5 Concepts Required to Treat the Network as Code
In order to accelerate automation, network operators need to change the way they think about managing the network and incorporate DevOps practices. By adopting modern agile processes, the benefits of treating Network Infrastructure as Code becomes more attainable. That being said, network as code initiatives require a mindset shift to enable success. Below are five essential concepts that serve as building blocks.
Remove Humans From Network Device CLI
Transformational thinking is required when discussing network and software principles in conjunction. Questions such as, “What does each line or block of configuration mean to a network device?” and “How does it get managed and applied to the network device?” arise and require answers. However, if network engineers are still leveraging CLI to manage device configurations, there’s no easy migration to the network being treated as code. Software code is stored in repositories (not template files) which allows developers to apply robust pipelines and processes in order to solidify deployment and reduce errors while increasing frequency. As a result, to move towards Network Infrastructure as Code, device configurations cannot be managed via templates, but rather in source code repositories.
Break Down Monolithic Network Config Into Components
In software development, modularity and re-usability are important concepts. Today, when people think about network configurations on devices, they think of a single file that includes every single line that should go on a device. However, to successfully transition towards a network as code mentality, single-file lines of configuration need to be segmented into multiple function-specific blocks that help define a network device as a combination of config snippets. For example, base, day-zero, and day-one are blocks of configuration, each containing different lines that mean something to a network device. By treating each section independently, it will be easier to manage and distribute so that multiple devices can leverage the various components.
Store Components in Git Repository as The Source of Truth
Traditionally, there are several sources of truth for network configurations. It could be stored as a template in NCCM tools, a monolithic text file on servers or an Excel document with tables filled with config lines. Periodically, leveraging such sources for network configuration require operations teams to either copy/paste lines of config onto the device directly or replace variables within templates before pushing them to the devices. To move towards a network-as-code mindset, NetOps teams need to adopt a software development approach which includes storing everything in a Git repository which allows users to exercise approvals on whether particular pieces of code are correct or require re-work.
When breaking down configurations into appropriate chunks, it is essential that they are stored separately in a Git repository so that DevOps concepts such as versioning and pipelines allow mixing and matching of each of the components to formulate comprehensive configuration that would be applied to a device. The mind shift goes from taking all the configurations from files that are stored on servers to a centralized repository where it can be managed appropriately based on permissions, testing, and approvals. Also, Git repositories allow NetOps teams to apply the software lifecycle to the network config which can add more rigor to the deployment process ultimately reducing network outages due to incorrect configurations being pushed to network devices.
Leverage Build Processes to Generate Device Config From Components
Each device in the networking ecosystem has a role and a purpose. Imagine assigning a device to the role of a firewall in the network which could potentially require six different config templates to be applied if they were modularized accordingly. That approach takes a long time because the user has to select the right combination of templates that need to be applied to a device in a sequential manner.
However, if their configuration chunks were stored in Git, an intelligent pipeline could be created to federate and stitch together the right components to determine what that integrity of the device would be in the network. Hence, it is essential that the build process provided by DevOps technologies be utilized to put the chunks of configuration together, execute tests, perform validation and finally deploy it on a device instead of ad-hoc application of templates manually.
Leverage Tooling to Perform Validation
As networks become more complex, NetOps teams are having a difficult time performing robust validation and testing within maintenance windows prior to making changes in the network. Lack of thorough validation results in incorrect configurations being pushed to devices causing network outages. It is critical that networking teams focus on config validation to reduce chances of service disruption and potential rollbacks which lead to re-scheduled maintenance windows.
With automation and the utilization of DevOps principles, NetOps teams can perform validation live during the maintenance window and potentially fix incorrect configuration before pushing any changes to the network. Activities such as linting, static code analysis, unit testing, integration testing and lab validation can now be steps within a pipeline that would isolate incorrect config proactively and allow operations teams to take corrective actions. If the pipeline allows for building dynamic configs and includes testing and validation for each device type before deployment, it would save several man-hours during maintenance windows in addition to avoiding disastrous network changes. It’s no secret that performing network-facing actions manually are very error-prone. However, if business rules are built into the pipeline, one can create a streamlined process to build, validate, test, and ultimately push out network configurations without causing network outages.
As organizations consider treating Network Infrastructure as Code, remember that in order to leverage the software principles that application developers are using today, the network has to move away from using network devices as sources of truth. As the networking ecosystem becomes more programmable, REST APIs, Models and JSON serve as the modern interfaces that allow organizations to attain network agility. Such innovations and standards enable networks to scale, move faster and utilize DevOps concepts.
In addition, segmenting device config into multiple different components allows for more agility, modularity and re-usability. Finally, relying on DevOps principles, repositories and pipelines provide such benefits as centralized versioning and management of network configurations, validation and testing of configuration before deployment, and incorporation of software development standards to make network management more robust.
At Itential, we believe the future of the network will be treated as code. This is why we’ve built our automation platform to fully support DevOps principles and leverage federation capabilities to serve as your source of truth. We’ve also built a robust toolbox for developers to leverage a NetOps pipeline that aligns with traditional software engineering practices, while staying flexible enough no matter your level of automation. By utilizing the Itential Automation Platform in tandem with Network Infrastructure as Code concepts, organizations can simplify and accelerate their move toward automated, programmable networks.
Article Originally Published on DZone.com.