There has been a lot of discussion recently in networking circles surrounding automation especially in discussions about Software Defined Networking (SDN). While automation means different things to different people I would define it as any tool or solution that automates repetitive tasks (making the job easier) while making the output more consistent and ultimately the network more reliable. I’m a huge proponent of having the computer do the work, I guess that could be defined as automation.
The purpose of this post is to provide some simple examples of how you can start automating today. These are not glamorous solutions hence the poor man slogan but they should help provide some idea of what’s possible. There are plenty of open-source and commercial solutions out there, one that’s been receiving some extra press these past few months is Puppet.
In my current organization we deploy a lot of equipment and we usually do so on a very tight timetable where we have hours, not days or weeks to turn up a closet or a remote site. So our time is extremely precious but more so we can’t afford to be troubleshooting erroneous configuration errors that could easily be avoided with some simple automation. Like numerous organizations before us we too had Microsoft Word Templates and Excel macros and formulas but we almost always ran into problems with the human element of the equation.
I took a small 1Gbps CentOS Linux guest with a LAMP (Linux, Apache, MySQL, PHP) stack and started throwing together some Perl, PHP and JavaScript code. The outcome was a pretty powerful example of what’s possible without a big capital investment or some consulting company reaching their quarterly sales goal on your dime.
Here are three simple examples which are adoptions of each other, adding additional features as time allowed and the solutions matured.
Juniper SRX – VPN Branch Offices
While we were migrating our remote branch offices (31+ locations in all) to Juniper SRX Service Gateways we quickly realized we needed a more reliable solution than building the configuration by hand. We had a Microsoft Word template that had various fields marked {RED}, the field engineer would perform a search-n-replace to ultimately build the configuration. In our first few conversions we had a number of typos in the configuration that caused use to overrun our scheduled maintenance window. How can we make configuring the Juniper SRX easier for our field engineers? What about a web based portal that takes in the assorted variables and outputs a working configuration?
The solution was really quite easy and has been done by others before. The field engineer plugs in a few values and the Perl/PHP application spits back a complete configuration for both the branch office Juniper SRX 210H and the main office Juniper SRX 650. The initial version of the application required the field engineer to enter a random 128 character shared key, later versions of the application automatically generated a random shared key for use in the configuration. This approach completely eliminated any other configuration issues during the migration project and is now part of our standard process for a new greenfield site.
Avaya Ethernet Routing Switch 4850GTS-PWR+
On the heals of that migration we had a very large expansion project underway at our largest facility. The physical construction called for the installation of about 63+ Avaya Ethernet Routing Switch 4850GTS-PWR+ switches. In order to help streamline the configuration process and help eliminate configuration errors I built an adaption of the earlier application above to fit the requirements for this project. In this project I expanded the functionality of the original application by adding JavaScript code to perform client side data validation. If the field called for an IP address, then the JavaScript code would only submit the data to the server if the field passed validation. It was pretty straight forward and simple but we took the original solution and improved on it.
APC UPS/PDU Management Cards
In that same expansion project we also identified the need to streamline the configuration of the American Power Conversion (APC) UPS’s and PDUs that we were deploying throughout the infrastructure. If you’ve ever worked with them you know they can be somewhat difficult to quickly and easily configure. Our field engineers were spending on average 1 hour to configure each device and often there were inconsistencies in the configuration depending on which field engineer had performed the configuration. So we came up with a new streamlined process which allows the engineer to complete the task in about 15 minutes. The field engineer manually configures a DHCP reservation (manual DHCP) utilizing the MAC address of the management card within our Infoblox IP address management solution. Once the UPS or PDU is online and communicating with the network the field engineer plugs in a number of variables into the web browser and the Perl application will output the configuration. In this case we decided to take this solution one step further by having the Perl application actually program the configuration into the device. The Perl application will generate the configuration and then will make a FTP call to the actual asset and upload the configuration. The only thing left for the field engineer was to perform some simple tests once the task was complete, to verify that the asset was reporting, sending SNMP traps, to our management platform. And even that last step could have probably been easily automated.
My Thoughts
There are a number of frameworks that I could have used in writing these applications but I decided to keep it simple (this time around). The point here is to just provide an example of what’s possible. There are quite a few tools and solutions in the market place that already leverage SNMP, NET-CONF, XML, SOAP APIs, etc to help provide integration between systems as well as management and automation.
Wouldn’t it be great if the last application accepted the MAC address of the APC UPS/PDU and made an automated call to Infoblox and automatically created a DHCP reservation for that asset? Thereby streamlining the process even further? There’s nothing stopping me from doing that other than the time and energy it takes to code the solution and then test it appropriately.
I’m not ready right now to release the actual code but if enough people request I will work to creating sanitized copies and release the code under a GPL license.
Let me know what your doing around automation.
I recall a number of interesting posts a few years back where some folks had completely automated how they inventory and on-board their IP phones. They were using bar code scanners to collect the information from the outside of the box and then had an automated process for taking that information and creating the necessary configuration files for a zero-touch installation, including the actual node and TN information for the Avaya Communication Server 1000. That was a pretty neat example of automation in my opinion and obviously saved them a lot of time and effort.
Cheers!
Stefan Herbst says
Great post! Sadly I still do a lot of this type of work in excel.
Your post is a great example of how to improve and streamline efficiency with tools we have today.
Stefan
Michael McNamara says
Hi Stefan,
As you know there needs to be a return on the time invested in any project. If we were only going to be configured one or two Juniper SRX 210Hs then it wouldn’t really have made sense. However, since we’re deploying 2-3 a month in addition to the 31+ that we needed to migrate the time and energy spent to code the application and test it was well worth it. Add to that the fact that I can now delegate these tasks to others in my team once I’ve provided them with the tools – that’s a huge benefit.
Once we have the initial application coded we can now start improving on it and adopting it to other tasks, so the initial effort and investment starts to pay off in spades.
Thanks for the comment!
Ronny Lam says
IMHO automation is indeed poor mans automation if you don’t automate the variables, including IPAM and VLANs and hostnames. This way you only solve part of the configuration issues and don’t solve the administration issue. Have a look at NetYCE, where we developed a product that does Design Driven Networking, which automates every detail as designed, including all the variables. Please contact me if you want to know more. Sorry for the pitch-like comment.
Michael McNamara says
Thanks for the comment Ronny.
I will have a look at that link.
Cheers!
Frank says
At least on the Juniper side, check out the Ansible work that Jeremy Schullman has done:
https://github.com/jeremyschulman/
It is way, way more feature complete than the puppet implementation.
Michael McNamara says
Hi Frank,
Yes, I’ve seen Jeremy’s work before… really impressive. I just need to find the time to explore all the options.
Thanks for the comment!
Joao says
“if enough people request I will work to creating sanitized copies and release the code under a GPL license.”
Well, I could certainly use some help to start off…
We’ve been mainly using Excel spreadsheets and notepad templates to keep things running, but with an infrastructure of over 500 switches and a support team that is struggling with keeping qualified people around for more than a couple of years, we have finally realized we need to automate things…
We are planning on starting internal development of such a tool that would combine some of what you shown above, with some actual configuration changes on production equipment via SNMP or a CLI script (things like enabling or disabling a port, to allow a designated IT delegate in each department to perform those actions without having to give him a full RW password for the switches).
I just submitted my project yesterday for management to approve, and as I read this post it came out quite inspirational!
Thanks for your commitment in contributing to the community!
Michael McNamara says
Hi Joao,
I would suggest you start small and then build up/out from there. I see folks all too often that set goals so high that they never get anything working and ultimately give up. I’m still using some scripts I wrote more than 13 years ago… don’t get me wrong, they are ugly but they work and there’s never anytime to go back and clean things up.
Have you chosen the primary programming language your going to code with?
I’m still using Perl for 90% of my work with the Net-SNMP libraries although I have been trying to move into PHP for any web based applications.
Hit me up on Google+ if you’d like to talk further and thanks for the comment!
Good Luck!