Book Image

Network Automation Cookbook

By : Karim Okasha
Book Image

Network Automation Cookbook

By: Karim Okasha

Overview of this book

Network Automation Cookbook is designed to help system administrators, network engineers, and infrastructure automation engineers to centrally manage switches, routers, and other devices in their organization's network. This book will help you gain hands-on experience in automating enterprise networks and take you through core network automation techniques using the latest version of Ansible and Python. With the help of practical recipes, you'll learn how to build a network infrastructure that can be easily managed and updated as it scales through a large number of devices. You'll also cover topics related to security automation and get to grips with essential techniques to maintain network robustness. As you make progress, the book will show you how to automate networks on public cloud providers such as AWS, Google Cloud Platform, and Azure. Finally, you will get up and running with Ansible 2.9 and discover troubleshooting techniques and network automation best practices. By the end of this book, you'll be able to use Ansible to automate modern network devices and integrate third-party tools such as NAPALM, NetBox, and Batfish easily to build robust network automation solutions.

Related Content you might be interested in

Current Title:

Small book image
Network Automation Cookbook
Karim Okasha
Apr, 2020 | 482 pages
Small book image
Ansible for Real-Life Automation
Gineesh Madapparambath
Sep, 2022 | 480 pages
Small book image
Practical Ansible 2
Fabio Alessandro Locati | Daniel Oh | James Freeman
Jun, 2020 | 410 pages
Small book image
Practical Ansible
Fabio Alessandro Locati | Daniel Oh | James Freeman
Sep, 2023 | 420 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
1
Building Blocks of Ansible
Building Blocks of Ansible
Technical requirements
Installing Ansible
Building Ansible's inventory
Using Ansible's variables
Building Ansible's playbook
Using Ansible's conditionals
Using Ansible's loops
Securing secrets with Ansible Vault
Using Jinja2 with Ansible
Using Ansible's filters
Using Ansible Tags
Customizing Ansible's settings
Using Ansible Roles
Free Chapter
2
Managing Cisco IOS Devices Using Ansible
Managing Cisco IOS Devices Using Ansible
Technical requirements
Building an Ansible network inventory
Connecting to Cisco IOS devices
Configuring basic system information
Configuring interfaces on IOS devices
Configuring L2 VLANs on IOS devices
Configuring trunk and access interfaces
Configuring interface IP addresses
Configuring OSPF on IOS devices
Collecting IOS device facts
Validating network reachability on IOS devices
Retrieving operational data from IOS devices
Validating network states with pyATS and Ansible
3
Automating Juniper Devices in the Service Providers Using Ansible
Automating Juniper Devices in the Service Providers Using Ansible
Technical requirements
Building the network inventory
Connecting and authenticating to Juniper devices
Enabling NETCONF on Junos OS devices
Configuring generic system options on Juniper devices
Configuring interfaces on Juniper devices
Configuring OSPF on Juniper devices
Configuring MPLS on Juniper devices
Configuring BGP on Juniper devices
Deploying configuration on Juniper devices
Configuring the L3VPN service on Juniper devices
Gathering Juniper device facts using Ansible
Validating network reachability on Juniper devices
Retrieving operational data from Juniper devices
Validating the network state using PyEZ operational tables
4
Building Data Center Networks with Arista and Ansible
Building Data Center Networks with Arista and Ansible
Technical requirements
Building the Ansible network inventory
Connecting to and authenticating Arista devices from Ansible
Enabling eAPI on Arista devices
Configuring generic system options on Arista devices
Configuring interfaces on Arista devices
Configuring the underlay BGP on Arista devices
Configuring the overlay BGP EVPN on Arista devices
Deploying the configuration on Arista devices
Configuring VLANs on Arista devices
Configuring VXLANs tunnels on Arista devices
Gathering Arista device facts
Retrieving operational data from Arista devices
5
Automating Application Delivery with F5 LTM and Ansible
Automating Application Delivery with F5 LTM and Ansible
Technical requirements
Building an Ansible network inventory
Connecting and authenticating to BIG-IP devices
Configuring generic system options on BIG-IP devices
Configuring interfaces and trunks on BIG-IP devices
Configuring VLANs and self-IPs on BIG-IP devices
Configuring static routes on BIG-IP devices
Deploying nodes on BIG-IP devices
Configuring a load balancing pool on BIG-IP devices
Configuring virtual servers on BIG-IP devices
Retrieving operational data from BIG-IP nodes
6
Administering a Multi-Vendor Network with NAPALM and Ansible
Administering a Multi-Vendor Network with NAPALM and Ansible
Technical requirements
Installing NAPALM and integrating with Ansible
Building an Ansible network inventory
Connecting and authenticating to network devices using Ansible
Building the device configuration
Deploying configuration on network devices using NAPALM
Collecting device facts with NAPALM
Validating network reachability using NAPALM
Validating and auditing networks with NAPALM
7
Deploying and Operating AWS Networking Resources with Ansible
Deploying and Operating AWS Networking Resources with Ansible
Technical requirements
Installing the AWS SDK
Building an Ansible inventory
Authenticating to your AWS account
Deploying VPCs using Ansible
Deploying subnets using Ansible
Deploying IGWs using Ansible
Controlling routing within a VPC using Ansible
Deploying network ACLs using Ansible
Deployment validation using Ansible
Decommissioning resources on AWS using Ansible
8
Deploying and Operating Azure Networking Resources with Ansible
Deploying and Operating Azure Networking Resources with Ansible
Technical requirements
Installing the Azure SDK
Building an Ansible inventory
Authenticating to your Azure account
Creating a resource group
Creating virtual networks
Creating subnets
Building user-defined routes
Deploying network security groups
Deployment validation using Ansible
Decommissioning Azure resources using Ansible
9
Deploying and Operating GCP Networking Resources with Ansible
Deploying and Operating GCP Networking Resources with Ansible
Technical requirements
Installing the GCP SDK
Building an Ansible inventory
Authenticating to your GCP account
Creating GCP VPC networks
Creating subnets
Deploying firewall rules in GCP
Deploying VMs in GCP
Adjusting routing within a VPC
Validating GCP deployment using Ansible
Decommissioning GCP resources using Ansible
10
Network Validation with Batfish and Ansible
Network Validation with Batfish and Ansible
Technical requirements
Installing Batfish
Integrating Batfish with Ansible
Generating the network configuration
Creating a network snapshot for Batfish
Initializing the network snapshot with Ansible
Collecting network facts from Batfish
Validating traffic forwarding with Batfish
Validating ACLs with Batfish
11
Building a Network Inventory with Ansible and NetBox
Building a Network Inventory with Ansible and NetBox
Technical requirements
Installing NetBox
Integrating NetBox with Ansible
Populating sites in NetBox
Populating devices in NetBox
Populating interfaces in NetBox
Populating IP addresses in NetBox
Populating IP prefixes in NetBox
Using NetBox as a dynamic inventory source for Ansible
Generating a configuration using NetBox
12
Simplifying Automation with AWX and Ansible
Simplifying Automation with AWX and Ansible
Technical requirements
Installing AWX
Managing users and teams on AWX
Creating a network inventory on AWX
Managing network credentials on AWX
Creating projects on AWX
Creating templates on AWX
Creating workflow templates on AWX
Running automation tasks using the AWX API
13
Advanced Techniques and Best Practices for Ansible
Advanced Techniques and Best Practices for Ansible
Technical requirements
Installing Ansible in a virtual environment
Validating YAML and Ansible playbooks
Calculating the execution time for Ansible playbooks
Validating user input using Ansible
Running Ansible in check mode
Controlling parallelism and rolling updates in Ansible
Configuring fact caching in Ansible
Creating custom Python filters for Ansible
14
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Configuring basic system information

In this recipe, we will outline how we can configure basic system parameters on Cisco IOS devices, such as setting the hostname, DNS server, and NTP servers. Following the network setup that we outlined at the start of this chapter, we will configure the following information on all the Cisco IOS devices:

  • DNS servers 172.20.1.250 and 172.20.1.251
  • NTP server 172.20.1.17

Getting ready

An Ansible inventory file must be present, as well as the configuration for Ansible to connect to the Cisco IOS devices via SSH.

How to do it...

  1. To the group_vars/network.yml file, add the following system parameters:
$ cat group_vars/network.yml
<-- Output Trimmed for brevity ------>
name_servers:
 - 172.20.1.250
 - 172.20.1.251
ntp_server: 172.20.1.17
  1. Create a new playbook called pb_build_network.yml with the following information:
$ cat pb_build_network.yml
  ---
- name: "PLAY 1: Configure All Lan Switches"
  hosts: lan
  tags: lan
  tasks:
  - name: "Configure Hostname and Domain Name"
    ios_system:
      hostname: "{{ inventory_hostname }}"
      domain_name: "{{ domain_name }}"
      lookup_enabled: no
      name_servers: "{{ name_servers }}"
  - name: "Configure NTP"
    ios_ntp:
      server: "{{ ntp_server }}"
      logging: true
      state: present

How it works...

In the network.yml file, we define the name_servers variable as a list of DNS servers, and we also define the ntp_servers variable, which defines the NTP servers that we want to configure on the IOS devices. Defining these parameters in the network.yml file applies these variables to all the devices within the network group.

We create a playbook and the first play targets all the hosts in the lan group (this includes both access and core devices) and, within this play, we reference two tasks:

  • ios_system: This sets the hostname and the DNS servers on the devices.
  • ios_ntp: This configures the NTP on the IOS devices and enables logging for NTP events.

Both these modules are declarative Ansible modules in which we just identify the state pertaining to our infrastructure. Ansible converts this declaration into the necessary IOS commands. The modules retrieve the configuration of the devices and compare the current state with our intended state (to have DNS and NTP configured on them) and then, if the current state does not correspond to the intended state defined by these modules, Ansible will apply the needed configuration to the devices.

When we run these tasks on all the LAN devices, the following configuration is pushed to the devices:

!
 ip name-server 172.20.1.250 172.20.1.251
 no ip domain lookup
 ip domain name lab.net
 !
 ntp logging
 ntp server 172.20.1.17
 !

See also...

Previous Section
End of Section 5
Next Section