Human Logic, Robot Automation
Automation is one of several tech buzz words of late, and it’s one that has caught on amongst most infrastructure/networking folk. The tech behind the buzzword is Ansible, AWS CloudFormation, vRealize, etc. which provide the capability to automate your infrastructure and start treating infrastructure as code or just to improve workflow between teams and take the human equation (error prone) out of the process entirely. So when a friend of mine coined the phrase Human Logic, Robot Automation, I thought it was a succinct definition of how automation has become so prevalent in many enterprises today and why repeatable workflows are so important. Most organisations have always had some level of automation, but it now seems to be encroaching on I.T silos that never had any real need for it before, such as networking. The industry has been talking about network automation for many years, but it’s now out of the realms of labs/POCs and is being used by organisations to deploy real networking constructs on demand.
So since I have been working for VMware, I have had the opportunity to work with network automation on the NSX for vSphere platform. Leveraging Python, vRealize and most recently using a PowerShell (PoSH) module called PowerNSX to drive the creation, modification and deletion of software based networking constructs. Some might argue that network automation should also encompass physical assets and although I haven’t done much in the way of automating physical devices, if the device had an API you could call, it would not be all that different from automating NSX. But physical devices tend not to have the maturity in this space that there software based equivalents do, but networking vendors are playing catch-up! There are numerous Open Source projects such as Netmiko that do make working with legacy devices much easier, so I won’t write off working with legacy gear altogether!
So what’s the purpose of this post? Well working with a customer recently, they wanted to develop a workflow that they could execute every-time they needed to create what we coined a network bubble. Logical networking constructs that are visible in NSX, that may have overlapping IP Addresses with production network segments but restricted from accessing systems outside of the bubble. Why, well simply, they wanted to test application restores, code releases to dev/staging servers, etc. but most importantly they wanted to do it on demand, dispose of it once they had finished and it had to be repeatable.
So we did just that, creating a PoSH script using PowerNSX that would stand-up logical switches, logical routers and associated firewall rules for the network bubble’(s). I should highlight, we were able to do this relatively quickly and easily because they had already implemented NSX for vSphere and so the script was called only to stand up the new constructs on their current NSX infrastructure with some help from the operator on the naming of switches and IP Addressing to use as input parameters. Access into the bubble was achieved using NAT or SSL Based VPN services on the Edge Services Gateway, that the customer defined per bubble.
All in all, they were able to create a repeatable workflow that anyone of their network operators could run to create these network bubbles with an arbitrary set of logical switches connected to the distributed logical router and attach virtual machines to logical switches for whatever they were trying to test. Being able to demonstrate this to a customer during a delivery engagement is quite powerful and proves the dream of network automation is now a reality 😃
Below is a animation of what’s happening whilst the script is executing:
As you can see, like magic we have created logical switches, routers and firewall rules all with the execution of a single script without having to go speak to the different I.T teams, purchasing of new equipment or spending countless hours on coding it up, thanks to PowerNSX abstracting the API calls for us.
The script has been included below with comments so you can use it for your own purposes as well: