In the last two blogs, I have gone through the process of developing a VPN base virtual network. One thing that we ignored is the amount of configuration that we need to change to add or remove nodes or provision new edge routers.
While, some of these steps are part of the infrastructure provisioning, like connecting the routers over L3 links and the VPN tunnel setup. These can be considered as static one time activity, while others are very transient like adding a device to the network and adding another edge router.
To manage such a network manually is time consuming and error prone. In this blog, I will explore means to automate this activity.
Let’s talk about adding a device to our network
What does it take to add a new device to the network?
In terms of provisioning
- First we need to know the IP address associated to the device.
- we need to add a host route to all the edge router (local and remote) to make the communication between this new device and the rest of the already present devices in the network.
The reverse needs to happen when a device is taken off the network. The host routes associated with the device needs to be removed.
How about adding an Edge Router?
Adding a new edge router is a little more involved. Let’s say we have to add a new edge router to an existing network and also add a new device to it (because that is mostly the only reason to add a new edge router).
In terms of provisioning
- The new edge router must add host routes for all the devices existing in the network.
- Then it must follow the same steps as described earlier to add the new device to the network.
Removing the edge router will mean removing all devices connected to the edge router. In most cases removing the edge router with devices connected may not be a valid case (but we can always think of system failure which can cause such a situation).
How to automate?
From the above discussion, we can see that the job of adding and removing devices and edge routers is made of two tasks.
- Distributing information about the device joining and leaving the network. i.e. distributing host routes when the device is added to the network and retracting the route when the device leaves
- Adding host routes to the edge routers. This step is more about pushing(programming) the route into the routing table of the edge router
This job description exactly fits the skills of a routing protocol 🙂
BGP as control plane
BGP well known for its ability to distribute routes and its scalability. Let’s explore how BGP can be used for distributing the routes for both the cases above. Fortunately, BGP is designed such a job and can already take care of cases like new edge router joining the network.
For our example, we will use GoBGP to distribute the host routes. All the edge routers run BGP and form peer with each other.
If you are interested in details, please look at my previous blogs exploring goBGP and how to publish routes.
Adding a device node must trigger a route publish on BGP.
Adding an edge router is automatically taken care by the new edge router forming BGP peering with rest of the edge routers and receiving all the existing host routes
Other Options: Using a Controller
The other option is to use a SDN controller which can listen for events like device joining /leaving or new edge routers joining the network and send commands to orchestrate the edge routers.
This is a more centralized and ground up approach, but it gives you the flexibility of designing your own event handlers.
We have already discussed about the events that needs to be handled in the previous section, I will not go in to the details of a controller design (not in this post :))
Programming the routes
The second task in automating the device join/leave was to programming the routes in the edge routers. This can be done with agents running in the edge routers which monitors BGP or listens to the commands from the SDN controller and configures the routes.