Automation Strategy

5 Concepts Required to Treat the Network as Code

Karan Munalingal

Senior Architect ‐ Itential

5 Concepts Required to Treat the Network as Code
Share this:
Posted on May 24, 2020

In order to accelerate automation, network teams need to change the way they think about managing the network and bring together both NetOps and DevOps practices. By adopting modern agile processes, teams can more practically and quickly see the benefits of treating Network Infrastructure as Code (IaC).

There’s just one catch: getting there requires a mindset shift.

Below are five essential concepts that can serve as building blocks for your team’s IaC transformation.

Remove Humans from Network Device CLI

If network engineers are still leveraging CLI to manage device configurations, there’s no easy migration to treating the network as code. Software code is stored in repositories (not template files), which allows developers to apply robust pipelines and processes in order to solidify deployment and reduce errors while increasing frequency. As a result, to move towards Network Infrastructure as Code, device configurations cannot be managed via templates, but rather in source code repositories.

Break Down Monolithic Network Config into Components

In software development, modularity and re-usability are important concepts. To successfully transition toward an infrastructure as code mentality, network engineers must leave the single configuration file approach behind. Lines of configuration need to be segmented into multiple function-specific blocks that help define a network device as a combination of config snippets. For example, base, day-zero, and day-one are blocks of configuration, each containing different lines that mean something to a network device. By treating each section independently, it will be easier to manage and distribute them so that multiple devices can leverage the various components.

Store Components in Git Repository as The Source of Truth

Traditionally, there are several sources of truth for network configurations. It could be stored as a template in NCCM tools, a monolithic text file on servers or an Excel document with tables filled with config lines. Periodically, leveraging such sources for network configuration requires operations teams to either copy/paste lines of config onto the device directly or replace variables within templates before pushing them to the devices.

To move towards an IaC mindset, network teams need to adopt a software development approach — storing everything in a Git repository, which allows users to exercise approvals on whether particular pieces of code are correct or require changes.

When breaking down configurations into appropriate chunks, it is essential that they are stored separately in a Git repository. That allows teams to implement DevOps concepts such as versioning and pipelines that allow mixing and matching of each of the components to formulate a comprehensive configuration that would be applied to a device. Also, Git repositories allow NetOps teams to apply the software lifecycle to the network config, which can add more rigor to the deployment process and ultimately reduce network outages caused by pushing incorrect configurations to network devices.

Leverage Build Processes to Generate Device Config from Components

Imagine assigning a device to the role of a firewall in the network which could potentially require six different config templates to be applied if they were modularized accordingly. That approach takes a long time because the user has to select the right combination of templates that need to be applied to a device in a sequential manner.

However, if their configuration chunks were stored in Git, an intelligent pipeline could be created to federate and stitch together the right components to determine what the integrity of the device would be in the network. Hence, it is essential that the build process provided by DevOps technologies be utilized to put the chunks of configuration together, execute tests, perform validation, and finally deploy it on a device instead of ad-hoc application of templates manually.

Leverage Tooling to Perform Validation

As networks continue to sprawl across hybrid infrastructure, network teams are having a difficult time performing robust validation and testing within maintenance windows prior to making changes in the network. Lack of thorough validation results in incorrect configurations being pushed to devices causing network outages. It is critical that networking teams focus on config validation to reduce chances of service disruption and potential rollbacks which lead to re-scheduled maintenance windows.

With automation and by adopting NetDevOps principles, network teams can perform validation live during the maintenance window and potentially fix incorrect configurations before pushing any changes to the network. Activities such as linting, static code analysis, unit testing, integration testing and lab validation can now be steps within a pipeline that would isolate incorrect config proactively and allow operations teams to take corrective actions. If the pipeline allows for building dynamic configs and includes testing and validation for each device type before deployment, it would save several man-hours during maintenance windows in addition to avoiding disastrous network changes.

It’s no secret that performing network-facing actions manually is very error-prone. However, if business rules are built into the pipeline, one can create a streamlined process to build, validate, test, and ultimately push out network configurations without causing network outages.

As organizations consider treating Network Infrastructure as Code, remember that in order to leverage the software principles that application developers are using today and find success with NetDevOps, teams need to look to the software development principles that application developers use today while keeping unique networking needs in account.

At Itential, we believe the future of the network will be treating network infrastructure as code. That’s why we’ve built our automation platform to fully support NetDevOps principles and practices and leverage federation capabilities to serve as your accurate source of truth across a distributed ecosystem. We’ve also built a robust toolbox for developers to leverage a NetOps pipeline that aligns with traditional software engineering practices while staying flexible enough no matter your level of automation. By utilizing the Itential Automation Platform in tandem with Network Infrastructure as Code concepts, organizations can simplify and accelerate their move toward automated, programmable networks.

The Rise of NetDevOps & The Shift Left for Networking
Karan Munalingal

Senior Architect ‐ Itential

Karan Munalingal is the Head of Solutions Engineering at Itential. Previously, Karan ran systems engineering at Ciena, focusing on carrier ethernet and core switching platforms. At Itential, Karan drives automation strategy serving global customers transitioning to modern networks and software-defined network programmability.

More from Karan Munalingal