Which Network Automation Tools should I learn?

by Brunner Toywa September 26, 2019

There are several tools Network Engineers can learn to get started with Programmability and Network Automation | @mmintel

Fifty years after the initial inception of the network that later became the internet, the most common methods used for network management remain:

CLI Commands
Putty
Copy and Paste
Text Editors e.g Notepad ++ and Spreadsheets

Today, however, with the advent of cloud computing, the Internet of Things, Big data and new applications using micro-service architectures that integrate with the underlying network to enhance performance and segmentation. It is no longer practical to manage networks on a device-by-device basis.

A traditional client-server computer network management illustration. | @Cisco

Thus came…Network Automation!

"Network automation is not hype anymore; it is a means to do your job faster, more consistently and more reliably. However, network automation is not just a single discipline; it is a collection of protocols, tools, and processes that can be overwhelming to the uninitiated." —David Barroso creator of NAPALM

In this article, I aim to equip you with the necessary knowledge of available tools that can help you get started with network automation ASAP!

Building a foundation with:

• Python

As a network engineer, there has never been a better time to learn to code. Python is a great language to start with since it enjoys vast support from leading network vendors, the open-source community is also building a great set of libraries and tools using Python. This directly translates to having access to a wide pool of resources and network community support. Moreover, it’s relatively easy to learn, the syntax is also very straightforward. Here’s an example:


	>>> ip-address = 192.168.0.0
	>>> if ip-address == 192.168.0.0:
 		print(‘This is a private IP!’)
            elif ip-address == 197.240.156.98 :
 		print(‘This is a public IP!’)
	Output:
	This is a private IP!

Simple right!? :)

• Linux

This is arguably the most reliable operating system for both software and network developers. Additionally, almost all of the tools we’re going to talk about in this article are based on Linux. For instance, a very popular tool called Ansible requires that you host the control server on a Linux based machine. Linux OS comes in a variety of distributions, if you are just getting started, install the Ubuntu distribution, it offers a great balance between ease of use, stability, and performance.

Network Application Programming Interfaces (APIs)

These are a set of routines, protocols, and tools for building software applications, it dictates how software components should interact and share information with each other.

An API facilitates communication between a client and a server. The client would be an application such as a Python script or web UI application and the server would be the network device or controller.

A majority, if not all of the devices being shipped from leading vendors today come with APIs.

Most of the APIs that exist today within network infrastructure are HTTP-based RESTful APIs and the Netconf API.

RESTCONF and NETCONF network device APIs illustration. | @DevNet

Network and service configurations:

• Netmiko + Python

Netmiko is a multi-vendor Python library that simplifies SSH connections to network devices. It can be used to push out configs to a network device, add VLANs, etc.

Among the platforms that Netmiko currently supports are Cisco IOS, Arista EOS, and Juniper Junos.

Here's a simple python script using Netmiko to execute a show version command on a Cisco IOS device. The script could be easily scaled using a programming technique called threading to communicate to multiple devices at a go.


	from netmiko import ConnectHandler
	device = ConnectHandler(device_type='cisco_ios',
	ip=192.168.33.10,username='username',password='password')
	output = device.send_command('show version')
	print(output)

• NAPALM + Python

Python and NAPALM library network automation tools

Napalm is a vendor-agnostic open-source python library that provides a unified API to network devices. By design, it works with popular automation tools such as Ansible, SaltStack, and StackStorm.

Besides, you don’t have to use an existing automation framework to automate with Napalm. Since it’s an open-source project you could just integrate it with your own Python script.

Below is a simple python script that uses NAPALM to get an interface's IP address, again, we could employ threading to scale this out!


	# And you can get the interfaces’ ip address with small script as follows:
	import napalm
        from pprint import pprint
	def get_interfaces_ip(ip):
 		driver = napalm.get_network_driver('ios')
 		device = driver(hostname=ip, username='api-user', password='*******' )
 		device.open()
 		interfaces = device.get_interfaces_ip()
 		device.close() return interfaces
	if __name__ == "__main__":
 		pprint(get_interfaces_ip(""))

Network Automation Abstractions:

• Ansible + Python

Ansible and Python network automation tools

Ansible is a multivendor, simple and powerful automation engine. It’s programmable and relatively easy to learn. Numerous Ansible modules use Netmiko under the hood to send device configs and retrieve operational state data from network devices.

Ansible uses a domain-specific language called YAML that is used as a method of defining an automation workflow, or providing a data set to work with (like a list of VLANs). Here’s a simple YAML script that can be used together with a Python application to configure OSPF:


---
ospf:
  - id: 10
  network:
    - ip: 10.0.10.1
      mask: 0.0.0.0
      area: 0 
    - ip: 10.0.20.1
      mask: 0.0.0.0
      area: 0

• Ansible + Jinja

Ansible and Jinja network automation tools

Jinja is a templating language that can greatly aid in the roll-out of new network devices. Jinja can be used with Ansible to quickly generate config files based on your custom templates and build an automation workflow while ensuring that config files are properly built based upon predefined standards. This also helps enhance standardization across your entire infrastructure, which is a critical requirement to successfully deploying automation in your infrastructure.

Here's a sample jinja template.


	interface {{ interface.name }} 
 	
        description {{ interface.description }} 
 
	{% if interface.uplink %} 
	switchport mode trunk 
 
	{% else %} 
	switchport access vlan {{ interface.vlan }} 
	switchport mode access 
 
	{% end if %}

With the above template, I have basically dictated that if the uplink property of an interface is True, then the interface is set as a VLAN trunk. Otherwise, it’s set up with the appropriate access mode!

• SaltStack

SaltStack is an opensource automation framework that aligns with the infrastructure as code movement. By design, the Salt architecture is comprised of a master that manages minions. In this way, large scale infrastructure loads can be distributed between several minions, hence realizing efficient management.

It can be used to implement event-driven automation, remote configuration management and the provisioning of hybrid cloud environments. It uses salt state files (SLS) that understand both templating languages and data formats, with the default being YAML and Jinja. A RESTful API is included with SaltStack, you can thus integrate with 3rd party systems, execute remote tasks through the use of custom scripts, Postman and even cURL.

SaltStack Master and minions configuration automation architecture. | @SaltStack

• StackStorm

StackStorm is an opensource event-driven automation tool. It can be used to implement "if-this-then-that" scenarios. Using this tool, a network engineer can for instance design a workflow that automatically restores connectivity in the event that a link goes down by concurrently executing several troubleshooting and resolution steps. This is especially useful when dealing with recurrent issues that have a definite response matrix. Automation workflows are executed using sensors (python code) that gather data from the network infrastructure and implement requisite changes using predefined triggers.

• Network Verification

pyATS/Genie network test automation tool.

• pyATS/Genie + Python

pyATS is an infrastructure agnostic, highly pluggable test automation framework that is very scalable. Genie can help network engineers to test, maintain, and diagnose the desired operational state of their network. You could, for instance, use it to ensure that for every “up interface”, there are no CRC errors. Such a use case can greatly help reduce packet drops on a link. Moreover, through plugins and a large pool of Pythonic libraries, you can develop integrations with 3rd party products and execute even more complex DevOps tasks.

• Automation Workflows Testing and Development

After learning and developing proficiency with some or all of the tools above. It is important to test out your various scripts and workflows on an environment that allows you to make mistakes without directly impacting your production network. This will help you validate any changes you wish to make to the network and warn of any problems that are likely to be introduced.

• Vagrant

Vagrant, Virtualbox, Vmware Player

Vagrant enables you to easily and quickly set up a virtual environment of routers, switches, servers, and hosts without worrying about configuring inter-device communication. Vagrant configures all the backend virtual device connectivity for you in a vagrant file. You could choose to use providers such as Virtualbox and Vmware to host your virtual network. In addition, automation tools such as Ansible can be employed to provision and manage your test environment.

Below is a simple vagrant file that sets up a single node Cisco IOS XE device for you with a private IP of 192.168.33.20! The config files are written using the Ruby scripting language. By executing a Vagrant up command on your terminal, Vagrant downloads all of the requisite setup details from the cloud and brings up a fully functional IOS XE device. You can then immediately proceed to test out your scripts and workflows against the devices, easy!


	# -*- mode: ruby -*-
	# vi: set ft=ruby :

	# All Vagrant configuration is done below. The "2" in Vagrant.configure
	# configures the configuration version (we support older styles for
	# backwards compatibility). Please don't change it unless you know what
	# you're doing.
		Vagrant.configure("2") do |config|
	# The most common configuration options are documented and commented below.
	# For a complete reference, please see the online documentation at
	# https://docs.vagrantup.com.

	# Every Vagrant development environment requires a box. You can search for
	# boxes at https://atlas.hashicorp.com/search.
		config.vm.box = "iosxe"

		config.vm.network "private_network", ip: "192.168.33.20", auto_config: false
		end

• Git / GitHub / GitLab

As we increasingly adopt scripting and other network automation processes, it becomes important that we effectively manage the python scripts, templates, and other configuration files. Git is a source control tool that can help us track these and also highlight the changes made to them. For instance, if a change to one of the configuration files being tracked breaks something, you can roll back to a previous version of the file and get back to a known good state. Git can also enable you to more easily collaborate on complex projects with other engineers in a distributed fashion.

You can additionally move on ahead to implement advanced network automation techniques such as NetDevOps Continuous Integration and Continuous Delivery (CICD) pipelines using Git, GitHub, GitLab and Drone.

Conclusion

This is by no means an exhaustive list of all available tools. Network automation has matured, and as a consequence, there’s a whole array of other tools out there that you could use. This article, however, enlists some of the tools that I have personally tried, tested and found very effective. In future writings, I will delve deeper into each of the tools with a more hands-on lab approach. Feel free to try out the above, I can promise you, this is the next best thing to magic!