Book Image

Network Automation Cookbook

By : Karim Okasha
Book Image

Network Automation Cookbook

By: Karim Okasha

Overview of this book

Network Automation Cookbook is designed to help system administrators, network engineers, and infrastructure automation engineers to centrally manage switches, routers, and other devices in their organization's network. This book will help you gain hands-on experience in automating enterprise networks and take you through core network automation techniques using the latest version of Ansible and Python. With the help of practical recipes, you'll learn how to build a network infrastructure that can be easily managed and updated as it scales through a large number of devices. You'll also cover topics related to security automation and get to grips with essential techniques to maintain network robustness. As you make progress, the book will show you how to automate networks on public cloud providers such as AWS, Google Cloud Platform, and Azure. Finally, you will get up and running with Ansible 2.9 and discover troubleshooting techniques and network automation best practices. By the end of this book, you'll be able to use Ansible to automate modern network devices and integrate third-party tools such as NAPALM, NetBox, and Batfish easily to build robust network automation solutions.
Table of Contents (15 chapters)

Configuring interface IP addresses

In this recipe, we will explore how to configure the interface IP address on Cisco IOS devices. We will use the sample topology to configure the VLAN interfaces on both the core switches. We will outline how to configure VRRP between the core switches for all the VLAN interfaces. We will configure the following IP addresses:

Interface

Prefix

VRRP IP address

VLAN10

10.1.10.0/24

10.1.10.254

VLAN20

10.1.20.0/24

10.1.20.254

VLAN100

10.1.100.0/24

10.1.100.254

Getting ready

This recipe assumes that the interface and VLANs are configured as per the previous recipes in this chapter.

How to do it...

  1. Update the group_vars/core.yml file with following data to define the SVI interfaces:
$ cat group_vars/core.yml
<-- Output Trimmed for brevity ------>
svi_interfaces:
- name: Vlan10
ipv4: 10.1.10.0/24
vrrp: yes
ospf: passive
- name: Vlan20
ipv4: 10.1.20.0/24
vrrp: yes
ospf: passive
- name: Vlan100
ipv4: 10.1.100.0/24
vrrp: yes
ospf: passive
  1. Create core01.yml and core02.yml files under the host_vars folder and add the following content:
$ cat host_vars/core01.yml
hst_svi_id: 1
hst_vrrp_priority: 100
$ cat host_vars/core02.yml
hst_svi_id: 2
hst_vrrp_priority: 50
  1. Update the pb_build_network.yml playbook with the following tasks to create and enable the L3 SVI interfaces:
- name: "PLAY 2: Configure Core Switches"
hosts: core
tags: l3_core
tasks:
<-- Output Trimmed for brevity ------>
- name: "Create L3 VLAN Interfaces"
ios_l3_interface:
name: "{{item.name }}"
ipv4: "{{item.ipv4 | ipv4(hst_svi_id)}}"
loop: "{{svi_interfaces}}"
tags: l3_svi
- name: "Enable the VLAN Interfaces"
ios_interface:
name: "{{ item.name }}"
state: up
loop: "{{ svi_interfaces }}"
  1. Update the playbook with the following task to set up VRRP configuration on the SVI interfaces:
    - name: "Create VRRP Configs"
ios_config:
parents: interface {{ item.name }}
lines:
- vrrp {{item.name.split('Vlan')[1]}} priority {{ hst_vrrp_priority }}
- vrrp {{item.name.split('Vlan')[1]}} ip {{item.ipv4 | ipv4(254)|ipaddr('address')}}
loop: "{{svi_interfaces | selectattr('vrrp','equalto',true) | list }}"

How it works...

In this section, we are configuring the IP addresses for the L3 VLAN interfaces on the core switches, as well as configuring VRRP on all the L3 VLAN interfaces to provide L3 redundancy.

We are using a new list data structure called svi_interfaces, which describes all the SVI interfaces with L3 IP addresses, and also some added parameters to control both the VRRP and OSPF configured on these interfaces. We also set up two new variables on each core router, hst_svi_id and hst_vrrp_priority, which we will use in the playbook to control the IP address on each core switch, as well as the VRPP priority.

We use the ios_l3_interface Ansible module to set the IPv4 addresses on the VLAN interfaces. On each core switch, we loop over the svi_interfaces data structure, and for each VLAN we configure the IPv4 address on the corresponding VLAN interface. We determine which IP address is configured on each router using the Ansible ipaddr filter, along with the hst_svi_id parameter {{item.ipv4 | ipv4(hst_svi_id)}} . So, for example, for VLAN10, we will assign 10.1.10.1/24 for core01 and 10.1.10.2/24 for core02.


When first creating the VLAN interface on Cisco IOS devices, they are in a state of shutdown, so we need to enable them. We use the ios_interface module to enable the interfaces.

For the VRRP part, we return to using the ios_config module to set up the VRRP configuration on all the VLAN interfaces, and we use hst_vrrp_priority to correctly set up core01 as the master VRRP for all VLANs.

The following is a sample of the configuration that is pushed on the devices after running the playbook:

Core01
========
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
vrrp 10 ip 10.1.10.254
!
Core02
=======
!
interface Vlan10
ip address 10.1.10.2 255.255.255.0
vrrp 10 ip 10.1.10.254
vrrp 10 priority 50

See also...