PSEFABRIC is a new approach to network management and automation. Step to the ideal

Before you start


 
 
All that is referred to here is more related to data centers and office networks 3r-3295.  
it will be about the project. https://github.com/nihole/PSEFABRIC
 
See also 3r3187. article
which outlines the basic principles of PSEFABRIC.
 
 

The ideal network management system


 
I dare say that from the point of view of control and automation 3r33340. PSEFABRIC
Now the closest of all other solutions is to what could be called the “ideal network manager.”
 
 
If you have a good car, then you know what a good control system is. You, as a user, need to know only how to change the speed and direction of movement, and it is this and only this that, by and large, provides you with an interface. In this case, the machines may be different, from different manufacturers, with different technical solutions - the interface is still the same: brake, gas and steering wheel (suppose you have an automatic transmission).
 
 
Can this approach be transferred to networks and, if so, which control system would be ideal for the network?
 
3r3342.
 
To answer these questions, let's first answer the question, and who is the driver?
 
 
Networks, not being a “spherical horse in a vacuum,” do not exist for their own sake, they exist for one single purpose — data transfer. And the users of this service are applications. All the application needs is grids and connectivity between them. The configuration point should ideally be single for the entire network (rather than a hundred different network devices) and the interface should be simple and unified.
 
 
And of course, this is an impossible task, because from the point of view of the network, everything is difficult: hundreds of protocols, types of equipment, vendors, designs are an ocean of all sorts of options. How to create a product with a simple unified interface that would take into account all this diversity? It is clear that the problem in this form can not be solved.
 
 
And yet, now we can say that there is a solution, and PSEFABRIC shows it. The task, of course, needs to be slightly modified, but, fortunately, this change is not significant.
 
 

Task setting 3r33231.
 
There are two good news.
 
 
The first is that after you have finished building your network and put it into operation, from this point on, the range of tasks that you do on the network is greatly narrowed.
 
Usually operational tasks are as follows: 3r3333346.  
 
 
creation /deletion of the configuration related to the configuration of L2 /L3 protocols for connecting devices (network, wilan, subinterfaces, ).
 
I will call this the creation /deletion of networks.
 
opening /closing accesses
 
create /delete virtual servers for balancing traffic 3r32r9595.  
 
This gives us the opportunity to change the original requirement. We are not going to manage all network operations. We distinguish several interrelated operations, namely 3r-3346.  
 
 
creating access
 
networking (in the sense described above) 3r3323295.  
creating virtual servers for balancing
 
 
 
The second good news is the interface.
 
 
Cisco Product 3r3117. ConfD
gives us everything you need. With the help of the language YANG, we can describe (and thus create) virtually any necessary logic of our interface. We will also have everything we love so much. Here is some of this:
 
 
 
saving configuration 3r329595.  
candidate & running configuration version (commit capability)
 
syntax check and change logic
 
rollbacks
 
AAA
 
configurable via cli, http, rest, netconf, snmp
 
 
PSEFABRIC v.010


 
New version v.010 PSEFABRIC
 
 
 
makes it easy to switch between contexts of different projects 3–3–3349.
 
is
easily customizable
under a wide variety of designs, equipment and requirements. This is provided by the following PSEFABRIC properties:
 
project 3r3167. p000
which is a template for other projects. The recommended approach when creating a new project is to copy the files of this project with their subsequent modification 3r-3295.  
set tools for setting PSEFABRIC. It does not require a code change
 
methodology , describing the sequence of steps to be taken in the process of implementing this solution 3r-3295.  
 
 
When a year ago was written This article is By and large, this was the answer to the question "Is it possible in principle?".
 
 
The example given then (now it is called the project 3r3193. P001
), Being interesting in terms of a set of equipment (Cisco Routers, L3 Switches, Switches, Cisco ASA, Juniper SRX), is still somewhat artificial.
 
 
The big advantage of this project (p001) is the presence of a laboratory (UNL) where you can “play around” with the settings of PSEFABRIC and all the above equipment, understand the principles of operation, the main points of configuration, familiarize yourself with the diagnostic tools 3r3333346.  
 
The current version of PSEFABRIC (v.010) is already a complete product. You can take and apply it in your network or in the network of your client. To demonstrate the flexibility and power of this solution, another project was created (3r3203. P002
).
 
 
This is a “combat” design that you can apply to yourself or the client. This is a popular and modern approach to building a data center based on long-standing ideas: 3r3333346.  
 
 
Nested logical segmentation
 
 
logical devices (ACI Tenants, Palo-Alto VSYS, N7k VDCs, )
 
segmentation from the point of view of routing (VRFs) 3r-3295.  
 
control of traffic between logical segments on firewalls 3-333295.  
MPLS cloud for connecting data centers
 
 
Equipment: Palo-Alto, Cisco ACI.
 
 
In this half-hour video, we analyze in detail. example 0 . In this example, using PSEFABRIC, we set up access between different network segments of the project p00? setting up ACI and PA equipment accordingly.
 
 

A little about the wonders


 
To understand how PSEFABRIC changes the idea of ​​network management, here are some examples.
 
 
Let's start with conceptual things.
 
 
 
Flexability. After answering all the questions in questionnaire setting PSEFABRIC for a new project takes from several days to several weeks. Much depends on how quickly you can create all the necessary templates. But in any case, 3 months looks like a realistic period for the introduction (along with testing) of this system. For example, setting up PSEFABRIC for project p002 took 1 week. Having experience in creating an access control system for ACI, I can say that even if we increase this time to 6 months for a complex project, it still remains a very, very good indicator.
 
Disaster Recovery. You actually have the “operating” configuration of the “entire network” in a single file. You can easily apply it to new equipment. But interestingly, you can even replace the type of equipment (for example, was Juniper SRX, and became Palo-Alto FW), change the settings of PSEFABRIC (or create a new project with new settings) and apply the same configuration, but to a new type of equipment. And it really looks like a miracle, right?
 
Access logging. The usual problem. If you are not logging, then very soon you no longer understand where and what and what access is needed, and which are already outdated, and in general you lose control over your network. If you are logging, then it takes a lot of time, and you are never sure that those accesses that are logged really correspond to the real configuration and in the end you stop doing it. Here you have both configuration and logging in one bottle.
 
DevOps. Now setting up your network is a simple, easy-to-read text file. Accordingly, you can apply best practice developments to changes in your network.
 
NaaS. Have you thought about how to implement the “Network as a service” solution? Now you have this solution with cli, netconf, REST, HTTP, SNMP interfaces.
 
 
And a few technical examples:
 
 
 
Have you tried to answer questions like “where /where is access from /to such-and-such network”? If you have several data centers and access is controlled on a dozen different devices, the answer to this question can be quite difficult. In the case of PSEFABRIC, this is elementary.
 
Some vendors offer solutions that are convenient in terms of access administration, such as a tag in Palo-Alto or TrustSec in Cisco. The bottom line is to automatically provide access to networks using tags. In PSEFABRIC, you can implement this for your entire network, regardless of vendor. Looks like a miracle? Yes, I think so.
 
You want to open access from several networks in which administrative resources are located (monitoring system, backup systems, ) to all network devices and Linux servers. Usually, this leads to the fact that you have to open multiple accesses on multiple devices. A feasible, but not very pleasant procedure, and of course there can be many such examples. In the case of PSEFABRIC, this can be one policy and then PSEFABRIC itself will determine where and which configuration commands should be applied.
 
 

Frequently asked question


 
And how does this differ from conventional orchestration, for example, using Cisco UCSD?
 
What is new in this approach?
 
 
The new one is that the orchestration is usually not aware of the network configuration and if information is required, the orchestration should make requests to real equipment.
 
For example, if you delete Contract on ACI, then the orchestration system has to look at all the ACGs on ACI to find all the providers and consumers for this contract. And it could be tens of thousands of EPG. And the point is not only in performance (although this too), but in that it greatly complicates the logic.
 
 
Well, just look at the previous chapter and answer the question, do you have all these advantages in case of orchestration?
 
 

Want! What to do?


 
PSEFABRIC is open source with an Apache License, Version 2.0.
 
 
Therefore
 
 
Join our journey into the world of perfect automation!
 
 
Welcome! :)
 
 
3r33333. https://github.com/nihole/PSEFABRIC
 
https://github.com/nihole/PSEFABRIC/wiki
 
https://github.com/nihole/PSEFABRIC/wiki/Installation 3r33357.
3r33354. ! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o].src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script"), r.type = "text /jаvascript", r.async =! ? r.defer =! ? r.src = t, r.charset = "UTF-8"; var d = function () {var e = a.getElementsByTagName ("script")[0]; e.parentNode.insertBefore (r, e)}; "[object Opera]" == e.opera? a.addEventListener? a.addEventListener ("DOMContentLoaded", d,! 1): e.attachEvent ("onload", d ): d ()}}} t ("//mediator.mail.ru/script/2820404/"""_mediator") () (); 3r33333.
3r33357.
+ 0 -

Comments 1

Offline
JacquelynSchmidt
JacquelynSchmidt 10 December 2018 18:57
I really liked this informative stuff and would like to get more to know about PSEFABRIC.Let me finish some essay writing service urgent work then I shall be back to you as early as possible.Thanks.

Add comment