Use Cases
The most obvious use case for automation is provisioning. Today, network engineers are burdened with literally cutting and pasting configurations from other applications and hoping they work. This is manually intensive, error prone and has not changed since the 1990s. Automation is the key to modernizing this process.
By leveraging off-the-shelf DevOps tools, months and weeks of deploying network configurations now take seconds. All of the modern DevOps tools can also create easy to read reports and output accounting data in a variety of formats.
Hot Swapping the Whole Switch
With provisioning automated by DevOps tools, it's now quick and easy to redeploy that configuration. Does a switch have a problem, like a bad fan, bad PDU or other physical problem? Now you can remove the problem switch and have its replacement up and running quickly.
By using proven DevOps tools you can avoid the high cost of proprietary hardware-based high availability (multiple supervisors in an expensive chassis) by having inexpensive 1RU spares switches to pop in at a moment's notice. Hot spares are becoming a crucial part of open networking today.
In incumbent vendor networks today there is a huge desire to know the configuration state so you can know what was changed when, who made the changes and where. While the goal is sound, the method is flawed, since you now have two separate processes, configuration and configuration state. How can you solve this?
Instead of introducing another tool into the network — most likely a tool that is specific to a particular vendor — DevOps tools automatically keep configuration state.
Today's DevOps tools are the single source of truth and enforce policy (that is, the desired configuration). No additional configuration management tool is needed since your DevOps tool doubles as your configuration management tool.
Easy Application Deployment
Ansible, Puppet and Chef already have manifests, playbooks and cookbooks specifically for monitoring applications. Easy installation and configuration of these applications is a huge value proposition for DevOps tools on Cumulus Linux.
If you are already using Ganglia, Nagios, collectd and New Relic on your servers, you can install them just as easily on Cumulus Linux. For more information, read these articles:
- Installing collectd and graphite on Cumulus Linux
- Using Ganglia on Cumulus Linux
- And more examples...
How DevOps and Automation Help Networking
DevOps has been around for years for sysadmins to use on their servers. Because networking vendors traditionally were not open, it's only recently that companies like Cumulus Networks have provided easy integration with off-the-shelf DevOps tools. NetOps (or DevOps focused on networking nodes) is in its infancy, but here are some ideas.
Reactive Network Changes
A common routine task is to take a network node offline gracefully. This is often done by making the device less preferable to routing, by increasing OSPF cost on its links, prepending AS_PATH in BGP or any other knob the network engineer chooses to use.
By leveraging DevOps tools, the network administrator can now automatically take network nodes offline. Imagine
rsyslog is set up and notices a fan error on the spine2 switch. Ansible could automatically run a playbook to make changes to the routing metrics, gracefully remove the device from the fabric, update the administrator via text message, then have the switch swapped. The modern network can be self healing.
Automatic Threat Response
The same automation principles and reactions to hardware failures can be applied to security concerns. DevOps tools can make the network react automatically to deter threats.
The data center could be threatened by a DDoS attack, bringing down services to your paying customer. The monitoring tools can alert a DevOps tool to configure a null route to blackhole traffic, or an iptables rule can be pushed to hardware to block only that specific source subnet or block the destination service (block DNS, ICMP, and so forth).
The above are just some ideas, and the possibilities are endless. Since NetOps is a new concept almost anything is possible!
Using DevOp Modules
Modules are specific pieces of code built into a DevOps tool to make them more robust, easier to drive and more specific to your situation. One of the best parts about Cumulus Linux is that modules are not required. Since Cumulus Linux is Linux, every built-in module just works.
Cumulus Networks has developed some modules to make automation even easier.
Not sure what a module is? Check out this knowledge base article on templates vs. modules, and how modules can help benefit your network today.
Simple Examples on Cumulus Linux
More Advanced Demos on Cumulus Linux
The following three demos are designed around the Cumulus Workbench. However, feel free to grab the code and try it on your own equipment. Please visit the following link for access to the Cumulus Workbench. These demos all use Cumulus Linux modules:
Cumulus Networks offers customers training sessions that discuss automation and integration. They provide hand-on access to physical switches running Cumulus Linux. Please visit this website to sign up for training today.