WEBVTT 0:00:02.740000 --> 0:00:06.420000 In this video, I'm going to be talking about network management automation, 0:00:06.420000 --> 0:00:10.780000 origination points, and that is the topic. 0:00:10.780000 --> 0:00:15.100000 So what exactly do I mean by automation origination points? 0:00:15.100000 --> 0:00:20.700000 Well, kind of a fancy way of saying, look, automation starts somewhere. 0:00:20.700000 --> 0:00:24.760000 There's some box or some device somewhere that has an automation script 0:00:24.760000 --> 0:00:30.240000 or something you type in, and then from there, it pushes out what it wants 0:00:30.240000 --> 0:00:32.220000 to do to one or more devices. 0:00:32.220000 --> 0:00:35.320000 So where in your network is that starting? 0:00:35.320000 --> 0:00:37.420000 Where is it originating from? 0:00:37.420000 --> 0:00:39.540000 And that's what I'm talking about in this video. 0:00:39.540000 --> 0:00:43.380000 So what are those origination points? 0:00:43.380000 --> 0:00:46.300000 Well, they can basically at a real high level happen from one of three 0:00:46.300000 --> 0:00:47.960000 places in your network. 0:00:47.960000 --> 0:00:51.380000 It could originate on an SDN controller. 0:00:51.380000 --> 0:00:54.480000 Here's an example of a Cisco APIC appliance. 0:00:54.480000 --> 0:00:58.720000 A physical appliance, you can see here it comes in a physical metal box. 0:00:58.720000 --> 0:01:02.300000 It has software running inside that's a controller, and this controller 0:01:02.300000 --> 0:01:06.480000 can be the source or the origination of your automation in your network. 0:01:06.480000 --> 0:01:10.360000 That is certainly possible, and there's other controllers above and beyond 0:01:10.360000 --> 0:01:12.200000 just this one as well. 0:01:12.200000 --> 0:01:17.520000 You can have a server running a network automation software like Chef 0:01:17.520000 --> 0:01:18.760000 or Ansible or Pupa. 0:01:18.760000 --> 0:01:20.160000 We're going to talk about that in just a second. 0:01:20.160000 --> 0:01:24.140000 But you can load that software onto a Linux server or an Ubuntu server 0:01:24.140000 --> 0:01:28.020000 or something like that, and then run your network automation directly 0:01:28.020000 --> 0:01:29.180000 from that server. 0:01:29.180000 --> 0:01:29.940000 You can do that. 0:01:29.940000 --> 0:01:33.300000 Here's a screenshot of something called Ansible Tower, which is a GUI 0:01:33.300000 --> 0:01:37.660000 based platform built for Ansible that allows you to do this type of automation 0:01:37.660000 --> 0:01:39.720000 we're referring to. 0:01:39.720000 --> 0:01:44.860000 And some network devices are actually built that in addition to having 0:01:44.860000 --> 0:01:49.120000 their own command line or possibly their own GUI, they might have a scripting 0:01:49.120000 --> 0:01:53.740000 language or something built right into the operating system itself. 0:01:53.740000 --> 0:01:58.660000 For example, here we can see an example of a router and most Cisco routers 0:01:58.660000 --> 0:02:03.680000 these days have a scripting language called TCL, sometimes called Tickle, 0:02:03.680000 --> 0:02:05.740000 a TCL script built into it. 0:02:05.740000 --> 0:02:08.840000 And you can access that very easily and then you can use that TCL script 0:02:08.840000 --> 0:02:10.640000 to do a variety of things. 0:02:10.640000 --> 0:02:14.200000 So let's go through just a little bit more detail on each one of these 0:02:14.200000 --> 0:02:18.240000 three items. So let's start with SDN controllers. 0:02:18.240000 --> 0:02:22.620000 So as far as SDN controllers are concerned SDN stands for software defined 0:02:22.620000 --> 0:02:27.100000 networking in case you've never heard of that term before. 0:02:27.100000 --> 0:02:29.440000 And this is a real high level overview. 0:02:29.440000 --> 0:02:31.940000 What is software defined networking? 0:02:31.940000 --> 0:02:35.760000 Well, the sort of theory or premise behind it in sort of an ideal world. 0:02:35.760000 --> 0:02:41.120000 What it means is that, you know, in a traditional sense, what's happened 0:02:41.120000 --> 0:02:46.780000 over decades is that a network would be built based on, you know, how 0:02:46.780000 --> 0:02:48.160000 many clients do we have? 0:02:48.160000 --> 0:02:49.680000 How many servers do we have? 0:02:49.680000 --> 0:02:53.080000 Where are they? How do we want them to physically connect to the network? 0:02:53.080000 --> 0:02:55.000000 Is it wired, Wi-Fi? 0:02:55.000000 --> 0:03:01.140000 And so a network would basically be built to connect devices together. 0:03:01.140000 --> 0:03:04.660000 And then once the network was built and IP was layered on top of it and 0:03:04.660000 --> 0:03:09.420000 some sort of routing protocol and VLANs were laid on top of it, now we 0:03:09.420000 --> 0:03:11.960000 would layer our applications on top of that. 0:03:11.960000 --> 0:03:16.520000 And we would hope that the applications would run smoothly across a network 0:03:16.520000 --> 0:03:20.560000 that was sitting, ready, and waiting for them to go across. 0:03:20.560000 --> 0:03:22.360000 That wasn't always the case. 0:03:22.360000 --> 0:03:26.600000 Some applications would work great over an existing network and sometimes 0:03:26.600000 --> 0:03:29.560000 other applications wouldn't work so well. 0:03:29.560000 --> 0:03:31.160000 And then we had to consider security. 0:03:31.160000 --> 0:03:35.060000 How do I keep this application traffic isolated from this application 0:03:35.060000 --> 0:03:37.040000 traffic so they don't talk to each other? 0:03:37.040000 --> 0:03:41.080000 Well, that would involve going back to our existing network and implementing 0:03:41.080000 --> 0:03:43.880000 access lists or other types of things. 0:03:43.880000 --> 0:03:48.020000 So software defined networking says, hey, let's flip that on its head. 0:03:48.020000 --> 0:03:51.080000 Let's go ahead and create the foundational network. 0:03:51.080000 --> 0:03:52.460000 After all, we have to do that. 0:03:52.460000 --> 0:03:56.040000 We got to put our routers and switches there and put some sort of routing 0:03:56.040000 --> 0:03:58.680000 protocol to get basic IP reachability. 0:03:58.680000 --> 0:04:00.540000 So let's just get a basic network in place. 0:04:00.540000 --> 0:04:04.820000 But now with software defined networking, we have another element on top 0:04:04.820000 --> 0:04:09.820000 of that. And so when an application starts up, an application can actually 0:04:09.820000 --> 0:04:14.780000 talk to the network and say, hey, I need this from you. 0:04:14.780000 --> 0:04:16.780000 I need this kind of bandwidth. 0:04:16.780000 --> 0:04:18.900000 I need this kind of quality of service. 0:04:18.900000 --> 0:04:22.620000 I need these kind of security policies and the network, which is intelligent 0:04:22.620000 --> 0:04:27.600000 or smart, and say, oh, okay, and the network would dynamically provision 0:04:27.600000 --> 0:04:31.840000 itself. It would change, maybe add some new routing paths, maybe change 0:04:31.840000 --> 0:04:36.160000 on the fly some quality of service, maybe on the fly add some new security 0:04:36.160000 --> 0:04:40.120000 policies that didn't exist for the application. 0:04:40.120000 --> 0:04:44.700000 The application would drive what the network needed to look like. 0:04:44.700000 --> 0:04:50.240000 So the application, which is software, would define how the networking 0:04:50.240000 --> 0:04:53.260000 happened. That is software defined networking. 0:04:53.260000 --> 0:04:57.100000 Well, a critical component of that to make that work is something called 0:04:57.100000 --> 0:05:00.640000 a controller. The controller is what's controlling the network. 0:05:00.640000 --> 0:05:04.260000 Now a controller does a lot of other things as well. 0:05:04.260000 --> 0:05:07.900000 A lot of the basic controllers that very first came out in the market, 0:05:07.900000 --> 0:05:13.320000 sort of phase one of SDN, were just sort of glorified SNMP boxes. 0:05:13.320000 --> 0:05:15.940000 Really, they collected statistics from the network. 0:05:15.940000 --> 0:05:19.840000 They gave you some nice graphical GUI representation of what the health 0:05:19.840000 --> 0:05:21.180000 of the network looked like. 0:05:21.180000 --> 0:05:25.660000 But as far as actually controlling the network, they did little to nothing. 0:05:25.660000 --> 0:05:30.600000 Well, nowadays controllers are getting much more power to actually get 0:05:30.600000 --> 0:05:34.560000 closer to what the ideal of software defined networking was always meant 0:05:34.560000 --> 0:05:38.500000 to do, which is dynamically configure, provision, and change the network 0:05:38.500000 --> 0:05:42.580000 as the applications needed to change. 0:05:42.580000 --> 0:05:44.580000 But the controller is the critical element. 0:05:44.580000 --> 0:05:48.760000 Now, when it comes to controllers, let's say you say, okay, I want a controller. 0:05:48.760000 --> 0:05:50.660000 How do I get this happening in my network? 0:05:50.660000 --> 0:05:53.200000 Well, controllers come in two different form factors. 0:05:53.200000 --> 0:05:57.660000 So those form factors are you could get software that's pre-installed 0:05:57.660000 --> 0:05:58.860000 on a physical chassis. 0:05:58.860000 --> 0:06:00.900000 They call this an appliance. 0:06:00.900000 --> 0:06:04.780000 So whenever you hear that term, oh, we sell an SDN appliance. 0:06:04.780000 --> 0:06:07.740000 That's a fancy way of saying, look, we will sell you a box that you'll 0:06:07.740000 --> 0:06:11.540000 have to screw into a rack somewhere, cable it up with some, you know, 0:06:11.540000 --> 0:06:15.760000 10 gig or 100 gig ethernet connections, and then that box is pre-installed 0:06:15.760000 --> 0:06:20.840000 with the SDN software inside of it, and probably other stuff as well. 0:06:20.840000 --> 0:06:24.120000 So that's a very popular way of doing that. 0:06:24.120000 --> 0:06:28.400000 Another way is having software installed on your own server. 0:06:28.400000 --> 0:06:30.480000 Some vendors offer that. 0:06:30.480000 --> 0:06:34.040000 Or you can have a cloud-based controller, which means that there's an 0:06:34.040000 --> 0:06:37.040000 appliance out there, but you don't physically have it. 0:06:37.040000 --> 0:06:41.840000 It's in the cloud hosted by Amazon or Microsoft or maybe Cisco's cloud, 0:06:41.840000 --> 0:06:45.800000 but now you can access that controller because you're purchasing it on 0:06:45.800000 --> 0:06:50.460000 a, like, a yearly license basis, and that connects into your network and 0:06:50.460000 --> 0:06:52.360000 it can control your network. 0:06:52.360000 --> 0:06:55.160000 So those are your permutations right there. 0:06:55.160000 --> 0:06:59.080000 And some examples of Cisco controllers, the two primary ones you'll hear 0:06:59.080000 --> 0:07:03.400000 about are the Cisco ACI APIC controller, which stands for the application 0:07:03.400000 --> 0:07:10.480000 policy infrastructure controller, or the APIC EM, which is, you might 0:07:10.480000 --> 0:07:13.360000 say, oh, APIC, APIC EM, aren't they the same thing? 0:07:13.360000 --> 0:07:17.940000 Not really, even though they both have the same initial acronym of APIC, 0:07:17.940000 --> 0:07:21.660000 they're totally different devices, meant to do very different things. 0:07:21.660000 --> 0:07:25.380000 But those are two examples of controllers that Cisco sells. 0:07:25.380000 --> 0:07:28.960000 Okay, so that's the controller. 0:07:28.960000 --> 0:07:31.220000 What about automating the network? 0:07:31.220000 --> 0:07:36.240000 What about, you know, dynamically provisioning the network and, you know, 0:07:36.240000 --> 0:07:41.260000 configuring it, changing the configuration, pushing down software images, 0:07:41.260000 --> 0:07:42.240000 where does that come from? 0:07:42.240000 --> 0:07:48.440000 Well, the controller could do that itself, but a lot of times there are 0:07:48.440000 --> 0:07:53.760000 other network configuration tools, other software tools that can either 0:07:53.760000 --> 0:07:58.760000 work independently from the controller, or can work through the controller. 0:07:58.760000 --> 0:08:00.400000 And that's what I want to talk about right here. 0:08:00.400000 --> 0:08:07.400000 Some very popular ones are Ansible, Chef, Puppet, and there are others, 0:08:07.400000 --> 0:08:09.280000 for example, Saltstack and other ones. 0:08:09.280000 --> 0:08:13.080000 This right here is, once again, a graphic of Ansible Tower. 0:08:13.080000 --> 0:08:15.040000 These have been around for a while. 0:08:15.040000 --> 0:08:18.280000 Puppet was released in 2005. 0:08:18.280000 --> 0:08:21.220000 Chef was released in 2009. 0:08:21.220000 --> 0:08:22.920000 Ansible is probably the newest of the bunch. 0:08:22.920000 --> 0:08:25.180000 That was released in 2012. 0:08:25.180000 --> 0:08:30.780000 Now, these configuration tools here, when they first came out, their original 0:08:30.780000 --> 0:08:35.460000 purpose was not really to automate networks. 0:08:35.460000 --> 0:08:39.860000 What these things were originally designed to do was to automate servers. 0:08:39.860000 --> 0:08:42.620000 Like a lot of companies are going to virtualization these days. 0:08:42.620000 --> 0:08:45.780000 You know, it used to be way back in the day that, well, if I needed 20 0:08:45.780000 --> 0:08:50.140000 servers in my network, maybe I had 10 different web servers, maybe I had 0:08:50.140000 --> 0:08:52.360000 a couple of email servers, file servers. 0:08:52.360000 --> 0:08:57.840000 I had to get 20 physical boxes, 20 physical chassis that would screw into 0:08:57.840000 --> 0:09:00.820000 Iraq somewhere, and those were individual servers. 0:09:00.820000 --> 0:09:06.000000 Well, that consumes a lot of heat, a lot of electricity, and, you know, 0:09:06.000000 --> 0:09:08.620000 many, many years ago, some people came up with a bright idea. 0:09:08.620000 --> 0:09:11.300000 They said, hey, we have this thing called virtualization. 0:09:11.300000 --> 0:09:12.540000 Why don't we do this? 0:09:12.540000 --> 0:09:16.380000 Why don't we have one physical server, but we'll have software in that 0:09:16.380000 --> 0:09:21.340000 server that can sort of create these virtual servers inside of this one 0:09:21.340000 --> 0:09:26.300000 physical box. And then we can have as many or as little as we need. 0:09:26.300000 --> 0:09:29.400000 Maybe right now, we need 10 web servers. 0:09:29.400000 --> 0:09:33.440000 Oh, look, we've got a bunch of traffic coming in for these 10 web servers. 0:09:33.440000 --> 0:09:35.660000 Let's spin up. That's the term. 0:09:35.660000 --> 0:09:40.780000 Let's create dynamically on the fly another virtual web server, maybe 0:09:40.780000 --> 0:09:43.700000 another one. And then when the traffic goes down, get rid of those virtual 0:09:43.700000 --> 0:09:45.880000 web servers because we don't need them anymore. 0:09:45.880000 --> 0:09:50.360000 So these type of configuration tools, Ansible, Chef, and Puppet, were 0:09:50.360000 --> 0:09:54.880000 originally designed to do that type of thing to dynamically help in spinning 0:09:54.880000 --> 0:09:59.100000 up new virtual machines, provision those machines, tear them down when 0:09:59.100000 --> 0:10:02.380000 they weren't needed that whole thing. 0:10:02.380000 --> 0:10:06.320000 But over time, they've added flexibility to these tools to where they 0:10:06.320000 --> 0:10:10.520000 can now automate your network, like your routers and switches, in addition 0:10:10.520000 --> 0:10:13.380000 to automating servers as well. 0:10:13.380000 --> 0:10:16.680000 So these tools are great for the server admins as well as for the network 0:10:16.680000 --> 0:10:20.220000 admins, wherever you need any kind of network automation. 0:10:20.220000 --> 0:10:24.340000 And then, of course, there's also scripting languages available. 0:10:24.340000 --> 0:10:28.760000 There are many scripting languages available to automate your network. 0:10:28.760000 --> 0:10:32.120000 Where do the scripts originate from? 0:10:32.120000 --> 0:10:36.520000 So if you're going to do a script, where would you do it on so it can 0:10:36.520000 --> 0:10:38.600000 impact your network? 0:10:38.600000 --> 0:10:43.240000 Well, a script can absolutely be implemented on a remote device, such 0:10:43.240000 --> 0:10:47.660000 as your laptop, your Macbook, a server, and then that script can be started 0:10:47.660000 --> 0:10:51.440000 there. You can initiate it there, and then the commands can be sent over 0:10:51.440000 --> 0:10:55.520000 an IP connection and terminate on a router or switch and automate that 0:10:55.520000 --> 0:10:58.600000 device. That can certainly happen. 0:10:58.600000 --> 0:11:02.600000 Or some devices, like Cisco routers and switches, depending on what make 0:11:02.600000 --> 0:11:07.060000 and model you have in other vendors as well, will have scripting languages 0:11:07.060000 --> 0:11:10.580000 built right into the software itself. 0:11:10.580000 --> 0:11:16.120000 For example, Cisco sells some routers and switches that have either TCL 0:11:16.120000 --> 0:11:20.960000 or, in some cases, Python ability built right into the box. 0:11:20.960000 --> 0:11:22.980000 Now, you might be wondering, well, wait a second. 0:11:22.980000 --> 0:11:26.600000 I thought the whole point of network automation was to get away from the 0:11:26.600000 --> 0:11:31.420000 individual box, have a script or something, or a network tool start way 0:11:31.420000 --> 0:11:36.240000 out here and configure a whole bunch of different devices all at once 0:11:36.240000 --> 0:11:38.200000 from one central point. 0:11:38.200000 --> 0:11:39.320000 What's the point? 0:11:39.320000 --> 0:11:42.480000 How is network automation going to help me if I have to log into an individual 0:11:42.480000 --> 0:11:45.240000 box and start my script there? 0:11:45.240000 --> 0:11:48.180000 Well, it depends on what you're trying to accomplish. 0:11:48.180000 --> 0:11:52.460000 For example, let's say that what you're trying to automate is something 0:11:52.460000 --> 0:11:56.540000 very simple. Like, let's say as part of your daily task, let's say that 0:11:56.540000 --> 0:11:59.620000 every morning when you come into the office, part of your normal routine 0:11:59.620000 --> 0:12:02.820000 is one of the first things you do is you initiate a ping sweep. 0:12:02.820000 --> 0:12:06.940000 And you manually ping like 50 devices just to see if they're accessible, 0:12:06.940000 --> 0:12:08.420000 if they're reachable. 0:12:08.420000 --> 0:12:11.100000 And up until now, the way you've been doing that is you log onto your 0:12:11.100000 --> 0:12:15.460000 Cisco router and you manually type one at a time, ping 1.1.1. 0:12:15.460000 --> 0:12:19.040000 Ping 2.2.2.2. Ping this, that and the other thing. 0:12:19.040000 --> 0:12:21.420000 Well, this is one thing that this script could help you with. 0:12:21.420000 --> 0:12:25.940000 You could initiate a TCL script within that device to automate that ping 0:12:25.940000 --> 0:12:29.560000 sweep from that device where it'll ping those devices one after the other 0:12:29.560000 --> 0:12:31.860000 just by running this one simple script. 0:12:31.860000 --> 0:12:35.280000 That's one example of how network automation with a script on an individual 0:12:35.280000 --> 0:12:37.640000 box could help you. 0:12:37.640000 --> 0:12:44.200000 So that is the end of this video on network automation origination points. 0:12:44.200000 --> 0:12:46.700000 And I hope this video was useful to you.