SlideShare une entreprise Scribd logo

Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)

Puppet
Puppet

Peter Sprygada, Arista

Logiciels
1  sur  17
Télécharger pour lire hors ligne
Network Automa-on with Puppet
Why? • Opera-ons Agility – Change management in networks is hard – Lots of moving parts to consider • Service Velocity – Timeframes for CRUD ac-vity unacceptable • Configura-on Consistency – Number 1 reason for network outages – History has taught us to fear external systems
! device: $HostnameSpine1 (DCS-­‐7508, /$Cer-fiedCode) ! ! boot system flash:/$Cer-fiedCode ! queue-­‐monitor length ! logging buffered 10000 no logging console logging vrf MGMT host $SyslogHostAddress logging vrf MGMT host $SyslogHostAddress logging vrf MGMT source-­‐interface Management1/1 logging format -mestamp high-­‐resolu-on logging facility local6 ! hostname $HostnameSpine1 ip name-­‐server $DNSHostAddress ip name-­‐server $DNSHostAddress ip domain-­‐name $CompanyDomainName ! ntp source Management1/1 ntp server vrf MGMT $NTPHostAddress1 prefer ntp server vrf MGMT $NTPHostAddress2 ! snmp-­‐server contact "$SNMPcontact" snmp-­‐server loca-on $bldg/$floor/$room/$rack no snmp-­‐server vrf main snmp-­‐server vrf MGMT snmp-­‐server source-­‐interface Management1/1 snmp-­‐server community $SNMPCommunity ro SNMP-­‐RO-­‐ ACL snmp-­‐server community $SNMPCommunity rw SNMP-­‐RW-­‐ ACL snmp-­‐server host $SNMPHostAddress traps version 2c $SNMPcommunity snmp-­‐server enable traps en-ty snmp-­‐server enable traps lldp snmp-­‐server enable traps snmp ! tacacs-­‐server key $TacacsServerKey tacacs-­‐server host $TacacsServerAddress vrf MGMT ip tacacs source-­‐interface Management1/1 ! spanning-­‐tree mode mstp ! aaa authen-ca-on login default group tacacs+ local aaa authen-ca-on enable default group tacacs+ local aaa authoriza-on console aaa authoriza-on exec default group tacacs+ none aaa authoriza-on commands 1,15 default group tacacs+ none aaa accoun-ng exec default start-­‐stop group tacacs+ aaa accoun-ng commands 15 default start-­‐stop group tacacs + ! no aaa root vrf defini-on MGMT rd $SpineAS01 ! Vlan 999 state suspend name UNUSED-­‐PORTS i Interface Ethernet$ModNumber/$SubModNumber/1-­‐ $HighestPortNumber switchport mode access switchport access vlan 999 shut ! Interface Ethernet3/1/1 descrip-on -­‐ P2P Link to LEAF switch-­‐1 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet3/1/2 descrip-on -­‐ P2P Link to LEAF switch-­‐2 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet4/1/1 descrip-on -­‐ P2P Link to LEAF switch-­‐1 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet4/1/2 descrip-on -­‐ P2P Link to LEAF switch-­‐2 speed forced 40gfull logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! interface Loopback0 descrip-on Router-­‐ID ip address $IPAddress/32 ! interface Management1 no snmp trap link-­‐status vrf forwarding MGMT ip address $MGMTIPAddress/$MGMTSubnetMask ! ip route vrf MGMT 0.0.0.0/0 $GatewayOfLastResortAddress ! ip rou-ng no ip rou-ng vrf MGMT ! ip mul-cast-­‐rou-ng ! ip prefix-­‐list PREFIX-­‐LIST-­‐IN seq 10 permit $Prefix/ $PrefixLength ! route-­‐map ROUTE-­‐MAP-­‐IN permit 10 match ip address prefix-­‐list PREFIX-­‐LIST-­‐IN ! ip prefix-­‐list PREFIX-­‐LIST-­‐OUT seq 10 permit $Prefix/ $PrefixLength ! route-­‐map ROUTE-­‐MAP-­‐OUT permit 10 match ip address prefix-­‐list PREFIX-­‐LIST-­‐OUT ! router bgp $SpineAS router-­‐id <Loopback0_Address> bgp log-­‐neighbor-­‐changes distance bgp 20 200 200 maximum-­‐paths 64 neighbor EBGP-­‐TO-­‐LEAF-­‐PEER peer-­‐group neighbor EBGP-­‐TO-­‐LEAF-­‐PEER password $Password neighbor EBGP-­‐TO-­‐LEAF-­‐PEER remote-­‐as $LeafAS neighbor EBGP-­‐TO-­‐LEAF-­‐PEER send-­‐community neighbor EBGP-­‐TO-­‐LEAF-­‐PEER fall-­‐over bfd neighbor EBGP-­‐TO-­‐LEAF-­‐PEER next-­‐hop-­‐self neighbor EBGP-­‐TO-­‐LEAF-­‐PEER route-­‐map ROUTE-­‐MAP-­‐IN in neighbor EBGP-­‐TO-­‐LEAF-­‐PEER route-­‐map ROUTE-­‐MAP-­‐OUT out neighbor EBGP-­‐TO-­‐LEAF-­‐PEER maximum-­‐routes 25000 neighbor $Leaf1IPAddress peer-­‐group EBGP-­‐TO-­‐LEAF-­‐PEER neighbor $Leaf2IPAddress peer-­‐group EBGP-­‐TO-­‐LEAF-­‐PEER ! banner login This system is privately owned and operated. Access to this system is restricted to authorized users only. Criminal and civil laws prohibit unauthorized use. Violators will be prosecuted. You must disconnect immediately if you are not an authorized user. EOF ! management console idle-­‐-meout 15 ! management ssh idle-­‐-meout 15 ! ! …
! device: $HostnameSpine1 (DCS-­‐7508, /$Cer-fiedCode) ! ! boot system flash:/$Cer-fiedCode ! queue-­‐monitor length ! logging buffered 10000 no logging console logging vrf MGMT host $SyslogHostAddress logging vrf MGMT host $SyslogHostAddress logging vrf MGMT source-­‐interface Management1/1 logging format -mestamp high-­‐resolu-on logging facility local6 ! hostname $HostnameSpine1 ip name-­‐server $DNSHostAddress ip name-­‐server $DNSHostAddress ip domain-­‐name $CompanyDomainName ! ntp source Management1/1 ntp server vrf MGMT $NTPHostAddress1 prefer ntp server vrf MGMT $NTPHostAddress2 ! snmp-­‐server contact "$SNMPcontact" snmp-­‐server loca-on $bldg/$floor/$room/$rack no snmp-­‐server vrf main snmp-­‐server vrf MGMT snmp-­‐server source-­‐interface Management1/1 snmp-­‐server community $SNMPCommunity ro SNMP-­‐RO-­‐ ACL snmp-­‐server community $SNMPCommunity rw SNMP-­‐RW-­‐ ACL snmp-­‐server host $SNMPHostAddress traps version 2c $SNMPcommunity snmp-­‐server enable traps en-ty snmp-­‐server enable traps lldp snmp-­‐server enable traps snmp ! tacacs-­‐server key $TacacsServerKey tacacs-­‐server host $TacacsServerAddress vrf MGMT ip tacacs source-­‐interface Management1/1 ! spanning-­‐tree mode mstp ! aaa authen-ca-on login default group tacacs+ local aaa authen-ca-on enable default group tacacs+ local aaa authoriza-on console aaa authoriza-on exec default group tacacs+ none aaa authoriza-on commands 1,15 default group tacacs+ none aaa accoun-ng exec default start-­‐stop group tacacs+ aaa accoun-ng commands 15 default start-­‐stop group tacacs + ! no aaa root vrf defini-on MGMT rd $SpineAS01 ! Vlan 999 state suspend name UNUSED-­‐PORTS i Interface Ethernet$ModNumber/$SubModNumber/1-­‐ $HighestPortNumber switchport mode access switchport access vlan 999 shut ! Interface Ethernet3/1/1 descrip-on -­‐ P2P Link to LEAF switch-­‐1 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet3/1/2 descrip-on -­‐ P2P Link to LEAF switch-­‐2 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet4/1/1 descrip-on -­‐ P2P Link to LEAF switch-­‐1 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet4/1/2 descrip-on -­‐ P2P Link to LEAF switch-­‐2 speed forced 40gfull logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! interface Loopback0 descrip-on Router-­‐ID ip address $IPAddress/32 ! interface Management1 no snmp trap link-­‐status vrf forwarding MGMT ip address $MGMTIPAddress/$MGMTSubnetMask ! ip route vrf MGMT 0.0.0.0/0 $GatewayOfLastResortAddress ! ip rou-ng no ip rou-ng vrf MGMT ! ip mul-cast-­‐rou-ng ! ip prefix-­‐list PREFIX-­‐LIST-­‐IN seq 10 permit $Prefix/ $PrefixLength ! route-­‐map ROUTE-­‐MAP-­‐IN permit 10 match ip address prefix-­‐list PREFIX-­‐LIST-­‐IN ! ip prefix-­‐list PREFIX-­‐LIST-­‐OUT seq 10 permit $Prefix/ $PrefixLength ! route-­‐map ROUTE-­‐MAP-­‐OUT permit 10 match ip address prefix-­‐list PREFIX-­‐LIST-­‐OUT ! router bgp $SpineAS router-­‐id <Loopback0_Address> bgp log-­‐neighbor-­‐changes distance bgp 20 200 200 maximum-­‐paths 64 neighbor EBGP-­‐TO-­‐LEAF-­‐PEER peer-­‐group neighbor EBGP-­‐TO-­‐LEAF-­‐PEER password $Password neighbor EBGP-­‐TO-­‐LEAF-­‐PEER remote-­‐as $LeafAS neighbor EBGP-­‐TO-­‐LEAF-­‐PEER send-­‐community neighbor EBGP-­‐TO-­‐LEAF-­‐PEER fall-­‐over bfd neighbor EBGP-­‐TO-­‐LEAF-­‐PEER next-­‐hop-­‐self neighbor EBGP-­‐TO-­‐LEAF-­‐PEER route-­‐map ROUTE-­‐MAP-­‐IN in neighbor EBGP-­‐TO-­‐LEAF-­‐PEER route-­‐map ROUTE-­‐MAP-­‐OUT out neighbor EBGP-­‐TO-­‐LEAF-­‐PEER maximum-­‐routes 25000 neighbor $Leaf1IPAddress peer-­‐group EBGP-­‐TO-­‐LEAF-­‐PEER neighbor $Leaf2IPAddress peer-­‐group EBGP-­‐TO-­‐LEAF-­‐PEER ! banner login This system is privately owned and operated. Access to this system is restricted to authorized users only. Criminal and civil laws prohibit unauthorized use. Violators will be prosecuted. You must disconnect immediately if you are not an authorized user. EOF ! management console idle-­‐-meout 15 ! management ssh idle-­‐-meout 15 ! ! …
Puppet NetDev Module NetDev is a vendor-­‐neutral network abstrac-on framework contributed freely to the Puppet community Basic layer-1 and layer-2 network abstractions Can extend the framework to define any abstractions or features needed for an environment The NetDev framework is open and free and accessible via Puppet Forge with implementations available for Arista, Juniper, Mellanox, Cumulus
Ready class puppet_switch_ports { case $osfamily { JUNOS: { $db_port = "ge-­‐0/0/0" $web_port = "ge-­‐0/0/1" $uplink_lag = "ae0" $uplink_lag_ports = [ 'ge-­‐0/0/2', 'ge-­‐0/0/3' ] } EOS: { $db_port = "Ethernet1" $web_port = "Ethernet2" $uplink_lag = "Port-­‐Channel1" $uplink_lag_ports = [ 'Ethernet3', 'Ethernet4' ] } } $all_ports = [ $db_port, $web_port, $uplink_lag_ports ] }
Set class puppet_switch_demo { netdev_device { $hostname: } include puppet_switch_ports $vlans = loadyaml( "$DATADIR/vlans.yaml" ) create_resources( netdev_vlan, $vlans ) netdev_interface { $puppet_switch_ports::all_ports: admin => up } netdev_l2_interface { $puppet_switch_ports::db_port: untagged_vlan => Blue } netdev_l2_interface{ $puppet_switch_ports::web_port: untagged_vlan => Green } netdev_l2_interface { $puppet_switch_ports::uplink_lag_ports: ensure => absent }-­‐> netdev_lag { $puppet_switch_ports::uplink_lag: links => $puppet_switch_ports::uplink_lag_ports }-­‐> netdev_l2_interface { $puppet_switch_ports::uplink_lag: tagged_vlans => keys( $vlans ) } }
Automate! node "veos01.stormcontrol.net" { include puppet_switch_demo } node "ex4200.stormcontrol.net" { include puppet_switch_demo }
How to take netdev to the next phase? You want to run what on my network device? Devops + NetOps != <3 I have 99 problems and no time for this discussion
Lets just teach every netops person to be a developer… problem solved!
Breaking down the configura-on into construc-ble blocks…. STP MLAG VRRP OSPF VLAN L2 Interface (access, trunk) Logical Interface (LAG) Physical Interface L3 interface (ipv4, ipv6)
Paqerns start to emerge… interface lag l2_interface interface ip_interface vrrp_interface ospf_instance ospf_area ospf_interface
Hmm, come to think of it… interface interface ethernet1/1 descrip-on webservers no shutdown ip_interface vrrp_interface interface ethernet1/1 no switchport ip address 10.10.4.1/24 interface ethernet1/1 vrrp 10 priority 200 vrrp 10 -mers adver-se 3 vrrp 10 ip 10.10.4.10 exit Isn’t the CLI just like a DSL?
Start small and expand the sphere of influence automa-on Services / Applica9ons Logical Interfaces Physical Interfaces VLANS
Feelin the love What’s taking so long to upgrade to Enterprise? Devops + NetOps = <3 I have 99 problems but automating my network isn’t one of them
Automation with Puppet and EOS Automation with Puppet and EOS Standard Binaries Native Enterprise Integration Orchestrate Arista EOS or Linux OS resource automation Custom Facter integration for collecting state information Leverage Arista AEM for responsive automation to state changes Arista EOS Provider eAPI Gems Ruby Sysdb Linux Kernel Arista EOS Types Netdev Types Resource Abstraction Enterprise Community Puppet Master
Call to ac-on • Great first step! • Much more work to do • Get Involved!! – We cannot model the network without your help

Recommandé

Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...
Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...
Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...Cisco Canada
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationHamed Moghaddam
 
Cisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationCisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationHamed Moghaddam
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationHamed Moghaddam
 
Practice Lab CSC
Practice Lab CSCPractice Lab CSC
Practice Lab CSCSalachudin Emir
 
Mpls Presentation Ine
Mpls Presentation IneMpls Presentation Ine
Mpls Presentation IneAlp isik
 
Service Provider Networks and Frame Relay
Service Provider Networks and Frame RelayService Provider Networks and Frame Relay
Service Provider Networks and Frame RelayTharindu Sankalpa
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 

Recommandé

Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...
Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...
Introduction to Network Performance Measurement with Cisco IOS IP Service Lev...Cisco Canada
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationHamed Moghaddam
 
Cisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationCisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationHamed Moghaddam
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationHamed Moghaddam
 
Practice Lab CSC
Practice Lab CSCPractice Lab CSC
Practice Lab CSCSalachudin Emir
 
Mpls Presentation Ine
Mpls Presentation IneMpls Presentation Ine
Mpls Presentation IneAlp isik
 
Service Provider Networks and Frame Relay
Service Provider Networks and Frame RelayService Provider Networks and Frame Relay
Service Provider Networks and Frame RelayTharindu Sankalpa
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성Woo Hyung Choi
 
Juniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationJuniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationHamed Moghaddam
 
Network Jumbo Frame Config Guide
Network Jumbo Frame Config GuideNetwork Jumbo Frame Config Guide
Network Jumbo Frame Config GuideWoo Hyung Choi
 
OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6Shixiong Shang
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6Shixiong Shang
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Kentaro Ebisawa
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab GuideSalachudin Emir
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux FirewallMarian Marinov
 
Ccnpswitch
CcnpswitchCcnpswitch
CcnpswitchSiddhartha Rajbhatt
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드Woo Hyung Choi
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config GuideWoo Hyung Choi
 
CDP Indicator
CDP IndicatorCDP Indicator
CDP Indicatornpsg
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notesKrunal Shah
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개Woo Hyung Choi
 
Ipv6
Ipv6Ipv6
Ipv6Alp isik
 
Complete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac bindingComplete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac bindingChanaka Lasantha
 
Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCisco Russia
 
Triển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponTriển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponlaonap166
 
Introduction to cloudforecast
Introduction to cloudforecastIntroduction to cloudforecast
Introduction to cloudforecastMasahiro Nagano
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Андрей Шорин
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Ontico
 

Contenu connexe

Tendances

Juniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationJuniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationHamed Moghaddam
 
Network Jumbo Frame Config Guide
Network Jumbo Frame Config GuideNetwork Jumbo Frame Config Guide
Network Jumbo Frame Config GuideWoo Hyung Choi
 
OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6Shixiong Shang
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6Shixiong Shang
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Kentaro Ebisawa
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux FirewallMarian Marinov
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드Woo Hyung Choi
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config GuideWoo Hyung Choi
 
CDP Indicator
CDP IndicatorCDP Indicator
CDP Indicatornpsg
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개Woo Hyung Choi
 
Complete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac bindingComplete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac bindingChanaka Lasantha
 

Tendances (17)

ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
 
Juniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationJuniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route Configuration
 
Network Jumbo Frame Config Guide
Network Jumbo Frame Config GuideNetwork Jumbo Frame Config Guide
Network Jumbo Frame Config Guide
 
OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewall
 
Ccnpswitch
CcnpswitchCcnpswitch
Ccnpswitch
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configuration
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config Guide
 
CDP Indicator
CDP IndicatorCDP Indicator
CDP Indicator
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개
 
Ipv6
Ipv6Ipv6
Ipv6
 
Complete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac bindingComplete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac binding
 

Similaire à Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)

Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCisco Russia
 
Triển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponTriển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponlaonap166
 
Introduction to cloudforecast
Introduction to cloudforecastIntroduction to cloudforecast
Introduction to cloudforecastMasahiro Nagano
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Андрей Шорин
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Ontico
 
Athenticated smaba server config with open vpn
Athenticated smaba server config with open vpnAthenticated smaba server config with open vpn
Athenticated smaba server config with open vpnChanaka Lasantha
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1n|u - The Open Security Community
 
Network Automation (Bay Area Juniper Networks Meetup)
Network Automation (Bay Area Juniper Networks Meetup)Network Automation (Bay Area Juniper Networks Meetup)
Network Automation (Bay Area Juniper Networks Meetup)Alejandro Salinas
 
Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6
Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6
Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6OJavierMParra
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
Using routing domains / routing tables in a production network by Peter Hessler
Using routing domains / routing tables in a production network by Peter HesslerUsing routing domains / routing tables in a production network by Peter Hessler
Using routing domains / routing tables in a production network by Peter Hesslereurobsdcon
 
PLNOG 7: Rafał Szarecki - MPLS in an advanced version
PLNOG 7: Rafał Szarecki - MPLS in an advanced versionPLNOG 7: Rafał Szarecki - MPLS in an advanced version
PLNOG 7: Rafał Szarecki - MPLS in an advanced versionPROIDEA
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeFaelix Ltd
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands OverviewMuhammed Niyas
 

Similaire à Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) (20)

Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your Network
 
Triển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponTriển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gpon
 
Introduction to cloudforecast
Introduction to cloudforecastIntroduction to cloudforecast
Introduction to cloudforecast
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
 
Athenticated smaba server config with open vpn
Athenticated smaba server config with open vpnAthenticated smaba server config with open vpn
Athenticated smaba server config with open vpn
 
Services
ServicesServices
Services
 
הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1
 
Network Automation (Bay Area Juniper Networks Meetup)
Network Automation (Bay Area Juniper Networks Meetup)Network Automation (Bay Area Juniper Networks Meetup)
Network Automation (Bay Area Juniper Networks Meetup)
 
Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6
Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6
Solucion-OSPF Troubleshooting-aplicando protocolo ipv4 y ipv6
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Using routing domains / routing tables in a production network by Peter Hessler
Using routing domains / routing tables in a production network by Peter HesslerUsing routing domains / routing tables in a production network by Peter Hessler
Using routing domains / routing tables in a production network by Peter Hessler
 
Prezentacja zimowisko 2014
Prezentacja zimowisko 2014Prezentacja zimowisko 2014
Prezentacja zimowisko 2014
 
PLNOG 7: Rafał Szarecki - MPLS in an advanced version
PLNOG 7: Rafał Szarecki - MPLS in an advanced versionPLNOG 7: Rafał Szarecki - MPLS in an advanced version
PLNOG 7: Rafał Szarecki - MPLS in an advanced version
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
 
Configure Switch Nortel 8600
Configure Switch Nortel 8600Configure Switch Nortel 8600
Configure Switch Nortel 8600
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
arquitectura_dc.pdf
arquitectura_dc.pdfarquitectura_dc.pdf
arquitectura_dc.pdf
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands Overview
 

Plus de Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

Plus de Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Dernier

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 

Dernier (20)

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 

Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)

  • 2. Why? • Opera-ons Agility – Change management in networks is hard – Lots of moving parts to consider • Service Velocity – Timeframes for CRUD ac-vity unacceptable • Configura-on Consistency – Number 1 reason for network outages – History has taught us to fear external systems
  • 3. ! device: $HostnameSpine1 (DCS-­‐7508, /$Cer-fiedCode) ! ! boot system flash:/$Cer-fiedCode ! queue-­‐monitor length ! logging buffered 10000 no logging console logging vrf MGMT host $SyslogHostAddress logging vrf MGMT host $SyslogHostAddress logging vrf MGMT source-­‐interface Management1/1 logging format -mestamp high-­‐resolu-on logging facility local6 ! hostname $HostnameSpine1 ip name-­‐server $DNSHostAddress ip name-­‐server $DNSHostAddress ip domain-­‐name $CompanyDomainName ! ntp source Management1/1 ntp server vrf MGMT $NTPHostAddress1 prefer ntp server vrf MGMT $NTPHostAddress2 ! snmp-­‐server contact "$SNMPcontact" snmp-­‐server loca-on $bldg/$floor/$room/$rack no snmp-­‐server vrf main snmp-­‐server vrf MGMT snmp-­‐server source-­‐interface Management1/1 snmp-­‐server community $SNMPCommunity ro SNMP-­‐RO-­‐ ACL snmp-­‐server community $SNMPCommunity rw SNMP-­‐RW-­‐ ACL snmp-­‐server host $SNMPHostAddress traps version 2c $SNMPcommunity snmp-­‐server enable traps en-ty snmp-­‐server enable traps lldp snmp-­‐server enable traps snmp ! tacacs-­‐server key $TacacsServerKey tacacs-­‐server host $TacacsServerAddress vrf MGMT ip tacacs source-­‐interface Management1/1 ! spanning-­‐tree mode mstp ! aaa authen-ca-on login default group tacacs+ local aaa authen-ca-on enable default group tacacs+ local aaa authoriza-on console aaa authoriza-on exec default group tacacs+ none aaa authoriza-on commands 1,15 default group tacacs+ none aaa accoun-ng exec default start-­‐stop group tacacs+ aaa accoun-ng commands 15 default start-­‐stop group tacacs + ! no aaa root vrf defini-on MGMT rd $SpineAS01 ! Vlan 999 state suspend name UNUSED-­‐PORTS i Interface Ethernet$ModNumber/$SubModNumber/1-­‐ $HighestPortNumber switchport mode access switchport access vlan 999 shut ! Interface Ethernet3/1/1 descrip-on -­‐ P2P Link to LEAF switch-­‐1 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet3/1/2 descrip-on -­‐ P2P Link to LEAF switch-­‐2 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet4/1/1 descrip-on -­‐ P2P Link to LEAF switch-­‐1 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet4/1/2 descrip-on -­‐ P2P Link to LEAF switch-­‐2 speed forced 40gfull logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! interface Loopback0 descrip-on Router-­‐ID ip address $IPAddress/32 ! interface Management1 no snmp trap link-­‐status vrf forwarding MGMT ip address $MGMTIPAddress/$MGMTSubnetMask ! ip route vrf MGMT 0.0.0.0/0 $GatewayOfLastResortAddress ! ip rou-ng no ip rou-ng vrf MGMT ! ip mul-cast-­‐rou-ng ! ip prefix-­‐list PREFIX-­‐LIST-­‐IN seq 10 permit $Prefix/ $PrefixLength ! route-­‐map ROUTE-­‐MAP-­‐IN permit 10 match ip address prefix-­‐list PREFIX-­‐LIST-­‐IN ! ip prefix-­‐list PREFIX-­‐LIST-­‐OUT seq 10 permit $Prefix/ $PrefixLength ! route-­‐map ROUTE-­‐MAP-­‐OUT permit 10 match ip address prefix-­‐list PREFIX-­‐LIST-­‐OUT ! router bgp $SpineAS router-­‐id <Loopback0_Address> bgp log-­‐neighbor-­‐changes distance bgp 20 200 200 maximum-­‐paths 64 neighbor EBGP-­‐TO-­‐LEAF-­‐PEER peer-­‐group neighbor EBGP-­‐TO-­‐LEAF-­‐PEER password $Password neighbor EBGP-­‐TO-­‐LEAF-­‐PEER remote-­‐as $LeafAS neighbor EBGP-­‐TO-­‐LEAF-­‐PEER send-­‐community neighbor EBGP-­‐TO-­‐LEAF-­‐PEER fall-­‐over bfd neighbor EBGP-­‐TO-­‐LEAF-­‐PEER next-­‐hop-­‐self neighbor EBGP-­‐TO-­‐LEAF-­‐PEER route-­‐map ROUTE-­‐MAP-­‐IN in neighbor EBGP-­‐TO-­‐LEAF-­‐PEER route-­‐map ROUTE-­‐MAP-­‐OUT out neighbor EBGP-­‐TO-­‐LEAF-­‐PEER maximum-­‐routes 25000 neighbor $Leaf1IPAddress peer-­‐group EBGP-­‐TO-­‐LEAF-­‐PEER neighbor $Leaf2IPAddress peer-­‐group EBGP-­‐TO-­‐LEAF-­‐PEER ! banner login This system is privately owned and operated. Access to this system is restricted to authorized users only. Criminal and civil laws prohibit unauthorized use. Violators will be prosecuted. You must disconnect immediately if you are not an authorized user. EOF ! management console idle-­‐-meout 15 ! management ssh idle-­‐-meout 15 ! ! …
  • 4. ! device: $HostnameSpine1 (DCS-­‐7508, /$Cer-fiedCode) ! ! boot system flash:/$Cer-fiedCode ! queue-­‐monitor length ! logging buffered 10000 no logging console logging vrf MGMT host $SyslogHostAddress logging vrf MGMT host $SyslogHostAddress logging vrf MGMT source-­‐interface Management1/1 logging format -mestamp high-­‐resolu-on logging facility local6 ! hostname $HostnameSpine1 ip name-­‐server $DNSHostAddress ip name-­‐server $DNSHostAddress ip domain-­‐name $CompanyDomainName ! ntp source Management1/1 ntp server vrf MGMT $NTPHostAddress1 prefer ntp server vrf MGMT $NTPHostAddress2 ! snmp-­‐server contact "$SNMPcontact" snmp-­‐server loca-on $bldg/$floor/$room/$rack no snmp-­‐server vrf main snmp-­‐server vrf MGMT snmp-­‐server source-­‐interface Management1/1 snmp-­‐server community $SNMPCommunity ro SNMP-­‐RO-­‐ ACL snmp-­‐server community $SNMPCommunity rw SNMP-­‐RW-­‐ ACL snmp-­‐server host $SNMPHostAddress traps version 2c $SNMPcommunity snmp-­‐server enable traps en-ty snmp-­‐server enable traps lldp snmp-­‐server enable traps snmp ! tacacs-­‐server key $TacacsServerKey tacacs-­‐server host $TacacsServerAddress vrf MGMT ip tacacs source-­‐interface Management1/1 ! spanning-­‐tree mode mstp ! aaa authen-ca-on login default group tacacs+ local aaa authen-ca-on enable default group tacacs+ local aaa authoriza-on console aaa authoriza-on exec default group tacacs+ none aaa authoriza-on commands 1,15 default group tacacs+ none aaa accoun-ng exec default start-­‐stop group tacacs+ aaa accoun-ng commands 15 default start-­‐stop group tacacs + ! no aaa root vrf defini-on MGMT rd $SpineAS01 ! Vlan 999 state suspend name UNUSED-­‐PORTS i Interface Ethernet$ModNumber/$SubModNumber/1-­‐ $HighestPortNumber switchport mode access switchport access vlan 999 shut ! Interface Ethernet3/1/1 descrip-on -­‐ P2P Link to LEAF switch-­‐1 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet3/1/2 descrip-on -­‐ P2P Link to LEAF switch-­‐2 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet4/1/1 descrip-on -­‐ P2P Link to LEAF switch-­‐1 speed forced 40gfull mtu 9214 logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! Interface Ethernet4/1/2 descrip-on -­‐ P2P Link to LEAF switch-­‐2 speed forced 40gfull logging event link-­‐status no switchport ip address $IPAddress/30 arp -meout 900 ip pim sparse-­‐mode ip pim bfd-­‐instance qos trust dscp no shut ! interface Loopback0 descrip-on Router-­‐ID ip address $IPAddress/32 ! interface Management1 no snmp trap link-­‐status vrf forwarding MGMT ip address $MGMTIPAddress/$MGMTSubnetMask ! ip route vrf MGMT 0.0.0.0/0 $GatewayOfLastResortAddress ! ip rou-ng no ip rou-ng vrf MGMT ! ip mul-cast-­‐rou-ng ! ip prefix-­‐list PREFIX-­‐LIST-­‐IN seq 10 permit $Prefix/ $PrefixLength ! route-­‐map ROUTE-­‐MAP-­‐IN permit 10 match ip address prefix-­‐list PREFIX-­‐LIST-­‐IN ! ip prefix-­‐list PREFIX-­‐LIST-­‐OUT seq 10 permit $Prefix/ $PrefixLength ! route-­‐map ROUTE-­‐MAP-­‐OUT permit 10 match ip address prefix-­‐list PREFIX-­‐LIST-­‐OUT ! router bgp $SpineAS router-­‐id <Loopback0_Address> bgp log-­‐neighbor-­‐changes distance bgp 20 200 200 maximum-­‐paths 64 neighbor EBGP-­‐TO-­‐LEAF-­‐PEER peer-­‐group neighbor EBGP-­‐TO-­‐LEAF-­‐PEER password $Password neighbor EBGP-­‐TO-­‐LEAF-­‐PEER remote-­‐as $LeafAS neighbor EBGP-­‐TO-­‐LEAF-­‐PEER send-­‐community neighbor EBGP-­‐TO-­‐LEAF-­‐PEER fall-­‐over bfd neighbor EBGP-­‐TO-­‐LEAF-­‐PEER next-­‐hop-­‐self neighbor EBGP-­‐TO-­‐LEAF-­‐PEER route-­‐map ROUTE-­‐MAP-­‐IN in neighbor EBGP-­‐TO-­‐LEAF-­‐PEER route-­‐map ROUTE-­‐MAP-­‐OUT out neighbor EBGP-­‐TO-­‐LEAF-­‐PEER maximum-­‐routes 25000 neighbor $Leaf1IPAddress peer-­‐group EBGP-­‐TO-­‐LEAF-­‐PEER neighbor $Leaf2IPAddress peer-­‐group EBGP-­‐TO-­‐LEAF-­‐PEER ! banner login This system is privately owned and operated. Access to this system is restricted to authorized users only. Criminal and civil laws prohibit unauthorized use. Violators will be prosecuted. You must disconnect immediately if you are not an authorized user. EOF ! management console idle-­‐-meout 15 ! management ssh idle-­‐-meout 15 ! ! …
  • 5. Puppet NetDev Module NetDev is a vendor-­‐neutral network abstrac-on framework contributed freely to the Puppet community Basic layer-1 and layer-2 network abstractions Can extend the framework to define any abstractions or features needed for an environment The NetDev framework is open and free and accessible via Puppet Forge with implementations available for Arista, Juniper, Mellanox, Cumulus
  • 6. Ready class puppet_switch_ports { case $osfamily { JUNOS: { $db_port = "ge-­‐0/0/0" $web_port = "ge-­‐0/0/1" $uplink_lag = "ae0" $uplink_lag_ports = [ 'ge-­‐0/0/2', 'ge-­‐0/0/3' ] } EOS: { $db_port = "Ethernet1" $web_port = "Ethernet2" $uplink_lag = "Port-­‐Channel1" $uplink_lag_ports = [ 'Ethernet3', 'Ethernet4' ] } } $all_ports = [ $db_port, $web_port, $uplink_lag_ports ] }
  • 7. Set class puppet_switch_demo { netdev_device { $hostname: } include puppet_switch_ports $vlans = loadyaml( "$DATADIR/vlans.yaml" ) create_resources( netdev_vlan, $vlans ) netdev_interface { $puppet_switch_ports::all_ports: admin => up } netdev_l2_interface { $puppet_switch_ports::db_port: untagged_vlan => Blue } netdev_l2_interface{ $puppet_switch_ports::web_port: untagged_vlan => Green } netdev_l2_interface { $puppet_switch_ports::uplink_lag_ports: ensure => absent }-­‐> netdev_lag { $puppet_switch_ports::uplink_lag: links => $puppet_switch_ports::uplink_lag_ports }-­‐> netdev_l2_interface { $puppet_switch_ports::uplink_lag: tagged_vlans => keys( $vlans ) } }
  • 8. Automate! node "veos01.stormcontrol.net" { include puppet_switch_demo } node "ex4200.stormcontrol.net" { include puppet_switch_demo }
  • 9. How to take netdev to the next phase? You want to run what on my network device? Devops + NetOps != <3 I have 99 problems and no time for this discussion
  • 10. Lets just teach every netops person to be a developer… problem solved!
  • 11. Breaking down the configura-on into construc-ble blocks…. STP MLAG VRRP OSPF VLAN L2 Interface (access, trunk) Logical Interface (LAG) Physical Interface L3 interface (ipv4, ipv6)
  • 12. Paqerns start to emerge… interface lag l2_interface interface ip_interface vrrp_interface ospf_instance ospf_area ospf_interface
  • 13. Hmm, come to think of it… interface interface ethernet1/1 descrip-on webservers no shutdown ip_interface vrrp_interface interface ethernet1/1 no switchport ip address 10.10.4.1/24 interface ethernet1/1 vrrp 10 priority 200 vrrp 10 -mers adver-se 3 vrrp 10 ip 10.10.4.10 exit Isn’t the CLI just like a DSL?
  • 14. Start small and expand the sphere of influence automa-on Services / Applica9ons Logical Interfaces Physical Interfaces VLANS
  • 15. Feelin the love What’s taking so long to upgrade to Enterprise? Devops + NetOps = <3 I have 99 problems but automating my network isn’t one of them
  • 16. Automation with Puppet and EOS Automation with Puppet and EOS Standard Binaries Native Enterprise Integration Orchestrate Arista EOS or Linux OS resource automation Custom Facter integration for collecting state information Leverage Arista AEM for responsive automation to state changes Arista EOS Provider eAPI Gems Ruby Sysdb Linux Kernel Arista EOS Types Netdev Types Resource Abstraction Enterprise Community Puppet Master
  • 17. Call to ac-on • Great first step! • Much more work to do • Get Involved!! – We cannot model the network without your help