Majid Ansari, Architect, Cloud Vertical, Juniper Networks

Apstra: The Value Is the Integration

Network AutomationData Center
Majid Ansari Headshot
Title slide that says, “Experience-First Data Center Networking Series. Apstra: The Value is the Integration. Jeff Doyle | Director — Solutions Architecture, Majid Ansari | Architect — Cloud Vertical, Calvin Remsburg | Consulting Sales Engineer.”

Apstra brings automation, integration — and so much more.

Don’t miss this final episode of the Experience-First Data Center Networking Series focusing on automation with Apstra. Jeff Doyle, Majid Ansari, and Calvin Remsburg discuss the key essentials you need in your fabric management solution when it comes to automation. 

Show more

You’ll learn

  • How Apstra can integrate with your existing systems, like Slack, ServiceNow, and other popular tools 

  • The advantage of a multi-vendor approach 

  • How an intent-based approach for Ethernet VPN (EVPN) operations and integration can help you manage rising data center complexity 

Who is this for?

Network Professionals Business Leaders

Host

Majid Ansari Headshot
Majid Ansari
Architect, Cloud Vertical, Juniper Networks

Guest speakers

Jeff Doyle Headshot
Jeff Doyle
Director, Solutions Architecture
Calvin Remsburg
Consulting Sales Engineer 
Transcript

0:00 [Music] hello and uh thanks for joining us today

0:07 uh this is our last of our lightning talk series on experience first data center networking series uh today we

0:15 will talk about abstract the values in integration uh basically the focus is automation with abstract my name is

0:22 majid ansari i'm an architect on cloud vertical uh and today with me um i have

0:28 kelvin remsburg he is one of the consulting engineers and specialist in automation practice

0:34 um he participates with the various customers on on automation discussions

0:40 and he will go over you know some of the details on automation with abstract

0:45 so let's jump right in and uh first thing i think i'll quickly i think talk

0:50 about the agenda for the discussion today uh we'll recap what we talked about in our first two sessions uh which

0:57 we had with jeff doyle um then i'll quickly uh introduce our

1:02 topic today on uh automation uh and uh evpn fabric operation decisions so

1:08 basically we'll talk about what are the key characteristics we are looking in your fabric management solution when it

1:13 comes to automation um and then kelvin will go over and expand that topic and talk about

1:20 you know automation for evpn operations and integration so recapping on uh what we talked in our

1:28 first two uh first two uh lightning talks um and i'm not gonna go in detail

1:33 about what we already discussed but i'm just gonna quickly provide a summary so in the first session we we talked about

1:39 uh what kind of characteristics you need from a day zero day one perspective where

1:44 you're looking at you know architecting and design and then deploying your fabric and we established

1:51 that you know you need a solution that's multi-vendor and then it also goes beyond

1:57 uh you know just swapping uh clies with clicks right you you actually go beyond

2:02 and do an internet-based approach uh where you actually are doing a lot of meaningful tasks in minimal steps

2:09 that way you can quickly complete your task and not only that that it makes easier

2:15 for you to provision it also provides you a single pane of glass that your architects as well as your

2:22 operators right can see through and then there would be a feedback loop that that you will you'll operate

2:29 through verifying everything at every step um and then making sure your fabric is

2:34 operating the way you intended it to be so that was our day one um and then

2:40 in in our second lightning talk we talked about more on importance of day two and supporting

2:46 um operations in a way that's you know meaningful uh and then that's you know relevant in uh today's

2:52 age because there are a lot of challenges and different challenges in the network uh when it comes to

2:58 uh you know things changing quickly um and then you have to support different like environments where you

3:04 have to support legacy uh application as well as model applications and we established

3:09 how um gathering analytics and then deriving knowledge from you know telemetry

3:15 and and giving you uh the information in full context so that you can use it uh

3:21 use it efficiently right um and then we also talked about uh you know our ability to

3:29 support your changes in the network whether it's a maintenance that is planned or a link or a device going down how do we

3:36 make sure that what it does after the recovery is

3:41 exactly what you expected to be it is done in as quickly as possible and and then we actually can provide you

3:48 all that uh reliable way of you know going through changes in your network um and then

3:55 importance of that so that that covered our day zero and uh day 1 and then day 2

4:00 operations and day 2 operations plus today's topic is now we're going to

4:06 focus on automation and why automation is important and what what kind of things you need to

4:13 look into your fabric management solution right um i think you we all would agree that when you deploy a

4:19 network or when you deploy a network management solution uh you are not up uh you're not operating in in a bubble

4:26 right you actually are part of a bigger business and then you have a bigger

4:32 infrastructure that's bigger than your network and you need to be part of it you cannot be just thinking of your network as an

4:39 independent entity uh because uh with if you want efficiency and if you want to

4:44 utilize the tools that you already built for your bigger infrastructure for example take a typical data center where

4:51 you will have you know 40 servers in iraq and they'll be only two switches

4:57 so there is an infrastructure already in place that is managing those 40 servers and then the applications that run on

5:03 them and it would be very efficient for you if you can use a similar infrastructure

5:09 maybe expertise you have in your ability to develop those applications using the same kind of apis

5:16 or at least uh the programming language of your choice for your automation uh

5:22 your network management will uh will actually uh gel well with your existing system so it's just gonna make it more

5:28 efficient and um and more scalable for you uh and that's one of the key

5:33 characteristics i think uh you need to look into a fabric management solution now the apis i think apis needs to be

5:42 easy to use and they they need to be integrated using your preferred

5:47 programming language or infrastructure of choice and and then once you have that established

5:54 that easy to use apis and that can give you that rich set of functionality that

5:59 you know you need it will just make it easier for you to integrate your fabric management

6:05 solution in your environment um and not only that the underlying infrastructure that that

6:11 you need right it shouldn't be restricting and and one of the things that uh we talked in earlier talks like

6:17 for example abstra uses uh this graph database now graph database allows you

6:22 to integrate and query things for which you your relationships were not like

6:28 available to you before so like if it was a relational database and then you were building tables uh you would

6:34 restrict based on what you know ahead of time whereas a graph database uh would

6:39 offer you that flexibility because there you don't have to do know all the relationship and don't have to build table based on what you know it could

6:47 change over time so not only you have rich set of apis um and simpler to use apis

6:53 you also need infrastructure that allows you to kind of grow with

6:59 the new things that come into picture um so you know if you combine all these things uh you build your solution and

7:07 you also have to kind of think of it is like how my operator is gonna use it so they can use the same uh same thing that

7:13 they use for bigger infrastructure they can use it for a network uh you will have a cohesive solution that will be

7:19 easy to integrate your environment um and i'll with this i will pass it on to

7:24 kelvin to just you know kind of expand it um how in abstract context how these

7:30 things are are relevant what abstract does and then how how it helps you you know grow with

7:36 ground without growing pains uh to you kelvin to kind of expand on

7:41 this topic i'll stop sharing and then you can share your screen all right so hello everyone my name is calvin

7:47 rimsburg and i am a global architect within the sales organization and my primary focus is

7:54 helping customers get up and running with network automation trying to help them understand what some of the value propositions and

8:00 more importantly what kind of integrations they can build to have success using the automation capabilities within our platforms

8:08 now today specifically we're going to be focusing on appstr now app sure actually has two

8:14 separate apis that we had just discussed there is a traditional rest api where we

8:20 can communicate with the aptra system over http there's also a graphql api

8:26 that we can access some of the more difficult queries to to get really detailed information

8:32 about the data center fabric now today i'm going to specifically be talking about the rest api because

8:39 that's what we see most commonly when customers want to build integrations

8:45 now it should be noted that 100 percent of the things that appsure does from the

8:51 web user interface is driven through apis in the background that is to say

8:57 any type of operation you would do inside of the appsure user interface whether you're adding new vlans or

9:03 you're building a new data center blueprint or maybe you're just monitoring the actual health of the environment there's

9:10 a native api for every single one of those calls that happens within the gui which means we can capture that api and

9:17 actually build automation around it this helps us build integrations into

9:23 tools and software that we already have in our environment with minimal effort

9:28 now today i'm going to be showcasing an example where a customer was having success where they were using servicenow

9:35 to perform their day 0 and day 2 operations through servicenow

9:41 now we're going to showcase this just in a little bit but it's important to just kind of have the roadmap here

9:47 in front of you to understand exactly how these pieces are coming together we're actually leveraging ansible for

9:54 the heavy lifting within the environment this is almost a no-brainer in in these

9:59 days because ansible has such a profound impact within not only servers but also

10:04 network and automation then it makes sense to build an automation framework based on

10:10 one of the more prevalent tools out there today so what's going to happen is that a user is going to fill out a request now this

10:17 again this could be building a new environment this can be just typical day two operations of adding vlans etc

10:24 they're going to perform that request inside of servicenow and servicenow is going to send that information over to a

10:31 ansible server through the ansible rest api and then ansible is going to do a few

10:36 things it's going to check in to github to make sure it's got the latest copy of

10:41 the project and then it's going to talk to our network source of truth now in my environment i'm using a tool called

10:47 netbox but you could use another tool called nadobot or maybe you're using some kind of monitoring system like

10:54 solarwinds the point is is that there's information about your environment that the

11:01 automation needs to have in order to be successful so ansible's going to query around make sure again it's got the

11:07 latest copy of the code it's going to make sure it knows everything about your environment and then it's going to be

11:12 performing some provisioning tasks over into the app str controller

11:17 and these again uh 100 of the operations that we would have typically done had we

11:23 been logged in through the web user interface and then when we're done we're going to be sending some information over to the

11:29 team so that everyone knows when a change has been made within our environment now in this case i'm using slack but

11:36 this could be a text message this could be an email this could be microsoft teams

11:41 the point is is that it doesn't really matter where you're trying to send the message to as long as there's an api

11:47 that's listening and available for us we can take advantage of that and build these almost closed-loop automation

11:54 opportunities for us so let's go ahead and start with our servicenow interface

12:01 i've created a fictitious company here called redtail network and they operate

12:06 in many different capacities they have a campus network that's managed through juniper's mist they're using the 128 tsd

12:13 wan but in context of this conversation we're going to be talking a little bit about the

12:18 data center so let's move over into the data center dashboard to see what the network team sees whenever they log into

12:25 servicenow so all the team members immediately have visibility into any

12:30 outstanding tickets that might be within their data center environment they can also see if there are any

12:36 anomalies within the production data center now in my case you can see that we have no problems just yet we will be

12:44 creating some problems here today but it's important to note that users of

12:50 of servicenow will immediately get this information without having to visit the aperture interface and probably even

12:56 more importantly without having to understand networking nuances within data center fabrics as we all know vxlan

13:05 evpn is an amazing technology but it's very very complicated and a data modeled

13:10 fabric management tool like appstra really helps abstract some of that complexity with them but here we're even

13:18 extra abstracting it even more by reaching into the appstress apis and grabbing the

13:24 health of our data center fabric now just to give you an example this is my current data center environment that

13:31 i have it is a live app sure environment the couple spines and three leaf

13:36 switches right here and you can see that all the anomalies that would have typically shown up or are right here

13:43 within the dashboard this is the information that we're getting through the api and we're tunneling that data

13:49 back into servicenow and that's what you see these counters right here for so

13:54 really really great place to get the visibility of your data center fabric you could extend this

14:00 this dashboard to your server teams to your application teams to really anyone

14:05 that likes to call up the network team and blame the data center as being the problem for their application performance this is a really great way

14:12 of getting all the networking nuance out of the way and just presenting the raw facts to the

14:17 users now what's really great about this dashboard is that we're not just using it to track data center events and in

14:24 open incidents at the time we can also use it as a launching pad for all of our network day-to-day tasks

14:31 so in this case i'm going to visit the network automation panel and we can see that this organization has many different

14:38 self-service portals for different types of tasks within the environment but we're focusing here on the data center

14:45 now when we visit this we can see that we've got a couple of options available for this if we wanted to we could build

14:51 out a full data center fabric using the appsha blueprint generator where we just basically fill in some

14:57 basic information about the type of platform that we're using the loopback

15:03 addresses if they have any specific autonomous system numbers that they want to use

15:08 what type of data center fabric platform as you all know aperture supports

15:15 almost any data center vendor under the sun so it's important that we give those types of options to the users

15:21 but in this case let's talk about a more traditional day two operation one of the more common tasks believe it or not

15:28 still in in 2022 is that we're still creating vlans across our data center fabric so let's

15:34 go ahead and perform this task by leveraging network automation we'll visit this self-service portal here

15:42 and you can see that we've taken all the network nuanced information things like

15:47 what type of routing or what routing instance would you like this via this new vlan to be

15:53 within the overlay we also need to pass in the name of a vlan now in this case

15:59 let's see i'm going to call this vlan thursday because that's where we're recording this and for the vlan id i'm just going to go

16:06 ahead and leave in 11 but we'll go ahead and give it the vxlan network identifier of 10 000.

16:13 and passing in an ip prefix we'll do 105

16:20 24 and we'll give it the dot one for the gateway so you can see with this self-service portal of

16:26 servicenow we're asking the user for the bare minimum information

16:31 what do they need to do to be successful in this job we're not asking them to be

16:36 experts in either cisco cli or junos cli we're not asking them to have even all

16:43 the nuanced information about a data center fabric they can still have success with their

16:48 day-to-day job by leveraging network automation to abstract all the complexities within this

16:55 so in this case we've created a workflow that another teammate would

17:00 view or they would first they would receive some kind of message notification and service now to say hey

17:05 you got a teammate that's looking to build a new data center vlan we would like for you to review it and they would

17:11 come they would visit their servicenow portal and they would get all the information here passed into a

17:16 ticket assigned to them now what they would do is they would go and they would review this request one last time they

17:22 can see the data they can add any comments that they see fit maybe a change approval number or some kind of code of

17:29 some sort the idea here is that we have an approval process where we can have an

17:36 audit from a local teammate or or maybe just be able to have

17:41 documentation as to who approved this change and who had initiated it just

17:47 again for auditing insanity purposes now what you'll note back here over at

17:52 abstra we don't have any uncommitted changes and that's because we haven't clicked

17:57 this approval button just yet so let's go ahead and take care of that i'm going to click on the approve button and what

18:05 that's going to do it's going to compile all the information that we had passed in the form and it's going to send it

18:10 over into ansible now let's go ahead and check out ansible and see what's going on

18:16 if i look at my jobs right up here we can see that we've got a job running it's called create a vlan

18:22 and if we look into the details we'll actually see the information that was passed into the servicenow form the name

18:29 of the vlan the vlan id the prefix remember all that information that we had filled into the form

18:34 now i can see that this all in all took 11 seconds to complete

18:39 and here we can we can dig into any of these api calls and kind of fare it out what that was actually going on but

18:46 probably more interesting let's return back to the service now or sorry to the appstr and you can see we now have an

18:52 uncommitted change within the environment so the way that appshow works if you're unfamiliar and this is a blessing if

18:59 you're coming into from an automation perspective is that appshow works in a very similar

19:05 way that the junos operating system works meaning that you stage your proposed

19:10 changes in type of a candidate configuration where you have another opportunity to review the data commit it

19:18 and if that is a problematic change actually roll it back this is incredibly important in a data center fabric

19:24 management tool and this is what we're leveraging within the automation we're taking advantage of this review process

19:31 now if i really wanted to we could go down and look into the full diff of what's actually taking place but

19:37 suffice to say here we're going to be creating a new vlan called thursday we're creating a new connectivity

19:43 template which is effectively an interface template and we're creating a new vlan id we can

19:50 see the prefix information route target the vlan id all again all that information was passed in through

19:56 servicenow so this is one really great way of leveraging network automation for a

20:01 common day two task i just rolled back that configuration so it now no longer exists within the

20:08 aperture system let's talk about another real common task and that would be

20:14 managing vlans on a trunk specifically for something like a vmware host for

20:20 instance right as new applications come into the environment you want to be able to quickly update or remove vlans that

20:27 are on a interface based on a template now in this case i have a connectivity

20:34 template it's got a couple of storage vlans one is the native vlan for iscsi

20:39 and another vlan for nfs traffic well let's return back over into servicenow

20:45 and what we're gonna do is we're gonna add a new vlan onto this trunk for

20:51 my sequel database so we'll follow the same process as we had before when we created a new vlan

20:58 and that is by visiting our data center service catalog and then opening up the

21:04 the self-service portal this time for managing vlans on a trunk and what we need to do is we need to

21:10 declare which blueprint or which data center fabric we would like to perform this task on we would like to know

21:16 whether or not we want to add a vlan or a movement run form a trunk in this case i'm going to add it and we need to add

21:23 the vlan id in this case i'm going to select my sql database and

21:28 finally i just need to select the connectivity template so whether or not what kind of virtualization host we're

21:34 using in this case we're going to select a vmware host and click order now now

21:39 again if you can think about the power not only of extrapolating the network

21:45 complexities of a vxn evpn fabric but what we're effectively doing is we're creating a self-service catalog so that

21:52 network operators or possibly application developers within your environment can perform complex tasks

21:59 with the appropriate auditing and approval processes without having to know very much about how networks

22:06 actually operate now in this case let's visit this request that came in for us and we're

22:12 again consistent approval process everything is consistent that we're doing here it's

22:18 one of the nice things about network automation is that despite the workflows being very different in workflow being

22:26 what kind of task you're trying to accomplish you can create similar workflow environments through a tool like

22:32 servicenow so that everyone feels comfortable it's familiar they know exactly where to go and they know how to

22:38 fill in these forms because it's very similar to their traditional operations within the tool

22:43 we'll go ahead and again click this approval button and again what's going to happen is that

22:49 we're going to compile the information that came in from the form and send it over into ansible we'll take a sneak

22:55 peek at what's going on over here here we can see we have a playbook running called manage

23:00 the trunk and if we dig into the details we can see hidden information about vlan ids

23:07 untagged this information is actually sourced from the servicenow catalog we just got to abstract some of the more

23:14 complex uuids etc now if we go back to the output i can see that this was completed this took 10

23:22 seconds to complete let's go check in on appstr and over on appstra if i just open up

23:28 this vmware host connectivity template yet again i can now see that the my sql

23:33 database vlan has been added to my tagged trunk now if you're unfamiliar

23:38 with connectivity templates effectively what's happening is that when we commit

23:43 this change that's staged right now in appstra any interface in our data center that

23:48 was previously associated to the vmware connectivity template will now have this

23:54 vlan automatically pushed down to it so that applications can come up and start actually performing the task that they

24:00 were set out to do so gone are the days of knowing where in my environment are all my vmware servers

24:07 which interfaces and which vlans is or are we passing on this trunk we can

24:13 leverage the connectivity templates to completely remove us from that equation and then we can take the advantage of

24:19 the api to actually perform the task to make adjustments to those as we see fit

24:24 if we move back over to our uncommitted panel here we can see that we've updated the

24:30 connectivity template for the vmware host and again this is exactly what we expected and i'll go ahead and commit

24:36 that change to make it run in production now i promised earlier we're going to cr we're going to break something and this

24:43 is a great opportunity for that i'm going to go ahead and insert a static change into my data center fabric

24:50 now what's going to happen from an app share perspective is that this will directly conflict with the data model

24:57 that was derived for the data center fabric again we're not building a model just for the

25:02 devices we're looking at this from an intent based networking perspective as a holistic fabric data model and this

25:10 static change that's going to be made on one of the devices will be a conflict with that that data center fabric

25:17 and so now if we return over to appsure actually let's go back to a services now

25:22 portal first if i remove back to my campus network and head over to the data center

25:28 dashboard what i should see is within about a couple of minutes i do

25:35 have some caching taking place on here to make the ui pop up just a little bit faster

25:41 what we will see is an anomaly peak its head into the data center

25:46 fabric as that that that static configuration is actually applied

25:51 so while we wait for that uh that detection to be made let's also showcase how you can

25:58 leverage slack and chat ops to also interface with your appstr fabric

26:04 so what i have here is a slack workspace that all my data center team is on and

26:10 that we use this to actually communicate between each other but in what we can also do is take

26:16 advantage of the api that we expose on appstra and actually build integrations into our chat systems so for instance

26:23 let's say that we get a call at 3 a.m because we're on call and we're told

26:28 that sap is down and the network is always obviously blamed uh for this type

26:34 of situation so rather than us getting up and pulling out our laptop jumping on

26:40 the corporate vpn trying to log into appsha trying to make sense of what's going on and

26:45 understand whether or not the data center is at fault what we can do instead is just simply open up our slack

26:51 client whether it's on our phone or our desktop in this case we'll be issuing a command to the appstrebot

26:57 what will happen is that we get a prompt that says what kind of request and from here we'll just say give us the

27:03 health of the data center and then it'll ask us which data center would you like to check we'll check in our evpn demo

27:10 and hit the execute now again i am not having to understand

27:15 data center fabric technology i don't even know i don't even need to be able to spell vxlan

27:22 what we can do is we can leverage this these apis to get health information

27:27 from our data center and provide access to it for anyone within the organization

27:33 that has the rights to now here we got back in our slack client within just a few seconds some

27:39 information from the system and i can see that there's a configuration error within our data center fabric that's

27:45 exactly what we expected because there was a static route injected into our data center if we return back over to

27:51 our servicenow portal and if i refresh my page remember that this is the home

27:57 landing page for my data center operations team here we can see that we'll have some anomalies show up and it

28:04 is exactly what we expected right we have a configuration issue within the environment and anyone that just logged

28:10 into servicenow or anyone that's watching this page will be able to detect yes there's something wrong with

28:16 our environment so they can interface through it with appstra through the apis

28:21 by leveraging tools like servicenow or you can build integrations into more common tools like slack or microsoft

28:28 teams so with that that's the end of this discussion on kind of the art of

28:33 possibility with building network automation for day two operations so with that i'm going to turn by mac bike

28:40 over thank you thank you kelvin i think uh you actually did a great job

28:46 articulating you know value of uh the automation with abstract how uh and the art of possibilities that you

28:52 said like what's possible using different tools um and then that i think you know would would clearly articulate

28:59 um how abstract can integrate easy in into your existing environments and servicenow

29:06 being popular ansible being popular and then slack on the other hand totally

29:11 diverse tools but the power of automation you know makes you integrate abstract in all of

29:17 them uh so thanks for that great discussion i think you know if our

29:22 customers are interested uh in talking about more uh more about this thing i

29:28 think you know reach out to your account teams and then we can we'll be happy to go over the details uh but in in

29:35 summarizing this what i would say uh for your when you're evaluating your fabric management solutions uh

29:42 basically what uh what based on what we talked today right what you what you need is an easy to use rich set of apis

29:50 uh so that you can use uh your own environment and then integrate uh

29:56 abstract or network management tool into your environment um and not only you

30:01 need uh apis performing your day one provisioning

30:07 thing it can also help you with your day to and day two plus operations where you know

30:13 like you spend a lot of time during that mode uh it's equally important to have apis that that do that right and then

30:21 last but not least i'll basically use the same conclusion that i used my in my previous uh two lightning talks uh for

30:28 your fabric management needs you need a unified solution uh that gives you seamless automation for you know

30:34 throughout your network life cycle whether it's day zero day one or day two plus

30:40 um and then you need a unified um view for both your operations and architect

30:45 uh team uh so that you get smooth operation your network and

30:50 with this uh talk i think we we provided you a lot of examples and and arguments to you know

30:58 provide to suggest that abstra actually does have all these characteristics and

31:03 it will it will do very well uh for your network management need um and especially in a multi-vendor network um

31:11 you you will be you will be very happy with uh with appstra and um

31:16 also i think as we talked uh you know next steps wise as i said please contact us uh if you like to talk

31:23 more but in the meantime if you want to learn and and explore yourself uh you

31:28 can also use our training on juniper training portal or uh there's a youtube

31:34 playlist that talks about you know topics like this that we discussed today and there's also a virtual lab um that

31:41 that you can reserve and then do your own experiments so thank you very much uh for joining us

31:47 today and then uh going through this discussion with us um and enjoy uh enjoy

31:53 uh the learnings and and then good luck we are with your network operations thank you

32:02 [Music]

Show more