So you want to start with Network Automation…

As we all know, things in networking are changing rapidly and so is changing the needed skillset for those who manage networks.

I’m definitely not an expert (I’m far from it) but lately many people asked me how to start with Network Automation. Now I’ve just received a message from a LinkedIn’s friend asking for something like this and I suddenly realized this would be a nice topic to write about ūüôā

In this post I’ll briefly summarize what you need to start your journey (or, at least, what I used to start mine).

Python

Even if we may be still far to deploy Software Defined Networks everywhere, software managed networks are a real thing and Python is the core of them.

Python is a pretty well-know programming language which is loved for its¬†ease of learning. I’ve studied C and Java at university and hated both of them, while I simply love Python ūüôā

There are plenty of available resources for those who wish to study for free and the following is a little list of stuff I’ve personally used:

  • CodeAcademy: really nice course to start your journey. It let you approach the language in a very practical way. Anyway, it does not dig very deep into the language.
  • Coursera: the website is full of Python courses, from the basics to more advanced topics. I’ve attended a couple of them and I really appreciated them.
  • How to think like a computer scientist: this was the very first Python resource I’ve ever used. It is a very well written book covering all the foundation in a pretty deep and clear way.
  • Dive Into Python: this is a more advanced book for those of you who are¬†hungry of knowledge.

I’m sure the list of someone else would look completely different since there are so many resources out there. So just pick one of them and start ūüôā

APIs

Networking vendors have developed specialized APIs to help engineers interact with their devices. I’ll introduce some of them within this section.

Juniper PyEZ

Juniper¬†is working hard on automation and has developed the PyEZ library, supported by almost every JunOS device. Once you installed all the requirements, it’s really easy to start talking to your remote device:


>>> from jnpr.junos import Device
>>> from jnpr.junos.utils.config import Config
>>> from pprint import pprint
>>> my_device = Device(host='172.16.1.1', user='gabriele', password='gabriele')
>>> my_device.open()
Device(172.16.1.1)
>>> pprint(my_device.facts)
{'2RE': False,
'HOME': '/var/home/gabriele',
'domain': None,
'fqdn': 'Router1',
'hostname': 'Router1',
'ifd_style': 'CLASSIC',
'model': 'olive',
'personality': 'UNKNOWN',
'serialnumber': '',
'switch_style': 'NONE',
'vc_capable': False,
'version': '12.1R1.9',
'version_info': junos.version_info(major=(12, 1), type=R, minor=1, build=9)}

Here there are some other practical reference about it:

Cisco

Cisco is working toward enabling automation in today’s network as well (of course).

Cisco NX-API

If you want to talk to Cisco NX-OS devices, you can use their NX-API.

Jason Edelman did an awesome work on both introducing NX-API here and developing another API called pycsco that simplifies working with Cisco NX-OS switches that support NX-API.

Here you can also find the latest reference from Cisco itself: NX-API book.

Cisco IOS-XR

Elisa Jasinska¬†developed an API¬†to help interact with Cisco devices running IOS-XR. It’s called¬†pyIOSXR.

Arista EOS

If you want to use Arista EOS, you can pick eAPI. You can also find some references here and on Packet Pushers.

Netmiko

Another super useful tool is Netmiko. It’s not a¬†specialized¬†API but instead it’s used to send commands to network devices and retrieve their output. That’s a great resource for those who want to start with network automation and I’ve extensively used it in pretty much every¬†project I’ve done.

In addition, the list of supported devices is huge:

Cisco IOS
Cisco IOS-XE
Cisco ASA
Cisco NX-OS
Cisco IOS-XR
Cisco WLC (limited testing)
Arista vEOS
HP ProCurve
HP Comware (limited testing)
Juniper Junos
Brocade VDX (limited testing)
F5 LTM (experimental)
Huawei (limited testing)
A10 (limited testing)
Avaya ERS (limited testing)
Avaya VSP (limited testing)
OVS (experimental)
Enterasys (experimental)
Extreme (experiemental)
Fortinet (experimental)
Alcatel-Lucent SR-OS (experimental)

Netmiko’s been developed by¬†Kirk Byers¬†and he also wrote an amazing post on how to use it. Thank you Kirk ūüôā

NAPALM

This name shouldn’t sound new to you! ūüėČ

In fact, I’ve extensively talked about NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) in my previous¬†post.

If you didn’t read it, repent, go read it and come back here ūüôā

Automation tools: Ansible

Like NAPALM, this shouldn’t sound new! I’ve talked about Ansible in two of my previous posts (here and here).

Anyway, those posts could be difficult to understand if you’re completely new. In this case, don’t worry, you definitely can¬†be guided by Kirk and Jason (these two guys are awesome!):

  • Kirk wrote a very nice guide introducing Ansible playbooks and templates, splitting it into 3 parts (Part1, Part2, Part3). This is what I used to write my first blog post on Ansible (see just above).
  • Jason extensively wrote about Ansible basics¬†(this post is precious for those who just started to use the tool) and other more advanced applications as well (here, here and here).

Have I already said that these two are awesome? ūüôā

Fast-paced Courses

Last but not least, if you really want to boost your automation skills and have enough resources (or you’re lucky enough to receive support from your company) you¬†may want to attend live classes on Network Automation.

Jason Edelman si¬†delivering an awesome¬†Network Programming and Automation¬†course all around the world. It covers everything you need to move from novice, writing your first “Hello World!” in Python, to NetOps Ninja developing a working network automation Flask app.

During the course you’ll not just sit there listening to Jason, but you’ll go through 10+ hours of labs too. I’ve reviewed the whole lab section and it took me almost the full 10 hours to complete it (and I was not new to most of the topics!). So I think you can expect to spend at least 2 extra hours on this.

Summarizing: 4 days digging deep on Python and Network Automation including some cool tools like Ansible + 12 hours of practical labs + guidance from Jason Edelman, one of the most expert guy on the field =¬†How cool is this? ¬†ūüėÄ

tweet

Here it is the course schedule for the first part of the next year. Don’t¬†miss it! ūüėČ

 Conclusion

These are just some of the available¬†resource I used to start my journey with NetOps. There are tons of more resources out there¬†if you want to start practicing Network Automation or simply improve your coding skills so you have no excuses! Choose what¬†you want and just start! ūüôā

start

 

Project:Me10 – 40% Completed

Time rus fast and 4 months are already passed since I started this journey. I believe it’s important to stop for a moment and analyze how I’ve done so far in order to plan the remaing 6 months ahead.

CERTIFICATIONS

I’ve already passed two certifications:

  • JNCIA: the entry point to the Juniper’s world.
  • BCVRE: a certification from Brocade focused on its virtual solution.

SKILLS

As I said in my previous update, I was going to focus on some Linux and Network Automation skills. During the past¬†two months I’ve started using tools and technologies like Ansible, Jinja2, SQLite3 and I’ve done a eavy usage of GNS3 and VirtualBox to set up a working virtual environment. I’ve also completed the Linux Command Line course on Code Academy.

I’ve posted two little projects about those topics:

Moreover, I’m currently working on other projects, both personal and collaborating with other awesome peers.

PROJECT:THEM

This is something I’m really proud of, because I feel like I’m doing something useful for other “networking dreamers” like me ūüôā

I’ve performed 4 interviews to ex-interns so far:

TECHNICAL INTERVIEW

Few week ago I applied to the Cisco Engineer Incubator Program

It is a special educational program designed by Cisco engineers and Cisco Networking Academy to support employment of talented students and graduates. Specifically to support those who are interested in networking technologies and starting a career in IT.

You will benefit from free CCNP course at your local Cisco Networking Academy. There will also be advanced technology and soft skills seminars and webinars delivered by Cisco experts during our regular virtual and live office visits as well as meetings with the Krakow Global Support Center team.

This is something really interesting to me and so I decided to give it a try.

Yesterday I passed the phone interview and within the next few days I should be noticed whether I’m selected to attend the assessment center, which is the last step into the selection process. Fingers crossed ūüôā

(SOCIAL) NETWORKING

I’m receiving lot of support and positive feedbacks from everyone. More and more people and young guys seem to be interested in this project and this makes me really happy. My blog visits are also increasing rapidly, starting from a total of 146 views in June to almost 600 during these first 10 days of October.

Moreover, many experienced professional reached out offering tips and help, which is something I’d never¬†thought could happen. Probably this is the most important goal reached so far ūüôā

WHAT IS NEXT?

CERTS: As stated into the Project:Me10’s Manifesto, the next major milestone is represented by the JNCIS-ENT certification. Today I’m starting my studies and I’m going to complete them within November.

PROJECT:THEM:¬†I’m working on two more interviews to be posted soon and I’m sure you’ll find them so interesting ūüôā

AUTOMATION:¬†I’m going to keep studying and practicing NetOps skills with¬†Vagrant, Cumulus VX¬†and¬†TextFSM¬†being on top of my wish list.

NETWORKING SKILLS:¬†Among JNCIS-ENT, I’m going to going deep on some topics I feel I’m not that confortable like before.

So, back to work ūüôā


yodaquote

Network Automation Project – Part 1

Hi everyboy, today I want to share with you a project I’ve worked on during the past days. For this project I’ve been inspired by the Facebook NetEng team who created the #netengcode¬†facebook group after a presentation a NANOG where they performed a tutorial on Network Automation and, specifically, on how they developed an auto-remedation tool. Beside all the really interesting contents, the tool was developed using DB interaction using Python. Since I’ve never done anything like this, I’ve decided to make some practice coding a little project.

As I said, I’ve been inspired by their work and code, and my project contains some lines of theirs (limited to some db.py’s lines). Anyway, let’s start ūüôā

[The whole project code can be found on GitHub, here]

SCENARIO

scenario

As usually, the network is built using GNS3 with VirtualBox.

The devices are minimally configured with the essentials to provide basic connectivity and SSH access to the user gabriele.

THE TOOL

The project directory is composed by several files:


gabriele@gabriele-VirtualBox:~/Desktop/project$ ls
bgp.py network_automation_project.py db.py push.py devices.txt interfaces.py


The network_automation_project.py file is the main file that we will be execute. An high level description of the project is:

  • The user define a list of devices to be added inside the network using the devices.txt text file.
  • The “python network_automation_project.py [-u username -p password -f textfile]” command is executed.
  • The tool will ask for any missing parameters and then will start to parse devices.txt data inside a sqlite¬†database.
  • The tool will ask the user some facts about the network (interface names and addresses and BGP informations).
  • The tool will store those additional information inside the db.
  • The tool will generate the proper configuration based on the data provided.
  • The tool will push the configuration to the devices.

In this stage the project is executed as dry run, but I’d like to add some multithreding function.

THE DB

As I said, the db is a sqlite one. I’ve defined 3 tables: devices, interfaces and neighbors.


DEVICES_SCHEMA = (''' 
 CREATE TABLE devices ( 
 router_id TEXT PRIMARY KEY, 
 hostname TEXT, 
 vendor TEXT, 
 ports INT, 
 as_number INT, 
 ip_address TEXT, 
 configured DEFAULT 0) 
''') 
NEIGHBORS_SCHEMA = (''' 
 CREATE TABLE neighbors ( 
 router_id TEXT PRIMARY KEY, 
 neighbors_list TEXT) 
''') 
INTERFACES_SCHEMA = (''' 
 CREATE TABLE interfaces ( 
 router_id TEXT PRIMARY KEY, 
 interface TEXT) 
''') 


RUN IT!

Let’s see what happens if we run it.


..$ python network_automation_project.py -u gabriele -p projectme10 -f devices.txt
BUILDING DB
{
 "1.1.1.1": {
 "as_number": "10", 
 "hostname": "Router1", 
 "ip_address": "172.16.1.1", 
 "ports_number": "12", 
 "vendor": "Cisco"
 }, 
 "2.2.2.2": {
 "as_number": "20", 
 "hostname": "Router2", 
 "ip_address": "172.16.2.2", 
 "ports_number": "36", 
 "vendor": "Cisco"
 }
}


As you can see, I’ve executed the tool with the options¬†-u -p -f¬†so that it will run directly without asking any missing information first.

The devices.txt file appears as follows:


1.1.1.1;Router1;Cisco;12;10;172.16.1.1;
2.2.2.2;Router2;Cisco;36;20;172.16.2.2;

The format is router_id;hostname;vendor,number_of_ports;as_number;ip_address_to_ssh;

After that all the parameters are parsed, the tool will start building and populating the database.

If everything goes well, then we can start to configure our ports.. [CLICK IMAGES TO ENLARGE]

ports

The tool informs me I can configure up to 12 ports and ask me how many ports I whish to configure right now. I choose 2 ports and then I have to enter the information required. To make sure the user will insert a valid IP address I’ve used the¬†netaddr¬†Python module. All the data is then stored inside the db.

Then we enters the BGP configuration phase..

bgp

After this, the tool starts to generate the proper configuration command based on the data stored inside the db. Then, the configuration is pushed into the devices using the netmiko Python API and, lastly, all the running configuration is saved in a text file with the format hostname_configuration.txt

conf

Now it’s the time to configure the other device as well.

After that, let’s verify eveything has gone fine issuing a “show bgp” command on Router2:

show_bgp

It seems good. R2 now it’s named Router2¬†and all the BGP information are received correctly. In addition to this, we can also examine the 2 new created text files: Router1_configuration.txt and Router2_configuration.txt.

GOING FURTHER

The project is not finished yet and I’d like to add some more functionalities and fix some problems as well. Specifically, I’d like to:

  • Improve DB interaction, since sometimes some error occurs when data is already stored.
  • Add some multivendor support, As you can see from the actual code, I’ve included some function to generate Juniper configurations, but I leaved them blank.
  • Add some multithreading behaviour.
  • Add some “service” like¬†traffic draining.

Finding some other guy who wish to contribute would be great. So if you’re interested or if you have some hints please reach out ūüėÄ

I hope you will find this post interesting. Any comments are more than welcome ūüôā

Again, the whole project code can be found here


P.S.

I’ve started contributing to other network automation project on github. I think this is a great way to learn and understand things better. By now I’ve only pushed few lines of code to the¬†netcli_to_dict¬†project, which is “a collection of scripts that provide samples of how to iterate through the output of an executed command and return a dictionary, or a list of dictionaries, based on information could be useful in various automation projects.

P.P.S

Few days ago I went to Taormina with my girlfriend. We spent some great¬†time together dining and walking through the beautiful streets of that little city. Then, I saw the “I have a dream…” wall, where everyone can write something. So I decided to take the chunk and write “NETENG INTERN 2016”. Who knows.. ūüôā

WP_000215

P.P.P.S

For those wondering, I’m not an a**hole and so I’ve written something romantic for my girlfriend before writing the above thing ūüėÄ

A Cisco, a Juniper, a Vyatta Router…and an Ansible Playbook

Here we are, 2.5 months are passed since I started this challenge¬†and it’s time to do some kind of review and summary of what I’ve done during this time:

  • I’ve publised 9 blog posts (with this one being the 9th)
  • I’ve published 2 interviews with engineers from Google and Cisco (another interview is already completed and I’ll post it soon)
  • I’ve completed a Coursera’s course about Python
  • I’ve achieved the Juniper JNCIA certification
  • I’ve achieved the Vyatta BCVRE certification
  • I’ve started to study and practice network automation and Linux skills

I’m quite satisfied so far, but my last goal is still too far and I need to work harder if I want to reach it.

In regards to the list above, I decided to build a little virtual lab to make some practice (and have fun ūüôā ). Specifically, I’m going to build a network with a Cisco router, a Juniper router and a Vyatta one. Then, I’m going to automatically generate EBGP configurations for each of them using Ansible and, lastly, push them to¬†the devices using a Python library.


ANSIBLE

Ansible is a great tool used to automate many kind of tasks, including the configuration and maintainance of IT infrastructure. It can also be used to help network engineers to simplify their day-to-day work and what we’ll see during¬†this post is just a veeeeeery little use case. This is the first time I play with it but I’m really interested in digging deeper.

Ansible Playbook’s key components I’ve used are:

  • Roles: in my case, I’ve used only one role,¬†router.
  • Tasks:¬†once the role is defined, Ansible will look for any¬†tasks to be completed.
  • Templates: a template is, basically, a model. I this case it’ll be a router configuration model.
  • Vars:¬†Ansible will build the actual configuration based on the defined model, using some values identified as vars

I’m pretty sure that this explanation is far to be clear at this time, but you can find many useful information on the official documentation website.


LAB SCENARIO

lab

The network is built using GNS3 and its VirtuaBox integration. This network includes:

  • A Cisco router:¬†Cisco IOS Software, 3600 Software (C3640-JK9S-M), Version 12.4(16)
  • A Juniper router:¬†JunOS Olive 12.1R1.9 (in VirtualBox)
  • A Vyatta router:¬†Brocade Vyatta 5415 vRouter 6.7 R9T60 (in VirtualBox)
  • A Linux machine: Ubuntu (in VirtualBox)

The devices are minimally configured, as shown here below where only the important configuration section, including interface configurations, are highlighted. In addition to this, I’ve enabled and configured SSH access for the user gabriele.

CISCO CONFIGURATION

interface FastEthernet0/0
 ip address 172.16.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 172.16.3.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet2/0
 ip address 172.16.1.1 255.255.255.0
 duplex auto
 speed auto
!

JUNIPER CONFIGURATION

[edit]
gabriele@Router1# show interfaces
em0 {
   unit 0 {
      family inet {
         address 172.16.4.1/24;
        }
    }
}
em1 {
   unit 0 {
      family inet {
         address 172.16.3.2/24;
        }
    }
}

VYATTA CONFIGURATION

[edit]
gabriele@vyatta# show interfaces
   ethernet eth0 {
   address 172.16.2.2/24
   duplex auto
   hw-id 08:00:27:d2:5f:38
   smp_affinity auto
   speed auto
 }
   ethernet eth1 {
   address 172.16.4.2/24
   duplex auto
   hw-id 08:00:27:58:e3:1c
   smp_affinity auto
   speed auto
 }

ANSIBLE CONFIGURATION

My project’s directory tree looks like this:


gabriele@gabriele-VirtualBox:~/Desktop/BGP$ find . -type d
.
./roles
./roles/router
./roles/router/vars
./roles/router/tasks
./roles/router/templates

Inside the tasks subdirectory there is a file named main.yml


---
- name: Generate configuration files
 template: src=router_cisco.j2 dest=/home/gabriele/Desktop/BGP/{{item.hostname}}.txt
 with_items: cisco_template

- name: Generate configuration files
 template: src=router_juniper.j2 dest=/home/gabriele/Desktop/BGP/{{item.hostname}}.txt
 with_items: juniper_template

- name: Generate configuration files
 template: src=router_vyatta.j2 dest=/home/gabriele/Desktop/BGP/{{item.hostname}}.txt
 with_items: vyatta_template

The “—” pattern at the beginning of the file indicates it is a YAML file. The field called¬†name¬† indicates the name of the tasks that have to be execute: generation of 3 template based on the structure of something called¬†cisco_template, juniper_template¬†and¬† vyatta_template.¬†Where are those models?

They resides inside the template directory..


gabriele@gabriele-VirtualBox:~/Desktop/BGP/roles/router/templates$ ls
router_cisco.j2 router_juniper.j2 router_vyatta.j2


..and they appear as follows.

router_cisco.j2


configure terminal
{% for interface in cisco_loopback %}
interface {{interface.name}}
ip address {{interface.address}} {{interface.mask}}
{% endfor %}

router bgp {{item.as}}
{% for neighbor in cisco_neighbors %}
neighbor {{neighbor.id}} remote-as {{neighbor.as}}
{% endfor %}
{% for loopback in cisco_loopback %}
network {{loopback.network}} mask {{loopback.mask}}
{% endfor %}


juniper_template.j2


configure
set protocols bgp group external-peers type external
set routing-options autonomous-system {{item.as}}
{% for neighbor in juniper_neighbors %}
set protocols bgp group external-peers neighbor {{neighbor.id}} peer-as {{neighbor.as}}
{% endfor %}
{% for loopback in juniper_loopback %}
set interface lo0 unit 0 family inet address {{loopback.address}}
set policy-options prefix-list Loopback {{loopback.network}}
{% endfor %}
set policy-options policy-statement ebgp term 1 from prefix-list Loopback
set policy-options policy-statement ebgp term 1 then accept
set protocols bgp group external-peers export ebgp
commit


vyatta_template.j2


configure
set protocols bgp {{item.as}}
{% for neighbor in vyatta_neighbors %}
set protocols bgp {{item.as}} neighbor {{neighbor.id}} remote‚Äźas {{neighbor.as}}
{% endfor %}
{% for loopback in vyatta_loopback %}
set interface loopback lo address {{loopback.address}}
set protocols bgp {{item.as}} network {{loopback.network}}
{% endfor %}
commit


These are Jinja2 files and, basically, are a set of configuration commands with something “strange”¬†inside. In fact, all the things inside curly braces are variable that Ansible will use to build the actual models.

So, for exampe, the snippet below means that somewhere (inside the vars directory) exists an iterable called vyatta_loopback which can be looped and its values as and network are assigned to the template.


{% for loopback in vyatta_loopback %}
set interface loopback lo address {{loopback.address}}
set protocols bgp {{item.as}} network {{loopback.network}}
{% endfor %}

One last thing should be examinated: the vars directory. Anyway, in this stage it is empty. Why? Because I decided to let the user to dinamically configure it using a Python script.


BGP Script

The whole project, including the Python script can be found here.

We can choose to execute the AutomateBGP.py in 2 ways:

  • including some options like¬†username¬†and¬†password¬†to be used for the SSH connection to the devices,¬†and a file_name¬†containing devices’ IP addresses and platform.
  • if we execute it without including any parameters, the script will ask us to insert all the missing values.

After this, the user will be asked to insert some information about Loopback interfaces (address, network and mask), BGP AS and BGP neighbors.

screen

Now that we have all the information we needed, we can go back to the vars directory, where the script creates a new main.yml file containing all the variables needed by Ansible to build the templates.


---
cisco_template:
- { hostname: cisco_template, as: 10 }

cisco_loopback:
- { name: lo0, address: 1.1.1.1, network: 1.1.1.0, mask: 255.255.255.0 }
- { name: lo1, address: 11.11.11.11, network: 11.11.11.0, mask: 255.255.255.0 }

cisco_neighbors:
- { id: 172.16.2.2, as: 30 }
- { id: 172.16.3.2, as: 20 }

juniper_template:
- { hostname: juniper_template, as: 20 }

juniper_loopback:
- { name: 1, address: 2.2.2.2/24, network: 2.2.2.0/24 }
- { name: 2, address: 22.22.22.22/24, network: 22.22.22.0/24 }

juniper_neighbors:
- { id: 172.16.3.1, as: 10 }
- { id: 172.16.4.2, as: 30 }

vyatta_template:
- { hostname: vyatta_template, as: 30 }

vyatta_loopback:
- { name: 1, address: 3.3.3.3/24, network: 3.3.3.0/24 }

vyatta_neighbors:

- { id: 172.16.2.1, as: 10 }
- { id: 172.16.4.1, as: 20 }

The next step is to let Ansible generate all the configuration template.


os.system("ansible-playbook site.yml")

This line of code has the effect to create 3 new text files: cisco_template.txt, juniper_template.txt, vyatta_template.txt.


PLAY [Generate router configuration files] ************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [router | Generate configuration files] *********************************
changed: [localhost] => (item={'as': 10, 'hostname': 'cisco_template'})

TASK: [router | Generate configuration files] *********************************
changed: [localhost] => (item={'as': 20, 'hostname': 'juniper_template'})

TASK: [router | Generate configuration files] *********************************
changed: [localhost] => (item={'as': 30, 'hostname': 'vyatta_template'})

PLAY RECAP ********************************************************************
localhost : ok=4 changed=3 unreachable=0 failed=0

cisco_template.txt


configure terminal
interface lo0
ip address 1.1.1.1 255.255.255.0
interface lo1
ip address 11.11.11.11 255.255.255.0

router bgp 10
neighbor 172.16.2.2 remote-as 30
neighbor 172.16.3.2 remote-as 20
network 1.1.1.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0

juniper_template.txt


configure
set protocols bgp group external-peers type external
set routing-options autonomous-system 20
set protocols bgp group external-peers neighbor 172.16.3.1 peer-as 10
set protocols bgp group external-peers neighbor 172.16.4.2 peer-as 30
set interface lo0 unit 0 family inet address 2.2.2.2/24
set policy-options prefix-list Loopback 2.2.2.0/24
set interface lo0 unit 0 family inet address 22.22.22.22/24
set policy-options prefix-list Loopback 22.22.22.0/24
set policy-options policy-statement ebgp term 1 from prefix-list Loopback
set policy-options policy-statement ebgp term 1 then accept
set protocols bgp group external-peers export ebgp
commit

vyatta_template.txt


configure
set protocols bgp 30
set protocols bgp 30 neighbor 172.16.2.1 remote‚Äźas 10
set protocols bgp 30 neighbor 172.16.4.1 remote‚Äźas 20
set interface loopback lo address 3.3.3.3/24
set protocols bgp 30 network 3.3.3.0/24
commit


PUSH IT!

One last step remains to complete the lab: pushing the configuration to the devices. I used Paramiko¬†to do so. It is a useful Python library to interact with network devices. I’ve written a¬†run_command()¬†function to split each template in single commands and then pushing them. Once the configuration is completed, the script informs you about the accomplishment.


def run_commands(ip_address, user, password, commandList, platform, buffer=5000):
    """ this function runs the specified commands on the node. """
    print "Configuring " + ip_address
    remote_conn_pre = paramiko.SSHClient()
    remote_conn_pre.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    remote_conn_pre.connect(ip_address, username=user, password=password)
    remote_conn = remote_conn_pre.invoke_shell()
    if platform == "cisco":
        remote_conn.send("enable\n")
        time.sleep(1)
        remote_conn.send(password+'\n')
        time.sleep(1)
    commands = commandList.split('\n')
    for com in commands:
        remote_conn.send(com+'\n')
        time.sleep(1)
        output = remote_conn.recv(buffer)

LET’S VERIFY

Now we can verify that everything has gone well (click the images to watch them larger)

Cisco

show

Juniper

show1

Vyatta

show2


CONCLUSIONS

It’s been really funny to code for this lab. If you look at the code, you’ll see it isn’t well optimized at all and it can be improved to catch exception, errors, adding use cases and so on. Anyway, my goal with this lab was to start playing with Ansible and to write some code, but it’d be too lenghty trying to optimize it at the moment.

I’m really interested in this kind of stuff so I’m always looking for new ideas to make some practice. Any kind of suggestion, tips or feedbacks are highly appreciated ūüôā

Bye!

Brocade Certified vRouter Engineer

I know I said that I’d have been focused on Linux skills during this month, but then I was reached out by this video from Brocade:

As the video explains, Brocade is giving the possibility to enroll in a free virtual course and obtain the Brocade Certified vRouter Engineer (BCVRE)¬†certification view a free voucher! In addition, the Brocade’s ads promote the certification as NFV (Network Function Virtualization)¬†related and this made it so interesting to me. So, I couldn’t help to start working on it.


Exam preparation

Exam objectives and informations can be found here

Brocade’s free course is organized into small video lectures (25 minutes circa each) for a total of 5 hours course. There is also a free study guide which can be used to¬†review some key topics and configurations. In addition to all of this Brocade has made available, for a 60-days trial, a vRouter image for you to make practice with its CLI.


Personal study experience

I enjoyed learning somenthing about Brocade products, but at the same time I’m quite disappointed with Brocade’s statement about the NFV nature of the course. In fact, the exam is not designed around NFV at all, if it were not for the virtual nature of the vRouter itself.

The exam is pretty simple being at an associted level. I only had to learn some vRouter features and the new CLI “language”. The latter is similar to Junos OS from Juniper and I had no problem with it since I passed my JNCIA exam one month ago.


Final impressions

My overall mood about the certification is pretty positive but now I feel the need to advance my knowledge on a more “vertical” direction. I will do so through the JNCIS¬†cert.

Now (this time I promise ūüôā ) I will focus more on Linux and Automation skills. In particular, I’m working on an network automation project so the next post will be about it.

Stay tuned ūüôā

Summer update

After a little break due to university exams and other tasks, here we are again with the challenge.

As I said before, my plan is to improve my Linux and Automation skills during August, delaying the start of my JNCIS studies. Based on all this, the plan includes:

  • Studying Linux systems. In order to have a structured approach to the subject I’ll start reading LPIC-1 stuff too. The reading list includes¬†LPI Linux Certification in a Nutshell¬†and¬†The Linux Command Line: A Complete Introduction.
  • Go automate. The commitment is to start thinking and working on personal projects about¬†network automation (I need some ispiration and ideas, so suggestions are more than¬†welcome ūüôā ) and I’ll also work on a project shared with a friend. More updates in next posts.
  • Publish at least two more interviews to network engineer interns.

This will be a practical month, so expect labs, simulations and other fancy stuff. It’ll be fun ūüėÄ


P.S.

Facebook has published a new video about Career at FB and I find it absolutely stunning. It makes me think “Shut up and take my resume!” ūüėÄ


“When you find an opportunity grab it, run with it, make it your own”

First Milestone Reached: JNCIA Certified

Good news over here: today I passed the JNCIA exam, the first milestone of my Project:Me10 journey! ūüėÄ

I’m reeeeeally happy about that! I had no experience with Juniper products and at first I found it a little bit difficult to start typing in Junos (I used to think in IOS ūüôā ) but, once this first obstacle has been overcome, the preparation has been pretty easy.

Junos OS is an interesting platform and the JNCIA exam is focused on convincing you about this (succeeding). A nice thing about the Juniper Network Certification Program, is that you can obtain a 50% voucher over the exam prize passing a practice test on their website. That’s great! I only spent 50$ for my JNCIA exam!

My only complaint¬†is about the exam blueprint¬†which¬†lacks of focus on¬†major networking protocols and technologies. The certification is designed to be an introduction to Juniper’s world, but I thought I was gonna find more¬†CCNA-like contents. That’s why I can’t wait to start my JNCIS journey (which is the second milestone of the Project), in which I’ll find some interesting topics like IS-IS, BGP and High Availability (among many others).

But first I’ll take a little break and I’ll work on some Linux and Network Automation skills (and projects ūüôā ).

Stay tuned.

P.S.

Few weeks ago I’ve also won a 10$ Amazon Gift Card solving a game posted by David Swafford¬†(Datacenter Network Engineer at Facebook) in a network automation focused group on Facebook, which required to parse this command output in order to obtain a dictionary of port-channel numbers to their member interfaces (my solution here).

Nothing special, but something is better than nothing ūüėÄ

Update

Here it is a little update about my jouney.

As stated into the first post, my first milestone for¬†this challenge will be achieving the Juniper JNCIA certification and during the past days I’ve started to¬†study. In order to do so, I’m using several resources:

  • Junos as a Second Language-WBT:¬†I’ve already completed this mini-course whose focus is to¬†make easier the transition from other vendor based CLI (Cisco IOS) to Junos.
  • CBT Nuggets: Interesting video lectures held by Scott Morris discussing all the JNCIA exam objects.
  • Juniper Fast Track¬†stuff, including a free JNCIA study guide from Juniper itself.
  • GNS3 with Olive support, in order to emulate some simple network and get used to¬†the new configuration environment and syntaxt.

Although I’ve not yet dived deep into the subject, I think Junos has some really cool features like the separation between Control Plane and Data Plane, inner modularity with processes memory separation (so that no single fail would affect the whole system), FreeBSD based (so that it feel like working with Linux).

At the same time, I’m using this¬†Coursera course¬†as a refresher for my Python not-that-awesome skills.

Just Start!

Here we are. This is my first blog post and my first step into a major challenge I decided to go¬†into. But first, who am I? My name is Gabriele, I’m a 24 years old guy from Italy with a passion for Network Engineering.¬†During my studies I’ve achieved something I’m really proud of, like winning the Europen Borderless Challenge from Cisco and the Silicon Valley Study Tour competition. I’ve also achieved the CCNA certification (now expired) and a Bachelor Degree in Telecommunication Engineering from the University of Catania (I’m in the last year of my Msc right now).

What is Project:Me10?

It is a “personal development” project lasting 10 months. During this period of time I will try to improve my skills and knowledge to reach my biggest dream right now: obtain a networking related¬†internship on a big company like Facebook, Google, Cisco, Dropbox, Juniper, Arista, HP, Ericsson, Amazon, Ebay, LinkedIn, Yahoo or¬†VMware.


How is it structured?

Being a medium term goal, I think the best approach to pursue it is to divide the long journey into smaller milestones and try to reach them instead, one after the other. I decided to identify 5 milestones:

  1. Pass the JNCIA certification exam.
  2. Pass the JNCIS certification exam.
  3. Spend at least 350 hours studying and labbing topics like TCP/IP, OSPF, ISIS, BGP, MPLS, FHRP and Layer 2 protocols.
  4. Spend at least 350 hours studying and practicing technology like Python, Shell scripting, Linux and other automation related stuff.
  5. Obtain the internship.

I decided to switch from Cisco to Juniper certifications because the latter is much more cheaper than the former and because I already have a general knowledge of Cisco IOS and it will be useful to know another vendor as well. Probably, I will still study something from Cisco books (like the “Routing TCP/IP” and “MPLS Fundamentals”), but I don’t have plan to pass any Cisco related certification (due to their high cost).


Why Project:Me10?

I decided to open this blog for 2 main reasons:

  • It will help me to track my progress
  • There is no such thing around on the net. There are tens of blogs and websites about how to start a career in Software Engineering and tens of books about interview preparation as well, but almost nothing exists for Network Engineering track (especially regarding early stages). For this reason, I’ll also try to post some interview to networking pros and former interns from the companies above¬†so that¬†this blog would be helpful for all those people like me who dream big¬†but don’t really know where to start.

I’m aware I’m trying something really difficult, where odds of “success” are very low but I want to enjoy the journey. I will never know, if I don’t try.

“A Year from Now You May Wish You Had Started Today”