NetDevOps · RFC 9315

NetDevOps applies to any network infrastructure — firewalls, SD-WAN, routing, cloud. To showcase its power, let's take the hardest case: a Spine/Leaf datacenter running BGP EVPN/VXLAN.

Physical Layer

Underlay topology.
Map reality to prevent chaos.

The physical foundation (WDM cabling, Spine/Leaf design) stays critical. But as density grows, tracking it with flat files or spreadsheets becomes untenable: without a centralised database, inventory quickly slips out of hand. Before even automating, rule number one is to model this physical reality with absolute rigour so the infrastructure becomes traceable, predictable and operable again.

Data Plane

Overlay architecture.
The abstraction and visibility challenge.

Moving to an Overlay (VXLAN) is dramatically efficient to decouple user services from the physical infrastructure. But that flexibility comes with a hidden cost. Encapsulation generates a logical matrix (VTEP, VNI) that makes the data path fully abstract. The real challenge becomes visibility: understanding and actually visualising deployed topologies is something humans alone can no longer handle at scale.

Control Plane

EVPN signalling.
Exponential complexity at scale.

This is where the architecture truly hardens. To orchestrate the Overlay, BGP EVPN brings logic and determinism. But the more the Overlay grows, the heavier signalling becomes. Distributing hundreds of Route Distinguishers (RD) and Route Targets (RT) by hand without a single mistake is effectively impossible. This technical demand creates a complexity wall — but it's precisely this absolute rigour that opens the door to automation.

Management Plane

Solving the equation with RFC 9315.
Intent-Based Networking.

This is where NetDevOps earns its place. By applying RFC 9315 (Intent-Based Networking), the extreme complexity of the lower layers gets absorbed by CI/CD pipelines. Engineers stop typing commands: they declare Intent in a Source of Truth (SoT). The model is then validated in lab (NRFU tests), deployed, and continuously verified via telemetry. The architecture handles the data, NetDevOps guarantees operational peace of mind.

MUX PATCH PANEL SPINE-1 SPINE-2 LEAF-1 LEAF-2 LEAF-3 LEAF-4 Physical
VTEP-3 remote VTEP-1 / LEAF-1 DF VTEP-2 / LEAF-2 standby HOST-A HOST-B HOST-C MAC VNI TYPE REMOTE VTEP PORT aa:bb:cc:01 1001 Local DF Eth1/1 dd:ee:ff:01 1001 Remote VTEP-3 nve1 dd:ee:ff:02 1002 Remote VTEP-3 nve1 1001 BUM DF VTEP-3 nve1 Data Plane
SPINE / RR iBGP EVPN LEAF-1 LEAF-2 LEAF-3 eBGP underlay · BFD 300ms PREFIX TYPE RD RT NEXT-HOP aa:bb:cc:01 Type-2 10.0.0.1:1001 65001:1001 LEAF-1 dd:ee:ff:01 Type-2 10.0.0.3:1001 65001:1001 LEAF-3 10.1.0.0/24 Type-5 10.0.0.1:1001 65001:1001 LEAF-1 10.2.0.0/24 Type-5 10.0.0.3:1001 65001:1001 LEAF-3 Control Plane
GIT NETBOX SoT ANSIBLE QUALIF test PROD spine / leaf gNMI TELEGRAF PROM GRAFANA PUSH ↓ STREAM ↑ CLOSED-LOOP AUTOMATION drift detection · auto-remediation Mgmt Plane
Scroll
Source of Truth

The three pillars of
modern network governance.

No reliable automation without a Source of Truth. These three platforms structure network data and lay the foundation of NetDevOps.

2016

NetBox

Open-source

Built by Jeremy Stretch at DigitalOcean

The pioneer of Infrastructure Resource Modelling (IRM). NetBox set the bar for modern DCIM and IPAM. Now a de-facto industry standard, it feeds the automation pipelines of thousands of network teams worldwide.

2021

Nautobot

Open-source

Forked from NetBox by Network to Code

Built for enterprise needs and end-to-end automation. Nautobot extends NetBox with a job framework, deep extensibility, and native integration with large-scale NetDevOps workflows.

2024

InfraHub

Open-source

Built by OpsMill

The next-generation Source of Truth. InfraHub introduces Git-like branch versioning for infrastructure data, letting teams test and validate changes before merging. A radically GitOps approach applied to networking.