Tag: architect

Testing Arista AVD with GNS3 and EOS

Arista AVD (Architect, Validate, Deploy) – https://avd.arista.com – is a powerful tool that brings network architecture into the world of Infrastructure-as-Code. I wanted to try it out in a lab setting and see how it works in a non-standard environment.

Since my go-to lab tool is GNS3 with Arista cEOS images — while the AVD documentation is primarily built around vEOS — I ran into a few issues. After some troubleshooting, I got it working, and I’d like to share the process here.

This is not a full deployment guide for AVD. Instead, I’ll walk you through the setup I used to make it work in a test environment using GNS3 and cEOS images.

Prerequisites

Make sure your Ansible host has at least 2048MB of memory — I encountered memory-related errors that were otherwise unrelated to the steps below.

Environment Setup

Make sure you’re in your user’s home directory. In my case, the user is debian on the Ansible host.

cd ~
python3 -m venv .avd
source /home/debian/.avd/bin/activate
pip install "pyavd[ansible]"
ansible-galaxy collection install arista.avd

The above will activate a virtual environment for pip use and install the needed packages. The Ansible collections will under .ansible in the home directory.

Copy the AVD example configurations to a work directory (I chose avd)

mkdir avd
cd avd
ansible-playbook arista.avd.install_examples

Make sure you are now be in the ~/avd/ directory to avoid future errors.

(.avd) debian@debian:~/avd$ pwd
/home/debian/avd

You should see the following directories:

ls -la
total 40
drwxr-xr-x 10 debian debian 4096 Jul 24 17:25 .
drwxr-xr-x  7 debian debian 4096 Jul 24 17:23 ..
drwxr-xr-x  7 debian debian 4096 Jul 24 17:25 campus-fabric
drwxr-xr-x  2 debian debian 4096 Jul 24 17:25 common
drwxr-xr-x  8 debian debian 4096 Jul 24 17:24 cv-pathfinder
drwxr-xr-x  7 debian debian 4096 Jul 24 17:24 dual-dc-l3ls
drwxr-xr-x  7 debian debian 4096 Jul 24 17:25 isis-ldp-ipvpn
drwxr-xr-x  7 debian debian 4096 Jul 24 17:23 l2ls-fabric
drwxr-xr-x  7 debian debian 4096 Jul 24 17:24 single-dc-l3ls
drwxr-xr-x  7 debian debian 4096 Jul 24 17:24 single-dc-l3ls-ipv6

Project: single-dc-l3ls

I chose to use the single-dc-l3ls example (https://avd.arista.com/5.5/ansible_collections/arista/avd/examples/single-dc-l3ls/index.html)

My GNS3 topology follows exactly the scenario above in terms of switch number, naming, connections, etc…

gns3 avd ceos 1

Tweak Ansible Config

By default, Ansible only warns when encountering duplicate keys in YAML files. Arista recommends treating this as an error to ensure cleaner configurations.

Update the ansible.cfg in the project folder:

sed -i '/^jinja2_extensions/a\duplicate_dict_key=error' single-dc-l3ls/ansible.cfg

Verify the result:

cat single-dc-l3ls/ansible.cfg

[defaults]
inventory=inventory.yml
jinja2_extensions = jinja2.ext.loopcontrols,jinja2.ext.do,jinja2.ext.i18n
duplicate_dict_key=error

Management Interface Considerations: vEOS vs cEOS

AVD examples assume vEOS images, where the management interface is Management1.

In GNS3 with cEOS, the interface varies. If you followed Arista’s guide for cEOS image installation on GNS3 (https://arista.my.site.com/AristaCommunity/s/article/veos-ceos-gns3-labs) then your management interface is likely Ethernet21.
That’s what I used in my setup.

Initial Configurations for GNS3

Before running the playbook, the management connections must be in place and Ansible host reachable — otherwise, the playbook will not work.

Initial configurations are stored here:

ls -la single-dc-l3ls/switch-basic-configurations/
total 40
drwxr-xr-x 2 debian debian 4096 Jul 24 21:18 .
drwxr-xr-x 7 debian debian 4096 Jul 24 21:24 ..
-rw-rw-r-- 1 debian debian  978 Jul 24 21:18 dc1-leaf1a-basic-configuration.txt
-rw-rw-r-- 1 debian debian  978 Jul 24 21:18 dc1-leaf1b-basic-configuration.txt
-rw-rw-r-- 1 debian debian  978 Jul 24 21:18 dc1-leaf1c-basic-configuration.txt
-rw-rw-r-- 1 debian debian  978 Jul 24 21:18 dc1-leaf2a-basic-configuration.txt
-rw-rw-r-- 1 debian debian  978 Jul 24 21:18 dc1-leaf2b-basic-configuration.txt
-rw-rw-r-- 1 debian debian  978 Jul 24 21:18 dc1-leaf2c-basic-configuration.txt
-rw-rw-r-- 1 debian debian  977 Jul 24 21:18 dc1-spine1-basic-configuration.txt
-rw-rw-r-- 1 debian debian  977 Jul 24 21:18 dc1-spine2-basic-configuration.txt

Update the management interface to Ethernet21:

sed -i 's/Management1/Ethernet21/g' single-dc-l3ls/switch-basic-configurations/*.txt

Copy the configs to each switch in the GNS3 lab and make sure they can ping the Ansible host.

Modify inventory.yml

Update the Ansible host IP to match your topology. In my setup, it’s in the 172.16.1.0/24 range:

nano /home/debian/avd/single-dc-l3ls/inventory.yml

Change:

ansible_host: 192.168.1.12

To:

ansible_host: 172.16.1.254

Everything else can remain unchanged if you’re following the same example from Arista’s site.

Update Playbook for Management Interface

The intended/configs/ files also reference Management1. These need to be changed to Ethernet21.

ls -la single-dc-l3ls/intended/configs/
total 80
drwxr-xr-x 2 debian debian 4096 Jul 24 21:18 .
drwxr-xr-x 4 debian debian 4096 Jul 24 21:18 ..
-rw-rw-r-- 1 debian debian 9098 Jul 24 21:18 dc1-leaf1a.cfg
-rw-rw-r-- 1 debian debian 9098 Jul 24 21:18 dc1-leaf1b.cfg
-rw-rw-r-- 1 debian debian 1942 Jul 24 21:18 dc1-leaf1c.cfg
-rw-rw-r-- 1 debian debian 9106 Jul 24 21:18 dc1-leaf2a.cfg
-rw-rw-r-- 1 debian debian 9110 Jul 24 21:18 dc1-leaf2b.cfg
-rw-rw-r-- 1 debian debian 1942 Jul 24 21:18 dc1-leaf2c.cfg
-rw-rw-r-- 1 debian debian 4187 Jul 24 21:18 dc1-spine1.cfg
-rw-rw-r-- 1 debian debian 4191 Jul 24 21:18 dc1-spine2.cfg

Update the management interface:

sed -i 's/Management1/Ethernet21/g' single-dc-l3ls/intended/configs/*.cfg

Also, make Ethernet21 a Layer 3 port:

sed -i '/^interface Ethernet21$/a\   no switchport' single-dc-l3ls/intended/configs/*.cfg

Run the Playbook

Now you’re ready to deploy.

cd single-dc-l3ls
ansible-playbook deploy.yml

Expected output:

PLAY RECAP *********************************************************************
dc1-leaf1a                 : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
dc1-leaf1b                 : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
dc1-leaf1c                 : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
dc1-leaf2a                 : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
dc1-leaf2b                 : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
dc1-leaf2c                 : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
dc1-spine1                 : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
dc1-spine2                 : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Make sure unreachable, failed, and skipped are all 0 — that’s your confirmation that everything went smoothly.

Summary

While AVD examples are designed around vEOS, it’s perfectly possible to adapt it for cEOS in GNS3 with a few changes. The most important steps involve:

  • Updating interface names
  • Ensuring management connectivity stays up
  • Modifying inventory and config files accordingly

This lab-friendly workflow lets you explore AVD’s potential without dedicated hardware or CVP.

Posted on by Calin 0

Cisco Certified Architect Exam blueprint has been released

Cisco announced through their LearningNetwork webpage that the topics (blueprint) for the Cisco Certified Architect have been released. The exam is scheduled to be available February 2010 and qualified candidates will be provided the information as it becomes available.

It will be quite a challenge among these level engineers to be the first one to achieve such certification :) Above holding a valid CCDE certification there are a lot of other requirements just to qualify to take this exam.

If you are interested in you can download the PDF blueprint or have a look on the official Cisco LearningNetwork homepage for more details.

Posted on by Calin 1

What’s the deal with the new Cisco Architect Certification

In the last weeks more and more people are speaking about the new Cisco Architect Certification. The truth is that the details about this certification is still very unclear and nobody seems to know in which direction this will head to.

Let’ see what I understood from the process of achieving this certification.

First, at the basic level, you need to have a valid CCDE certification to be able to apply for Architect certification. Application for this certification will involve your CCDE number, a Resume of your professional work experience to be verified by Cisco and a summary of a project in which the candidate acted in the role of an architect or designer. Now, if the first 2 things are quite clear, the last one can be tricky. How Cisco will verify that you actually where in that role and for which project? Call the company that hired you and discuss details? Another issue would be, if you had signed a non-disclosure contract with a certain company for which you had the role required. If the company that it’s contracts in serious, and usually they do than you can find yourself in situation that you can apply for the Cisco’s certification but maybe than you have to appear in court for breaking the contract with company. Of course it’s specified that “a summary” has to be presented, meaning that maybe you should tell what you had to do, and not how you achieve it.

Second, If you pass over the application phase, then you have a pre-board exam work. Cisco state that:  “Candidate will receive an architectural challenge from the board and must respond accordingly” and that the response should include: “A functional specification (not to exceed 50 pages); High-level architecture diagram(s); Summarized business requirements document; Rationale supporting the proposed architecture; Outline of presentation about the proposed architecture for the board” . It’s not stated in which manner this exam will take place. It will be like in the actual lab exams, 8 hours + / – in a room where you have to achieve the desired result, or you get the subject over the e-mail you come along with your engineer friends for a night of brain storming and you send back the result over the e-mail? After you submit your work,  “the board will evaluate the submission against scoring rubrics” (which one?!) “and determine what questions should be posed to the candidate” in the next step. Again the details are not so clear. You can fail in this step just because your way of doing diagrams is not on committee’s preferred way? This step for me seems very subjective, because it tend to test your personal skills and not your professional knowledge. I mean maybe you are one of the best in the branch, but you have a problem with clear explaining what your intentions are in regard to the architecture. That’s why in a company there are more people involved in a project, otherwise one person can be the technical department and the sales one.

And now step 3, which is actually the exam and it’s called Board exam. In this step you appear and present your architecture in from of an “executive team”, respond to the technical questions of a “design team” and try to solve a “what if” change in your original architectural challenge. At the end of the board meeting, the judges will independently assign final scores against defined scoring rubrics. The scores will then be tabulated and the candidate will be notified of certification status. First issue that I see here is that the individuals of which English is not there native language may encounter problems here. Maybe in the your head everything is well defined and you can put it on a paper, but when you’ll explain it looks like a complete drama. I’m sure that most of engineer which have the level to apply for this certification will have no problem with English language, but still it’s a disadvantage. Then you have to convince the board that your solution is the right one (of course you have to be sure of this) if they question your work and by doing this you can offend then (let’s be honest who likes to admit that he’s wrong) leading to subjective marks. Again, I hope that this boards are selected carefully from persons who have the maturity to understand that other might be right.

What about the price? Cisco say it will be around 15000$, but that’s it. When you will have to pay this money? If  it’s on the beginning of phase 1 and you’re not qualifying, that means that your throw on the window $15K

Training? There is no formal training programs available for the Cisco Certified Architect certification. Here I agree with Cisco. I mean what book or course can teach you in some weeks the full knowledge that a professional achieved in 10 years of experience, certifications and participation in different projects.

Impact over the current certifications. This is like a knife with two blades. On one hand the professionals which achieve this Architect Certification will not have to worry about their IT career. The existing CCIE certifications will lose some of their value, even this is not fair as the knowledge will still be there and the efforts to achieve one of this certification level is considerable, but that’s this industry. From the income / salary perspective this will mean also a decrease as CCIEs will not be the “top” of the certification chains. An example for now, just look at the CCNA level. In  most of the cases when you go to an interview and you have this certification, the employeer looks at you as you were born with it and not get it after hard work (I know, I know…skip those one that use Pass4Sure or other tricks to get it, please).

The future will answer to me if I’m right or wrong, or maybe you can do it. One thing is clear. This certification will be one of the big challenge on the market, and for sure some engineers will be proud of their new certification and level of  recognition in IT industry.

Posted on by Calin 2