MPLS L3 DEPLOYMENT WITH ANSIBLE AUTOMATION

Welcome to this, my first post on my new blogging site for all things network automation related!

In this first installment I am deploying one of my favourite technologies – L3 MPLS VPN 

The goal of this first article is to outline how to setup an L3 MPLS lab from scratch for lab and testing purposes without having to touch the cli of a single router (except for activating SSH and a management IP, Ansible requires these to work 🙂

In the screenshot below is an outline of the network setup.

MPLS-Topology

In the screenshot below is an outline of my playbooks involved in the setup:

mpls-km-ansible-stext

You can visit my GitHub repo to check out the details of the various components involved and clone to set this up for yourself

https://github.com/gitmurph/mpls-km-ansible.git

The lab starts off with a shell script which is just a wrapper that spins up the 3 playbooks involved. The first playbook builds the MPLS Core, followed by the Customer routers and then finishes off by checking end to end connectivity between the PE loopbacks to test the Core followed by an end to end test from the ACME CEs to each other to verify BGP connectivity is working. This is by no means an exhaustive test, and can be modified to include other various testing if required. Feel free to add any suggestions and comments, I’m a novice at this, so any and all opinions are welcome. Let’s get the community going on automation!

In the screenshot below you can see the provisioning script that starts the deployment:

preprovision

Between each phase of the deployment I allow a resting period of 60 seconds so the core can build its adjacencies and LDP and BGP have time to cook, before the customer routers come on line.

I would like to extend many thanks to Bernd Malmqvist over at techbloc.net, for his fantastic articles and would highly recommend you check out his many great posts over there on using Ansible for everything networking related. I borrowed heavily from his cisco provisioning lab to build this MPLS lab and in the spirit of true Devops, reused his script above to bootstrap my own playbooks, thanks Bernd!

When the provisioning.sh scripts starts we get the visual output of the first playbook deploy_pe.yml, which builds the VPN core:

PE-WAIT

After 60 seconds the CE deployment kicks off with the deploy_ce.yml playbook

CE_Deploy

As an example below, is one of my template files I used to build the PE routing configuration for the IPV4, VPNV4 and BGP configuration:

PE-J2

This jinja2 template references an .yml data file which sits in under the host_vars directory which Ansible uses to populate the configuration:

PE-YML

When the deployment of PE and CE routers completes we finish with the connection_check.yml playbook below:

PE_CHECK_VPN

This finishes up the roll out and verifies we have PE-PE and CE-CE connectivity.

On subsequent runs of the playbooks we can see the idempotent power of Ansible and how it contributes to a attaining a desired state configuration standard in the network, as all devices now show as green and no further changes are required as is seen below for the CE playbook rerun:

 CE_Post_Deploy

Well that about covers off this 10,000 foot view of my first automation article, I hope you enjoyed it and check out my Git repo. Keep an eye for further articles and guides through the world of network and systems automation. I look forward to hearing your feedback and learning more on this exciting and curious journey of Devops and Automation. Please leave comments below.

I will soon follow up this lab, with a short video on YouTube, outlining the detailed steps…..