Skip to content
Snippets Groups Projects
Name Last commit Last update
..
index.md

Architecture

We follow the principles of infrastructure as code, and decompose configuration in data and templates. Git stores and versions all configuration, and it's also responsible for managing mechanisms such as:

  • Automatic checks to validate data and data references.
  • Merge requests for change approval.

The stack of tools is kept limited:

  • Workflow Orchestrator (WFO) orchestrates all changes.
  • Ansible is the tool that deploys configuration.
  • If needed, custom Python scripts can support extra functionality.

This approach works well for the deployment of 'base configuration'. For service fulfillment, three more components are introduced:

  • A resource database.
  • A service database.
  • A workflow engine.

All three of these components are deployed as part of WFO. More information about WFO can be found on their website here.

Configuration (de)composition

The configuration of a network element can be decomposed in different functional parts:

  • Base configuration.
  • Service configuration:
    • IFS
    • CFS

The base configuration includes all configuration necessary to provision a new node, and to include it in the network. It covers aspects such as:

  • Standard routing configuration for node reachability.
  • User access configuration and AAA (Authentication, Authorisation, Accounting).
  • Standard configuration related to security and hardening of the device.
  • Monitoring and event management.

The configuration is similar across all network elements, apart from some device-specific values such as hardware type or loopback address.

On top of this 'base layer' services can be deployed. Some examples of offered services are given in the table below.

Infrastructure facing services Customer facing services
Backbone trunks Access point for R&E traffic
Transit provider Access point for internet traffic
Internet exchange

Principles

For reference

  • All network operations are automated, requiring no operator steps beyond the instantiation of intent.
  • Changes applied to individual network element are fully declarative, vendor-neutral, and derived from the network infrastructure from the high-level, network-wide intent.
  • Any network changes are automatically halted and rolled back if the network displays unintended behaviour.
  • The infrastructure doesn't allow operations that violate network policies. Source.

Other principles

  • Automatic check evaluate all changes
  • After passing pipelines, all changes are merged into the main branch. These pipelines run once a change is peer-reviewed and approved.

Orchestration and service database

All services offered can be summarised in the following four categories. Some examples are given in the table below.

Multipoint Point 2 point
Layer 2 VPLS / EVPN Layer 2 circuits
Layer 3 L3VPN Core links