Book Image

Network Automation Cookbook

By : Karim Okasha
Book Image

Network Automation Cookbook

By: Karim Okasha

Overview of this book

Network Automation Cookbook is designed to help system administrators, network engineers, and infrastructure automation engineers to centrally manage switches, routers, and other devices in their organization's network. This book will help you gain hands-on experience in automating enterprise networks and take you through core network automation techniques using the latest version of Ansible and Python. With the help of practical recipes, you'll learn how to build a network infrastructure that can be easily managed and updated as it scales through a large number of devices. You'll also cover topics related to security automation and get to grips with essential techniques to maintain network robustness. As you make progress, the book will show you how to automate networks on public cloud providers such as AWS, Google Cloud Platform, and Azure. Finally, you will get up and running with Ansible 2.9 and discover troubleshooting techniques and network automation best practices. By the end of this book, you'll be able to use Ansible to automate modern network devices and integrate third-party tools such as NAPALM, NetBox, and Batfish easily to build robust network automation solutions.

Related Content you might be interested in

Current Title:

Small book image
Network Automation Cookbook
Karim Okasha
Apr, 2020 | 482 pages
Small book image
Ansible for Real-Life Automation
Gineesh Madapparambath
Sep, 2022 | 480 pages
Small book image
Practical Ansible 2
Fabio Alessandro Locati | Daniel Oh | James Freeman
Jun, 2020 | 410 pages
Small book image
Practical Ansible
Fabio Alessandro Locati | Daniel Oh | James Freeman
Sep, 2023 | 420 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
1
Building Blocks of Ansible
Building Blocks of Ansible
Technical requirements
Installing Ansible
Building Ansible's inventory
Using Ansible's variables
Building Ansible's playbook
Using Ansible's conditionals
Using Ansible's loops
Securing secrets with Ansible Vault
Using Jinja2 with Ansible
Using Ansible's filters
Using Ansible Tags
Customizing Ansible's settings
Using Ansible Roles
Free Chapter
2
Managing Cisco IOS Devices Using Ansible
Managing Cisco IOS Devices Using Ansible
Technical requirements
Building an Ansible network inventory
Connecting to Cisco IOS devices
Configuring basic system information
Configuring interfaces on IOS devices
Configuring L2 VLANs on IOS devices
Configuring trunk and access interfaces
Configuring interface IP addresses
Configuring OSPF on IOS devices
Collecting IOS device facts
Validating network reachability on IOS devices
Retrieving operational data from IOS devices
Validating network states with pyATS and Ansible
3
Automating Juniper Devices in the Service Providers Using Ansible
Automating Juniper Devices in the Service Providers Using Ansible
Technical requirements
Building the network inventory
Connecting and authenticating to Juniper devices
Enabling NETCONF on Junos OS devices
Configuring generic system options on Juniper devices
Configuring interfaces on Juniper devices
Configuring OSPF on Juniper devices
Configuring MPLS on Juniper devices
Configuring BGP on Juniper devices
Deploying configuration on Juniper devices
Configuring the L3VPN service on Juniper devices
Gathering Juniper device facts using Ansible
Validating network reachability on Juniper devices
Retrieving operational data from Juniper devices
Validating the network state using PyEZ operational tables
4
Building Data Center Networks with Arista and Ansible
Building Data Center Networks with Arista and Ansible
Technical requirements
Building the Ansible network inventory
Connecting to and authenticating Arista devices from Ansible
Enabling eAPI on Arista devices
Configuring generic system options on Arista devices
Configuring interfaces on Arista devices
Configuring the underlay BGP on Arista devices
Configuring the overlay BGP EVPN on Arista devices
Deploying the configuration on Arista devices
Configuring VLANs on Arista devices
Configuring VXLANs tunnels on Arista devices
Gathering Arista device facts
Retrieving operational data from Arista devices
5
Automating Application Delivery with F5 LTM and Ansible
Automating Application Delivery with F5 LTM and Ansible
Technical requirements
Building an Ansible network inventory
Connecting and authenticating to BIG-IP devices
Configuring generic system options on BIG-IP devices
Configuring interfaces and trunks on BIG-IP devices
Configuring VLANs and self-IPs on BIG-IP devices
Configuring static routes on BIG-IP devices
Deploying nodes on BIG-IP devices
Configuring a load balancing pool on BIG-IP devices
Configuring virtual servers on BIG-IP devices
Retrieving operational data from BIG-IP nodes
6
Administering a Multi-Vendor Network with NAPALM and Ansible
Administering a Multi-Vendor Network with NAPALM and Ansible
Technical requirements
Installing NAPALM and integrating with Ansible
Building an Ansible network inventory
Connecting and authenticating to network devices using Ansible
Building the device configuration
Deploying configuration on network devices using NAPALM
Collecting device facts with NAPALM
Validating network reachability using NAPALM
Validating and auditing networks with NAPALM
7
Deploying and Operating AWS Networking Resources with Ansible
Deploying and Operating AWS Networking Resources with Ansible
Technical requirements
Installing the AWS SDK
Building an Ansible inventory
Authenticating to your AWS account
Deploying VPCs using Ansible
Deploying subnets using Ansible
Deploying IGWs using Ansible
Controlling routing within a VPC using Ansible
Deploying network ACLs using Ansible
Deployment validation using Ansible
Decommissioning resources on AWS using Ansible
8
Deploying and Operating Azure Networking Resources with Ansible
Deploying and Operating Azure Networking Resources with Ansible
Technical requirements
Installing the Azure SDK
Building an Ansible inventory
Authenticating to your Azure account
Creating a resource group
Creating virtual networks
Creating subnets
Building user-defined routes
Deploying network security groups
Deployment validation using Ansible
Decommissioning Azure resources using Ansible
9
Deploying and Operating GCP Networking Resources with Ansible
Deploying and Operating GCP Networking Resources with Ansible
Technical requirements
Installing the GCP SDK
Building an Ansible inventory
Authenticating to your GCP account
Creating GCP VPC networks
Creating subnets
Deploying firewall rules in GCP
Deploying VMs in GCP
Adjusting routing within a VPC
Validating GCP deployment using Ansible
Decommissioning GCP resources using Ansible
10
Network Validation with Batfish and Ansible
Network Validation with Batfish and Ansible
Technical requirements
Installing Batfish
Integrating Batfish with Ansible
Generating the network configuration
Creating a network snapshot for Batfish
Initializing the network snapshot with Ansible
Collecting network facts from Batfish
Validating traffic forwarding with Batfish
Validating ACLs with Batfish
11
Building a Network Inventory with Ansible and NetBox
Building a Network Inventory with Ansible and NetBox
Technical requirements
Installing NetBox
Integrating NetBox with Ansible
Populating sites in NetBox
Populating devices in NetBox
Populating interfaces in NetBox
Populating IP addresses in NetBox
Populating IP prefixes in NetBox
Using NetBox as a dynamic inventory source for Ansible
Generating a configuration using NetBox
12
Simplifying Automation with AWX and Ansible
Simplifying Automation with AWX and Ansible
Technical requirements
Installing AWX
Managing users and teams on AWX
Creating a network inventory on AWX
Managing network credentials on AWX
Creating projects on AWX
Creating templates on AWX
Creating workflow templates on AWX
Running automation tasks using the AWX API
13
Advanced Techniques and Best Practices for Ansible
Advanced Techniques and Best Practices for Ansible
Technical requirements
Installing Ansible in a virtual environment
Validating YAML and Ansible playbooks
Calculating the execution time for Ansible playbooks
Validating user input using Ansible
Running Ansible in check mode
Controlling parallelism and rolling updates in Ansible
Configuring fact caching in Ansible
Creating custom Python filters for Ansible
14
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Configuring L2 VLANs on IOS devices

In this recipe, we will outline how to configure L2 VLANs on Cisco IOS devices, as per the network topology discussed in the introduction to this chapter. We will outline how to declare VLANs as Ansible variables, and how to use suitable Ansible modules to provision these VLANs on the network.

Getting ready

We will be building on the previous recipes discussed in this chapter to continue to configure the L2 VLANs on all the LAN devices within our sample topology.

How to do it...

  1. Update the group_vars/lan.yml file with the VLAN definition, as outlined in the following code:
$ cat group_vars/lan.yaml
 
vlans:
  - name: Data
    vlan_id: 10
  - name: Voice
    vlan_id: 20
  - name: Web
    vlan_id: 100
  1. Update the pb_build.yml playbook with the following task to provision the VLANs:
  - name: "P1T4: Create L2 VLANs"
    ios_vlan:
      vlan_id: "{{ item.vlan_id }}"
      name: "{{ item.name  }}"
    loop: "{{ vlans }}"
    tags: vlan

How it works...

In the group_vars/lan.yml file, we define a vlans list data structure that holds the VLAN definition that we need to apply to all our core and access switches. This variable will be available for all the core and access switches, and Ansible will use this variable in order to provision the required VLANs on the remote devices.

We use another declarative module, ios_vlan, which takes the VLAN definition (its name and the VLAN ID) and configures these VLANs on the remote managed device. It pulls the existing configuration from the device and compares it with the list of devices that need to be present, while only pushing the delta.

We use the loop construct to go through all the items in the vlans list, and configure all the respective VLANs on all the devices.

After running this task on the devices, the following is the output from one of the access switches:

access01#sh vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et1/0, Et1/1, Et1/2, Et1/3
10   Data                             active    Et0/3
20   Voice                            active
100  Web                              active
Previous Section
End of Section 7
Next Section