Add documentation on architecture

Signed-off-by: Karel van Klink <karel.vanklink@geant.org>

docs/architecture/index.md

 # Architecture
 
-We follow the principles of infrastructure as code, and we decompose configuration in data and templates.
+We follow the principles of infrastructure as code, and we decompose configuration in data and templates. All of this is
+stored and versioned in Git. Git is also responsible for managing mechanisms such as:
+
+* Automatic checks to validate data and data references.
+* Merge requests for change approval.
+
+We try to keep the stack of tools limited:
+
+* Ansible is the tool that deploys configuration and orchestrates changes.
+* If needed, custom Python scripts can be used to support additional functionality.
+
+This approach works well for the deployment of "base configuration". For service fulfillment, three more components are
+introduced:
+
+* A resource database.
+* A service database.
+* A workflow engine.
+
+
+## Configuration (de)composition
+
+The configuration of a network element can be decomposed in different functional parts:
+
+* Base configuration.
+* Service configuration:
+  * Interface facing services (IFS)
+  * Customer facing services (CFS)
+
+The base configuration includes all configuration necessary to provision a new node, and to include it in the network.
+It covers aspects such as:
+
+* Standard routing configuration for node reachability.
+* User access configuration and AAA.
+* Standard configuration related to security and hardening of the device.
+* Monitoring and event management.
+
+The configuration is generally the same across all network elements, apart from some device-specific values such as
+hardware type or loopback address.
+
+On top of this 'base layer' services can be deployed. Some examples of offered services are given in the table below.
+
+| Infrastructure facing services | Customer facing services          |
+|--------------------------------|-----------------------------------|
+| Backbone trunks                | Access point for R&E traffic      |
+| Transit provider               | Access point for internet traffic |
+| Internet exchange              |                                   |
+
+
+## Principles
+
+For reference:
+
+* All network operations are automated, requiring no operator steps beyond the instantiation of intent.
+* Changes applied to individual network element are fully declarative, vendor-neutral, and derived from the network
+infrastructure from the high-level, network-wide intent.
+* Any network changes are automatically halted and rolled back if the network displays unintended behaviour.
+* The infrastructure does not allow operations that violate network policies. 
+[Source.](https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/45687.pdf)

docs/conf.py

@@ -13,7 +13,7 @@ source_suffix = {
 }
 
 # -- Options for Markdown support --------------------------------------------
-myst_enable_extensions = ['replacements', 'strikethrough']
+myst_enable_extensions = ['replacements', 'smartquotes', 'strikethrough']
 suppress_warnings = ['myst.strikethrough']
 
 # -- Options for HTML output -------------------------------------------------

docs/vale/styles/Vocab/geant-jargon/accept.txt

 IP/MPLS
 MPLS
 configuration as code
+reachability
+loopback
+Ansible