Model-driven network automationAnees Shaikh, Josh Georgeon behalf of Google Network Operations
2016 DevOps Networking Forum
Zero-touch networking : extreme automation
2
● network operations fully automated based on operator-expressed intent
● introducing new technologies is transparent to the operator interface
● automated detection of unintended behavior and rollback
● automation complies with network policies for safety and security
Network automation has come a long way ...
3
per-device automationCLI scripts
expect/ssh
unstructuredtext
NMSCLI engine
sshRPC API
NMS
automation library
drivers, templates
ssh vendor API
NMS
automation framework
ssh vendor API
recipes,modules,...
NMS
… but still work to do
● automation frameworks are great, but mostly just type CLI commands faster○ no change to the fundamental issue of multiple incompatible interfaces for the same things
● significant amount of proprietary integration to write and maintain○ true even if vendors provide the “drivers”, modules, recipes, playbooks, etc.
● introducing new platforms is considerable amount of new work
● what about visibility and monitoring ?
○ SNMP still the state of the art despite scaling limitations, legacy implementations, rigid structure, poor support for discovery, ...
4
Model-based automation
5
● durable APIs for managing and monitoring the network
● management abstraction layer (insulate from lower level details)
● forward compatibility with new platforms and technologies
● establishes a contract between NMS and infrastructure
Toward a vendor-neutral, model-driven world
6
Per-vendor tools
EMS A
platform-specific tools, processes, skills
tools B
EMS C
vendor A
vendor B
vendor C
Common OSS
EMS A
proprietary integrations, common interfaces upstream
EMS C
operator / 3rd party NMS
vendor A
vendor B
vendor C
Common mgmt APIs
common mgmt model
common management API, no proprietary integrations, native support on all vendors
vendor A
vendor B
vendor C
NMS
A model-based configuration pipeline
7
configuration datavendor-neutral, validated
operators
intent API“drain peering link”
update topology modeltopology models
config models
configurationgeneration
multiple vendor devices
gRPC req
gRPC endpoint
Streaming telemetry -- moving forward from SNMP
● stream data continuously -- with incremental updates
● telemetry sent based on subscriptions
● observe network state through a time-series data stream
● device data follows a common model
● efficient, secure transport protocols (gRPC)
8gRPC endpoint
telemetrycollectors
upstream systems
time-series data stream
async eventreporting
requests for ad-hoc data
Aim to deprecate SNMP in our network by 2017
opstate models
opstate models
OpenConfig : user-defined models
9
● informal industry collaboration among network operators
● data models for configuration and operational state, code written in YANG
● organizational model: informal, structured like an open source project
● development priorities driven by operator requirements
● engagements with major equipment vendors to drive native implementations
● engagement with standards (IETF) and OSS (ODL, ONOS, goBGP, Quagga)
TeraStream
OpenConfig progress
10
Published OpenConfig models
● BGP*● routing policy*● locally generated routes*● interfaces, aggregates, IP, VLANs*● MPLS, RSVP / TE*● networking / forwarding instances, VRFs● RIB contents● terminal optics*● streaming telemetry configuration*● top-level device structure
Models adopted by IETF for standardization* native platform implementations available or in progress
Models in development / review
● system inventory / hardware● ACLs● line optics (EDFAs and ROADMs)● system management● IS-IS● QoS● tunnels / encapsulation● LLDP● FIB / LFIB
Additional publications
● Reference RPC specification● YANG authoring style guide● Guidelines for versioning models
Models structured for observing network behavior
11
+--rw interface* [name] +--rw config | +--rw type | +--rw mtu? | +--rw name? | +--rw description? | +--rw enabled? +--ro state | +--ro type | +--ro mtu? | +--ro name? | +--ro description? | +--ro enabled? | +--ro oper-status | +--ro last-change? | +--ro counters | +--ro in-octets? | +--ro in-unicast-pkts? | +--ro in-broadcast-pkts? | +--ro in-multicast-pkts? | +--ro in-discards? | +--ro in-errors? | +--ro in-unknown-protos? | +--ro out-octets?
opstate = applied configuration + derived stated (counters, etc.)
data models structured to ease programmatic access to related operational state
opstate has deterministic, explicit location in the model paths
common data model
NMSinte
nded
v. a
pplie
d co
nfig
NMS acts on streaming view of state
quickly determine discrepancy between intended and applied configuration
code to exploit this pattern in multiple operators
OSS stack for model-based programmatic configuration
OpenConfig models
pyang
pyangbind
python classbindings
vendor A
vendor B
vendor C
template-based translations
12
validated, vendor-neutral object representationbgp.global.as = 15169
bgp.neighbors.neighbor.add(neighbor_addr=124.25.2.1”)
...
interfaces.interface.add("eth0")
eth0 = src_ocif.interfaces.interface["eth0"]
eth0.config.enabled = True
eth0.ethernet.config.duplex_mode = "FULL"
eth0.ethernet.config.auto_negotiate = True
config DB
vendor A
vendor B
vendor C
pybindJSON.dumps(bgp.neighbors)pybindJSON.dumps(interfaces)
gRPC / RESTCONF
vendor neutral
data collector(fluentd)
OSS stack for model-based streaming telemetry
Platform support for streaming telemetry:
Cisco IOS-XRgithub.com/cisco/bigmuddy-network-telemetry-stacks
Juniper JUNOSgithub.com/Juniper/open-nti
Arista EOSvendor
Avendor
Bvendor
C
message broker (kafka)
TE alerts
applications
13
timeseries DB (influxDB)
dashboards(grafana)
OpenConfig models
Challenges in thinking “model-driven”
CLI habits are hard to break
implementations are often very different (occasionally for a good reason)
models for machines or humans
what to leave out of the model
how to test for compliance by an implementation
14
Summary
Models are critical for providing abstraction, durable APIs, and tractable checkability
topology, configuration, operational state, safety/security
OpenConfig operator group is developing and publishing data models for config and opstate -- built by users for users
as native implementations become available, OpenConfig will dramatically reduce proprietary integrations and simplify network telemetry, configuration, and qualifications processes
15