Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
GÉANT Automation Platform
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
GÉANT Orchestration and Automation Team
GAP
GÉANT Automation Platform
Merge requests
!3
Add documentation contents
Code
Review changes
Check out branch
Download
Patches
Plain diff
Merged
Add documentation contents
add-doc-contents
into
development
Overview
0
Commits
11
Pipelines
1
Changes
20
Merged
Karel van Klink
requested to merge
add-doc-contents
into
development
2 years ago
Overview
0
Commits
11
Pipelines
1
Changes
20
Expand
0
0
Merge request reports
Compare
development
development (base)
and
latest version
latest version
50318182
11 commits,
2 years ago
20 files
+
328
−
21
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
Files
20
Search (e.g. *.vue) (Ctrl+P)
docs/architecture/index.md
+
79
−
1
Options
# Architecture
We follow the principles of infrastructure as code, and we decompose configuration in data and templates.
We follow the principles of infrastructure as code, and decompose configuration in data and templates. Git stores and
versions all configuration, and it's also responsible for managing mechanisms such as:
*
Automatic checks to validate data and data references.
*
Merge requests for change approval.
The stack of tools is kept limited:
*
Workflow Orchestrator ({term}
`WFO`
) orchestrates all changes.
*
Ansible is the tool that deploys configuration.
*
If needed, custom Python scripts can support extra functionality.
This approach works well for the deployment of 'base configuration'. For service fulfillment, three more components are
introduced:
*
A resource database.
*
A service database.
*
A workflow engine.
All three of these components are deployed as part of {term}
`WFO`
. More information about {term}
`WFO`
can be found on
their website
<a
href=
"https://workfloworchestrator.org/"
target=
"_blank"
>
here
</a>
.
(configuration-decomposition)=
## Configuration (de)composition
The configuration of a network element can be decomposed in different functional parts:
*
Base configuration.
*
Service configuration:
*
{term}
`IFS`
*
{term}
`CFS`
The base configuration includes all configuration necessary to provision a new node, and to include it in the network.
It covers aspects such as:
*
Standard routing configuration for node reachability.
*
User access configuration and AAA (Authentication, Authorisation, Accounting).
*
Standard configuration related to security and hardening of the device.
*
Monitoring and event management.
The configuration is similar across all network elements, apart from some device-specific values such as hardware type
or loopback address.
On top of this 'base layer' services can be deployed. Some examples of offered services are given in the table below.
| Infrastructure facing services | Customer facing services |
|--------------------------------|-----------------------------------|
| Backbone trunks | Access point for R&E traffic |
| Transit provider | Access point for internet traffic |
| Internet exchange | |
## Principles
### For reference
*
All network operations are automated, requiring no operator steps beyond the instantiation of intent.
*
Changes applied to individual network element are fully declarative, vendor-neutral, and derived from the network
infrastructure from the high-level, network-wide intent.
*
Any network changes are automatically halted and rolled back if the network displays unintended behaviour.
*
The infrastructure doesn't allow operations that violate network policies.
[
Source.
](
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/45687.pdf
)
### Other principles
*
Automatic check evaluate all changes
*
After passing pipelines, all changes are merged into the
`main`
branch. These pipelines run once a change is
peer-reviewed and approved.
- - -
## Orchestration and service database
All services offered can be summarised in the following four categories. Some examples are given in the table below.
| | Multipoint | Point 2 point |
|---------|-------------|------------------|
| Layer 2 | VPLS / EVPN | Layer 2 circuits |
| Layer 3 | L3VPN | Core links |
Loading