Skip to content

logo

Overview

What is it?

At Criteo, we have decided to fully open source our network automation framework.

We have called it AFK, which stands for "Automation Framework for networK" (yes we are cheating a bit with the "k", but why not 😄). It fits with the idea of being Away From Keyboard while the network configuration is being deployed or updated automatically.

It is based on NetBox, OpenConfig, SaltStack, and supports Juniper JunOS, Arista EOS and SONiC.

Note

If you are using an ad-blocker, this documentation might not work properly as "Criteo" is in some links.

Repositories

Repository Description Latest commit
Network CMDB Network CMDB plugin for Netbox Last commit
Data aggregation API Aggregate data from CMDB and convert to OpenConfig Last commit
SONiC Salt Deployer Tool to deploy and configure salt-minion on SONiC devices Last commit
SONiC SaltStack States/execution modules for SONiC Last commit
SONiC utilities SONiC scripts used by some SONiC SaltStack modules Last commit

Global design

Note

Our approach to automation is opinionated. There are tons of ways of doing network configuration, and choices must be made.

This diagram shows the components of our framework:

flowchart TD
    CMDB[Network CMDB]
    DAAPI[Data Aggregation API]
    DEV[Network_Devices]
    DATASOURCE[Other data source*]

    CMDB -->|raw data| DAAPI
    DATASOURCE -->|raw data| DAAPI
    DAAPI -->|openconfig| SaltStack
    SaltStack -->|configuration| DEV[Network_Devices]

* The Data Aggregation API will be able to get and merge data from other data sources once a plugin system will be in place.

Network CMDB

The Network CMDB contains data relative to the business and is completely agnostic to the network OS.

The models are designed to describe the objects themselves rather than the configuration from device perspective. The idea is also to avoid any data duplication which could lead to configuration mismatches.

For instance, we represent the BGP session itself with two joined tables describing peers: DeviceBGPSession <==> BGPSession <==> DeviceBGPSession

  • DeviceBGPSession contains the local-as but not the peer-as, avoiding data duplication. The peer-as being the local-as of the other neighbor.
  • BGPSession contains all information peers have in common, like state (in production, maintenance etc...) or MD5 password.

Data Aggregation API

This API aggregates data from their sources of truth: the Network CMDB or possibly any other data source you may have.

Then, it computes this data to provide OpenConfig JSON for each device as an output.

ygot is used to validate the output against the OpenConfig YANG models.

SaltStack modules

Our AFK Salt modules takes OpenConfig data and converts it as Network configuration. We are using templates to do that.

The end goal is to simply forward this OpenConfig data to the Network OS to apply the configuration. Currently, OpenConfig is, at best, partially implemented in Network Operating Systems.