What is Network as Code?
Network as Code is a methodology that applies DevOps principles to network management, through declarative data models, allowing teams to automate and manage network configurations through plain YAML files. Building on the idea of simplifying automation, Network as Code is designed for network engineers who want to focus on intent, not code. It lets you describe your desired network state in clear, human-readable terms, no deep scripting or programming required.
Network as Code simplifies and abstracts complex network orchestration tasks, so users don’t need to worry about intricate details like dependencies, references, or looping logic. With an easy-to-use, opinionated data model and a library of tested, maintained modules, you can spin up entire network fabrics in minutes, simply by describing their intended configuration in straightforward text, without needing deep API or object model knowledge.
This approach is particularly beneficial for teams that want to leverage the power of automation without getting bogged down in the complexities of traditional programming. By focusing on intent and using a declarative model, Network as Code empowers network engineers to manage their infrastructure more efficiently, reducing the time and effort required to implement changes and ensuring consistency across deployments.
Once you have adopted the approach for one technology, you can easily extend it to other architectures and products, re-using the exact same methodology and tools.
apic: tenants: - name: prod
vrfs: - name: prod-vrf
bridge_domains: - name: 10.1.100.0_24 vrf: prod-vrf subnets: - ip: 10.1.100.1/24
application_profiles: - name: vlans endpoint_groups: - name: vlan100 bridge_domain: 10.1.100.0_24 static_ports: - node_id: 101 port: 1 vlan: 100
sdwan: edge_feature_templates: banner_templates: - name: FT-EDGE-BANNER-01 description: Base banner template motd: No message today
sites: - id: 100 routers: - chassis_id: C8K-40C0CCFD-9EA8 model: C8000V device_template: DT-DC-C8000V-01 device_variables: site_id: 200 system_ip: 10.0.0.1 system_hostname: SD-DC-C8KV-01
vxlan: global: name: nac-ndfc1 bgp_asn: 65001 route_reflectors: 2 anycast_gateway_mac: 12:34:56:78:90:00 dns_servers: - ip_address: 10.0.0.2 vrf: management
topology: switches: - name: netascode-spine1 serial_number: 99H2TUPCVFK role: spine management: default_gateway_v4: 10.1.1.1 management_ipv4_address: 10.1.1.21 routing_loopback_id: 0
nxos: devices: - name: LEAF1 variables: hostname: LEAF1 lo0_ip: 10.1.100.3
global: configuration: system: hostname: ${hostname} interfaces: loopbacks: - id: 0 interface_groups: [LOOPBACK_INTERFACE]
interface_groups: - name: LOOPBACK_INTERFACE configuration: ipv4_address: ${lo0_ip}/32
Even though the examples above are specific to different technologies, the underlying principles of Network as Code remain consistent. The focus is on defining the desired state of the network in a clear, text-based, declarative manner, allowing for easy automation and management across various platforms and architectures.
First Steps
Now lets explore how to get started with Network as Code. We will use ACI as an example, but the principles apply to other technologies as well.
Download the Terraform binary for your platform from the Terraform downloads page. There is no need to install it, just download the binary and place it in your PATH.
In a newly created project directory, create a YAML file named
aci.nac.yaml
with the following content:apic:tenants:- name: NACvrfs:- name: VRF1- name: VRF2This file describes a simple ACI configuration with two VRFs under a tenant named
NAC
.Create a file named
main.tf
in the same directory as the YAML file with the following content:module "aci" {source = "netascode/nac-aci/aci"version = "1.0.1"yaml_files = ["aci.nac.yaml"]manage_tenants = true}This is the only Terraform configuration required. We make use of a module
nac-aci
which is published on the Terraform Registry, which we point to our previously created YAML file and enable themanage_tenants
flag to enable the management of tenants using the module.We haven’t yet provided the credentials to connect to the APIC controller. We could put them in the
main.tf
file, but to avoid exposing them in clear text we can also make use of environment variables to provide them. Set the following environment variables in your terminal:Terminal window export ACI_URL=https://10.1.1.1export ACI_USERNAME=<username>export ACI_PASSWORD=<your_password>Initialize the Terraform project by running the following command in your terminal:
Terminal window terraform initThis will download the necessary provider and module dependencies directly from the Terraform Registry.
Once the initialization is complete, you can apply the configuration by running:
Terminal window terraform applyIn a first step this command will show you a plan of what will be created, and you can confirm the changes by typing
yes
. After that, Terraform will create the tenant and VRFs as specified in the YAML file.
Congratulations! You have successfully created your first Network as Code configuration for ACI using Terraform. You can now extend this configuration by adding more resources, such as bridge domains, application profiles, and endpoint groups, all defined in a similar declarative manner. You can explore the different data models available for various technologies in the Data Models section.