Key Skills for Network Automation
Network automation has become a key component of many business’s infrastructures. Recently, we broke down the basics of network automation and the benefits it can provide. In this article, we will start to cover some of the base skills needed to work with network automation technologies.
The job of a network engineer is changing rapidly with the increasing demand of services to be deployed in seconds. With these changes comes the demand for a new set of skills to configure and maintain these networks. Up to this point, different tools and technologies were leveraged to help get started in a transformation to an automated network. What are the core skills needed to work with these technologies?
Application Programable Interfaces (APIs)
Interacting in an automated way with Netmiko is a great and familiar next step for engineers just starting the journey into network automation, but the CLI feedback of the device will quickly demonstrate that performing follow on actions based on the output of the device is a nightmare. The CLI output was made for humans to read and interpret, which does not translate well when it comes to interacting with the device programmatically. This has led to more vendors developing programmatic API interfaces to interact with the devices.
The RESTCONF API is a RESTful API that allows for communication with the device using the HTTP protocol. Objects on the device can be retrieved, added, deleted or updated with HTTP methods. Results are typically returned in JSON format although XML is supported, which can easily be parsed by a scripting language and decisions on the next steps made based on the response of the device.
To provide a real-world example of how this can be applied, think of a network where the network landscape has changed dramatically over time and security auditing of firewall policies has not been a priority. A simple Python script can be run to poll each individual firewall for a list of the firewall policies. If the policy has a hit count of zero, the script can disable the firewall policies. After a given amount of time, the same script can be altered minimally to delete any firewall policy with a state of ‘disabled.’ Clean up of the stale policies on the firewall took just a few lines of code and minutes to execute.
The second major API player on the market is NETCONF, which is an XML-based API. Luckily, XML is also easily parsed by a programming language, or in the case of Python, can be converted to a Python dictionary. Many centralized management systems for network devices, such as Juniper Apstra, already utilize the NETCONF API for making configuration changes and gathering data from their devices.
Perhaps you wish to automate the population of your CMDB system in ServiceNow. A workflow can be written to poll the devices, filter out the information you want populating into your CMDB and populate the CMDB. What better source of truth than the device itself? The workflow would only need to be written once, targeting all devices of a similar device type and scheduled to ran on regular intervals. Given this scenario, say a device breaks and needs to be replaced. When the device is replaced, CMDB will automatically be repopulated with unique information of the device during the next scheduled poll.
When it comes to writing scripts or making API calls, you will need a way to identify what object you are trying to configure or get information from. A RESTCONF API will require documentation to know the path URI for the object you are trying to hit, HTTP methods, message format, encoding, etc. For RESTful APIs refer to the vendor documentation to construct your request. For NETCONF, a device will initially tell you about its capabilities when the session is established. These capabilities are very important in that it is telling you what YANG data models it supports. YANG is the data modeling language that was adopted to model network device state and configurations. Once you know the device capabilities, you can refer to the YANG model to build your requests.
Python has emerged as one of the most popular scripting languages for interacting with network devices. With the development of built-in Python modules, such as Netmiko, to interact with networking devices it makes sense, but this is not the only module available for interacting with devices. Netmiko builds off Paramiko, an SSH library for facilitating SSH connections, which can also be used. However, you will find Netmiko facilitates these connections with much more ease.
The NAPALM library is another Python library built to facilitate the device configuration, gather facts from the device and support multiple vendors. Jinja templates have been supported in Python for web developers for years which really worked for networking professionals’ benefit when it comes to IaC. The Python requests library can be used to interact with RESTful APIs on devices, controllers and central source of trust systems such as IPAM solutions or CMDB databases. Ncclient can be used to interact with XML based NETCONF APIs allowing for a much more programmatic way of interacting with the devices. These are just to name a few. Going further, modules, such as Scapy, are useful for generating packets, custom web-based tools such as Flask can be used to build custom tools, pysnmp for SNMP polling of devices and even streaming telemetry to an event bus all can be accomplished utilizing Python.
With all the APIs and Tools discussed so far, data structures have been a key component in working with these technologies. YAML has been mentioned as this is the format in which we write Ansible playbooks and the necessary variable files. YAML is one of the more human-friendly structures when compared to JSON and XML. When writing in YAML, pay extra close attention to indentations as this is what YAML relies on to know what object is associated with each other i.e., a list of key value pairs. Additionally, Python has a library for interacting with YAML files.
When it comes to creating and understanding requests from RESTful APIs, JSON has typically been the standard although responses can be XML. JSON is represented as key value pairs and resembles a Python dictionary structure. Python has built in JSON libraries for converting JSON objects to Python dictionaries making the data easier to work with. When the data is converted to a Python dictionary, it can be updated, removed or have information added to it and pushed back to the device.
The NETCONF protocol relies on the XML data structure for interacting with the device. XML uses the concept of opening and closing tags like that seen in an HTML page. Although not very human-readable, it is very useful when describing the state and/or configuration of a device. As you may have guessed, Python has a library for converting XML to Python dictionaries and can be used with Jinja templates in IaC operations.
Linux and Linux-Based Tools
As the industry moves forward it is pushing network professionals to be more fluent in Linux for many different reasons. The desire to reduce vendor lock-in when it comes to the purchase of networking equipment has led to the development of open-source network operating system projects that can be installed directly on commercial off the shelf switches often referred to as White Box Switches. The increasing popularity of virtual technologies has increasingly pushed the network into the end hosts.
With popularity for container technologies on the rise, we face new networking challenges to connect these containers to the outside world. These technologies have driven for more advanced networking features directly on the Linux host itself. Using Iptables, Linux Bridges, VLAN interfaces, Virtual Ethernet Pairs and projects such as Open vSwitch the network has clearly worked its way onto the end hosts and the network professionals’ responsibilities along with it. In a VXLAN Data Center the VTEP endpoints can even be terminated on a Linux host.
It can be argued that many, if not all, of the tools that encompass the umbrella of network automation are Linux-based tools. Although written in Python tools such as Ansible, Salt and StackStorm are simply best left to run on the Linux operating system. We have already covered Ansible, but what is the purpose of these other tools? Each tool comes with its own pros and cons or different features.
Salt, for example, has added in support for agentless-based automation for network devices but also offers some event driven automation functionality based on events happening within the network. If this starts to sound intriguing, let’s talk about StackStorm Event Driven Automation. StackStorm uses workflows as a concept where various sensors are deployed. On a given event, the sensor will pick up this event and trigger a pre-defined action. Rules are written to say if this event happens on my network perform this action. How does a self-healing network sound?
All the tools mentioned up to this point, such as Python scripts and Ansible playbooks, do not work well in a shared document or as a pass around document. It is code, which either performs a task or defines the end state of the network. When many people are working on the same coding project it works best when changes are closely tracked, reviewed and approved. After all what good, does it do when a strict roll out process is in place for new features for applications, yet the underlying infrastructure is the wild west making risky changes on the fly. Most organizations have a change management process in place which version control repositories better streamline anyway. Using git project can be downloaded, modified, tested and pushed to the central repository where it can be reviewed for consistency and errors. Once the code has been cleared, it can be moved to production further minimizing the risk of an outage and providing a built-in roll back mechanism. To sum it up, the network automation engineer needs to have a solid understanding of git and version control systems.
Where ivision comes in
If your business is looking to outsource these crucial skills, our team of network experts is here to lend a helping hand. They have extensive research in next-generation networking and ensuring that your infrastructure in good hands.
If you’re an individual who already possesses these skills and is looking for a place to continue developing them while learning from industry experts, check out our open positions today!