Packet Pushers Webinar Replay: Analytics and Closed-Loop Automation with Anuta ATOM
Anuta ATOM is a multi-domain network automation and analytics solution for rapid service provisioning, real-time visibility and compliance. As part of Packet Pushers Virtual Design Clinic, Anuta Networks team demonstrated the ATOM solution for building smart, predictable, and responsive networks with Low-Code Automation, Model-Driven Telemetry, and Closed-Loop Assurance.
Download Slides here.
[Kiran] Hello Everyone. I’m Kiran Sirupa, director of marketing with Anuta Networks. Today, I am supported by Dilip Krishna. Hi Dilip, please say hi to the team. Everyone Dilip here, and we also have Praveen Vengalam who will be our expert commentator, he will answer most of the questions as well.
So let’s get started. We have a very packed agenda as Ethan mentioned. what we will do is we will provide an introduction to Anuta networks. As you may not be so familiar with our product and we will discuss some of the features of Anuta ATOM product and then we’ll go into some case studies.Things where customers have seen the ROI. And then, Dilip will walk you through the demo the presentation should take roughly 20 minutes please ask your questions, you can submit in the q&a panel and then we’ll pick up the relevant questions.
Challenges for Network Automation and Analytics
Let’s get started. We all know the networking is complex and it’s getting very complex with trends, such as 5G, IoT and edge computing networking is going to be even more critical. But when you look at the network automation landscape, the operators have a daunting challenge. They have to have expertise in config management, compliance enforcement, software upgrades. They need to have expertise in designing the policy and troubleshooting. And all the while they have a lot of constraints, they have to reduce the OPEX, they have to deal with multi vendor infrastructure. There is a lot of brownfield deployment and there are a lot of existing scripts that needs the care and feeding. And not to forget that there is a trend towards hybrid multi cloud. So the management is always looking at standardization and automation. When you look at the tools that are available. As you can see, there are many tools. There are tools for documentation. There are tools for provisioning, there are tools for Analytics. And there are tools for remediation. But what is happening is your information is stuck in islands of Databases and there is no cohesive way to look at the entire infrastructure as one unit. There is an urgent need to have a comprehensive solution that delivers documentation, provisioning, analytics and of course troubleshooting.
Introduction to Anuta ATOM
So, let me introduce you Anuta ATOM, a comprehensive network automation solution. It is a software only solution, but it works with multi vendor infrastructure. It helps all the way from onboarding the new devices, configuring the various Day-Zero policies on those devices, it helps with software image upgrades and it introduces the self service capability. So from a simple GUI you can push configurations to hundreds of devices. It also collects analytics Using either streaming telemetry or traditional SNMP and using the concept of closed loop automation. It helps achieve compliance for your infrastructure. We will go into more details of each and every Feature of the atom in that we highlight here.
What is Closed-Loop Automation?
[Ethan] So, Kiran, the closed-loop automation in the slide here as well as does that mean intent based networking. Sometimes those terms overlap.
[Kiran] yes Intent-Based is probably a superset of the closed loop automation. What we are doing is we are identifying the day to day operations, the run books, and the troubleshooting that happens in a day to day scenario. And we created a framework. So for example, let’s say you push a config on to the router to configure QoS policy. How can you guarantee that the same quality is currently available on that network. Of course, you issue a bunch of Show commands and we look at the output. And then you take some corrective action you push more commands to the device, right. So this sort of Activity, we are bringing automation to it. So the atom itself will go provision config, checks the statistics using analytics, and if it detects any deviation,, it goes and refines its policy and pushes the configuration back on to the devices. That’s the concept we are going towards. It’s true it is on the way to the intent-based networking. I like to think this is something you can use today for your existing brownfield deployments.
About Anuta Networks
So, I want to highlight that you know ATOM has been in production in large customers for a long time, we have been in business for more than eight years. And large enterprises, large service providers have deployed ATOM. I will go into a couple of case studies later as well. We have automated 45 DIFFERENT VENDOR equipment. Across multiple domains, including Data Center networks, branch networks, campus networks, MPLS and SD-WAN networks.
Low-Code Network Automation with Workflow
So let’s go into this various features of atom, the first feature I would like to introduce is the Low code automation with workflow. We understand defining a policy can be daunting. So we introduced a graphical designers using which you can drag and drop various decision logic modules onto a canvas. It’s almost similar to a Vizio diagram. We have many, out of the box workflows, but we understand it cannot match exactly what you have in your enterprise. So this workflow can be customized For example, you may say, okay, as part of executing this command. I want to open a ticket in the service now. And only when it’s approved, I will go issue the command. So you can mimic such kind of behavior into our graphical design.
See, this is very powerful. You can have a simple policy, such as pushing ACL rule to thousands of firewalls, or it could be a very complex policy like software image upgrade Which requires many pre-checks and post-checks, etc. And this workflow engine can also be triggered by the analytics module, so if the ATOM detects some deviation happening on the network, it will automatically trigger a workflow and the workflow, as I said, can execute either commands to the devices like CLI or NetConf commands or it can even call API’s or if the device supports a yang model, it will execute the yang model as well.
[Ethan] Workflow engine graphical user interface low code. I think that’s a big piece to focus on for a moment here. And you’re saying, I don’t have to be a programmer in order to automate because what you are giving me is a graphical tool that I can build Automation workflows with. Now I know we’re going to see this a little bit later on but but the big idea here is, with the UI I can create this workflow. That’s going to accomplish tasks for me on the network. Configuration task as the case may be, but it also will interact with other systems. I have is that the point you’re making.
[Kiran] Yes, that is correct. You want us to get IP address from let’s say, Infoblox IPAM. If you want us to, you know, you read the syslog notifications for a particular string. All of those things is the ecosystem, we are providing as part of the ATOM. We have an integration into 45 different vendors, they are not just the networking Devices, but also ITSM tools like service now. IPAM like infoblox and you will see later that it’s a very comprehensive list, Ethan.
[Drew] Hi Kiran. My question is around your ability to interact with devices to pull Configure information out of them or interact with them. Look like, I see across the bottom telnet, SSH. API and so on. So, these are the mechanisms you using to either pull information or push information to these devices.
[Kiran] Yeah. And that is correct Drew. we are on the management plane, we are not in the data plane. So that means we can issue show commands, we can read SNMP statistics and subscribe To any other you know API calls from these devices. So that’s the low-code automation. This is where you define the policy.
Configuration and Compliance Management
Now once you define the policy and the atom pushes the configuration of the devices, we need to ensure the policy stays intact. This is where the compliance feature comes up. See The ATOM is constantly reconciling the policy with the device configuration when someone goes in manually edit the configuration, ATOM can detect it and say that device is now out of compliance. We also have service level compliance feature. For example, let’s say you deleted VIP, but you forgot to delete the ACL on the firewall rules, ATOM can detect it and say, hey, this service is now out of compliance and we can also automate some of the day to day tasks. For example, let’s say you want to change the SNMP community string. You can do that or you want to query the infrastructure and say show me all the devices where VLAN 500 is configured or You can say do not allow any weak passwords on any of my vendor devices, whether it’s a Cisco router, Juniper firewall or F5 load balancer. You can enforce password complexity across multi vendor infrastructure. Like that, there are many use cases where our customers have taken advantage of these compliance.
[Drew] And so as a customer, I have to essentially build or configure these policies into your system.
[Kiran] Yes. So we will show you in the demo as well. The auto reconciliation feature comes by default, you don’t have to configure anything. If someone manually changes, it will automatically detect it. But, with these kind of rules where you want weak password or no SNMPv2, those things you will have to configure into Our system. But it is vendor neutral, So it is fairly easy.
[Ethan] You have here on the bottom left 45 vendors. I’ve seen some folks make the claim that oh, we support all these vendors and what they mean is they support. All the different languages of iOS within the Cisco world. So it’s kind of like, you know, they’re stretching it a little bit. How do you mean 45 plus vendors.
[Kiran] Yeah, and So, it is actually like Cisco is one vendor and inside that vendor, You could have. IOS-XR, catalyst switches or you can have API based like Firepower Or, you know, ACI. We have integration with multiple platforms, but it is considered as one vendor Cisco. So like that we have 45 different vendors. If you’re counting the platforms like IOS-XR separately. We have 150 plus platforms.
[Ethan] You mentioned, I can set a standard for how I want NTP to behave and I don’t have to be code specific, so you’re abstracting like the command details away from me.
[Kiran] That is correct. Once a device is on-boarded into our system, a router looks the same, whether it’s a Juniper router or a Cisco router or you know Fortinet firewall, it doesn’t matter, all of the devices. They look the same. So your policy will be at abstract level. Okay, so I’m really building policies and workflows and I don’t have to think too much about CLI stuff, unless I unless I want to Yeah, like I said earlier, the workflow is there. So you can actually issue CLI commands if you really want to as well. So we try to avoid it, but at the same time, we have the flexibility to issue commands to the devices.
Support for Hybrid Multi-Cloud
[Ethan] And I just noticed it says multi cloud there you’ve got GCP AWS Azure listed. What does that mean, this is this is network provisioning, if I have workloads deployed in the cloud too?
[Kiran] Yeah. So for example, we can configure the back end connectivity between your on prem VPN device and the VPN in the AWS cloud. we can configure the interconnectivity the network plumbing between your data center and the public cloud. In short future, we can also automate workloads inside the cloud, such as configuring the load balancer or set up a Virtual Palo Alto firewall in your AWS. We will be able to bring in the life cycle management of that virtual firewall.So that way, You configure the firewall policy once. It will push to the firewall on prem, but it will also push the policy to the Palo Alto firewall in the public cloud as well. I also want to highlight that ATOM is built based on Kubernetes and Docker containers, so it can be deployed in public cloud as well so you can have an instance of ATOM in AWS Cloud, Google cloud, or Azure.
[Ethan] If I’m not running Kubernetes or Docker myself in my environment. Do I have to be concerned about that?
[Kiran] No, We have a packaged Kubernetes in the product with a simple one click for installation. First it will install Kubernetes and then the ATOM docker will be installed inside that Kubernetes, so you don’t really need to know what Kubernetes is or how to install it. I am just highlighting that as the trend towards multi-cloud is coming up, ATOM is built with microservices from the ground up.
Telemetry and Real-Time Analytics
So, the third benefit after we provision, the service. We’re constantly collecting the data from the infrastructure. It could be your traditional SNMP data or the modern streaming telemetry. ATOM can collect all this data. So it can be SNMP collector, Streaming Telemetry collector. It can subscribe to syslog messages, but if you want us, it can also read through any existing syslogs servers like the Splunk, For example. It can be a NetFlow collector as well.
And it consolidates all of these data and publishes them to Kafka topics. So if you have any external application so they can read this summarized information and everything is stored in a time series database. We support Prometheus database, Influx Database. Or if you have a specific time series database, we can work with that as well. And we package the Grafana as part of our products. So you can build various custom dashboards reports. You can also create threshold based email alerts. Etc. So, ATOM has a really modern software stack when it comes to Telemetry. We will share one case study where one of the financial services provider was able to achieve the full streaming Telemetry in their network.
[Ethan] Okay, we got to park right here for sure. Um, so I get that about software stack. Let’s stay Away from that. Now you’re talking about being me being able to collect a whole lot of telemetry Kind of the the umbrella term these days for collecting data from a lot of different resources and bring it all into Anuta ATOM and having It do things, basically all the normal things I would have like an NMS doing for me. Does this mean I could get rid of my existing NMS. If I wanted.
[Kiran] Yes, potentially, if you are using mainly SNMP, and you don’t have any specific vendor features that that you are using then Yeah, that is the vision where Atom can replace some of those traditional monitoring.
[Ethan] So it will be an SNMP poller. For me, it can go out and pull out SNMP stats.
[Kiran] Yeah. That is correct. You can actually define, which MIBs you want us to collect and how frequently, and then how long you want us to retain this data, you will see that in the demo as well.
[Ethan] The Syslog data. So I can send my Syslogs to Anuta ATOM and it is Happening. How sad that this Syslog is so such a wide ranging topic. There’s so many different message formats out there, how well can ATOM parse out the various Syslog I might send it?
[Praveen] Syslogs, there is a bit of a gray area, as you mentioned Ethan. And so that’s one of the area where we will need to write some decoders or regular expressions to parse the data so that we can map it to the right Attributes so that we can do the post processing like the alert generation on the syslog but rest the scenarios where there is telemetry or like SNMP, SNMP traps where there is a schema or more of a model driven approach. And we don’t need to do any heavy lifting there. But for syslogs, there is a bit of work involved.
[Ethan] Okay, good. Good can be done, you can write parsers. If I wanted something custom that that could happen. Yeah.And then flow data also interesting, a lot of that standardized, but you can get into some, you know, like with IPFIX records, you know, strange metadata coming through. Is this another case of We could make it do whatever we wanted it to do to parse out those flow records.
[Praveen] Yeah, it will be, it will be fairly similar approach. Netflow and sFlow are the two things that we are still working on. So that is something that will go digging in some of our subsequent conversations.
[Ethan] Right model driven telemetry. I’m sorry, I’m asking all of these, it’s just they’re all actually really top of mind here for me. When we talk about Yang models and moving towards a standardized way that our data is presented.And sent up, it can sit there and just listen to telemetry that’s being streamed off of network devices, Atom, can, can receive those streams of parse that info.
[Praveen] That is true. That is true. And there are a couple of mechanisms there. One is the compact payload and the other is more like a JSON payload.But in this scenario, the data is so well described, backed by a schema, so we can consume the data we can put that into our storage.And we can do some like post storage analytics or you can do it real time by connecting to a Kafka directory so yeah it all is facilitated by that more modern Declarative way of sending the streaming data on the device out to the collectors side.
[Ethan] Moving up to the, the second row there we’ve got microsecond granularity.And Praveen, you were just talking about being able to parse that data that real time telemetry that’s coming in. Is that what we’re getting at with microsecond granularity. Are we talking about just your time stamping of events. What are we getting at?
[Praveen] So there’s, a couple of things there, Ethan. So one is the how frequently the device is streaming the data. So that’s more of frequency. It could be near real time. Or maybe not. Not close to near real time, right. So that is where the frequency comes in. And then other is the timestamp itself, as you indicated, what is the timestamp used when we are putting the data into the data store. And depending on the underlying technology, it might be milliseconds. It might be microseconds. And that’s where we have the flexibility to kind of Honor the actual timestamp, that the device is generating the data so that we don’t lose any precision of the data. frequency and precision, both are important for the telemetry.
[Ethan] Top there we’ve got Grafana as a way I can display data. do I have access to that Grafana, that is I can build my own whatever customer data representations whatever I am looking for.
[Praveen] Yeah. You have an API and apart from the API, You can also plug into the Kafka. And the Kafka itself could be the Kafka that we provide along the product or it can be customers own Kafka, and say similarly Grafana can be the one that’s packaged with Atom,or it can be your own Grafana. So we provide API access, Ethan.
Alerting & Reporting
[Ethan] And then I think it is my last question for this side but alerting. So I, I assume that means I can hook from Atom, if you probably have your own alerting, but I could also hook into whatever other systems, I might be running and pass alerts into those other systems as well.
[Praveen] That’s correct. So that’s, when you connect to the Kafka, and you collect the data, and then you write your own post processing application, you put the data back onto Kafka you publish an SNMP trap or some other mechanism like a NETCONF notification also will do so as since ATOM already has the mechanism to consume different sorts of southbound protocols, so we can pretty much like integrate in multiple ways, Ethan.
[Kiran] Now that we spoke about telemetry and how atom is collecting all the data, it gives you a powerful framework and we call this concept closed loop automation. Let me explain with an example. You can define the baseline for your infrastructure. Let’s say you don’t expect more than couple of flaps.For every BGP neighbor. Now Atom can look at all the sensors and the data coming from them. So for example, if it’s flapping once every one hour, you can create an alert or a slack notification. But if it’s flapping excessively like, more than four times in every 10 minutes, you can have ATOM execute a workflow or execute a playbook that shuts down the neighbor. Granted, we are not ready for such an automatic remediation. So we integrate with systems like ServiceNow. So it can preview all the remediation steps and only when the operator is happy he can actually approve it, and the ATOM will go push the configuration to the devices. So, we can bring this automatic remediation to the current Networks.
[Ethan] This is an important point. It’s not just configuration and state of network enforcement. You can also react to what is happening on the network and make a change to the network based on what like you gave this example of a neighbor flap neighbors flapping. I want to change what the state of the network is as a result.
[Kiran] Right. So, we are rules based and so you can have different levels of actions based on deviation happening on the same metric.
[Ethan] For those of us that are afraid and at the thought of something automatically based on a set of rules, causing a change in the network is there. A testing method or something. For this we can kind of see what would happen if we lit up the rules?
[Praveen] so whatever we’re doing in this is would’ve gone through a proper DevOps process where we would have been tested and then we would have deployed into production.And even in those scenarios. So it really depends on the comfort level you have with your procedures or MOPs that you have defined And if at all there is any room where you want to be doubly sure, Right. So what we can do is, before we change the we can apply the change, we can actually submit a trouble ticket into Like a favorite ITSM tool. Somebody can come in and see what’s, what is the action that we’re going to take and then we can go and apply the change. But in a data center environment and we are really looking at a very dynamic remediation process. Or we could possibly do the change. And that’s where your trust in the data comes into picture. As long as the data is real time and The MOP is thoroughly tested, it will just depends on the confidence you have in the data and then the rules, you’re doing. But we do have scenarios where yeah I mean to make sure I mean, an admin or operator is kept in the process. We can add an approval cycle.
[Drew] For this closed loop component of it. So after Reviewed whatever changes have been proposed to them personally but like the changes.Does Anuta then go back and double check again to make sure, yes. The changes actually went through when the problem is fixed.
[Praveen] So that’s where the workflow aspect comes in. So, the fact that The fact that we have done a change. Again, syntactically, the device might have accepted that configuration, but is the behavior. As expected, could itself be a step in the closed loop automation. We because we’re going to be observing some other kind of data now possibly Can you see that things are okay so that’s what is going to help us to clear the state of something has been broken. We fixed it. And then we can go back and clear. To clear, What is the condition that we have to check. But all of those can be as part of the alert definition and we can take care of that.
45 Supported Vendors
[Kiran] So, Now I’ll quickly wrap up the presentations, so we can spend more time on the demo here. I mentioned 45 vendors right you can see the list here. We support all the leading vendors switches, routers, firewalls, VPN devices, web proxies, load balancers, SDN controllers, even IP address managers, ServiceNow kind of ITSM tools. Yes. and we have integration with SDN controllers, SD-WAN controllers and this list continues to grow as part of the base package it self. And if a particular vendor is missing, You can add support for it within few weeks, we are using the IETF Yang models, which is a fairly extensible standards. So any customers or partners can also modify these device packages.
Case Study – Cloud DDoS Mitigation at Neustar
[Kiran] So let me quickly walk you through a couple of customer deployments were atom has delivered the ROI. The first customer that I would like to talk about is Neustar. They are a global DNS provider, but they also have a service called site protect That provides cloud based DDOS mitigation service. So when neustar’s enterprise customers are under DDOS attack. All the traffic is redirected to neustar’s cloud. So, on demand neustar has to provision, an end to end circuit. So they have to configure a Juniper router, an Arista switch, a Citrix Netscaler and an arbor peak flow and they need to ensure enough bandwidth is dedicated for each of those DDoS victims.So, they’re constantly collecting their statistics on these devices to ensure the SLA for each of their tenants. So, ATOM is helping them automate the whole network provisioning and collection of various network operational data.
Case Study – Analytics & Telemetry at Global Financial Services Provider
The second case study is a financial services provider and they are consolidating network data for multiple formats like the Streaming telemetry, SNMP, Syslogs, path computation engine, net flow records and consolidating everything into a time series database and using the ATOM API, they can expose this network data to northbound applications for performance monitoring, latency optimization, capacity planning, as well as predictive analytics and closed loop automation. So, ATOM is helping consolidate all the network data and introduce a single source of truth, for these kind of customers.
So, this concludes presentation portion for today. So I will now hand over the meeting to Dilip.
Demo – Outline
[Dilip] Hello, everyone. I’m Dilip Krishna and part of the product marketing team within Anuta. So let’s quickly get started. So here’s the brief agenda for today. So we will touch upon the resource management aspects of ATOM and then we will look at some of the network automation capabilities of Atom. And in the combined section, we look at how ATOM delivers configuration consistency in your network.ATOM can become a single pane of glass for for your network in the telemetry and analytics section and to wrap-up, We’ll see a concept called a closed loop automation, where you can see how Atom can provide you an automated Service Assurance. So let’s get started.
[Ethan] For those of you in the audience. If you were distracted, looking at something else. This is the time to really zoom in, because a lots about to happen in a hurry. Drew & I have seen this. So this is the time to tune in closely.
Demo – ATOM Resource Management
[Dilip] So what you’re seeing here is the atom UI and Atom has a very open framework. So whatever operations we are about to do using the atom UI. You can do it using your OSS BSS or the ITSM tools that you have in your network.
So the first thing that we do when we bring in, ATOM into your network is onboarding of the devices. So you can see a List of devices. Here I have taken one example to explain this a little bit more detail. So here you can see the various information that we collect from your devices. You can see the heat maps, your health device health compliance and all that. And we also retrieve configurations from your device. Now we can act as your config archival platform, you can Choose couple of your configs and do a compare of the configurations, where you can do a config diff they’re right and using this configuration. We also map it to the device models that we have For example, these are all Yang models, Yang data models. Of this particular device. And you can see I’ve chosen couple of entities. Here, for example, I’m looking at the VLANs in this case and all that you see here are the different VLANs on this particular device that I chose.
So, now we have the Devices on boarded we have the configurations ready right so now what now what we do is we go ahead and build the topology of your infrastructure. So you can see here that the topology is built using the CDP and LLDP tables on your device, but we don’t stop there, we actually go ahead and Overlay. A lot of details on top of the topology. For example, you can see the device details that are pinned here. Right, and also the operational data and performance data here. For example, if you want to monitor the bandwidth of this particular link. You can actually go in and configure your sensors or SNMP data here. And based on that, you can actually have your real time data overlaid on top of this topology. So now we have your devices on boarded configurations retrieved. You are topology ready to go. Right.
Demo – Stateless Service with Workflow Automation
Now this brings us to our next topic, which is network automation.Now in network automation typically there are two use cases. So one is stateless use case. And then we have this stateful use case. So let’s get to the stateless use case. First, we have A small slide on how this works. So when when I mean stateless use case. This is more of a task oriented use case, you generally come and do an activity and just forget about it. And one such a task is software image management, which becomes a very complex and tedious process in many of the enterprise’s Mainly because in every vendor has a different way of doing it, every organization has their own method, of procedure of doing it right. And that includes a lot of pre-checks and obtaining approvals, then you have a lot of post-checks to be done and the update activity itself. And just in case it fails, and you have to do all these activities all over again. So it can be a very complex process right.
So let me take one example to explain this a little bit more as in how our ATOM’s workflow automation or low-code automation can become a very handy tool for operations. Here you can see the one of the workflow that I’ve chosen, but one point that I do want to mention as Kiran mentioned here. That it is not just restricted to software image upgrade or maintenance upgrade. You can have your simplest of use cases be like a device provisioning or firewall Provisioning anything that can be a simplest use case or it can become your most trustful, you know, trustworthy troubleshooting guide you can become the entire documentation for all your method of procedures, of your network. So this can become you’re really helping guide for your entire network operations. The one that I’ve chosen. Here is an example of software image upgrade, which we delivered delivered for one of our customers.
Software Image Upgrade with Workflow
Let me just walk you through this particular flow. So you can see here that we have few boxes. Which we can literally drag and drop and create this workflow and these boxes here are the pre-checks. So we are executing a few of the show commands. Right. And then as part of the action if these are successful, we go and execute a particular action that action here is like a call disk space check.But this itself as a workflow. So what what is happening is we have a main workflow, into which a sub routine is being you know attached. So we have another workflow being attached to that. And let’s say this particular workflow is successful, then we go ahead with a lot of tasks that have been created a lot of system paths are being created like cleaning up the Unnecessary files or it could be uploading the new package contacting the image servers. You can do all that. And finally we get to a stage where we have to reboot router. Basically, you have to activate a new package. Right.
So at this point, we have to reboot the router and we have integrated a user approval into this admin can actually log in to ATOm and give an approval or the approval can come from a ServiceNow, it can come from a slack. You know, it can come from any of them. And once that happens, we go ahead and reboot the device. Now, from a notification from an SNMP notification or a trap notification, we go to find out that the device has come up and then You could do post checks in this case and we understand that sometimes the upgrade wouldn’t go well due to whatever reason that may be And we have also factored in that into this workflow, where you can see that we have put in a section which can help you to revert back to last, best known image also So what we’re giving you as a framework where you can have Pre-Checks, Post-checks, approvals and the activity itself like a very flexible framework and all this can just be dragged and dropped and then create your own workflows to get there. And all of these boxes on this workflow.
[Ethan] Looks familiar to people who are have done flow charting ever in the past. And this represents things that are actually happening. This is a design tools that results in an actual workflow.
[Dilip] Yeah, that’s true, that’s true, that’s true.
Demo – Stateful services with Service Modeling in ATOM
so this is about the stateless use cases. So now let’s look at the state full kind of use cases. Right, this is a case where you know you want to create a service across your network. You know, and then you know you probably have to update the service update the ACL rules or create more routes. It’s probably the, you have to maintain the entire life cycle of that service. Those are the ideal candidate for the service modeling that ATOM serves. So let me take one example again to Walk you through this.
So the first one here. What I have is an application delivery use case. So here you can see that I have a load balancer, a firewall. And an Infoblox IPAM device. And ideally, if you want to provision a service across these, you might have to run across multiple teams to get this solution and there might be delays and Provisioning itself. Right. So you want a single form, but it can populate the entire parameters for firewall, load balancer, info blox and then with a single click and entire provisioning should be done. So that is what we can provide you with. And I’ve already executed this in the interest of time, right.
So what you can see here is the set of parameters. So if you can see We have the load balancer VIP pool. You can see the firewall parameters here and the IPAM A records which are because IPAM was acting as a DNS In this case. so What happens is the atom, actually, you know, converts all these into different commands. Now it could be that the device is accessible over an API or over NETCONF. Or it could be a CLI command itself right so you can see we are contacting the IPAM device using API’s and some of the juniper commands here. This is an SRX device that I have. So, some of the juniper commands are also automated. so irrespective of what transport type are used to access that particular device, we can provision, any of those. And you can do this across 45 different vendors.
[Ethan] Being I don’t have to know all of that stuff or worry about those I’m building a model. Atom is abstracting away the details of how the devices are configured to meet that model away and I can see all the code, if I want to, you just showed it all to me. I don’t have to know or care.
[Dilip] Yes, it’s all abstracted. That’s true. Yeah, right.
Demo – Configuration & Compliance Management
So that brings us to the next topic, which is basically compliance, right. So we’ll look at how that Atom works. On that front, so it’s it’s so we already discussed how atom retrieves the configuration from the devices and does the service provisioning, but what it also does is to Look for any of the out of band changes. It is very, very much possible that a network admin goes and changes the configuration as part of a troubleshooting activity. we can detect that configuration difference.
So for example, in this case, the VRF is the missing piece in the in the config. And it also gives the configuration that needs to be reconciled. Now this can be automated. Of course, but we also give the power to the admin to basically override the configurations. So for example, if the change on the device was not legitimate. You can ask Atom to override the golden or the base config back on device or let’s say the the change was actually legitimate, then we can ask Atom to take that configuration and write it back to its database. So that’d be regularize the configuration across your network. we do not do, just do it for the devices alone that can be extended services also so that can be defined the previous example, same The can be an ideal candidate for any kind of service reconciliation as well.
Demo – Telemetry & Analytics
The next topic I have is telemetry and analytics and we can see how Atom can become your single pane of glass. So here you can see that well we can be your collector for SNMP. streaming telemetry,SNMP traps and syslogs, I will take SNMP and telemetry For today’s demo. So you can see here that I have SNMP collection profile ready to go. And what I can do is I can choose from the number of out of the box SNMP MIBs that I already have here. If you don’t find some of the SNMP MIBS in it, you can actually download it from the internet and upload it. To the ATOM database and then should be available here.
So you can choose from the numerous SNMP MIBs that you can see here. And then you can put in the polling frequency as well. And once you have the collection profile ready you can just push it to a single device or A group of devices or it could be a resource pool. For example, a location, your data center itself can be resourcepool and we just push all this data and once configured all the performance based SNMP data that comes back is stored into our time series database – Can be prometheus or influx database.
The same is applied to the telemetry aspects, as well. So as you as you might know that streaming telemetry is very hot these days and Cisco and juniper, the new generation Cisco and juniper devices support lot of a lot of them support this particular technology. Can either be, ATOM support that, and you can choose the platform here, we chose different transport types – could be your Google protocol buffer the gRPC or the TCP Dial-mode. Load encoding right and then you get to choose from the numerous sensors that are listed here. So let’s say the device supports many sensors. You can choose any granular kind of sensors that you want to any depth that as possible. Then you can choose the frequency at which you want to collect that and also the data retention, you have huge data coming in. So you may want to Say, okay, I want to retain this data for a year or a few months of days, right.
So, and you can also filter the data. And again, once we have this profile ready you can push it to again to a group of devices or device that that supports the streaming telemetry. And once this happens we subscribe to those sensors provision, the devices for those particular sensors and all the data that comes in, that also includes the SNMP data that I discussed, everything is going to be exposed as a data source in your Grafana Dashboard. So Grafana, like we discussed earlier, is a very flexible and customizable. visualization tool so you can basically customize it to your needs so you can know for example, I’m looking at a particular interface here bubbled up to a device or even a network level. And if you have a Grafana already in your network, you can actually use that for your virtualization purposes.
Demo – Closed-Loop Automation
Now, we have done the telemetry and the analytics. So we have a lot of data coming in, like, and as Kiran mentioned, we use this to trigger a framework which is called as closed loop automation. Let’s quickly take a couple of examples to make this clear. So I’m taking an example for CPU utilization notification. That I have a framework where I can define conditions and I can choose any of the functions that are available here I can mention a particular sensor that I want to Monitor, now this could be a single sensor or you can just keep on adding and mixer, you can just mix and match any number of sensors here probably monitor your CPU, as well as memory and then you can set that threshold.
So can say that again. I don’t expect it to go beyond 70% if it has to if it goes beyond 70% for a period of five minutes, then I can set a severity to it. and also take action, action could be to send an email to one of the network admins or a mailer group or it could be a slack notification. Or we can even send or raise an alarm with the different categories that are available here. So this is one example. About notifications. Now we can take this to the next level of auto remediation also something. Another example, which is what BGP Neighbor flaps. So here we give you an option to basically express your conditions in multiple ways. The first one could be the one that I showed you earlier. And here you can basically query our database. It could be the prometheus or influxdb that we support you can choose one of them. I can stay that okay my Show me. If the connection state changes more than five times. Then I need to set an action here, so that action again could be a notifications that we discussed Or it could be a remediation action also. So it’s like shutting all the neighbor shutting on the interface or it could also be to invoke a workflow. So we know that all the remediation actions are not straightforward.
So you can actually go ahead and write a workflow to basically Address your remediation actions, but a very simple example. Let’s say, or might not be the right one. Yeah, but at least if you want to, let’s say, as part of the CLA, you want to create a L3 service, you could you could do that also says you can you can just invoke the workflow using CLA. See what you’re saying.
[Drew] With this closed loop automation, essentially you can like using the workflow tool, you can say I’m building workflow to in case of this condition execute these commands. And then click a button, it’s going to happen.
[Dilip] yes,the action in the particular workflow can be triggered by the CLA, it could be an approval process itself, for example, to take that action. For example, I mentioned actually go ahead and will, get approval through service now and any kind of workflow can be integrated into this closed-loop automation.
[Kiran] Okay, thank you. Thank you, Dilip.
So, I want to conclude by saying, you know, ATOM is an integrated solution that supports all the way from onboarding the devices, provisioning, analytics, as you saw closed loop automation. It simplifies the day-to-day operations of Operators and it uses the modern architecture it scales to thousands of devices and it’s proven in large enterprises and large service providers.
so we welcome you to check out additional resources we have set up a website called anutanetworks.com/packetpushers. So the first 30 people who register will get the Anuta T-shirt. You can also check out the the full demo that Dilip showed today and also the additional datasheet and case studies. Thanks for giving us this opportunity and we look forward to continuing this conversation.