Cisco CCIE Security 350-701 – Network Automation Part 2

3. Types of Network Automation

Next thing we’ll try to understand here what are the different types of automation or what are the different things you can automate? So probably automation can be deployed or employed on any type of network which can be land locally network. So typically LAN automation refers to where the network devices which are generally used in the land can be dynamically discovered or provision. Provision means you can dynamically configure those devices where let’s say you got some switches which comes with a factory default settings, you can change that particular device to the configurations like you can load the configurations which are required for that particular device to be a part of the network and function. So this includes both wide as well as the wireless enterprise networks. So again, you will get some kind of simple dashboard.

There is a software called DNS Cisco DNA which is commonly used from where you can do this automation of the policies or even you can segment the users. So most of the land part is something can be automated. So technically we have something called software defined access. That’s what generally we call it as even the van can be automated. So technically we call this as SDWAN software defined van. So in the case of wider networks or the software defined van, we are going to use an automated approach, the same automated approach for managing the enterprise van connections. Like in your company, you got different types of van connections, you have something like wireless van, you have internet, you have MPLS, you have a broadband connection, so you have different types of van connections and you’re running some kind of VPNs over this as well.

As I said, you have broadband connection or wireless van connections and you can configure this particular van or the network to automatically allow the particular traffic to forward to the more appropriate or the more efficient van path like dynamically choosing which van length should be utilized depending upon the requirements. So depending upon the network conditions or the requirements or depending upon some kind of security policies or the quality of service parameters, these kind of things. So that can be automated. Apart from that data center automation or data center automation is related to the data center networks. So where you can automate the complete process or the routine task or the routine workflow, the regular workflow of the data center can be automated.

So we can schedule, we can monitor, we can maintain or even we can deliver the applications and there are different options we have in that. So all your data center networks can be managed and executed without the human administration. So again, with the help of this automation, you are going to increase the efficiency at the same time you are reducing that time generally will take to do any kind of specific task. In general, even you can automate the cloud networks. Now again, the cloud networks refers to using the cloud networks by some organizations, by some organizations for hosting any kind of applications. Or you can dynamically provision the cloud networks or the cloud computing networks. We can say so here also we can automatically deploy the resources which are required, the containers based on the application requirements. Even the cloud networks can also be automated and also the wireless as well. So wireless automatically it can be in the land. Nowadays most of the wireless network, the use of the wireless networks is increasing in any industry because of the use of the mobile devices which are commonly used for some kind of communication.

So here also we can use some kind of simple wireless management and we can automate the networking and we can also segment the user. Segment is like separation of the users, the devices, whoever connects to that particular wireless network. So any resource can be controlled through the CLA or through the application. So most of these resources, resources means the devices. Here the devices can be controlled either through the command line or generally we use some kind of program in the back end.

We’ll talk about this API later on where there is some kind of application programmable interface which will be interacting between the controller or between the individual devices or between the application and the controllers. So the hardware and the software based solutions the same thing here, the software and the hardware based solutions. Like you have this automation features supported inside your hardware and then you are going to use some kind of external software which are again integrated to provide the automation of these different types of networks. You can automate the data center networks or the service border or any enterprise network solutions. And this is what we call as SDL software defined.

4. What can be Automated – PART 1

Next thing we’ll see what are the things can be automated, like what are the different types of tasks can be automated. We’ll see some overview on that. So previously we have seen the different goals of automation and also we have seen automation types and also the overview of the Sdn, the software defined networking. Now here we’ll see what are the things can be automated. And the first thing is we’ll like plug and play provisioning, initial provisioning of the devices. Now, plug and play provisioning is like automatic deployment of new devices on the network where it can obtain the initial configurations whenever you add any new device. Now this is something like, let’s say I got a remote branch office, the branch location where I’m going to set up a new router, probably an ISR router, let’s say. Now this router, I want this router, it’s like a new router.

Maybe you added a new branch office or maybe you replaced the old router with a new router. Now, what I want is I want this router to be automatically provisioned. Provision means like automatically that should connect and automatically that should get the initial configurations. And automatically it should come up as if it is configured something like kind of pre configured kind of thing. But when you are connecting a new router, it is more like a blank router without any kind of initial configurations. But we can do something called plug and pre provisioning and the plug and play provisioning. What happens is whenever you connect this particular device, so you connect this to the network, maybe to your company network or Internet or whatever the network you’re running. So this is going to connect to the gateway. So this is going to connect to your gateway.

So which means this particular router, even though it is a blank, you do have some basic kind of configurations like basic DSCP enabled feature where and also it has information like what is your gateway and how you are going to connect to that. So probably kind of some basic information will be present which allows that particular router to connect to the gateway, your actual gateway from where it will be getting the configurations. So it’s going to connect to the gateway and it’s going to ask for the configurations. So I’m like a new router and what will be the configurations on my router. And of course before to connect it will be getting some BHCP to get an IP address. There are few basic options run in the back end like DHCP is again the prerequisite for that to work. Now, once it asks the gateway for the configurations, now this gateway is going to send out the full configurations, whatever the full configurations that particular branch office may be with the help of some kind of software. So probably this gateway is going to run some kind of DNA center.

That’s a software which we are going to run on dedicated servers. So it’s a kind of automation software where you are going to manage from a centralized location. So you will be getting the full configurations from the centralized gateway. Now this router is going to download that particular configurations and often it can also download the image depends. So once you download the configurations now this router works just like a router with all the configurations. Means you don’t need to go to each and every branch office and do the initial configurations. That is not required. So we call this as plug and play initial provisioning where you can automatically deploy the new devices and these devices can automatically get the configurations or the images from the centralized gateway.

And this way we can reduce the time take normally it will take for the new device to be a part of the network and become functional. Because if you just think about configuring manually, that’s going to take a lot of time and even most of the time you don’t have an engineer on the remote location who can do the configuration. So maybe you copy paste. That is kind of old method without automation. Now the next thing is like the previous option, we have seen the initial provisioning and once your network is up and running now, once the network is up and running and once we do have some kind of reachability for IP version four or IP version six, whatever the network you are running.

Now this particular devices which are being discovered, like the end users, let’s say the users who are going to connect the traffic should be segregated. So the path segregation can be done. So path segregation is nothing but separation. Like the simple example is like VLANs, which user goes in which VLAN or which user will access which server, so that you can restrict that. This is kind of example. So even you can do this.

Path segregation also can be done dynamically where you can restrict or you can define which users can access what type of servers or separation of the traffic of the customers or separation of your user traffic as well with the help of VLANs. These are the other options. So apart from that we can also automate something called quality of service policies. Now, the quality of service is a method of giving a priority for specific traffic. Like let’s say you have a voice traffic. That voice traffic should be getting something like 26 KB and it should be always go first or some other traffic like you got some SQL traffic where you get a minimum reservation of the bandwidth. So you do some reservation of the bandwidth. So generally you go to the individual devices like routers and you go and configure these policies, the quality of service policies where you’re going to separate the traffic and say that this particular traffic should get this much amount of bandwidth. Normally we can call it as a static quality of service policies where the policies are configured manually on individual devices.

But the problem with the static querys policies is there is no guaranteed application. There is no guaranteed application availability. Like let’s say you have an application running and this application is running some kind of video conferencing application with the VYP running and we have a guaranteed traffic priority for this traffic is let’s say two to six Kbps and maybe the next day or in the evening this requirement may change. So maybe you have more users connected in the evening where you have a requirement is more and there should be some kind of dynamic change of these policies. Okay, so maybe that particular bandwidth is not enough to run the application because the number of users accessing that application is very high in the evening and that way that application is experiencing some problems because of a lot of delays. So with the help of network automation tools, with the help of network automation tools, what we can do is we can address these problems.

So we can tell this particular device or the controller probably it is going to identify the application requirement dynamically end to end so probably end to end requirement at that particular point of time. And based on that particular requirement it can dynamically apply some quality of service policies. So these policies will be pushed to the network devices and depending upon that particular requirement, it can either allocate the specific bandwidth or we can say the bandwidth allocation or it can be kind of giving priority for that particular traffic. So this quality of service policies can be dynamically automated according to the application requirements. So that is what dynamic quality of service policies can also be automated. Apart from that you can also automate the security policies. Security policies. Again, this can also be dynamic. You can take an example like you’re running some kind of triple A in your network and you’re going to run some access list.

Or you are using some kind of Cisco, external Cisco servers for authentication for some kind of device administration or some kind of accounting. So you got different network devices and the different techniques we’ll be using in our network to provide some kind of security. So most of these security options, now let’s say I’m going to apply some kind of security. So with the help of these security options, whatever you’re applying it is going to analyze the traffic. Like if you take an example, you heard an IPS. Now this IPS is going to analyze your traffic and depending upon that, if it identifies any specific threat is detected. So it’s going to generate an alert. And as for that, maybe the administrator has to figure out that there is some kind of threat. And according to this threat, what I need to do is I need to go and apply so and so policy.

Okay? So and so policy. Let’s say there is a kind of external application, probably some kind of attack. So according to that, you are going to apply the policy, but with the help of network automation. What we can do is we can automate the security policies. Means we can tell. That okay. If you detect anything this kind of thread we can tell to automatically apply the specific policy without manually doing it because normally we apply the static policy according to the threat, but we can automate to apply the specific policy as per the possible threats or depending upon the traffic analyzed. Based on that you can deploy a dynamic policies to the existing policy used still have static policies.

It’s not like we are going to replace the static policies so the static policies will be still there on these devices but on the top of it we will be applying some kind of dynamic policies based on the specific requirement at that particular point of time. So these dynamic policies can be automatically.

• Category: Uncategorized