Query Your Network Like a Database

Network process automation is an often-overlooked component of DevOps. Incorporating DevOps philosophies toward networking, or DevNetOps, can lead to even greater process improvements and more flexible deployments. Fortunately, it’s becoming even easier to automate network tasks with evolving standards and open data models that are allowing more programmatic access and insight to the network infrastructure. The most dramatic shift, however, is now being able to write queries about your network devices and topology as though you were querying a database!

When rapidly deploying application updates, network flexibility is key. Policy changes or configuration updates are often required. Network operators can best serve DevOps processes when they can programmatically check the status and/or repair key issues from these changes. Here are some example queries that are commonly useful across the entire network infrastructure:

• Do all distribution layer access links in my network have redundant paths?
• Are all Border Gateway Protocol (BGP) sessions currently established with configured peers?
• What are the nearest neighbors of a down device?
• Are any device interfaces intended to be operational currently down anywhere in my network?

Note that we are moving away from looking at individual devices, one at a time, to querying about network issues and status across all devices in one simple query. The challenge has been to create a structured data model of network details that was normalized across all vendors and device types that single programmatic query could leverage. The goal is to be able to query about the status of an interface port on a Juniper switch as well as a Check Point firewall, for example. Converting the detailed text files that configure each device into such a normalized data model is becoming easier with established standards, such as OpenConfig. OpenConfig has defined a common syntax and schema for network-oriented applications across vendors and applications.

Accessing such a network schema is now extremely efficient with the widespread adoption of the GraphQL query language. Network data models are going to be graphical data structures by design, and GraphQL is ideal for building flexible data queries in minutes to such schemas. GraphQL was developed by Facebook and made an open source project in 2015. It has now been adopted by hundreds of development-minded organizations as a more efficient API model, regardless of how the underlying schema is structured.

GraphQL is already being used widely in DevOps organizations aside from network-oriented applications. GraphQL is extremely intuitive and queries look like a JSON object without the data included. Queries simply return a JSON object with the specifically requested data. From there, it is a small matter of a few lines of code to embed GraphQL queries into a scripting language (such as Python) to analyze, process or format the results. If you aren’t using GraphQL in your DevOps coding, you should be!

The full process looks like the diagram below (Figure 1), where text files can be parsed and normalized into an open graphical database schema that represents the current network state. The GraphQL queries can be constructed, along with a Python script (Figure 2) to format results, as shown in the third column. The following example returns both the desired admin state of every interface port in the network, along with the current operational state (up or down). The Python script compares the two states and alerts on any discrepancies.

In the example query results from Figure 1, consider that the alerts are reported from both an F5 load balancer (atl-bl01) and a Juniper router (sjc-ce01). Writing code that could parse such disparate device types and text files—without a normalized database schema, based on something such as OpenConfig—would be extremely complex. However, a simple GraphQL query can apply across the entire network. The main portion of the Python code that was used to embed the above query, compare the results and display the table, is shown below:

Network operations are becoming an increasingly important part of DevOps processes. Automating network tasks is greatly simplified when you can view your network infrastructure as a database. Embedding queries that confirm network policies and health checks into Python scripts can be trivial when leveraging open data models and query languages such as GraphQL. This will enable a new convergence of agile development and network operations for the first time.

— David Erickson