1. AUTOMATION EVOLUTION
WITH JUNOS
Eric Ji
SR. ARCHITECT
CLOUD MARKETING
Suresh Krishnan
SR. TME
CLOUD MARKETING
Rajesh Rajah
SR. SOLUTIONS ARCHITECT
CDBU PLM
2. JUNIPER AUTOMATION
What’s In It For You
1 Understand the tools available in the
JUNOS Automation tool kit
2 Position/recommend tools necessary
to address customer needs
3 Use JUNOS automation capabilities
as the insertion point for Juniper products
To give Juniper a competitive advantage
4. Nodal
Automation
( Puppet, Chef )
Ad-Hoc
Scripting
( Bash, Perl )
IT Workflow
Orchestration
Business
Workflow
Orchestration
Manual
Vendor
CLI
Proprietary
Product
skills
IT
DIFFERENT POINTS OF VIEW
Rapid Application Delivery
Networking
Discrete blocks with no
business alignment
ContinuityAgility
Application
Velocity
5. THE AUTOMATION CONTINUUM
Old Way
ProductionCollectConfigureBuildPhysical Install
New Way
ProductionCollectConfigureBuildPhysical Install
Hours/Days
(manual)
Minutes
(automated)
BENEFITS
• Minimum networking skills required
• Reduced Opex
• Consistent, Repeatable and Efficient
• Rapid Application delivery
6. Control Analytics Configuration
CONTRAIL: NETWORK ORCHESTRATION, AUTOMATION
OSS/B
SS
CLOUD SERVICES,
ANALYTICS
API/SDK
(VIRTUALIZED,
PHYSICAL)
ORCHESTRATION/O
SS
Application
s
SDN
• Abstraction of the Network Layer to
address it as a whole as opposed to
discrete parts
Orchestration
• Domain wide ability to control
resources in combination across
various systems
Automation
• Programmatic Access to Data Center
Resource for consistency,
repeatability, and efficiency
APPROACH COMPARISON
Automation, Orchestration, and SDN
8. JUNOS AUTOMATION STACK
Tool built into Junos that enable automation
Chef
Junos
Data Plane (PFE)Chassis
XML
Netconf
PythonEZ Framework RubyEZ Library
PuppetAnsible
Python
Scripts
Ruby
Scripts
Junoscript
SNMP
RO
CLI
Junos Platform Automation Stack
15+ years of automation history
Open architecture
Three key features at the platform
layer
XML
Junos Script and Netconf
Junos EZ
9. NETWORK AUTOMATION
The Build phase centers around the
initial design and installation of a
network component
The Configure phase
covers methods to deploy
on demand configuration
and software changes to the
platform
The Collection phase
deals with automating
the process of
monitoring operational
state of the platform and
reacting on state
conditions
Build
ConfigureCollect
10. AUTOMATION TOOLKIT: BUILD
Feature Description
Zero Touch
Provisioning (ZTP)
• Out of the box configuration and software deployment
• Faster deployment
• Multi-node orchestration awareness
• Agentless
• Vendor Agnostic
Configure CollectBuild
11. Flexible scripting
option for custom
provisioning
Switch successfully
provisioned
Switch is racked and stacked,
sends a DHCP request on
boot
Configuration and image
information loaded on DHCP
server
EX & QFX
Series
Switches
DHCP Server responds
with image and
configuration
DHCP
Server
BUILD: ZERO TOUCH PROVISIONING
• Minimal skill required
• Consistent deployment
• Reduced Data Center
Build time
• Reduced configuration
errors
load different images based on location
13. BUILD: JUNIPER SWITCH SUPPORT
Feature Product support
Zero Touch Provisioning
(ZTP)
• All EX and QFX series products
• Any of the Juniper JUNOS OS based platforms
14. AUTOMATION TOOLKIT: CONFIGURE
Configure CollectBuild
Tool Description
Platform that can define and enforce the state of the infrastructure
Platform can transform complex infrastructure into code
Simple automation platform that Brings multi-node orchestration awareness
Python EZ "micro-framework" to remotely manage or automate Junos OS devices
15. Ruby Interpreter
EX | QFX | MX
Puppet "netdev" module
NETCONF
(FreeBSD)
NETCONF "gem"Puppet Agent
(client)
Puppet Master
(server)
"netdev"
jpuppet
package
CONFIGURE: PUPPET
Puppet module stored on the Puppet master
Puppet Agent downloads module to switch
16. Ruby Interpreter
EX | QFX | MX
Chef "netdev" module
NETCONF
(FreeBSD)
NETCONF "gem"Chef Client
Chef server
"netdev"
jchef
package
CONFIGURE: CHEF
“netdev” module stored on the Chef server.
Chef client downloads module to switch
17. CONFIGURE: PYTHON
Build Simple to Complex Applications
IT FrameworksPython Shell Python script
Custom
Applications
open-source – Maintained by CommunityNETCONF Client (NCCLIENT)
NETCONF TRANSPORT ONLY VENDOR AGNOSTIC NO ABSTRACTIONS
JUNOS SPECIFIC ABSTRACTION LAYER MICRO-FRAMEWORK
Junos Python EZ (JunosPyEZ) open-source – Maintained by Juniper
"snippets"
(no variables)
"templates"
(merge variables)Resources
Configuration Changes
Tables
Operational State
Views
18. CONFIGURE: JUNIPER SWITCH SUPPORT
Feature Product support
• EX45xx/EX4200
• QFX with Enhanced Automation image
• On roadmap for EX4300
• QFX with Enhanced Automation image
• On roadmap for EX4300
• All Platforms
PythonEZ • Any JUNOS platform
19. AUTOMATION TOOLKIT: COLLECT
Configure CollectBuild
Tool Description
Netconf / DMI
• Standard method for executing RPCs across a network
• Junos exposes all DMI functions via Netconf to remote hosts
Junos Scripts
• Built into the Junos OS
• Powerful and flexible onboard toolset
• Available on all Junos platforms
PythonEZ
• "micro-framework" to remotely manage or automate Junos OS devices
• Collect operational states as native Python Operational Data
20. XML
NETCONF XML
PROTOCOL
(RFC4741)
Management System
Automate config changes,
remote invocation of
operational commands,
collection of logs
NETCONF client libraries exist
for a number of programming
languages such as Java, Perl,
Ruby, Python, and even SLAX !
Security Routing Switching
COLLECT: NETCONF/DMI
• Secure and connection oriented with SSHv2 as transport
• Structured and transaction based with XML as RPC request / response
• User-class privilege aware
Secure TCP/IP
connections via
SSHv2 (RFC4742)
22. COLLECT: JUNOS SCRIPTS
Each script type uses XML in its own unique way
Junos Infrastructure
Output
XML
instructions
on what to
display
Input
Blank
XML
document
Op
Script
Event
Script
Output
XML
instructions
on what to
display
(if anything)
Input
XML
event
description
Commit
Script
Output
XML
instructions
on actions
to take
(make changes,
issue warnings,
errors, etc.)
Input
XML
Junos
configuration
23. JUNOS SPECIFIC ABSTRACTION LAYER MICRO-FRAMEWORK
Junos Python EZ (JunosPyEZ)
COLLECT: PYTHON
Build Simple to Complex Applications
IT FrameworksPython Shell Python script
Custom
Applications
open-source – Maintained by CommunityNETCONF Client (NCCLIENT)
NETCONF TRANSPORT ONLY VENDOR AGNOSTIC NO ABSTRACTIONS
open-source – Maintained by Juniper
"snippets"
(no variables)
"templates"
(merge variables)Resources
Configuration Changes
Tables
Operational State
Views
24. COLLECT: JUNIPER SWITCH SUPPORT
Feature Product support
Netconf/DMI • All Platforms
JUNOS Scripts • All Platforms
PythonEZ • All Platforms
25. ENHANCED AUTOMATION SW ARCHITECTURE
Hardware
Operating System
App App App
Single Vendor Blob
Hardware
Operating System
App App App
Best of Breed Ecosystem
Python & Libraries
Ruby & Libraries
Puppet Agent
Chef ClientLayer 3 ZTP
Disabled VeriExec
Standard Junos Image, with the following changes:
26. ENHANCED SW: JUNIPER SWITCH SUPPORT
Feature Product support
Enhanced Automation
SW Architecture
• QFX5100
28. USE CASES – ENTERPRISE IT
BENEFITS
• Minimal skill required by onsite deployment team
• Ensure Consistent deployment in line with company policies
• Reduces Data Center Build out from days to minutes
Configure CollectBuild
NEEDS
• Large Scale
• Minimal Interaction
• Minimal Skills
ZTP +
Ansible
Server
29. USE CASES – ENTERPRISE IT
BENEFITS
Network
Director
ZTP +
Ansible
Server
Web
Server
Database
Juniper Firewall
New Web
Server
• Network Director handles Element Management and Network As A Service Abstraction
• Network Director ensures consistent service deployment with minimal configuration by operations staff
• Network Director Data Center Visualization and Analytics Data ensures up to date data is available
Configure CollectBuild
NEEDS
• Consistent Service
• Growing new service
• Abstraction
30. USE CASES – ENTERPRISE IT
BENEFITS
Network
Director
ZTP +
Ansible
Server
Ops User
Web
Server
Database
Juniper Firewall
New Web
Server
Alert /
Report
• Operational Workflow Automation allows operations staff to schedule tasks
• Create reports based on “Out of Profile” events
• Automate “Remediation Actions” based on report data to improve network availability and reduce MTTR
Configure CollectBuild
NEEDS
• Monitor
• Report
• Remediate
32. JuniperCisco
Juniper Advantage
Smart Install (non-Nexus)
and POAP (Nexus)
ZTP One standard method for all platforms
OnePK and NX-PK
SDK and NETCONF XML
API
All method for all platforms
Puppet and Chef Integration
Puppet and Chef
Integration on the platform
Cisco Solution needs a proxy server. Juniper
Puppet and Chef clients run on the box
Python Scripting (Nexus)
Rich Off-box functionality
with JUNOS EZ libraries
Libraries available for standard operations and
configuration. Enables Network administrators to
create new automation tasks even with little
programming skills
Embedded Automation
Systems (EASy)
On the box automation
solutions; Event, config,
operation scripts, XML
interface
Juniper platforms have provided robust on-the-box
automation tools for a long time
COMPETITIVE -CISCO
Build
Configure
Collect
33. JuniperArista
Juniper Advantage
ZTP
ZTP
Common set of automation
tools across routers,
switches and security
products
Puppet and Chef
Integration Puppet and Chef Integration
Ansible works support Ansible works support
eAPI NETCONF XML API
Python Scripting Rich Off-box functionality with
JUNOS EZ libraries
Arista EOS programmability
Juniper SDK and JVAE
COMPETITIVE -ARISTA
Build
Configure
Collect
By taking advantage of the scripting capabilities built into the Junos operating system, you can reduce network downtime, reduce configuration complexity, automate common tasks, and decrease the time to problem resolution.
By taking advantage of the scripting capabilities built into the Junos operating system, you can reduce network downtime, reduce configuration complexity, automate common tasks, and decrease the time to problem resolution.
No Network engineer
75% moving toward Devop model
All infrastructure engineers
Business Agility
IT as a Service – virtualize compute, storage and network
Automation
Provision and automate network services within and across federated clouds
Multi-tenancy
Provide multi-tenant, location-independent, dynamic networking solutions across multiple cloud data centers.
Big Data for Infrastructure
Monitoring, diagnostics, and application interoperability with scale out analytics engine
The Junos OS has had automation features consistently added over the past 20 years.
This heritage of feature innovation has allowed Juniper to deliver new features by building on top of the abstraction layer below.
Three (3) key features form the basis for almost all automation aspects at the platform layer
XML-RPC in the core of Junos and Netconf to provide network based access to the system
XML stands for EXtensible Markup Language
XML is a markup language much like HTML
The Network Configuration Protocol (NETCONF) provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs).
normalizing
XML is a standards-based way to represent and communicate information. It allows a flexible way of representing data structures
The fact that the command-line interface (CLI) communicates with the Junos infrastructure with XML means that the Junos software natively supports XML for configuration and operation of the device.
When you are using the Junos CLI, you are using a program that makes requests of the Junos infrastructure. The communications between the CLI and the Junos infrastructure are handled with XML.
With Junos Script Automation, you can use this same XML format to interact with Junos software.
Junos Script for automating Operational, Configuration and Event based tasks
Junos EZ Framework implementing Python and Ruby based object models for interacting with Junos using modern programming languages
When we talk about provisioning we really have to first understand how do switches generally get provisioned. In most cases the equipment is first shipped to a staging facility, where it is unpacked, racked and stacked and then loaded with the correct image and configuration. Once this task is done it packed and shipped to the site it is going to be deployed at. All this cost money it has been estimated that it cost around $300 per device to do this.
With Zero Touch Provisioning on the EX series switches this complete process can be avoided. Switches can be drop shipped to location.
Lets look at the scenario of what happens when a switch arrives at the location.
[CLICK]
Firstly, the correct image and configuration has to be loaded on the DHCP server.
[CLICK]The switch is racked and stacked and powered on. As soon as the switch boots up it will send out a DHCP request.
[CLICK]
The server then responds with the correct image and configuration. The switch now load the specified image and configuration.
[CLICK]
The Switch is now operational and the network is operational. NOW ZTP/ZTD has been around for a while, but what really differentiates our solution is the ability to load different images on different switches based on location. So image1 can be loaded on the ToR1 and image2 can be loaded on ToR2.
[CLICK]
The ZTP solution provides a increase in the speed of deployment and provisioning. The switch no longer need to be staged and configured and then inserted in to the network. As result there is a substantial reduction in OPEX as well. In addition since everything is automated configuration errors can be reduced as well.
Ansible:
Beautiful and flexible shell scripts
What you can automate: installation, configuration, provisinioning.
Why: it’s easy to read, write, and share playbook! Running on multiple instances
- Playbooks: one or more “play”, written in YAML
Start with the overview of JUNOS puppet architecture…
Puppet is server/client model, in which master is the central control point, responsible for all the clients configuration deployment, modification. Clients, expanded from its traditional component Server, are get Juniper various switches platforms involved. Junos switches are equipped with a NETCONF API that enables programmatic configuration changes and operational management via secure XML RPC. To be able to support Junos switch on the server side, We have created "netdev“ module stored on the Puppet master. The switch running the Puppet agent downloads this code via SSL.
One additional point on the “netconf” API… Even though the current Juniper Puppet solution only covers basic vlan, lag, trunk etc Layer2 functions, but the “netconf” based solution technically is fairly powerful to support all features/functions delivered by the normal CLI. It’s only matter of time, and resources committed on this solution to get more functions supported in the near future, such as Layer3, routing protocols, ACLs, and policies etc.
What also makes IT frameworks like Puppet and Chef attractive is that they provide a layer of abstraction between "What" you want to manage and "How" the Resource is actually implemented.
Junos PyEZ is a Python "micro-framework" to remotely manage or automate Junos OS devices. The user is NOT required to be a software programmer, have sophisticated knowledge of Junos OS, or have a complex understanding of the Junos OS XML API.
Junos PyEZ enables both types of users--non-programmers and programmers--to easily interact and manage a network of JunosOS devices.
NETCONF-managed devices
This library was built for two types of users:
Non-Programmers - Python as a Power Shell
This means that non-programmers, for example, the Network Engineer, can use the native Python shell on their management server (laptop, tablet, phone, and so on) as their point-of-control for remotely managing Junos OS devices. The Python shell is an interactive environment that provides the necessary means to perform common automation tasks, such as conditional testing, for-loops, macros, and templates. These building blocks are similar enough to other "shell" environments, like Bash, to enable the non-programmer to use the Python shell as a power tool, instead of a programming language. From the Python shell, a user can manage Junos OS devices using native hash tables, arrays, and so on, instead of using device-specific Junos OS XML or resorting to "screen scraping" the actual Junos OS CLI.
Programmers - Open and Extensible
There is a growing interest and need to automate the network infrastructure into larger IT systems. To do so, traditional software programmers, DevOps, hackers, and so on, need an abstraction library of code to further those activities. Junos PyEZ is designed for extensibility so that the programmer can quickly and easily add new widgets to the library in support of their specific project requirements. There is no need to "wait on the vendor" to provide new functionality. Junos PyEZ is not specifically tied to any version of Junos OS or any Junos OS product family.
Junos PyEZ is designed to provide the same capabilities as a user would have on the Junos OS CLI, but in an environment built for automation tasks.
The Network Configuration Protocol (NETCONF) provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs).
The Junos OS allows you to customize the behavior of the device with commit, op, and event scripts. These scripts take XML input, process it, call any Junos functions as specified by the script, and then output instructions to Junos. The type of input and the instructions sent back are different for each of the different kinds of scripts.
Junos Script Is Built Into the Junos OSWell, now you can solve many of the previously mentioned problems with Junos Script Automation!
Script Types
Part of the larger Junos Script infrastructure, Junos Script Automation has three components: commit scripts, op scripts, and event scripts.
Commit scripts run every time a user commits the configuration and can be used to automate configuration tasks, enforce consistency, catch common mistakes, and more.
Op scripts can be run from the command line and allow you to automate troubleshooting, either by having the Junos OS attempt basic troubleshooting or by having it automatically display the information you specify, thereby helping to streamline the troubleshooting process.
Event scripts are similar to op scripts, except that they are initiated by an event policy. This feature lets you have the software automatically respond to events that it logs, such as interface state changes or BGP neighbor state changes.
The best part is that Junos Script comes built in to the Junos software. It is available on every platform that runs the Junos OS and does not require a license!
ML and the Script Types
In the case of op scripts, the input is a blank XML document. An op script also can call a wide variety of Junos functions depending on the script’s purpose. Then the script sends XML output telling the Junos OS which results or information should be displayed to the user.
In the case of event scripts, the input is an XML document that describes the events the software received. An event script can call Junos functions to take actions in response to the events, such as performing troubleshooting tasks, logging any warnings or errors, or attempting to correct the error. It then returns an XML document telling the Junos CLI what to display to the user, if anything. Because event scripts are triggered by events, not by the user, warnings and errors are often written to a log rather than returned in the XML output.
In the case of commit scripts, the input is the XML representation of the Junos configuration. A commit script can call Junos functions to access information needed to evaluate the configuration. It then returns an XML document that tells the Junos OS what actions, if any, it should take. The XML document can contain instructions telling the Junos infrastructure to change some of the configuration, issue a warning, issue an error and stop the commit operation, or perform some combination of these operations.
Junos PyEZ is a Python "micro-framework" to remotely manage or automate Junos OS devices. The user is NOT required to be a software programmer, have sophisticated knowledge of Junos OS, or have a complex understanding of the Junos OS XML API.
This library was built for two types of users:
Non-Programmers - Python as a Power Shell
This means that non-programmers, for example, the Network Engineer, can use the native Python shell on their management server (laptop, tablet, phone, and so on) as their point-of-control for remotely managing Junos OS devices. The Python shell is an interactive environment that provides the necessary means to perform common automation tasks, such as conditional testing, for-loops, macros, and templates. These building blocks are similar enough to other "shell" environments, like Bash, to enable the non-programmer to use the Python shell as a power tool, instead of a programming language. From the Python shell, a user can manage Junos OS devices using native hash tables, arrays, and so on, instead of using device-specific Junos OS XML or resorting to "screen scraping" the actual Junos OS CLI.
Programmers - Open and Extensible
There is a growing interest and need to automate the network infrastructure into larger IT systems. To do so, traditional software programmers, DevOps, hackers, and so on, need an abstraction library of code to further those activities. Junos PyEZ is designed for extensibility so that the programmer can quickly and easily add new widgets to the library in support of their specific project requirements. There is no need to "wait on the vendor" to provide new functionality. Junos PyEZ is not specifically tied to any version of Junos OS or any Junos OS product family.
Features
Junos PyEZ is designed to provide the same capabilities as a user would have on the Junos OS CLI, but in an environment built for automation tasks.
scalability and capex inefficiencies are result of the inability to handle policies, security, and routing at scale, without changes to physical switching infrastructure
scalability and capex inefficiencies are result of the inability to handle policies, security, and routing at scale, without changes to physical switching infrastructure
Consistent
Build Standard Services
Repeatable
Extend and Grow Existing Services
Abstraction
Reference Entire Network and not discrete components
scalability and capex inefficiencies are result of the inability to handle policies, security, and routing at scale, without changes to physical switching infrastructure
Testing
Automated tests for Day to Day Operational tasks
Reporting
Alert Network Operations staff for Issues and Notifications
React
Ability to create automated remediation tools for events and issues in the network
31
Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.
A network using Smart Install includes a group of networking devices, known as clients, that are served by a common Layer 3 switch or router that acts as a director. In a Smart Install network, you can use the Zero-Touch Installation process to install new access layer switches into the network without any assistance from the network administrator.
Catalyst switches
PowerOn Auto Provisioning (POAP) automates the process of upgrading software images and installing configuration files on Cisco Nexus switches that are being deployed in the network for the first time.
Cisco Embedded Automation Systems (EASy) combine embedded management technologies, including:
Embedded Event Manager (EEM)
Cisco IP Service Level Agreements (IP SLAs)
Expression MIB
Network-Based Application Recognition (NBAR)
Flexible Netflow
Enhanced Object Tracking
Cisco IOS Shell (IOS.sh)
The resulting system addresses key configuration and management issues to make Cisco products:
Easy to install
Easy to service
Easy to manage
Cisco onePK, short for One Platform Kit, is an easy-to- use developer’s toolkit for innovation, automation, and service creation. onePK delivers the benefits of network programmability on Cisco® routers and switches
The onePK model is consistent across all of the wide variety of Cisco routers and switches