Cloud Style on Premises Networking With Juniper Apstra

0:09 uh my name is Chris marget I'm a product manager at juner networks um I've been on that side of the table at 15

0:16 different Tech Field Day events so I I'm really excited for you guys I know you're in for a great few days um I'm

0:22 more excited for me this is my first time presenting so I'm really happy to be here and and talk to you about

0:28 automating your data center as if you automating the cloud and how uh Juniper can make that experience uh you know

0:34 pretty much the same um in Juniper I worked for uh the cloud ready data

0:40 center group and uh that's something we really believe and I want to make that

0:45 uh seem real and I want you guys to believe it too so that's what we're going to do so when you're automating public

0:51 Cloud uh you you pick a cloud provider there's a whole bunch of services there that you're going to consume cloud

0:57 provider has an orchestration tool you can can use it's One-Stop shopping everything fits together perfectly easy

1:04 peasy you could also make it two stop shopping and use a third party orchestrator and that's the strategy

1:09 we're going to use today we're using terraform on Prim you're not using all

1:16 those AWS Services anymore Pro probably you've got a security box of some kind you've probably got a secret archive

1:22 vaults type solution you've probably got a load balancer a DNS box or service something to run compute all those

1:28 things have apis probably all have terraform providers most of the work you can do uh but the analog for the VPC

1:38 service in a data center is a completely different story uh it it's hard um to do

1:44 in any VLAN anywhere kind of situation in your data center fabric uh at anything remotely approaching scale you

1:51 need uh evpn vxlan and that is a specialist network uh you know

1:57 Department you you need people to do that it's hard um but we can make it

2:02 easy so abster can drop right in into your Cloud style deployments in your on-

2:09 premisis data center orchestrate whatever's going on with the real switching Fabric and deliver the kinds

2:14 of things uh that you do in the network in public Cloud uh uh right there in

2:20 your on-prem data center so we're going to do a demo uh it's an application

2:25 deployment uh we're going to you know stand up a load balancer and some we servers and and uh publish a service uh

2:33 this is not an impressive demo in public Cloud it's a piece of cake if you don't ignore the plumbing

2:40 doing the same thing on Prem is a different story right there's you know

2:45 choosing VLAN numbers there's getting you know doing ipam getting the plumbing across the fabric to All the Right

2:51 switches lighting up the correct ports on you know physical servers right none of those are things you have to worry

2:57 about in public Cloud it's all just transparent or visible and just happens but but doing it in a real facility is a

3:02 completely different story so we've got a laborat to go uh there's a bunch of

3:07 things in the lab and I want to level set about what we've got in there so you understand what's what's really

3:12 happening uh so to begin we've got a pile of junro qfx switches they are completely

3:19 unconfigured uh We've also got some servers uh Linux and Docker is pre-installed on them but other than

3:25 that they're you know not configured oh I prefetched some container IM so we don't have to

3:30 wait uh all that stuff is cabled together in a topology like this got spine switches Leaf switches servers

3:37 attached to Leaf switches um but this is not a running fabric uh in addition we've got an out

3:43 of band management network uh all of this equipment is attached so that we can log into it and manage it uh and

3:50 finally abster is here Appster is also attached to that outand Network and so abster is going to be uh you know one of

3:56 the things that is doing work for us in the fabric today before we can deploy our

4:03 application we actually need to take this pile of gear and make it into a usable fabric right that means lighting

4:09 up the ports where the switches interconnect to each other lighting up you know bgp relationships between the

4:15 nodes um we're going to instantiate the load balancer that we'll be using later because having a load balancer existing

4:21 feels like a day Zero task that load balancer will be on a new Services Network that kind of

4:27 thing uh so let's just go ahead and do

4:35 that uh this is the front page of abstra when it is unconfigured uh there are no

4:41 a blueprint in abstra is like a running environment we have no blueprints if I

4:46 click on the blueprints thing here there's there's none we've got a create button we could specify some details

4:51 that that we want but we're not going to do that uh so we need to tell abstra

4:57 this is what our racks look like how many switches are in each rack this is sort of the model of switch that we have

5:02 these are how many links between the spines and the leaf we're going to have uh how many spine switches are we going

5:07 to use what models are they which serial number has which role in the fabric stuff like that uh and rather than doing

5:15 that by clicking here uh we're going to do that by running terraform

5:24 apply so terraform wants to create 34 things we'll we'll let that go and if we

5:30 pop back into uh into abstra here we'll see like uh a rack definition called the

5:37 cfd1 18 rack has appeared it's a real simple rack that only has a single switch in it and nothing else at this

5:43 time uh we've got uh a template that's another one of our design building blocks that specifies how many instances

5:50 of that type of rack we have there's three of them there's two spine switches interconnecting them all um and if we look at managed

6:00 devices the manag devices page and abstra is the switches that abstra has taken control of and is Avail you know

6:06 makes them available for use and you see we've got five qfx switches here or I guess they're EXs um and they're you

6:15 know all green lights they're under management now um so Abra has taken charge of all that stuff oh and it just

6:20 changed I don't know if you noticed in the blueprint column here the switches went from available for use to assigned

6:26 to use so these are assigned to the cfd1 18 blueprint uh which we go back to the

6:31 blueprints page uh we had known a moment ago and now we've got uh a blueprint

6:37 defined you'll see it's abstra shows there are some anomalies six anomalies right now uh one of the validation

6:44 things that goes on in abstra is asstra knows that all these links are supposed to exist that all these bgp

6:49 relationships are supposed to exist and uh independent of pushing config abster

6:55 is constantly revalidating that all of the things that are supposed to be happening are happening and you know that runs in a in a polling

7:01 cycle it it'll take a few minutes and oh you see the the anomalies have reduced to three so abster noticed that three of

7:08 the problems have just gone away and a few remain uh okay so we'll pop into there so Chris just so I understand

7:13 what's happening there because thank you for interrupting me we're we're we're Cloud people so you have to help me

7:20 understand when you say uh apps are understands there supposed to be bgp

7:26 relationships what does that mean exactly in public cloud you don't have to worry about how a packet gets across

7:31 the cloud provider's fabric from one end to the other right it's it's not your problem it shows up on your v-neck

7:39 within the hypervisor and how it got from one hypervisor to another who cares right but there switches under there and

7:45 somebody had to configure them right and the same thing would be true in your data center right there are switches that need you know possibly thousands of

7:52 lines of configuration to make this all work uh and so those thousands of lines of config just got pushed into those

7:58 switches and some of those configuration elements said you are a leaf switch there's a

8:05 spine switch above you you should you know there should be green lights on that port and you should have a bgp

8:10 relationship with that spine where you're learning routes to other leafes and all those kind of things so since

8:16 abstra knew what to expect because we defined a topology with leaves and spines below or spines and leaves below

8:22 them and so forth abstra checking that all of those things are the way they're supposed to be so that that was the

8:29 intent validation so stuff and uh if I'm standing up existing services so if this

8:35 is not networking if I'm comparing this to a different type of service I'm standing up yeah if there's a state that

8:41 needs to be uh after I started the server and or instance and a uh

8:47 application needs to connect to a database let's say once I started the server that service that's not instant

8:54 that has to happen so apps are in a sense is checking to see if that state is EXP Ed if you had an orchestrator

9:01 that made you know a web front end and a database and expected them to be able to reach each other and talk and that

9:07 orchestrator had a subsequent pass that made sure that the front end was

9:13 actually logged into the database and doing transactions that would be a good analog for what we're doing so if we

9:18 went back to anonymes now there should be yeah there uh I think there's an anomal view on there well things would

9:25 be red or yellow across the top and and they're not it would be on the on the active tab there so since the active tab

9:31 is all green it's the anomalies have all evaporated I'm sorry I've got another question thanks yeah um you you started

9:37 this conversation with um a focus on cloud style yeah Network operation and

9:42 I'm trying to figure out what is the difference between what you're showing us here and what would be typical data

9:48 center Network operation you didn't see me open a command shell and and type you

9:53 know platform specific you know jcie or CCI switch ation into any devices okay

10:01 right and and that you know that goes for the initial setup of the fabric that we just did and also for subsequent

10:08 operations day2 stuff right so in in Cloud you either with terraform or blumi

10:13 or some tool or the web UI you click the new subnet button and that happens right

10:19 on premises that may be hundreds of lines on hundreds of devices that all need to be individually configured to

10:26 have all the right details in them and for a lot of you I imagine that means open a ticket with a network team to

10:33 make that happen in a real data center right so that that's the difference is is abra's web UI gives you a new subnet

10:40 button we call a virtual Network um and the terraform provider gives you a a

10:47 virtual Network terraform resource and the same kinds of things you would put in a in an AWS subnet definition

10:53 resource definition in terraform same thing here right you know what what VPC does it belong in we we we call call it

10:59 a routing Zone um you know what account does it belong in we call that a blueprint um but you know it's it's the

11:05 same style of of stanza with the same few attributes and it's just you know

11:11 right your right your terraform definition I promise last question for me until you get started again yeah the

11:17 uh one of the things that kind of you you know kind of w wave the mastic hand on I've done a lot of data center stuff

11:24 yeah and it's never this clean because I I'll take I'll take the the bullet for

11:32 this one I plug the cable into the wrong cord

11:37 Yep this is kind of connecting the magic of the cloud the magic of the actual racking person who racks and stacks it

11:44 how do I know what what if I plug the cable into the wrong Port this this

11:49 presumes that all the cables are plugged into the correct Port so at when you define the rack I didn't I didn't show

11:56 you but when you define the rack you have to specify you know there's a switch in this rack it's a certain model

12:01 right I want to use the you know 100 Gig ports on the end for my links to my

12:06 spines I want to use the 25 gig ports for the links to my servers right that you know you sort of organize your device and how you want to use it and uh

12:15 Appstore will then choose uh which interfaces should should be linked to which devices and there there's a uh

12:23 let's see cabling uh physical links so there there 's a list of links of all

12:30 the things that should be attached to which other things uh in this case these are abrous choices we could have been

12:35 prescriptive about it and in either case whether we're prescriptive or we let abster choose when abster looks at the

12:42 topology and finds something different than what's actually cabled we would have anomalies there'd be Blood on the

12:48 screen so in theory I could uh I could be a service provider and I could have a set of PODS and these pods can be

12:55 pre-bled and dependent on my customer my uh end customers who consume this pay as

13:01 you go they can stand this up and down based on that pre- cable so I don't have to always have somebody go back in and

13:07 recable something I can tell apps or where what what C where there's a button in the in the UI that says discover the

13:14 the as cabled and so long as there's a cable that meets every need right a link from every spine to every leaf or you

13:20 whatever as long as there's a cable that's kind of in the right place we can use it and if it's cabled completely

13:26 wrong then we can't solve that problem you got to go move wires yeah um okay so

13:32 yeah so I got going to try to be quick with two question so the first one is you've already mentioned thousands of

13:38 lines of code yeah are we going to see the terap code at some point I mean you won't be surprised by it um it also I'm

13:46 going to give you a link to the gway poost you can read it Fant but I mean you know it's it's terraform it's not you know yeah you will be bored there's

13:53 a difference between terraform with well there's there's a big difference between different terraform providers so that

13:58 that's why I asked the question my second question is you me mentioned that the uh the App Store would be built in a

14:04 place where it would have the ability to uh connect to the adab band y uh so so

14:09 where where exactly would that VM live so it's up to you um you know you you

14:15 could bootstrap your whole data center on your laptop just run that VM there and then move it later uh you could buy

14:22 an appliance from juniper and run it on that thing uh you could um you know a

14:28 lot of Enterprise environments have a small like critical Services management cluster that's separate from the actual

14:35 workload so it's up to you we don't have we don't take a position on it but uh the apstra VM needs to be reachable from

14:41 your browser and it needs to be able to reach the uh physical outof band management ports of all of the devices

14:48 that it's managing okay as far as the the code goes so the after provider is

14:53 out on the on the registry and and you know you can you can look it up um uh so

14:58 if we look at uh routing Zone this is our our VPC um you know you name it you you have

15:05 to assign it to a blueprint because the blueprint is the large construct that refers to the equipment and then a VPC

15:11 which is a routing Zone lives inside one of those um there's some optional parameters here that you could include

15:18 or not um so the the terone provider is not autogenerated you know by a machine

15:25 and unfriendly um you know we've we've taken pains to make it uh as easy to consume and and this is this is a very

15:31 knowing look and and I've been there too so yeah and I I know just how unfriendly

15:37 and autogenerated experience can be perfect thank one question about the we you saw sort of resources that were

15:43 coming online and then were failing and so that's always the trick terraform is notoriously sorry all of my friends at

15:50 hash bad at State Management especially with resources that have any kind of drift so if you make a change to a live

15:56 environment your terraform State believes that that resource isn't where

16:01 where it actually is now when terraform tries to reapply it does naughty things like destroys resources to rebuild them

16:08 because of order dependency and a misunderstanding of order y so how do you handle like dependencies and

16:15 eventual consistency when resources are coming up and out of order so so those resources uh you know the the

16:22 operational state of things that takes time to happen and the uh objects you

16:27 create with terraform like new subnet right are two different things right so the the new subnet directive you know

16:33 you run that and it's done it is it's encoded in abstra and making sure that that actually makes its way out to all

16:39 the devices is an abstra and device problem not a problem on the relationship between terraform and

16:45 Abstract so that stuff is very stable and and is fine um for the most part the

16:52 implicit dependency graph in in terraform works just fine on our stuff

16:57 um you know you probably could get yourself into trouble uh by if you

17:02 really tried to um but you know I would say you would have to try uh to make

17:09 that problem there are a few cases just like um you know in AWS there's like attachment type resources right which

17:16 you know those don't necessarily have a a buil-in dependency on the things that they're attaching to the other things

17:23 that yeah timeouts are a weird problem with especially with that stuff where like we've got eventual consistency but

17:28 it's like yeah we we they always swing but in the data center you just may have

17:34 a consistency model that's it's going to take 38 seconds you know versus eight do a resource apply and you have to how do

17:40 we build in like timeouts and and managing idiosyncrasies of the bespoke

17:45 data center yeah so so all of that stuff is on the other side of abstra and abstra takes care of it the abstra API

17:51 presents a consistent interface that terraform consumes and it's terraform is the plane that gets you in the parachute to the Des to the top and then abster is

17:59 the parachute and the fantastic trip on the way down yeah a lot a lot of those ugly problems of dealing with devices in

18:05 their own timing is is on the other side of this experience and and that's what abster is really good at so Chris I

18:11 don't want to kill your pace but Gina has a question sure and I wanted to make sure we get it in whether you're going

18:16 to address it as part of the demo but uh blueprints uh how do they actually get

18:23 there like what where did the blueprint come from the the the blueprint isn't instantiated and I'll show you in the

18:29 guey you can see real easily uh by choosing a name a couple of radio buttons for style and then you choose

18:36 off a template so I showed you the template earlier which said two spines and three leaves that's it choose a

18:41 template instantiate name it that that's how a blueprint comes into existence

18:47 then we bind switches to rolls in the blueprint and and so forth um it it's

18:53 you know there there were a lot of resources that were configured to make that happen because we had to you know we created the blueprint and then we you

19:00 know that switch comes in that switch comes in right uh but it it's normal

19:05 feeling terraform stuff I think you'll find can you do a reverse where you can actually learn a learn a blueprint from a live environment it's basically a you

19:11 know right mem I haven't implemented Import in any of the resources right now

19:18 um but a lot of people have asked um the the terraform import feature is would be

19:23 a really light lift for us um but you know you you don't get the how did this

19:30 come to be context right right this you know if we're going to create a a VPC for every customer in the database and

19:36 so we've got a a data source that does a database lookup and then we Loop over those results and make a you know make a

19:42 routing zone for each one like you're not going to get that out of an import right you're going to get text yeah I

19:47 guess more thinking of like a data center recovery like a Dr type of situation like to be able to say we've

19:53 adjusted the live environment we can dump the config so that if something went sideways right now we can immediately you could apply the same set

19:59 of terraform configs against a different environment and it would just do all the same work and it would happen quickly yeah you could go halfway where instead

20:06 of you do an import you just actually build a terraform C code next to it and you say let me see this in terraform and

20:13 it just spits it out and you okay okay to different since uh

20:18 1.5 uh terraform has got a new style of import that actually wres configs for you it's really nice yeah very much like

20:24 what you said uh okay so we haven't looked at this blueprint yet and we should do that

20:31 uh so in this blueprint I said in the in the goals thing that we were going to make a routing Zone a subnet and a VLAN

20:38 uh and so let's just take a quick peek at those uh it's on the stage tabs where we're going to go virtual uh so routing

20:45 Zone there's a routing Zone called cfd1 18 that this blueprint didn't even exist so that that's obviously new uh there's

20:52 a single virtual Network the Services Network where the load balancer lives um and if we take a close look at at that

20:58 thing uh this I prescribed this ip4 subnet uh in the

21:04 configuration um but I didn't choose the vlans so abster lit this up on all three

21:09 of our switches as VLAN 3 so that this is a choice abster made just we let it just take from the pool and it it shows

21:16 the first available VLAN and this horizontal line represents that Network

21:21 it is extended to the server called S4 if we pop into

21:27 S4

21:36 uh you'll see no I didn't do it that way I did it this way IP Link

21:43 list we pop into S4 there's a ethernet 1.3 so tag three

21:50 on on on Port eth1 the vlen chosen by abstra is now configured as a Docker Network on that

21:56 server right so abstr choices and abst data is seamlessly integrated with Docker

22:02 running on some server right so we we didn't know that was going to be VLAN 3 ahead of time but on abstra uh abstra

22:09 made a choice Docker has the data it needs now um okay so let's take that a little

22:18 further exit probably pop back to the

22:24 slides okay so we made high level API calls against abro make a you know here's my leaves here's my spines make a

22:30 routing Zone make a subnet that kind of thing there is not a single line of

22:35 juniper uh junos configuration code in this project so I didn't log into switch

22:41 I didn't have canned switch configs we didn't have to do any of that um and all

22:47 of the stuff in Docker and abstra is seamlessly coordinated and the load balancer is up let's just validate that

22:54 real quick y so the load balancer here there are no backends configured but the load

23:01 balancer is is up and taking traffic this load balancer didn't exist a minute ago uh so I said we're going to do an

23:07 application deploy now that we've got fabric to work with has a load balancer in it let's do an application deploy

23:13 we're going to make a new subnet for our application servers uh we're going to light that subnet up on three switches

23:19 we're going to extend it to three web servers and we're going to instantiate uh some web services on there Chris you

23:26 said something that I have to I have to ask an ask a question about you said we didn't log into anything but

23:32 normally there's some sort of authentication that has to be created somewhere in order for the the abstra to

23:39 uh there is uh in abstra there's a thing called a device profile which keeps uh

23:45 usernames and passwords that can be applied to devices uh that already existed in the

23:52 running abstra I didn't mention it um you can't terraform that because I don't

23:58 want to encourage you to put uh passwords in terraform config files so that's something that that you would

24:04 manually set up a device profile for a device and then uh you know then after

24:09 knows how to how to manage that device gotcha um but yeah it's it's not terraformable for you know can I use

24:15 like safety reasons can I keep those username passwords in like a vault or something like that and call that from

24:21 apps or do I have to hard code those into apps or Cisco got into a lot of trouble about hard coding yeah so so

24:28 it's not hardcoded right it's it's a it's a value you control um but I think

24:33 right now there there may be other ways to authenticate but the only one I'm familiar with is username and password

24:39 switch I do know that in abstra that's encrypted using a pvm private key and

24:44 it's you know I think reasonable practice is there

24:49 um okay we're going to deploy the application boy we're way behind

24:56 here

25:07 okay so this apply is going to create what we call an IP address pool and assign it to that blueprint um the

25:15 address pool uh is going to get used in this application deployment uh so if we

25:20 have a peak over here resources IP pools uh so the cfd1 18 apps with 17 and 24

25:26 this pool is here you see it's already being used uh because within the blueprint we

25:33 have staged uh virtual virtual networks the

25:39 services Lan we just created uh nope sorry the cfd Lan we just created uh chose a sl24 from within that pool uh

25:47 that we created it looks like it's the first one uh and that

25:54 subnet we'll see has been extended to all three switches and then further extended to

25:59 servers uh so here's that subnet it's on all it's on you know rack one rack two and rack three and server one two and

26:07 three are attached to it so we we just did that and should not have exited that window

26:14 that's exciting so we're logging in one of the servers here uh Docker Network LS so the

26:22 cftd landan just appeared here Docker Network inspect cfd and you see the cfd

26:29 Lan on this Docker host VLAN 4 you know a choice made by abstra uh IP address

26:35 with 17 and it Choice made by you guys encoded into abstra now now appears in

26:41 Docker and if we look at our ha proxy uh ha proxy now has container instances

26:48 that its years are are up and they've been up for 2 minutes uh so these uh

26:56 this web service is up so all these disparate things the the load balancer Docker abstra the switches they're all

27:03 sharing information it's all coordinated by terraform this might feel like a terraform ad a little bit because I'm

27:09 really showing you terraform and how great it is at coordinating things but it's kind of the point right the point is the network disappears uh we can you

27:17 know Network becomes super easy and we didn't have to make any phone calls or ask any favors from the network team um

27:24 how would this work with like a uh when you get up to kubernetes and a third party cni the network Plumbing is

27:30 whatever you need it to be it could be it could be an IP handoff to your kubernetes host it could be a VLAN it could be routing with them all those

27:37 things are possible it's all Bas this agnostic at least yeah we're just making the plumbing invisible or making the

27:42 plumbing you know terraform configurable and for you guys like any new service you consume in the cloud or new provider

27:48 you consume right you open this thing up and it's you know what are these what are these resources I need to create they all they're all different right so

27:56 you know we're going to be another one of those things but this is a surmountable problem right you guys deal with new abstractions all the time and

28:03 and uh and you know we're not giving you the new abstraction of you know spend a decade becoming a networking expert to

28:10 make these things happen when we've got the fun of when you get to the app layer configurations where you know all the

28:16 cube kids are telling us that it's you know layer 4 to S where that's where the fun is at and ultimately when we get

28:21 into service mesh so this model for the people that can ignore the plumbing I I

28:27 congratulate them right that's great right but you know for anybody running on premises Services you can't ignore

28:32 the plumbing right it's got to get done and and we can make that easy uh so this is uh one of our web services I think we

28:40 had five of them running and they chose a random color each uh so there's five web servers there you know load balanced

28:47 by by the load balancer running in server 4 uh okay last thing I wanted to

28:52 show you um so we just talked about this the you know we didn't we don't care about VLAN numbers or individual IP

28:59 addresses and whatnot these things are all cattle we we could be prescriptive but we let apster make choices after's

29:05 choices float out into other stuff uh I would actually like to take a question kind of for for the start of it all

29:12 because for me also as one of the cloud people I just want to ensure that I understand the whole flow be uh before

29:19 uh we kind of do the terraform apply that you showed from the start of your demo how do we like how do you Define

29:28 you would need to have a way to to Define all the different devices that Appstore would need to connect together

29:33 and create a virtual V lrom and all that do you do it in in the Rex in the abroi

29:40 or is this something you also Define in in the terraform provider as part of the terraform provider configuration or I I

29:47 lost you a little bit there but uh you know you will need to be familiar with some abstract Concepts the same as

29:54 you'll have to learn each public cloud and you know you'll find yourself writing abstra specific terraform

29:59 resource stanzas like this one on the screen right now uh and

30:05 um uh you know I didn't show that stuff because I didn't think it was that interesting uh you you figure you guys

30:10 know terraform uh but you know it looks like this um uh this example you know I

30:16 wanted to just illustrate something many of you probably already know that you know in terraform we just pass data

30:23 between objects right and in this case you know I didn't specify an I pv4 subnet or ipv4 virtual Gateway in this

30:30 resource definition that data still got populated and then another resource that

30:35 needs those facts you know can consume it whether or not we supplied it or not so you know passing things by reference

30:41 within terraform is uh you know uh super powerful and and makes these kinds of

30:47 Integrations uh seamless and flexible okay so the last thing we're going to do is move the load balancer to

30:54 AWS we're going to uh so this is the topology so on the right is the fabric

30:59 we've already built with a new router it's going to do IPC with an AWS uh vers

31:04 private Gateway and a new subnet and load balancer and VPC on the on the AWS

31:10 end so on the AWS side here's the list of resources we're going to create on the uh abstra side we're going to create

31:18 uh a a dual dual homed router plugged into two different switches uh and we'll

31:24 exchange bgp routes between those environments and and if I didn't screw up my credentials a minute ago when I

31:29 closed the

31:34 window uh let's see I want to change the name since Stephen was making gallium

31:41 jokes earlier do that terraform

31:47 UPL show up for Vi not even Vim you're old school I love

31:55 it that's a pretty old muscle memory in action

32:00 there okay so we don't have to watch this run

32:07 but if we look at Abra we can see some things happening probably uh virtual networks so a couple

32:14 of new handoff networks Transit one and Transit two that's places to plug routers in and they they land on

32:19 different switches um we've created a routing policy uh oh it's not here yet

32:25 wait routing policy created a routing policy which uh allows the AWS Network

32:31 to be learned on the abster side and allows the only member of our application deployment network uh to be

32:38 advertised up to AWS and um I haven't shown you connectivity

32:45 templates before connectivity templates is the idea of an interconnect between a switch and something out in the world uh

32:51 and so uh here we have it uh bgp peering with that router that just got created

32:58 and looks like everything has gone green no not quite yet oh we're waiting on DNS on the Amazon side of course we

33:05 are for the well that's well that's slowly coming out which I know too well the time Voyager I'd love to just take a

33:11 peek so I'm assume that this is a way for you to sort of walk back time Voyager is a point in time roll back in abstra um there's no terraform support

33:18 for time Voyager because you know why would you want to roll back to a point in time when you can just back out a project or a resource or or whatever um

33:26 but time is great for my god what have I done on a Friday afternoon right just go

33:31 back to what it was before um and it's also good for uh auditing and you know

33:37 accounting kinds of things you have to do forensics investigation into the state of your Fabric and when and why did a thing happen you you'll have a

33:43 record of of all that kind of stuff this is risky not knowing if the uh oh look at that uh so a public address na us has

33:51 come up with a load balancer IPC to our data center none of these resources existed a minute ago go and we have the

33:58 five web servers we looked at earlier in their five different colors um

34:04 and all these things are seamlessly integrated by terraform and it it really makes the data center Plumbing just sort

34:10 of fade away if you for people who don't want to think about it which I think is you guys uh and uh yeah there I'm I'm

34:20 going to skip ahead there's a there's a QR code there that will bring you to the repo that did this work okay thank you

34:25 very much and thanks lot Chris my goodness time I'm so sorry everyone can I can I have a few questions yeah I'm

34:31 stand the I don't want to interrupt your flow so uh my first question would be about the provider um so I was just

34:38 going through the GitHub I can see your name uh who is maintaining it is it like you know upst strust commitment to sort

34:44 of like maintain this we think it's important the team is growing okay uh and is it your internal people who are

34:50 maintaining it yes okay great uh that AWS bit which you were showing that has

34:57 been done through abstra or has been done through the terraform well there's some abstra side work because uh you

35:03 know there's an IPC relationship across the internet yeah so there's a there's a new router plugged into abstra okay

35:09 abstra has a bgp pairing with that router so it can learn routes and like configured the data center ports where the routers plugged in that kind of

35:15 stuff right and then the rest of it is AWS VPC virtual private so it's not like you're single pain of glass for like

35:22 everything you are only maintaining that on Prem world that's where sort of like the API Gateway for anything which runs

35:29 on Prime I mean it's a really strong analog for AWS VPC is what we're

35:35 offering plus all the parts that you don't ever have to see that evpc makes magic okay

35:41 okay uh do you have any terraform modules uh pre-baked uh we're working on

35:47 that um there are some uh in some various gate repos uh we've been talking

35:52 about publishing them on the registry uh if that was interesting I'm not sure why that's interesting because you can

35:58 consume them just as easily from git but uh yeah putting putting modules on the

36:03 uh on the rry something we're talking about yeah I think it's interesting I mean like you know some some of our

36:09 clients are interested in a in a pre-built modules I mean whether you get them from you know Source uh you know

36:16 registry host SL whatever versus Source get colon whack whack right you know

36:22 either way you could get them okay uh but yeah there's there's a handful of things like um you know a bgp relationship right

36:29 requires like five or six different resources to be integrated and a module is a good use case for that right yeah

36:36 so watch the space is the answer cool thank you and you've mentioned like you know uh intent uh many times but for me

36:44 like you know intent is much deeper than just rooting switching and setting the ports like are there any intentions to

36:51 like look a little bit further like firewalls andc Etc because you like you know you showed great demo around the

36:58 hypervisor and how you like orchestrated with the networking but how about like you know security and firewalls uh I

37:05 mean there's already good Tooling in that space that that you can use and integrate with your existing automation tools okay right where where there's a

37:12 real lack of good tooling is you know vendor independent uh and Open Standards

37:18 fabric configs right so that's the really unique offering here is there there's no place else that you can say

37:25 make me a subnet and that subnet will appear across a data center fabric uh using you know standards based like

37:32 there's nothing magic about the junos configs or Cisco configs or whatever right everything is using standards based evpn bgp vxlan right so we don't

37:41 care what switches they are and we're going to configure them you know like your s your network admin might have but

37:49 super reliably and without dios and from Cisco perspective so that's Nexus 9k you're supporting or a variety of

37:56 platforms there's a there's an Hardware compatibility list okay okay thank you

38:01 okay I I have I have one quick kind of like summation question I guess so when

38:06 we first started you had a completely blank screen and then blueprints popped up all those other things popped up um

38:12 at least that's what it seemed like what which came first the you know the chicken or the egg but uh did terraform

38:18 come up or did the blueprint come up first uh I mean terraform so I had the configurations in a in a git repo that

38:24 that I've shown you and the terraform terraform is not running as a service or anything right it's just

38:30 a command I typed on my workstation so terraform read the configs and made all

38:36 those things appear in abstra which extended them onto the switches so terraform built the blueprint terraform

38:41 built the blueprint terraform built the design elements that went into the blueprint so rack definitions and and

38:47 object types and whatnot terraform instantiated the blueprints terraform uh brought switches and attached them to

38:54 different positions in the blueprint that serial number is spine one one that serial number is spine two and so forth

38:59 and then so that was our day Zero stuff M um and then for day two stuff we mostly did uh you know create subnets

39:06 and light up Edge ports and and you may have touched this but uh just on that last piece did did abstra make the

39:12 decisions for like the bgp peering ASN numbers and all of those different things for you or were those coded in uh

39:19 like well the AWS as number is a public registered number I typed that one in okay the abster numbers I didn't type in

39:26 um uh but you know most of those things uh if it's something that can be pulled

39:32 abstra can make choices for you right uh there's there's as number pools IP pools

39:37 VLAN pools you know all of those kinds of things and then the the last question

39:42 I swear this will last for me um but with all that discussion that we had previously around AI is this intent the

39:49 idea that with this intent that built within abstra now it has that sort of you know me being a kubernetes guy I

39:55 think of it like control loops like it knows what needs to be there and knows how to maintain it and keep it is Abra

40:01 going to be able to do that for us yeah those errors that we saw on the beginning right were because the intent

40:07 that I had just expressed to abstra was that you know the these two leaves should should be talking bgp to each other right they weren't yet right so so

40:15 there was there was a problem there and and you know the closed loop validation found that so there's closed loop

40:20 validation for lots and lots of details of the fabric operation uh uh and you

40:26 know usually when those kind of things are going to go wrong is there's a firewall in the middle that makes it

40:31 impossible or uh you know an equipment failure or cables in the wrong spot or that kind of thing in any other network

40:39 that validation would catch stuff like operator did it wrong yeah right but you

40:44 know our promise is we're not going to do it wrong but we are going to catch you know failing devices and and you

40:51 know external problems and you mentioned this earlier but I think it's worth bringing up again uh something

40:56 incorrectly um configured or something that needs to be added in in certain

41:03 spaces equals the ticket equals weeks of waiting and back and forth and this was just very quick native tools for you

41:10 guys to make stuff happen like you make it in the cloud right that's the messaging is this is a this is non- premises data center made with real

41:16 Plumbing equipment real switches and stuff but you know it's a a little terraform stands to make a thing happen

41:22 and you get that service that you want right then beautiful thank you okay so can we kick out or do you need to move

41:28 on or well well we do need to move on but I can keep talking to you just yeah a couple of quick ones so I guess on

41:34 that note around the compliance of the blueprint what happens if something in the environment gets out of compliance

41:39 and we've got anomalies do we have decisions on how to react to that like can we if abstra can fix it whatever it

41:46 might be can we tell it to go and try and resolve that thing or is it just going to flag it for someone to come in and and have a look at I I think most of

41:53 those things will be uh you know just flag as anomalies that you should investigate okay yeah so there's no kind

41:59 of automated remed at this point I mean I can't think of too many things that could be automatically remediated because the things abstra can control or

42:06 device configs and those are going to be right right so the the problems that come up will be problems that come up

42:12 because of stuff outside yeah yeah okay and just on the note of who who who are

42:18 you seeing in your customer bases being I guess the consumers of abstra like we've got especially in Enterprises

42:24 there's still networking teams that like to manage the network and the the platform itself I guess and the fabric

42:30 uh what you've shown us here is very much in our realm of being you know Cloud consumers and using something like terraform are we coming in you know we

42:38 Cloud people kind of coming in to just consume this from our from our Network team if that still exists in the

42:44 Enterprise and and we're managing all the terraform or do we want Network people to get involved in the terraform

42:50 as well I mean I I I would love it if you went home and and told your network team I need this capability to go buy that product so yes do that yeah yeah

43:00 yeah I guess just from an operational perspective is this is this network people still riding the terraform and

43:06 and and doing all of this stuff or are they making this consumable to other people within the business and saying

43:11 there's a role based Access Control situation in abstract okay so you know that if if you had it your network Ops

43:17 Team if they were the ones in charge of it could absolutely extend that right to you yeah uh you know with with whatever

43:23 constraints are appropriate okay yeah