Book Image

Mastering Python Networking - Fourth Edition

By : Eric Chou
Book Image

Mastering Python Networking - Fourth Edition

By: Eric Chou

Overview of this book

Networks in your infrastructure set the foundation for how your application can be deployed, maintained, and serviced. Python is the ideal language for network engineers to explore tools that were previously available to systems engineers and application developers. In Mastering Python Networking, Fourth edition, you'll embark on a Python-based journey to transition from a traditional network engineer to a network developer ready for the next generation of networks. This new edition is completely revised and updated to work with the latest Python features and DevOps frameworks. In addition to new chapters on introducing Docker containers and Python 3 Async IO for network engineers, each chapter is updated with the latest libraries with working examples to ensure compatibility and understanding of the concepts. Starting with a basic overview of Python, the book teaches you how it can interact with both legacy and API-enabled network devices. You will learn to leverage high-level Python packages and frameworks to perform network automation tasks, monitoring, management, and enhanced network security, followed by AWS and Azure cloud networking. You will use Git for code management, GitLab for continuous integration, and Python-based testing tools to verify your network.

Related Content you might be interested in

Current Title:

Small book image
Mastering Python Networking - Fourth Edition
Eric Chou
Jan, 2023 | 594 pages
Small book image
Network Automation with Go
Michael Kashin | Nicolas Leiva
Jan, 2023 | 442 pages
Small book image
Practical Network Automation
Abhishek Ratan
Nov, 2017 | 266 pages
Small book image
Crafting Test-Driven Software with Python
Alessandro Molina
Feb, 2021 | 338 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Share your thoughts
Download a free PDF copy of this book
1
Review of TCP/IP Protocol Suite and Python
Review of TCP/IP Protocol Suite and Python
An overview of the Internet
The OSI model
The client-server model
Network protocol suites
Python language overview
Summary
Free Chapter
2
Low-Level Network Device Interactions
Low-Level Network Device Interactions
The challenges of the CLI
Constructing a Virtual lab
Python virtual environment
Python pexpect library
The Python Paramiko library
The Netmiko library
The Nornir framework
Summary
3
APIs and Intent-Driven Networking
APIs and Intent-Driven Networking
Infrastructure-as-Code (IaC)
Cisco API examples
Cisco Meraki controller
The Python API for Juniper Networks
The Arista Python API
VyOS example
Other libraries
Summary
4
The Python Automation Framework – Ansible
The Python Automation Framework – Ansible
Ansible – A More Declarative Framework
Our First Ansible Network Example
The Advantages of Ansible
Ansible Content Collections
More Ansible Network Examples
Summary
5
Docker Containers for Network Engineers
Docker Containers for Network Engineers
Docker Overview
Building Python applications in Docker
Container networking
Containers in the network engineering field
Docker and Kubernetes
Summary
6
Network Security with Python
Network Security with Python
The Lab Setup
Python Scapy
Access lists
The Syslog search
Other tools
Further reading
Summary
7
Network Monitoring with Python – Part 1
Network Monitoring with Python – Part 1
Lab Setup
SNMP
Python for Data Visualization
Python for Cacti
Summary
8
Network Monitoring with Python – Part 2
Network Monitoring with Python – Part 2
Graphviz
Flow-based monitoring
ntop traffic monitoring
Summary
9
Building Network Web Services with Python
Building Network Web Services with Python
Comparing Python web frameworks
Flask and lab setup
Introduction to Flask
Network resource API
Network dynamic operations
Authentication and Authorization
Running Flask in containers
Summary
10
Introduction to Async IO
Introduction to Async IO
Asynchronous operations overview
Python asyncio module
The Scrapli project
Summary
11
AWS Cloud Networking
AWS Cloud Networking
AWS setup
AWS network overview
Virtual Private Cloud
Direct Connect and VPN
Network scaling services
Other AWS network services
Summary
12
Azure Cloud Networking
Azure Cloud Networking
Azure and AWS network service comparison
Azure setup
Azure administration and APIs
Azure global infrastructure
Azure virtual networks
VNet routing
Azure VPNs
Azure ExpressRoute
Azure network load balancers
Other Azure network services
Summary
13
Network Data Analysis with Elastic Stack
Network Data Analysis with Elastic Stack
What is the Elastic Stack?
Lab topology
Elastic Stack as a service
First End-to-End example
Elasticsearch with a Python client
Data ingestion with Logstash
Data ingestion with Beats
Search with Elasticsearch
Data visualization with Kibana
Summary
14
Working with Git
Working with Git
Content management considerations and Git
Introduction to Git
Setting up Git
Git Usage Examples
Git Branch
Git with Python
Automating Configuration Backup
Collaborating with Git
Summary
15
Continuous Integration with GitLab
Continuous Integration with GitLab
The traditional change management process
Introduction to continuous integration
Installing GitLab
GitLab runners
First GitLab example
GitLab network example
Summary
16
Test-Driven Development for Networks
Test-Driven Development for Networks
Test-driven development overview
Topology as code
Writing tests for networking
pyATS and Genie
Summary
17
Other Books You May Enjoy
Other Books You May Enjoy
18
Index
Index

Constructing a Virtual lab

Before we dive into the Python libraries and frameworks, let’s examine the options of putting together a lab for the benefit of learning. As the old saying goes, “practice makes perfect” – we need an isolated sandbox to safely make mistakes, try out new ways of doing things, and repeat some of the steps to reinforce concepts that were not clear on the first try.

To put together a network lab, we basically have two options: physical devices or virtual devices. Let’s look at the advantages and disadvantages of the respective options.

Physical devices

This option consists of putting together a lab with physical network devices that you can see and touch. If you are lucky enough, you might even be able to construct a lab that is an exact replication of your production environment. The advantages and disadvantages of a physical lab are as follows:

  • Advantages: It is an easy transition from lab to production. The topology is easier to understand for managers and fellow engineers who can look at and work on the devices if need be. The comfort level with physical devices is extremely high because of familiarity.
  • Disadvantages: It is relatively expensive to pay for devices that will only be used in a lab. Also, physical devices require engineering hours to rack and stack and are not very flexible once constructed.

Virtual devices

Virtual devices are emulations or simulations of actual network devices. They are either provided by the vendors or by the open source community. The advantages and disadvantages of virtual devices are as follows:

  • Advantages: Virtual devices are easier to set up, relatively cheap, and can make changes to the topology quickly.
  • Disadvantages: They are usually scaled-down versions of their physical counterparts. Sometimes there are feature gaps between the virtual and the physical device.

Of course, deciding on a virtual or physical lab is a personal decision derived from a trade-off between the cost, ease of implementation, and the risk of having a gap between lab and production environments. In some of the places I have worked, the virtual lab was used when doing an initial proof-of-concept, while the physical lab was used when we moved closer to the final design.

In my opinion, as more and more vendors decide to produce virtual appliances, the virtual lab is the way to proceed in a learning environment. The feature gap of the virtual appliance is relatively small and specifically documented, especially when the virtual instance is provided by the vendor. The cost of the virtual appliance is relatively small compared to buying physical devices. The time to build using virtual devices is much shorter because they are just software programs.

For this book, I will use a combination of physical and virtual devices for concept demonstration, with a preference for virtual devices. For the examples we will see, the differences should be transparent. If there are any known differences between the virtual and physical devices pertaining to our objectives, I will make sure to list them.

For the code examples in the book, I will try to make the network topology as simple as possible while still being able to demonstrate the concept at hand. Each virtual network usually consists of not more than a few nodes, and we will reuse the same virtual network for multiple labs if possible.

For the examples in this book, I will utilize Cisco Modeling Labs, https://www.cisco.com/c/en/us/products/cloud-systems-management/modeling-labs/index.html, as well as other virtual platforms, such as Arista vEOS. As we will see in the next section, Cisco provides CML in both a paid version and a free, hosted version on Cisco DevNet (https://developer.cisco.com/site/devnet/) based on availability. The use of CML is optional. You can use any lab devices you have, but it might make it easier to follow along with the book examples. Also worth noting is that Cisco has strict software license requirements for device images, so by purchasing or using the free hosted CML, you will be less likely to violate their software license requirements.

Cisco modeling labs

I remember when I first started to study for my Cisco Certified Internetwork Expert (CCIE) lab exam, I purchased some used Cisco equipment from eBay to study with. Even with a used equipment discount, each router and switch still cost hundreds of US dollars. To save money, I purchased some really outdated Cisco routers from the 1980s (search for Cisco AGS routers in your favorite search engine for a good chuckle), which significantly lacked features and horsepower, even for lab standards. As much as it made for an interesting conversation with family members when I turned them on (they were really loud), putting the physical devices together was not fun. They were heavy and clunky, and it was a pain to connect all the cables, and to introduce link failure, I would literally have to unplug a cable.

Fast-forward a few years. Dynamips was created, and I fell in love with how easy it was to create different network scenarios. This was especially important when trying to learn a new concept. All I needed was the IOS images from Cisco and a few carefully constructed topology files, and I could easily build a virtual network to test my knowledge on. I had a whole folder of network topologies, pre-saved configurations, and different versions of images, as called for by different scenarios. The addition of a GNS3 frontend gave the whole setup a beautiful GUI facelift. With GNS3, you can just click and drop your links and devices; you can even print out the network topology for your manager or client right out of the GNS3 design panel. The only disadvantage of GNS3 was the tool not being officially blessed by Cisco, and the perceived lack of credibility because of it.

In 2015, the Cisco community decided to fulfill this need by releasing the Cisco Virtual Internet Routing Lab (VIRL), https://learningnetwork.cisco.com/s/virl. This quickly became my go-to tool as the network lab when developing, learning, and practicing network automation code.

A few years after the introduction of VIRL, Cisco released Cisco Modeling Labs (CML), https://developer.cisco.com/modeling-labs/. It is a great network simulation platform with an easy-to-use HTML UI and a comprehensive API.

At the time of writing, the single-user license for CML is 199 USD (keep in mind that there is a free, hosted version on Cisco DevNet). In my opinion, the CML platform offers a few advantages over other alternatives and the cost is a bargain:

  • Ease of use: As mentioned, all the images for IOSv, IOS-XRv, NX-OSv, ASAv, and other images are included in a single download.
  • Official: CML is a widely used tool internally at Cisco and within the network engineering community. In fact, CML is used extensively for the new Cisco DevNet Expert Lab exam. Because of its popularity, bugs get fixed quickly, new features are carefully documented, and useful knowledge is widely shared among its users.
  • Third-party KVM images integration: CML permits users to upload third-party VM images, such as Windows VM, that are not bundled by default.
  • Others: The CML tool offers many other features, such as dashboard list view, multiuser grouping, Ansible integration, and pyATS integration.

We will not use all of the CML features in this book, but it is nice to know the tool is so feature-rich and is constantly being updated. Again, I want to stress the importance of having a lab to follow along for the book examples but it does not need to be Cisco CML. The code examples provided in this book should work across any lab device, as long as it runs the same software type and version.

CML tips

The CML website (https://developer.cisco.com/modeling-labs/) and documentation (https://developer.cisco.com/docs/modeling-labs/) offer lots of guidance and information, from installation to usage. The lab topology will be included in the respective chapters in the book’s GitHub repository (https://github.com/PacktPublishing/Mastering-Python-Networking-Fourth-Edition). The lab images can be directly imported to the lab via the Import button:

Figure 2.1: CML Console Image Lab Image

For the labs, each of the devices will have its management interface connected to an unmanaged switch, which in turn connects to an external connection for access:

Figure 2.2: Unmanaged Switch for Management Interface Access

You will need to change the IP address of the management interface to fit your own lab’s schema. For example, in the 2_DC_Topology.yaml file in Chapter 2, the IP address of lax-edg-r1 GigabitEthernet0/0 0 is 192.168.2.51. You will need to change this IP address according to your own lab.

If you are using virtual lab software other than CML, you can open the topology file with any text editor (such as Sublime Text, shown below) and see each of the devices’ configurations. You can then copy and paste the configuration into your own lab devices:

Text Description automatically generated

Figure 2.3: Topology File Viewed with Text Editor

We talked about Cisco DevNet briefly earlier in this section. Let us explore more about DevNet in the next section.

Cisco DevNet

Cisco DevNet (https://developer.cisco.com/site/devnet/) is the premier, all-in-one website when it comes to network automation resources at Cisco. It is free to sign up and provides free remote labs, free video courses, guided learning tracks, documentation, and much more.

The Cisco DevNet Sandbox (https://developer.cisco.com/site/sandbox/) is a great alternative if you do not already have a lab at your own disposal or want to try out new technologies. Some of the labs are always on, while others you need to reserve. The lab availability will depend on usage.

Graphical user interface, website Description automatically generated
Figure 2.4: Cisco DevNet Sandbox

Since its inception, Cisco DevNet has become the de facto destination for all things related to network programmability and automation at Cisco. If you are interested in pursuing Cisco certifications in automation, DevNet offers different tracks from associate to expert level of validation; more information can be found at https://developer.cisco.com/certification/.

GNS3 and others

There are a few other virtual labs that I have used and would recommend. GNS3 is one of them:

Graphical user interface, website Description automatically generated

Figure 2.5: GNS3 Website

As mentioned previously, GNS3 is what a lot of us use to study for certification tests and to practice for labs. The tool has really grown up from the early days of being the simple frontend for Dynamips into a viable commercial product. GNS3 is vendor-neutral, which can be helpful if we want to build a multi-vendor lab. This is typically done either by making a clone of the image (such as Arista vEOS) or by directly launching the network device image via other hypervisors (such as KVM).

Another multi-vendor network emulation environment that has gotten a lot of great reviews is the Emulated Virtual Environment Next Generation (Eve-NG): http://www.eve-ng.net/. I personally do not have enough experience with the tool, but many of my colleagues and friends in the industry use it for their network labs. If you are familiar with containers, containerlab (https://containerlab.dev/) can also be an alternative for you.

There are also other standalone virtualized platforms, such as Arista vEOS (https://www.arista.com/en/cg-veos-router/veos-router-overview), Juniper vMX (https://www.juniper.net/us/en/products/routers/mx-series/vmx-virtual-router-software.html), and Nokia SR-Linux (https://www.nokia.com/networks/data-center/service-router-linux-NOS/), which you can use as standalone virtual appliances during testing.

They are great complementary tools for testing platform-specific features. Many of them are offered as paid products on public cloud provider marketplaces for easier access.

Now that we have built our network lab, we can start to experiment with Python libraries that can help with management and automation. We will begin with enabling the Python virtual environment. Then we will install and use the Pexpect library for some examples.

Previous Section
End of Section 3
Next Section