Apstra: The Value Is the Integration

0:00 [Music] hello and uh thanks for joining us today

0:07 uh this is our last of our lightning talk series on experience first data center networking series uh today we

0:15 will talk about abstract the values in integration uh basically the focus is automation with abstract my name is

0:22 majid ansari i'm an architect on cloud vertical uh and today with me um i have

0:28 kelvin remsburg he is one of the consulting engineers and specialist in automation practice

0:34 um he participates with the various customers on on automation discussions

0:40 and he will go over you know some of the details on automation with abstract

0:45 so let's jump right in and uh first thing i think i'll quickly i think talk

0:50 about the agenda for the discussion today uh we'll recap what we talked about in our first two sessions uh which

0:57 we had with jeff doyle um then i'll quickly uh introduce our

1:02 topic today on uh automation uh and uh evpn fabric operation decisions so

1:08 basically we'll talk about what are the key characteristics we are looking in your fabric management solution when it

1:13 comes to automation um and then kelvin will go over and expand that topic and talk about

1:20 you know automation for evpn operations and integration so recapping on uh what we talked in our

1:28 first two uh first two uh lightning talks um and i'm not gonna go in detail

1:33 about what we already discussed but i'm just gonna quickly provide a summary so in the first session we we talked about

1:39 uh what kind of characteristics you need from a day zero day one perspective where

1:44 you're looking at you know architecting and design and then deploying your fabric and we established

1:51 that you know you need a solution that's multi-vendor and then it also goes beyond

1:57 uh you know just swapping uh clies with clicks right you you actually go beyond

2:02 and do an internet-based approach uh where you actually are doing a lot of meaningful tasks in minimal steps

2:09 that way you can quickly complete your task and not only that that it makes easier

2:15 for you to provision it also provides you a single pane of glass that your architects as well as your

2:22 operators right can see through and then there would be a feedback loop that that you will you'll operate

2:29 through verifying everything at every step um and then making sure your fabric is

2:34 operating the way you intended it to be so that was our day one um and then

2:40 in in our second lightning talk we talked about more on importance of day two and supporting

2:46 um operations in a way that's you know meaningful uh and then that's you know relevant in uh today's

2:52 age because there are a lot of challenges and different challenges in the network uh when it comes to

2:58 uh you know things changing quickly um and then you have to support different like environments where you

3:04 have to support legacy uh application as well as model applications and we established

3:09 how um gathering analytics and then deriving knowledge from you know telemetry

3:15 and and giving you uh the information in full context so that you can use it uh

3:21 use it efficiently right um and then we also talked about uh you know our ability to

3:29 support your changes in the network whether it's a maintenance that is planned or a link or a device going down how do we

3:36 make sure that what it does after the recovery is

3:41 exactly what you expected to be it is done in as quickly as possible and and then we actually can provide you

3:48 all that uh reliable way of you know going through changes in your network um and then

3:55 importance of that so that that covered our day zero and uh day 1 and then day 2

4:00 operations and day 2 operations plus today's topic is now we're going to

4:06 focus on automation and why automation is important and what what kind of things you need to

4:13 look into your fabric management solution right um i think you we all would agree that when you deploy a

4:19 network or when you deploy a network management solution uh you are not up uh you're not operating in in a bubble

4:26 right you actually are part of a bigger business and then you have a bigger

4:32 infrastructure that's bigger than your network and you need to be part of it you cannot be just thinking of your network as an

4:39 independent entity uh because uh with if you want efficiency and if you want to

4:44 utilize the tools that you already built for your bigger infrastructure for example take a typical data center where

4:51 you will have you know 40 servers in iraq and they'll be only two switches

4:57 so there is an infrastructure already in place that is managing those 40 servers and then the applications that run on

5:03 them and it would be very efficient for you if you can use a similar infrastructure

5:09 maybe expertise you have in your ability to develop those applications using the same kind of apis

5:16 or at least uh the programming language of your choice for your automation uh

5:22 your network management will uh will actually uh gel well with your existing system so it's just gonna make it more

5:28 efficient and um and more scalable for you uh and that's one of the key

5:33 characteristics i think uh you need to look into a fabric management solution now the apis i think apis needs to be

5:42 easy to use and they they need to be integrated using your preferred

5:47 programming language or infrastructure of choice and and then once you have that established

5:54 that easy to use apis and that can give you that rich set of functionality that

5:59 you know you need it will just make it easier for you to integrate your fabric management

6:05 solution in your environment um and not only that the underlying infrastructure that that

6:11 you need right it shouldn't be restricting and and one of the things that uh we talked in earlier talks like

6:17 for example abstra uses uh this graph database now graph database allows you

6:22 to integrate and query things for which you your relationships were not like

6:28 available to you before so like if it was a relational database and then you were building tables uh you would

6:34 restrict based on what you know ahead of time whereas a graph database uh would

6:39 offer you that flexibility because there you don't have to do know all the relationship and don't have to build table based on what you know it could

6:47 change over time so not only you have rich set of apis um and simpler to use apis

6:53 you also need infrastructure that allows you to kind of grow with

6:59 the new things that come into picture um so you know if you combine all these things uh you build your solution and

7:07 you also have to kind of think of it is like how my operator is gonna use it so they can use the same uh same thing that

7:13 they use for bigger infrastructure they can use it for a network uh you will have a cohesive solution that will be

7:19 easy to integrate your environment um and i'll with this i will pass it on to

7:24 kelvin to just you know kind of expand it um how in abstract context how these

7:30 things are are relevant what abstract does and then how how it helps you you know grow with

7:36 ground without growing pains uh to you kelvin to kind of expand on

7:41 this topic i'll stop sharing and then you can share your screen all right so hello everyone my name is calvin

7:47 rimsburg and i am a global architect within the sales organization and my primary focus is

7:54 helping customers get up and running with network automation trying to help them understand what some of the value propositions and

8:00 more importantly what kind of integrations they can build to have success using the automation capabilities within our platforms

8:08 now today specifically we're going to be focusing on appstr now app sure actually has two

8:14 separate apis that we had just discussed there is a traditional rest api where we

8:20 can communicate with the aptra system over http there's also a graphql api

8:26 that we can access some of the more difficult queries to to get really detailed information

8:32 about the data center fabric now today i'm going to specifically be talking about the rest api because

8:39 that's what we see most commonly when customers want to build integrations

8:45 now it should be noted that 100 percent of the things that appsure does from the

8:51 web user interface is driven through apis in the background that is to say

8:57 any type of operation you would do inside of the appsure user interface whether you're adding new vlans or

9:03 you're building a new data center blueprint or maybe you're just monitoring the actual health of the environment there's

9:10 a native api for every single one of those calls that happens within the gui which means we can capture that api and

9:17 actually build automation around it this helps us build integrations into

9:23 tools and software that we already have in our environment with minimal effort

9:28 now today i'm going to be showcasing an example where a customer was having success where they were using servicenow

9:35 to perform their day 0 and day 2 operations through servicenow

9:41 now we're going to showcase this just in a little bit but it's important to just kind of have the roadmap here

9:47 in front of you to understand exactly how these pieces are coming together we're actually leveraging ansible for

9:54 the heavy lifting within the environment this is almost a no-brainer in in these

9:59 days because ansible has such a profound impact within not only servers but also

10:04 network and automation then it makes sense to build an automation framework based on

10:10 one of the more prevalent tools out there today so what's going to happen is that a user is going to fill out a request now this

10:17 again this could be building a new environment this can be just typical day two operations of adding vlans etc

10:24 they're going to perform that request inside of servicenow and servicenow is going to send that information over to a

10:31 ansible server through the ansible rest api and then ansible is going to do a few

10:36 things it's going to check in to github to make sure it's got the latest copy of

10:41 the project and then it's going to talk to our network source of truth now in my environment i'm using a tool called

10:47 netbox but you could use another tool called nadobot or maybe you're using some kind of monitoring system like

10:54 solarwinds the point is is that there's information about your environment that the

11:01 automation needs to have in order to be successful so ansible's going to query around make sure again it's got the

11:07 latest copy of the code it's going to make sure it knows everything about your environment and then it's going to be

11:12 performing some provisioning tasks over into the app str controller

11:17 and these again uh 100 of the operations that we would have typically done had we

11:23 been logged in through the web user interface and then when we're done we're going to be sending some information over to the

11:29 team so that everyone knows when a change has been made within our environment now in this case i'm using slack but

11:36 this could be a text message this could be an email this could be microsoft teams

11:41 the point is is that it doesn't really matter where you're trying to send the message to as long as there's an api

11:47 that's listening and available for us we can take advantage of that and build these almost closed-loop automation

11:54 opportunities for us so let's go ahead and start with our servicenow interface

12:01 i've created a fictitious company here called redtail network and they operate

12:06 in many different capacities they have a campus network that's managed through juniper's mist they're using the 128 tsd

12:13 wan but in context of this conversation we're going to be talking a little bit about the

12:18 data center so let's move over into the data center dashboard to see what the network team sees whenever they log into

12:25 servicenow so all the team members immediately have visibility into any

12:30 outstanding tickets that might be within their data center environment they can also see if there are any

12:36 anomalies within the production data center now in my case you can see that we have no problems just yet we will be

12:44 creating some problems here today but it's important to note that users of

12:50 of servicenow will immediately get this information without having to visit the aperture interface and probably even

12:56 more importantly without having to understand networking nuances within data center fabrics as we all know vxlan

13:05 evpn is an amazing technology but it's very very complicated and a data modeled

13:10 fabric management tool like appstra really helps abstract some of that complexity with them but here we're even

13:18 extra abstracting it even more by reaching into the appstress apis and grabbing the

13:24 health of our data center fabric now just to give you an example this is my current data center environment that

13:31 i have it is a live app sure environment the couple spines and three leaf

13:36 switches right here and you can see that all the anomalies that would have typically shown up or are right here

13:43 within the dashboard this is the information that we're getting through the api and we're tunneling that data

13:49 back into servicenow and that's what you see these counters right here for so

13:54 really really great place to get the visibility of your data center fabric you could extend this

14:00 this dashboard to your server teams to your application teams to really anyone

14:05 that likes to call up the network team and blame the data center as being the problem for their application performance this is a really great way

14:12 of getting all the networking nuance out of the way and just presenting the raw facts to the

14:17 users now what's really great about this dashboard is that we're not just using it to track data center events and in

14:24 open incidents at the time we can also use it as a launching pad for all of our network day-to-day tasks

14:31 so in this case i'm going to visit the network automation panel and we can see that this organization has many different

14:38 self-service portals for different types of tasks within the environment but we're focusing here on the data center

14:45 now when we visit this we can see that we've got a couple of options available for this if we wanted to we could build

14:51 out a full data center fabric using the appsha blueprint generator where we just basically fill in some

14:57 basic information about the type of platform that we're using the loopback

15:03 addresses if they have any specific autonomous system numbers that they want to use

15:08 what type of data center fabric platform as you all know aperture supports

15:15 almost any data center vendor under the sun so it's important that we give those types of options to the users

15:21 but in this case let's talk about a more traditional day two operation one of the more common tasks believe it or not

15:28 still in in 2022 is that we're still creating vlans across our data center fabric so let's

15:34 go ahead and perform this task by leveraging network automation we'll visit this self-service portal here

15:42 and you can see that we've taken all the network nuanced information things like

15:47 what type of routing or what routing instance would you like this via this new vlan to be

15:53 within the overlay we also need to pass in the name of a vlan now in this case

15:59 let's see i'm going to call this vlan thursday because that's where we're recording this and for the vlan id i'm just going to go

16:06 ahead and leave in 11 but we'll go ahead and give it the vxlan network identifier of 10 000.

16:13 and passing in an ip prefix we'll do 105

16:20 24 and we'll give it the dot one for the gateway so you can see with this self-service portal of

16:26 servicenow we're asking the user for the bare minimum information

16:31 what do they need to do to be successful in this job we're not asking them to be

16:36 experts in either cisco cli or junos cli we're not asking them to have even all

16:43 the nuanced information about a data center fabric they can still have success with their

16:48 day-to-day job by leveraging network automation to abstract all the complexities within this

16:55 so in this case we've created a workflow that another teammate would

17:00 view or they would first they would receive some kind of message notification and service now to say hey

17:05 you got a teammate that's looking to build a new data center vlan we would like for you to review it and they would

17:11 come they would visit their servicenow portal and they would get all the information here passed into a

17:16 ticket assigned to them now what they would do is they would go and they would review this request one last time they

17:22 can see the data they can add any comments that they see fit maybe a change approval number or some kind of code of

17:29 some sort the idea here is that we have an approval process where we can have an

17:36 audit from a local teammate or or maybe just be able to have

17:41 documentation as to who approved this change and who had initiated it just

17:47 again for auditing insanity purposes now what you'll note back here over at

17:52 abstra we don't have any uncommitted changes and that's because we haven't clicked

17:57 this approval button just yet so let's go ahead and take care of that i'm going to click on the approve button and what

18:05 that's going to do it's going to compile all the information that we had passed in the form and it's going to send it

18:10 over into ansible now let's go ahead and check out ansible and see what's going on

18:16 if i look at my jobs right up here we can see that we've got a job running it's called create a vlan

18:22 and if we look into the details we'll actually see the information that was passed into the servicenow form the name

18:29 of the vlan the vlan id the prefix remember all that information that we had filled into the form

18:34 now i can see that this all in all took 11 seconds to complete

18:39 and here we can we can dig into any of these api calls and kind of fare it out what that was actually going on but

18:46 probably more interesting let's return back to the service now or sorry to the appstr and you can see we now have an

18:52 uncommitted change within the environment so the way that appshow works if you're unfamiliar and this is a blessing if

18:59 you're coming into from an automation perspective is that appshow works in a very similar

19:05 way that the junos operating system works meaning that you stage your proposed

19:10 changes in type of a candidate configuration where you have another opportunity to review the data commit it

19:18 and if that is a problematic change actually roll it back this is incredibly important in a data center fabric

19:24 management tool and this is what we're leveraging within the automation we're taking advantage of this review process

19:31 now if i really wanted to we could go down and look into the full diff of what's actually taking place but

19:37 suffice to say here we're going to be creating a new vlan called thursday we're creating a new connectivity

19:43 template which is effectively an interface template and we're creating a new vlan id we can

19:50 see the prefix information route target the vlan id all again all that information was passed in through

19:56 servicenow so this is one really great way of leveraging network automation for a

20:01 common day two task i just rolled back that configuration so it now no longer exists within the

20:08 aperture system let's talk about another real common task and that would be

20:14 managing vlans on a trunk specifically for something like a vmware host for

20:20 instance right as new applications come into the environment you want to be able to quickly update or remove vlans that

20:27 are on a interface based on a template now in this case i have a connectivity

20:34 template it's got a couple of storage vlans one is the native vlan for iscsi

20:39 and another vlan for nfs traffic well let's return back over into servicenow

20:45 and what we're gonna do is we're gonna add a new vlan onto this trunk for

20:51 my sequel database so we'll follow the same process as we had before when we created a new vlan

20:58 and that is by visiting our data center service catalog and then opening up the

21:04 the self-service portal this time for managing vlans on a trunk and what we need to do is we need to

21:10 declare which blueprint or which data center fabric we would like to perform this task on we would like to know

21:16 whether or not we want to add a vlan or a movement run form a trunk in this case i'm going to add it and we need to add

21:23 the vlan id in this case i'm going to select my sql database and

21:28 finally i just need to select the connectivity template so whether or not what kind of virtualization host we're

21:34 using in this case we're going to select a vmware host and click order now now

21:39 again if you can think about the power not only of extrapolating the network

21:45 complexities of a vxn evpn fabric but what we're effectively doing is we're creating a self-service catalog so that

21:52 network operators or possibly application developers within your environment can perform complex tasks

21:59 with the appropriate auditing and approval processes without having to know very much about how networks

22:06 actually operate now in this case let's visit this request that came in for us and we're

22:12 again consistent approval process everything is consistent that we're doing here it's

22:18 one of the nice things about network automation is that despite the workflows being very different in workflow being

22:26 what kind of task you're trying to accomplish you can create similar workflow environments through a tool like

22:32 servicenow so that everyone feels comfortable it's familiar they know exactly where to go and they know how to

22:38 fill in these forms because it's very similar to their traditional operations within the tool

22:43 we'll go ahead and again click this approval button and again what's going to happen is that

22:49 we're going to compile the information that came in from the form and send it over into ansible we'll take a sneak

22:55 peek at what's going on over here here we can see we have a playbook running called manage

23:00 the trunk and if we dig into the details we can see hidden information about vlan ids

23:07 untagged this information is actually sourced from the servicenow catalog we just got to abstract some of the more

23:14 complex uuids etc now if we go back to the output i can see that this was completed this took 10

23:22 seconds to complete let's go check in on appstr and over on appstra if i just open up

23:28 this vmware host connectivity template yet again i can now see that the my sql

23:33 database vlan has been added to my tagged trunk now if you're unfamiliar

23:38 with connectivity templates effectively what's happening is that when we commit

23:43 this change that's staged right now in appstra any interface in our data center that

23:48 was previously associated to the vmware connectivity template will now have this

23:54 vlan automatically pushed down to it so that applications can come up and start actually performing the task that they

24:00 were set out to do so gone are the days of knowing where in my environment are all my vmware servers

24:07 which interfaces and which vlans is or are we passing on this trunk we can

24:13 leverage the connectivity templates to completely remove us from that equation and then we can take the advantage of

24:19 the api to actually perform the task to make adjustments to those as we see fit

24:24 if we move back over to our uncommitted panel here we can see that we've updated the

24:30 connectivity template for the vmware host and again this is exactly what we expected and i'll go ahead and commit

24:36 that change to make it run in production now i promised earlier we're going to cr we're going to break something and this

24:43 is a great opportunity for that i'm going to go ahead and insert a static change into my data center fabric

24:50 now what's going to happen from an app share perspective is that this will directly conflict with the data model

24:57 that was derived for the data center fabric again we're not building a model just for the

25:02 devices we're looking at this from an intent based networking perspective as a holistic fabric data model and this

25:10 static change that's going to be made on one of the devices will be a conflict with that that data center fabric

25:17 and so now if we return over to appsure actually let's go back to a services now

25:22 portal first if i remove back to my campus network and head over to the data center

25:28 dashboard what i should see is within about a couple of minutes i do

25:35 have some caching taking place on here to make the ui pop up just a little bit faster

25:41 what we will see is an anomaly peak its head into the data center

25:46 fabric as that that that static configuration is actually applied

25:51 so while we wait for that uh that detection to be made let's also showcase how you can

25:58 leverage slack and chat ops to also interface with your appstr fabric

26:04 so what i have here is a slack workspace that all my data center team is on and

26:10 that we use this to actually communicate between each other but in what we can also do is take

26:16 advantage of the api that we expose on appstra and actually build integrations into our chat systems so for instance

26:23 let's say that we get a call at 3 a.m because we're on call and we're told

26:28 that sap is down and the network is always obviously blamed uh for this type

26:34 of situation so rather than us getting up and pulling out our laptop jumping on

26:40 the corporate vpn trying to log into appsha trying to make sense of what's going on and

26:45 understand whether or not the data center is at fault what we can do instead is just simply open up our slack

26:51 client whether it's on our phone or our desktop in this case we'll be issuing a command to the appstrebot

26:57 what will happen is that we get a prompt that says what kind of request and from here we'll just say give us the

27:03 health of the data center and then it'll ask us which data center would you like to check we'll check in our evpn demo

27:10 and hit the execute now again i am not having to understand

27:15 data center fabric technology i don't even know i don't even need to be able to spell vxlan

27:22 what we can do is we can leverage this these apis to get health information

27:27 from our data center and provide access to it for anyone within the organization

27:33 that has the rights to now here we got back in our slack client within just a few seconds some

27:39 information from the system and i can see that there's a configuration error within our data center fabric that's

27:45 exactly what we expected because there was a static route injected into our data center if we return back over to

27:51 our servicenow portal and if i refresh my page remember that this is the home

27:57 landing page for my data center operations team here we can see that we'll have some anomalies show up and it

28:04 is exactly what we expected right we have a configuration issue within the environment and anyone that just logged

28:10 into servicenow or anyone that's watching this page will be able to detect yes there's something wrong with

28:16 our environment so they can interface through it with appstra through the apis

28:21 by leveraging tools like servicenow or you can build integrations into more common tools like slack or microsoft

28:28 teams so with that that's the end of this discussion on kind of the art of

28:33 possibility with building network automation for day two operations so with that i'm going to turn by mac bike

28:40 over thank you thank you kelvin i think uh you actually did a great job

28:46 articulating you know value of uh the automation with abstract how uh and the art of possibilities that you

28:52 said like what's possible using different tools um and then that i think you know would would clearly articulate

28:59 um how abstract can integrate easy in into your existing environments and servicenow

29:06 being popular ansible being popular and then slack on the other hand totally

29:11 diverse tools but the power of automation you know makes you integrate abstract in all of

29:17 them uh so thanks for that great discussion i think you know if our

29:22 customers are interested uh in talking about more uh more about this thing i

29:28 think you know reach out to your account teams and then we can we'll be happy to go over the details uh but in in

29:35 summarizing this what i would say uh for your when you're evaluating your fabric management solutions uh

29:42 basically what uh what based on what we talked today right what you what you need is an easy to use rich set of apis

29:50 uh so that you can use uh your own environment and then integrate uh

29:56 abstract or network management tool into your environment um and not only you

30:01 need uh apis performing your day one provisioning

30:07 thing it can also help you with your day to and day two plus operations where you know

30:13 like you spend a lot of time during that mode uh it's equally important to have apis that that do that right and then

30:21 last but not least i'll basically use the same conclusion that i used my in my previous uh two lightning talks uh for

30:28 your fabric management needs you need a unified solution uh that gives you seamless automation for you know

30:34 throughout your network life cycle whether it's day zero day one or day two plus

30:40 um and then you need a unified um view for both your operations and architect

30:45 uh team uh so that you get smooth operation your network and

30:50 with this uh talk i think we we provided you a lot of examples and and arguments to you know

30:58 provide to suggest that abstra actually does have all these characteristics and

31:03 it will it will do very well uh for your network management need um and especially in a multi-vendor network um

31:11 you you will be you will be very happy with uh with appstra and um

31:16 also i think as we talked uh you know next steps wise as i said please contact us uh if you like to talk

31:23 more but in the meantime if you want to learn and and explore yourself uh you

31:28 can also use our training on juniper training portal or uh there's a youtube

31:34 playlist that talks about you know topics like this that we discussed today and there's also a virtual lab um that

31:41 that you can reserve and then do your own experiments so thank you very much uh for joining us

31:47 today and then uh going through this discussion with us um and enjoy uh enjoy

31:53 uh the learnings and and then good luck we are with your network operations thank you

32:02 [Music]