with safety.3D rendering

Brownfield Network Automation

Brownfield Network Automation

In today's rapidly advancing technological landscape, the efficient management and automation of networks has become crucial for businesses to thrive. While greenfield networks are often designed with automation in mind, brownfield networks present a unique set of challenges. In this blog post, we will explore the world of brownfield network automation, its benefits, implementation strategies, and the future it holds.

Brownfield networks refer to existing networks that have been established over time, typically with a mix of legacy and modern infrastructure. These networks often lack the built-in automation capabilities of newer networks, making the implementation of automation a complex endeavor.

Automating brownfield networks brings forth numerous advantages. Firstly, it enhances operational efficiency by reducing manual interventions and human errors. Secondly, it enables faster troubleshooting and improves network reliability. Additionally, automation allows for better scalability and prepares networks for future advancements.

Implementing automation in brownfield networks requires a systematic approach. Firstly, a comprehensive network assessment should be conducted to identify existing infrastructure, equipment, and protocols. Next, a phased approach can be taken, starting with low-risk areas and gradually expanding automation to critical components. It is crucial to ensure seamless integration with existing systems and thorough testing before deployment.

Automation in brownfield networks can face challenges such as outdated equipment, incompatible protocols, and lack of standardized documentation. To overcome these obstacles, a combination of hardware and software upgrades, protocol conversions, and meticulous planning is essential. Collaboration among network engineers, IT teams, and vendors is also crucial to address these challenges effectively.

As technologies like Software-Defined Networking (SDN) and Network Function Virtualization (NFV) continue to evolve, brownfield network automation is poised for significant advancements. The integration of artificial intelligence and machine learning will further streamline network operations, predictive maintenance, and intelligent decision-making.

Conclusion: In conclusion, brownfield network automation opens up a world of possibilities for businesses seeking to optimize their existing networks. Despite the challenges, the benefits are substantial, ranging from increased efficiency and reliability to future-proofing the infrastructure. By embracing automation, organizations can unlock the full potential of their brownfield networks and stay ahead in the ever-evolving digital landscape.

Highlights: Brownfield Network Automation

Understanding Brownfield Networks

Brownfield networks refer to existing network infrastructures that have been operating for some time. These networks often consist of legacy and modern components, making automation complex. However, the right approach can transform brownfield networks into agile and automated environments.

Automating brownfield networks offers numerous advantages. Firstly, it streamlines network management processes, reducing human errors and increasing operational efficiency. Secondly, automation enables quicker troubleshooting and problem resolution, minimizing downtime and enhancing network reliability. Additionally, brownfield network automation allows easier compliance with security and regulatory requirements.

While the benefits are substantial, implementing brownfield network automation does come with its fair share of challenges. One major hurdle is integrating legacy systems with modern automation tools. Legacy systems often lack the necessary APIs and standardization required for seamless automation. Overcoming this challenge necessitates careful planning, testing, and potentially using intermediary solutions.

Strategies for Successful Implementation:

A systematic approach is crucial to successfully implementing brownfield network automation. Thoroughly assess the existing network infrastructure, identifying areas that can benefit the most from automation. Prioritizing automation tasks and starting with smaller, manageable projects can help build momentum and demonstrate the value of automation to stakeholders. Collaboration between network engineers, automation experts, and stakeholders is critical to ensuring a smooth transition.

Implementing brownfield network automation may face resistance from stakeholders comfortable with the status quo. Clear communication about automation’s benefits and long-term vision is vital to overcome this. Demonstrating tangible results through pilot projects and showcasing success stories from early adopters can help build trust and gain buy-in from decision-makers.

Challenges of Brownfield Automation:

Implementing network automation in a brownfield environment poses unique challenges. Legacy systems, diverse hardware, and complex configurations often hinder the seamless integration of automation tools. Additionally, inadequate documentation and a lack of standardized processes can make it challenging to streamline the automation process. However, with careful planning and a systematic approach, these challenges can be overcome, leading to significant improvements in network efficiency.

Benefits of Brownfield Network Automation:

1. Enhanced Efficiency: Brownfield Network Automation enables organizations to automate repetitive manual tasks, reducing the risk of human errors and increasing operational efficiency. Network engineers can focus on more strategic initiatives by eliminating the need for manual configuration changes.

2. Improved Agility: Automating an existing network allows businesses to respond quickly to changing requirements. With automation, network changes can be made swiftly, enabling organizations to adapt to evolving business needs and market demands.

3. Cost Savings: By automating existing networks, organizations can optimize resource utilization, reduce downtime, and improve troubleshooting capabilities. This leads to substantial operational expense savings and increased return on investment.

4. Seamless Integration: Brownfield Network Automation allows for integrating new technologies and services with existing network infrastructure. Businesses can seamlessly introduce new applications, services, and security measures by leveraging automation without disrupting existing operations.

5. Enhanced Network Security: Automation enables consistent enforcement of security policies, ensuring compliance and reducing the risk of human error. Organizations can strengthen their network defenses and safeguard critical data by automating security configurations.

Role of automation

As a result, network devices are still configured like snowflakes (having many one-off, nonstandard configurations), and network engineers take pride in solving transport and application problems by making one-time network changes that ultimately make the network harder to maintain, manage, and automate.

Automation and management of network infrastructure should not be treated as add-ons or secondary projects. Budgeting for personnel and tools is crucial. It is common for tooling to be cut first during budget shortages.

**Deterministic outcomes**

An enterprise organization’s change review meeting examines upcoming network changes, their impacts on external systems, and rollback plans. Typing the wrong command can have catastrophic consequences in a world where humans use the CLI. Many different teams can work together, whether they are three-person teams, four-person teams, or fifty-person teams. Every engineer can implement that upcoming change differently. A CLI and GUI do not eliminate or reduce the possibility of error during a change control window.

The executive team will be able to achieve deterministic outcomes by automating the network, which increases the chances that the task will be completed correctly the first time by making changes manually rather than automating the network. Changing VLANs to onboard a new customer may be necessary, which requires several network changes.

**The Traditional CLI**

Software companies that build automation for network components have an assumption that traditional management platforms don’t apply to what is considered to be the modern network. Networks are complex and contain many moving parts and ways to be configured. So, what does it mean to automate the contemporary network when considering brownfield network automation? Innovation in this area has been lacking for so long until now with ansible automation.

If you have multi-vendor equipment and can’t connect to all those devices, breaking into the automation space is complex, and the command line interface (CLI) will live a long life. This has been a natural barrier to entry for innovation in the automation domain.

**Automation with Ansible**

But now we have the Ansible architecture using Ansible variables, NETCONF, and many other standard modeling structures that allow automation vendors to communicate to all types of networks, such as brownfield networks, greenfield networks, multi-vendor networks, etc. These data modeling tools and techniques enable an agnostic programmable viewpoint into the network.

The network elements still need to move to a NETCONF-type infrastructure, but we see all major vendors, such as Cisco, moving in this direction. Moving off the CLI and building programmable interfaces is a massive move for network programmability and open networking.

For pre-information, visit the following.

  1. Network Configuration Automation
  2. CASB Tools
  3. Blockchain-Based Applications

Brownfield Network Automation

Network devices have massive static and transient data buried inside, and using open-source tools or building your own gets you access to this data. Examples of this type of data include active entries in the BGP table, OSPF adjacencies, active neighbors, interface statistics, specific counters and resets, and even counters from application-specific integrated circuits (ASICs) themselves on newer platforms. So, how do we get the best of this data, and how can automation help you here?

A key point: Ansible Tower

To operationalize your environment and drive automation to production, you need everything centrally managed and better role-based access. For this, you could use Ansible Tower, which has several Ansible features, such as scheduling, job templates, and a project, that help you safely enable automation in the enterprise at scale.

Best Practices for Brownfield Network Automation:

1. Comprehensive Network Assessment: Conduct a thorough assessment of the existing network infrastructure, identifying areas that can benefit from automation and potential obstacles.

2. Standardization and Documentation: Establish standardized processes and documentation to ensure consistency across the network. This will help streamline the automation process and simplify troubleshooting.

3. Gradual Implementation: Adopt a phased approach to brownfield automation, starting with low-risk tasks and gradually expanding to more critical areas. This minimizes disruption and allows for easy troubleshooting.

4. Collaboration and Training: Foster collaboration between network engineers and automation specialists. Training the network team on automation tools and techniques is crucial to ensure successful implementation and ongoing maintenance.

5. Continuous Monitoring and Optimization: Regularly monitor and fine-tune automated processes to optimize network performance. This includes identifying and addressing any bottlenecks or issues

Brownfield Network Automation; DevOps Tools

Generally, you have to use DevOps tools, orchestrators, and controllers to do the jobs you have always done yourself. However, customers are struggling with the adoption of these tools. How do I do the jobs I used to do on the network with these new tools? That’s basically what some software companies are focused on. From a technical perspective, some vendors don’t talk to network elements directly.

This is because you could have over 15 tools touching the network, and part of the problem is that everyone is talking to the network with their CLI. As a result, inventory is out of date, network errors are common, and CMD is entirely off, so the ability to automate is restricted based on all these prebuilt silo legacy applications. For automation to work, a limited number of elements should be talking to the network. With the advent of controllers and orchestrators, we will see a market transition.

DevOps vs. Traditional

If you look back, when we went from time-division multiplexing (TDM) to Internet Protocol (IP) address, the belief is that network automation will eventually have the same impact. The ability to go from non-programmability to programmability will represent the most significant shift we will see in the networking domain.

Occasionally, architects design something complicated when it can be done in a less complex manner with a more straightforward handover. The architectural approach is never modeled or in a database. The design process is uncontrolled, yet the network is an essential centerpiece.

There is a significant use case for automating and controlling the design process. Automation is an actual use case that needs to be filled, and vendors have approached this in various ways. It’s not a fuzzy buzzword coming out of Silicon Valley. Intent-based networking? I’m sometimes falling victim to this myself. Is intent-based networking a new concept?

OpenDaylight (ODL)

I spoke to one vendor building an intent-based API on top of OpenDaylight (ODL). An intent-based interface has existed for five years, so it’s not a new concept to some. However, there are some core requirements for this to work: It has to be federated, programmable, and modeled.

Some have hijacked intent-based to a very restricted definition, and an intent-based network has to consist of highly complex mathematical algorithms. Depending on who you talk to, these mathematical algorithms are potentially secondary for intent-based networking.

One example of an architectural automation design is connecting to the northbound interface like Ansible. These act as trustworthy sources for the components under their management. You can then federate the application programming interface (API) and speak NETCONF, JSON, and YAML types. This information is then federated into a centralized platform that can provide a single set of APIs into the IT infrastructure.

So if you are using ServiceNow, you can request a through a catalog task. That task will then be patched down into the different subsystems that tie together that service management or device configuration. It’s a combination of API federation data modeling and performing automation.

The number one competitor of these automation companies is users who still want to use the CLI or vendors offering an adapter into a system. Yet, these are built on the foundation of CLIs. These adapters can call a representational state transfer (REST) interface but can’t federate it.

This will eventually break. You need to make an API call to the subsystem in real-time. As networking becomes increasingly dynamic and programmable, federated API is a suitable automation solution.

Brownfield Network Automation offers organizations a powerful opportunity to unlock the full potential of existing network infrastructure. By embracing automation, businesses can enhance operational efficiency, improve agility, and achieve cost savings. While challenges may exist, implementing best practices and taking a systematic approach can pave the way for a successful brownfield automation journey. Embrace the power of automation and revolutionize your network for a brighter future.

Summary: Brownfield Network Automation

In the ever-evolving world of technology, network automation has emerged as a game-changer, revolutionizing the way organizations manage and optimize their networks. While greenfield networks have been quick to adopt automation, brownfield networks present unique challenges with their existing infrastructure and complexities. This blog post explored the importance of brownfield network automation, its benefits, and practical strategies for successful implementation.

Understanding Brownfield Networks

Brownfield networks refer to existing network infrastructures that have been operating for some time. These networks often comprise a mix of legacy systems, diverse hardware and software vendors, and complex configurations. Unlike greenfield networks, which start from scratch, brownfield networks require a thoughtful approach to automation that considers their specific characteristics and limitations.

The Benefits of Brownfield Network Automation

Automating brownfield networks brings a plethora of benefits to organizations. Firstly, it enhances operational efficiency by reducing manual tasks, minimizing human errors, and streamlining network configurations. Automation also enables faster deployment of network services and facilitates scalability, allowing businesses to adapt swiftly to changing demands. Moreover, it improves network reliability and security by enforcing consistent configurations and proactively detecting and mitigating potential vulnerabilities.

Strategies for Successful Brownfield Network Automation

Successfully automating brownfield networks requires a well-planned approach. Here are some key strategies to consider:

1. Comprehensive Network Assessment: Begin by conducting a thorough assessment of the existing network infrastructure, identifying potential bottlenecks, legacy systems, and areas for improvement.

2. Define Clear Objectives: Establish specific automation goals and define key performance indicators (KPIs) to measure the effectiveness of the automation efforts. This clarity will guide the automation process and ensure alignment with business objectives.

3. Prioritize and Start Small: Identify critical network functions or processes that can benefit the most from automation. Start with smaller projects to build confidence, gain experience, and demonstrate the value of automation to stakeholders.

4. Choose the Right Automation Tools: Select automation tools compatible with the existing network infrastructure and provide the required functionality. Integration capabilities, ease of use, and vendor support should be key factors in the selection process.

5. Collaboration and Training: Foster collaboration between network operations and IT teams to ensure a smooth transition towards automation. Provide comprehensive training to enhance the skills of network engineers and equip them with the knowledge needed to manage and maintain automated processes effectively.

Conclusion:

In conclusion, brownfield network automation holds immense potential for organizations seeking to optimize their network infrastructure. By understanding the unique challenges of brownfield networks, recognizing the benefits of automation, and implementing the right strategies, businesses can unlock improved operational efficiency, enhanced reliability, and increased agility. Embracing automation is not just a trend but a crucial step towards achieving a future-ready network infrastructure.

network-automation3

Network Configuration Automation

Network Configuration Automation

In today's fast-paced digital landscape, efficient network configuration automation has become a cornerstone for organizations striving to enhance their operational productivity. Automating network configuration processes not only saves time and effort but also minimizes human error and ensures consistent network performance. In this blog post, we will explore the key benefits and considerations of network configuration automation, along with best practices to implement it effectively.

Network configuration automation refers to the practice of automating the deployment, management, and monitoring of network devices and related configurations. It streamlines the repetitive and time-consuming tasks involved in configuring network devices, such as routers, switches, and firewalls. By utilizing automation tools and frameworks, organizations can achieve greater agility, scalability, and accuracy in their network infrastructure.

Automating network configuration brings numerous advantages to organizations. Firstly, it significantly reduces the risk of human errors that can lead to network downtime or security vulnerabilities. Automation ensures consistency across network devices, eliminating configuration discrepancies.

Secondly, it enhances operational efficiency by reducing manual efforts and standardizing configuration processes, allowing IT teams to focus on more strategic initiatives. Lastly, network configuration automation facilitates faster troubleshooting and enables rapid changes to adapt to dynamic network requirements.

Comprehensive Network Inventory: Begin by creating a detailed inventory of network devices, including their models, firmware versions, and current configurations. This inventory will serve as a foundation for automation workflows.

Define Configuration Standards: Establish clear and standardized configuration templates that align with industry best practices. These templates should include essential parameters, such as IP addresses, routing protocols, and security policies.

Utilize Automation Tools: Choose a robust automation tool or framework that suits your organization's requirements. Evaluate features like device compatibility, scalability, and ease of integration with existing network management systems.

Test and Validate: Before deploying automated configurations in a production environment, thoroughly test and validate them in a controlled lab or staging environment. This step helps identify potential issues or conflicts.

While network configuration automation offers substantial benefits, it is essential to consider potential challenges. Organizations must ensure proper security measures are in place to protect automation tools and the integrity of network configurations. Additionally, regular monitoring and auditing of automated processes are crucial to detect any anomalies or unauthorized changes.
Network configuration automation serves as a catalyst for operational efficiency and reliability in modern network infrastructures. By embracing automation tools, defining robust processes, and adhering to best practices, organizations can streamline their network configuration workflows, reduce errors, and improve overall network performance.

With the right approach, network configuration automation becomes a strategic enabler for organizations seeking to stay competitive in today's digital landscape.

Highlights: Network Configuration Automation

Introducing Network Configuration Automation

1: – In today’s fast-paced digital landscape, efficient network configuration management is crucial for businesses to thrive. Manual network configuration tasks can be time-consuming, error-prone, and hinder productivity. This is where network configuration automation comes into play, revolutionizing the way networks are managed and maintained.

2: – Network configuration automation refers to the use of tools and scripts to automatically configure network devices such as routers, switches, and firewalls. This process eliminates the need for manual configuration, which can be time-consuming and prone to human error. By automating repetitive tasks, organizations can ensure consistency and accuracy across their network infrastructure.

3: – Automating network configuration processes offers a plethora of advantages. Firstly, it significantly reduces human errors that often occur during manual configurations. With automation, consistency and accuracy are ensured, leading to enhanced network reliability. Additionally, network configuration automation saves time and resources, allowing IT teams to focus on more strategic tasks rather than mundane and repetitive configurations.

4: – Implementing network configuration automation involves selecting the right tools and technologies for your organization. Popular options include Ansible, Puppet, and Chef, each offering unique features and capabilities. It’s important to assess your specific needs and environment before choosing a solution. Once implemented, automation scripts can be created and customized to meet your organization’s unique requirements, ensuring seamless integration into existing workflows.

Note: – **Application Changes**

Applications are deployed differently today than they were 10-15 years ago. So much has changed with the app. The problem we are seeing today is that the network is not tightly coupled with these other developments. Providing various network policies and corresponding configurations is not tightly associated with the application.

They are usually loosely coupled and reactive. For example, analyzing firewall rules and providing a network assessment is nearly impossible with old security devices, driving the need for network configuration automation and the ability to automate network configuration.

Right Tools & Strategies 

– To successfully implement network configuration automation, businesses need to adopt the right tools and strategies. Robust automation platforms, such as Ansible or Puppet, can streamline the process by providing intuitive interfaces and extensive libraries of pre-built configurations. IT teams should also establish clear configuration standards and templates to ensure consistency across the network.

– While network configuration automation offers numerous benefits, it’s not without its challenges. One common obstacle is the initial investment required to implement automation tools and train IT staff. However, the long-term cost savings and increased efficiency outweigh the initial costs. Additionally, businesses must carefully plan and test automation workflows to avoid unintended consequences or disruptions to network operations.

Deterministic outcomes

An enterprise organization’s change review involves examining upcoming network changes, their impact on external systems, and their rollback plans. When humans use the CLI to make changes, typing the wrong command can have catastrophic results. Think about a team of three, four, five, or fifty engineers. Depending on the engineer, changes can be made in a variety of ways. In addition, even using a GUI or a CLI does not eliminate or reduce the chance of errors during change control.

The executive team has a better chance of achieving deterministic outcomes when they use proven and tested network automation to make changes. This increases their chances of achieving a successful project the first time around by achieving more predictable behavior than when making changes manually. This might happen when a new VLAN is added or a new customer is onboarded, requiring multiple network changes.

Furthermore, deterministic results result in lower operating expenses (OpEx), as network changes require less manual labor, resulting in a more efficient network operation (e.g., automating time-consuming tasks such as updating a network device’s operating system). Network engineers can focus on more strategic projects and improve processes with less operating time.

Device Provisioning

An easy and fast way to get started with network automation is to automate the creation and pushing of device configuration files. Two steps are involved in this process: creating the configuration file and pushing it to the device.

To automate configuration files (or configuration data in general), the input parameters (configuration parameters) must first be decoupled from the vendor-proprietary syntax (CLI). Separate files will be created for configuration templates, VLANs, domains, interfaces, routing, etc.

Data Collection and Enrichment

Through SNMP, monitoring tools typically poll management information bases (MIBs) for data. Data may be returned in excess or insufficient to meet your needs. What should be done when polling interface statistics? What if you only need interface resets, not CRC errors, jumbo frames, or output errors?

The command show interface may return every counter, but what if you only need interface resets? Moreover, what if you want to see interface resets correlated with Cisco Discovery Protocol (CDP) or LLDP neighbors now rather than in the future? In this context, what role does network automation play?

We focus on giving you more control so you can customize what you get when you get it, how it is formatted, and how it is used after it is collected. Automating the process can maximize your data.

Migrations

Migrating from one platform to another is never easy. There may be platforms from the same vendor or different vendors. In our example, you can create configuration templates for network devices and operating systems using various forms of automation. Vendors may provide a script or tool that helps with migrations. It would then be possible to generate a configuration file for every vendor using a defined and standard data set (common data model).

If you are using them, you must also consider vendor-proprietary extensions. It is fantastic that such a tool can be built independently rather than by a vendor. A vendor must account for all the device features, while an organization only needs a limited number. Vendors aren’t concerned about this; they are worried about their equipment not making it easier for you, the network operator, to manage multivendor environments.

Configuration Management

In this chapter, we won’t spend much time on configuration management since it is the most common type of automation. In configuration management, devices are deployed, pushed, and managed according to their configuration state. Everything from interface descriptions to configurations of ToR switches, firewalls, load balancers, and advanced security infrastructure is covered to deploy three-tier applications.

As you can see, with the read-only forms of automation, you don’t have to start by pushing configurations. This method may be worthwhile if you spend countless hours making the same change across many routers or switches.

Before you proceed, you may find the following articles of interest:

  1. Open Networking
  2. A10 Networks
  3. Brownfield Network Automation

Network Configuration Automation

One of the easiest and quickest ways to get started with network automation is to automate the creation of the device configuration files used for initial device provisioning and push them to network devices. You can also get a lot of information with automation. For example, network devices have enormous static and ephemeral data buried inside, and using open-source tools or building your own gets you access to this data.

Examples of this type of data include entries in the BGP table, OSPF adjacencies, active neighbors, interface statistics, specific counters and resets, and even counters from application-specific integrated circuits (ASICs) themselves on newer platforms.

Guide with Ansible Core

We have Ansible installed and a managed host already prepared in the following. The managed host needs to have SSH enabled and a user with admin privileges. Ansible finds managed hosts by looking at the inventory file. The inventory file is also a great place to pass variables that can be used to remove site-specific information; this is set under the host var section below.

Remember that Ansible requires Python, and below, we are running Python version 3.0.3 and Jinja version 3.0.3, which is used for templating. You can pass information to ansible managed hosts with playbooks and ad hoc commands. Below, I’m using an ad hoc command, calling the command module by default, and testing with a ping.

Ansible configuration
Diagram: Ansible Configuration

Benefits of Network Configuration Automation:

1. Time and Resource Efficiency: Organizations can free up their IT staff to focus on more strategic initiatives by automating repetitive and time-consuming network configuration tasks. This results in increased productivity and efficiency across the organization.

2. Enhanced Accuracy and Consistency: Manual configuration processes are prone to human error, leading to misconfigurations and network downtime. Network configuration automation eliminates these risks by ensuring consistency and accuracy in network configurations, reducing the chances of costly errors.

3. Rapid Network Deployment: Network administrators can quickly deploy network configurations across multiple devices simultaneously with automation tools. This accelerates network deployment and enables organizations to respond faster to changing business needs.

4. Improved Security and Compliance: Network configuration automation enhances security by enforcing standardized configurations and ensuring compliance with industry regulations. Automated security protocols can be applied consistently across the network, reducing vulnerabilities and enhancing overall network protection.

5. Simplified Network Management: Automation tools provide a centralized platform for managing network configurations, making it easier to monitor, troubleshoot, and maintain network devices. This simplifies network management and reduces the complexity associated with manual configuration processes.

Implementing Network Configuration Automation:

To implement network configuration automation, organizations need to consider the following steps:

1. Assess Network Requirements: Understand the specific network requirements, including device types, network protocols, and security policies.

2. Select an Automation Tool: Evaluate different automation tools available on the market and choose the one that best suits the organization’s needs and network infrastructure.

3. Create Configuration Templates: Develop standardized configuration templates that can be easily applied to network devices. These templates should include best practices, security policies, and network-specific configurations.

4. Test and Validate: Before deploying automated configurations, thoroughly test and validate them in a controlled environment to ensure their effectiveness and compatibility with the existing network infrastructure.

5. Monitor and Maintain: Regularly monitor and maintain the automated network configurations to identify and resolve any issues or security vulnerabilities that may arise.

The Need to Automate Network Configuration

There are always hundreds, if not thousands, of outdated rules even though the application service is not required. Another example is unused VLANs left configured on access ports, posing a security risk. The problem lies in the process: how we change and provision the network is not tied to the application. It is not automated. Inconsistent configurations tend to grow as human interaction is required to tidy things up. People move on and change roles.

You cannot guarantee the person creating a firewall rule will be the engineer deleting the rule once the corresponding applications are decommissioned or changed. And if you don’t have a rigorous change control process, deprecated configurations will be idle on active nodes.

A key point: The use of Ansible variables in an Ansible architecture.

For configuration management, you could opt for Red Hat Ansible. The Ansible architecture consists of modules with tasks on the target hosts listed in the inventory. Various plugins are available for additional context and Ansible variables for flexible playbook development. Ansible Core is the CLI-based version of automation, and Ansible Tower is the platform.

The recommended approach for enterprise-wide security would be a platform-based approach to the Ansible architecture. Using a platform approach using Ansible variables creates a very flexible automation journey where you can have one playbook with Ansible variables, removing any site-specific information running against several different inventories that could relate to your other functions, Dev, Staging, and Production.

Network Automation

The network is critical for business continuity, resulting in real uptime pressure. Operational uptime is directly tied to the success of the business. This results in a manual culture, which manifests as manual and slow. The actual bottleneck is our manual culture for network provision and operation. 

Virtualization – Beginning the change

Virtualization vendors are changing the manual approach. For example, if we look at essential MAC address learning and its process with traditional switches. The source MAC address of an incoming Ethernet frame is examined, and if the source MAC address is known, it doesn’t need to do anything, but if it’s not known, it will add that MAC to its table and make a note of the port the frame entered. The switch has a port for MAC mapping. The table is continually maintained, and MAC addresses are added and removed via timers and flushing.

The virtual switch

The virtual switch operates differently. Whenever a VM spins up and a VNIC attaches to the virtual switch, the Hypervisor programs everything it needs to know to forward that traffic into its process on the virtual switch. There is no MAC learning. When you spin down the VM, the hypervisor does not need to wait for a timer.

It knows the source is no longer there; as a result, it no longer needs to have that state. Less state in a network is a good thing. The critical point is that the provision of the application/ virtual machine is tightly coupled with the provisioning of network resources. Tightly coupling applications to network resources/provisioning offers less “Garbage Collection.”

Box mentality  

When the contents of HLD / LLD are completed and you are now moving to the configuration stage, the current implementation-specific details are done per box. The commands are defined on individual boxes and are vendor-specific. This works functionally, and it’s how the Internet was built, but it lacks agility and proper configuration management. Many repetitive tasks with a box mentality destroy your ability to scale.

Businesses are mainly concerned with agility and continuity, but you cannot have these two things with manual provisions. You must look at your network as a system, not individual boxes. When you look at applications and their scaling, the current network-style implementation method does not scale and keeps in line with the apps. The solution is to move to network configuration automation and automatic interaction.

Configuration management

Network Configuration Automation and Automate Network Configuration

We must move out of a manual approach and into an automated system. Focus initially on low-hanging fruit and easy wins. What takes engineers the longest to do? Do VLAN and Subnet allocation sheets ring a bell? We should size according to demand and not care about the type of VLAN or the Internal subnet allocation. Microsoft Azure cloud is a perfect example.

They do not care about the type of private address they assign to internal systems. They automate the IP allocation and gateway assignment so you can communicate locally. Designing optimum networks to last and scale is not good enough anymore. The network must evolve and be programmed to keep up with app placement. The configuration approach needs to change, and we should move to proper configuration management and automation.

Ansible is a widespread tool of choice. As previously mentioned, we have Ansible Tower as a platform, and for CLI-based devices, we have Ansible Core, which supports variable substitution with Ansible variables. 

SDN: A companion to network automation?

One benefit of Software-Defined Networking (SDN) is that it lets you view your network holistically, with a central viewpoint. Network configuration automation is not SDN, and SDN is not network automation. They work side by side and complement each other. SDN allows you to be abstract and prevents those who do not need to see the detail from not seeing it.

The application owners do not care about VLANs. Application designers should also not care about local IP allocations if they have designed the application correctly. Centralization is also a goal for SDN. Centralization with SDN is different from control-plane centralization. Central SDN controller devices should not fully control the control plane.

SDN companies have learned this and now allow network nodes to handle some or part control plane operations.  

Programming network: Automate network configuration

You don’t need to be a programmer, but you should start thinking like one. Learning to program will make you better equipped to deal with things. Programming networks is a diagonal step from what you are doing now, offering an environment to run code and ways to test code before you run it out.

The current CLI is the most dangerous approach to device configuration; you can even lock yourself out of a device. Programming adds a safety net. It’s more of a mental shift. Stop jumping to the CLI and THINK FIRST. Break the task down and create workflows. Workloads are then mapped to an automation platform.

A key point: TCL and EXPECT

TCL ( Tool Command Language ) is a scripting language created in 1988 at UC Berkeley. It aims to connect Shell scripts and Unix commands. EXPECT is a TCL extension written by Don Libes. It automates Telnet, SSH, and Serial sessions to perform many repetitive tasks.

EXPECT’s main drawback is that it is not secure and is synchronous only. If you log onto a device, you display login credentials in the EXPECT scripts and cannot encrypt that data in the code. In addition, it operates sequentially, meaning you send a command and wait for the output; it does not send send send and wait to receive; it’s a send and waits, sends and wait for mythology.

A key point: SNMP has failed | NETCONF begins

SNMP is used for fault handling, monitoring equipment, and retrieving performance data, but very few use SNMP to set configurations. More often, there is no 1:1 translation between a CLI configuration operation and an SNMP “SET.” It’s hard to get this 1-2-1 correlation. As a result, not many people use SNMP for device configuration and management of structures.

CLI scripting was the primary approach to automating network configuration changes before NETCONF. Unfortunately, CLI scripting has several limitations, including a lack of transaction management, no structured error management, and the ever-changing structure and syntax of commands, making scripts fragile and costly to maintain. Even the use of autocorrelation scripts won’t be able to fix it.

People make mistakes, and ultimately, people are bad at stuff. It’s the nature of the beast. Human error plays a significant role in network outages, and if a person is not logging in doing CLI, they are less likely to make a costly mistake. Human interaction with the network is a major cause of network outages.

NETCONF & Tail-F

NETCONF ( network control protocol ) is an XML-based data encoding for configuration and protocol messages. It offers secure transport and is Asynchronous, so it’s not sequential like TCL and EXPECT. Asynchronous makes NETCONF more efficient. It allows the separation of the configuration from the non-configuration items.

SNMP makes backup and restore complex, as you have no idea what fields are used to restore. Also, because of SNMP’s binary nature, it isn’t easy to compare configurations from one device to another. NETCONF is much better at this.

A final note: Transaction-based approach

It offers a transaction-based approach. A transaction is a set of configuration changes, not a sequence. SNMP for configuration requires everything to be in the correct sequence/order. But with a transaction, you throw in everything, and the device figures out how to roll it out.

What matters is that operators can write service-level applications that activate service-level changes and don’t have to make the application aware of all the sequence of changes that must be completed before the network can serve application responses and requests. Check out an exciting company called Tail-F (now part of Cisco), which offers a family of NETCONF-enabled products.

Network configuration automation is revolutionizing how businesses manage their networks. It offers many benefits, including time and resource efficiency, enhanced accuracy, rapid network deployment, improved security, and simplified network management. By embracing this technology, organizations can streamline network operations, reduce human error, and stay ahead in the dynamic and ever-evolving digital landscape.

Summary: Network Configuration Automation

Network configuration is crucial in ensuring seamless connectivity and efficient data flow in today’s fast-paced technological landscape. However, the manual configuration of networks can be time-consuming, prone to errors, and hinder scalability. This is where network configuration automation comes into play, revolutionizing how networks are managed and optimized. In this blog post, we explored the benefits, implementation techniques, and best practices of network configuration automation.

Understanding Network Configuration Automation

Network configuration automation involves leveraging software and tools to automate configuring and managing network devices. Reducing human intervention eliminates manual errors, enhances agility, and enables effective network management at scale.

Benefits of Network Configuration Automation

Automating network configuration brings a plethora of advantages to organizations. Firstly, it significantly reduces human errors, ensuring accurate and consistent device configurations. Secondly, it enhances efficiency by saving time and effort spent on manual configurations. Additionally, automation allows for faster deployment of network changes, improving overall network agility and responsiveness.

Implementation Techniques for Network Configuration Automation

Implementing network configuration automation requires a structured approach. It involves:

1. Inventory and Device Discovery: Create an inventory of network devices and establish a comprehensive understanding of the existing network infrastructure.

2. Configuration Templates and Version Control: Develop standardized configuration templates that can be easily applied to multiple devices. Implement version control mechanisms to track and manage configuration changes effectively.

3. Orchestration and Automation Tools: Leverage network automation tools that provide scripting, scheduling, and deployment automation features. Tools like Ansible, Chef, and Puppet offer potent capabilities to streamline network configuration.

Best Practices for Network Configuration Automation

To ensure a successful implementation of network configuration automation, consider the following best practices:

1. Test and Verify: Before deployment, thoroughly test and verify automation scripts and templates to ensure they align with the desired network configuration and functionality.

2. Security and Compliance: Incorporate security measures and compliance standards into automation processes to protect network assets and ensure adherence to industry regulations.

3. Documentation and Change Management: Maintain detailed documentation of configurations and changes made through automation. Implement a change management process to track modifications and facilitate troubleshooting.

Conclusion:

Network configuration automation is a game-changer in network management. By embracing automation, organizations can reduce errors, enhance efficiency, and improve overall network performance. Whether deploying standardized configurations or orchestrating complex network changes, automation streamlines processes, allowing IT teams to focus on strategic initiatives and innovation.