#CLUS

There and Back:

A Network Automation Journey

Eric D. Thiel – Developer Advocacy, Cisco DevNet

@securenetwrk
DEVNET-1200

#CLUS
Agenda
• Introduction
• Brainstorming ideas
• Choosing your first project (Walk)
• Taking it to the next level (Run)
• Long-term goals (Fly)
• Conclusion

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot# DEVNET-1200

by the speaker until June 16, 2019.

#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Where do we
begin?
Three levels of complexity

Walk Run Fly

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Brainstorming
Ideas
“Perfect is the enemy of good.”

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Whiteboard ideas

• Managing ACLs on firewalls

• We have too many different software versions
in use This is a great project, but advanced
• Making a change across 100 devices is slow
• Testing after a maintenance takes much longer
than the maintenance itself Read Only
• We need to audit and enforce compliance
against a baseline “gold” config Audit is RO

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Three levels of complexity
• Get visibility and insights into your network
• Gather telemetry and insights in a read-only
manner
• Perform security and compliance auditing
• Read-only information gathering offers
minimal risk
• This is a great place to start writing code

Walk Run Fly

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
So what tools are in your toolbelt?

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
 Walk: Engineer manual workflow
Use case: All customers have a need to monitor basic configurations, whether for compliance or
network reliability. Solution?
1 2 3

Engineer opens notepad with
baseline config
Engineer runs script with config,
and logs final state in ticket
Customer challenge:
Engineer SSHes to device If non-compliant, engineer Manual engineering is prone to typos,
saves config to PC hard opens ticket
drive, and manually
unexpected outcomes, and at scale can
compares to baseline line become a bottleneck.
by line 4
Sandbox:
https://devnetsandbox.cisco.com/RM/Di
5 agram/Index/1b83c4bf-f63e-4e4b-
6 9119-
9b385751f1b6?diagramType=Topology
Config attached and
remediation scheduled

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Let’s choose a tool
We need to audit and enforce compliance against a baseline “gold” config

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
 Walk: Zero touch audit of critical device config
Use case: All customers have a need to monitor basic configurations, whether for compliance or
network reliability. Solution?
1 2 3

Ansible control station runs
playbooks daily to audit configs
Customer value:
Current device configs If non-compliant, Ansible Through automated audit, customers
stored in Git repo Control Station opens ticket can eliminate a time-consuming task,
while increasing frequency of audits by
4 orders of magnitude.

Sandbox:
5 https://devnetsandbox.cisco.com/RM/Di
agram/Index/1b83c4bf-f63e-4e4b-
6 9119-
9b385751f1b6?diagramType=Topology
Engineer runs Ansible playbook, Config attached and
which logs final state in ticket remediation scheduled

1. Ansible 2. GitHub 3. Ansible 4. ServiceNow

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Three levels of complexity
• Activate policy and intent across
different network domains
• Enable self-service and automatic
compliance checks on changes
• Ensure consistency and simplicity
across multiple domains
Walk Run Fly

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
So what tools are in your toolbelt?

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
 Run: Zero touch remediation of critical device config
Use case: All customers have a need to monitor basic configurations, whether for compliance or
network reliability. Solution?
1 2 3

Ansible control station runs
playbooks daily to audit configs
Customer value:
Through automated audit and
Current device configs If non-compliant, Ansible remediation, customers can eliminate a
stored in Git repo Control Station opens ticket
time-consuming task, while increasing
frequency of audits by orders of
4 magnitude.

Sandbox:
5 https://devnetsandbox.cisco.com/RM/Di
6 agram/Index/1b83c4bf-f63e-4e4b-
9119-
Ansible Control Station applies Config attached and 9b385751f1b6?diagramType=Topology
config and logs final state in ticket remediation scheduled

1. Ansible 2. GitHub 3. Ansible 4. ServiceNow

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Three levels of complexity
• Proactively manage applications, users,
devices with DevOps workflow
• Processes can auto-provision their own
network services in reliable and compliant way
• Combining machine learning capabilities with
automation can shift organizations from
reactive to proactive maintenance and fault
avoidance

Walk Run Fly

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
So what tools are in your toolbelt?

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
 Fly: Network Automation for application
policies deployment
Use case: All customers in need of basic network and server management

1 2 3

Fly: Accelerate CI/CD

application policy deployment
via Network Automation by
VS Code with Integrated Git, used GitHub fires webhook Ansible Control Station runs
to manage Ansible playbooks on ‘push’ update updated playbooks
configuring UCS, ACI, and
NX-OS policies with Ansible
4 4 workflows
4
Certification: Prepare
network configurations for
application deployment using
automated workflows
VLANS updated on Network & application ANSIBLE VLANS updated on NXOS
UCS Manager policies updated on ACI

1. VS Code 2. GitHub 3. Ansible 4. UCS & NXOS ACI

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Walk Demo
Labs to get started
• https://developer.cisco.com/learning/modules
• Walk:
• Search for “Ansible” for a number of introduction labs with Ansible
• Run:
• Search for Programming Fundamentals/Python
• Fly
• Introduction to NetDevOps Configuration Pipelines with CICD
• https://developer.cisco.com/codeexchange

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Continue your education

Demos in the
Walk-in labs
Cisco campus

Meet the engineer

Related sessions
1:1 meetings

#CLUS DEVNET-1200 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Thank you

#CLUS
#CLUS