When considering application source code, the way you maintain consistency throughout environments is mostly straightforward. You write application code, commit it to source control, and then build, test and deploy via a CI/CD pipeline. Since the application is defined by the source code living in source control, the build will be identical in all environments to which it’s deployed.
But what about the infrastructure on which an application runs?
Consider the challenge presented by managing network configurations in various environments. How can networking be managed in a manner similar to that of the application itself? That is to say, how can network configurations be managed in a way that provides consistency across environments?
The answer lies in managing the infrastructure and network as code. In this article, let’s look at the concept of Infrastructure as Code (IaC) and more specifically Network as Code. Then we’ll look at IT automation platforms such as Ansible when implementing Network as Code, as part of an organization’s infrastructure management strategy.
What is Network as Code?
Network as Code is the practice of writing code to perform tasks related to network configuration. Similar to an application’s source code, the code written for the purpose of managing the network can be leveraged to repeatedly apply the same network configuration in any and all environments in which the scripts are executed. In doing so, the issue of configuration drift across environments is resolved.
Next, the code for network configuration is then stored in source control. This offers the ability to both:
- Track configuration changes over time.
- Increase organizational confidence to rely upon the most recent versions of configuration scripts and device information as the proper infrastructure definitions on which all necessary operations can be performed, without issue.
Finally, network as code is not successfully without automation — it is a central aspect. The very nature of managing your infrastructure as code implies that network setup and modifications will be applied programmatically. This is typically done with the help of IT automation platforms such as Ansible (more on this later). This automation is a key factor in eliminating the configuration drift that can result as a side effect of manual configuration.
Source control as the “single source of truth”
When implementing Network as Code, often as part of a larger IaC strategy, the code to perform network configuration tasks will be stored in source control. Therefore, your team should consider source control to be the “single source of truth” for network configuration. When spinning up a new environment instance, the network must be configured as defined by the most recent versions of the network configuration scripts that live in source control. No more looking at other stable environments to try to manually duplicate the infrastructure in the new instance.
This reliance on source control pushes the organization towards an easier method of managing network configuration modifications. Changes to the network are now made in one place, simplifying the process for identifying the most up-to-date network configuration for an environment. This also allows you to easily identify both:
- When network configuration changes were made
- Why they were made
In other words, by standardizing the process for implementing infrastructure changes, visibility is provided into infrastructure modifications that previously didn’t exist. And this visibility imposes a level of accountability on the network engineers making the changes. Further, with the network configuration now properly versioned, problematic changes can be identified and rolled back with ease. This leads to less application downtime in critical environments when issues occur.
The role of Ansible in Network as Code
Earlier, it was said that putting Network as Code into practice is done with the help of IT automation platforms. These platforms serve to simplify the process for automating infrastructure setup. One such platform is Ansible.
Ansible is an open-source tool that can be utilized for automating tasks such as application deployment, server provisioning and configuration management. In a general sense, the process for utilizing Ansible to automate IT tasks is straightforward:
- In Ansible, there is the concept of a playbook. These playbooks are written in YAML and contain plays to be run on the desired resource.
- Within each play are tasks. These tasks define the play and contain the actual instructions to be executed on each resource.
- Tasks leverage modules to make the expected changes to the resource. Many pre-existing modules are available for use (including many for performing work related to network configuration), though custom modules can be developed if one doesn’t already exist that will get the job done.
When implementing Network as Code, the role of Ansible is to provide the necessary tooling for automating infrastructure configuration. Instead of manually performing the network setup in each environment, the network engineers would instead develop playbooks (and other necessary Ansible-related resources) to do the work for them.
When implementing Network as Code, the goal is for these resources to live in source control, which is where you can track changes and deploy and utilize the playbooks in order to:
- Make network configuration changes to existing environments.
- Spin up fresh instances of an infrastructure with a fully configured network.
Network as Code supports Agile infrastructure
When concepts such as Network as Code are implemented properly, an organization moves closer to an Agile infrastructure that is both:
- Easier to manage
- More adaptable to change
Changes to the network portion of the infrastructure can now be made in a manner similar to that of application changes, with modified configuration definitions being committed to source control, tested and then applied to the necessary environments. Additionally, Network as Code practices allow for a new instance of the infrastructure to be hastily spun up with the latest and greatest network settings — allowing you to scale efficiently and effectively.
Benefits of Network as Code
The above advantages afforded by Network as Code, and a larger Infrastructure as Code strategy, provide a level of consistency in environment configuration that’s much more difficult to attain via configuration management processes that require a higher amount of manual intervention.
In a way, this practice forces network engineers to embrace practices previously reserved for development teams such as automatic versioning of resources via source control, the ability to standardize the peer review of network configuration changes and the tooling to quickly roll back problematic changes in the event of a failure — thus limiting downtime.
What is Splunk?
This posting does not necessarily represent Splunk's position, strategies or opinion.