Discusses the networking community and how they approach automation - current challenges/opportunities Learn about the "Netdev" Puppet module initiative; a "standard library" of resource types for networking equipment - current and future ideas. Speaker Jeremy Schulman Global Solutions Architect, Infrastructure Automation, Juniper Networks Jeremy is a 20 year veteran in the networking industry and has been with Juniper Networks for over five year. He holds a BSCS from Georgia Tech and began his career as an embedded software engineer building network infrastructure. After 12 years in software, Jeremy transitioned into a technical sales role as a network solutions architect. In 2012 Jeremy's focus turned exclusively to Infrastructure Automation. Jeremy now directs field awareness and DevOp initiatives integrating Junos with IT automation frameworks. He was responsible for the initial development of Puppet for Junos, and he is the maintainer of the Ruby NETCONF gem.

1. Copyright © 2013 Juniper Networks, Inc. www.juniper.netCopyright © 2013 Juniper Networks, Inc. www.juniper.net
PUPPET AND NETWORKING
Jeremy Schulman - Director | Automation Concept Engineering
@nwkautomaniac
jschulman@juniper.net

2. Copyright © 2013 Juniper Networks, Inc. www.juniper.net

3. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
WHY DID WE DO IT?

4. Copyright © 2013 Juniper Networks, Inc. www.juniper.net

5. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Device running Junos OS
Puppet Netdev modules
Ruby Gems
Ruby Interpreter
XML
Puppet Agent
(client)
Puppet Master
(server)
netdev
jpuppet
package
PUPPET FOR JUNOS
(FreeBSD)

6. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
JUNOS XML API
ON-BOX AND OFF-BOX AUTOMATION
Secure TCP/IP
connections via
SSHv2 (RFC4742)
XML
NETCONF XML
PROTOCOL
(RFC4741)
SwitchingSecurity Routing
Management System
Automate config changes,
remote invocation of
operational commands,
collection of logs
 Secure and connection oriented … SSHv2 as transport
 Structured and transaction based … XML as RPC request / response
 User-class privilege aware … Native to Junos
 Comprehensive & Consistent ... Automate everything
NETCONF client libraries
exist for a number of
programming languages such
as Java, Perl, Ruby, Python,
and even SLAX !

7. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
PUPPET "NETDEV" MODULE
Netdev is a vendor-neutral network abstraction
framework developed by Juniper Networks and
contributed freely to the DevOps community
Juniper has contributed basic layer-1 and layer-2
network abstractions
DevOps can extend the framework to define any
abstractions or features they need for their environment
The Netdev framework is open and free; i.e. the
“DevOps” way

8. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
PUPPET FOR JUNOS
“DevOps” Approach:
 Netdev module source code is in Github
 All packages are stored where they should be
(Puppet Forge,…)
 Support done on J-Net community forum
 Juniper technical documentation available
 Free, “BSD-style” license

9. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV
RESOURCES TYPES
Resource Description
netdev_vlan Manages VLAN configuration
netdev_interface Manages Physical Interface configuration
netdev_l2_interface Manages VLAN to interface assignments
netdev_lag Manages Link Aggregation Group configuration
class switch_template {
netdev_vlan { "Pink": vlan_id => 703 }
netdev_vlan { "Green": vlan_id => 101 }
netdev_l2_interface { 'ge-0/0/19':
untagged_vlan => Pink,
}
netdev_l2_interface { 'ge-0/0/20':
description => "My port, back off!",
untagged_vlan => Blue,
tagged_vlans => [ Green, Black, Yellow ],
}
}

10. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_VLAN
MANAGE VLANS
Property Description
name The name of the VLAN, e.g. “Blue”
vlan_id The VLAN tag-ID value [ 1 .. 4095 ]
description The VLAN description. If one is not provided, then it will
default to:
Puppet created VLAN: <name>: <vlan-id>
VLANs are assigned to ports using the netdev_l2_interface resource

11. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_INTERFACE
MANAGE PHYSICAL INTERFACES
Property Description
name The name of the interface, e.g. “ge-0/0/0”
description Assigns the description value to the interface, defaults to:
Puppet created interface: <name>
admin Configures the administrative state, defaults to up:
up, down
mtu Configures the interface MTU value
speed Defaults to auto, Forces the link speed:
10m, 100m, 1g, 10g, auto
duplex Defaults to auto
Forces the link duplex:
full, half, auto

12. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_L2_INTERFACE
MANAGE ASSIGNMENT OF VLANS TO SWITCH PORTS
Property Description
name The name of the interface, e.g. “ge-0/0/0”, note: does *not*
include the unit number
description Assigns the description value to the interface, defaults to:
Puppet created eth-switch: <name>
untagged_vlan VLAN name for untagged packets. If the port is also processing
tagged packets, then this VLAN is the "native VLAN"
tagged_vlans VLAN names for tagged packets. This could be a single value, or an
array of values. When this property is set, vlan_tagging
property defaults to enable
vlan_tagging Normally not used ... automatic by Puppet
disable (default) - port is in access mode, tagged packets discarded
enable - port is in trunk mode, tagged packets processed
Automatically set to enable if tagged_vlans is also set

13. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_LAG
MANAGE LINK AGGREGATION GROUPS
Property Description
name The name of the interface, e.g. “ae0”
links A list of physical interfaces that makes up the LAG bundle
lacp Controls if and how the Link Aggregation Control Protocol (LACP) is
used.
disabled (default) – LACP is not used
active – LACP is in the active mode
passive – LACP is in the passive mode
minimum_links The number of physical links that must be in the “up” condition to
declare the LAG port in the “up” condition. By default this value is
not set and there is no minimum link requirement

14. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
AUTOMATION IS LIKE EATING ICE CREAM
• Everyone want it
• Everyone wants something different
• No-one wants to make it
• No-one wants to clean up the mess

15. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
HOW DO YOU EAT ICE CREAM?
Banana Split
at Baskin Robins
Self Service
Frozen Yogurt
The Grocery Store DIY with
Kitchen-Aid

16. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
FRICTIONLESS IT AUTOMATION
 Return on Investment
 Increase revenue throughput
 Reduce costs to manually do repetitive work
 Reduce costs due to delays and errors
 Reduce Risk
 Manually operated complex systems are fragile
 Improve Service
 Network infrastructure is a "utility" that runs the business
 Server and application automation is the standard
 Network automation must "level-up"

17. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Nodal
Automation
( Puppet, Chef )
Ad-Hoc
Scripting
( Bash, Perl )
IT Workflow
Orchestration
Business
Workflow
Orchestration
JNCIA
Associate
JNCIS
Specialist
JNCIP
Professional
JNCIE
Expert
IT
Network
Value is a function of
automation programming
and system integration that
drives the business
Value is a function of
mastering vendor CLI
and networking domain
knowledge

18. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
SERVER WORLD
Device running Linux
Linux Kernel
Fedora Distribution
Applications Applications
Applications Applications
Middleware
Middleware
Middleware
Middleware
Discrete collections of
package / files / service
More discrete
collections of package /
files / service

19. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETWORKING WORLD
Device running Junos
Junos Image
Initial Configuration
Service Service
Service Service
Discrete collections of
configuration statement
More discrete collections of
configuration statement

20. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
OPPORTUNITIES FOR NETWORK AUTOMATION
Device running Junos
Junos Image
Initial Configuration
Service Service
Service Service
BUILD
HOUSE
CHANGE
HOUSE

21. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
LEARN MORE ABOUT PUPPET FOR JUNOS

22. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
THANK YOU !

23. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_L2_INTERFACE
ACCESS PORT EXAMPLE - EX PLATFORMS
node "ex4" {
netdev_device { $hostname: }
netdev_l2_interface { "ge-0/0/9":
untagged_vlan => Green
}
}
interfaces {
ge-0/0/9 {
unit 0 {
description "Puppet created netdev_l2_interface : ge-0/0/9"
family ethernet-switching {
port-mode access;
vlan {
members Green;
}
}
}
}
}

24. Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NETDEV_L2_INTERFACE
ACCESS PORT EXAMPLE - MX PLATFORMS
node "mx12" {
netdev_device { $hostname: }
netdev_l2_interface { "ge-5/0/3":
untagged_vlan => Green
}
}
interfaces {
ge-5/0/3
unit 0 {
description "Puppet created netdev_l2_interface: ge-5/0/3";
family bridge {
interface-mode access;
vlan-id 101;
}
}
}
}