Networks consist of distributed nodes — routers, switches and the like — that systems administrators and network engineers have, for the most part, managed individually via command line interfaces.
Network protocols connect the nodes so that they appear as a single connected system, but these setups remain tricky (and often expensive) to deploy. Moreover, the distributed nature of network nodes makes it difficult to monitor and react to the health of the system as a whole or manage the impact to applications.
To address these challenges, some network engineers have adopted automation tools, for example Python or Puppet, to help drive consistent configurations and streamline troubleshooting. These automation tools still must address the network’s individual nodes, and can add more complexity than they reduce, depending on topology.
But there’s automation help now for sysadmins and engineers. A network controller, as found in software-defined network architectures, can provide holistic management of the network and reduce the complexity of network automation tools.
Here’s how to evolve your network management:
1: Consolidate Your Network View
A network controller can serve as a single interface by building an abstraction between the network configuration and the nodes. A controller lets an IT team manage the entire network from a single control interface.
Together, the controller’s single control interface and abstraction lets automation tools focus on app-specific configurations while avoiding the box-by-box complexity of the network.
Cisco ACI is an easy-to-use network automation for SDN environments. Its Application Policy Infrastructure Controller (APIC) serves as the holistic manager for all ACI fabric and has an intuitive GUI and a RESTful API, through which network administrators can build configuration policies on a per-VLAN or per-app basis. APIC dynamically establishes policies on the physical infrastructure when an app is identified.
2: Pack Power in Small Code Punches
Think of a controller as an “easy button” for network automation. In APIC, everything is an object, and every object is defined by JSON-formatted text. To collect health or troubleshooting information, network automation engineers can modify the text to drive configuration changes or query the APIC. The controller provides access to every object and, before a change is allowed, verifies whether a configuration change is valid.
ACI objects and their properties can be found by a number of built-in tools, including the GUI. The GUI lets engineers visualize and push small configurations, but can be slow and cumbersome when managing a large number of ports or similar configurations. (The GUI has no “interface range” command.)
A number of tools, both open-source and fee-based, are available to automate and streamline ACI fabric. Cisco CloudCenter, which ships with hundreds of pre-built ACI configurations, is an app orchestration tool that network engineers can use to spin up apps.
Popular infrastructure automation tools, such as Puppet and Ansible, feature out-of-the-box automation with published integrations. Finally, a network administrator can use a programming language such as Python to hit the API and automate configurations.
3: Take Advantage of Toolkits
Using Python to automate an ACI is simple; in many cases, completed scripts are available for free download. Python, the unofficial language of network programmability and automation, features free libraries that quickly and with minimal code connect to the RESTful interface for formatting configurations in JSON.
Most Python-based ACI automation tools come in at fewer than 25 lines of code and can be built in a couple of hours. Examples of Python automation scripts include tools to configure a number of interfaces or deploy complex access control lists. Cisco engineers have compiled a number of free-to-use scripts at github.com/datacenter.
To simplify network automation with Cisco ACI, there’s a software development kit and a tool set built around the SDK named ACI Toolkit. Both the SDK and ACI Toolkit will let engineers quickly build tools to automate or collect data from ACI. Simple or highly portable projects are best suited to native API access, however. Because of this, most ACI automation tools should leverage the SDK.
4: Get Ready to Configure Self-Driving Networks
Looking forward, the combination of network analytics with Cisco ACI will let the network “self-drive” based on network policy. For Cisco, that analytics tool is Tetration, and a future integration with ACI should allow for automatic configuration changes when Tetration detects network traffic anomalies, policy violations or protocol abuses.
But network deployment and operations using a command line interface no longer meet the needs of modern applications. Managing distributed network devices is slow, difficult and often error-prone. Automating the network is the best way for an organization’s network engineers to keep app management, well, manageable.