Digital Sandbox

The Fabric Services System Digital Sandbox is a network simulator that can emulate data center fabric designs ("underlays") and the workload constraints configured upon those fabrics ("overlays").

The Digital Sandbox normally runs on a three-node Kubernetes cluster. Each SR Linux node is emulated as its own virtual machine within the cluster, running its own copy of the SR Linux operating system like the real node it represents.

Before you can use the Fabric Services System Digital Sandbox, you must install its software components and perform any configuration steps described in the Fabric Services System Software Installation Guide. This ensures that the Digital Sandbox software is ready to simulate your fabrics and workloads, and is ready to communicate with the Fabric Services System to receive model data and send status updates.

In its current form, the Digital Sandbox can emulate a region, the structures of fabrics within that region, and the workload constraints that are configured upon those fabrics (including the edge links that are referred to by the workload). It does not yet simulate dynamic features like traffic flow between the simulated nodes and their endpoints.

The Digital Sandbox requires its own license, purchased separately from the license for the Fabric Services System itself.

Integration with the Fabric Services System

Most interaction with the Digital Sandbox is performed using CLI commands and API calls.

In integrated mode, the Digital Sandbox can communicate with the Fabric Services System, receiving configuration data for fabric and workload designs, and returning status updates for those intents. The Fabric Services System UI does not support all of the available Digital Sandbox operations; it is only used to design fabric intents and workload VPN intents, and to send those configurations to the Digital Sandbox for further action.

A technically proficient user who is familiar and experienced with the Digital Sandbox CLI could configure fabrics, workloads, and participating endpoints using only the Digital Sandbox CLI or REST API calls. But for most operators, taking advantage of integration with the Fabric Services System makes these operations much faster and easier.

Digital Sandbox status display

When using the integrated mode, the Fabric Services System UI displays the status of the Digital Sandbox in the lower-left corner of the fabric intents geographical map. Possible statuses are:

  • Unavailable: the Digital Sandbox has either:
    • not been installed
    • not been configured for integration with the Fabric Services System
    • been misconfigured, such that the Fabric Services System is pointing to the wrong location for the Digital Sandbox
    • has been installed and configured for integration but has not been started
  • Running: the Digital Sandbox is installed, started, and ready to receive data.
  • Busy: the Digital Sandbox is installed and started, but is processing data recently sent from the Fabric Services System for incorporation into its simulation.

Creating a region in the Digital Sandbox

When using the integrated mode, you must create a deployment region from the Fabric Service System's Regions page before you can create any fabric intents or workload VPN intents that are destined for the Digital Sandbox.
Create a region by following the procedure Creating a region.

After you have created the region, the Digital Sandbox creates a set of internal structures ("pods") for use in its simulation.

As the Digital Sandbox creates these structures, its status advances from Unavailable to Busy to Running. When it reaches the Running state, you can create fabric intents and workload VPN intents that are destined for the Digital Sandbox.

Modifying a region in the Digital Sandbox

If you modify any of the properties of a region, including changes to the fabric and workload VPN intents in the Fabric Services System UI destined for digital sandbox, you must explicitly trigger a corresponding update in the Digital Sandbox.

To update the Digital Sandbox after modifying a region:

  1. If the Deployment Regions page is not already open:
    1. Click to open the main menu.
    2. In the main menu, select Deployment Regions.
      The Deployment Regions page opens, showing a graphical representation of regions already created.
  2. Right-click the region icon on the Deployment Regions page, and select Update Digital Sandbox from the displayed menu.
    In the lower left corner of the page:
    • the Digital Sandbox status advances to the Busy state.
    • the Digital Sandbox status returns to the Running state.

    When the Digital Sandbox has returned to the Running state, the update to its model of the region is complete.

    Note: If an error occurs during the update, an error indication appears on the lower left corner. Hover over the error indication to display the description of the error in the Digital Sandbox.

Fabric intents and the Digital Sandbox

Working with a fabric intent that is destined for the Digital Sandbox is just like working with a fabric intent destined for real hardware, with the following exceptions:

  • When you create the fabric intent, set the Fabric Type field to Digital Sandbox instead of Real.
  • The deployment threshold for a Digital Sandbox fabric intent is always 100% (whereas the threshold is always 0% for Real fabric intents).
  • After you design a Digital Sandbox fabric intent, and before you deploy that intent, you must manually send the updated configuration to the Digital Sandbox using the Update Digital Sandbox command.

After you update the Digital Sandbox and deploy your fabric intent, the Digital Sandbox creates a corresponding set of simulated nodes, their configurations, and their relationships in its own data model.

The representation of the fabric at this stage is coarse; it is limited to the nodes themselves. Endpoints and other lower-level details are not added to the model until subsequently required by workload VPN intents.

Creating a fabric intent in the Digital Sandbox

Before you create a fabric intent that is destined for the Digital Sandbox, ensure that a region has already been created.
The procedure to design a fabric intent destined for the Digital Sandbox is nearly identical to designing an intent for deployment to real hardware.

To create a fabric intent that is destined for the Digital Sandbox:

  1. Click to open the main menu.
  2. In the main menu, select Fabric Intents.
  3. Use the Region Selector at the top of the page to select the region in which to create the fabric intent.
  4. Click the + CREATE A FABRIC INTENT button to open the Fabric Design page.
  5. Select or import the topology file on which this fabric is based:
    • To select an already-imported topology file, click in the Imported Topology From File field and select the topology from the displayed list.
    • To import a new topology from a file, click the Import icon and select the topology file. The topology in that file is automatically selected as the basis for this fabric intent.
  6. In the Fabric Type drop-down list, click Digital Sandbox.
  7. On the left-side panel, enter or select the basic parameters that define your intended fabric as described in Basic parameters for manual topology fabric intent.
  8. Optionally, select an ASN pool and IP pools other than the default pools for the region:
    • ASN Pool Name
    • Inter Switch Link Pool Name
    • Management Pool Name
    • System Pool Name
  9. Specify the DS Management Network IP family (either IPv4 or IPv6) for this fabric The default value is IPv4.
  10. Click to save the fabric intent. When you save the fabric intent, the system:
    • updates the state of the fabric intent to Created.
    • updates the version number of the fabric intent to 1.0.
    • enables the GENERATE FABRIC button.
  11. Click GENERATE FABRIC.

Updating the Digital Sandbox

After you design your fabric intent, but before deploying it, you must update the Digital Sandbox with information about the fabric intent. This causes the Digital Sandbox to create virtual nodes onto which the fabric can be deployed.

Any time you make subsequent changes to the fabric intent, you should follow these steps to again update the Digital Sandbox with the new configuration data.

To update the Digital Sandbox with information about your fabric intent, do the following:

  1. Open the fabric intent in the Fabric Design view, if it is not already open.
  2. At the upper right of the page click the More actions icon ( ) and select Update Digital Sandbox from the displayed menu. As a result:
    In the lower left corner of the page:
    • the Digital Sandbox status advances to the Busy state.
    • one by one, each virtual node in the fabric intent advances to the Ready state.
    • the Digital Sandbox status returns to the Running state.

    When all nodes are in a Ready state and the Digital Sandbox has returned to the Running state, you can deploy the fabric intent.

    Note: If an error occurs during the update, an error indication appears on the lower left corner. Hover over the error indication to display the description of the error in digital sandbox.

    Additional messages can also appear in the lower middle section of the page.

Deploying a fabric intent in the Digital Sandbox

The procedure to deploy a fabric intent to the Digital Sandbox is the same as that for a real fabric intent. For detailed steps, see Fabric intent deployment.
  1. Add the fabric intent to the deployment pipeline.
  2. From the deployment pipeline, select the fabric intent and click Deploy.
When the fabric has attained the Deployed state, the result in the Digital Sandbox is a new Underlay 1 (UL1) construct, represented by a collection of Kubernetes pods.

At this stage only the nodes themselves are modeled in the Digital Sandbox data. Endpoints, and details about those endpoints such as IP addresses, are not yet present in the model.

Workload VPN intents

There are no differences in workload VPN intent design or deployment when the target is the Digital Sandbox; the procedures are the same as those for workload VPN intents destined for real hardware.

When you design a Workload VPN intent that includes fabrics that were created for the Digital Sandbox, the Fabric Services System sends the workload VPN intent information to the Digital Sandbox for incorporation into its simulation.

Creating a workload VPN intent in the Digital Sandbox

Use the procedures for creating a workload VPN intent for real fabrics.
Create your workload VPN intent as described in Workload VPN intents.

When you are finished, you are ready to deploy the workload VPN intent.

Deploying a workload VPN intent to the Digital Sandbox

Use this procedure to deploy a workload VPN intent to the Digital Sandbox
  1. Add the workload VPN intent to the pipeline.
  2. Deploy the workload VPN intent from the pipeline.

When you deploy the workload VPN intent, the Digital Sandbox updates the configuration files of the participating, simulated nodes. In the Digital Sandbox, the simulated workload is classified as a Candidate Workload, but is not active; the participating nodes are identified, but endpoint data is not yet present.

If you update the workload VPN intent design in the Fabric Services System and re-deploy it, it overwrites the information for the candidate workload in the Digital Sandbox. This is true even if you update the workload information in the Digital Sandbox directly using the CLI after the last deployment; the re-deployment overwrites the workload VPN intent data and erases your changes.

Updating the Digital Sandbox

After you deploy your workload VPN intent, you must explicitly update the Digital Sandbox with information about the workload VPN intent. This causes the Digital Sandbox to add endpoint data to the workload model, and the result is an Active Workload.

Any time you make subsequent changes to the workload VPN intent, you should follow these steps to again update the Digital Sandbox with the new configuration data.

To update the Digital Sandbox with information about your fabric intent, do the following:

  1. Click to open the main menu.
  2. In the main menu, select Deployment Regions.
  3. Right-click the region object on the Deployment Region map.
  4. From the contextual menu, select Update Digital Sandbox.
  5. Click OK.
    The Digital Sandbox updates its model based on the latest data in the Fabric Services System.

    While it does this, the Digital Sandbox status advances from the Running state to the Busy state, and then back to the Running state.

    When the Digital Sandbox has returned to the Running state, its simulated model of the workload VPN intent includes all of the participating endpoints.

    If you update the workload VPN intent design in the Fabric Services System, re-deploy it, and re-update the Digital Sandbox, it overwrites the Active Workload's information in the Digital Sandbox. This is true even if you had updated the workload information directly in the Digital Sandbox using the CLI after the last update; re-updating overwrites the workload VPN intent data and erases your changes.