F5 Automation - The Journey

Copyright © 2017 World Wide Technology, Inc. All rights reserved.

F5 Automation – The Journey

My Journey with F5 Automation

Mark Wall Practice Lead – World Wide Technology

[email protected]/in/mark-wall-wwt

Mark WallPractice LeadWorld Wide Technology

Colorado Profile Picture Checklist… North Face Fleece Mountains in Background Dog

mailto:[email protected]

Agenda

Where to start

Level 1 – Write it down

Level 2 – CLI to API

Level 3 – Together with Ansible

Level 4 – Be lazy, work less

Level 5 – Integrate

Additional Example Use Cases

Q&A

Session Goals

Understand the importance of automation with F5

Taking that first step

Common use cases and solutions

Level 1

Problem

Where should I start?

Level 1

You need proper motivation!

Daniel Katwaroo“How to survive in a call center environment”https://www.slideshare.net/danielkatwaroo/how-to-survive-in-a-call-center

fantendo.wikia.com/

Find a simple but annoying task

Creating vCMP Guests

Level 1 - Write it down

Solution

Workflow - tmsh commands in notepad

Template - Find/Replace

CLI - Copy/Paste

tmsh

Automation Workflows• Create vCMP Guest

Level 2

Problem

I have these F5 blank F5 instances up

I need to put the initial configuration on them

Level 2 – CLI to API

Solution

Postman - Free API Tool

iControl - F5 API

Super NetOps Power Up! iControl

Automation Workflows• Create vCMP Guest• Initial HA Setup

Level 3

Problem

Even more requests for F5 pre-built F5 instances

How can I do more than a pair at a time?

Level 3 – Put it Together

Solution

Ansible - open source automation

Spreadsheet - dumb as a hammer

Super NetOps Power Up!

iControl

Me

User

Ansible Server

Automation Workflows• Create vCMP Guest• Initial HA Setup• Multi DC VS and Wide-IP

Level 4

Problem

How can I scale?

My code is unorganized

Level 4 – Be lazy

Solution

Ansible Tower - front end for Ansible

GitHub – version control repository

GitHub

playbook.yml


Me

others

AnsibleTower

Automation Workflows• Create vCMP Guest• Initial HA Setup• Multi DC VS and Wide-IP• Training Lab Re-Build• License Device

BONUS LEVEL

Problem

Creating Virtual Server Templates

Centralizing Orchestration

BONUS LEVEL

Solution

F5 iWorkflow - central orchestrator for F5

F5 iApps - prebuilt and custom F5 templates

Virtual Server Templates

iApps

GUI

API

Template NameVS AddressNode Address

Automation Workflows• Create vCMP Guest• Initial HA Setup• Training Lab Re-Build• License Device• Multi DC VS and Wide IP

• w/iApp Templates

Level 5

Problem

It would save me a lot of time if I could integrate F5

Can I put F5 into the application deployment workflow?

Level 5 - Integrate

Solution

Reuse Code

Leverage APIGitHub

AnsibleTower

InfoBlox

Phantom Cyber

Cisco Cloud Center

iWorkflow

Automation Workflows• Create vCMP Guest• Initial HA Setup• Training Lab Re-Build• License Device• Multi DC VS and Wide IP

• w/iApp Templates• ...too many to fit…

Security Events


Skills Gap

Skills gap between NetOps and DevOps

Transition from CLI to API

Power Up

Command LineFind/ReplaceCopy/Paste PDFsTest Box

APITemplatesWorkflowsCode as DocumentationContainers

Example Workflow Creation Process

post2ansible

Jinja Templates

ArchitectSubject Matter Expert

Deployment EngineersInstructors, NetOps

Configure, test via GUI

Create Postman collectionwith environmental variables

Network Programmability

Developer

Export collectionand variables

json

Ansible Playbook

CCNA levelengineer

Source of truth

GitHub

API

externalservicesCliQr, ServiceNow

GUI

variables

DC 2DC 1

Orchestrator

F5 Auto Config Sync

F5 Config.csv

Simple Example – Multi Data Center F5 Services

• Deploy F5 configs in both locations Active/Active• Single workflow for LTM/GTM Deployment

Orchestrator

F5 Device Info.csv

Simple Example – Initial F5 Setup

• Fully deployed Active/Standby pair of F5 devices• Reads input from spreadsheet

• Network – Self-IP, VLANs, Trunks• System – DNS, NTP, Syslog• Device Cluster – Trust, ConfigSync, Failover• Etc

Example Workflow - ACI /VMWare/ Infoblox / F5

Deploy Application

AP

I

• Creates ANP• Creates Filters based off of App• Creates Contracts• Applies Contracts between EPGs• Attaches VMM Domain to EPGs

-Creates VMware Port-groups

• Clone the Template Specified by CliQr• CliQr interfaces with VWware Tools to gather

data about IP addressing• CliQr Tools reaches back to CliQr to perform post

VM instantiation tasks and scripts

API – Create Port-Group and Assign VLAN IDs Clone

REST API

• Get Next Available IP• Assign FQDN

• Create Nodes based off of Modeled Application

• Create Pool with created Nodes

• Create Virtual Server with IP from Infoblox

Example Deployment – A&O Architecture

CMDB Automated CMDB CI’s add/delete

SplunkSplunk - Central logging platform

Algosec - Security device management

ServiceNow – ITSM for selected profiles.

Jenkins –CI/CD pipelines

Puppet – Primary configmanagement tool. Bare metal with Razor.

Satellite - RHEL license and configmanagement

UrbanCode - Code push and also AIX config management

CloudCenter –Primary A&O Platform. SDDC API Broker.

ViPr – Storage Automation and Reporting Platform

InfrastructureACI, vCenter, F5, FTD, UCS, ASA, EMC Storage, InfoBlox

Good Luck on your Journey!