Andy Lapteff, Product Manager, Juniper Networks

Terraform for Juniper Apstra Podcast

Network AutomationData Center
Andy Lapteff Headshot
Still image of the words “Terraform for Juniper Apstra PODCAST’ in white on a dark back ground.

Hear directly from the developers as they discuss the details and benefits of the Apstra Terraform Provider and Apstra Go SDK further automating data center provisioning and documentation. With Terraform Provider, users can automate the configuration of Apstra and provide documentation at the same time using an infrastructure-as-code methodology. Terraform is commonly used for multi-cloud infrastructure, and when used with Apstra, operations can follow the same tooling pattern across multivendor data center fabrics.

Show more

You’ll learn

  • About Apstra and Terraform at a high level

  • What ‘intent-based’ means

  • The details of using Apstra and Terraform together

Who is this for?

Network Professionals Security Professionals


Andy Lapteff Headshot
Andy Lapteff
Product Manager, Juniper Networks

Guest speakers

Chris Marget Headshot
Chris Marget
Product Manager, Juniper Networks
Rajagopalan Subrahmanian Headshot
Rajagopalan Subrahmanian
Product Manager, Juniper Networks


0:01 [Music]

0:08 welcome to the terraform for Juniper

0:10 Rapture podcast my name is Andy laptop

0:12 and today I am joined by the creators of

0:14 terraform for aperture Chris market and

0:17 Raj super Romanian Chris who are you and

0:20 what do you do with juniper hey thanks

0:21 Andy uh yep my name is Chris Marquette

0:23 I'm a product manager at Juniper

0:25 Networks and I've been doing

0:27 infrastructure Ops and a little bit of

0:29 software Dev stuff for coming up on

0:31 three decades you demand thanks Chris

0:33 and Raj who are you and what do you do

0:35 at Juniper hey uh I'm a product manager

0:38 at Juniper as well uh my background is

0:41 software engineering and I've been doing

0:43 uh Cloud adjacent and network address

0:45 and coding for the last I don't know

0:47 10-15 years awesome thanks guys so today

0:51 our focus is on the recent release of

0:52 terraform for Juniper abstra but before

0:54 we jump into that I thought it might be

0:56 helpful to go over both Juniper Rapture

0:58 and Tower Forum at a high level before

1:00 we get into how they work so well

1:02 together so

1:03 I guess we have to start with what is

1:06 abstra the formal definition of juniper

1:08 Rapture it's an intent-based networking

1:10 software that automates and validates

1:12 the design deployment and operation of

1:13 data centers from day 0 through day two

1:16 and Beyond it's multi-vendor which is

1:19 awesome and it allows you to basically

1:21 automate manage your networks across any

1:23 data center location vendor topology

1:26 long story short data center fabric

1:30 automation it's intent based has all

1:33 kinds of cool intent based analytic

1:35 probes it can show you if things are

1:36 breaking and it allows you to not

1:39 make mistakes mistakes that would have

1:42 been common when I was a network

1:42 engineer with configurations so you guys

1:45 kind of agree is that a good level set

1:47 of what aperture is I I think so I think

1:49 we should explore uh what intent based

1:52 means a little bit yes intense and

1:53 interesting when I when I first when I

1:56 first learned of juniper abstra and

1:57 they're like content networking I'm like

1:58 wait what I thought that was what I did

2:00 in the CLI right but I've I've come to

2:03 learn that

2:04 um the intent model is it's way more

2:07 reliable I believe than me and my

2:09 notepad scripts but I guess we'll get a

2:11 new intent in a little bit here so okay

2:14 you're my terraform experts so what is

2:16 terraform at a high level terraform is a

2:19 declarative tool for controlling uh

2:23 infrastructure it's it's most popular in

2:25 in Cloudy applications

2:28 um but you can you know use it for

2:30 anything the uh you know some of the

2:32 some of the documentation that hashicorp

2:35 publishes uh you know it shows how to

2:38 use terraform for ordering coffee right

2:40 so you can use it to control anything

2:41 that's got an API but most important it

2:44 to understand about it is it relates to

2:47 other infrastructure Control Systems is

2:50 that it is a declarative model yeah I've

2:53 heard it in the context of the cloud

2:54 stuff right when you're building in

2:56 public Cloud tar form is the way to go

2:58 so I was I was surprised when you told

3:00 me that you were building this thing I'm

3:01 like huh okay

3:04 um I guess we'll get into that so it's

3:05 it's open source right it's developed by

3:07 a company called hashicorp

3:10 um I don't know if we want to get into

3:11 declarative now or if a little bit later

3:14 would be better what do you think I I

3:16 think it's I think it's simple I think

3:18 we can we can make it real

3:20 um you know so

3:22 abstra says intent based and and that's

3:25 got a lot of implications that having to

3:27 do with you know validation and uh

3:30 expectations right they the abstra you

3:33 know design knows what's going to happen

3:35 in in your network when it when it pulls

3:37 certain levels levers

3:39 um

3:40 but one of the important things that

3:43 intent based means is is declarative as

3:45 opposed to imperative right that's kind

3:47 of a built-in base assumption

3:50 and you know Andy if uh if I worked for

3:52 you and you came to me one day and said

3:54 you know hey Chris my car is filthy it

3:56 shouldn't be right what are you telling

3:59 me to do right you're just telling me

4:01 you expect to have a clean car

4:02 right you're not telling me go get a mop

4:05 or a sponge in a bucket and a hose and

4:07 stand out in the driveway for two hours

4:08 right maybe I take the car to the car

4:10 wash ultimately you care about the

4:11 outcome which is clean car and not how I

4:14 get you there

4:16 and uh that that's you know the thing

4:18 that I think is most interesting about

4:20 after abstra does a lot of stuff but but

4:22 that difference right if if uh you trust

4:26 me to figure out how to get the car

4:27 clean

4:28 if uh we're talking about networking you

4:30 know hey Chris I need a subnet

4:32 right

4:33 did you tell me to turn on spanning tree

4:35 and trunk of VLAN everywhere or

4:38 configure evpn or configure Trill or

4:41 shortest path bridging or you know you

4:43 didn't specify right you trust me to

4:45 make a good decision and do things

4:46 reliably and and that's what

4:49 uh what after does for Network operators

4:51 is it allows them to focus on outcomes

4:55 which is the intent and not the minutia

4:59 of exactly what to configure and exactly

5:01 how to configure it on various uh

5:04 routing platforms you just exploded my

5:07 brain I in a great way I love the go

5:09 wash your car analogy it wasn't even

5:12 wash the car right it's like nouns and

5:13 adjectives I need a clean car you need a

5:16 clean car right nouns versus verbs is

5:18 like the imperative versus declarative

5:20 discussion yeah I would never tell you

5:22 all the

5:24 14 steps required to get that car clean

5:27 but right traditionally that's how I

5:30 have managed networks is I got to put a

5:32 hostname on this thing I got to put some

5:34 Triple A on here I got you know I I'm

5:36 doing a hundred steps I don't just say

5:38 make it so clean car

5:41 so that that that's a really good

5:43 analogy I think that that helps Hammer

5:44 at home for me and then there's the you

5:46 know which which abstraction layer are

5:48 we talking about right because you know

5:50 me you could argue that like no my my

5:52 declarative model is I declare that you

5:55 know switch 13 should have VLAN 7 you

5:58 know enabled right

6:01 that's not really declarative right

6:03 you're sneaking right up on imperative

6:05 go configure you know that VLAN on that

6:07 switch

6:08 um with you know we're we're talking

6:10 about

6:11 uh not just

6:14 not giving it Specific Instructions but

6:17 focusing only on outcomes right what

6:19 services is the network offering at the

6:21 edge to uh you know servers for the most

6:25 part right what what vlans are exposed

6:27 what tags appear at the edge what routes

6:30 are made available what filters are in

6:31 place and none of the details about how

6:34 to get there how many switches are

6:36 involved or you know the state of the

6:38 fabric in between the edge nodes just

6:40 just make the outcomes I care about

6:42 happen it sounds wonderful right just

6:44 just make it so right I mean you got to

6:48 have you know uh you got to be able to

6:50 delegate those kind of tasks to somebody

6:52 you trust right and so you know that

6:54 this is what appsters forward it's good

6:56 it's at uh taking those kind of

6:58 directives and uh making those outcomes

7:01 happen awesome thanks so you know we're

7:02 talking about automation right and not

7:05 doing it you know in the CLI device by

7:08 device by hand artisanally

7:10 um

7:11 and my introduction into automation has

7:15 been you know python python e right uh

7:19 software programming stuff and that's

7:21 not a strength of mine so I've struggled

7:24 with automation because I think you have

7:27 to be a programmer to automate a network

7:30 um

7:31 so I guess my real question is you know

7:33 why why terraform do I need to be a

7:36 programmer to use terraform uh not

7:38 really uh and that that question is

7:41 actually extends even even to

7:43 organizations right uh if you want if

7:46 you want to like automate everything

7:48 using their API uh you need to have

7:50 basically a group of programmers and you

7:53 end up like creating uh like custom

7:57 automation for everything that you

7:59 automate

8:00 um that's kind of where something like

8:02 terraform helps a lot where

8:05 um

8:05 the complexity of automating something

8:07 uh in other words like the complexity of

8:10 uh getting a clean car is hidden under

8:14 what are called terraform providers

8:15 which take care of the actual

8:17 interaction of the API

8:19 um and the end user is left with just

8:22 saying give me a clean car or my car is

8:25 clean uh and you know the telephone

8:28 provider hides the automation

8:31 um so uh as as an organization if you

8:36 have a group of people who know how to

8:38 write terraform uh you don't need a

8:42 group of people who need to automate all

8:45 the things that you want to automate

8:47 that's that's kind of where uh that's

8:51 kind of where like something like

8:52 terraform helps in automating your

8:54 infrastructure quite a bit it makes a

8:56 lot of sense yeah knowing terraform uh

9:00 is is a powerful thing in itself right

9:02 because it allows you to automate even

9:05 unfamiliar platforms

9:07 so you know maybe I've used terraform

9:09 against AWS but never against Azure or

9:12 gcp well you know by the end of the

9:15 afternoon I'll be automating stuff in in

9:17 Azure or gcp uh because so many of the

9:20 concepts are are you know perfectly

9:23 familiar perfectly you know mapped from

9:25 one to the other even though the apis

9:27 are wildly different right like a

9:29 virtual machine is a virtual machine uh

9:31 so if you know how to define a virtual

9:33 machine uh that is largely transferable

9:37 across platforms yeah so that's that's

9:40 the real power of something like

9:42 terraform so what I'm hearing is I don't

9:44 need to be a programmer or is that just

9:46 what I want to hear I mean do you can

9:48 you can you show me what can you show me

9:50 what this looks like is it scary is

9:53 there any way to see this yeah let me

9:54 bring up a little screen share here uh

9:56 what we're looking at here is uh the

9:59 abstra

10:01 um

10:02 configuration page for a routing policy

10:05 so this is you know all the details

10:07 about importing and exporting routes

10:08 from your data center fabric that should

10:11 be at least you know medium familiar to

10:14 most Network operators

10:16 uh it's a combination of

10:18 uh you know prefix lists or route

10:20 filters or you know all of that kind of

10:22 stuff

10:22 that you would apply in uh in any

10:26 network and this is how App Store

10:28 expresses it

10:29 if we go to the the edit button for this

10:32 thing you see we've got you know fields

10:34 to to make changes to different you know

10:36 text fields and radio buttons and check

10:38 boxes and all the things that appstra uh

10:40 presents

10:42 the terraform code to accomplish the

10:44 same thing I say code the terraform

10:46 configuration file to accomplish the

10:48 same thing uh is right here I'll put

10:50 these two up next to each other so you

10:51 can you can compare

10:58 what do you think that's not scary

11:01 well I mean I would I would say if it's

11:03 scary I've I've railed against how

11:05 afraid I am of coding and I mean this

11:08 looks it looks intuitive to me

11:11 um I'm looking at the left

11:13 and there's the name there's a

11:14 description it's

11:17 if I want to enable things I put true

11:19 and not false I mean I think I could

11:22 I think I could do this the way you'd

11:24 probably consume this is you know you go

11:26 to the documentation page for you know

11:27 you would first decide you need to

11:29 create a routing policy right go to the

11:31 go to the documentation page for routing

11:33 policies in the provider it's easy to

11:35 find

11:36 uh you know copy and paste a sample into

11:39 your local editor and then start

11:41 whacking away at names and prefixes and

11:45 true false switches and and whatever

11:48 and uh you know if we want to make a

11:50 change uh like right now you see the uh

11:53 export loopback buttons uh feature is

11:55 configured the box is checked and over

11:57 on the terraform side it says true if I

11:59 make this false

12:01 in terraform and uh

12:07 and tell terraform to to make that

12:10 change live in abstra

12:14 uh currently export loopbacks the US

12:17 says it's on the UI is some JavaScript

12:19 that will get there changed already it

12:21 says loopbacks no no so it's just a

12:24 matter of you know changing a word in a

12:26 text file and then those changes are

12:28 reflected in the web UI

12:31 wow that's awesome I think I could do it

12:33 Chris and Raj I think yeah and the cool

12:35 thing is uh you could now commit that uh

12:40 the terraform config into a git repo

12:43 um or even before you did that you could

12:46 create a pull request and somebody else

12:48 can review it and tell you if it's good

12:49 uh so a lot of the kind of software

12:53 engineering practices uh can now be

12:56 applied to something like this uh in a

12:59 kind of transparent manner yeah that's

13:01 really important right the you know is

13:03 the goal to express your GUI in in text

13:07 well kaida right you know intuitively we

13:11 think that a GUI is easy to use or

13:12 easier to use and that's probably true

13:15 but you know it's missing some some

13:18 features and some capabilities right how

13:20 do you Version Control a GUI how do you

13:22 know how do I tell you what I want in

13:24 the GUI

13:25 um or you know the guy that's working a

13:26 different shift from me

13:28 um how do I validate that

13:31 all of the check boxes in the GUI are

13:33 what I expect them to be right it's just

13:36 clicking around to the web UI and and

13:38 reading uh reading pages and and

13:41 comparing them to my notes with

13:43 terraform we can make it true from text

13:46 we can compare it to the text you know

13:48 we can enforce it and then we can feed

13:50 it through additional processes that do

13:52 compliance checks and peer approvals and

13:56 all kinds of stuff that are really hard

13:59 to do with I'm going to check that box

14:01 tonight is that okay as a peer review

14:05 process right so I think we've already

14:06 gotten into my next question which is

14:08 what are the benefits of using terraform

14:10 with abstra and if I understand you

14:12 correctly looking at this

14:15 if I was a junior engineer and you were

14:18 a senior engineer and you were writing

14:20 up a change for me to perform in apture

14:22 one night to your point

14:24 how do you communicate to me

14:26 and documentation like in a mop right

14:28 like a method or procedure like okay

14:30 Andy you know go do this thing tonight

14:32 and

14:35 to me it looks

14:37 easier for you to communicate to me what

14:40 needs to be done in that terraform

14:42 config file then

14:44 trying to describe that in a GUI does

14:47 that sound I mean I could point you to

14:48 an existing terraform config and say

14:50 yeah it's just like this one but you

14:52 know that the name should be you know

14:55 prod instead of Dev or something like

14:57 that right

14:59 um and after you write your uh your

15:01 template of the config you want it you

15:03 want to implement you can show it to me

15:04 or you can run terraform plan which comp

15:08 where terraform Compares your text

15:10 against what's live out in the system

15:11 right now

15:13 and produces a summary of the diffs

15:15 right so you could come to me later or

15:17 as a part of our formal uh you know

15:19 change management process and I could

15:21 review those diffs and say yep that jet

15:24 change is expected that change is

15:25 expected you know why is this thing

15:27 changing that something seems wrong

15:28 right and we can catch those differences

15:31 uh well before they're implemented

15:34 there any other big differences uh using

15:37 terraform with aperture does this help

15:39 with repeatability let's say I have to

15:41 stamp this out in you know two dozen

15:42 data centers

15:44 is this helpful absolutely terraform's

15:47 got a bunch of modular features that let

15:49 you refer to data from other other

15:51 sources and and run things in loops and

15:54 and uh you know sort of templatize

15:58 things kind of mad lib Style

16:00 uh that that lets you stamp out you know

16:03 identical or near identical to the

16:05 degree you need them uh configurations

16:07 awesome but yeah all of this is only

16:10 possible though because of abstra right

16:12 to to terraform you know in theory right

16:14 you could terraform

16:15 switch configs directly

16:18 right I I want to switch configuration

16:20 that says you know has this this

16:22 following blob of text and that's what

16:24 people are doing with other automation

16:25 tools now with with ansible or or

16:28 um

16:29 you know various other tooling is

16:30 they're they're writing their switch

16:32 configs

16:34 um that's that's a lot to manage though

16:35 the the

16:36 app store is abstracting away a lot of

16:39 the implementation details and uh and

16:41 just focusing on the outcomes makes this

16:43 infrastructure as code approach uh

16:47 easier to consume like possible to

16:49 consume right as opposed to looking at

16:51 you know a thousand line you know config

16:54 divs for each of many dozens of boxes

16:57 which that'd be that'd be a lot yeah so

16:59 it's like a nice fit between abstra's

17:01 intent and terraforms declarative models

17:05 so it's like it's a that that's what

17:07 that's what makes this whole thing

17:09 possible

17:10 how did we get here

17:12 right when I mean Chris you and I

17:14 started together and a year and a half

17:16 ago and

17:18 there was not terraform for abstra so

17:21 how did you know this thing is released

17:24 it looks amazing and it's out there for

17:27 consumption I mean how what was the

17:29 birth of this how did this come to you

17:32 know how did you land on terraform

17:33 perhaps sure I I was aware of abstra

17:36 from Field Day events and and other

17:38 industry stuff but I hadn't paid a ton

17:40 of attention to it it wasn't relevant to

17:42 the work I was doing at the time

17:44 and when I started a juniper I you know

17:46 became much more familiar with abstra

17:48 and what it was all about uh and I had

17:51 just been doing a lot of terraform work

17:52 uh in my previous gig

17:54 and you know these two are a natural fit

17:58 together it's so obvious to me uh that

18:01 uh they should go hand in hand and uh so

18:05 we just started started working on it

18:07 and uh here we are

18:08 and is that because the terraforms

18:10 declarative model and aperture's intent

18:12 they just kind of line up

18:13 philosophically and yeah exactly yeah

18:16 yeah yeah abstra's intent comes with you

18:19 know implicit this is declarative which

18:21 is really unique in the networking space

18:22 yeah yeah big time it's something that

18:25 uh you know that that it was missed for

18:28 so long also kind of doesn't surprise me

18:29 that much because

18:31 you know Network people have not had the

18:33 luxury of consuming terraform you know

18:35 most Network people don't know it and we

18:38 also haven't had the luxury of of uh

18:41 declarative models in our in our

18:42 networking it has always been

18:44 you know go go configure a thousand

18:46 different switches slightly differently

18:48 on each of many dozens or hundreds of

18:50 boxes

18:51 and uh having the luxury of of an

18:53 orchestrator that uh has its declarative

18:56 intent based model

18:58 um you know it's new to the to the

19:00 industry relatively so

19:03 together these things are a natural fit

19:05 so you're saying clean car is better

19:08 than get the bucket get the soap get the

19:10 scrubbing brush get the hose turn on the

19:12 water move the car yeah Andy you turn

19:14 the water on by by turning to the left

19:15 not the right right I mean we can drill

19:18 so far into the details of torque yeah

19:22 it's yeah it sounds like a much better

19:24 way to do things I just want to clean

19:25 car Chris I don't want to care about the

19:27 minutia and and that minutia is you know

19:30 not even just you know how to operate a

19:32 bucket in a sponge but you know do I

19:34 hire someone do I have somebody come and

19:35 pick it up do I drive it to the car wash

19:38 like you don't care

19:40 but you got to trust me to make good

19:41 decisions and uh and you know our

19:43 position is that you can trust abstra to

19:45 make good implementation decisions

19:46 agreed um what's this current status of

19:49 the project so when this when this

19:50 episode is released it'll be public

19:52 right the the initial release what's

19:54 what's the status and can you talk about

19:56 what's coming in the future

19:58 yeah absolutely so uh we started with

20:01 design stuff which is

20:04 um a lot of you know details of

20:06 implementing your network what kind of

20:07 devices are we talking about the shape

20:08 of the fabric all of that kind of stuff

20:10 that's not something that people are

20:12 going to be life cycle managing like you

20:15 do with terraform that much it's you

20:17 know usually a I set up my Fabric and

20:19 and then I don't think about those

20:20 details again

20:22 um but that's where we started we have

20:24 some limited day two features uh you

20:27 know completely working now by the time

20:29 this episode drops there will be a lot

20:30 more

20:32 um it's a work in progress you know

20:33 watch this space we're adding uh we're

20:36 adding features every week

20:38 fantastic

20:40 uh so where can we direct customers

20:43 interested in terraform for apps sure

20:44 where can they find this the provider

20:46 will be published on hashicorps uh

20:50 hashcorps provider registry so you know

20:53 really you just start writing the

20:55 terraform configuration that that

20:57 mentions abstra and uh when you run

20:59 terraform it'll download the thing and

21:00 install it on your system automatically

21:03 um the source is going to live on GitHub

21:06 it's at Juniper uh for the

21:10 two projects that we talked about the

21:11 the SDK that that knows how to talk to

21:13 appstra and then the terraform provider

21:16 that knows how to integrate with

21:17 terraform

21:18 thank you hashicorp thank you June for

21:20 abstra thanks guys so much for coming on

21:22 guys I'm hoping that we can do some

21:24 future episodes uh of this show with

21:27 future releases and different demos and

21:30 I'm excited to see more you guys have

21:32 any closing thoughts before we sign off

21:34 looking forward to doing it again I'd

21:36 love to do a demo

21:38 yes demo next for sure I really want to

21:40 see a demo yep

21:42 awesome thanks guys thanks so much for

21:44 joining us on the terraform for Juniper

21:46 Rapture podcast and we'll see you next

21:48 time

Show more