[ixpmanager] IXPM4 to auto provisioning switches L2 ACL

Andreas Polyrakis apolyr at noc.grnet.gr
Wed Oct 11 10:00:11 IST 2017 

Hello Remy,

We use ansible to fetch data from IXPmanager API and configure member 
ports. 100% of member configuration is produced automatically: 
interfaces and their descriptions, access lists, spanning tree, mac 
filtering/mac lock etc.

I gave a presentation during the 29th euro-ix forum, which you can find here
https://euro-ix.net/m/filer_public/5b/ba/5bba493d-0e1e-47f1-8272-52c37cd74542/polyrakis_gr-ix_practical_ansible_automation_for_ixps.pdf
https://euro-ix.net/m/video/forum/29EF/29EF-Practical.Automation.for.Internet.Exchanges.using.Ansible.mov

Our code is targeted to our setup and gear (Juniper), which means that 
you will need to modify it to fit your needs. Apparently, the IXPmanager 
integrated automation will be more generic and will work 
out-of-the-self, but if you need something that works today and you are 
willing to get your hands dirty, we would be happy to share code and 
experiences.

Regards

PS: I will attend the euroix forum next week; I would be happy to 
discuss any automation-related topics with anyone that shares a similar 
interest.




On 10/10/17 19:43, Nick Hilliard wrote:
> Hi Remy,
>
> the automation integration mechanism will be released formally later 
> this year.  It's in operation in INEX, but needs to be cleaned up 
> before it's ready for production use at other IXPs. There are still 
> some bugs here and there, which we need to fix, and we also need to 
> write documentation about how to use it.
>
> We  did a presentation a couple of weeks ago about this at NLNOG 2017: 
> https://nlnog.net/nlnog-day-2017/, and will be doing a slightly 
> updated version of this preso in Bratislava next week.
>
> Nick
>> Remy Günter <mailto:remy.guenter at swissix.ch>
>> 10 October 2017 at 17:35
>>
>> Dear all
>>
>> I wonder about the features to auto provision switches (L2 ACLs, 
>> etc.) currently available in IXPM4. I could not find anything in the 
>> documentation with the exception of below statement in the document: 
>> https://www.inex.ie/noncms/2016-02-IXP-Manager-Funding-1.3.pdf:
>>
>> L2 ACLs
>> Most IXPs are moving towards static L2 ACLs rather than dynamic port 
>> security. We want IXP Manager to provide database management, a UI 
>> for updating (including member facing for router changes) and zero 
>> touch provisioning to switches.
>> This means the addition of some new and interesting features to IXP 
>> Manager:
>> • Queue based task management: rather than the current system of 
>> polling / executing jobs based on cron schedules, a queue based task 
>> manager will execute jobs on demand. In this example, the job would 
>> be to edit / update L2 ACLs on the switch.
>> • For the first time, IXP Manager will start to configure switches 
>> directly. This means that we will write the necessary functionality 
>> for altering a switches configuration with reference implementations 
>> for Extreme and Brocade.
>>
>> What is the current status of this implementation? And if it is 
>> available how can it be enabled?
>>
>> Thanks for any feedback.
>>
>> Rémy Günter
>>
>> SwissIX
>>
>> _______________________________________________
>> INEX IXP Manager mailing list
>> ixpmanager at inex.ie
>> https://www.inex.ie/mailman/listinfo/ixpmanager
>> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> https://www.inex.ie/mailman/listinfo/ixpmanager


-- 
-----------------------------------------------------------------------
Andreas Polyrakis - apolyr at noc.grnet.gr
GRNET NOC Technical Manager
Greek Research & Technology Network - http://www.grnet.gr
7, Kifisias Av., 11523 Athens, Greece
Mobile: +30 6972832445    Office: +30 2107474249   Fax: +30 2107474490
-----------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20171011/0603c494/attachment-0001.html>

More information about the ixpmanager mailing list