Automation has been part of the network administrator’s tasks for a while now. In the same way that system engineers moved from SSH loops to more sophisticated tools years ago,
NetOps are now moving from rancid and expect scripts to more powerful and robust tools.
France-IX is the premier Internet peering service provider in France through its 11 carrier and data center neutral PoPs in Paris and Marseille. France-IX interconnects several hundreds of telecommunications carriers, ISPs, content providers, content delivery networks and many other Internet networks. These networks require improved network efficiencies and exceptional performance.
The challenge at France-IX is to manage the increased growth of traffic and meet our customers’ expectations. This is the reason why we looked at network automation from different angles: the first one is closer to the code, using Python and PyEZ, whereas the second is more abstracted, using Ansible.
Approach 1: Automation with Python and Junos PyEZ
In our current workflow, we use Python scripts with the Junos PyEZ library to push configuration on our equipment via Netconf. Junos PyEZ is known as the “Python library for Junos automation”: https://github.com/Juniper/py-junos-eznc. A good introduction article can be found here.
For example, in our current usage, all common configuration such as ntp, tacacs, syslog, firewall filters are committed this way to ensure consistency across the network. It also enables us to change some of the configurations quickly and efficiently by deploying snippets of configuration to set a device.
As you can see in the figure below, we use a server where we deployed the environment to push configuration via the OOBM network.
It is also possible to run a batch of commands (cli format not recommended). The objective is not to do configuration nor screen scraping of the output, but it can be helpful to check some counters, clear counters in a global fashion, or collect some specific data.
Some of the France-IX scripts and examples are available here.
In order to go even further, we could have chosen to use Jinja templates, render these templates with Python and commit the result as we did with PyEZ (some examples here). The alternative we decided to use at France-IX is Ansible.
Approach 2: Automation with Ansible
Ansible is an open-source orchestration software that automates software provisioning, configuration management, and application deployment. It uses an agentless architecture, meaning nodes are managed by a controlling machine over SSH but do not need to install nor run software locally. Initially used for server management, additional functionalities have been added for network equipment management.
We use playbooks to express configurations, deployment, and orchestration in Ansible. Each playbook maps a group of hosts to a set of roles, each role is represented by calls to Ansible tasks. Documentation is available here.
There are currently two Ansible modules that can be used in order to manage Juniper Networks Junos OS devices. Even if they rely on Python scripts and library, you do not need to write Python.
The first module was developed by Juniper Networks (http://junos-ansible-modules.readthedocs.io/) and includes a multitude of features (from zeroize the device, install new Junos OS image, configure, run snapshot of configuration and tests). Some features are only available with this module.
The second module was developed by the Ansible team. Although limited in terms of features, it brings an interesting perspective because it respects the principle of idempotence (no matter how many times you run the instruction, the result will always be the same) and it is part of the core modules. Documentation is available here.
Both modules were used to automate the deployment of a test backbone with MPLS and EVPN during a three day hackathon organized by Juniper Networks in France in March 2017. Thanks to this set of playbooks, we could deploy the whole architecture (P and PE routers, plus a Route-reflector with ISIS, LDP, BGP and EVPN) on seven Juniper Networks virtual MX (vMX) in less than two minutes. We also took advantages of the XML output provided by XML-RPC invoked on the equipment to make live tests on the network, such as status of the physical interfaces, reachability of the loopbacks IP, ISIS and BGP adjacencies verifications. Lab setup, topology and examples are provided here.
As you can see, many things can already be achieved in a very elegant and fashioned way with these tools, in less time than one would expect. You are more than welcome to take a look at our examples.
At France-IX, the next step is to fetch data from our internal system based on Netbox in order to automate the provisioning of new customers during 2017. We are already thinking about other automation projects for 2018, so stay tuned!
About the Author
Arnaud Fenioux is currently a Network Engineer at France-IX, the premier Internet peering service provider in France. Responsible for network operations management from deployment to maintenance (MPLS/VPLS network, OOB network), he is deeply involved in automation projects related to customer provisioning and network deployments. Prior to France-IX, Arnaud held a similar role at the French regional IXP LyonIX and started his career in system and network administration with the ISP Claranet and artprice.com.
Arnaud holds his Master of Science from the French Engineering school ESEO in Angers. He gives regular talks at French universities and during industry conferences and is an active contributor to hackathons organized by RIPE Network Coordination Center and Juniper Networks, for example.
Learn how the largest privately owned TV production comany in the world is using Juniper Networks® QFX Series Ethernet Switches help scale out the delivery of high-quality TV and VOD contentRead more...
IP communication specialists utilise state-of-the-art core network in order to meet its customers’ demands.
Infopact was established in 1995 and serves more than 12,000 customers. Following the fast growth of its customer base, Infopact required a renewed solution for its core network infrastructure - one that is highly available, flexible and scalable, in a geo-redundant set-up to achieve maximum uptime.
Infopact consulted Juniper Networks’ Elite partner Infradata, and made the decision to select Juniper’s MX Series 3D Universal Edge Routers and EX Series Ethernet switches. The solution has been deployed in five data centers..
Steven Klockaerts, operations director at Infopact explained, “Infradata provided a solution-driven approach. This resulted in the decision to choose Juniper Networks for its reliable, stable and easy to manage network technology. The flexibility and scalability provided by this solution provides a seamless fit with our current and future organization-structure.”
According to Infradata’s network lead Robbie van Rooijen, Juniper’s solution futureproofs many supporting services and protocols that Infopact might require in the future. Since all components run on Juniper Networks’ single operating system, Junos® OS, Infopact has benefited from an easy to manage network environment, only requiring two system engineers. The migration was undertaken outside business hours, which assured that Infopact customers were not impacted.
A2B Internet operates in 16 different data centers across the Netherlands, providing solutions within and between data centers for internet service providers, web, cloud and hosting companies. We can provide a complete BGP environment for our customers, including address and routing management.
Convergence time is critical for us. Things change in the internet all the time, but if a link goes down the most important thing is fast convergence of routes, and our equipment was beginning to struggle with the ever-growing scale of the Internet routing tables. Our technical team has a long history of working with Juniper, at other service providers and system integrators. We knew that Juniper’s MX Series could deliver the routing scale we needed, combined with very fast convergence times and a rich set of software features.
We built our new solution using Juniper Networks® virtual MX Series 3D Universal Edge Routers. The virtual MX is a full-featured, carrier grade router with complete control, forwarding and management planes that run the Junos operating system on standard servers. We’d seen the virtual MX in the lab, but we decided to move it right into the production network. It gave us all the experience and the stability of MX Series and the Junos operating system in a state of the art virtual package.
We run the vMX on a virtual KVM (Kernel-based Virtual Machine), which is an open source hypervisor, on a dedicated bare metal HP server running the Linux Unbuntu operating system. The server allows the vMX to address the network card directly from the virtual environment, using the SR-IOV integration in the Intel Networking Cards. This removes the lag you might normally expect in a virtual environment, so you can have a high-speed interface in a virtual router. And we had the whole system up and running in a couple of hours.
We also found the implementation of IPv6 very straightforward, and actually set up and tested the system using IPv6, before switching our IPv4 services over to the new virtual platform. We now use the vMX routers for all of our Internet-facing connections, and use a 10G physical switched environment for internal distribution.
The whole project went very smoothly and we didn’t hit any issues that related to the Juniper software. Virtualizing the routers is an ideal solution for our customers, who typically don’t require 100Gbps throughput but still want to multi-home their BGP environment. Most importantly, the vMX has drastically improved our internet routing table convergence times. Now we can converge in three-to-four seconds. Even full transit sessions can be changed in seconds, giving our customers a much faster resolution in case of BGP flaps or network problems - and customers notice that. In fact, we get even faster convergence that we’d expect from a dedicated hardware system, because with the vMX, we can scale the routing table convergence independently from the underlying hardware platform.
Now we’re hosting true multi-homed environments for our customers, using multiple vMXs to create an ‘ISP in a box’, with multiple transits, homing and routers and everything virtualized in software running on off-the-shelf hardware. Another benefit of virtualization is the ability to operate several virtual routers on a single physical server – so they can be easily upgraded independently of one another. The software-based Juniper routers allow us to provide a fully virtualized ISP solution. And we get exactly the same software as the established hardware platforms with 20 years of software development behind them. So now we have extremely fast convergence, a highly stable environment, one that enables automation, with painless IPv6 deployment, and it’s cost-effective. For us, this has been much more than just another network upgrade.
To find out more about A2B Internet, click here.
The Academia Technology Group provides cloud, connectivity and mobile solutions from the desktop through to the data center. We launched our initial cloud and hosting infrastructure from a single data center, but we’d reached a performance ceiling and we wanted to increase the resilience of our solutions. So we decided to expand our operations to a second data center, which would add additional complexity to the network demands. Reliability was a critical requirement, as was ease-of use and simplification of the new operating environment.
We chose Juniper Networks to expand our network infrastructure because it offered a future-proof, best-in-class networking, value for money and a single unified operating system. It’s proven to be a great choice. We use Juniper Networks® MX5 3D Universal Edge Routers at each of our data center sites, acting as border gateways and providing connection to our tier-1 internet partners. We also use the MX5 routers to provide connections to those customers who only require internet access. We’ve deployed Juniper Networks® EX4600 Series Ethernet Switches at the primary sites and Juniper Networks® EX4550 Series Ethernet Switches at our disaster recovery site, to provide a resilient backhaul network and to connect customers to our cloud services. We use Juniper Networks® SRX1400 Series Services Gateways to provide an aggregation layer and implement security and IDP (Intrusion Detection and Prevention) services. We’ve deployed the SRX Gateways at each site, configured as a single virtual system running over the network, which has allowed us to simplify our operations by managing multiple components as a single device. We also provide a Juniper SRX on the end of every customer connection we provide.
We took advantage of the expertise in Juniper’s TAC (Technical Assistance Center), to help us through the expansion. At one point we had experts staying up with us all through the night to make sure our migration worked smoothly. I have worked with Juniper products over the last 10 years and have yet to meet a vendor like them.
Now we have a tenfold increase in the capacity of our systems. Network uptime is extremely high, as is customer satisfaction. And we’ve benefitted from increased operational simplicity, running all of our network and security functions with only three staff while our other engineers focused on different priorities. It was critical for us that the new network could ensure reliability, scalability and affordability and Juniper has ticked all three boxes for us. And with JUNOS providing a single unified operating system across all our different systems, from security to routing and switching, we have less administration and it’s easy to bring on new skilled engineers. There’s only a single platform to learn, with the same commands required across the whole range of product types. Cross-training from other vendors is also easy and fast, with far less courses required. We also benefit from a single management environment for both our own network and our customers, because we can manage our CPE (Customer Premise Equipment) from the same system.
The transition was seamless. We had virtually no downtime and I don’t think we could have achieved that with any other vendor. For example, Juniper’s commit-confirm feature and their ability to validate configurations in advance helped us reduce our risk through the whole process. We’ve achieved reliability, flexibility and a great service in an extremely short space of time.
Now we’re considering Juniper Networks vSRX Virtual Firewall to collapse the CPE functionality back onto its own premises, or maybe even running it on an optical termination device. This is one of the benefits of Juniper’s open approach to networking, the flexibility we have to run a virtualized Juniper system on a third party platform is unique, and a great illustration of the how the network is moving towards software.
It is key for leading research organisations to manage increasing demand for user traffic and provide high speed connectivity up to 100GbE, with capacity to grow and generate greater volumes of data and collaboration. Juniper Networks helps these organisations to transform their networks and provide cutting-edge excellence for the advanced research and education sector.
One of Juniper’s customers CSC - the IT Center for Science Ltd - runs the centralized IT infrastructure for Finland's education and research organizations, as well as libraries, archives, museums and cultural organizations. CSC’s infrastructure includes Funet (Finnish University and Research Network), which provides high speed data network connectivity to its 75 customers and their 370,000 users. CSC’s network connects all of its customers to the services they need and all of its customers to each other for collaboration.
CSC had been operating the Funet backbone at 10G, but traffic had steadily grown to the point where an upgrade to higher speeds needed. On top of that, the users can have extremely demanding and unpredictable data requirements, making it challenging to plan for peak demands. CSC needed to transform the entire backbone from 10Gbps to 100Gbps links.
The organisation built its two previous generations of network using Juniper Networks technology, and turned to Juniper Networks once again to create its new core, using Juniper Networks® MX960 3D Universal Edge Routers, equipped with MPC4E Modular Port Concentrators, to interconnect and provide access to all of its 75 customer organizations. MX Series routers allowed CSC to upgrade directly to a 100Gbs solution in the most cost-effective way, which is important because it is state-funded.
Teemu Kiviniemi, development manager at Funet quotes: “Our aim is always to upgrade before we hit congestion but now we know we have enough capacity to react even when our customers need a lot of capacity at short notice. This is crucial for a lot of our users, who often work with very large data sets and need to move terabytes or even petabytes of data.”
CSC also uses Juniper Networks MX Series routers for CPE (Customer Premise Equipment). This has created a simplified operational environment, with a single feature set across both its backbone and CPE, and saves a lot of time by using the same operational processes everywhere - for configuration, management and monitoring.
Kiviniemi says, “We currently connect our campus networks at 10G but our new core means that we're already starting to plan for 100G connections directly to our customers. And we can always use even higher capacity MX Series routers if we need to, so there are plenty more upgrade options available, whatever our future requirements. We are very happy with how this whole project has worked. Finland is a large sparsely populated country, so it's important that we can easily move huge amounts of data around over the network rather than transporting hard disks. Now it means our customers can forget about the network and concentrate on the real work that they do - research, education and teaching.”
To find out more, please read the case study.
At Hetzner we provide web hosting services to over 40,000 customers, who use our services to run applications ranging from general web hosting through to online payment systems, ecommerce, vehicle tracking solutions and share trading platforms. We needed to build a new data center and our network had reached its limits so we took the opportunity to build our new network from the ground up.Read more...
Today’s education landscape is dramatically different from what it was a couple of decades ago. Gone are the days of chalkboard learning and a single campus computer lab that everyone shared. Access to laptops and tablets, online learning solutions and the personalization of the learning experience through digital tools have become de rigueur for many of today’s students – this is what they have come to expect and demand.Read more...