Version Control for networks

Building a single source of truth for your network configuration

Marcel Neidinger
API & Programmability Lead, Cisco EMEAR
mneiding@cisco.com
Where are we?
Intro to
What is NetDevOps?
NetDevOps

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
What is NetDevOps?
Deploy Test
Continuous Delivery Automated Validation

INFRASTRUCTURE
AS CODE

Design Rollout
Collaborative Continuous Operations
Development
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
 Mindset Change
changes happens rarely changes happens often

small
rollback big change fail fast Change

Culture Culture
Of Of
FEAR CHANGE

not well low risk well

high risk practiced
practiced

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Where are we?
Intro to
What is NetDevOps?
NetDevOps

Model-Driven Controler-based
SSH. automated. How do we change?
Programmability automation

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
 DevOps

Version
Control Functional The most powerful
Testing
tool we have as
engineers
developers is
automation.
- Scott Hanselman

Code
Build
Diagnostics
Testing
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Same data in different places
Device Level Controller Level Managed Service
• NETCONF • REST API • REST API

• RESTCONF • Northbound APIs • Normalized API calls

• YANG Data Models • Intent Based APIs • Events/Webhooks

• gNMI • Ecosystem Integrations • Service Dependent

• gRPC • Events/Webhooks • SLA on APIs

• Guest Shell (Python) • Normalized API calls

• SSH • JSON/XML

API request x Controllers

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Different ways of changing and retrieving your device
state

Config-based Model-Driven Controller-based

automation Programmability automation

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
 What change are we
actually going
to push
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
 Let me just go ahead
And write a few

lines of
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
config
(in python of course) 10
 config
drift
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
 1 Components of a SSoT

2 Git for networks

Building templates with

Todays Agenda 3
jinja2

Device-data management
4
with Netbox

5 Bringing it all together

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Components of a SSoT

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Where in the journey are we?

Design your change Test your change Deploy your change

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Where in the journey are we?

Design your change Test your change Deploy your change

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Our Single Source of Truth architecture

NetDevOps Pipeline

Single Source of Truth

Git IPAM/DCIM

Configuration
Device-specific data
templates
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Git for networks

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
 Git
Git is a free and open source
distributed version control
system originally developed for
the Linux kernel.
Due to it’s scalability it has
gained widespread adoption as
the de-facto standard for version
control.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Version Control in your NetDevOps Pipeline
Create New Implement Test Changes Commit
Branch Config Change locally Changes

Investigate
• Network Configuration are Merge With
Problems
Production
stored in Source Control Build Server
Kicks off Build
• Spin up a new branch to
apply changes Send
Notification
Build Test
Network

Run The Tests

Deploy The
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Changes 19
Git Terminology
• Repository: Storage space where the project lives, local or remotely
• Working Directory: Directory with all the files
• Commit: Holds a snapshot of the project changes
• Index: Staging area, where changes are cached before they are committed

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Git Stages
Remote https://github.com/<user>/<repo>
Repository

Local
Repository /User/John/myGitRepo

Staging Area
(Index)

Working
Directory
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Git Stages
Remote
Repository

Local
Repository

Staging Area
(Index)

Working
Directory
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Git Stages
Remote
Repository

Local
Repository

Staging Area
(Index)
git add

Working
Directory
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Git Stages
Remote
Repository

Local
Repository
git commit

Staging Area
(Index)
git add

Working
Directory
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Git Stages
Remote
Repository
git push

Local
Repository
git commit

Staging Area
(Index)
git add

Working
Directory
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
 Git Stages
Remote
Repository
git push git fetch

Local
Repository
git pull
git commit

Staging Area
(Index)
git add

Working
Directory
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Git Terminology
• Repository: Storage space where the project lives, local or remotely
• Working Directory: Directory with all the files
• Commit: Holds a snapshot of the project changes
• Index: Staging area, where changes are cached before they are committed
• Branch: a line of development/timeline of commmits
• Origin: Default name of the remote repository
• Main/Master: default branch of git
• HEAD: pointer to the most recent commit on the current branch
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
A Git Workflow
Commit

98ca9 34ac2 f30ab

Main
c2b9e 4d349 783de 128e0

Dev
76a3b a8751 4ac12

Feature

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Network as Code
Branch Branch
iot_vrf iosx1732

Ready for production

Branch
main
Branch
l2vpn-service-foo-corp
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Building templates with jinja

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
 jinja
jinja (formerly jinja2) is an open-
source templating engine and
accompanying template
language implemented in
python.
jinja allows us to build complex
templates that then render to
textual output.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
 $ pip install jinja2

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
import jinja2

loader = jinja2.FileSystemLoader(searchpath=“templates/”)
env = jinja2.Environment(loader=loader)

tpl = env.get_template(“test.tpl.conf”)

out = tpl.render(name=“Marcel”)

print(out)

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
banner motd $ {{ motd }} $

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Device data management with
Netbox

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
 $ pip install netbox-python

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Functions used (for reference)
• from netbox import NetBox
• netbox = NetBox(host='127.0.0.1', port=8000,
use_ssl=False,
auth_token="0123456789abcdef0123456789abcdef01234567")
• netbox.dcim.get_devices(name='Sandbox CSR recommended’)
• netbox.dcim.get_interfaces(device_id=1)

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Bringing it all together

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Where are we? And where are we going?
Intro to
What is NetDevOps?
NetDevOps

Model-Driven Controler-based
SSH. automated. How do we change?
Programmability automation

Version Control What do we push?

Virtual Lab pyATS for

How do we test?
Setup with CML testing

Building a full
advanced pyATS NetDevOps Pipeline How do we build a pipeline?

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
NetDevOps Track - Overview
Intro to
What is NetDevOps?
NetDevOps

Model-Driven Controler-based
SSH. automated. How do we change?
Programmability automation

Version Control What do we push?

Virtual Lab pyATS for

How do we test?
Setup with CML testing

Building a full
advanced pyATS NetDevOps Pipeline How do we build a pipeline?

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Slide Credits
• ”PIW - Git” by Anna Summerauer

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42