3 Ways for Network Practitioners to Embrace DevOps with Infrastructure-as-Code

To achieve application agility and accelerate their digital transformation initiatives, enterprises need an agile infrastructure that is adaptable, flexible and provides abstraction capabilities. The challenge that enterprises face today is that infrastructure relies on proprietary tools and org structures impede collaboration across various teams.

Operations are siloed across NetOps, SecOps, DevOps and CloudOps teams resulting in lack of agility to address dynamic business needs. For example, NetOps team is responsible for provisioning network connectivity, and DevOps for deploying applications and services while capturing their linkages. Historically, provisioning a new application service required a handshake between the two. This resulted in manual, error prone processes with complex inter-dependencies, impacting the velocity of change.

Infrastructure as Code (IaC) enables IT Ops teams to embrace a DevOps model and accelerate application deployment, monitor operations, and optimize network performance and ensure compliance in a secure, predictable manner. Our customers are increasingly using IaC platforms like HashiCorp Terraform and Red Hat Ansible to programmatically configure data center and cloud infrastructures. This enables IT Ops teams to work together on a unified platform to automate the management of both the network and server infrastructure, from data center to cloud and vice versa.

In September of last year, Cisco introduced a slew of cloud-native network automation solutions jointly with HashiCorp Terraform and RedHat Ansible. These solutions help customers embrace a DevOps software model and leverage the infrastructure platform in a self-service manner by automating their networks with declarative abstractions.

For network practitioners, here are three solutions that can help you manage your IaC and stay in lockstep with application DevOps teams – regardless of whether you operate your network in Cisco ACI or NX-OS mode.

1. Cisco ACI – HashiCorp Consul integration

Achieve service-driven network infrastructure automation with visibility and insights.

Cisco ACI, HashiCorp Consul, Terraform, and Consul-Terraform-Sync (CTS) work together to provide end-to-end application infrastructure orchestration. The Consul ACI App provides real-time visibility across the network and application services and makes it easy to diagnose application issues and resolve network outages. The integration allows operators to see which services are running on each ACI endpoint by mapping service-mesh abstractions to intent-based networking abstractions.

With the adoption of micro-services architecture, managing changes in the service landscape of the network becomes crucial. The change management includes the dynamic discovery of services, their insertion alongside other instances of the same application and streamline the deployment of applications into a zero-trust network.

The app provides insights into service health and service-to-service communication independent of the workload (virtual, container and bare-metal) and independent of location (On-Premises, Edge and Cloud).

In addition, the Consul-Terraform-Sync (CTS) natively interacts with Cisco ACI network to manage network artifacts as the application demands it. Our joint solution demonstrates how services can dynamically scale-out and scale-in while maintaining a zero-trust model. As applications change, CTS uses Terraform as the underlying automation tool and leverages the Terraform provider ecosystem to drive relevant changes to the network infrastructure. Consul is the source of truth for any changes or additions to the application environment. This automation drives application agility by eliminating processes such as manual ticketing and reduces risk by minimizing manual misconfigurations across the infrastructure.

2. Automate VXLAN-EVPN fabric with Cisco DCNM providers for Terraform and Ansible

For customers embracing Cisco DCNM, similar automation capabilities are enabled through the integrations with RedHat Ansible and HashiCorp Terraform. Cisco DCNM abstracts network detail and automates configuration of VXLAN EVPN including underlay and overlay networks.

The Ansible integrations with DCNM provide customers an agile DevOps environment to accelerate their NX-OS deployments. Customers can use Ansible to automate, manage and monitor various components of the network infrastructure such as addition and removal of switches, VRFs and orchestration of interfaces using the open APIs of Cisco DCNM.

The DCNM integrations also cover a broad set of use-cases such as fabric inventory management, overlay control, switch interface and REST API module to deliver Infrastructure as Code. Typically tools like Terraform are used to provision the compute resources in preparation for the applications to be deployed. This will set the stage for deployment of applications, capturing all the dependencies on the underlying platforms by using tools like helm charts, Ansible or bash scripts. With CI/CD pipeline workflow, customers can quickly test the DCNM network before they push to production, in a DevOps friendly way with speed, consistency and minimized risk

3. Cisco DevNet as a vehicle to empower Developer community

Cisco DevNet offers the full suite of tools for the developers in all stages of their automation journey. The DevNet tools can be used with solutions such as Cisco ACI, DCNM and Network Dashboard to build customizable workflows leveraging agile infrastructure capabilities. Cisco provides developers with sandboxes, code samples, ACI bootcamps, free DevNet Express training, social outreach and a myriad of free webinar options for a risk-free, “learn before you deploy” experience.

We are seeing increasing interest in using HashiCorp’s Terraform with our datacenter solutions. To facilitate this, DevNet has released several guided learning labs with HashiCorp Configuration Language (HCL) and Terraform providers. These guided learning modules start with creating a simple tenant construct, then build on that construct with policy, using Terraform’s full suite of CRUD operations.

We recently released an additional module for Nexus Dashboard Orchestrator programmability using Ansible as the configuration management tool. This lab mimics many of the same operations as the Terraform lab, allowing the learner to fully compare the two tools and configurations to ensure a proper fit into their existing engineering, operations, and business processes.

All these labs can be found by accessing the ACI Programmability Learning Track and be completed using the newly released Cisco Nexus Dashboard Orchestrator Sandbox. Future learning modules will focus on using this tooling to create a single source of truth for automation of the API-driven datacenter without the need for complex manual workflows.

See the new Cisco ACI and HashiCorp Consul solution in action.
Register to join the Hybrid Cloud Demo Series on May 4, 2021:
Making Application Centric Infrastructure a reality with Cisco ACI and HashiCorp Consul

Driving DevOps Innovation Further

IaC is a key focus area for Cisco to drive network agility and innovation. We are committed to ensuring that the network lives up to the expectations of seamless connectivity and intuitive operations in an ever-changing application landscape. These recent innovations are a significant step in this direction.

With IaC tools and solutions expanding across organizations, the need to align NetOps, DevOps, SecOps, and CloudOps teams is crucial. Cisco’s mission is to provide consistent automation, Day-2 Operations, and secure transport to the Clouds, within Clouds, and among Clouds.

We welcome your feedback on how we can help you, our customers, and partners, to have the best experience on our journey together.