Bagaimana Network Engineer

Jaman Now (Seperti di Google)

Melakukan Otomasi
Di Masa Pandemi

Himawan Nugroho
About The Speaker
Google Global Networking
Product and Program Manager
IoT Automation and Data Insights platform

Google for Startup Accelerator (GfSA)

Google Mentor and Startup Success Manager

Google Cloud
Strategic Program Manager for Africa

Jawdat Teknologi Indonesia

Founder and Chief Product Advisor
Automation Software and Data Analytic Platform
for Telco Operators and Enterprise Customers

Former speaker at Cisco Live global events

War Robots clan leader
Living in Zürich, Switzerland
Disclaimer

This is NOT a Google official presentation

Opinions are my own
 Covid-19 Impacts to the Internet

Source: Internet performance during the COVID-19 emergency Source: The Virus Changed the Way We Internet
The Internet Before Covid-19 Was Already Big

4 Billion+ global Internet users

1 Billion Hours of YouTube video watched per day
2 Billion+ monthly active Facebook users
3.5 Billion global smartphone users
20 Billion+ connected devices
Average Internet speed in the US: up from 3 Mbps in 2007 to 20 Mbps in 2017
 What Makes The Internet?

Source: Internet service provider

Source: Internet Mapping Project

Source: High Availability Campus Network Design

Source: Submarine Cable Map

We Actually Need Solution Even Before Covid

Add New Device

Build New Site
Increase Link Capacity
Redirect Traffic on WAN Links
Modify Device Configuration
Change Security Policy on Device
Implement Quality of Services
Software Upgrade
Hardware Replacement Source: A technician pulling on a tangled mess of CAT 5 cables

And many other daily tasks

Automation is Inevitable

Source: The Business Impact of Network Automation

“Automation is a matter of survival in the scale-out world, not a luxury.”

- Bikash Koley, VP of Google Global Networking
Source: NANOG Keynote: Bikash Koley
Is Software Defined Networking the Answer?

“SDN happened because we have no other way to manage the network system at scale”
- Bikash Koley, VP of Google Global Networking
Source: NANOG Keynote: Bikash Koley
Software Defined Networking at Google

Source: NANOG Keynote: Amin Vahdat

Reliable Network System Requirements

Software makes the system reliable

The system is
● Built on common software platform
● Abstracted via APIs and well-defined data-models
● Programmable at every layer
● With clear separation between data-plane, control-plane and management plane
i.e. the system is software defined
Source: NANOG Keynote: Bikash Koley
 Intent Based Networking, as per Gartner

Translation and Validation – The system takes a higher-level

business policy (what) as input from end users and converts it to the
necessary network configuration (how). The system then generates
and validates the resulting design and configuration for correctness.

Automated Implementation – The system can configure the

appropriate network changes (how) across existing network
infrastructure. This is typically done via network automation and/or
network orchestration.

Awareness of Network State – The system ingests real-time

network status for systems under its administrative control, and is
protocol- and transport-agnostic.

Assurance and Dynamic Optimization/Remediation– The system

continuously validates (in real time) that the original business intent of
Source: Intent-based Networking the system is being met, and can take corrective actions (such as
blocking traffic, modifying network capacity or notifying) when
desired intent is not met.
Intent Based Networking at Google

Source: SDN in the Management Plane: OpenConfig and Streaming Telemetry

 From Intent to Config Change, The Old Way

“Connect Border Router to ISP”

Device State of
Which Which Device
Inventory device to
physical
circuit? change?
Circuit
Inventory How the
topology Is the
looks like? device up?
Network
Topology Plan of
Which port Change
to use? Network Engineer South Bound Protocol e.g. SSH Network Devices
Design
Rules
Which IP Which ACL
address to to enforce?
IP
Database use?
Any config
Retrieve Data template
Config Any routing
/ Information to use?
Template policy to
from Multiple
use?
Data Sources ACL Routing
Policy Policy
 From Intent to Config Change, The Old Way (2)

“Connect Border Router to ISP”

Has the State of
Device change
Inventory Device
completed?
Circuit
Inventory

Network
Topology

Design Network Engineer Network Devices

Rules

IP
Database
Update Data
Sources with Config
Information Template
(if there is
ACL Routing
anything new) Policy Policy
Source of Truth

“...is the practice of structuring information models and associated data schema
such that every data element is mastered (or edited) in only one place. Any possible
linkages to this data element (possibly in other areas of the relational schema or even
in distant federated databases) are by reference only.”

Source: https://en.wikipedia.org/wiki/Single_source_of_truth
 If Only All Data Sources Are Machine Readable

“Connect Border Router to ISP”

Device State of
Inventory Device

Circuit
Inventory

Network
Topology

Design SB Protocol Network Devices

Rules Network Automation Platform

IP
Database

Retrieve Data Config

/ Information Template
from Multiple
Data Sources ACL Routing
Policy Policy
Workflow Engine to Automate… Workflows

Workflow (noun): the sequence of industrial, - name: Network Getting Started First Playbook Extended
connection: ansible.netcommon.network_cli
administrative, or other processes through which a gather_facts: false
hosts: all
piece of work passes from initiation to completion. tasks:

- name: Get config for VyOS devices

vyos.vyos.vyos_facts:
gather_subset: all

- name: Display the config

debug:
msg: "The hostname is {{ ansible_net_hostname }} and the
OS is {{ ansible_net_version }}"

- name: Update the hostname

:
vyos.vyos.vyos_config
backup: yes
lines:
- set system host-name vyos-changed

- name: Get changed config for VyOS devices

vyos.vyos.vyos_facts:
gather_subset: all

- name: Display the changed config

debug:
msg: "The new hostname is {{ ansible_net_hostname }}
and the OS is {{ ansible_net_version }}"

Source: Red Hat Ansible Network Automation Updates

 Machine-Readable Source of Data: IP Address

$ curl --url "http://localhost/gestioip/api/api.cgi" -u gipadmin:xxxxxx

-d"request_type=listHosts&client_name=DEFAULT&filter=hostname::test1"

<?xml version='1.0' encoding='UTF-8'?>

<listHostsResult>
<error>
</error>
<HostList>
<Host>10.0.3.4,test1,Lon1,server,,,</Host>
<Host>10.100.3.4,test1,Lon1,server,,</Host>
<Host>192.168.7.93,test1,Lon2,workstation,,,</Host>
</HostList>
</listHostsResult>

Source: GestióIP IPAM v3.5 API Guide

 Machine-Readable Source of Data: Topology
$ ./netgrph.py -p 10.26.72.142 10.34.72.24

┌─[ PATHs L2-L4 ]

│
├── L2 Path : abc7t1sw1 (Gi2/42) -> abc7t1sw1 (Gi1/38)
├── L3 Path : 10.26.72.0/22 -> 10.34.72.0/22
├── L4 Path : VRF:default -> FwutilFW -> VRF:utility
├── Lx Path : 10.26.72.142 -> 10.34.72.24
├── Traversal Type : All Paths
│
├─────[ SRC 10.26.72.142 04bd.88cb.xxxx abc7t1sw1(Gi2/42) [vid:260] ]
│
├───┬─[ L2-PATH abc7t1sw1 -> abcmdf1|abcmdf2 ]
│ │
│ ├─────[ L2-HOP #1 abc7t1sw1(Te5/1) -> abcmdf1(Eth1/8) [pc:1->108] ]
│ │
│ └─────[ L2-HOP #1 abc7t1sw1(Te6/1) -> abcmdf2(Eth1/8) [pc:1->108] ]
│
├─────[ L3GW 10.26.72.0/22 abcmdf1|abcmdf2 ]
│
├───┬─[ L3-PATH 10.26.72.0/22 -> 10.25.11.0/24 ]
│ │
│ ├───┬─[ L3-HOP #1 abcmdf1(10.23.74.11) -> core1(10.23.74.10)
[vid:2074] ]
│ │ │
│ │ └─────[ L2-HOP #1 abcmdf1(Eth2/26) -> core1(Eth7/27) ]
│ │
│ ├───┬─[ L3-HOP #1 abcmdf1(10.23.74.21) -> core2(10.23.74.20)
[vid:3074] ]
│ │ │
│ │ └─────[ L2-HOP #1 abcmdf1(Eth3/8) -> core2(Eth4/25) ]
│ │
Source: https://guides.neo4j.com/gcloud-testdrive/network-management.html │ ├───┬─[ L3-HOP #1 abcmdf2(10.23.78.11) -> core1(10.23.78.10)
[vid:2078] ]
Source: https://github.com/yantisj/netgrph │ │ │
│ │ └─────[ L2-HOP #1 abcmdf2(Eth2/26) -> core1(Eth8/25) ]
│ │
│ └───┬─[ L3-HOP #1 abcmdf2(10.23.78.21) -> core2(10.23.78.20)
[vid:3078] ]
│ │
│ └─────[ L2-HOP #1 abcmdf2(Eth3/8) -> core2(Eth8/25) ]
│
 How We Interact With Network Devices

The Dark Ages Current day Intent Driven Target

Platform-specific Some abstraction, tools Common management

tools, processes, skills sharing, simplification API, no proprietary
integrations, native
common interface / support on all vendors
language
JNPR ANET CSCO
tools tools tools
JNPR ANET CSCO common API
driver driver driver
OpenConfig for Config and Operational State
 OpenConfig Data Models: YANG

module openconfig-bgp {
container bgp {
leaf as-number { type uint32; }
YANG: Schema definition language
list neighbors { divided into logical modules
key “neighbor-address”;
leaf neighbor-address { type leafref { …. } } Defines a tree structure where
container config { ‘containers’ and ‘lists’ encapsulate data
leaf neighbor-address { type string { … } }
}
items
container state {
config false; Data items (leaves) are typed, and can
leaf session-state { contain data such as default values
type enumeration { enum ESTABLISHED; … }
}
} Used to model both ‘configuration’
} (writeable) and ‘state’ (read-only) data
}
}
Same OpenConfig for Streaming Telemetry

Step 2 -- more complete data Step 3 -- OpenConfig data

Step 1 -- from pull to push
over gRPC channel over gNMI

Proprietary data over Proprietary data over gNMI transport with

proprietary transport, gRPC transport, OpenConfig schema
partial coverage increased coverage
Collectors Collectors Collectors
Translation Proxy Translation Proxy
When We Have a Model As Source of Truth
Google Path to Autonomous and Intent Driven

Source: NANOG Keynote: Bikash Koley

Where are the Network Engineers?

“People manage systems which manage devices”

Source: Senior Network Engineer, Enterprise Networks

Network Automation is Built Over Time

Network Engineers must develop skills to be able to automate task, to Intent Based Networking
How to Become Network Engineer Jaman Now

Networking Skills (Vendor Agnostic)

Linux OS
GIT or mechanism to manage source code
Data Model, Data Structure and Data Format
API, at least REST
Linux scripting, if possible Python
Software development environment & process
Network Virtualization
Cloud Networking
Network as a System
Treat network as cattle not pets
Certifications?

Source: Cisco Certified DevNet Associate

How to Start Network Automation Project

Always start from business problem

Pick one specific use case
It’s all about people (culture), process and tools
Network data sources are the assets
Work with trusted partner

“Bikin software otomasi network itu berat,

biar Jawdat saja” - Dilan 2020
Questions?