DevOps workflow for networking

Saku Ytti saku at ytti.fi
Fri Aug 11 20:45:56 UTC 2017


On 11 August 2017 at 19:34, Leo Bicknell <bicknell at ufp.org> wrote:

Hey,

> For a lot of the devices with a Cisco-IOS like interface it's not even
> hard.  Generate a code snippet:
>
> config terminal
> interface e0
> description bar
> end
> write mem
>
> Then tftp the config to a server, have the script see e0 has description
> bar.

To me there are two fundamentally different ways to do this
  1) consider world dynamic, incrementally change it
  2) consider world static, generate it from scratch


The first one, is like managing servers with puppet/chef/ansible, you
ask it to run some set of commands when you decide you want to turn up
new service.
The second one, is like using docker, if you want to change it, you
build new full container, and swap it to the network.

The benefit of second one is, that there is absolute guarantee of the
state of the device immediately after the change has been made. The
first one assumes there is known state in the system, when incremental
change is pushed.

I am great proponent of the second way of doing things. Mainly because:
   a) I find it trivial to generate full config from database, where
as figuring how to go from A to B I find complicated (i.e. error
prone) to do
   b) 2nd mandates that only system is managing the device, because if
someone does login and does do something out-of-system, it will go
away on next change - I think this is large advantage
   c) I do not need to try to prove system state is currently correct
by implementing more and more tests towards figuring out state,
instead I prove system state by setting all of it



Downside of the 2nd method is, that it requires device which supports
replacing whole config, classic IOS(-XE) and SR-OS today do not.
JunOS, IOS-XR, EOS (Both compass and arista) and VRP do. SR-OS is
making strides towards solving this. IOS-XE I'm hoping but not holding
breath.


-- 
  ++ytti



More information about the NANOG mailing list