Terraform for Juniper Apstra Podcast

0:01 [Music]

0:08 welcome to the terraform for Juniper

0:10 Rapture podcast my name is Andy laptop

0:12 and today I am joined by the creators of

0:14 terraform for aperture Chris market and

0:17 Raj super Romanian Chris who are you and

0:20 what do you do with juniper hey thanks

0:21 Andy uh yep my name is Chris Marquette

0:23 I'm a product manager at Juniper

0:25 Networks and I've been doing

0:27 infrastructure Ops and a little bit of

0:29 software Dev stuff for coming up on

0:31 three decades you demand thanks Chris

0:33 and Raj who are you and what do you do

0:35 at Juniper hey uh I'm a product manager

0:38 at Juniper as well uh my background is

0:41 software engineering and I've been doing

0:43 uh Cloud adjacent and network address

0:45 and coding for the last I don't know

0:47 10-15 years awesome thanks guys so today

0:51 our focus is on the recent release of

0:52 terraform for Juniper abstra but before

0:54 we jump into that I thought it might be

0:56 helpful to go over both Juniper Rapture

0:58 and Tower Forum at a high level before

1:00 we get into how they work so well

1:02 together so

1:03 I guess we have to start with what is

1:06 abstra the formal definition of juniper

1:08 Rapture it's an intent-based networking

1:10 software that automates and validates

1:12 the design deployment and operation of

1:13 data centers from day 0 through day two

1:16 and Beyond it's multi-vendor which is

1:19 awesome and it allows you to basically

1:21 automate manage your networks across any

1:23 data center location vendor topology

1:26 long story short data center fabric

1:30 automation it's intent based has all

1:33 kinds of cool intent based analytic

1:35 probes it can show you if things are

1:36 breaking and it allows you to not

1:39 make mistakes mistakes that would have

1:42 been common when I was a network

1:42 engineer with configurations so you guys

1:45 kind of agree is that a good level set

1:47 of what aperture is I I think so I think

1:49 we should explore uh what intent based

1:52 means a little bit yes intense and

1:53 interesting when I when I first when I

1:56 first learned of juniper abstra and

1:57 they're like content networking I'm like

1:58 wait what I thought that was what I did

2:00 in the CLI right but I've I've come to

2:03 learn that

2:04 um the intent model is it's way more

2:07 reliable I believe than me and my

2:09 notepad scripts but I guess we'll get a

2:11 new intent in a little bit here so okay

2:14 you're my terraform experts so what is

2:16 terraform at a high level terraform is a

2:19 declarative tool for controlling uh

2:23 infrastructure it's it's most popular in

2:25 in Cloudy applications

2:28 um but you can you know use it for

2:30 anything the uh you know some of the

2:32 some of the documentation that hashicorp

2:35 publishes uh you know it shows how to

2:38 use terraform for ordering coffee right

2:40 so you can use it to control anything

2:41 that's got an API but most important it

2:44 to understand about it is it relates to

2:47 other infrastructure Control Systems is

2:50 that it is a declarative model yeah I've

2:53 heard it in the context of the cloud

2:54 stuff right when you're building in

2:56 public Cloud tar form is the way to go

2:58 so I was I was surprised when you told

3:00 me that you were building this thing I'm

3:01 like huh okay

3:04 um I guess we'll get into that so it's

3:05 it's open source right it's developed by

3:07 a company called hashicorp

3:10 um I don't know if we want to get into

3:11 declarative now or if a little bit later

3:14 would be better what do you think I I

3:16 think it's I think it's simple I think

3:18 we can we can make it real

3:20 um you know so

3:22 abstra says intent based and and that's

3:25 got a lot of implications that having to

3:27 do with you know validation and uh

3:30 expectations right they the abstra you

3:33 know design knows what's going to happen

3:35 in in your network when it when it pulls

3:37 certain levels levers

3:39 um

3:40 but one of the important things that

3:43 intent based means is is declarative as

3:45 opposed to imperative right that's kind

3:47 of a built-in base assumption

3:50 and you know Andy if uh if I worked for

3:52 you and you came to me one day and said

3:54 you know hey Chris my car is filthy it

3:56 shouldn't be right what are you telling

3:59 me to do right you're just telling me

4:01 you expect to have a clean car

4:02 right you're not telling me go get a mop

4:05 or a sponge in a bucket and a hose and

4:07 stand out in the driveway for two hours

4:08 right maybe I take the car to the car

4:10 wash ultimately you care about the

4:11 outcome which is clean car and not how I

4:14 get you there

4:16 and uh that that's you know the thing

4:18 that I think is most interesting about

4:20 after abstra does a lot of stuff but but

4:22 that difference right if if uh you trust

4:26 me to figure out how to get the car

4:27 clean

4:28 if uh we're talking about networking you

4:30 know hey Chris I need a subnet

4:32 right

4:33 did you tell me to turn on spanning tree

4:35 and trunk of VLAN everywhere or

4:38 configure evpn or configure Trill or

4:41 shortest path bridging or you know you

4:43 didn't specify right you trust me to

4:45 make a good decision and do things

4:46 reliably and and that's what

4:49 uh what after does for Network operators

4:51 is it allows them to focus on outcomes

4:55 which is the intent and not the minutia

4:59 of exactly what to configure and exactly

5:01 how to configure it on various uh

5:04 routing platforms you just exploded my

5:07 brain I in a great way I love the go

5:09 wash your car analogy it wasn't even

5:12 wash the car right it's like nouns and

5:13 adjectives I need a clean car you need a

5:16 clean car right nouns versus verbs is

5:18 like the imperative versus declarative

5:20 discussion yeah I would never tell you

5:22 all the

5:24 14 steps required to get that car clean

5:27 but right traditionally that's how I

5:30 have managed networks is I got to put a

5:32 hostname on this thing I got to put some

5:34 Triple A on here I got you know I I'm

5:36 doing a hundred steps I don't just say

5:38 make it so clean car

5:41 so that that that's a really good

5:43 analogy I think that that helps Hammer

5:44 at home for me and then there's the you

5:46 know which which abstraction layer are

5:48 we talking about right because you know

5:50 me you could argue that like no my my

5:52 declarative model is I declare that you

5:55 know switch 13 should have VLAN 7 you

5:58 know enabled right

6:01 that's not really declarative right

6:03 you're sneaking right up on imperative

6:05 go configure you know that VLAN on that

6:07 switch

6:08 um with you know we're we're talking

6:10 about

6:11 uh not just

6:14 not giving it Specific Instructions but

6:17 focusing only on outcomes right what

6:19 services is the network offering at the

6:21 edge to uh you know servers for the most

6:25 part right what what vlans are exposed

6:27 what tags appear at the edge what routes

6:30 are made available what filters are in

6:31 place and none of the details about how

6:34 to get there how many switches are

6:36 involved or you know the state of the

6:38 fabric in between the edge nodes just

6:40 just make the outcomes I care about

6:42 happen it sounds wonderful right just

6:44 just make it so right I mean you got to

6:48 have you know uh you got to be able to

6:50 delegate those kind of tasks to somebody

6:52 you trust right and so you know that

6:54 this is what appsters forward it's good

6:56 it's at uh taking those kind of

6:58 directives and uh making those outcomes

7:01 happen awesome thanks so you know we're

7:02 talking about automation right and not

7:05 doing it you know in the CLI device by

7:08 device by hand artisanally

7:10 um

7:11 and my introduction into automation has

7:15 been you know python python e right uh

7:19 software programming stuff and that's

7:21 not a strength of mine so I've struggled

7:24 with automation because I think you have

7:27 to be a programmer to automate a network

7:30 um

7:31 so I guess my real question is you know

7:33 why why terraform do I need to be a

7:36 programmer to use terraform uh not

7:38 really uh and that that question is

7:41 actually extends even even to

7:43 organizations right uh if you want if

7:46 you want to like automate everything

7:48 using their API uh you need to have

7:50 basically a group of programmers and you

7:53 end up like creating uh like custom

7:57 automation for everything that you

7:59 automate

8:00 um that's kind of where something like

8:02 terraform helps a lot where

8:05 um

8:05 the complexity of automating something

8:07 uh in other words like the complexity of

8:10 uh getting a clean car is hidden under

8:14 what are called terraform providers

8:15 which take care of the actual

8:17 interaction of the API

8:19 um and the end user is left with just

8:22 saying give me a clean car or my car is

8:25 clean uh and you know the telephone

8:28 provider hides the automation

8:31 um so uh as as an organization if you

8:36 have a group of people who know how to

8:38 write terraform uh you don't need a

8:42 group of people who need to automate all

8:45 the things that you want to automate

8:47 that's that's kind of where uh that's

8:51 kind of where like something like

8:52 terraform helps in automating your

8:54 infrastructure quite a bit it makes a

8:56 lot of sense yeah knowing terraform uh

9:00 is is a powerful thing in itself right

9:02 because it allows you to automate even

9:05 unfamiliar platforms

9:07 so you know maybe I've used terraform

9:09 against AWS but never against Azure or

9:12 gcp well you know by the end of the

9:15 afternoon I'll be automating stuff in in

9:17 Azure or gcp uh because so many of the

9:20 concepts are are you know perfectly

9:23 familiar perfectly you know mapped from

9:25 one to the other even though the apis

9:27 are wildly different right like a

9:29 virtual machine is a virtual machine uh

9:31 so if you know how to define a virtual

9:33 machine uh that is largely transferable

9:37 across platforms yeah so that's that's

9:40 the real power of something like

9:42 terraform so what I'm hearing is I don't

9:44 need to be a programmer or is that just

9:46 what I want to hear I mean do you can

9:48 you can you show me what can you show me

9:50 what this looks like is it scary is

9:53 there any way to see this yeah let me

9:54 bring up a little screen share here uh

9:56 what we're looking at here is uh the

9:59 abstra

10:01 um

10:02 configuration page for a routing policy

10:05 so this is you know all the details

10:07 about importing and exporting routes

10:08 from your data center fabric that should

10:11 be at least you know medium familiar to

10:14 most Network operators

10:16 uh it's a combination of

10:18 uh you know prefix lists or route

10:20 filters or you know all of that kind of

10:22 stuff

10:22 that you would apply in uh in any

10:26 network and this is how App Store

10:28 expresses it

10:29 if we go to the the edit button for this

10:32 thing you see we've got you know fields

10:34 to to make changes to different you know

10:36 text fields and radio buttons and check

10:38 boxes and all the things that appstra uh

10:40 presents

10:42 the terraform code to accomplish the

10:44 same thing I say code the terraform

10:46 configuration file to accomplish the

10:48 same thing uh is right here I'll put

10:50 these two up next to each other so you

10:51 can you can compare

10:58 what do you think that's not scary

11:01 well I mean I would I would say if it's

11:03 scary I've I've railed against how

11:05 afraid I am of coding and I mean this

11:08 looks it looks intuitive to me

11:11 um I'm looking at the left

11:13 and there's the name there's a

11:14 description it's

11:17 if I want to enable things I put true

11:19 and not false I mean I think I could

11:22 I think I could do this the way you'd

11:24 probably consume this is you know you go

11:26 to the documentation page for you know

11:27 you would first decide you need to

11:29 create a routing policy right go to the

11:31 go to the documentation page for routing

11:33 policies in the provider it's easy to

11:35 find

11:36 uh you know copy and paste a sample into

11:39 your local editor and then start

11:41 whacking away at names and prefixes and

11:45 true false switches and and whatever

11:48 and uh you know if we want to make a

11:50 change uh like right now you see the uh

11:53 export loopback buttons uh feature is

11:55 configured the box is checked and over

11:57 on the terraform side it says true if I

11:59 make this false

12:01 in terraform and uh

12:07 and tell terraform to to make that

12:10 change live in abstra

12:14 uh currently export loopbacks the US

12:17 says it's on the UI is some JavaScript

12:19 that will get there changed already it

12:21 says loopbacks no no so it's just a

12:24 matter of you know changing a word in a

12:26 text file and then those changes are

12:28 reflected in the web UI

12:31 wow that's awesome I think I could do it

12:33 Chris and Raj I think yeah and the cool

12:35 thing is uh you could now commit that uh

12:40 the terraform config into a git repo

12:43 um or even before you did that you could

12:46 create a pull request and somebody else

12:48 can review it and tell you if it's good

12:49 uh so a lot of the kind of software

12:53 engineering practices uh can now be

12:56 applied to something like this uh in a

12:59 kind of transparent manner yeah that's

13:01 really important right the you know is

13:03 the goal to express your GUI in in text

13:07 well kaida right you know intuitively we

13:11 think that a GUI is easy to use or

13:12 easier to use and that's probably true

13:15 but you know it's missing some some

13:18 features and some capabilities right how

13:20 do you Version Control a GUI how do you

13:22 know how do I tell you what I want in

13:24 the GUI

13:25 um or you know the guy that's working a

13:26 different shift from me

13:28 um how do I validate that

13:31 all of the check boxes in the GUI are

13:33 what I expect them to be right it's just

13:36 clicking around to the web UI and and

13:38 reading uh reading pages and and

13:41 comparing them to my notes with

13:43 terraform we can make it true from text

13:46 we can compare it to the text you know

13:48 we can enforce it and then we can feed

13:50 it through additional processes that do

13:52 compliance checks and peer approvals and

13:56 all kinds of stuff that are really hard

13:59 to do with I'm going to check that box

14:01 tonight is that okay as a peer review

14:05 process right so I think we've already

14:06 gotten into my next question which is

14:08 what are the benefits of using terraform

14:10 with abstra and if I understand you

14:12 correctly looking at this

14:15 if I was a junior engineer and you were

14:18 a senior engineer and you were writing

14:20 up a change for me to perform in apture

14:22 one night to your point

14:24 how do you communicate to me

14:26 and documentation like in a mop right

14:28 like a method or procedure like okay

14:30 Andy you know go do this thing tonight

14:32 and

14:35 to me it looks

14:37 easier for you to communicate to me what

14:40 needs to be done in that terraform

14:42 config file then

14:44 trying to describe that in a GUI does

14:47 that sound I mean I could point you to

14:48 an existing terraform config and say

14:50 yeah it's just like this one but you

14:52 know that the name should be you know

14:55 prod instead of Dev or something like

14:57 that right

14:59 um and after you write your uh your

15:01 template of the config you want it you

15:03 want to implement you can show it to me

15:04 or you can run terraform plan which comp

15:08 where terraform Compares your text

15:10 against what's live out in the system

15:11 right now

15:13 and produces a summary of the diffs

15:15 right so you could come to me later or

15:17 as a part of our formal uh you know

15:19 change management process and I could

15:21 review those diffs and say yep that jet

15:24 change is expected that change is

15:25 expected you know why is this thing

15:27 changing that something seems wrong

15:28 right and we can catch those differences

15:31 uh well before they're implemented

15:34 there any other big differences uh using

15:37 terraform with aperture does this help

15:39 with repeatability let's say I have to

15:41 stamp this out in you know two dozen

15:42 data centers

15:44 is this helpful absolutely terraform's

15:47 got a bunch of modular features that let

15:49 you refer to data from other other

15:51 sources and and run things in loops and

15:54 and uh you know sort of templatize

15:58 things kind of mad lib Style

16:00 uh that that lets you stamp out you know

16:03 identical or near identical to the

16:05 degree you need them uh configurations

16:07 awesome but yeah all of this is only

16:10 possible though because of abstra right

16:12 to to terraform you know in theory right

16:14 you could terraform

16:15 switch configs directly

16:18 right I I want to switch configuration

16:20 that says you know has this this

16:22 following blob of text and that's what

16:24 people are doing with other automation

16:25 tools now with with ansible or or

16:28 um

16:29 you know various other tooling is

16:30 they're they're writing their switch

16:32 configs

16:34 um that's that's a lot to manage though

16:35 the the

16:36 app store is abstracting away a lot of

16:39 the implementation details and uh and

16:41 just focusing on the outcomes makes this

16:43 infrastructure as code approach uh

16:47 easier to consume like possible to

16:49 consume right as opposed to looking at

16:51 you know a thousand line you know config

16:54 divs for each of many dozens of boxes

16:57 which that'd be that'd be a lot yeah so

16:59 it's like a nice fit between abstra's

17:01 intent and terraforms declarative models

17:05 so it's like it's a that that's what

17:07 that's what makes this whole thing

17:09 possible

17:10 how did we get here

17:12 right when I mean Chris you and I

17:14 started together and a year and a half

17:16 ago and

17:18 there was not terraform for abstra so

17:21 how did you know this thing is released

17:24 it looks amazing and it's out there for

17:27 consumption I mean how what was the

17:29 birth of this how did this come to you

17:32 know how did you land on terraform

17:33 perhaps sure I I was aware of abstra

17:36 from Field Day events and and other

17:38 industry stuff but I hadn't paid a ton

17:40 of attention to it it wasn't relevant to

17:42 the work I was doing at the time

17:44 and when I started a juniper I you know

17:46 became much more familiar with abstra

17:48 and what it was all about uh and I had

17:51 just been doing a lot of terraform work

17:52 uh in my previous gig

17:54 and you know these two are a natural fit

17:58 together it's so obvious to me uh that

18:01 uh they should go hand in hand and uh so

18:05 we just started started working on it

18:07 and uh here we are

18:08 and is that because the terraforms

18:10 declarative model and aperture's intent

18:12 they just kind of line up

18:13 philosophically and yeah exactly yeah

18:16 yeah yeah abstra's intent comes with you

18:19 know implicit this is declarative which

18:21 is really unique in the networking space

18:22 yeah yeah big time it's something that

18:25 uh you know that that it was missed for

18:28 so long also kind of doesn't surprise me

18:29 that much because

18:31 you know Network people have not had the

18:33 luxury of consuming terraform you know

18:35 most Network people don't know it and we

18:38 also haven't had the luxury of of uh

18:41 declarative models in our in our

18:42 networking it has always been

18:44 you know go go configure a thousand

18:46 different switches slightly differently

18:48 on each of many dozens or hundreds of

18:50 boxes

18:51 and uh having the luxury of of an

18:53 orchestrator that uh has its declarative

18:56 intent based model

18:58 um you know it's new to the to the

19:00 industry relatively so

19:03 together these things are a natural fit

19:05 so you're saying clean car is better

19:08 than get the bucket get the soap get the

19:10 scrubbing brush get the hose turn on the

19:12 water move the car yeah Andy you turn

19:14 the water on by by turning to the left

19:15 not the right right I mean we can drill

19:18 so far into the details of torque yeah

19:22 it's yeah it sounds like a much better

19:24 way to do things I just want to clean

19:25 car Chris I don't want to care about the

19:27 minutia and and that minutia is you know

19:30 not even just you know how to operate a

19:32 bucket in a sponge but you know do I

19:34 hire someone do I have somebody come and

19:35 pick it up do I drive it to the car wash

19:38 like you don't care

19:40 but you got to trust me to make good

19:41 decisions and uh and you know our

19:43 position is that you can trust abstra to

19:45 make good implementation decisions

19:46 agreed um what's this current status of

19:49 the project so when this when this

19:50 episode is released it'll be public

19:52 right the the initial release what's

19:54 what's the status and can you talk about

19:56 what's coming in the future

19:58 yeah absolutely so uh we started with

20:01 design stuff which is

20:04 um a lot of you know details of

20:06 implementing your network what kind of

20:07 devices are we talking about the shape

20:08 of the fabric all of that kind of stuff

20:10 that's not something that people are

20:12 going to be life cycle managing like you

20:15 do with terraform that much it's you

20:17 know usually a I set up my Fabric and

20:19 and then I don't think about those

20:20 details again

20:22 um but that's where we started we have

20:24 some limited day two features uh you

20:27 know completely working now by the time

20:29 this episode drops there will be a lot

20:30 more

20:32 um it's a work in progress you know

20:33 watch this space we're adding uh we're

20:36 adding features every week

20:38 fantastic

20:40 uh so where can we direct customers

20:43 interested in terraform for apps sure

20:44 where can they find this the provider

20:46 will be published on hashicorps uh

20:50 hashcorps provider registry so you know

20:53 really you just start writing the

20:55 terraform configuration that that

20:57 mentions abstra and uh when you run

20:59 terraform it'll download the thing and

21:00 install it on your system automatically

21:03 um the source is going to live on GitHub

21:06 it's at github.com Juniper uh for the

21:10 two projects that we talked about the

21:11 the SDK that that knows how to talk to

21:13 appstra and then the terraform provider

21:16 that knows how to integrate with

21:17 terraform

21:18 thank you hashicorp thank you June for

21:20 abstra thanks guys so much for coming on

21:22 guys I'm hoping that we can do some

21:24 future episodes uh of this show with

21:27 future releases and different demos and

21:30 I'm excited to see more you guys have

21:32 any closing thoughts before we sign off

21:34 looking forward to doing it again I'd

21:36 love to do a demo

21:38 yes demo next for sure I really want to

21:40 see a demo yep

21:42 awesome thanks guys thanks so much for

21:44 joining us on the terraform for Juniper

21:46 Rapture podcast and we'll see you next

21:48 time