Jeroen welcomes me at Uniserver, a strategic Dutch cloud provider offering solutions for business-critical IT environments. He loves to talk about new developments in the company, like the onboarding program for new employees. Jeroen: ”When I started working here, I became part of a small group together with other new hires. In one month, we were expected to have one-on-one meetings with the department heads. This gave me a unique understanding of what the company was all about. And it served me well in my daily job. We offer complex IT solutions for our customers and a well-performing network is essential to our business. Both my colleagues and our customers expect the network to be up and running flawlessly. The meetings gave me valuable insights into the business and how I, as a network engineer, can support it in the best way possible.”
First steps towards network automation
Jeroen is a special breed; he developed his own network automation solution. It was born out of frustration, but also from his need to constantly improve daily tasks. Jeroen: “What is important when you start automating is that you start small. You can think of the most beautiful solutions, but with the ever-changing network and demands from customers, your design can be outdated before it reaches production. So just start with automating parts of the process, and test it. Then you can build from there.”
Jeroen ended up creating a solution in which configurations were made with Python and deployed by Ansible. This was a major step in terms of consistency, time to deploy, and stability of the network. Jeroen: ”I was quite content with what was built, but I was still depending on manual input and control. I knew that for my solution to scale I needed a more robust platform. One that could store all the logic I put in my design. And I also wanted to make sure that the solution would still be working regardless of me.”
Jeroen and his colleagues defined a number of requirements for an updated version of the automation solution.
Jeroen: ”It all starts with network inventory; you have to be able to validate input, and also do consistency and compliance checks. So you have to know the actual status of the network. The next requirement was that it should be API enabled, in other words: approach the network from any other process with a simple choice from a catalogue. It should also be able to simply generate configurations with the help of smart templates, so you don’t have to make a new template for every situation that is a little bit different. Of course, it had to be GUI enabled to make it easy to manage and execute. And last but not least: we wanted to have a history of all actions and activities that were done on the network.”
When searching the available solutions on the market, Jeroen discovered NetYCE. “The great thing about NetYCE is that they offer a free version of their software, so I could install it myself and start playing with it. I quickly understood that this platform has been running in large enterprise environments for more than ten years. This means a lot of challenges have been solved already and I could benefit from their learnings without making the same mistakes.”
Uniserver integrated NetYCE into its network automation solution 2.0.
Jeroen: “We use our own network automation API, so we can decide when and how to use the functionalities of NetYCE. The APIs are also advertised to other departments where they can now use structured tools to automate and integrate their tasks. The good thing is that I can still work with my philosophy of starting small. The platform allows me to define a small process to automate but stores this in such a way that I can replicate and add onto it without any trouble. The database stores all the logic and makes sure that everything works together.”
The big test
The big test came when Uniserver needed a serious extension of the network. The challenge was to make sure customers did not experience any downtime of the system and everything should work as before. The plans were meticulously prepared by Jeroen. “With such a project, you cannot simply shoot configs, there’s a lot of testing to do and a lot of what-ifs and logic that has to be implemented. I was able to prepare everything and scheduled the jobs for 11 PM at night. And then we pushed the button... To my relief, but not really as a surprise, everything was executed flawlessly.”
Multicast VLAN configuration updates
Jeroen wanted to test NetYCE capabilities within the internal Uniserver network first. The goal was to update 15 nodes, this change included changing several VLANs and their related VNI and multicast configuration on their FabricPath network without any customer impact. When they would use NetYCE’s job scheduler, by default, every 2 seconds a job is taken from the queue resulting in a lead time of 30 seconds. This was too long and caused too much risk; there could be no time-outs and no risk of a network reconvergence. Jeroen decided to use the NetYCE multiple queues functionality; firing 15 jobs simultaneously into the network. The results were excellent, and Jeroen confidently went ahead and did the same for all the VLANs and VNIs for all customers.”
Jeroen is looking forward to automating even more: “The thing is that I have to keep myself in check because this framework can do so much. And the good thing is that everything I worry about or don’t understand, the guys at NetYCE have thought of before and implemented a live scenario for it. This means I can totally trust the way of going forward.”
What’s his advice to engineers that want to start automating by using Ansible and Python? “Please do, I started that way too. It gives you great insight into the logic you have to make yourself familiar with. We use Python scripts in combination with NetYCE and if we want we can use Ansible as well. It’s totally not comparable in terms of functionality. Where Ansible gives you the ability to automatically deploy configurations, NetYCE makes sure that all logic is stored centrally so you can scale. You don’t want to automate on a need-by-need basis, you want to make sure it’s futureproof.”