In this workshop you will get hands on experience with the Model-Driven DevOps framework. You will explore data models, programmable infrastructure, controller platforms, version control, sources-of-truth and workflow engines. The goal is to illustrate the business outcomes that can be achieved with DevOps when applied to network infrastructure. Many people talk about the benefits of DevOps, but there are few places to see it applied to network infrastructure. Today is your lucky day!
Model-Driven Devops (MDD) is an IaC approach to automating physical infrastructure that focuses on data organization and data movement into the network in a way that seeks to treat the network the same as other parts of the infrastructure. It focuses on using industry standard tools and DevOps methodologies, implemented as a CI/CD pipeline, to break down silos between network operations and the rest of the infrastructure. For example, this is a common flow in cloud operations:
Key to this flow is that all the data (Source of Truth) needed to configure the infrastructure is in the data file (CloudFormation Template). Also, this is not a programmatic approach. If you want to configure something different, you add data to the Source of Truth as opposed to writing another Ansible playbook or Python script. We firmly believe that most network operators should not need to become programmers; however, they will have to learn a new skillset around data models and data manipulation.
When fully implemented, MDD requires a similar skillset to cloud operations. That is, when a network operator wants to configure, validate, or test something new, they just need to know how to add data to the Source of Truth and manipulate schemas. Furthermore, MDD can fit into existing CI/CD pipelines as opposed to needing to operate the network infrastructure differently. This allows for a de-siloization of IT making it possible to leverage developers and DevOps Engineers across application development, cloud operations, and network operations. This is possible because the MDD pipeline looks the same as any other code (or IaC) pipeline:
This workflow allows for a group of network engineers and network operators to collaborate on a change, test that change, get approvals, then push that change into the production network. MDD's testing methodologies include "linting" the configuration data for typos, validating the configuration data for anything that would violate organization norms or create vulnerabilities, and then testing the result of that change in a network before deployment:
The goal is to find bad configurations before they are pushed into the network.
In this workshop you will be using the MDD reference implementation. The reference implementation is a specific implementation of the MDD concepts layed out in the book Model-Driven Devops. The reference implementation uses Cisco Modeling Labs to provision the topology, Ansible as the workflow engine, Cisco Network Services Orchestrator (NSO) as the platform and GitLab for version control and CI.
Shown below is the topology you will be working with during the workshop. It is a typical HQ/branch architecture with L3 VPN in the WAN, rendundancy at the HQ site, and NAT at the ISP edge.
These exercises will help you get hands-on experience with different aspects of the reference implementation. You will begin by getting familiar with the data and Ansible playbooks in Visual Studio Code and finish with the fully implemented pipeline in GitLab.