Add New Networks Using CI/CD Pipeline

In this final section for Ansible you are going to use your newly built pipeline to add two new Networks. This demonstrates how easy it is to make changes to your Network stored in GitLab as code and validate those changes against your staging fabric before pushing the changes to your production fabric.

Step 1 - Add A New Overlay Variables File

Since you have a central variable file for all of your VRFs and Networks, all you need to do is modify the file to add the new data. Normally you would open this file and add the new Networks but to make it easy we are going to replace the file you created ealier with the new Networks added in.

touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
cat << EOF > ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
---
vxlan:
  overlay:
    networks:
      - name: NaC-Net01
        vrf_name: NaC-VRF01
        net_id: 130001
        vlan_id: 2301
        vlan_name: NaC-Net01_vlan2301
        gw_ip_address: 192.168.1.1/24
        network_attach_group: all
      - name: NaC-Net02
        vrf_name: NaC-VRF01
        net_id: 130002
        vlan_id: 2302
        vlan_name: NaC-Net02_vlan2302
        gw_ip_address: 192.168.2.1/24
        network_attach_group: all
      - name: NaC-Net03
        # vrf_name: NaC-VRF01
        vrf_name: NaC-VRF02
        net_id: 130003
        vlan_id: 2303
        vlan_name: NaC-Net02_vlan2303
        gw_ip_address: 192.168.3.1/24
        network_attach_group: all
    network_attach_groups:
      - name: all
        switches:
          - hostname: staging-leaf1
            ports:
              - port-channel10
          - hostname: staging-leaf2
            ports:
              - port-channel10
EOF

touch ~/workspace/ndfclab/nac/host_vars/fabric-prod/networks.nac.yml
cat << EOF > ~/workspace/ndfclab/nac/host_vars/fabric-prod/networks.nac.yml
---
vxlan:
  overlay:
    networks:
      - name: NaC-Net01
        vrf_name: NaC-VRF01
        net_id: 130001
        vlan_id: 2301
        vlan_name: NaC-Net01_vlan2301
        gw_ip_address: 192.168.1.1/24
        network_attach_group: all
      - name: NaC-Net02
        vrf_name: NaC-VRF01
        net_id: 130002
        vlan_id: 2302
        vlan_name: NaC-Net02_vlan2302
        gw_ip_address: 192.168.2.1/24
        network_attach_group: all
      - name: NaC-Net03
        vrf_name: NaC-VRF01
        net_id: 130003
        vlan_id: 2303
        vlan_name: NaC-Net02_vlan2303
        gw_ip_address: 192.168.3.1/24
        network_attach_group: all
    network_attach_groups:
      - name: all
        switches:
          - hostname: prod-leaf1
            ports:
              - port-channel10
          - hostname: prod-leaf2
            ports:
              - port-channel10
EOF

Step 2 - Add the Modified overlay.yml for Committing to the GitLab Repo

git add .

Step 3 - Double Check File Staged For Commit

git status .

The following file is staged for commit. Make sure your list matches the output below!

    On branch stage
    Your branch is up to date with 'origin/stage'.

    Changes to be committed:
    (use "git restore --staged <file>..." to unstage)
            modified:   host_vars/fabric-prod/networks.nac.yml
            modified:   host_vars/fabric-stage/networks.nac.yml

Step 4 - Commit Files to the GitLab Repo

git commit -m "Add new Networks in Overlay"

    [stage b78ca4e] Add new Networks in Overlay
    2 files changed, 15 insertions(+)

Step 5 - Push Files to the GitLab Repo stage Branch

git push -u origin stage

    Enumerating objects: 64, done.
    Counting objects: 100% (64/64), done.
    Delta compression using up to 8 threads
    Compressing objects: 100% (62/62), done.
    Writing objects: 100% (64/64), 9.62 KiB | 615.00 KiB/s, done.
    Total 64 (delta 24), reused 0 (delta 0), pack-reused 0
    remote: 
    remote: To create a merge request for stage, visit:
    remote:   http://10.15.0.159/Pod01_2025_01/LTRDCN-3439/-/merge_requests/new?merge_request%5Bsource_branch%5D=stage
    remote: 
    To 10.15.0.159:Pod01_2025_01/LTRDCN-3439.git
    * [new branch]      stage -> stage
    Branch 'stage' set up to track remote branch 'stage' from 'origin'.

Step 6 - Check to make sure the Lint Stage was run.

As soon as the code was committed to the stage branch, Ansible Lint validation was triggered. Return to your GitLab and navigate to Pipelines:

1. Click Build on the side menu
2. Then click Pipelines
3. Click your new pipeline

Only the lint stage is triggered when committing the code to the stage branch, the green circle check icon indicates the pipeline succeeded



This shows the ansible_lint job ran successfully for the initial setup commit. If you want to see detailed logs of the job run you can click the ansible lint job.




Click on the nac_validate job to open the detailed logs to see why this job failed.

Step 7 - Fix Semantic Error

From the detailed logs of the nac_validate job, you can see the following error:

Semantic error, rule 401: Cross Reference VRFs and Networks items in the Service Model (['Network (NaC-Net03) is referencing VRF (NaC-VRF02) which is not defined in the service model. Add the VRF to the service model or remove the network from the service model and re-run the playbook.'])

This means that the NaC-Net03 Network is referencing a VRF that does not exist in the service model. To fix this, we need to comment out the vrf_name: NaC-VRF02 and replace it with vrf_name: NaC-VRF01 in the networks.nac.yml file.

touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
cat << EOF > ~/workspace/ndfclab/nac/host_vars/fabric-stage/networks.nac.yml
---
vxlan:
  overlay:
    networks:
      - name: NaC-Net01
        vrf_name: NaC-VRF01
        net_id: 130001
        vlan_id: 2301
        vlan_name: NaC-Net01_vlan2301
        gw_ip_address: 192.168.1.1/24
        network_attach_group: all
      - name: NaC-Net02
        vrf_name: NaC-VRF01
        net_id: 130002
        vlan_id: 2302
        vlan_name: NaC-Net02_vlan2302
        gw_ip_address: 192.168.2.1/24
        network_attach_group: all
      - name: NaC-Net03
        vrf_name: NaC-VRF01
        # vrf_name: NaC-VRF02
        net_id: 130003
        vlan_id: 2303
        vlan_name: NaC-Net02_vlan2303
        gw_ip_address: 192.168.3.1/24
        network_attach_group: all
    network_attach_groups:
      - name: all
        switches:
          - hostname: staging-leaf1
            ports:
              - port-channel10
          - hostname: staging-leaf2
            ports:
              - port-channel10
EOF

Step 8 - Commit Files to the GitLab Repo

git commit -am "Fix semantic error in new Network"

    stage 33f123a] Fix semantic error in new Network
    1 file changed, 2 insertions(+), 2 deletions(-)

Step 9 - Push Files to the GitLab Repo stage Branch

git push -u origin stage

    Enumerating objects: 9, done.
    Counting objects: 100% (9/9), done.
    Delta compression using up to 8 threads
    Compressing objects: 100% (5/5), done.
    Writing objects: 100% (5/5), 430 bytes | 430.00 KiB/s, done.
    Total 5 (delta 4), reused 0 (delta 0), pack-reused 0
    remote: 
    remote: To create a merge request for stage, visit:
    remote:   http://10.15.0.159/Pod01_2025_01/LTRDCN-3439/-/merge_requests/new?merge_request%5Bsource_branch%5D=stage
    remote: 
    To 10.15.0.159:Pod01_2025_01/LTRDCN-3439.git
    b78ca4e..33f123a  stage -> stage
    Branch 'stage' set up to track remote branch 'stage' from 'origin'.

Step 10 - Check to make sure the Lint Stage was run.

As soon as the code was committed to the stage branch, Ansible Lint validation was triggered. Return to your GitLab and navigate to Pipelines:

1. Click Build on the side menu
2. Then click Pipelines
3. Click your new pipeline

Again, only the lint stage is triggered when committing the code to the stage branch, the green circle check icon indicates the pipeline succeeded



After fixing our error, all three jobs in the lint stage ran successfully. If you want to see detailed logs of the job run you can click on any of the jobs.

Step 11 - Create a Merge Request (Also known as a Pull Request)

Now you need to create a merge request to verify/test the new Networks configuration against the NDFC staging environment fabric.

1. Click Merge requests on the side menu
2. Then click New merge request




3. Select stage as Source branch
4. Select main as Target branch
5. Then click Compare branches and continue




6. Leave all of the fields with the default settings, then click Create merge request




7. Click the Pipeline number or the blue circle with half moon icon to navigate to pipeline page

Step 12 - Wait Until Pipeline Completes

Wait until your pipeline completes against staging. In the mean time, feel free to checkout what is going on in your NDFC instance by following the next step.

Step 13 - Login to Nexus Dashboard and Verify the new Networks on the Staging Fabric

In your browser, navigate back to your NDFC instance.

1. Close your prod fabric as that should be the last location you were at in NDFC.




2. Then double-click on your fabric-stage




3. Click Networks and review add L2VNI overlay networks named after GitLab

Note

You may need to wait for the pipeline for some of the Networks to show up in the NDFC GUI.

Step 14 - Navigate to the Merge Request

When your pipeline is done, open the merge request page:

1. Click the !# link in the text Related merge request !# to merge stage (The link is !2 in the screenshot below)

Step 15 - Merge the Request

To open the merge request page:

1. Click the blue Merge button




2. Once your code is merged, a new CD pipeline is triggered. Click the Pipeline number or the blue circle with half moon icon to navigate to the pipeline page

Step 16 - Wait Until the Pipeline is Finished

Wait until the pipeline is finished:

This step will deploy the new VRF and new Networks to the Production Fabric

You have now modifed your Fabric by updating your source code and then using the CI and CD pipelines to deploy the changes!

Step 17 - Review All Pipelines Run As Part of Lab

Wait until the pipeline is finished:

Step 18 - Verify the new Networks on the Production Fabric

In your browser, return to NDFC and navigate to your prod-fabric:

1. Close your stage-fabric




2. Navigate to prod-fabric




3. Verify prod-fabric Overview Dashboard displays

Check fabric-prod

This time open the fabric page and check fabric-prod, NOT fabric-stage. Remember the CD pipeline pushes changes to the production fabric and you may need to wait to see the new Networks as the pipeline runs.





4. Navigate to Switches and verify everyting is in sync:




5. Navigate to Networks and verify new Networks:

Congratulations on completing the lab!

• You successfully explored NDFC's REST API and experimented with them inside NDFC's API docs.


• You took what you learned with NDFC's REST API and applied it to develop a Pythonic command line program to get and create network elements, VRFs and Networks.


• You successfully explored NDFC Ansible modules and developed a re-usable playbook to manage fabrics, inventory, and network elements (VRFs and Networks).


• You have successfully modeled an entire VXLAN fabric with a data model-driven apprach using Infrastructure-as-Code (IaC) for managing staging and production NDFC fabrics. This reusable playbook leverages YAML data files for configuration, enabling efficient and consistent deployments.

Thank you for attending Cisco Live 2025!!