Automation has been part of the network administrator’s tasks for a while now. In the same way that system engineers moved from SSH loops to more sophisticated tools years ago,
NetOps are now moving from rancid and expect scripts to more powerful and robust tools.
France-IX is the premier Internet peering service provider in France through its 11 carrier and data center neutral PoPs in Paris and Marseille. France-IX interconnects several hundreds of telecommunications carriers, ISPs, content providers, content delivery networks and many other Internet networks. These networks require improved network efficiencies and exceptional performance.
The challenge at France-IX is to manage the increased growth of traffic and meet our customers’ expectations. This is the reason why we looked at network automation from different angles: the first one is closer to the code, using Python and PyEZ, whereas the second is more abstracted, using Ansible.
Approach 1: Automation with Python and Junos PyEZ
In our current workflow, we use Python scripts with the Junos PyEZ library to push configuration on our equipment via Netconf. Junos PyEZ is known as the “Python library for Junos automation”: https://github.com/Juniper/py-junos-eznc. A good introduction article can be found here.
For example, in our current usage, all common configuration such as ntp, tacacs, syslog, firewall filters are committed this way to ensure consistency across the network. It also enables us to change some of the configurations quickly and efficiently by deploying snippets of configuration to set a device.
As you can see in the figure below, we use a server where we deployed the environment to push configuration via the OOBM network.
It is also possible to run a batch of commands (cli format not recommended). The objective is not to do configuration nor screen scraping of the output, but it can be helpful to check some counters, clear counters in a global fashion, or collect some specific data.
Some of the France-IX scripts and examples are available here.
In order to go even further, we could have chosen to use Jinja templates, render these templates with Python and commit the result as we did with PyEZ (some examples here). The alternative we decided to use at France-IX is Ansible.
Approach 2: Automation with Ansible
Ansible is an open-source orchestration software that automates software provisioning, configuration management, and application deployment. It uses an agentless architecture, meaning nodes are managed by a controlling machine over SSH but do not need to install nor run software locally. Initially used for server management, additional functionalities have been added for network equipment management.
We use playbooks to express configurations, deployment, and orchestration in Ansible. Each playbook maps a group of hosts to a set of roles, each role is represented by calls to Ansible tasks. Documentation is available here.
There are currently two Ansible modules that can be used in order to manage Juniper Networks Junos OS devices. Even if they rely on Python scripts and library, you do not need to write Python.
The first module was developed by Juniper Networks (http://junos-ansible-modules.readthedocs.io/) and includes a multitude of features (from zeroize the device, install new Junos OS image, configure, run snapshot of configuration and tests). Some features are only available with this module.
The second module was developed by the Ansible team. Although limited in terms of features, it brings an interesting perspective because it respects the principle of idempotence (no matter how many times you run the instruction, the result will always be the same) and it is part of the core modules. Documentation is available here.
Both modules were used to automate the deployment of a test backbone with MPLS and EVPN during a three day hackathon organized by Juniper Networks in France in March 2017. Thanks to this set of playbooks, we could deploy the whole architecture (P and PE routers, plus a Route-reflector with ISIS, LDP, BGP and EVPN) on seven Juniper Networks virtual MX (vMX) in less than two minutes. We also took advantages of the XML output provided by XML-RPC invoked on the equipment to make live tests on the network, such as status of the physical interfaces, reachability of the loopbacks IP, ISIS and BGP adjacencies verifications. Lab setup, topology and examples are provided here.
As you can see, many things can already be achieved in a very elegant and fashioned way with these tools, in less time than one would expect. You are more than welcome to take a look at our examples.
At France-IX, the next step is to fetch data from our internal system based on Netbox in order to automate the provisioning of new customers during 2017. We are already thinking about other automation projects for 2018, so stay tuned!
Initially published in Juniper blog on June 9, 2017.