Digital Sandbox

The Fabric Services System Digital Sandbox is a network simulator that can emulate data center fabric designs ("underlays") and the workload constraints configured upon those fabrics ("overlays").

The Digital Sandbox normally runs on a three-node Kubernetes cluster. Each SR Linux node is emulated as its own virtual machine within the cluster, running its own copy of the SR Linux operating system like the real node it represents.

Before you can use the Fabric Services System Digital Sandbox, you must install its software components and perform any configuration steps described in the Fabric Services System Software Installation Guide. This ensures that the Digital Sandbox software is ready to simulate your fabrics and workloads, and is ready to communicate with the Fabric Services System to receive model data and send status updates.

In its current form, the Digital Sandbox can emulate a region, the structures of fabrics within that region, and the workload constraints that are configured upon those fabrics (including the edge links that are referred to by the workload). It does not yet simulate dynamic features like traffic flow between the simulated nodes and their endpoints.

The Digital Sandbox requires its own license, purchased separately from the license for the Fabric Services System itself.

Integration with the Fabric Services System

Most interaction with the Digital Sandbox is performed using CLI commands and API calls.

In integrated mode, the Digital Sandbox can communicate with the Fabric Services System, receiving configuration data for fabric and workload designs, and returning status updates for those intents. The Fabric Services System UI does not support all of the available Digital Sandbox operations; it is only used to design fabric intents and workload VPN intents, and to send those configurations to the Digital Sandbox for further action.

A technically proficient user who is familiar and experienced with the Digital Sandbox CLI could configure fabrics, workloads, and participating endpoints using only the Digital Sandbox CLI or REST API calls. But for most operators, taking advantage of integration with the Fabric Services System makes these operations much faster and easier.

Digital Sandbox status display

When using the integrated mode, the Fabric Services System UI displays the status of the Digital Sandbox in the lower-left corner of the fabric intents geographical map. Possible statuses are:

  • Unavailable: the Digital Sandbox has either:
    • not been installed
    • not been configured for integration with the Fabric Services System
    • been misconfigured, such that the Fabric Services System is pointing to the wrong location for the Digital Sandbox
    • has been installed and configured for integration but has not been started
  • Running: the Digital Sandbox is installed, started, and ready to receive data.
  • Busy: the Digital Sandbox is installed and started, but is processing data recently sent from the Fabric Services System for incorporation into its simulation.

Creating a region

When using the integrated mode, you must create a deployment region from the Fabric Service System's Regions page before you can create any fabric intents or workload VPN intents that are destined for the Digital Sandbox.

Create a region by following the procedure Creating a region.

After you have created the region, the Digital Sandbox creates a set of internal structures ("pods") for use in its simulation.

As the Digital Sandbox creates these structures, its status advances from Unavailable to Busy to Running. When it reaches the Running state, you can proceed to create fabric intents and workload intents that are destined for the Digital Sandbox.

Modifying a region

If you modify any of the properties of a region, including changes to the fabric and workload intents in the Fabric Services System UI destined for digital sandbox, you must explicitly trigger a corresponding update in the Digital Sandbox.

To update the Digital Sandbox after modifying a region:

  1. If the region page is not already open:
    1. Click to open the main menu.
    2. In the main menu, select Deployment Regions. The Deployment Regions page opens, showing a graphical representation of regions already created.
  2. Right-click the region icon on the Deployment Regions page, and select Update Digital Sandbox from the displayed menu.
    In the lower left corner of the page:
    • the Digital Sandbox status advances to the Busy state.
    • the Digital Sandbox status returns to the Running state.

    When the Digital Sandbox has returned to the Running state, the update to its model of the region is complete.

    Note: If an error occurs during the update, an error indication appears on the lower left corner. Hover over the error indication to display the description of the error in digital sandbox.

Fabric intents and the Digital Sandbox

Working with a fabric intent that is destined for the Digital Sandbox is just like working with a fabric intent destined for real hardware, with the following exceptions:

  • When you create the fabric intent, set the Fabric Type to Digital Sandbox instead of Real.
  • The deployment threshold for a Digital Sandbox fabric intent is always 100% (whereas the threshold is always 0% for Real fabric intents).
  • After you design a Digital Sandbox fabric intent, and before you deploy that intent, you must manually send the updated configuration to the Digital Sandbox using the Update Digital Sandbox command.

After you update the Digital Sandbox and deploy your fabric intent, the Digital Sandbox creates a corresponding set of simulated nodes, their configurations, and their relationships in its own data model.

The representation of the fabric at this stage is coarse; it is limited to the nodes themselves. Endpoints and other lower-level details are not added to the model until subsequently required by workload intents.

Creating a fabric intent

Before you create a fabric intent that is destined for the Digital Sandbox, make sure you have followed the procedure for Creating a region.
The procedure to design a fabric intent destined for the Digital Sandbox is nearly identical to designing an intent for deployment to real hardware.

To create a fabric intent that is destined for the Digital Sandbox:

  1. Click to open the main menu.
  2. In the main menu, select Fabric Intents. The Fabric Intents page opens.
  3. Click the + CREATE A FABRIC INTENT button.
  4. Select any of the following templates:
    • Flexible Leaf Spine
    • Backbone
  5. Click the CREATE button.
    The New Fabric Intents page displays.

    At the top of the left-side panel, the name of the template you selected in step 4 is displayed as the "Reference Template".

  6. In the Fabric Type drop-down list, select Digital Sandbox.
  7. From here, continue with one of the procedures in Fabric intents, depending on the type of fabric you are designing:

    The steps are identical, except that the Deployment Threshold value is fixed at 100% (whereas for a Real fabric intent, this value is fixed at 0%).

Updating the Digital Sandbox

After you design your fabric intent, but before deploying it, you must update the Digital Sandbox with information about the fabric intent. This causes the Digital Sandbox to create virtual nodes onto which the fabric can be deployed.

Any time you make subsequent changes to the fabric intent, you should follow these steps to again update the Digital Sandbox with the new configuration data.

To update the Digital Sandbox with information about your fabric intent, do the following:

  1. Open the fabric intent in the Fabric Design view, if it is not already open.
  2. At the upper right of the page click the More actions icon ( ) and select Update Digital Sandbox from the displayed menu. As a result:
    In the lower left corner of the page:
    • the Digital Sandbox status advances to the Busy state.
    • one by one, each virtual node in the fabric intent advances to the Ready state.
    • the Digital Sandbox status returns to the Running state.

    When all nodes are in a Ready state and the Digital Sandbox has returned to the Running state, you can deploy the fabric intent.

    Note: If an error occurs during the update, an error indication appears on the lower left corner. Hover over the error indication to display the description of the error in digital sandbox.

    Additional messages can also appear in the lower middle section of the page.

Deploying a fabric intent

The procedure to deploy a fabric intent to the Digital Sandbox is the same as that for a Real fabric intent:
  • add the fabric intent to the deployment pipeline
  • from the deployment pipeline, select the fabric intent and click Deploy.
For detailed steps, see Deploying a fabric intent.
When the fabric has attained the Deployed state, the result in the Digital Sandbox is a new Underlay 1 (UL1) construct, represented by a collection of Kubernetes pods.

At this stage only the nodes themselves are modeled in the Digital Sandbox data. Endpoints, and details about those endpoints such as IP addresses, are not yet present in the model.

Workload intents

There are no differences in workload VPN intent design or deployment when the target is the Digital Sandbox; the procedures are the same as those for workload VPN intents destined for real hardware.

When you design a Workload VPN intent that includes fabrics that were created for the Digital Sandbox, the Fabric Services System sends the workload intent information to the Digital Sandbox for incorporation into its simulation.

Creating a workload VPN intent for the Digital Sandbox

Create your workload VPN intent just as described in Workload VPN intents.

When you are finished, you are ready to deploy the workload VPN intent.

Deploying a workload VPN intent to the Digital Sandbox

Deploy your workload VPN intent just as described in Adding a workload intent to the deployment pipeline and Deploying a workload intent from the deployment pipeline.

When you deploy the workload intent, the Digital Sandbox updates the configuration files of the participating, simulated nodes. In the Digital Sandbox, the simulated workload is classified as a Candidate Workload, but is not active; the participating nodes are identified, but endpoint data is not yet present.

If you were to update the workload VPN intent design in the Fabric Services System and re-deploy it, this would entirely overwrite the Candidate Workload's information in the Digital Sandbox. This would be true even if you had updated the workload information in the Digital Sandbox directly using the CLI after the last deployment; the re-deployment would overwrite the workload intent data and erase your changes.

Updating the Digital Sandbox

After you deploy your workload intent, you must explicitly update the Digital Sandbox with information about the workload intent. This causes the Digital Sandbox to add endpoint data to the workload model, and the result is an Active Workload.

Any time you make subsequent changes to the workload intent, you should follow these steps to again update the Digital Sandbox with the new configuration data.

To update the Digital Sandbox with information about your fabric intent, do the following:

  1. Click to open the main menu.
  2. In the main menu, select Deployment Regions.
  3. Right-click the region object on the Deployment Region map.
  4. From the contextual menu, select Update Digital Sandbox.
  5. Click OK.
    The Digital Sandbox updates its model based on the latest data in the Fabric Services System.

    While it does this, the Digital Sandbox status advances from the Running state to the Busy state, and then back to the Running state.

    When the Digital Sandbox has returned to the Running state, its simulated model of the workload VPN intent includes all of the participating endpoints.

    If you were to update the workload VPN intent design in the Fabric Services System, re-deploy it, and re-update the Digital Sandbox, this would entirely overwrite the Active Workload's information in the Digital Sandbox. This would be true even if you had updated the workload information directly in the Digital Sandbox using CLI after the last update; re-updating would overwrite the workload intent data and erase your changes.