Programmability and Automation Meetup Group
Owned by Nick Thompson + 5
As crucial as automating your network deployment is, the ability to ensure correctness and validate proper behavior and state of your network is the key to a successful automation strategy. Test automation for your network deployments helps build the early detection system that the development team needs to avoid unintended outcomes. More importantly, it helps develop the trust of the customers who rely on the automation or the infrastructure it builds.
This session, presented by Tafsir Thiam of World Wide Technology, is the first of the Test Automation series. We discussed foundational concepts related to testing and the anatomy of good tests. We explored these concepts using the popular `pytest` Python library, and walked through realistic scenarios using Pytest to demonstrate the concepts you can apply to test your infrastructure!
Cloudify, integrated with ServiceNow ITSM (IT Service Management) and ITOM (IT Operations Management), provides a seamless way to automate the orchestration of provisioning, management, and governance of cloud environments that supports the needs of both development teams and DevOps teams. Developers get a self-service experience to request the creation or management of their cloud environments via ServiceNow ITSM Service Catalog. DevOps teams can define certified environment blueprints in Cloudify to create deployments of cloud environments when fulfilling requests from the development teams submitted via the Service Catalog. Cloudify also provides DevOps and IT Governance teams the ability to automatically remediate resources that are out of compliance with cloud governance policies. Cloudify ensures that not only are they aware of cloud resources that violate these policies but that those resources are brought into compliance quickly. In this session, Jason Hammond and Anthony Critelli from Cloudify presented the Cloudify cloud orchestration platform. They also demonstrated how Cloudify & ServiceNow work together to increase the speed and efficiency of development and DevOps teams.
GraphQL is a query language for APIs used by popular web services, including GitHub, ArangoDB, and Nautobot, a network automation platform. In this session, Joel King introduced GraphQL and demonstrated using Nautobot as a Source of Truth to manage Arista Containerized EOS (cEOS) routers using Ansible.
At some point in our career, we've written scripts to process data and generate reports on the current state of our systems. Unfortunately, these scripts often are tucked away, dug up, and manually invoked from our desktop the next time someone asks for an update, perhaps quarterly. Each time, we teeter on the line of investing the time to fully automate a seldom-used process versus the value of the results delivered, despite the amount of time we spend manually running a script and preparing a report into a presentable form. In this session, Kris Reese and Harry Kabbay from World Wide Technology showed how they'd taken this type of process to the next level by converting a python script into a serverless application run a-top Knative Serving, and building an offering of on-demand, ad-hoc execution of scripts via ServiceNow. A demo showcased an example scenario to perform user access validation to MongoDB databases, validate employment, remove terminated accounts, and generate a report to meet SOC2 compliance that auto attaches itself to a ServiceNow ticket.
We're all now on a journey towards the nirvana of a fully-automated self-driving network. Some of us may be just thinking about it, others may have tooled up and been building a netdevops culture in their organization. But there are some things that you just can't do without on that journey: Full understanding of just what your network looks like from user to Cloud instance at a point in time; A way of measuring if it is configured and behaving as you expect it to; The ability to share that insight with everyone who needs or wants it.
IP Fabric is a plug-and-play Network Assurance platform that allows you to bring that insight to an enterprise network end-to-end. It automatically discovers and models the network, then runs the rule over the model to verify that it is behaving as you intend. It presents that as regularly updated interactive documentation through a web-based UI, and via REST API it provides the context that allows you to augment your existing processes and tooling ecosystem, and accelerate and enhance your automation efforts. In this session, Daren Fulwell from IP Fabric dug into the hows and whys of network assurance, then demonstrate how IP Fabric delivers for the network engineer.
A user's identity is a cornerstone for most modern applications today. Over the years, standards such as SAML, OAuth 2, and OpenID Connect have emerged to solve growing challenges around user identity authentication and authorization on the web. In this session, Tyler Hatton, Tafsir Thiam, and Tim Hull from World Wide Technology discussed and showcased these different standards that can be used to better secure web applications and APIs.
Have you ever mocked up a lab environment and needed a router that doesn't require a license or a lot of time to set up? At WWT, our tool of choice is Traffic Jam! The idea of Traffic Jam was initially conceived back in 2015 (by Bill Thompson) as SD-WAN was heating up, and customers were coming to WWT's Advanced Technology Center (ATC) to perform evaluations of SD-WAN. Because of the number of SD-WAN tests, we needed a tool that we could quickly spin up to act as the service provider to the SD-WAN devices and perform impairments on the WAN links.
It's been six years since that original idea, and Traffic Jam is still going strong! Over that period, Traffic Jam has gone through many transformations and looks quite different from when it initially hit the scene (it's getting ready to go through another transformation!). You can find it in labs on WWT's platform as well as custom environments running in the ATC. Odds are, if you've interacted with a lab on the platform or performed a POC within the ATC, then Traffic Jam has been there, running in the background.
WWT Labs Containing Traffic Jam:
You may have heard of the growing trend to use a Network Source of Truth (SoT) as a critical component for network automation. This session, presented by Tim Fiola from Network to Code, introduced Nautobot, an open-source project that doubles as a Source of Truth and Automation Platform. First, Tim covered the basics of what Nautobot is as SoT. Then Tim spent most of the time talking about how it is an Application Platform and can complement nearly any network automation strategy or tool on the market. Tim also demonstrated many of the applications in the Nautobot App Ecosystem.
In this session, Jeff Andiorio from World Wide Technology walked through creating a simple, non-production Python SDK. The goal was not to build a production-quality Python SDK since these already exist for many of the Cisco products but rather to provide some guided practice using many of the requisite skills of an automation engineer today.
Network automation is an essential tool for managing today's complex networks. Unfortunately, one minor error during an automated change window can have a ripple effect of unintended consequences that span the on-prem, cloud, and virtual networks. Combining automated workflows and API interaction with the visualization and predictive capabilities of the Forward Networks Platform can prevent or rapidly detect unintended network behavior.
In this session, Kevin Kuhls from Forward Networks presented an overview of the Forward Networks product and showed how to use it to achieve Worry-Free Network Automation.
Cisco's Extended Detection and Response (XDR) platform, SecureX, allows organizations to quickly identify and respond to threats in an automated fashion using a cloud-native platform. In this session, Brian Sak showed attendees the platform's capabilities with an emphasis on SecureX Orchestration, the automation and orchestration tool organizations can use to build atomic actions and workflows to simplify security operations.
Brian Sak is a Cybersecurity Architect with Cisco focused on developing technical security solutions and supporting partners. He has a Master's in Information Security and Assurance and has contributed to multiple security, IoT, and data analytics publications. He enjoys automating things, contributing code and is always looking for something new to learn.
Serverless computing is emerging as a common architectural model for building and hosting applications at scale. In this session, Tyler Hatton from F5 Networks presented as we explored serverless computing, the different platforms and frameworks around serverless, and how to get started writing your first serverless application.
This Hands-On walk-through is designed to provide you real-world exposure to the foundational Docker instructions needed to build a Docker image and integrate it with Visual Studio Code. The outcome from this lab is the knowledge of building Docker containers plus the added benefit of learning how to utilize the container as your development environment when using Visual Studio Code.
What You Need:
- A Windows or macOS computer with Docker Desktop.
- You can install Docker in a Linux Environment and complete the walkthrough.
- Visual Studio Code
One challenge for a network engineer learning the 'tools of the trade' for programmable networks is how to set up a development environment.
The environment must be ephemeral, consistent, and repeatable with the instructor, your teammates, and your study partner.
In this session, Joel King demonstrates how to use Visual Studio Code along with Vagrant, Docker, and cloud computing environments. Joel also shares sample configurations in GitLab and also a number of Jupyter Notebooks which can be used as study aids for the Cisco DevNet Certification exams.
Would you like to learn more about data center automation and programmability? Are you interested in taking the Cisco DEVNET DCAUTO Specialization exam? In this fully NDA-Compliant session, Tim Hull and Jeff Shively from WWT will show and share the learning resources and study tools they found the most useful on their way to passing the DCAUTO exam in May. Tim and Jeff will also discuss how they got from the starting line to the finish line and what they would do differently if they had to do it all over again.
As engineers embrace infrastructure-as-code, building in testing and sanity checks of the proposed changes becomes critical. Batfish is an open-source tool that does network configuration analysis. Some of the project's capabilities include analysis of system information, routing and forwarding tables, and ACLs. Batfish is written in python and is consumable in python, but also has Ansible modules available.
We will demonstrate using Batfish to ensure our ACLs are doing what we expect them to do. Finally, we will look at using Batfish in a CI pipeline to automate configurations upon check-in to version control.