Saturday, October 5, 2019

network automation

  • A Use Case for Network Automation 

Use the Python Netmiko module to automate switches, routers and firewalls from multiple vendors.
I frequently find myself in the position of confronting "hostile" networks.
I describe the tools I've found useful to recover control, audit, document and automate these networks
 control
 audit
 document
 automate

In order to save money, I wanted to use open-source tools to gather information from all the devices on the network.
SNMP could provide a lot the information I need, but it would have to be configured on each device manually first.
the mass enablement of SNMP could be one of the first use cases for the network automation tools
Why Netmiko?
I discovered the Paramiko SSH module quite a few years ago and used it to create real-time inventories of Linux servers at multiple companies.
It enabled me to log in to hosts and gather the output of commands, such as lspci, dmidecode and lsmod.
Netmiko also is optimized for the network device management task, while Paramiko is more of a generic SSH module.
Netmiko doesn't auto-detect the vendor, so you'll need to specify that information when using the functions.

A Few Words of Caution
Mass configuration:With network automation tools, you can render all your network devices useless within seconds.
Configuration backup strategy: this ideally would include a versioning feature, so you can roll back to a specific "known good" point in time. Check out the RANCID package
Out-of-band network management:almost any modern switch or network device is going to have a dedicated OOB port. This physically separate network permits you to recover from configuration mistakes that potentially could cut you off from the very devices you're managing.
A strategy for testing: for example, have a dedicated pool of representative equipment permanently set aside for testing and proof of concepts. When rolling out a change on a production network, first verify the automation on a few devices before trying to do hundreds at once.

Using Netmiko without Writing Any Code
several standalone scripts called Netmiko Tools that you can use without writing any Python cod

netmiko-cfg
Apply snippets of configurations to one or more devices.
Mass changes could include DNS servers, NTP servers, SNMP community strings or syslog servers for the entire network.

You still will need to verify that the commands you're sending are appropriate for the vendor and OS combinations of the target devices, as Netmiko will not do all of this work for you.
All of the Netmiko tools depend on an "inventory" of devices, which is a YAML-formatted file stored in ".netmiko.yml" in the current directory or your home directory.

As I was dealing with hundreds of devices, I didn't want to create the YAML-formatted inventory file by hand. Instead, I started with a simple list of devices and the corresponding Netmiko "device_type":
I then used standard Linux commands to create the YAML inventory file:
I'm using a centralized authentication system, so the user name and password are the same for all devices.
Once you've created this inventory, you can use the Netmiko Tools against individual devices or groups of devices.
https://www.linuxjournal.com/content/use-case-network-automation


  • Netmiko

Multi-vendor library to simplify Paramiko SSH connections to network devices
https://github.com/ktbyers/netmiko


  • What is eNMS

eNMS is a vendor-agnostic NMS designed for building workflow-based network automation solutions.

        Configuration Management Service: Commit / Rollback of a configuration with Napalm or Netmiko.
        Ansible Service: Sending and managing Ansible playbooks.
        ReST Service: Sending a ReST call (GET/POST/UPDATE/DELETE) with variable URL and payload.
        Custom Services: Any python script can be integrated into the web UI. If the script takes input parameters, a form will be automatically generated.
        Workflows: Services can be combined together graphically in a workflow.
        Scheduling: Services and workflows can be scheduled to start at a later time, or run periodically.
        Event-driven automation: Services and workflows can be triggered by an external event (ReST call or Syslog message).


https://enms.readthedocs.io/en/latest/base/introduction.html


  • Oxidized

Running with Docker
build the container locally (requires docker 17.05.0-ce or higher):
docker build -q -t oxidized/oxidized:latest oxidized/
https://github.com/ytti/oxidized
  • RANCID is a config differ.If you had it installed RANCID could have told you exactly what configuration the technicians changed. Aside from showing you what changed during last night RANCID shows you all the changes since it was introduced.

So if you hade been using RANCID for three years it could show you all the changes on all your network devices since that time.
Having all your configurations stored on the RANCID server also works as a backup.
Though great for collecting device configurations you can also use RANCID to get specific information from your devices by sending a command to several nodes, such as “show ip route” or “show crypto pki certificates”. Taking it a step further you can use it to change configurations, so if you need to change an access list on all firewalls or routers you can use RANCID to do so.
Our test network
For the purpose of testing let’s say you are installing RANCID in a network where you have a headquarter and four branch offices. In the headquarter there is one router, one distributions switch, three access switches and six stand-alone access-points. In each of the branch offices you have one router, one access-switch and two access-points. You want to use RANCID to handle all of these devices.
Now you have a system you can use to collect information from your devices and it will act as a backup and you will see changes. Also you should have a basic understanding of what RANCID can do and how you can save time with it.
https://networklore.com/rancid-getting-started/


  • Network Automation with Python

we have been using RANCID [Really Awesome New Cisco confIg Differ] for the backup and versioning of the configuration of our equipment as well as for systematizing the changes.
RANCID quickly showed us its limitations, and, in general, the community considers the project obsolete
that’s not a big surprise since RANCID is based on Expect, the TCL extension

The fact is that RANCID is based on a number of assumptions that are no longer valid in the context of modern production network environments
These include its emulating the slow and random typing rate of a human so as not to “overload” the system’s CPU, storing configurations in a centralized and outdated file version management system (CVS), concentrating run commands in order to query devices on their configuration in vendor-dependent scripts and storing passwords in plain text in flat configuration files.

One open-source alternative is known as Oxidized.
it aims to correct several of RANCID’s restrictions.
Oxidized stores configurations in databases to facilitate scaling, integrates its own monitor for scheduling, and is open to other file versioning systems, such as Git.

Another benefit is that Python 3 handles IPv4 and IPv6 address manipulation and semantics through its IP address standard module.

https://blog.intercloud.com/network-automation-with-python


  • How to remotely monitor hosts over Telnet and SSH [Tutorial]

the Telnet module
SSH using different modules in Python.
You will also learn about how telnetlib, subprocess, fabric, Netmiko, and paramiko modules work.
how to apply these patterns and build working software on top of a serverless system.

The telnetlib() module
Telnet is a network protocol that allows a user to communicate with remote servers. It is mostly used by network administrators to remotely access and manage devices.
Python has the telnetlib module to perform Telnet functions through Python scripts

you will learn to do SSH by using different modules in Python, such as subprocess, fabric, Netmiko, and Paramiko.
The subprocess.Popen() module
SSH using fabric module
Fabric is a Python library as well as a command-line tool for the use of SSH. It is used for system administration and application deployment over the network. We can also execute shell commands over SSH.
SSH using the Paramiko library
Paramiko is a library that implements the SSHv2 protocol for secure connections to remote devices.
we created a few virtual LANs on a remote device
SSH using the Netmiko library
https://hub.packtpub.com/how-to-remotely-monitor-hosts-over-telnet-and-ssh-tutorial/