Understanding Network Automation: Tools, Scripting & IaC
Overview of Network Automation
In today’s network landscape, a common pain point many enterprises face is struggling to keep the network up with the fast dynamics of the services and applications it supports. Traditional networks are typically supported by a large networking team managing each device individually. This poses a big problem as networking teams struggle to keep up with new deployments and maintain the health of the existing network. This is where automation can come in and be a useful tool to get networking teams off working on their heels to tackling problems head on before they occur by focusing on design. This article will introduce the tools and concepts necessary to get network teams started on their adoption of automation tools.
Scripting with Python
When talking network automation with engineers, the idea of learning a programming language can be overwhelming, and the question consistently arises if network engineers are transforming into developers. Rest assured getting started with network automation does not require full-on developer skills. What is required is an understanding of the language and its structure. Once these technologies are adopted, the power of what can be accomplished with scripting presents itself very quickly.
Using a scenario, we can demonstrate the simplicity and power of scripting with Python. Say there are ten Cisco IOS network devices that require an update to the SNMP community string. A simple transition from manual CLI command to scripting the python Netmiko module provides the bridge for that gap. The Netmiko module provides SSH access to the device and provides a mechanism to enter standard CLI commands across multiple devices. Note that Netmiko is NOT a useful tool to make any type of decision based on the output of a command, as outputs are still in CLI format which is meant for humans. For example, if I wanted to run a command to view the configuration on access interfaces and apply a configuration based on that output, the script would more than likely break as CLI output is not easily parsed by a programming language. For this, we have more advanced tools that will be covered in a later article. Review the example below:
In this example, we first import the ConnectHandler module from Netmiko, which will facilitate the SSH connection to the device. Next, the getpass module is imported so passwords may be entered without risking a shoulder surfer viewing your password on the screen. When executed, the user will first be prompted for their username which will be displayed on the screen followed by the getpass module prompting for the password without displaying it on the screen. Each device IP address is declared as a string and assigned a variable name. A python list is declared populated with our device variables, which will allow the script to scale as more devices are added to the network.
Starting on line 20,the for loop starts to loop through the list of devices performing the same task on each of the devices. A for loop is declared along with the variable ‘device’ which will be the IP of each network device. The for loop loops through the list of devices printing the device it is connecting to, assigning the IP of the device to a new variable ‘ip_address_of_device’ and builds a simple Python dictionary for all the parameters required to connect to the device. The variable ‘net_connect’ is declared, which calls the ConnectHandler module from Netmiko and connects to the Cisco device. On line 31,the commands are sent to the device assigning the variable ‘output’ to the connection of the network device and calling the ‘send_config_set” module to send the CLI configuration commands to the device. Finally, the output of the commands will be printed to the screen and the configuration saved. This process is then repeated for each network device in the list.
Python is not the only tool for network automation. Many automation platforms, such as Chef, Puppet, Salt and Ansible, are now compatible with network devices. For this article, we will focus on Ansible. The heavy lifting with Ansible comes with populating and organizing the inventory file with all the devices in your network. To understand the configuration and development of Ansible playbooks, a base knowledge of YAML is recommended. Continuing with a simple update of the SNMP community string here is an example of an ansible inventory file along with the playbook to update the SNMP community string. First note that we have populated our Ansible inventory in a file called hosts. A group of routers is defined under the group name ‘routers.’ Note that in this example, the username and password are displayed in clear text. This is NEVER recommended in production code, as you risk your password being stored in a central repository that hosts the code. The proper way would be to encrypt your credentials using the Ansible Vault which is out of scope for this article. Focusing on the information that is included in the inventory, we have the IP address, username, password, connection medium of ‘network_cli’, the type of device ansible will be connecting to and telling Ansible not to enter enable mode.
Below, we have the actual playbook that will apply a new SNMP community string to all the devices. The playbook is named ‘Configure Cisco SNMP’ and will be targeting the routers group from the inventory file above. The playbook contains a single play, calling the ios_config module and applying the single line of configuration for setting the SNMP community string.
Infrastructure as Code (IaC)
Today, many IT organizations are looking for ways to standardize and streamline the deployment of configuration. Infrastructure as Code solves this problem. By using infrastructure as code, an organization can use standard configuration templates for the various platforms deployed and apply the configuration using YAML files and Jinja templates. Defining templates per platform allows the variables required for the individual device configuration to be maintained in structured files, standard configuration to be generated via Python and/or Ansible, and the configuration pushed to the device. Storing the templates and variable files in a version control repository, such as GitHub, allows for changes to the infrastructure to be tracked and reviewed before they are committed for deployment to the physical infrastructure. Any unforeseen consequences of the changes can easily be rolled back by reverting to a previous revision of the configuration. Keeping with our example of applying new SNMP communities to the device here is an example of a YAML file with multiple variables to be applied to the device. First the variables are defined in a YAML file to be referenced as a group variable for all the routers in the inventory file.
To apply them as a config, the config template must be generated using Jinja templates. Here the contact, location, communities and type have been removed and replace with curly brackets. In each bracket is a reference to the YAML variables defined above. Since there are more than one community, a for loop is defined to loop through the list of communities and generate the appropriate configuration for the device.
With the variables defined and the template generated, a playbook can be written to generate the SNMP configuration. The first item in this playbook is to target the device group routes defined in the host’s inventory file. The play in the playbook will use the template module and source the Jinja template defined above and produce the config for each device in a dedicated config directory saving each configuration utilizing the ‘ansible_host’ variable from the inventory file.
Finally, the playbook can be executed to produce the individual config files. The result of the playbook is defined below. This is simply a dry run another play can be added to the playbook to push the generated configuration to the device.
How ivision can help
Partnering with a managed service provider, like ivision, for network automation is an incredibly useful way to give your team time back to focus on business. Our network experts are constantly looking for new ways to improve your network and optimize it to help you meet your specific business needs. Through our Modern Enterprise Networking offering, Data Center Fabric offering and more, we’re eager to help your team future-proof your business. Learn more about the benefits of network automation and the skills required for network automation, or contact us today to get started!