Arista Announces CloudVision

[SimonV]

Also interested if you can make it fit to CET timezone 

[NetworkGroover]

Also interested if you can make it fit to CET timezone 

Probably doable if you're willing to stay up late

Also as a reminder, this is going a bit off topic as what I would show is the vEOS/ZTP/Ansible functionality - this wouldn't be for CloudVision.

[NetworkGroover]

Hmmm.  that1guy15 - would you at all be willing to do it on a weekend... I think that's the only way to get Simon in since he's 8 hours ahead of me.

[SimonV]

Don't worry about it, 8 hours time difference will make it nearly impossible

[wintermute000]

what would be really cool is if you could put it up somewhere (post it here even) with your scripts/configs and rough notes, that would be wicked.

too. much. bloody. stuff. to. learn. I have an ACI course next week, gotta finish labbing Palo in the background, then hitting the books for VCP-DCV, aaaaargh

[NetworkGroover]

what would be really cool is if you could put it up somewhere (post it here even) with your scripts/configs and rough notes, that would be wicked.

too. much. bloody. stuff. to. learn. I have an ACI course next week, gotta finish labbing Palo in the background, then hitting the books for VCP-DCV, aaaaargh

This is going to sound completely biased, but I seriously would spend my time elsewhere than ACI - ask for customer references.  I'd be really interested in hearing some.  Anyway..

Well, it's relatively straight-forward.  Arista switches have an API called eAPI that you can use to push configuration and other stuff.  There is also a Python Client for eAPI (pyeapi) that gets installed on the Ansible control node that acts as a sort of translator. Lastly, there's an Ansible-eos role that includes the modules to configure things like VXLAN, MLAG, etc...  you create a playbook in YAML format (More human-readable than Python), launch it from your control node, and then the magic happens.

Here's an example playbook(One I came up with to demo):

Code Select Expand

steve@AnsiControl:/etc/ansible$ cat ospf_vxlan_gns3.yaml
---
## LEAF CONFIGURATION - ALL - UNDERLAY
- hosts: eos_nodes_leaf
  gather_facts: no

  roles:
   - arista.eos
 
  tasks:
   - name: Base VLAN Provisioning - All Leaves
     eos_vlan: vlanid={{ item }}
               connection={{ inventory_hostname }}
     with_sequence: start=10 end=30 stride=10
     tags: underlay

   - name: Loopback and Routed Port Provisioning - All Leaves
     eos_interface: name={{ item }} enable=yes
                    connection={{ inventory_hostname }}
     with_items:
      - Loopback0
      - Ethernet6
      - Ethernet7
     tags: underlay

   - name: Host Port Provisioning - All Leaves
     eos_switchport: name=Ethernet6 mode=access access_vlan=10
                     connection={{ inventory_hostname }}
     tags: underlay
## LEAF CONFIGURATION - ALL - OVERLAY
   - name: VXLAN VTI Provisioning - All Leaves
     eos_vxlan: name=Vxlan1 source_interface=Loopback0
                connection={{ inventory_hostname }}
     tags: overlay

   - name: VXLAN VLAN-to-VNI Mapping - All Leaves
     eos_vxlan_vlan: name=Vxlan1 vlan={{ item.vlan }} vni={{ item.vni }}
                     connection={{ inventory_hostname }}
     with_items:
      - { vlan: '10', vni: '1010' }
      - { vlan: '20', vni: '1020' }
      - { vlan: '30', vni: '1030' }
     tags: overlay

   - name: VXLAN VTEP Flood List Provisoning - All Leaves
     eos_vxlan_vtep: name=Vxlan1 vtep={{ item }}
                     connection={{ inventory_hostname }}
     with_items:
      - 192.168.254.1
      - 192.168.254.2
     tags: overlay
## LEAF CONFIGURATION - SPECIFIC - UNDERLAY
- hosts: veos01
  gather_facts: no

  tasks:
   - name: Interface IP Address Provisioning - veos01
     eos_ipinterface: name={{ item.int }} address={{ item.address }}
                      connection={{ inventory_hostname }}
     with_items:
      - { int: 'Loopback0', address: '192.168.254.1/32' }
      - { int: 'Ethernet7', address: '192.168.255.1/31' }
     tags: underlay

   - name: OSPF Provisioning
     eos_command: commands='router ospf 1, router-id 192.168.254.1,
                  network 192.168.254.1/32 area 0,
                  network 192.168.255.0/31 area 0'
                  mode=config
                  connection={{ inventory_hostname }}
     tags: underlay

- hosts: veos02
  gather_facts: no

  tasks:
   - name: Interface IP Address Provisioning - veos02
     eos_ipinterface: name={{ item.int }} address={{ item.address }}
                      connection={{ inventory_hostname }}
     with_items:
      - { int: 'Loopback0', address: '192.168.254.2/32' }
      - { int: 'Ethernet7', address: '192.168.255.3/31' }
     tags: underlay

   - name: OSPF Provisioning
     eos_command: commands='router ospf 1, router-id 192.168.254.2,
                  network 192.168.254.2/32 area 0,
                  network 192.168.255.2/31 area 0'
                  mode=config
                  connection={{ inventory_hostname }}
     tags: underlay


[wintermute000]

My company is putting in at,least three aci implementations as I write. Big telco, big gambling, and someone else I can't remember, AFAIK they're all working in at least a basic form. The engineers are indeed full of horror bug stories. Australia worships big tech brands especially big business, nobody got fired for buying Cisco.... Mid market and small service provider is a lot more multivendor but they benefit little from sdn dc. Personally I'm a NSX devotee all the way   but i know very little re :ACI so I am keen to learn more about EVERYTHING lol

[that1guy15]

Weekends are harder for me than the week and that almost 100% family time and getting shit done around the house.

But whatever you come up with Ill make sure to set the time aside.

[NetworkGroover]

My company is putting in at,least three aci implementations as I write. Big telco, big gambling, and someone else I can't remember, AFAIK they're all working in at least a basic form. The engineers are indeed full of horror bug stories. Australia worships big tech brands especially big business, nobody got fired for buying Cisco.... Mid market and small service provider is a lot more multivendor but they benefit little from sdn dc. Personally I'm a NSX devotee all the way   but i know very little re :ACI so I am keen to learn more about EVERYTHING lol

Really?  That's honestly a surprise - are they actual ACI deployments (ACI Policy Model, APIC, etc.) - or just the hardware?  As far as nobody got fired for buying Cisco... that statement isn't true anymore.  There's actually an interesting story where a CTO got fired for exactly that.  I can't share the exact details though.

[NetworkGroover]

Weekends are harder for me than the week and that almost 100% family time and getting shit done around the house.

But whatever you come up with Ill make sure to set the time aside.

Looks like it'll be a weekday after all.  I have your email so I'll shoot you an invite once I figure out date/time.

[wintermute000]

Nope, actual deployments, plenty of Cisco push on this - they're throwing everything at it including pants dropping pricing.

[deanwebb]

Nope, actual deployments, plenty of Cisco push on this - they're throwing everything at it including pants dropping pricing.

What about prices on follow-on consulting?

[NetworkGroover]

Nope, actual deployments, plenty of Cisco push on this - they're throwing everything at it including pants dropping pricing.

Yeah that's their typical approach - give ridiculous pricing the first time in hopes you'll buy it, because it'll be undesirable to do yet another forklift to get rid of it if there's too many issues afterward.  You can bet they won't provide that pricing when it's time for renewal.

They do that type stuff in these situations and when they run into serious competition that they don't have a technical answer for.  I know they're big and can eat the bill, but I hear about this so frequently that I wonder just how long they can afford to keep doing that (If it even works - in some cases they've still lost).

Anyway, I'd love to hear feedback positive and negative regarding actual, real deployments of ACI.

[burnyd]

Got the full on demo this product is awesome.  Its automation with ease

[wintermute000]

Yeah we just had the vendor presentation, looks mighty impressive except for the achilles heel of not integrating directly into the vswitch. If you want to BYO stack this could be a plus I suppose. The programmability is indeed impressive (even as Cisco pedals harder to attain feature parity on the N9ks, or at least so they claim. Hey they have a RESTapi now, its a miracle....). I would love a chance to play with this stuff in prod. We do have three lab units (though no cloud vision) - just gotta find the goddamned time....

They demoed using Palo firewalls to operate virtual in-line (redirect via VXLAN segment) and then Palo indicates allow or deny the flow via sending the logging syslogs back to cloudvision, looks neat if bleeding edge LOL. 


Whats really impressive from my POV is that Cloudvision lets you automate without actually knowing python/ansible/puppet/chef. in fact it seems to replace the current trend of using ansible (correct me if I'm wrong) as all your engineers can just throw CLI straight into configlets (my takeaway anyway?) without actually bothering to learn YAML, ansible or python.