DevOps Chat: DevOps and the Programmable Network with Cisco DevNet
Source: devops.com
Network technology has undergone its own transformation in parallel with cloud infrastructure, how we create software and the adoption of DevOps. SDN, NFV, virtual network appliances and an ever-expanding suite of APIs make network and security technologies much more accessible to developers.Recent Posts By Mitchell Ashley
Network engineers’ worlds are rapidly changing, too. From highly skilled to associate-level, all network engineers are faced with building up a new and necessary skill: software development. Learning software development can be a daunting, intimidating proposition even for someone already skilled in the network engineer domain.
So, how do we lift up the community of network engineers and help them build their development chops? How can software and DevOps engineers easily get access to all the programmatic interfaces that configure, manage and control the network?
These questions and more we explored with Susie Wee, founder, senior vice-president and CTO of Cisco DevNet. DevNet is an online resource full of information for app developers, infrastructure developers and network and DevOps engineers. On DevNet, you’ll find training (Python, API and more), sandboxes for experimentation, code exchanges (including GitHub), CI/CD and new Cisco certifications for software.
Transcript
Mitch Ashley: Hi, everyone. This is Mitch Ashley with DevOps.com, and you’re listening to another DevOps Chat podcast. Today, I’m joined by Susie Wee, founder, SVP and CTO of Cisco DevNet. Our topic today is a really interesting one—DevOps within a programmable network. Now that we can program the network, what does that mean to the DevOps world? Susie, welcome to DevOps Chat.
Susie Wee: Hey there, Mitch, it’s great to be here. Thanks for having me here.
Ashley: Thank you so much for joining us. Hey, would you start out and just introduce yourself to our audience, tell us a little bit about what you do and what you do at Cisco DevNet?
Wee: So, I’m at Cisco, and as you said, I founded DevNet, which is Cisco’s developer community—and you might be wondering, “Why does Cisco have a developer community?” It’s because the network has become programmable, and we’ve been really driving that whole portfolio of networking to not only be software and hardware, but you know, to have both. And the fact that the network has APIs, the fact that the network is programmable means that there’s a fundamentally different way to leverage the network. And the thing that we recognized more than five years ago is that we are going to be pushing our technology portfolio towards software, towards programmability, towards having APIs, but what that also means is that the people who operate networks and the people who interface with networks need to learn about that.
Ashley: Mm-hmm.
Wee: So, in addition to building our products in a software and programmable way, we had to bring our community along as well, so we formed a developer community for Cisco, and that’s what DevNet was all about. It’s our developer program that builds our developer community, and when I say developer, I actually do mean software developers and the way that we think about software developers—people doing DevOps, people writing applications—but I also include networkers and specifically networkers who are running networks who need to learn some software capabilities so that they can use the programmable network.
Ashley: Interesting. I was sharing with some friends several years ago, maybe nine years ago, a network engineer asked me for some help with career development and the first thing I said was, “I think you need to learn Python,” and of course, he wasn’t familiar with that, and he went to a Cisco live event and heard about the visualization of the network and programmability and came back all excited. And, of course, I didn’t have much to hand him other than, “Here’s a Python book.” I don’t know what APIs are available yet, but things have, of course, evolved greatly.
How would you describe where we are today and what’s the way to get started and get going with this?
Wee: Excellent. Well, the thing that I’ll tell you is that you are a visionary to have given him that advice five years ago. [Laughter]
Ashley: Check is in the mail, I’m writing it out now. [Laughter]
Wee: [Laughter] Check is in the mail. And basically, now, you actually would have somewhere to send him to, which is to DevNet, the reason being is that, you know, if you go to Developer.Cisco.com, and everything in DevNet is in Developer.Cisco.com, we have all of these free resources, like coding resources, learning resources, learning about APIs. Python is definitely fundamental to what we’re teaching, because we’re recommending that we use that as actually our base language and, obviously, people can use any language that they want, but it’s a great tool set to start out with.
And, you know, in addition to Python, there’s of course just using all of the software development tools that we want people to use like GitHub, Postman, you know, just your favorite code editor. So, we have a whole bunch of, just, regular software tools that we wanna make sure our networkers are familiar with. We want them to understand the practices used in software, you know, just code sharing, right? So, just using GitHub repos, and using it not only for sharing code, you can actually use it to share network configs and check network configs and use it in CI/CD pipelines.
So, there’s a whole bunch of ways that we want the networking industry to use software practices and software tools. And so, at Developer.Cisco.com, we have learning labs, and we have StartNow, like, Developer.Cisco.com/StartNow is a place for that networker to get started with software to get started with our APIs. But in addition, we have stuff for advanced software developers as well. Like, if they wanna get in there and just start programming a network, doing some automation, using advanced security services and things like that, we actually also have a DevNet sandbox. You know, if you wanna play around with this world, you might not have a bunch of kit in front of you to start coding.
Ashley: Sure, yeah.
Wee: And so, with the DevNet sandbox, you can actually make reservations to real networking gear, real security products, real collaboration products—things that you can actually get active with right away to, you know, even test out your advanced coding and advanced networking needs.
Ashley: Well, it’s interesting, because it seems like—I mean, you understand software, coming from your background with HP and all the work that you’ve done. You’re really trying to marry these two different disciplines about how software folks think of the world, you know, sort of a GitHub of networking kind of attitude about tools and how to learn and downloading code segments and things that’ll help you experiment with what may be a CCIE or a CCNA engineer has experience with in their certification training where they’ve got a sandbox lab, that they don’t have to create their own physical lab—kinda married those two worlds together.
Wee: We have, and it’s super interesting, because when we talk about who will run the IT system or the DevOps kind of platform and infrastructure of the future, will it be the CCIE networker, you know, who really knows how to run mission critical networks and keeps these things up 24/7, you know, many nines of reliability? Or will it be a software developer who really understands the software skills, can code up hundreds of lines of code a day? And really, what we’ve come to, you know, in watching people who move to automation and things like that is, it’s a combination of both. You’re gonna want someone who really understands networks, [Laughter] you know, to that really professional level.
Ashley: Mm-hmm. Oh, sure.
Wee: And you’re gonna want someone who can code. You might find the unicorn that does both and knows both of them to the level of, you know, of a CCIE networker or the advanced software developer. But chances are, you’re gonna have a set of folks working together. You also want the networking tools to be simplified so you don’t need that really high level, and there’s a lot of automation that occurs. You know, so if you’re kind of a smaller outfit or growing in another way—but oftentimes, you’re gonna want these groups to be working together, and that’s what we’ve tried to hit with DevNet.
Ashley: Well, you know, what you describe is, I imagine you’re leading towards something that looks like what DevOps is today or DevSecOps including security as part of the DevOps suite of everybody working together. What does the NetOps or the NetDevOps world look like as you’re helping folks move out of the networking centric world and the software centric world to where that’s blended together?
Wee: Yeah, so, I—and I think that the importance is that we do the blending so that we can take the best from both worlds. I see it as pretty flexible, and once again, whether it’s all embodied in, you know, one person, the unicorn who learns it all, [Laughter] but more likely is that you have the right level of instructions and you have people who can interface together.
So, one of the new things that we actually just announced last month, or in June at Cisco Live, is a brand new Cisco certification that is a Cisco DevNet certification
Ashley: Excellent.
Wee: And what happens is—actually, I have just all the respect in the world for the networkers of this world, and there is 1.7 million Cisco certified professionals, like, people who have earned a Cisco certification in the world. And basically, they know all about networking. And Cisco certifications have been out there and if you’re a CCNA associate level, professional, CCNP or the highly revered expert CCIE—now what we’ve done is, with Cisco, we’ve created the Cisco DevNet certification. So, we have a Cisco DevNet associate level, professional level, in the future we’ll be announcing the expert level as well. And this is bringing that set of software skills to networking.
And so, if you go and take a look at Developer.Cisco.com/certification, you’ll see that it’s actually all of the software tools that you would need to learn.
Ashley: Right.
Wee: So, you know, using rif APIs, using APIs securely, using authentication. So, it starts from fairly beginning software, but in a rigorous way, and gets up to fairly advanced software topics as well. And what that does is, that helps train up the software folks or at least validate the software folks who already have those levels so that they can work together.
Now, the way that we designed it is that our networking certifications are 80% networking, 20% software. Our DevNet software certifications are 80% software and 20% networking.
Ashley: Okay. Interesting.
Wee: We’ve done that so that these folks can work together, you know? And so, there is a little bit of networking that you’d have to learn, but enough that you could be effective in it, that you could really deliver these systems, that you could write automation software for DevOps pipelines that leverage the programmability of the network. So, it’s a pretty important part of what we’ve done here.
Ashley: Well, you’ve created, really, an exchange by focusing on automation as a core use case. So, coming to software can be really daunting, right? I need to learn this language, I’m not even sure what problem I would solve with software, how I would write something to do something with software. So, it can be really intimidating, so I really like how you’ve laid out automation as a key subject area, use case for people to collaborate on at the site where they can share their code and get [Cross talk], right?
Wee: That’s right. So, what we did was, also in June, you know, we announced the new DevNet certifications, but we also announced the DevNet Automation Exchange. And basically, what we recognized is that automation is our customers’ biggest problems. So, basically, anybody who just has any type of infrastructure needs to work on automation, because their infrastructure has grown, their businesses have grown, they’ve had to scale out their infrastructure. And what they need to do is automate it. And this goes all the way to even manufacturing companies, right?
Ashley: Sure, yeah.
Wee: So, you’re digitizing, you need to automate your IoT, you need to automate your collaboration, your systems, you need to automate just your compute and your network.
So, automation is the biggest problem and what happens is, Cisco’s products—well, actually, in many products around the world for infrastructure—our software product, they use SDN, virtualization, they work in a software world, containers, microservices, everything there. But, as we get there, next, what you want to do is, you want to be automating your infrastructure overall. And as we want people, it’s one thing to say, “Okay, here’s all of our products. Our products now all have APIs.”
Ashley: Right.
Wee: You know, so our routers, they’re all programmable, it’s just, at the device level itself.
Ashley: REST APIs, even—yeah!
Wee: We have controllers—REST APIs throughout. We also have controllers, you know? So, controller level that abstracts out and interfaces with the individual network devices and the security products and everything there and let you work at that next level. But, as you’re working on all of this, you know, people have said, “Okay, great, Susie! With DevNet, you guys have taught us how to code. You’ve taught us about your product’s APIs, but next, we want help solving our automation use cases.”
Ashley: Mm-hmm.
Wee: And so, what we did was, we created automation exchange to be the place where we’re using community software, so we have code in GitHub and we encourage our community to submit code in GitHub, and it’s a code exchange that we put in there to solve real automation problems.
Ashley: Mm-hmm.
Wee: And so, what we’re trying to do is, you know, we’ve seeded it with 50 code repos, and that’s all different automation use cases. We’re inviting our community to submit more, and you know, just use it as an exchange where Cisco’s community, we have the best infrastructure experts around the world who’s, you know, working on DevOps, working on IT, working on compute, and working on networking, of course, and security. And what we want is, we want them to get together and have a place where they can exchange code to really build up that automation repository to make it easy for them to do their thing.
Ashley: Mm-hmm. Well, let’s look at this from maybe a 180 degree view. We’ve talked about it from a network engineer’s perspective. If you’re a software engineer doing DevOps and maybe doing DevSecOps, but you’re living in containers—you had mentioned Kubernetes, microservices—
Wee: Yep.
Ashley: you know, cloud or maybe even the Cloud Native world—how would you look at this? Is this something that they’re gonna be interested in, or how would they approach it, or why would they approach this as something they wanna tackle?
Wee: Yeah. So, first of all, the answer is yes, they should be looking at it. There is both the set of DevOps folks and the set of app and cloud developers. You know, so, even if you’re in DevOps, you’re kinda scaling out your system, you’re working on that portion of it or if you’re the actual app developer or cloud developer who is developing the applications, the microservices and everything that runs on top of it.
Ashley: Mm-hmm, right.
Wee: In both of those worlds, what happens is, there is this opportunity right in front of us, because—and I say opportunity because most of them have not yet realized that the network is now programmable.
And so, what has happened is, people are used to the fact that your compute is programmable, we use virtualization, kind of everything in that world, but the world is just starting to realize that the network is programmable as well. Yet, you know that every time you scale out an application, as you reach the cloud, security becomes a concern, the connectivity becomes a concern, the way you connect up your databases to your applications and make sure that the right devices and users have access to the right stuff—that’s all core to how you’re building up these applications and your Cloud Native applications and everything there.
But the thing that we realized, that people can realize now is that—oh, the network is programmable. I can actually get, for example, a network level of security or use the network for a network layer of access control that is even, you know, that adds another level of kind of control and security than working at the application level alone.
Ashley: I would think there’s, too, some good analogues that they may be used to in a cloud world, like virtual load balances, firewalls, things like that that they may have been part of setting up in their DevOps world.
Wee: Absolutely. And what happens is, with the new—like, when we talk about a controller on top of a network, so, it’s one thing to say, “Oh, there’s just a controller that lets me abstract what’s underneath it,” but the other shift is that you can actually use policy, and that’s policy you use in compute all the time. But just set up policy to say, “These users or these devices have access to these applications and have access to these applications to this data and these databases and everything there.”
And you can start to set security policies for access and for your applications in ways that then uses the programmable network underneath it. So, you can, at the detailed level, set up a VLAN that segments out, [Laughter] you know, the right amount of the right part of your network and data and application to give you that next level of security.
Ashley: So, Susie, you talked about automation as the key use case. That’s a pretty big topic, though, and I’m curious—how would someone get started working on automation in a network that they’re running, they’re managing as a network engineer professional?
Wee: Yeah, that’s a great point. So, really, you know, automation, while we all strive for automation in this perfect world, the question is, how do you get there? And especially, how do you get there when you have a live system, you know? So, when you’re running DevOps, when you have a large infrastructure, you have things running on it all the time. And so, the question is, how could you get there?
You know, one thing that we’ve done with DevNet automation exchange is that we put use cases on there—use cases that help people get started. But what we’ve done is, we’ve actually categorized it into this walk, run and fly approach.
Ashley: Okay.
Wee: And the way that we say it is, with walk, like, how do you get started with automation is first, you’re gonna walk. Like, first use it in your network or in your infrastructure as a read only kind of a way. Try to get visibility and insights into what’s going on, perform analytics on that, get all of the insights that you can from your running infrastructure or from your running network. And then we have a set of use cases for walk.
You know, run is when you’re ready to go to this next level where you’re ready to push out a control or push out a policy, you know, actually set something on your live system.
Ashley: Okay.
Wee: And so, then you have your kind of run. And then fly would be that ultimate DevOps workflow, you know, where you’re in that full workflow of you’re proactive, you’re monitoring, you’re managing, you’re getting insights, you’re analyzing, you’re pushing changes out, you know, you’re proactively seeing where do you have opportunities to load balance, fix things, deploy things, put in more security to identify threats and everything there.
So, you know, of course that’s the ultimate case of where you wanna be with the full DevOps workflow, but to get there, you need to take those steps. So, it’s pretty fun to have these use cases that help you walk, run and fly.
On the networking side, an example of the walk is something that you always have to do in networking if you’re running a large network is, you have to continuously be auditing your network.
Ashley: Right.
Wee: You know, if someone reconfigured something in there, they added a device, they changed a setting and what that’s doing is now saying, you know, a threat to your network. So, you know, for auditing, what happens is, if you move things into a software, actually, a DevOps kind of workflow, what you can be doing is taking your network configs across all of your devices, putting them all into GitHub, [Laughter] so that you’re actually taking your networking configs, looking at them with, you know, in a code repository looking at version control.
You could actually be running Ansible playbooks where you’re continuously kind of running through, making sure you haven’t gone off the golden template, be looking for issues, and then just let people know—hey, something is off here. It’s read only, but you then let your ops team know, hey, there’s something that’s not right. And just moving that into a software workflow is way better than what most teams have to do today.
Ashley: Well, usually, they’re totally separate worlds, and now you’re talking about being able to integrate those in a CI/CD kinda workflow, you know?
Wee: Yeah.
Ashley: You know, a tool chain that manages not just software DevOps but the network ops.
Wee: Yeah, exactly. And then you push that capability over to the run side, like, if you want to—if you’re talking your wireless network, you wanna set up guest networks or shut down networks or run, I’m imagining you have stores around the world, right? If you wanted to run that, then what you can do is push out your SSIDs, start them, stop them, reset your guest passwords and everything, automate all of that to where you’re pushing out control.
And then, you know, what’s really fun as a fly use case is just doing DevOps. Like, so, if you have new applications and a new class of applications that you wanna deploy onto your infrastructure, then you wanna do it securely. So, let’s say that you have a new set of applications, you want it to touch your financial database, you only want a select number of employees to access it, you wanna make sure that what your applications are running on, where your data is stored is all working in the right way, you can actually set network level configurations to segment your network, set up the VLANs, get your applications deployed into classes.
And so, we have something called ACI to help be an application centric infrastructure so that you can actually map your application settings down into your network configuration settings and do all this with a full DevOps CI/CD pipeline. That’s the kind of thing you could do in a fly use case. So, we actually have code for all of this stuff that lets people jump in, get started with it, and then customize it into their own system.
Ashley: One thing that is really great about this is probably the network world doesn’t quite yet realize how much of this has already kinda been worked through in a DevOps world, and there’s so many resources in thinking about tool chains and workflow pipelines and tools to manage all of this.
Wee: Exactly.
Ashley: They may not necessarily be able to lift and shift right onto a network paradigm, but pretty darn close.
Wee: Absolutely.
Ashley: So, they’ve got a big leg up that they may not even realize yet.
Wee: Yeah, absolutely. And it actually, it kinda goes both ways. So, we’re actually not claiming to do rocket science, right, in terms of something very new. In some ways, what we’re doing is, we’re connecting the world so that you can take the best practices from both worlds and put them together.
Ashley: Fantastic. Say some more about the certification part of that, because I know that’s extremely valued, you know, if you’re at that CCIE level. That’s a prestigious thing.
Wee: Yeah! What’s really nice is, you know, once again, I’m kind of honored to join—to my predecessors who’ve actually created the Cisco certifications, because that CCIE is such a high level of expertise, and everyone who’s a CCIE, I just bow to them [Laughter] because of how hard it is to earn that.
Ashley: Oh, it’s a huge amount of work, yes.
Wee: But what I also wanna talk to is that, when you take that highest level networker, someone—you know, or any level, whether you’re a CCNA, CCNP or CCIE, the highest level, if there’s sometimes amount of software skills that you could pick up. So, you could actually start with a DevNet Associate, and really, the idea is that you learn enough about software so that you know the modern tools so that you could leverage software and DevOps tools and really get familiar with that side, and then you could get a coder next to you that you could direct in a good way.
Ashley: Mm-hmm.
Wee: But what’s neat is that we have, we actually have these coding 101 sessions that we give to folks. And really, what happens is, if you’re a networker, and you have this level of expertise but you’re not coding as your day job, you just don’t know the tools that you use today, that are used today.
Ashley: Right.
Wee: And what we do is, we will just walk through, like, every tool and say, “Hey, we’re not going to the next page ‘til everyone gets this set up,” Right? [Laughter] And, you know, it’s just getting in there, again, using GitHub, using Postman, making sure that you can download Postman collections, that you’re getting your authorization tokens and that you’re setting things up correctly. And we don’t go to the next page ‘til everyone gets past that first step, right?
Ashley: That’s why everybody starts with Hello World, right?
Wee: Yeah!
Ashley: I guess in the networking it’s, what, a TCP session established is your Hello World or something. [Laughter]
Wee: [Laughter] Exactly. And so, we have a group of CCIE advisors, and these are people who are top of their game, but we’ve even selected them to advise us.
Ashley: Well, I really appreciate having you on the podcast. We have a great community of DevOps, DevSecOps, people doing software, and I think we can play a key role in helping you with what you’re doing with Cisco and DevNet and bridging that gap. We’ve started that process here today, you know? It takes that first step, and I feel like we’ve made that.
Wee: Yeah, absolutely!
Wee: No, thank you, and if I can actually, just as a message, just to reach out to the audience and say—you know what, please come to DevNet. Because DevNet is not only for networkers, it provides you a way to interact with networkers, but I would love to have you join the DevNet community and give us thoughts on how can we make the programmable network even more useful to DevOps, to DevSecOps and to achieving everything that you want?
Ashley: Well, Susie, thank you so much. We’ve completed another DevOps Chat podcast. I’d like to thank my guest, Susie Wee, SVP and CTO of Cisco DevNet for joining us today. Thank you, Susie.