When considering application source code, the manner in which consistency is maintained throughout environments is fairly straightforward. Application code is written, committed to source control, built, tested and deployed via a CI/CD pipeline. And, since the application is defined by the source code living in source control, the build will be identical in all environments to which it’s deployed.
But, what about the infrastructure on which an application runs? Consider the challenge presented by managing network configurations in various environments. How can networking be managed in a manner similar to that of the application itself? That is to say, how can network configurations be managed in a way that provides consistency across environments?
The answer lies in managing the infrastructure and network as code. Below, I discuss the concept of Infrastructure as Code; and, more specifically, Network as Code. Additionally, I discuss the role of IT automation platforms such as Ansible when implementing Network as Code, as part of an organization’s infrastructure management strategy.
What is Network as Code?
The concept of Network as Code can be defined, in part, by the term itself. Network as Code is the practice of writing code to perform tasks related to network configuration. Similar to an application’s source code, the code written for the purpose of managing the network can be leveraged to repeatedly apply the same network configuration in any and all environments in which the scripts are executed. In doing so, the issue of configuration drift across environments is resolved.
Furthermore, the code for network configuration is then stored in source control. This provides the organization with the ability to track configuration changes over time, while also providing the organization with the confidence to rely upon the most recent versions of configuration scripts and device information as the proper infrastructure definitions on which all necessary operations can be performed, without issue.
Finally, it must be mentioned that automation is a key aspect of Network as Code. The very nature of managing your infrastructure as code implies that network setup and modifications will be applied programmatically. This is typically done with the help of IT automation platforms such as Ansible (more on this later) and is a key factor in eliminating the configuration drift that can result as a side effect of manual configuration.
Source control as the “single source of truth”
As mentioned above, when implementing Network as Code (often as part of a larger Infrastructure as Code strategy), the code to perform network configuration tasks will be stored in source control. With this being the case, the organization should consider source control to be the “single source of truth” for network configuration. When spinning up a new environment instance, the network must be configured as defined by the most recent versions of the network configuration scripts that live in source control. No more looking at other stable environments to try to manually duplicate the infrastructure in the new instance.
This reliance on source control pushes the organization towards an easier method of managing network configuration modifications. Changes to the network are now made in one place, simplifying the process for identifying the most up-to-date network configuration for an environment. Additionally, this allows for easier identification of when network configuration changes were made and why they were made.
In other words, by standardizing the process for implementing infrastructure changes, visibility is provided into infrastructure modifications that previously didn’t exist. And this visibility imposes a level of accountability on the network engineers making the changes. Additionally, with the network configuration now properly versioned, problematic changes can be identified and rolled back with ease. This leads to less application downtime in critical environments when issues occur.
The role of Ansible in Network as Code
Earlier, it was said that putting Network as Code into practice is done with the help of IT automation platforms. These platforms serve to simplify the process for automating infrastructure setup. One such platform is Ansible.
Ansible is an open-source tool that can be utilized for automating tasks such as application deployment, server provisioning and configuration management. In a general sense, the process for utilizing Ansible to automate IT tasks is fairly straightforward:
- In Ansible, there is the concept of a playbook. These playbooks are written in YAML and contain plays to be run on the desired resource.
- Within each play are tasks. These tasks define the play and contain the actual instructions to be executed on each resource.
- Tasks leverage modules to make the expected changes to the resource. Many pre-existing modules are available for use (including many for performing work related to network configuration), though custom modules can be developed if one doesn’t already exist that will get the job done.
When implementing Network as Code, the role of Ansible is to provide the necessary tooling for automating infrastructure configuration. Instead of manually performing the network setup in each environment, the network engineers would instead develop playbooks (and other necessary Ansible-related resources) to do the work for them. When implementing Network as Code, the ultimate goal is for these resources to live in source control. There, changes can be tracked and the playbooks can be deployed and utilized as needed to make network configuration changes to existing environments or spin up fresh instances of an infrastructure with a fully-configured network.
Moving toward an Agile infrastructure
When concepts such as Network as Code are implemented properly, an organization moves closer to an Agile infrastructure that is easier to manage, and more adaptable to change. Changes to the network portion of the infrastructure can now be made in a manner similar to that of application changes, with modified configuration definitions being committed to source control, tested and then applied to the necessary environments. Additionally, Network as Code practices allow for a new instance of the infrastructure to be hastily spun up with the latest and greatest network settings — allowing the organization to scale efficiently and effectively.
The above advantages afforded by Network as Code, and a larger Infrastructure as Code strategy, provide a level of consistency in environment configuration that’s much more difficult to attain via configuration management processes that require a higher amount of manual intervention. In a way, this practice forces network engineers to embrace practices previously reserved for development teams such as automatic versioning of resources via source control, the ability to standardize the peer review of network configuration changes and the tooling to quickly roll back problematic changes in the event of a failure — thus limiting downtime.