My name is Dmitrii.
This is the first blog post ‘Introduction’ where I want to briefly describe what the blog is about and its main goal. The blog was created to work on the student project ‘Network as Code. NaC model’. I will tell more about it a bit later.
The main purpose of the blog is a journal of the project to express my thoughts, ideas, what difficulties I will face and how I will solve them.
After the practical work and blogging at each milestone that blog will help me to write a final report.
The target audience of the blog
Is everyone who is interested in computer networks and networks automation, for example, Network Engineers, System Administrators and etc. Also, for my supervisor to track my work of the project.
You are all very welcome to join!
About the author
Is not a genius. I am not an expert in networking technologies and programming although I have some certificates of a well-known networking vendor that has brand name of five letters. I do not have 10-15 years or more of work experience. Most importantly, I think that I am interested in that area and what I am doing. I will not write about how networks and protocols work or how to install some software. I have limited time for the project and knowledge at this moment.
If you are still reading this then I will begin to describe the project idea named ‘Network as Code. NaC model’ and what I am going to do.
What are Network as Code and NaC model?
If we try to find a common definition of what Network as Code is in the wiki, we will not find anything. The roots of this concept come from Infrastructure as Code where the entire infrastructure is represented in configuration files. The IaC approach usually relates to cloud computing and data centers. I believe that ‘Network as Code’ is a modern way using software development methods and disposal of the traditional approach when each network device is managed independently which leads to the high probability of a human error that especially happens on the scale of large networks.
The second term is the ‘NaC model’ that is easier to explain using the following picture:
4. Source of Truth
Is something that stores all information about the network (for example, what kind of network devices, how they are connected to each other, address management, where they are located and etc). That is the most trusted place. The network that should be. The database of the network.
3. Distributed Source Control
System tracks all changes in the network as a code. (mostly for device configuration files). Also, it allows to build a workflow where something is testing in the test environment at first and then will apply to production. It is the main tool that manages the entire network. The control center.
2. Automation Tools
Layer directly interacts with network devices. For example, that generates commands, connects to the devices and run commands.
(collecting statistic information from all routers, adding logical interfaces and etc). In short, Robots.
Are places where all network devices exist virtual and real. In short, assets.
For example, a development environment (sandbox) where a Network Engineer will test something locally and then will apply to test and production environments.
The next picture describes the main components of the NaC model which I will use in the project. Also, other solutions of components have existed.
is an open source web application designed to help manage and document computer networks. That is the network database.
is a distributed version-control system for tracking changes in source code during software development.
is a web-based Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features, using an open-source license, developed by GitLab Inc. That is the control center.
The main programming language. The components such as Ansible, Napalm, PyATS, Robot Framework are written in Python.
is an open-source software provisioning, configuration management, and application deployment tool.
is a Python library that implements a set of functions to interact with different router vendor devices using a unified API. https://github.com/napalm-automation/napalm
is an end-to-end testing ecosystem, specializing in data-driven and reusable testing, and engineered to be suitable for Agile, rapid development iterations.
is a generic test automation framework for acceptance testing and acceptance test-driven development (ATDD).
is a network software emulator. It allows the combination of virtual and real devices, used to simulate complex networks.
It will be great to have real network devices in the production environment but I do not have the possibility to rent or use any existing network.
The next picture describes the main goal of the project:
The NaC model uses in conjunction with the main components and its implementation in the enterprise network. The enterprise network will be designed on the basis of the best common practices.
That production network will be virtual and build in the GNS3 software environment.
The development and test environments will be copies of the production environment. Also, I will use multi-vendor network devices such as Cisco Systems, Juniper Networks and VyOS.
Why an enterprise network because I do not have enough knowledge and practical experience in internet service provider and data center networks.
The main artifact of the project will be the interaction (output) of NaC model with the virtual enterprise network. A large amount of time, I will spend on the interaction. In contrast to the full-scale deployment of the NaC model as a single entity that combines all components together.
What I am going to do?
My milestones of the project:
- Deployment ‘Main components’ of NaC model (week 11)
- Configuration ‘Main components’ of NaC model (weeks 12,13)
- NaC model and Enterprise network at Day 0 (weeks 14,15,16)
- NaC model and Enterprise network at Day 1 (weeks 17,18,19)
- Write the final report (weeks 20,21,22)
- Make a poster (weeks 23,24)
At the completion of each milestone, I will post the results to the blog.
The following picture describes the virtual infrastructure where all the components of the model will be located:
VM1: Ubuntu WS
is a workstation of the Network Engineer/System Administrator where the following components will be installed:
PyCharm / Ansible / Python / Napalm / Git / PyATS / Robot Framework and GNS3 Client.
is a virtual enterprise network for the production environment.
is a copy of the production virtual network that is for the test environment. The environment where configurations will be tested at first and if everything goes well then will go into production.
a sandbox for the network engineer to test something new (locally).
Ideally individually for each Network Engineer.
The difference from the test environment is the development environment is isolated from NetBox / GitLab. Any changes are tracked locally.
VM5: Debian / Docker
is a VM where are containers with the NetBox and GitLab.
VM6: VyOS GW
is an intermediary through which all environments and Internet access are available.
All virtual machines are located in the VMware cluster.
The next picture describes the overview of the enterprise virtual network:
Legend of the company’s network (overview)
At the current time, company ‘X’ has a headquarter office (HQ) and two small branches (BR1) and (BR2).
In HQ all network devices are Cisco and the network was built on the traditional hierarchical LAN design that has three layers: access, distribution and core. Also, the enterprise edge and server farm areas.
The BR1 of the company ‘X’ has a VyOS-based edge router and Cisco vL2 Switch.
The BR2 of the company ‘X’ has only one vSRX firewall/router (JunOS) device.
All devices are available for management via out-of-band management interfaces.
One of the project’s goals is to show a multi-vendor approach.
I think, the enterprise network usually has a lot of devices from different vendors.
To sum up, as you have noticed there is a lot of work but that is worth it.
I would be happy for any feedback in the comments area and welcome for the critique. I think, when I am working alone I do not notice obvious mistakes under my nose.
All this is doing on the author’s enthusiasm.
P.S. The author is not a native English speaker.
If you will find a grammar mistake, please let me know.
YouTube. (2018). NetDevOps CICD Pipelines Can Develop, Test, and Deploy Network Configurations.
Retrieved from https://youtu.be/s3iDm0Mw-YE
Preston H. (2018). What Does “Network as Code” Mean?.
YouTube. (2015). Network Automation and Programmability Abstraction Layer with Multivendor support.
Retrieved from https://youtu.be/93q-dHC0u0I
YouTube. (2015). PLNOG15 – N.A.P.A.L.M. support (Elisa Jasinska).
Retrieved from https://youtu.be/Swa8mZLDChg