Practical Network Automation E-Book

BIRMINGHAM - MUMBAI

Practical Network Automation

Copyright © 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: November 2017

Production reference: 1141117

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78829-946-6

www.packtpub.com

Credits

Author

Abhishek Ratan

Copy Editor

Safis Editing

Reviewer

Pradeeban Kathiravelu

Project Coordinator

Judie Jose

Commissioning Editor

Gebin George

Proofreader

Safis Editing

Acquisition Editor

Prateek Bharadwaj

Indexer

Pratik Shirodkar

Content Development Editor

Abhishek Jadhav

Graphics

Tanya Dutta

Technical Editor

Swathy Mohan

Production Coordinator

Melwyn Dsa

About the Author

Abhishek Ratan has around 15 years of technical experience in networking, automation, and various ITIL processes, and has worked in various roles in different organizations. As a network engineer, security engineer, automation engineer, TAC engineer, tech lead, and content writer, he has gained a wealth of experience during the 15 years of his career. Abhishek also has a deep interest in strategy game playing, and if he is not working on technical stuff, he is busy spending time on his strategy games.

He is currently working as a Sr Automation Engineer at ServiceNow, learning, and expanding his automation skills in the ServiceNow platform. His earlier experience includes working for companies such as Microsoft, Symantec, and Navisite,which has given him exposure to various environments.

About the Reviewer

Pradeeban Kathiravelu is an open source evangelist. He is a PhD researcher at INESC-ID Lisboa/Instituto Superior Técnico, Universidade de Lisboa, Portugal, and Université Catholique de Louvain, Belgium. He is a fellow of Erasmus Mundus Joint Degree in distributed computing (EMJD-DC), researching a software-defined approach to quality of service and data quality in multi-tenant clouds. He holds a masters of science degree, Erasmus Mundus European Master in Distributed Computing (EMDC) from Instituto Superior Técnico, Portugal, and KTH Royal Institute of Technology, Sweden. He also holds a first class bachelor of science of engineering (Hons) degree, majoring in computer science and engineering from the University of Moratuwa, Sri Lanka. His research interests include software-defined networking (SDN), distributed systems, cloud computing, web services, big data in biomedical informatics, and data mining. He is very interested in free and open source software development and has been an active participant of the Google Summer of Code (GSoC) program since 2009, as a student and mentor. He has authored Python Network Programming Cookbook - Second Edition and has also reviewed two Packt books on OpenDaylight.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1788299469.

If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

Fundamental Concepts

Network automation

DevOps

Software-defined networking

OpenFlow

Program concepts

Variables

Data types

Decision makers

Loops

Arrays

Functions

Best practices

Readability of a program

Support information

Indentation

Sample best practice example

Language choices (Python/PowerShell)

Writing your first program

PowerShell IDE

Python IDE

Representational State Transfer (REST) framework

Summary

Python for Network Engineers

Python interpreter and data types

Conditions and loops

Nested and multiple conditions

Loops

For next loop

While loop

Writing Python scripts

Functions

Passing arguments from the command line

Python modules and packages

Multithreading for parallel processing

Using Netmiko for SSH and network device interaction

Network automation use case

Summary

Accessing and Mining Data from Network

Device configurations

Multi-vendor environments

IP configs/interface parsing

Device OS upgrades

IPv4 to IPv6 conversion

Site rollouts

Office/DC relocations

Bring Your Own Device (BYOD) configs for switches

Summary

Web Framework for Automation Triggers

Why create web-based scripts/frameworks?

Understanding and configuring IIS for web framework

Understanding IIS

Configuring IIS for Python script support

Creating web-specific scripts

Accessing a script from dynamic HTML

Creating the backend API in C#

Consuming the API in Python

Sample summary task

Summary

Ansible for Network Automation

Ansible overview and terminology

Basic requirements of Ansible

Installation of Ansible

Introduction to ad hoc commands

Ansible playbooks

Working with Ansible facts

Ansible conditions

Ansible loops

Python API with Ansible

Creating network configuration templates

Summary

Continuous Integration for Network Engineers

Interaction with Splunk

Automation examples on various technology domains

BGP and routing table

Configuring Cisco switchport for access point

Configuring Cisco switchport for IP Phone

Wireless LAN (WLAN)

Access of IP Address Management (IPAM)

Example and use case

Create a web-based pre and post check tool for validations

Step 1 – Create the main HTML file

Step 2 – Create the backend Python code

Step 3 – Create web server based files for the tool

Step 4 – Create server based files for pre and post files comparison

Summary

SDN Concepts in Network Automation

Managing cloud platforms

Programmable network devices

Controller-based network fabric

Network automation tools

Summary

Preface

Network automation is the use of IT controls to supervise and carry out everyday network management functions. It plays a key role in network virtualization technologies and network functions.

This book starts by providing an introduction to network automation, SDN, and various applications of network automation, which include integrating DevOps tools to automate the network efficiently. It then guides you through different network automation tasks and covers various data digging and reporting methodologies, such as IPv6 migration, DC relocations, and interface parsing, all the while retaining security and improving data center robustness. The book then moves on to the use of Python and the management of SSH keys for machine-to-machine (M2M) communication, all followed by practical use cases. It also covers the importance of Ansible for network automation, including best practices in automation, ways to test automated networks using different tools, and other important techniques.

By the end of the book, you will be well acquainted with the various aspects of network automation.

What this book covers

Chapter 1, Fundamental Concepts, introduces how to get started with automation.

Chapter 2, Python for Network Engineers, introduces to Python as a scripting language, and samples to explain usage of Python in accessing network devices and data parsing from the device outputs.

Chapter 3, Accessing and Mining Data from Network, introduces you to delivering on-demand, self-service capacity and resources while retaining security and improving data center robustness.

Chapter 4, Web Framework for Automation Triggers, discusses making scalable calls to automation framework and generating custom and dynamic HTML pages.

Chapter 5, Ansible for Network Automation, explains how to virtualize Oracle databases and scale dynamically to ensure service level are met.

Chapter 6, Continuous Integration for Network Engineers, gives an overview of integration principles for network engineers to manage rapid growth with high availability and rapid disaster recovery.

Chapter 7, SDN Concepts in Network Automation, talks about moving your enterprise Java applications to virtualized x86 platforms to better utilize resources with easier life cycle and scalability management. 

What you need for this book

The hardware and software requirements for this book are Python (3.5 onward), IIS, Windows, Linux, an Ansible installation, and GNS3 (for testing) or real routers.

You need an internet connection for downloading the Python libraries. Also, basic knowledge of Python, knowledge of networking, and basic familiarity with web servers like IIS are required.

Who this book is for

If you are a network engineer looking for an extensive guide to help you automate and manage your network efficiently, then this book is for you.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "From the installation directory, we just need to invoke python.exe, which will invoke the Python interpreter."

A block of code is set as follows:

#PowerShell sample code$myvalue=$args[0]write-host ("Argument passed to Powershell is "+$myvalue)

Any command-line input or output is written as follows:

python checkargs.py 5 6

New terms and important words are shown in bold.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply email [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files emailed directly to you. You can download the code files by following these steps:

Log in or register to our website using your email address and password.

Hover the mouse pointer on the

SUPPORT

tab at the top.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box.

Select the book for which you're looking to download the code files.

Choose from the drop-down menu where you purchased this book from.

Click on

Code Download

.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR / 7-Zip for Windows

Zipeg / iZip / UnRarX for Mac

7-Zip / PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Practical-Network-Automation. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/PracticalNetworkAutomation_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section. 

Piracy

Piracy of copyrighted material on the internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at [email protected] with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

Fundamental Concepts

This chapter introduces the concept of network automation and familiarizes you with the keywords that are part of the automation framework. Before we dive into the details of network automation, it is important to understand why we need network automation and what we can achieve if we embrace the automation concepts and framework. This chapter also provides an insight into the traditional model of engineer and support operations, and shows how network automation can help bridge that gap for better efficiency and reliability.

Some of the topics covered in this chapter are as follows:

What is network automation?

DevOps

Software-defined networking

Basics of OpenFlow

Basic programming concepts

Programming language choices for automation

Introduction to REST framework

Network automation

Automation, as the word suggests, is a framework of automating a particular task by understanding, interpreting, and creating logic. This includes enhancing the current capabilities of the tasks that are done manually and reducing the error rate of those tasks while focusing on scaling the task with reduced effort.

As an example, imagine we need to upgrade the IOS image of a Cisco router. This can involve multiple tasks, such as loading the image on the router, validating the checksum of the image, offloading traffic (if it's a production router), modifying the boot variable, and finally, reloading the router with the new image.

All of this is feasible if we have only one router to upgrade. Now take a similar scenario and try to implement it for around 1,000 routers.

Let's say we take 30 minutes getting each router to perform the aforementioned tasks. It's an easy calculation of 1000*30=30,000 minutes of manual effort.

Also, if we are performing tasks on each router manually, think of the errors that can creep in.

Network automation would be helpful in this scenario, as it can take care of all the preceding aspects and perform the tasks in parallel. Hence, if it takes 30 minutes of manual effort for one router, and in the worst case scenario the same 30 minutes for automation to perform the same task, then parallel execution would result in all 1,000 routers being upgraded within the same 30 minutes.

Hence, final amount of time will be only 30 minutes, irrespective of the number of routers you throw at the automation framework. This also drastically reduces the need for manual work, and an engineer can focus on any failures in the 1,000 network devices.

In the upcoming sections, I will introduce you to some of the concepts, tools, and examples that will get you started with building automation frameworks and effectively using them in network scenarios to perform network-related activities.

This also assumes that you have an idea of network concepts and common terminology used in networking.

Some of the examples that I will provide assume familiarity with syslog, TACACS, basic router configs such as hostnames, iOS image loading, basic routing and switching concepts, and Simple Network Management Protocol (SNMP).

DevOps

Historically, there have been two specific teams in every networking department. One of the teams is the engineering team, which is responsible for conceiving new ideas to improve the network and designing, deploying, and optimizing the current infrastructure. This team is primarily responsible for performing tasks such as configuration and cabling from scratch.

The other team is the support team. This team, also known as the operations team, ensures the current deployed infrastructure is up and running and focuses on performing day-to-day activities such as upgrades, quick fixes, and support to any consumers of that network infrastructure. In a traditional model, there are hand-offs and knowledge transfers from the engineering team to the operations team for support of the current deployed infrastructure. Because of the segregation of the two teams, the engineer team members do not focus on writing clear documentation, or sometimes do not even provide adequate information to operations team members, causing delays in troubleshooting and fixing issues. This could even lead to a simple solution scaling to a bigger problem because of the different approach that a engineering team member would take compared to an operations team member.

Nowadays, to solve this problem, the DevOps model was conceived, which brings the best from both teams. Rather than being a fancy designation, a DevOps model is a culture that needs to be created among the current teams. In a DevOps model, an engineer from any team is responsible for the complete life cycle of a specific project. This includes creating part of the infrastructure and supporting it by themselves. A big benefit of this model is that because a person has created a part of the system and supports it, they know all the aspects of that part and can work on it again to make it better by understanding the challenges that arise from customer or user experiences. A DevOps engineer should understand the engineering and operations for the part of the infrastructure that they have created. By adding an automation skill set to the DevOps experience, an engineer can manage complex tasks with ease and focus on reliability and scalability in a better manner than engineers who are distributed in different domains in the traditional model.

Software-defined networking

As you may be aware, there have been multiple proprietary networking devices, such as firewalls, switches, and routers, that were made by different network vendors. However, owing to the proprietary information from each different vendor, multiple network devices might not exist in a single network infrastructure environment. Even if they exist together, network engineers have to focus their effort on ensuring that each vendor device can exist in a network path without any hiccups. There might be times when one routing protocol might not be compatible with all the network devices in a multi-vendor environment, and a lot of time is wasted ensuring either the removal of that protocol, or the removal of the vendor which that does not support that protocol. This can waste effort and time, which could be better spent improving the infrastructure.

To solve this type of issue, software-defined networking (SDN) has been introduced. In an SDN scenario, a packet flow is defined from a central controller that in turn interacts with multi-vendor equipment to create/define rules based upon the required packet flow. This shifts the focus of a network engineer entirely to how the traffic flows, which path the packet takes, to even responding to link down situations through automated routing of packets by configuring some rules or policies on the controllers. Another advantage of SDN is that the multi-vendor equipment is now not the center piece of infrastructure. The focus shifts to how optimally the routing and traffic shaping (the process to identify the optimal path of traffic flow) is occurring. As part of Software driven tasks, there are pieces of code that are specifically written to control a specific task or goal (similar to functions or methods in programming). This piece of code is triggered by controller decisions or rules, which in turn adds, modifies, or deletes configs on the multi-vendor device to ensure the rule set on the controller is adhered to. SDN even has the ability to completely isolate a failure domain, through the identification of a physical link down or even a total device failure without affecting the flow of traffic in real time. For example, a switch can issue a request to the controller if it gets a packet destined for a network that it does not know. This would be a packet drop or route not found in a traditional network model, but with SDN, it is the task of a controller to provide the destination or path information to the switches to correctly route the packet.

This ensures the troubleshooting becomes much easier, since a network engineer now has full control of each path/packet flow, irrespective of the vendor-specific protocol or technology support. Additionally, since now we are following a standard set of protocols, we can even lower our costs by removing more expensive proprietary network devices and replacing them with open standards network gear.

OpenFlow

OpenFlow is a communication protocol that is used for communication between different vendor's equipment for the packet flow. This standard is maintained by a group called Open Network Foundation (ONF). OpenFlow, as the name suggests, is used to control the flow of packets in a network layer through a mix of Access Control Lists (ACLs) and routing protocols.

OpenFlow primarily has two components—controllers and switches. Controllers are used to take decisions in terms of creating a path for the packet to flow across the different connected devices, and switches (or network equipment) are dynamically configured from the controller based upon the path that a packet needs to take.

Going a little more in-depth, OpenFlow controllers control the routing of packets in OpenFlow switch forwarding tables through the modification, addition, or deletion of packet matching rules as decided by the controller.

As OpenFlow is another protocol, it runs over TCP and works on port 6653 on controllers. At the time of writing, OpenFlow standard 1.4 is currently active and being widely used in the SDN framework. OpenFlow is an additional service that proprietary network vendors run alongside their custom software. This, in general, ensures that the data forwarding or data packet handling is still part of proprietary switch, but the data flow or control plane tasks is now taken over by OpenFlow controllers. As part of SDN framework, if a participating switch receives a packet and does not know where to send it, it communicates with the OpenFlow controller for an answer. The controller, based upon its preconfigured logic, decides what action to take for that unknown packet and can get switches that it is controlling to create a separate or a specific path for that packet to flow across the network. Because of this behavior, this is the protocol that is currently being deployed across all deployments where SDN is being introduced.

Program concepts

Now, as we start working upon our practical approach to automation, we need to understand the basics of what a program is and how to write one.

Simply explained, a program is a set of instructions that is passed to the system to perform a specific task. This set of instructions is based upon real-life challenges and tasks that need to be accomplished in an automated method. Small sets of programs can be combined to create an application that can be installed, deployed, and configured for individual or organizational requirements. Some of the key concepts and programming techniques that we will discuss from this point onward will be PowerShell and Python. These are the two most popular scripting languages that are used to create quick, effective, and result-oriented automation.

These are some of the key concepts that I would like to introduce while creating a program:

Variables

Data types

Decision makers

Loops

Arrays

Functions

Best practices

Variables

These are predefined, human-readable, and understandable words or letters that are used to store some values. At the very basis of writing a program we need a variable in which we will store the data or information, and based upon the variables, we can further enhance the programming logic. As we can see in the first line, an important part of creating a variable is that it should be human-readable and understandable.

Let us take an example: Suppose I want to store a number 2 in a variable. We can choose any name for a variable and define it:

Option 1: x=2Option 2: number=2

The correct answer will be Option 2, as we know by the variable name (number) that this variable contains a specific number. As we can see in the preceding example, if we keep on using random ways of defining variables as we would when creating a big program, the complexity would be increased substantially because of the unclear meanings of the variables.

Different programming languages have different ways to define a variable, but the underlying concept of ensuring a variable is human-readable should be the top-most priority of the programmer or program author.

Data types

As the name suggests, these are the classifications of the values that we pass on to the variable. A variable can be defined to store a specific type of value that can be declared based upon the data type.

There are multiple data types, but for our initial discussion there are primarily four data types that need to be understood:

String