Over the past few months, I’ve been posting on using Ansible for network automation.  Changing things up a bit, this post will cover using Ansible for server automation and I’ll share a few Ansible playbooks that I’ve built and have been using to bootstrap servers and prep them for various applications such as OpenStack and NSX deployments.  

Over the past few years, I’ve had the opportunity to work with best and the brightest in the industry.  The reach started with my co-workers, partners, and vendors, but gradually expanded due to the likes of maintaining a blog and occasionally being on Twitter.  In a recent exchange with someone who gave me a massive pivot and jump start in my career almost 10 years ago, it reminded me of a presentation this same person gave back then.  

In my previous post about Docker, I focused on an introduction to networking with Docker.  That post had a fair amount of traction mainly due to it being #dockercon the week it was published, and seemingly, people had an interest in learning more about it.  Following the post, there were a few folks (@hartley and others) that pointed me to some great links about more advanced concepts in Docker and a site that validated what I was speculating with leveraging overlay tunnels as means for connectivity between nodes running Docker.

There has been a ton of information out there on Docker over the last week.  Because the impact on networking is often overlooked for new technologies, I figured I’d get a head start to understand the basics of Docker Networking.  This post documents the steps I took to test docker analyzing the network constructs that are automatically configured during container creation.

Automating the configuration, provisioning, and management of particular workflows for cloud gets a lot of attention these days.  While automation makes perfect sense for deploying workloads faster, there are also other areas where automation can be leveraged to improve the overall operational efficiency of the IT Ops team. 

If you read this site often, you already know I’ve been doing quite a bit of work with Ansible specifically as it pertains to networking.  While I will be showing another video very soon in a follow up post, I wanted to take a step back and cover a few things before doing so.  The focus here is less about the technology and more my general mindset around automation PLATFORMS, code, open source, and why I do it.  Just something I’d like to share because I’m occasionally asked questions around these topics.

When networks are deployed in a box by box model, network admins know exactly what, where, and how something is being configured.  In highly dynamic environments, this may not be the case.  This is why it’s crucial to understand what is really going on behind the scenes.  In OpenStack, there are several components that together are comprised to make OpenStack Networking (aka Neutron).  These include the Neutron server, dhcp agent, metadata agent, L3 agent, and then the agents that would reside in the infrastructure to be programmed (on either physical and/or virtual switches).  For example, in Open vSwitch deployments, there would be a Neutron OVS agent on each host/server.  And this could vary based on which particular vendor plugin is being used too!

[Special and huge thanks to Scott Lowe for answering an endless amount of questions I had while writing this post and testing with NSX/OVS over the last few days. Thanks to Deepesh as well who I bounced OVS questions off of when I needed to give Scott a break. ]

In Open vSwitch 101, I described the three main components that make up Open vSwitch (OVS) from an architectural standpoint, namely ovs-vswitchd, ovsdb-server, and the fast path kernel module.  If you start to work with OVS, the first thing you realize is that it takes quite a bit more knowledge to really understand it.  This post will focus on some design principles and options when running OVS on a hypervisor like KVM in conjunction with a network virtualization solution.

There is so much discussion on if network engineers need to be programmers that I was almost getting pissed off last week.  It was an odd and funny feeling.  Anyway, I've written in the past here and here about the use of Ansible for networking.  In this post and video, the goal is to show why network engineers don’t need to be "hardcore programmers."

In the last post, I talked about how Ansible could be used for various forms of network automation.  In the comments, Michael asked if Ansible could also be used for network test automation and verification.  Since I’m just starting to explore Ansible, I figured why not try it out.  The short answer is, it’s possible.  Let’s take a look at an example proving this out.

[This article is the outcome of some great conversations and exchanges I’ve had recently with Jeremy Schulman (@nwkautomaniac) around automation and Devops in the world of networking.  Thank you to Jeremy for those late tweaks before getting this posted!  Thanks to Kirk Byers (@kirkbyers) as well - he was also gracious enough to respond to clarify a few things and assisted with this post indirectly.]

There have been numerous articles written that describe the what and the why of Devops.  Reading through a few of these, you find references to CAMS --- you’ll read how “Devops is about CAMS.”  CAMS stands for Culture, Automation, Measurement, and Sharing.  Imagine working in an environment where automation is embraced?  We know most networks are not leveraging nearly any type of automation.  While we usually talk about engineers (of all types) not embracing automation, is the harsh reality most organizations are from having the right culture to embrace automation? 

You can’t listen to an interview or podcast, an industry panel, or read a Q&A about the future of networking that doesn't involve skill sets.  The biggest question of them all – what skills should network engineers focus on so they don’t become irrelevant? If you really want to know what skills make sense, why ask, when you can do an easy search to see what skills companies are looking for these days in a variety of roles.  Combine SDN with DevOps into your search criteria and the results may surprise you.  They sure surprised me.  

It’s been two weeks since I attended my 3rd consecutive Open Networking Summit (ONS) and I’m glad to say, I finally found some time to get some notes and thoughts on paper about the conference.  Here are some on SDN at Google and Microsoft, and how they compare and contrast to industry incumbents’ solutions, but also how programmable NFV can be game changing in the Enterprise.  I also include thoughts on how Embrane and Big Switch play into this.

Over the past few weeks, I’ve written about the idea behind a common programmable abstraction layer.  Previous articles are here and here.  It’s worth stating that something like a CPAL can be used with or without SDN controllers and with or without cloud management platforms.  As can be seen from the previous write ups and the video/demo below, today its primary focus is data extraction and data visibility.  It can use device APIs or controller APIs.  It’s about accessing the data you need quicker.  It’s that simple.  No more jumping from device to device and having to manage text and excel files.  

Edit 3/15/2014:
Github repo for CPAL

If there is a controller in the environment, you can still view data around particular physical and virtual switches in the environments by creating the right modules.  Same can be said if there was a CMP/CMS deployed.  While a CPAL can easily make changes to the network, it’s about taking small steps that can have a larger impact on how we use new APIs on network devices and controllers.  And if we don’t strive for a common framework now, we will end up with many more APIs than there are CLIs.  What good is that?

Two of the three companies promoting white box, now more commonly known as bare metal, switching are Cumulus and Big Switch Networks.  There has been coverage on each of these companies, but the question always arises, “does Cumulus support OpenFlow?”  I had the chance to talk to JR Rivers, Cumulus CEO, at the last Open Networking User Group (ONUG) during a Tech Field Day video and heard the answer from him then, but hadn’t seen anything documented publicly. 

In the previous post, I talked about a common programmable abstraction layer (CPAL).  To better understand the thought process behind having a common PAL, it makes sense to review some of the work Jeremy Schulman has been doing.  Jeremy often refers to the Python interactive shell as the new CLI for networking.  When you watch him give a demo using the Python shell as a CLI, it is second nature and looks exactly like a network CLI.  It makes perfect sense.

In late January, there were some big names on stage at the latest Open Compute Summit.  I’d like to focus on one keynote panel that was called, “Opening Up Network Hardware.”  The panelists for this session included Martin Casado (VMware), Matthew Liste (Goldman Sachs), Dave Maltz (Microsoft), and JR Rivers (Cumulus) and was led by Najam Ahmad (Facebook).  If you haven’t watched the session already, it’s definitely worth it.  You can check it out here.

In a recent post, I wrote about some Python work I was testing on the Nexus 3000.  The end conclusion was that open Linux platforms will offer more flexibility --- for the consumer of the technology, ultimately the customer.  In this post, we’ll take a look at an example that integrates Python with the native Linux operating system.  

If you haven’t heard, there is a new switch vendor in town – Pluribus Networks.  That’s right.  In the new world where hardware is being dominated by software, there is an upstart that is trying to sell ASICs (along with their value added software, of course).  This actually isn’t too common these days.  Since Software Defined Networking (SDN) became the latest craze, the only startups going after major incumbents have been Plexxi and Pica8.  Before them, Arista. 

Note: I am not including software only companies that can run on bare metal switches such as Cumulus Networks.

This post shares some thoughts on some recent testing I’ve done with a Cisco Nexus 3000 and its built-in Python interpreter.  It also touches upon why open and programmable could benefit the community with some concrete examples.

The application that I have started to build is all about more efficiently and more easily managing devices programmatically without using the CLI.  You will see that the Python APIs (methods, functions, etc.) are still fairly limited on the 3K, so I did have to use the “CLI” function to send commands from Python to the native Cisco NX-OS CLI.  Having access to Linux could have made it possible to modify the files needed instead.

Software Defined Networking (SDN) is the new way of networking.  It’s plain and simple.  And one of these days we’ll just go back to calling it networking because at its root, the network will still be forwarding the data needed for businesses to operate and thrive.  In this post, we’ll look at several new products and companies that have emerged over the last few years within the SDN Ecosystem and see why SDN is already the new norm in networking.

There is more talk these days on mice and elephants.  One option to give these elephants special treatment is to deploy a separate physical network to handle the top talkers and elephant flows.  How can OpenFlow help in a design like this to increase the overall performance of the network?

It's been nearly a week since the Insieme launch and I've yet to write a post about it, but wanted to share the following excerpt that was originally posted in a recent Network World article where Martin Casado comments on Cisco's ACI vs. VMware's NSX.

"NSX supports Citrix XenServer and Red Hat KVM as well as VMware ESX, he says. Support for Microsoft Hyper V is coming. And if the point Cisco's trying to make is that software overlays require a hypervisor, well, NSX can also run on bare metal servers without one, Casado claims. It can create tunnels from a Linux endpoint, he says."

Tunnels to bare metal servers.  Interesting to say the least.

For the original article:
http://www.networkworld.com/community/blog/cisco-claims-scuttled-vmware

SDSec – have you heard that one before?  This is actually what startup vArmour is preaching – Software Defined Security.  I had the opportunity to talk with one of their guys at ONUG to learn a little bit more about them.  Here is what I found out.

Yesterday was an interesting day in that I attended a full day ONUG academy session that was all about writing SDN applications.  Big thanks to Matt Davy and Chuck Black for leading the session.  While we weren’t hacking on code, there was a lot of discussion around APIs, network programmability, and the approach to take when building SDN applications [that leverage northbound APIs of a controller].  I’ve made it pretty public that I’ve been working with onePK building my own controller (using the term controller very loosely here) communicating directly with network devices as opposed to natively integrating with an existing controller like OpenDaylight, Floodlight, etc. and leveraging their northbound APIs.