Book Image

Network Automation Cookbook

By : Karim Okasha

Book Image

Network Automation Cookbook

By: Karim Okasha

Overview of this book

Network Automation Cookbook is designed to help system administrators, network engineers, and infrastructure automation engineers to centrally manage switches, routers, and other devices in their organization's network. This book will help you gain hands-on experience in automating enterprise networks and take you through core network automation techniques using the latest version of Ansible and Python. With the help of practical recipes, you'll learn how to build a network infrastructure that can be easily managed and updated as it scales through a large number of devices. You'll also cover topics related to security automation and get to grips with essential techniques to maintain network robustness. As you make progress, the book will show you how to automate networks on public cloud providers such as AWS, Google Cloud Platform, and Azure. Finally, you will get up and running with Ansible 2.9 and discover troubleshooting techniques and network automation best practices. By the end of this book, you'll be able to use Ansible to automate modern network devices and integrate third-party tools such as NAPALM, NetBox, and Batfish easily to build robust network automation solutions.

Preface

Who this book is for

What this book covers

To get the most out of this book

Building Blocks of Ansible

Building Blocks of Ansible

Technical requirements

Installing Ansible

Building Ansible's inventory

Using Ansible's variables

Building Ansible's playbook

Using Ansible's conditionals

Using Ansible's loops

Securing secrets with Ansible Vault

Using Jinja2 with Ansible

Using Ansible's filters

Using Ansible Tags

Customizing Ansible's settings

Using Ansible Roles

Free Chapter

Managing Cisco IOS Devices Using Ansible

Managing Cisco IOS Devices Using Ansible

Technical requirements

Building an Ansible network inventory

Connecting to Cisco IOS devices

Configuring basic system information

Configuring interfaces on IOS devices

Configuring L2 VLANs on IOS devices

Configuring trunk and access interfaces

Configuring interface IP addresses

Configuring OSPF on IOS devices

Collecting IOS device facts

Validating network reachability on IOS devices

Retrieving operational data from IOS devices

Validating network states with pyATS and Ansible

Automating Juniper Devices in the Service Providers Using Ansible

Automating Juniper Devices in the Service Providers Using Ansible

Technical requirements

Building the network inventory

Connecting and authenticating to Juniper devices

Enabling NETCONF on Junos OS devices

Configuring generic system options on Juniper devices

Configuring interfaces on Juniper devices

Configuring OSPF on Juniper devices

Configuring MPLS on Juniper devices

Configuring BGP on Juniper devices

Deploying configuration on Juniper devices

Configuring the L3VPN service on Juniper devices

Gathering Juniper device facts using Ansible

Validating network reachability on Juniper devices

Retrieving operational data from Juniper devices

Validating the network state using PyEZ operational tables

Building Data Center Networks with Arista and Ansible

Building Data Center Networks with Arista and Ansible

Technical requirements

Building the Ansible network inventory

Connecting to and authenticating Arista devices from Ansible

Enabling eAPI on Arista devices

Configuring generic system options on Arista devices

Configuring interfaces on Arista devices

Configuring the underlay BGP on Arista devices

Configuring the overlay BGP EVPN on Arista devices

Deploying the configuration on Arista devices

Configuring VLANs on Arista devices

Configuring VXLANs tunnels on Arista devices

Gathering Arista device facts

Retrieving operational data from Arista devices

Automating Application Delivery with F5 LTM and Ansible

Automating Application Delivery with F5 LTM and Ansible

Technical requirements

Building an Ansible network inventory

Connecting and authenticating to BIG-IP devices

Configuring generic system options on BIG-IP devices

Configuring interfaces and trunks on BIG-IP devices

Configuring VLANs and self-IPs on BIG-IP devices

Configuring static routes on BIG-IP devices

Deploying nodes on BIG-IP devices

Configuring a load balancing pool on BIG-IP devices

Configuring virtual servers on BIG-IP devices

Retrieving operational data from BIG-IP nodes

Administering a Multi-Vendor Network with NAPALM and Ansible

Administering a Multi-Vendor Network with NAPALM and Ansible

Technical requirements

Installing NAPALM and integrating with Ansible

Building an Ansible network inventory

Connecting and authenticating to network devices using Ansible

Building the device configuration

Deploying configuration on network devices using NAPALM

Collecting device facts with NAPALM

Validating network reachability using NAPALM

Validating and auditing networks with NAPALM

Deploying and Operating AWS Networking Resources with Ansible

Deploying and Operating AWS Networking Resources with Ansible

Technical requirements

Installing the AWS SDK

Building an Ansible inventory

Authenticating to your AWS account

Deploying VPCs using Ansible

Deploying subnets using Ansible

Deploying IGWs using Ansible

Controlling routing within a VPC using Ansible

Deploying network ACLs using Ansible

Deployment validation using Ansible

Decommissioning resources on AWS using Ansible

Deploying and Operating Azure Networking Resources with Ansible

Deploying and Operating Azure Networking Resources with Ansible

Technical requirements

Installing the Azure SDK

Building an Ansible inventory

Authenticating to your Azure account

Creating a resource group

Creating virtual networks

Creating subnets

Building user-defined routes

Deploying network security groups

Deployment validation using Ansible

Decommissioning Azure resources using Ansible

Deploying and Operating GCP Networking Resources with Ansible

Deploying and Operating GCP Networking Resources with Ansible

Technical requirements

Installing the GCP SDK

Building an Ansible inventory

Authenticating to your GCP account

Creating GCP VPC networks

Creating subnets

Deploying firewall rules in GCP

Deploying VMs in GCP

Adjusting routing within a VPC

Validating GCP deployment using Ansible

Decommissioning GCP resources using Ansible

Network Validation with Batfish and Ansible

Network Validation with Batfish and Ansible

Technical requirements

Installing Batfish

Integrating Batfish with Ansible

Generating the network configuration

Creating a network snapshot for Batfish

Initializing the network snapshot with Ansible

Collecting network facts from Batfish

Validating traffic forwarding with Batfish

Validating ACLs with Batfish

Building a Network Inventory with Ansible and NetBox

Building a Network Inventory with Ansible and NetBox

Technical requirements

Installing NetBox

Integrating NetBox with Ansible

Populating sites in NetBox

Populating devices in NetBox

Populating interfaces in NetBox

Populating IP addresses in NetBox

Populating IP prefixes in NetBox

Using NetBox as a dynamic inventory source for Ansible

Generating a configuration using NetBox

Simplifying Automation with AWX and Ansible

Simplifying Automation with AWX and Ansible

Technical requirements

Managing users and teams on AWX

Creating a network inventory on AWX

Managing network credentials on AWX

Creating projects on AWX

Creating templates on AWX

Creating workflow templates on AWX

Running automation tasks using the AWX API

Advanced Techniques and Best Practices for Ansible

Advanced Techniques and Best Practices for Ansible

Technical requirements

Installing Ansible in a virtual environment

Validating YAML and Ansible playbooks

Calculating the execution time for Ansible playbooks

Validating user input using Ansible

Running Ansible in check mode

Controlling parallelism and rolling updates in Ansible

Configuring fact caching in Ansible

Creating custom Python filters for Ansible

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Managing Cisco IOS Devices Using Ansible

In this chapter, we will outline how to automate Cisco IOS-based devices using Ansible. We will explore the different modules available in Ansible to automate configuration and collect network information from Cisco IOS devices. This chapter will be based on the following sample network diagram, and we will walk through how we can implement this network design using Ansible:

The following table outlines the management IP addresses on the Cisco nodes, which Ansible will use to connect to the devices:

Device	Role	Vendor	MGMT Port	MGMT IP
`access01`	Access switch	Cisco IOS 15.1	`Ethernet0/0`	`172.20.1.18`
`access02`	Access switch	Cisco IOS 15.1	`Ethernet0/0`	`172.20.1.19`
`core01`	Core switch	Cisco IOS 15.1	`Ethernet0/0`	`172.20.1.20`
`core02`	Core switch	Cisco IOS 15.1	`Ethernet0/0`	`172.20.1.21`
`wan01`	WAN router	Cisco IOS–XE 16.6.1	`GigabitEthernet1`	`172.20.1.22`
`wan02`	WAN router	Cisco IOS–XE 16.6.1	`GigabitEthernet1`	`172.20.1.23`

The main recipes covered in this chapter are as follows:

Building an Ansible network inventory
Connecting to Cisco IOS devices
Configuring basic system information
Configuring interfaces on IOS devices
Configuring L2 VLANS on IOS devices
Configuring trunk and access interfaces
Configuring interface IP addresses
Configuring OSPF on IOS devices
Collecting IOS device facts
Validating network reachability on IOS devices
Retrieving operational data from IOS devices
Validating network states with pyATS and Ansible