みなさんこんにちは。おめでとうございます。おめでとうございます。このセッションはオープンスタッグプロバイダーネットワークネットワークモジュールをNTT Westで紹介します。NTT WestはFollowing proof of concept POCFuture development of the POCinto a production environmentis not yet guaranteed.An example of the environment we described in this presentationis about a small portionof our infrastructure.This does not represent all of our infrastructure.I am Shigeyaki Kimuraand he is Shingo Takaiand Yoshiaki Ono.The category of this sessionis products, tools, and services.This session level is for beginners.Today we are going to talkabout Ansible network module.After our session,you will understand how to efficientlyoperate OpenStack provider networksto leverage Ansible network modules.At first, let me start by briefly introducingour approach to OpenStack.NTT West is a telecommunications carrierprovides telephone and FTTH servicesin the western half of Japan.We do not do ISP business by ourselvesbut provide servicesto connect FTTH usersand ISP companies.Although not shown in this picture,we continue to providetraditional copper-based telephone services.To provide these services,we set up and operate a lot ofservers that we use in the NGN.The outline of this systemis as shown in this picture.Flex is the brand nameof the FTTH service that we offer.NGN Next Generation Networkexists as a core networkto provide FTTH service.There is a server platformin this NGNto provide optional servicesrelated to FTTH.In addition to this server platform,there are many distributedserver platform for each application.But in this session,we only focus on this server platform.We set up the host OSand KBM for each serverthat exist independentlyand deploy and usethe virtual machines on KBM.The storage devices are connectedvia Fiverr Channel-basedStorage Area Network.We have evolved thisinto the OpenStack-basedIaaS environment last year.We use Ubuntu 16.04 LTSand OpenStack Metakarto build the IaaS environment.Storage devices have beenchanged to Iskaji-based one.And it is used as a cinder volume.In this environment,a lot of guest systems are already running.In order to efficiently buildand operate this environment,we tried to utilize Ansiblefor the first time.As a result,by utilizing Ansible,we are able to obtain基本的能力not only the initial constructionbut also the subsequent expansion work.We started to operateOpenStack in production environment.However,we are not able to take advantageof all those features of OpenStack.And OpenStack does not meetall our requirements.In the Metakar-based OpenStack environment we introduced,we faced three major challenges.First,functional issues.It is a lack ofneutron API functionalityfor IPv6.And a lack of functionalityof virtual firewalland virtual load balancerprovided by OpenStack.Second,performance issue.It is a lack ofthroughput of network functionand a lack of mechanismto ensure performance.Finally,operational issues.In fact,rather than theproblem of OpenStack,there are many problemsin our management policy.In order to connectwith an existing system,OpenStack wasnecessarily to be ableto manually assign IP addressand VLAN ID,not fully automatic.We recognized these challengesand we could not solve it alone.Therefore,we decidedto adaptOpenStackprovider networks designwhen introducing OpenStack.In the next section,we introduced whatOpenStack Provider Networksdesign isin building OpenStackenvironment,we can takeseveral choices fornetwork design.Although it is describedin the official document,there are the followingtwo schemes roughly.One is the providernetworks configurationthat we introduced later.The other isself-service network configuration.Let's seeeach one in detail.I wonderwhy this comes firstin official documentation.The first option isprovidernetworks.This design makeslittle use ofthe virtual network functionprovided by OpenStack.Beyond the physicalnetwork devices are responsiblefor the network function.Of course,they are not managedby OpenStack.This is a designthat we encounterwhen we beginstudying OpenStackin general.The open networkis createdon the underlay network.Composed of physical networkdevices by utilizingencapsulation technologysuch as VXLANand GRE,it's calledself-servicenetwork becauseOpenStack tenant usershave their own networkinfrastructure andthey can freely configurethem's levels.Let's see the advantagesand this advantageprovidernetworks.The advantage is thatyou can take advantageof already existingphysical network environment.This allows you toutilize the functions and performanceof existing equipmenteven inthe OpenStack environment.In addition,it is excellentin connectivitywith other environmentbecause it doesn'tuse functions of theversion network.Thisadvantage is thatyou need tomanage this physicalnetwork environment separatelyfrom OpenStack.It's necessaryfor administrators to work each time.User is added or deletedbecauseit is not possible to controlthe physical network environmentfrom OpenStack.Also,the user hasno freedom aboutnetwork configuration.Regardingthe network, insteadof giving up the useof the virtual network functionwhich should be oneof the advantages of IS,it would bea realistic option ofusing the connectivityand performance by usingthe existing system.It's important for administratorshow to efficientlyoperate provider networkconfiguration with thecharacteristic mentioned above.About this,we have two ideas.The first is to link OpenStackenvironment and other systems.The orchestratorsuch as OpenDayLitemanages the physicalnetwork environmentwhich OpenStackcannot manageand links that systemswith OpenStack environment.We have already presentedabout thisat the last Barcelona Summit.If you are interestedin this, please seethe presentation video.And the second one isexactly the themeof this session.This isto make manualoperations by administratorsmore efficientby automationsand stylization.For this efficiencywe would like to utilizeAnsible,an automatic engine.As mentionedbefore,we already use Ansibleto build servers.By developingnetwork system with Ansible,we want tounify manage both serverand network configuration withAnsible.Then,we will changepresentators andintroduce Ansible.I am responsiblefor configuration of serversand network physical network devices.Today,I would like tointroduce what is Ansibleand use case of Ansible.Ansible,first of all,I would like to talk about what is Ansible.Ansible is a toolfor infrastructure as code.We can automate many tasksof server settingand network device configuration.Ansible has three features.Simple,powerfuland agentless.The first feature is simple.We can use human-reliablesource code to work Ansible.Ansible does not needspecial coding skills.We just write some text filesto work Ansible.So we can get productive quickly.The second featureis powerful.We can automate configurationof various network devicesusing Ansible.So Ansible enablesorcastration of workflow.The final featureis agentless.Ansible configures serversand network devices byopen ssh,winrmor api without specific agents.So Ansible enablespredictable,reliableand secure configuration.Ansible can configurevarious devices by usingserial software.For example,when we useoperating system modules,ansible configures Linux,windows,unix operatingsystem.And when we usenetwork modules,ansible configures various network devicesA10,Arista,Syscoand so on.Moreover,containersand cloud modules are prepared.Then,I'd like to introducethe overview of workflowusing Ansible.First,we make a text filein yaml format.This file called playbook.Playbook is consist oflist of actions forconfiguring servers or network devices.Second,we drivethe playbook by usingansible.Ansible automatically generatesan executable programandsorry,ansible automatically generates an executable programfrom the playbook, modulesand inventory.Inventory is a text file oflist of hosts.Third,ansibletransports an executable programinto hosts by usingprotocols.For example,SCP or SFTP.Finally,ansible executesthe program in thehost.Then,I'd liketo show samples of inventoryand playbook.The left figureis an inventory.Inventory file,we have to writehost names or IP addresses.Host names have to be resolvedby DNS or localhost file.Also,we can make groups of thehost.In this sample,we define the groups,webservers and ap servers.And we can writevarious informationsof hosts in this file.In thisexample,allcolombars are SSHusername and passwordof all hosts.Of course,we can writethese variables per one host,one group.And these variablescan be included fromother files.The other hand,the rightfigure is a playbook.In theplaybook file,we have towrite targethost groupor tasks.Tasks containsnames andtype of module and some parameters.In this sample,weexecute apt module,copy module,service module.Finally,we executethe playbook by using aansibleplaybook command.This command consists offile name of inventoryand file name of playbook.When a playbook runs right byansible,configuration ofserver or network devicesis completed.I'd like to show the movie ofansible to you.In this video,ansible installsApache2 on Ubuntu.First,apt moduleinstalls apache2on targetUbuntu.And copy module copyindex.html to the target.Service module restartsApache2 on the target.Now,we can see the websiteby car command.Then,I'd like tointroduce aboutansible network modules.When we useansible network modules,we canautomate many tasks ofnetwork device configuration.For example,arista,sysco,del,file,jpa,nokia,andso on.Now,I'd like tointroduce our three motivationsto useansible network module.First,we want toautomate configuration androutine work of network devicesas well as servers.Second,we want toperform tasks automaticallythat require cooperation betweenserver and network devices.For example,also,outscalingand outhealing.Third,we want tomanage for configuration ofserver and network devicesby one playbook.This idea based oninfrastructure as code.Then,I'd like toshow our test results ofansible network module.In our test,Sysco,Nexus,Switch,5548and F5 big IPI-22600 load balancerare used.Using these devices,we performfundamental configuration tobuild open stack providernetwork system.For example,we performhostname,vlaninterface,access listand certificate configurations atNexus switch.Moreover,we performvlan,self-IP,pools,nodes,virtual servers configuration atbig-ip load balancer.The test environment is consist ofsimple component.In this test environment,has twotest targets,Nexus switchand F5 load balancerand has two servers runningopen stack.One maintenance switchand one maintenance computer.This system containsone user computer.Please show the playbookfor Cisco,Nexus switch.This playbook configurevlan for targetNexus.The playbook consists of2 tasks.First task is creatingvlan999 byNexusvlan module.Second task is configuringswitch port access vlan byNexus config module.This task configureesanet31 and 32 portsfor target interfaces ofvlan999.This task can be also writtenby another modules.The module name isNexus switch port.Both in thefirst and second task,we wrote avariable named provider.This variable givesinformation of SSH user nameand password and so on.Now I show the demo video forthe Ansible playbook.First,we typeshow running config on theNexus switch.You can see that there isNexus switch port.So,let's execute the playbook.Ansible configurecreated vlan,addsports to the vlan.Just a moment,please.Here,Nexus modulesrequiresNexus version 9.2or later.Because the module have toreceive the output of somecommands in JSON format.At first,we useNexus switch port 1.So,Ansible didn't work.OK,thecomplete is the playbook.Now,typeshowrunning config again.You can see the switch portaccess vlan 999 is configuredproperly.Next,I'll showyou an example of playbookfor f5 load balancer.This playbookis registering nodesand adds that node to a pool.This playbookconsists of two tasksto.In the first task,registeringthe node named node3 to thebig IP.We write variables includinginformation of the node.In the second task,addingthat node to the pool namedweb.Now,I'll showthe short video.Before executing the playbook,poolmembers are two nodesand execute the playbook.The third nodeis added to the pool.You can see the third nodes.In our test,we couldfundamental configuration ofnetwork devices by Ansible.For example,about system nexus switch,configure hostname,vlan,interface,and so on.And about f5 load balancer,configure vlan,self IP,pool,virtual server,and so onby Ansible.The modules that we testedare listed below.From here,Mr.Onointroduced about theuse case of Ansible.Hey,then I talk aboutapplication of AnsibleNetwork modules to OpenStackprovider networks.There are three use cases.Use case one is configuringboth OpenStack and physicalnetwork devices by Ansible.Use case two isoutscaling.Use case three isinfrastructure as code.First use case is configuringboth OpenStack and physicalnetwork devices by the playbook.Up to now,weused Ansible onlyto configure physicalservers and virtual serversand OpenStack.But we want to configureboth servers and physicalnetwork devices by Ansible.It's because we don'twant to type a tonsof commands manually.And we want to doCICD of the networknot only servers.This figure showssample case.For example,to make load balancedweb servers on OpenStack,we have to do many configurationsin the balance.For example,in switchwe have towe have to createBLANs and add BLANsposed to BLANs.And for example,in loadbalancer we have to createBLANs,create safe IPs and so on.And of coursewe have to do many thingsin OpenStack.We have tocreate project,create usersand assign load and so on.And weautomate those allby Ansible.So,I'll show you the demo.Left windowis GUI of loadbalancer.And upper right windowis CLI of Ansible servers.And lower rightis CLI of Nexus.First,execute the playbookfor Nexus.It's createBLANs and addposedto BLANs.Type show runin Nexusand BLANs are configured.Next,execute the playbookfor OpenStack.It's making project userssubnets,butternicks,keypairand so on.And instances.Now open the dashboard.And we can see two serversare running.Finally,execute the playbookfor big IP.It's creatingBLANs,sale file piece,pool,nose,virtual server.Let's check.So,we can see allconfiguration areproperly configured.Finally,call the virtual server.Andwe can seeweb01 and web02 serversare loadbalancedproperly.Next,talkabout use case 2 or scaling.And up to now,it'snot tested.On the provider networks,we can't perform or scalingusing only Ansible.There's three reasons.First,ansible can'tmonitor resources.Next,ansibledoes not have API.Andfinally,ansible does not haveso-called IFTTT functions,if this,thenthat.So,we can'tkick the correct playbookas the situation automatically.Then,we have to usemonitoring software,forexample,serometer,andheat,otherbics,andand so on.And we have to usestackstorm oransibletower,and so onto enable APIsand IFTTT.And final use case is called.We want to useonly one playbookto define whole environment.We don'twant to use,wantto manage many playbooks.The only one playbookcontains all configurationsof whole environment.So,when we wantto check the configurationof a switch or afirewall or LB or something,all we needis just see the playbook.No need to typeshowlearning commandsin the devices.And when we wantto change some configurationsin the devices,weupdate the playbookand execute the playbook.Of course,Ansibleapplies only differencesto devices.And when ST2oransibletoweror something dooutscaling,theyupdate the playbookand execute that.This is essentialfor synchronizationof playbook andreal configurations.But there are some problemsto come throughinfrastructures called byAnsible.The problems occurat deleting configurations.To delete configurations,weupdate the playbook.Task,like thebelow.The taskDeleteVilla999 hasLineStateAbsent.The LineStateAbsentis needed to delete Villa999.But the playbookof infrastructure as codeshouldn't include stateabsent tasks because weexecute the only oneplaybook at everyconfiguration change.We can makeVilla999 and delete Villa999everytime.Sowhat is the best wayto delete configurations?Of course,we can makea playbook fordating configurations.Butwe want to usealways only one playbookif we can.And another way isnot managing configurationby the playbook,but bythe playbook.But wedidn't test those now.Thatis our future work.Let's goover thepresentators again andtalk about our futurework on this theme.As mentioned before,we think thatworkflow system isnecessary for automatingservice orderwhich is a seriesof routine taskssuch as additionand deletion of users.Let's see an exampleof a use case.Users like the parametersof the desirednetwork environmentin Excel format.When administratorsreceive the Excel files,they just haveworkflow systemread the file.Then,theworkflow systemappropriately callsanswerable and thenecessary processing isexecuted.Or,it'snecessary to realize selfservice by furtheringevolving this mechanism.When a user entersparameters viaHorizon,theservice order isexecuted with the triggeror,corporatewith open daylight.We presented thesetries at the last Barcelona Summit.In either case,it'sdifficult for administratorsto create GUI partsthat are necessaryfor the users to operate.Now,we are reaching theend of our presentation.When we started,I said thatafter my presentation,you will understandhow to efficiently operateOpenStack provider networksto leverage Ansible Network modules.NTT West continuesto explore other technologiesas well.I convinced thatutilizing Ansible ispossible to extendthe functionality ofOpenStack.Now,I hope thatyou will also try using Ansible.In closing,I'd liketo stress thatNTT Westcontinues to utilizeOpenStack.We would like to contributeto further boostingtheOpenStack communityby continuingto operate in the productionenvironment as an active userof OpenStackand continuingto say our opinion basedon our experience in a placelike thisOpenStack Summit.This is the endof our session.Thank youfor joining us today.Thank you.We are sorrythat we cannot respondto your question herebecause we cannot communicatein real time in English.So,if you have questions,please email us after next week.Thank you.