Apstra: The Value Is the Integration
Apstra brings automation, integration — and so much more.
Don’t miss this final episode of the Experience-First Data Center Networking Series focusing on automation with Apstra. Jeff Doyle, Majid Ansari, and Calvin Remsburg discuss the key essentials you need in your fabric management solution when it comes to automation.
You’ll learn
How Apstra can integrate with your existing systems, like Slack, ServiceNow, and other popular tools
The advantage of a multi-vendor approach
How an intent-based approach for Ethernet VPN (EVPN) operations and integration can help you manage rising data center complexity
Who is this for?
Host
Guest speakers
Transcript
0:00 [Music] hello and uh thanks for joining us today
0:07 uh this is our last of our lightning talk series on experience first data center networking series uh today we
0:15 will talk about abstract the values in integration uh basically the focus is automation with abstract my name is
0:22 majid ansari i'm an architect on cloud vertical uh and today with me um i have
0:28 kelvin remsburg he is one of the consulting engineers and specialist in automation practice
0:34 um he participates with the various customers on on automation discussions
0:40 and he will go over you know some of the details on automation with abstract
0:45 so let's jump right in and uh first thing i think i'll quickly i think talk
0:50 about the agenda for the discussion today uh we'll recap what we talked about in our first two sessions uh which
0:57 we had with jeff doyle um then i'll quickly uh introduce our
1:02 topic today on uh automation uh and uh evpn fabric operation decisions so
1:08 basically we'll talk about what are the key characteristics we are looking in your fabric management solution when it
1:13 comes to automation um and then kelvin will go over and expand that topic and talk about
1:20 you know automation for evpn operations and integration so recapping on uh what we talked in our
1:28 first two uh first two uh lightning talks um and i'm not gonna go in detail
1:33 about what we already discussed but i'm just gonna quickly provide a summary so in the first session we we talked about
1:39 uh what kind of characteristics you need from a day zero day one perspective where
1:44 you're looking at you know architecting and design and then deploying your fabric and we established
1:51 that you know you need a solution that's multi-vendor and then it also goes beyond
1:57 uh you know just swapping uh clies with clicks right you you actually go beyond
2:02 and do an internet-based approach uh where you actually are doing a lot of meaningful tasks in minimal steps
2:09 that way you can quickly complete your task and not only that that it makes easier
2:15 for you to provision it also provides you a single pane of glass that your architects as well as your
2:22 operators right can see through and then there would be a feedback loop that that you will you'll operate
2:29 through verifying everything at every step um and then making sure your fabric is
2:34 operating the way you intended it to be so that was our day one um and then
2:40 in in our second lightning talk we talked about more on importance of day two and supporting
2:46 um operations in a way that's you know meaningful uh and then that's you know relevant in uh today's
2:52 age because there are a lot of challenges and different challenges in the network uh when it comes to
2:58 uh you know things changing quickly um and then you have to support different like environments where you
3:04 have to support legacy uh application as well as model applications and we established
3:09 how um gathering analytics and then deriving knowledge from you know telemetry
3:15 and and giving you uh the information in full context so that you can use it uh
3:21 use it efficiently right um and then we also talked about uh you know our ability to
3:29 support your changes in the network whether it's a maintenance that is planned or a link or a device going down how do we
3:36 make sure that what it does after the recovery is
3:41 exactly what you expected to be it is done in as quickly as possible and and then we actually can provide you
3:48 all that uh reliable way of you know going through changes in your network um and then
3:55 importance of that so that that covered our day zero and uh day 1 and then day 2
4:00 operations and day 2 operations plus today's topic is now we're going to
4:06 focus on automation and why automation is important and what what kind of things you need to
4:13 look into your fabric management solution right um i think you we all would agree that when you deploy a
4:19 network or when you deploy a network management solution uh you are not up uh you're not operating in in a bubble
4:26 right you actually are part of a bigger business and then you have a bigger
4:32 infrastructure that's bigger than your network and you need to be part of it you cannot be just thinking of your network as an
4:39 independent entity uh because uh with if you want efficiency and if you want to
4:44 utilize the tools that you already built for your bigger infrastructure for example take a typical data center where
4:51 you will have you know 40 servers in iraq and they'll be only two switches
4:57 so there is an infrastructure already in place that is managing those 40 servers and then the applications that run on
5:03 them and it would be very efficient for you if you can use a similar infrastructure
5:09 maybe expertise you have in your ability to develop those applications using the same kind of apis
5:16 or at least uh the programming language of your choice for your automation uh
5:22 your network management will uh will actually uh gel well with your existing system so it's just gonna make it more
5:28 efficient and um and more scalable for you uh and that's one of the key
5:33 characteristics i think uh you need to look into a fabric management solution now the apis i think apis needs to be
5:42 easy to use and they they need to be integrated using your preferred
5:47 programming language or infrastructure of choice and and then once you have that established
5:54 that easy to use apis and that can give you that rich set of functionality that
5:59 you know you need it will just make it easier for you to integrate your fabric management
6:05 solution in your environment um and not only that the underlying infrastructure that that
6:11 you need right it shouldn't be restricting and and one of the things that uh we talked in earlier talks like
6:17 for example abstra uses uh this graph database now graph database allows you
6:22 to integrate and query things for which you your relationships were not like
6:28 available to you before so like if it was a relational database and then you were building tables uh you would
6:34 restrict based on what you know ahead of time whereas a graph database uh would
6:39 offer you that flexibility because there you don't have to do know all the relationship and don't have to build table based on what you know it could
6:47 change over time so not only you have rich set of apis um and simpler to use apis
6:53 you also need infrastructure that allows you to kind of grow with
6:59 the new things that come into picture um so you know if you combine all these things uh you build your solution and
7:07 you also have to kind of think of it is like how my operator is gonna use it so they can use the same uh same thing that
7:13 they use for bigger infrastructure they can use it for a network uh you will have a cohesive solution that will be
7:19 easy to integrate your environment um and i'll with this i will pass it on to
7:24 kelvin to just you know kind of expand it um how in abstract context how these
7:30 things are are relevant what abstract does and then how how it helps you you know grow with
7:36 ground without growing pains uh to you kelvin to kind of expand on
7:41 this topic i'll stop sharing and then you can share your screen all right so hello everyone my name is calvin
7:47 rimsburg and i am a global architect within the sales organization and my primary focus is
7:54 helping customers get up and running with network automation trying to help them understand what some of the value propositions and
8:00 more importantly what kind of integrations they can build to have success using the automation capabilities within our platforms
8:08 now today specifically we're going to be focusing on appstr now app sure actually has two
8:14 separate apis that we had just discussed there is a traditional rest api where we
8:20 can communicate with the aptra system over http there's also a graphql api
8:26 that we can access some of the more difficult queries to to get really detailed information
8:32 about the data center fabric now today i'm going to specifically be talking about the rest api because
8:39 that's what we see most commonly when customers want to build integrations
8:45 now it should be noted that 100 percent of the things that appsure does from the
8:51 web user interface is driven through apis in the background that is to say
8:57 any type of operation you would do inside of the appsure user interface whether you're adding new vlans or
9:03 you're building a new data center blueprint or maybe you're just monitoring the actual health of the environment there's
9:10 a native api for every single one of those calls that happens within the gui which means we can capture that api and
9:17 actually build automation around it this helps us build integrations into
9:23 tools and software that we already have in our environment with minimal effort
9:28 now today i'm going to be showcasing an example where a customer was having success where they were using servicenow
9:35 to perform their day 0 and day 2 operations through servicenow
9:41 now we're going to showcase this just in a little bit but it's important to just kind of have the roadmap here
9:47 in front of you to understand exactly how these pieces are coming together we're actually leveraging ansible for
9:54 the heavy lifting within the environment this is almost a no-brainer in in these
9:59 days because ansible has such a profound impact within not only servers but also
10:04 network and automation then it makes sense to build an automation framework based on
10:10 one of the more prevalent tools out there today so what's going to happen is that a user is going to fill out a request now this
10:17 again this could be building a new environment this can be just typical day two operations of adding vlans etc
10:24 they're going to perform that request inside of servicenow and servicenow is going to send that information over to a
10:31 ansible server through the ansible rest api and then ansible is going to do a few
10:36 things it's going to check in to github to make sure it's got the latest copy of
10:41 the project and then it's going to talk to our network source of truth now in my environment i'm using a tool called
10:47 netbox but you could use another tool called nadobot or maybe you're using some kind of monitoring system like
10:54 solarwinds the point is is that there's information about your environment that the
11:01 automation needs to have in order to be successful so ansible's going to query around make sure again it's got the
11:07 latest copy of the code it's going to make sure it knows everything about your environment and then it's going to be
11:12 performing some provisioning tasks over into the app str controller
11:17 and these again uh 100 of the operations that we would have typically done had we
11:23 been logged in through the web user interface and then when we're done we're going to be sending some information over to the
11:29 team so that everyone knows when a change has been made within our environment now in this case i'm using slack but
11:36 this could be a text message this could be an email this could be microsoft teams
11:41 the point is is that it doesn't really matter where you're trying to send the message to as long as there's an api
11:47 that's listening and available for us we can take advantage of that and build these almost closed-loop automation
11:54 opportunities for us so let's go ahead and start with our servicenow interface
12:01 i've created a fictitious company here called redtail network and they operate
12:06 in many different capacities they have a campus network that's managed through juniper's mist they're using the 128 tsd
12:13 wan but in context of this conversation we're going to be talking a little bit about the
12:18 data center so let's move over into the data center dashboard to see what the network team sees whenever they log into
12:25 servicenow so all the team members immediately have visibility into any
12:30 outstanding tickets that might be within their data center environment they can also see if there are any
12:36 anomalies within the production data center now in my case you can see that we have no problems just yet we will be
12:44 creating some problems here today but it's important to note that users of
12:50 of servicenow will immediately get this information without having to visit the aperture interface and probably even
12:56 more importantly without having to understand networking nuances within data center fabrics as we all know vxlan
13:05 evpn is an amazing technology but it's very very complicated and a data modeled
13:10 fabric management tool like appstra really helps abstract some of that complexity with them but here we're even
13:18 extra abstracting it even more by reaching into the appstress apis and grabbing the
13:24 health of our data center fabric now just to give you an example this is my current data center environment that
13:31 i have it is a live app sure environment the couple spines and three leaf
13:36 switches right here and you can see that all the anomalies that would have typically shown up or are right here
13:43 within the dashboard this is the information that we're getting through the api and we're tunneling that data
13:49 back into servicenow and that's what you see these counters right here for so
13:54 really really great place to get the visibility of your data center fabric you could extend this
14:00 this dashboard to your server teams to your application teams to really anyone
14:05 that likes to call up the network team and blame the data center as being the problem for their application performance this is a really great way
14:12 of getting all the networking nuance out of the way and just presenting the raw facts to the
14:17 users now what's really great about this dashboard is that we're not just using it to track data center events and in
14:24 open incidents at the time we can also use it as a launching pad for all of our network day-to-day tasks
14:31 so in this case i'm going to visit the network automation panel and we can see that this organization has many different
14:38 self-service portals for different types of tasks within the environment but we're focusing here on the data center
14:45 now when we visit this we can see that we've got a couple of options available for this if we wanted to we could build
14:51 out a full data center fabric using the appsha blueprint generator where we just basically fill in some
14:57 basic information about the type of platform that we're using the loopback
15:03 addresses if they have any specific autonomous system numbers that they want to use
15:08 what type of data center fabric platform as you all know aperture supports
15:15 almost any data center vendor under the sun so it's important that we give those types of options to the users
15:21 but in this case let's talk about a more traditional day two operation one of the more common tasks believe it or not
15:28 still in in 2022 is that we're still creating vlans across our data center fabric so let's
15:34 go ahead and perform this task by leveraging network automation we'll visit this self-service portal here
15:42 and you can see that we've taken all the network nuanced information things like
15:47 what type of routing or what routing instance would you like this via this new vlan to be
15:53 within the overlay we also need to pass in the name of a vlan now in this case
15:59 let's see i'm going to call this vlan thursday because that's where we're recording this and for the vlan id i'm just going to go
16:06 ahead and leave in 11 but we'll go ahead and give it the vxlan network identifier of 10 000.
16:13 and passing in an ip prefix we'll do 105
16:20 24 and we'll give it the dot one for the gateway so you can see with this self-service portal of
16:26 servicenow we're asking the user for the bare minimum information
16:31 what do they need to do to be successful in this job we're not asking them to be
16:36 experts in either cisco cli or junos cli we're not asking them to have even all
16:43 the nuanced information about a data center fabric they can still have success with their
16:48 day-to-day job by leveraging network automation to abstract all the complexities within this
16:55 so in this case we've created a workflow that another teammate would
17:00 view or they would first they would receive some kind of message notification and service now to say hey
17:05 you got a teammate that's looking to build a new data center vlan we would like for you to review it and they would
17:11 come they would visit their servicenow portal and they would get all the information here passed into a
17:16 ticket assigned to them now what they would do is they would go and they would review this request one last time they
17:22 can see the data they can add any comments that they see fit maybe a change approval number or some kind of code of
17:29 some sort the idea here is that we have an approval process where we can have an
17:36 audit from a local teammate or or maybe just be able to have
17:41 documentation as to who approved this change and who had initiated it just
17:47 again for auditing insanity purposes now what you'll note back here over at
17:52 abstra we don't have any uncommitted changes and that's because we haven't clicked
17:57 this approval button just yet so let's go ahead and take care of that i'm going to click on the approve button and what
18:05 that's going to do it's going to compile all the information that we had passed in the form and it's going to send it
18:10 over into ansible now let's go ahead and check out ansible and see what's going on
18:16 if i look at my jobs right up here we can see that we've got a job running it's called create a vlan
18:22 and if we look into the details we'll actually see the information that was passed into the servicenow form the name
18:29 of the vlan the vlan id the prefix remember all that information that we had filled into the form
18:34 now i can see that this all in all took 11 seconds to complete
18:39 and here we can we can dig into any of these api calls and kind of fare it out what that was actually going on but
18:46 probably more interesting let's return back to the service now or sorry to the appstr and you can see we now have an
18:52 uncommitted change within the environment so the way that appshow works if you're unfamiliar and this is a blessing if
18:59 you're coming into from an automation perspective is that appshow works in a very similar
19:05 way that the junos operating system works meaning that you stage your proposed
19:10 changes in type of a candidate configuration where you have another opportunity to review the data commit it
19:18 and if that is a problematic change actually roll it back this is incredibly important in a data center fabric
19:24 management tool and this is what we're leveraging within the automation we're taking advantage of this review process
19:31 now if i really wanted to we could go down and look into the full diff of what's actually taking place but
19:37 suffice to say here we're going to be creating a new vlan called thursday we're creating a new connectivity
19:43 template which is effectively an interface template and we're creating a new vlan id we can
19:50 see the prefix information route target the vlan id all again all that information was passed in through
19:56 servicenow so this is one really great way of leveraging network automation for a
20:01 common day two task i just rolled back that configuration so it now no longer exists within the
20:08 aperture system let's talk about another real common task and that would be
20:14 managing vlans on a trunk specifically for something like a vmware host for
20:20 instance right as new applications come into the environment you want to be able to quickly update or remove vlans that
20:27 are on a interface based on a template now in this case i have a connectivity
20:34 template it's got a couple of storage vlans one is the native vlan for iscsi
20:39 and another vlan for nfs traffic well let's return back over into servicenow
20:45 and what we're gonna do is we're gonna add a new vlan onto this trunk for
20:51 my sequel database so we'll follow the same process as we had before when we created a new vlan
20:58 and that is by visiting our data center service catalog and then opening up the
21:04 the self-service portal this time for managing vlans on a trunk and what we need to do is we need to
21:10 declare which blueprint or which data center fabric we would like to perform this task on we would like to know
21:16 whether or not we want to add a vlan or a movement run form a trunk in this case i'm going to add it and we need to add
21:23 the vlan id in this case i'm going to select my sql database and
21:28 finally i just need to select the connectivity template so whether or not what kind of virtualization host we're
21:34 using in this case we're going to select a vmware host and click order now now
21:39 again if you can think about the power not only of extrapolating the network
21:45 complexities of a vxn evpn fabric but what we're effectively doing is we're creating a self-service catalog so that
21:52 network operators or possibly application developers within your environment can perform complex tasks
21:59 with the appropriate auditing and approval processes without having to know very much about how networks
22:06 actually operate now in this case let's visit this request that came in for us and we're
22:12 again consistent approval process everything is consistent that we're doing here it's
22:18 one of the nice things about network automation is that despite the workflows being very different in workflow being
22:26 what kind of task you're trying to accomplish you can create similar workflow environments through a tool like
22:32 servicenow so that everyone feels comfortable it's familiar they know exactly where to go and they know how to
22:38 fill in these forms because it's very similar to their traditional operations within the tool
22:43 we'll go ahead and again click this approval button and again what's going to happen is that
22:49 we're going to compile the information that came in from the form and send it over into ansible we'll take a sneak
22:55 peek at what's going on over here here we can see we have a playbook running called manage
23:00 the trunk and if we dig into the details we can see hidden information about vlan ids
23:07 untagged this information is actually sourced from the servicenow catalog we just got to abstract some of the more
23:14 complex uuids etc now if we go back to the output i can see that this was completed this took 10
23:22 seconds to complete let's go check in on appstr and over on appstra if i just open up
23:28 this vmware host connectivity template yet again i can now see that the my sql
23:33 database vlan has been added to my tagged trunk now if you're unfamiliar
23:38 with connectivity templates effectively what's happening is that when we commit
23:43 this change that's staged right now in appstra any interface in our data center that
23:48 was previously associated to the vmware connectivity template will now have this
23:54 vlan automatically pushed down to it so that applications can come up and start actually performing the task that they
24:00 were set out to do so gone are the days of knowing where in my environment are all my vmware servers
24:07 which interfaces and which vlans is or are we passing on this trunk we can
24:13 leverage the connectivity templates to completely remove us from that equation and then we can take the advantage of
24:19 the api to actually perform the task to make adjustments to those as we see fit
24:24 if we move back over to our uncommitted panel here we can see that we've updated the
24:30 connectivity template for the vmware host and again this is exactly what we expected and i'll go ahead and commit
24:36 that change to make it run in production now i promised earlier we're going to cr we're going to break something and this
24:43 is a great opportunity for that i'm going to go ahead and insert a static change into my data center fabric
24:50 now what's going to happen from an app share perspective is that this will directly conflict with the data model
24:57 that was derived for the data center fabric again we're not building a model just for the
25:02 devices we're looking at this from an intent based networking perspective as a holistic fabric data model and this
25:10 static change that's going to be made on one of the devices will be a conflict with that that data center fabric
25:17 and so now if we return over to appsure actually let's go back to a services now
25:22 portal first if i remove back to my campus network and head over to the data center
25:28 dashboard what i should see is within about a couple of minutes i do
25:35 have some caching taking place on here to make the ui pop up just a little bit faster
25:41 what we will see is an anomaly peak its head into the data center
25:46 fabric as that that that static configuration is actually applied
25:51 so while we wait for that uh that detection to be made let's also showcase how you can
25:58 leverage slack and chat ops to also interface with your appstr fabric
26:04 so what i have here is a slack workspace that all my data center team is on and
26:10 that we use this to actually communicate between each other but in what we can also do is take
26:16 advantage of the api that we expose on appstra and actually build integrations into our chat systems so for instance
26:23 let's say that we get a call at 3 a.m because we're on call and we're told
26:28 that sap is down and the network is always obviously blamed uh for this type
26:34 of situation so rather than us getting up and pulling out our laptop jumping on
26:40 the corporate vpn trying to log into appsha trying to make sense of what's going on and
26:45 understand whether or not the data center is at fault what we can do instead is just simply open up our slack
26:51 client whether it's on our phone or our desktop in this case we'll be issuing a command to the appstrebot
26:57 what will happen is that we get a prompt that says what kind of request and from here we'll just say give us the
27:03 health of the data center and then it'll ask us which data center would you like to check we'll check in our evpn demo
27:10 and hit the execute now again i am not having to understand
27:15 data center fabric technology i don't even know i don't even need to be able to spell vxlan
27:22 what we can do is we can leverage this these apis to get health information
27:27 from our data center and provide access to it for anyone within the organization
27:33 that has the rights to now here we got back in our slack client within just a few seconds some
27:39 information from the system and i can see that there's a configuration error within our data center fabric that's
27:45 exactly what we expected because there was a static route injected into our data center if we return back over to
27:51 our servicenow portal and if i refresh my page remember that this is the home
27:57 landing page for my data center operations team here we can see that we'll have some anomalies show up and it
28:04 is exactly what we expected right we have a configuration issue within the environment and anyone that just logged
28:10 into servicenow or anyone that's watching this page will be able to detect yes there's something wrong with
28:16 our environment so they can interface through it with appstra through the apis
28:21 by leveraging tools like servicenow or you can build integrations into more common tools like slack or microsoft
28:28 teams so with that that's the end of this discussion on kind of the art of
28:33 possibility with building network automation for day two operations so with that i'm going to turn by mac bike
28:40 over thank you thank you kelvin i think uh you actually did a great job
28:46 articulating you know value of uh the automation with abstract how uh and the art of possibilities that you
28:52 said like what's possible using different tools um and then that i think you know would would clearly articulate
28:59 um how abstract can integrate easy in into your existing environments and servicenow
29:06 being popular ansible being popular and then slack on the other hand totally
29:11 diverse tools but the power of automation you know makes you integrate abstract in all of
29:17 them uh so thanks for that great discussion i think you know if our
29:22 customers are interested uh in talking about more uh more about this thing i
29:28 think you know reach out to your account teams and then we can we'll be happy to go over the details uh but in in
29:35 summarizing this what i would say uh for your when you're evaluating your fabric management solutions uh
29:42 basically what uh what based on what we talked today right what you what you need is an easy to use rich set of apis
29:50 uh so that you can use uh your own environment and then integrate uh
29:56 abstract or network management tool into your environment um and not only you
30:01 need uh apis performing your day one provisioning
30:07 thing it can also help you with your day to and day two plus operations where you know
30:13 like you spend a lot of time during that mode uh it's equally important to have apis that that do that right and then
30:21 last but not least i'll basically use the same conclusion that i used my in my previous uh two lightning talks uh for
30:28 your fabric management needs you need a unified solution uh that gives you seamless automation for you know
30:34 throughout your network life cycle whether it's day zero day one or day two plus
30:40 um and then you need a unified um view for both your operations and architect
30:45 uh team uh so that you get smooth operation your network and
30:50 with this uh talk i think we we provided you a lot of examples and and arguments to you know
30:58 provide to suggest that abstra actually does have all these characteristics and
31:03 it will it will do very well uh for your network management need um and especially in a multi-vendor network um
31:11 you you will be you will be very happy with uh with appstra and um
31:16 also i think as we talked uh you know next steps wise as i said please contact us uh if you like to talk
31:23 more but in the meantime if you want to learn and and explore yourself uh you
31:28 can also use our training on juniper training portal or uh there's a youtube
31:34 playlist that talks about you know topics like this that we discussed today and there's also a virtual lab um that
31:41 that you can reserve and then do your own experiments so thank you very much uh for joining us
31:47 today and then uh going through this discussion with us um and enjoy uh enjoy
31:53 uh the learnings and and then good luck we are with your network operations thank you
32:02 [Music]
