Understand the functions of Ansible, which is an agentless and extensible configuration management system.
Network automation
As technology changes in the IT industry, from server virtualization to
public and private clouds, as well as self-service capabilities, containerized applications, and
platform-as-a-service (PaaS) delivery, one area that has long lagged behind is networking.
Over the past five years or so, there seem to be many new trends in the networking industry, many of which are grouped under software-defined networking (SDN).
note:
SDN is a new method for constructing, managing, operating and deploying networks. The initial definition of SDN was due to the need to physically separate the control layer and the data layer (packet forwarding), and the decoupled control layer must manage its equipment.
Today, there are many technologies under SDN, including controller-based networks, network device APIs, network automation, whitebox switch (whitebox switche), strategic networking, and network functions virtualization (Network Functions Virtualization) ) (NFV) and so on.
For the purpose of this report, we refer to the SDN solution as our solution, which includes a network controller as part of the solution, and improves the manageability of the network, but does not need to be solved from the data layer Coupling control layer.
One of these trends is that the APIs of network devices have emerged as a way to manage and operate these devices, truly providing machine-to-machine communication. The API simplifies the development process when automation and building web applications are needed, and provides more structure in how data is modeled. For example, when an API-enabled device returns data in JSON / XML, it is structured, and it is easier to use than a command-line-only device that requires manual parsing than returning native text information.
Before the API, the two main mechanisms used to
configure and manage network devices were the command line interface (CLI) and the simple network management protocol (SNMP). Let's take a look at them. CLI is a device's human-machine interface, and SNMP is not a real-time programming interface for devices.
Fortunately, because many vendors are competing to add APIs to devices, sometimes just because it is placed in a RFP, which brings a very good side effect-supporting
network automation. When the real API is released, the process of accessing the data in the device and the management configuration will be greatly simplified, so we will evaluate this in this report. Although many traditional methods can also be used for automation, for example, CLI / SNMP.
Simplified architecture
Today, each network is a unique "snowflake", and network engineers are proud to be able to solve transmission and application problems through one-time network changes, which ultimately makes the network not only difficult to maintain and manage, but also It is difficult to automate.
Network automation and management need to be included in the new architecture and design from the beginning to deploy, rather than as a second or third level project. Which feature can work across different vendors? Which extension can work across different platforms? When using a specific network device platform, what is the API type or automation engineering? When these questions are answered before the design process, the final architecture will become simple, repeatable, and easy to maintain and automate. Vendor-specific extensions will rarely be enabled throughout the network.
Definite result
In an enterprise organization, a change review meeting evaluates the network changes facing them, their impact on external systems, and rollback plans. In a world where people are implementing these changes through the CLI, the impact of entering the wrong command is disastrous. Imagine a team of 3, 4, 5, or 50 engineers. Every engineer has their own unique approach to the changes they face. And, while managing these changes, one's ability to use the CLI or GUI will not eliminate and reduce the chance of errors.
Using proven and tested network automation can help achieve more predictable behavior and make the execution team more likely to achieve authentic results, taking it one step further on the road for the first time to ensure that tasks are completed correctly without human error .
Business flexibility
Needless to say,
network automation not only provides speed and flexibility for deployment changes, but also makes it faster to retrieve data from network devices based on business needs. Since the advent of server virtualization, server and virtualization have given administrators the ability to deploy a new application in an instant. Moreover, as applications can be deployed faster, the question that arises is why it takes so long to configure a VLAN (Virtual Local Area Network), router, FW ACL (Firewall Access Control List), or load balancing strategy. ?
By understanding the most common workflows in an organization and why you really need to change the network, deploying modern automation tools such as Ansible will make these very simple.
This chapter introduces some advanced knowledge points about why network automation should be considered. In the next section, we will take you to understand what Ansible is, and continue to understand the different types of network automation in IT organizations of all sizes.
What is Ansible?
Ansible is the latest IT automation and configuration management platform in the open source world. It is often compared to other tools such as Puppet, Chef, and SaltStack. Ansible appeared as an open source project created by Michael DeHaan in 2012. Michael DeHaan also created Cobbler and cocreated Func, which are very popular in the open source community. Less than 18 months after the creation of the Ansible open source project, Ansilbe was founded and received six million dollars in Series A investment. The company has become the number one contributor and supporter of the Ansible open source project, and has maintained it. In October 2015, Red Hat acquired Ansible.
But what exactly is Ansible?
Ansible is a super simple automation platform that requires no agents and is scalable.
Let's get a deeper understanding of its details and take a look at the attributes that make Ansible widely recognized in the industry.
simple
One of Ansible's attractive attributes is that you don't need specific programming skills to use it. All instructions, or tasks, are automated and documented in a standard, human-readable data format that anyone can understand. It is not uncommon to complete installation and automation tasks within 30 minutes!
For example, the following task from an Ansible playbook is used to ensure that a VLAN exists in a Cisco Nexus switch:
-nxos_vlan: vlan_id = 100 name = web_vlan
You don't need to be familiar with or write any code to clearly see what it will do!
note:
The second half of this report deals with the details of Ansible terminology (playbook, play, task, module, etc.). When we use Ansible for network automation, we will have some short examples when mentioning these key concepts.
Agentless
If you have looked at other tools on the market, such as Puppet and Chef, you will find that in general, they require that each automated device must have specific software installed. This situation is not necessary on Ansible, which is why Ansible is the main reason for network automation.
It's easy to understand that those IT automation tools, including Puppet, Chef, CFEngine, SaltStack, and Ansible, were originally built to configure and host Linux hosts for management and automation to keep pace with the growth of deployed applications. Because Linux systems are configured to be automated, installing agents is not a technical problem. If anything, it will only delay the installation process, because there are now more than N (you want to automate) hosts need to deploy software on them.
Plus, when using proxies, the DNS and NTP configurations they require are more complicated. These are all services already configured in most environments, but when you want to quickly acquire something or simply want to test what it can do, it will greatly delay the entire setup and installation process.
Since this report is just to introduce the use of Ansible for network automation, we wish to point out that Ansible, as an agentless platform, is more attractive to network administrators than system administrators. Why is this?
As mentioned earlier, it is very attractive to network administrators. The Linux operating system is open source, and anything can be installed on it. This is not true for the Internet, although it is gradually changing. If we deploy a network operating system more widely, such as Cisco IOS, it is such an example, and ask a question, "Can third-party software be deployed on IOS (LCTT translation: IOS here refers to Cisco's Network operating system IOS)? "No doubt, its answer is NO.
In the past two decades, almost all network operating systems have been closed-source and have been vertically integrated into the underlying network hardware. Without vendor support, loading a proxy into a network device (router, switch, load balancing, firewall, etc.) is not so easy. There is an automation platform like Ansible that builds an agentless and extensible automation platform from scratch, just like it was customized specifically for the network industry. We will eventually begin to reduce and eliminate human interaction with the network.