Skip to content
Network as Code

Understanding Infrastructure as Code (IaC)

What is Infrastructure as Code (IaC)? Infrastructure as Code (IaC) is a key practice in modern IT operations and DevOps that involves managing and provisioning computing infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. IaC allows teams to automate the setup and management of infrastructure, making it more consistent, repeatable, and scalable.

IaC is often implemented using configuration management tools, scripts, and templates that define the desired state of the infrastructure. This approach enables teams to version control their infrastructure configurations, apply changes in a controlled manner, and quickly recover from failures by redeploying known good configurations.

IaC is a fundamental concept in DevOps and cloud computing, enabling teams to treat infrastructure the same way they treat application code. It allows for faster deployments, easier scaling, and improved collaboration between development and operations teams.

IaC can be explained through the following key principles:

Single Source of TruthPre-Change ValidationTechnical ReviewAutomation EnginePost-Change Validation
The infrastructure is represented as code in central source code management. This representation is managed using standard software practicesVerify that the defined data adheres to schema definition. Integrate rules that enforce either technical or policy requirements in the configuration.Same software discipline used in development processes to ensure engineer reviews of proposed changes before pushes to active network devices.Automation is executed from central infrastructure. Execution triggered from process pipeline.Testing to validate that what is the intended configuration in our source repository matches the configuration currently in network devices

Which in the end results in following software disciplines in the deployment of network infrastructure.

When you hear the term Infrastructure as Code, you also might hear terms like software pipelines, continuous integration, continuous delivery, and DevOps. These terms are often used in conjunction with IaC to describe the broader practices and methodologies that enable teams to deliver software and infrastructure changes more efficiently and reliably.

What is continuous integration and continuous delivery?

Continuous Integration (CI)

Continuous Integration (CI) is a software development practice where developers frequently integrate their code changes into a shared repository. Each integration is automatically verified by building the application and running tests to detect errors as early as possible. The main goals of CI are to improve software quality, reduce integration problems, and enable faster delivery of new features.

How does this relate to Networking equipment? In the context of networking, Continuous Integration can be applied to network configuration changes. By treating network configurations as code, teams can automate the validation and testing of configuration changes before they are applied to production devices. This helps ensure that changes are safe, consistent, and do not introduce errors into the network.

Continuous Delivery (CD)

Continuous Delivery (CD) is an extension of Continuous Integration that ensures code changes are automatically prepared for a release to production. CD automates the deployment process, allowing teams to release software updates quickly and reliably.

How does this relate to Networking equipment? In networking, Continuous Delivery can be applied to the deployment of network configurations and policies. By automating the deployment process, teams can ensure that network changes are applied consistently and quickly, reducing downtime and improving overall network reliability.

CI/CD

CI/CD

When you combine Continuous Integration and Continuous Delivery, you get a CI/CD pipeline. This pipeline automates the entire process of integrating code changes, testing them, and deploying them to production networks. The key benefit of implementing this capability for network operations is that it allows teams to deliver network changes more rapidly and with higher confidence, as each change is validated through automated tests before being applied.

What is DevOps?

DevOps is a cultural and technical movement that aims to improve collaboration between development (Dev) and operations (Ops) teams. How does this apply to network operations? In the context of network operations, DevOps allows an organization to treat network infrastructure as code, enabling the teams to build processes that manage network change and configuration in a similar way to how software development teams manage application code.

You may have heard concepts like NetDevOps or NetOps, which are specific implementations of DevOps principles in the networking domain. These practices focus on automating network operations, improving collaboration between network engineers, and leveraging tools and processes that enable faster and more reliable network changes

This combination of capabilities can be represented in the following example:

NAC pipeline example

Here the changes defined in the Source Code Management (SCM) repository are validated and tested before being applied to the network devices. The first step is validation against the data to ensure that it matches expected schema and rules. We include the example of using Thousand Eyes as a way to validate that the network is performing as expected after the change is applied. For VXLAN/EVPN, we use Ansible. So the data is passed into the NaC VXLAN fabric Ansible collection, which applies the configuration to Nexus Dashboard. Afterwards, we perform validation against Nexus Dashboard to ensure that the configuration is applied as expected. The same Thousand Eyes test is executed again to ensure that the network is performing as expected after the change is applied.

Version Control

Version control is a critical component of Network as Code. It allows teams to track changes to network configurations, collaborate more effectively, and roll back to previous versions if needed. By storing network configurations in a version control system (VCS) such as Git, teams can leverage the same practices used in software development to manage network changes.

Version control provides several key benefits for Network as Code:

  • Change Tracking: Teams can see who made changes, when they were made, and what the changes were. This is essential for auditing and compliance purposes.
  • Collaboration: Multiple engineers can work on the same configuration files simultaneously, and version control systems handle merging changes and resolving conflicts.
  • Rollback: If a change introduces an error or issue, teams can quickly roll back to a previous version of the configuration, minimizing downtime and disruption.
  • Branching: Teams can create branches to work on new features or changes without affecting the main configuration. This allows for experimentation and testing before merging changes into the main branch.
  • Code Reviews: Version control systems support code reviews, allowing network operators to review and discuss changes before they are applied to the network. This helps ensure that changes are safe and meet compliance requirements.
  • Integration with CI/CD: Version control systems can be integrated with Continuous Integration and Continuous Delivery (CI/CD) pipelines, enabling automated testing and deployment of network configurations.
  • Documentation: Version control systems provide a history of changes, which serves as documentation for the network configuration. This is useful for understanding the evolution of the network and for onboarding new team members.

Why are network operators interested in IaC?

Operators are increasingly interested in Infrastructure as Code (IaC) for several reasons:

  1. Automation: IaC allows for the automation of infrastructure provisioning and management, reducing manual effort and minimizing human errors.
  2. Consistency: IaC ensures that infrastructure is deployed in a consistent manner across different environments, reducing configuration drift and improving reliability.
  3. Scalability: IaC enables rapid scaling of infrastructure to meet changing demands, allowing organizations to quickly adapt to business needs.
  4. Version Control: IaC configurations can be versioned and stored in source control systems, enabling teams to track changes, roll back to previous versions, and collaborate more effectively.
  5. Cost Efficiency: By automating infrastructure management, organizations can reduce operational costs and optimize resource utilization.
  6. Improved Collaboration: IaC fosters better collaboration between network operation teams, as both can work with the same data source and tools.
  7. Testing and Validation: IaC allows for automated testing and validation of infrastructure configurations, ensuring that changes are safe and meet compliance requirements. In addition, it enables the integration of testing that is always executed during change, adding an additional layer of confidence in the changes being applied.
  8. Disaster Recovery: IaC enables quick recovery from failures by redeploying known good configurations, improving resilience and uptime.