So you want to start with Network Automation…

As we all know, things in networking are changing rapidly and so is changing the needed skillset for those who manage networks.

I’m definitely not an expert (I’m far from it) but lately many people asked me how to start with Network Automation. Now I’ve just received a message from a LinkedIn’s friend asking for something like this and I suddenly realized this would be a nice topic to write about šŸ™‚

In this post I’ll briefly summarize what you need to start your journey (or, at least, what I used to start mine).

Python

Even if we may be still far to deploy Software Defined Networks everywhere, software managed networks are a real thing and Python is the core of them.

Python is a pretty well-know programming language which is loved for itsĀ ease of learning. I’ve studied C and Java at university and hated both of them, while I simply love Python šŸ™‚

There are plenty of available resources for those who wish to study for free and the following is a little list of stuff I’ve personally used:

  • CodeAcademy: really nice course to start your journey. It let you approach the language in a very practical way. Anyway, it does not dig very deep into the language.
  • Coursera: the website is full of Python courses, from the basics to more advanced topics. I’ve attended a couple of them and I really appreciated them.
  • How to think like a computer scientist: this was the very first Python resource I’ve ever used. It is a very well written book covering all the foundation in a pretty deep and clear way.
  • Dive Into Python: this is a more advanced book for those of you who areĀ hungry of knowledge.

I’m sure the list of someone else would look completely different since there are so many resources out there. So just pick one of them and start šŸ™‚

APIs

Networking vendors have developed specialized APIs to help engineers interact with their devices. I’ll introduce some of them within this section.

Juniper PyEZ

JuniperĀ is working hard on automation and has developed the PyEZ library, supported by almost every JunOS device. Once you installed all the requirements, it’s really easy to start talking to your remote device:


>>> from jnpr.junos import Device
>>> from jnpr.junos.utils.config import Config
>>> from pprint import pprint
>>> my_device = Device(host='172.16.1.1', user='gabriele', password='gabriele')
>>> my_device.open()
Device(172.16.1.1)
>>> pprint(my_device.facts)
{'2RE': False,
'HOME': '/var/home/gabriele',
'domain': None,
'fqdn': 'Router1',
'hostname': 'Router1',
'ifd_style': 'CLASSIC',
'model': 'olive',
'personality': 'UNKNOWN',
'serialnumber': '',
'switch_style': 'NONE',
'vc_capable': False,
'version': '12.1R1.9',
'version_info': junos.version_info(major=(12, 1), type=R, minor=1, build=9)}

Here there are some other practical reference about it:

Cisco

Cisco is working toward enabling automation in today’s network as well (of course).

Cisco NX-API

If you want to talk to Cisco NX-OS devices, you can use their NX-API.

Jason Edelman did an awesome work on both introducing NX-API hereĀ and developing another API called pycscoĀ that simplifies working with Cisco NX-OS switches that support NX-API.

Here you can also find the latest reference from Cisco itself:Ā NX-API book.

Cisco IOS-XR

Elisa JasinskaĀ developed an APIĀ to help interact with Cisco devices running IOS-XR. It’s calledĀ pyIOSXR.

Arista EOS

If you want to use Arista EOS, you can pickĀ eAPI.Ā You can also find some references hereĀ and on Packet Pushers.

Netmiko

Another super useful tool is Netmiko. It’s not aĀ specializedĀ API but instead it’s used to send commands to network devices and retrieve their output. That’s a great resource for those who want to start with network automation and I’ve extensively used it in pretty much everyĀ project I’ve done.

In addition, the list of supported devices is huge:

Cisco IOS
Cisco IOS-XE
Cisco ASA
Cisco NX-OS
Cisco IOS-XR
Cisco WLC (limited testing)
Arista vEOS
HP ProCurve
HP Comware (limited testing)
Juniper Junos
Brocade VDX (limited testing)
F5 LTM (experimental)
Huawei (limited testing)
A10 (limited testing)
Avaya ERS (limited testing)
Avaya VSP (limited testing)
OVS (experimental)
Enterasys (experimental)
Extreme (experiemental)
Fortinet (experimental)
Alcatel-Lucent SR-OS (experimental)

Netmiko’s been developed byĀ Kirk ByersĀ and he also wrote an amazing post on how to use it. Thank you Kirk šŸ™‚

NAPALM

This name shouldn’t sound new to you! šŸ˜‰

In fact, I’ve extensively talked about NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) in my previousĀ post.

If you didn’t read it, repent, go read it and come back here šŸ™‚

Automation tools: Ansible

Like NAPALM, this shouldn’t sound new! I’ve talked about Ansible in two of my previous posts (here and here).

Anyway, those posts could be difficult to understand if you’re completely new. In this case, don’t worry, you definitely canĀ be guided by Kirk and Jason (these two guys are awesome!):

  • Kirk wrote a very nice guide introducing Ansible playbooks and templates, splitting it into 3 parts (Part1, Part2, Part3). This is what I used to write my first blog post on Ansible (see just above).
  • Jason extensively wrote about Ansible basicsĀ (this post is precious for those who just started to use the tool) and other more advanced applications as well (here, here and here).

Have I already said that these two are awesome? šŸ™‚

Fast-paced Courses

Last but not least, if you really want to boost your automation skills and have enough resources (or you’re lucky enough to receive support from your company) youĀ may want to attend live classes on Network Automation.

Jason Edelman siĀ delivering an awesomeĀ Network Programming and AutomationĀ course all around the world. It covers everything you need to move from novice, writing your first “Hello World!” in Python, to NetOps Ninja developing a working network automation Flask app.

During the course you’ll not just sit there listening to Jason, but you’ll go through 10+ hours of labs too. I’ve reviewed the whole lab section and it took me almost the full 10 hours to complete it (and I was not new to most of the topics!). So I think you can expect to spend at least 2 extra hours on this.

Summarizing: 4 days digging deep on Python and Network Automation including some cool tools like Ansible + 12 hours of practical labs + guidance from Jason Edelman, one of the most expert guy on the field =Ā How cool is this? Ā šŸ˜€

tweet

Here it is the course schedule for the first part of the next year. Don’tĀ miss it! šŸ˜‰

Ā Conclusion

These are just some of the availableĀ resource I used to start my journey with NetOps. There are tons of more resources out thereĀ if you want to start practicing Network Automation or simply improve your coding skills so you have no excuses! Choose whatĀ you want and just start! šŸ™‚

start

 

Project:Me10 – 40% Completed

Time rus fast and 4 months are already passed since I started this journey. I believe it’s important to stop for a moment and analyze how I’ve done so far in order to plan the remaing 6 months ahead.

CERTIFICATIONS

I’ve already passed two certifications:

  • JNCIA: the entry point to the Juniper’s world.
  • BCVRE: a certification from Brocade focused on its virtual solution.

SKILLS

As I said in my previous update, I was going to focus on some Linux and Network Automation skills. During the pastĀ two months I’ve started using tools and technologies like Ansible, Jinja2, SQLite3 and I’ve done a eavy usage of GNS3 and VirtualBox to set up a working virtual environment. I’ve also completed the Linux Command Line course on Code Academy.

I’ve posted two little projects about those topics:

Moreover, I’m currently working on other projects, both personal and collaborating with other awesome peers.

PROJECT:THEM

This is something I’m really proud of, because I feel like I’m doing something useful for other “networking dreamers” like me šŸ™‚

I’ve performed 4 interviews to ex-interns so far:

TECHNICAL INTERVIEW

Few week ago I applied to the Cisco Engineer Incubator Program

It is a special educational program designed by Cisco engineers and Cisco Networking Academy to support employment of talented students and graduates. Specifically to support those who are interested in networking technologies and starting a career in IT.

You will benefit from free CCNP course at your local Cisco Networking Academy. There will also be advanced technology and soft skills seminars and webinars delivered by Cisco experts during our regular virtual and live office visits as well as meetings with the Krakow Global Support Center team.

This is something really interesting to me and so I decided to give it a try.

Yesterday I passed the phone interview and within the next few days I should be noticed whether I’m selected to attend the assessment center, which is the last step into the selection process. Fingers crossed šŸ™‚

(SOCIAL) NETWORKING

I’m receiving lot of support and positive feedbacks from everyone. More and more people and young guys seem to be interested in this project and this makes me really happy. My blog visits are also increasing rapidly, starting from a total of 146 views in June to almost 600 during these first 10 days of October.

Moreover, many experienced professional reached out offering tips and help, which is something I’d neverĀ thought could happen. Probably this is the most important goal reached so far šŸ™‚

WHAT IS NEXT?

CERTS: As stated into the Project:Me10’s Manifesto, the next major milestone is represented by the JNCIS-ENT certification. Today I’m starting my studies and I’m going to complete them within November.

PROJECT:THEM:Ā I’m working on two more interviews to be posted soon and I’m sure you’ll find them so interesting šŸ™‚

AUTOMATION:Ā I’m going to keep studying and practicing NetOps skills withĀ Vagrant, Cumulus VXĀ andĀ TextFSMĀ being on top of my wish list.

NETWORKING SKILLS:Ā Among JNCIS-ENT, I’m going to going deep on some topics I feel I’m not that confortable like before.

So, back to work šŸ™‚


yodaquote

Network Automation Project – Part 1

Hi everyboy, today I want to share with you a project I’ve worked on during the past days. For this project I’ve been inspired by the Facebook NetEng team who created the #netengcodeĀ facebook group after a presentation a NANOG where they performed a tutorial on Network Automation and, specifically, on how they developed an auto-remedation tool. Beside all the really interesting contents, the tool was developed using DB interaction using Python. Since I’ve never done anything like this, I’ve decided to make some practice coding a little project.

As I said, I’ve been inspired by their work and code, and my project contains some lines of theirs (limited to some db.py’s lines). Anyway, let’s start šŸ™‚

[The whole project code can be found on GitHub,Ā here]

SCENARIO

scenario

As usually, the network is built using GNS3 with VirtualBox.

The devices are minimally configured with the essentials to provide basic connectivity and SSH access to the user gabriele.

THE TOOL

The project directory is composed by several files:


gabriele@gabriele-VirtualBox:~/Desktop/project$ ls
bgp.py network_automation_project.py db.py push.py devices.txt interfaces.py


The network_automation_project.py file is the main file that we will be execute. An high level description of the project is:

  • The user define a list of devices to be added inside the network using the devices.txt text file.
  • The “python network_automation_project.py [-u username -p password -f textfile]” command is executed.
  • The tool will ask for any missing parameters and then will start to parse devices.txt data inside a sqliteĀ database.
  • The tool will ask the user some facts about the network (interface names and addresses and BGP informations).
  • The tool will store those additional information inside the db.
  • The tool will generate the proper configuration based on the data provided.
  • The tool will push the configuration to the devices.

In this stage the project is executed as dry run, but I’d like to add some multithreding function.

THE DB

As I said, the db is a sqlite one. I’ve defined 3 tables: devices, interfaces and neighbors.


DEVICES_SCHEMA = (''' 
 CREATE TABLE devices ( 
 router_id TEXT PRIMARY KEY, 
 hostname TEXT, 
 vendor TEXT, 
 ports INT, 
 as_number INT, 
 ip_address TEXT, 
 configured DEFAULT 0) 
''') 
NEIGHBORS_SCHEMA = (''' 
 CREATE TABLE neighbors ( 
 router_id TEXT PRIMARY KEY, 
 neighbors_list TEXT) 
''') 
INTERFACES_SCHEMA = (''' 
 CREATE TABLE interfaces ( 
 router_id TEXT PRIMARY KEY, 
 interface TEXT) 
''') 


RUN IT!

Let’s see what happens if we run it.


..$ python network_automation_project.py -u gabriele -p projectme10 -f devices.txt
BUILDING DB
{
 "1.1.1.1": {
 "as_number": "10", 
 "hostname": "Router1", 
 "ip_address": "172.16.1.1", 
 "ports_number": "12", 
 "vendor": "Cisco"
 }, 
 "2.2.2.2": {
 "as_number": "20", 
 "hostname": "Router2", 
 "ip_address": "172.16.2.2", 
 "ports_number": "36", 
 "vendor": "Cisco"
 }
}


As you can see, I’ve executed the tool with the optionsĀ -u -p -fĀ so that it will run directly without asking any missing information first.

TheĀ devices.txtĀ file appears as follows:


1.1.1.1;Router1;Cisco;12;10;172.16.1.1;
2.2.2.2;Router2;Cisco;36;20;172.16.2.2;

The format isĀ router_id;hostname;vendor,number_of_ports;as_number;ip_address_to_ssh;

After that all the parameters are parsed, the tool will start building and populating the database.

If everything goes well, then we can start to configure our ports.. [CLICK IMAGES TO ENLARGE]

ports

The tool informs me I can configure up to 12 ports and ask me how many ports I whish to configure right now. I choose 2 ports and then I have to enter the information required. To make sure the user will insert a valid IP address I’ve used theĀ netaddrĀ Python module. All the data is then stored inside the db.

Then we enters the BGP configuration phase..

bgp

After this, the tool starts to generate the proper configuration command based on the data stored inside the db. Then, the configuration is pushed into the devices using theĀ netmikoĀ Python API and, lastly, all the running configuration is saved in a text file with the format hostname_configuration.txt

conf

Now it’s the time to configure the other device as well.

After that, let’s verify eveything has gone fine issuing a “show bgp” command on Router2:

show_bgp

It seems good. R2 now it’s named Router2Ā and all the BGP information are received correctly. In addition to this, we can also examine the 2 new created text files: Router1_configuration.txt and Router2_configuration.txt.

GOING FURTHER

The project is not finished yet and I’d like to add some more functionalities and fix some problems as well. Specifically, I’d like to:

  • Improve DB interaction, since sometimes some error occurs when data is already stored.
  • Add some multivendor support, As you can see from the actual code, I’ve included some function to generate Juniper configurations, but I leaved them blank.
  • Add some multithreading behaviour.
  • Add some “service” likeĀ traffic draining.

Finding some other guy who wish to contribute would be great. So if you’re interested or if you have some hints please reach out šŸ˜€

I hope you will find this post interesting. Any comments are more than welcome šŸ™‚

Again, the whole project code can be found here


P.S.

I’ve started contributing to other network automation project on github. I think this is a great way to learn and understand things better. By now I’ve only pushed few lines of code to theĀ netcli_to_dictĀ project, which is “a collection of scripts that provide samples of how to iterate through the output of an executed command and return a dictionary, or a list of dictionaries, based on information could be useful in various automation projects.

P.P.S

Few days ago I went to Taormina with my girlfriend. We spent some greatĀ time together dining and walking through the beautiful streets of that little city. Then, I saw the “I have a dream…” wall, where everyone can write something. So I decided to take the chunk and write “NETENG INTERN 2016”. Who knows.. šŸ™‚

WP_000215

P.P.P.S

For those wondering, I’m not an a**hole and so I’ve written something romantic for my girlfriend before writing the above thing šŸ˜€

A Cisco, a Juniper, a Vyatta Router…and an Ansible Playbook

Here we are, 2.5 months are passed since I started this challengeĀ and it’s time to do some kind of review and summary of what I’ve done during this time:

  • I’ve publised 9 blog posts (with this one being the 9th)
  • I’ve published 2 interviews with engineers from Google and Cisco (another interview is already completed and I’ll post it soon)
  • I’ve completed a Coursera’s course about Python
  • I’ve achieved the Juniper JNCIA certification
  • I’ve achieved the Vyatta BCVRE certification
  • I’ve started to study and practice network automation and Linux skills

I’m quite satisfied so far, but my last goal is still too far and I need to work harder if I want to reach it.

In regards to the list above, I decided to build a little virtual lab to make some practice (and have fun šŸ™‚ ). Specifically, I’m going to build a network with a Cisco router, a Juniper router and a Vyatta one. Then, I’m going to automatically generate EBGP configurations for each of them using Ansible and, lastly, push them toĀ the devices using a Python library.


ANSIBLE

Ansible is a great tool used to automate many kind of tasks, including the configuration and maintainance of IT infrastructure. It can also be used to help network engineers to simplify their day-to-day work and what we’ll see duringĀ this post is just a veeeeeery little use case. This is the first time I play with it but I’m really interested in digging deeper.

Ansible Playbook’s key components I’ve used are:

  • Roles: in my case, I’ve used only one role,Ā router.
  • Tasks:Ā once the role is defined, Ansible will look for anyĀ tasks to be completed.
  • Templates: a template is, basically, a model. I this case it’ll be a router configuration model.
  • Vars:Ā Ansible will build the actual configuration based on the defined model, using some values identified as vars

I’m pretty sure that this explanation is far to be clear at this time, but you can find many useful information on the official documentation website.


LAB SCENARIO

lab

The network is built using GNS3 and its VirtuaBox integration. This network includes:

  • A Cisco router:Ā Cisco IOS Software, 3600 Software (C3640-JK9S-M), Version 12.4(16)
  • A Juniper router:Ā JunOS Olive 12.1R1.9 (in VirtualBox)
  • A Vyatta router:Ā Brocade Vyatta 5415 vRouter 6.7 R9T60 (in VirtualBox)
  • A Linux machine: Ubuntu (in VirtualBox)

The devices are minimally configured, as shown here below where only the important configuration section, including interface configurations, are highlighted. In addition to this, I’ve enabled and configured SSH access for the user gabriele.

CISCO CONFIGURATION

interface FastEthernet0/0
 ip address 172.16.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 172.16.3.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet2/0
 ip address 172.16.1.1 255.255.255.0
 duplex auto
 speed auto
!

JUNIPER CONFIGURATION

[edit]
gabriele@Router1# show interfaces
em0 {
   unit 0 {
      family inet {
         address 172.16.4.1/24;
        }
    }
}
em1 {
   unit 0 {
      family inet {
         address 172.16.3.2/24;
        }
    }
}

VYATTA CONFIGURATION

[edit]
gabriele@vyatta# show interfaces
   ethernet eth0 {
   address 172.16.2.2/24
   duplex auto
   hw-id 08:00:27:d2:5f:38
   smp_affinity auto
   speed auto
 }
   ethernet eth1 {
   address 172.16.4.2/24
   duplex auto
   hw-id 08:00:27:58:e3:1c
   smp_affinity auto
   speed auto
 }

ANSIBLE CONFIGURATION

My project’s directory tree looks like this:


gabriele@gabriele-VirtualBox:~/Desktop/BGP$ find . -type d
.
./roles
./roles/router
./roles/router/vars
./roles/router/tasks
./roles/router/templates

Inside the tasksĀ subdirectory there is a file named main.yml


---
- name: Generate configuration files
 template: src=router_cisco.j2 dest=/home/gabriele/Desktop/BGP/{{item.hostname}}.txt
 with_items: cisco_template

- name: Generate configuration files
 template: src=router_juniper.j2 dest=/home/gabriele/Desktop/BGP/{{item.hostname}}.txt
 with_items: juniper_template

- name: Generate configuration files
 template: src=router_vyatta.j2 dest=/home/gabriele/Desktop/BGP/{{item.hostname}}.txt
 with_items: vyatta_template

The “—” pattern at the beginning of the file indicates it is a YAML file. The field calledĀ nameĀ  indicates the name of the tasks that have to be execute: generation of 3 template based on the structure of something calledĀ cisco_template, juniper_templateĀ andĀ  vyatta_template.Ā Where are those models?

They resides inside theĀ template directory..


gabriele@gabriele-VirtualBox:~/Desktop/BGP/roles/router/templates$ ls
router_cisco.j2 router_juniper.j2 router_vyatta.j2


..and they appear as follows.

router_cisco.j2


configure terminal
{% for interface in cisco_loopback %}
interface {{interface.name}}
ip address {{interface.address}} {{interface.mask}}
{% endfor %}

router bgp {{item.as}}
{% for neighbor in cisco_neighbors %}
neighbor {{neighbor.id}} remote-as {{neighbor.as}}
{% endfor %}
{% for loopback in cisco_loopback %}
network {{loopback.network}} mask {{loopback.mask}}
{% endfor %}


juniper_template.j2


configure
set protocols bgp group external-peers type external
set routing-options autonomous-system {{item.as}}
{% for neighbor in juniper_neighbors %}
set protocols bgp group external-peers neighbor {{neighbor.id}} peer-as {{neighbor.as}}
{% endfor %}
{% for loopback in juniper_loopback %}
set interface lo0 unit 0 family inet address {{loopback.address}}
set policy-options prefix-list Loopback {{loopback.network}}
{% endfor %}
set policy-options policy-statement ebgp term 1 from prefix-list Loopback
set policy-options policy-statement ebgp term 1 then accept
set protocols bgp group external-peers export ebgp
commit


vyatta_template.j2


configure
set protocols bgp {{item.as}}
{% for neighbor in vyatta_neighbors %}
set protocols bgp {{item.as}} neighbor {{neighbor.id}} remoteā€as {{neighbor.as}}
{% endfor %}
{% for loopback in vyatta_loopback %}
set interface loopback lo address {{loopback.address}}
set protocols bgp {{item.as}} network {{loopback.network}}
{% endfor %}
commit


These are Jinja2 files and, basically, are a set of configuration commands with something “strange”Ā inside. In fact, all the things inside curly braces are variable that Ansible will use to build the actual models.

So, for exampe, the snippet below means that somewhere (inside theĀ varsĀ directory) exists an iterableĀ calledĀ vyatta_loopbackĀ which can be looped and its values asĀ andĀ network areĀ assigned to the template.


{% for loopback in vyatta_loopback %}
set interface loopback lo address {{loopback.address}}
set protocols bgp {{item.as}} network {{loopback.network}}
{% endfor %}

One last thing should be examinated: theĀ varsĀ directory. Anyway, in this stage it is empty. Why? Because I decided to let the user to dinamically configure it using a Python script.


BGP Script

The whole project, including the Python script can be found here.

We can choose to execute theĀ AutomateBGP.pyĀ in 2 ways:

  • including some options likeĀ usernameĀ andĀ passwordĀ to be used for the SSH connection to the devices,Ā and a file_nameĀ containing devices’ IP addresses and platform.
  • if we execute it without including any parameters, the script will ask us to insert all the missing values.

After this, the user will be asked to insert some information about Loopback interfaces (address, network and mask), BGP AS and BGP neighbors.

screen

Now that we have all the information we needed, we can go back to theĀ varsĀ directory, where the script creates a newĀ main.ymlĀ file containing all the variables needed by Ansible to build the templates.


---
cisco_template:
- { hostname: cisco_template, as: 10 }

cisco_loopback:
- { name: lo0, address: 1.1.1.1, network: 1.1.1.0, mask: 255.255.255.0 }
- { name: lo1, address: 11.11.11.11, network: 11.11.11.0, mask: 255.255.255.0 }

cisco_neighbors:
- { id: 172.16.2.2, as: 30 }
- { id: 172.16.3.2, as: 20 }

juniper_template:
- { hostname: juniper_template, as: 20 }

juniper_loopback:
- { name: 1, address: 2.2.2.2/24, network: 2.2.2.0/24 }
- { name: 2, address: 22.22.22.22/24, network: 22.22.22.0/24 }

juniper_neighbors:
- { id: 172.16.3.1, as: 10 }
- { id: 172.16.4.2, as: 30 }

vyatta_template:
- { hostname: vyatta_template, as: 30 }

vyatta_loopback:
- { name: 1, address: 3.3.3.3/24, network: 3.3.3.0/24 }

vyatta_neighbors:

- { id: 172.16.2.1, as: 10 }
- { id: 172.16.4.1, as: 20 }

The next step is to let Ansible generate all the configuration template.


os.system("ansible-playbook site.yml")

This line of code has the effect to create 3 new text files: cisco_template.txt, juniper_template.txt, vyatta_template.txt.


PLAY [Generate router configuration files] ************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [router | Generate configuration files] *********************************
changed: [localhost] => (item={'as': 10, 'hostname': 'cisco_template'})

TASK: [router | Generate configuration files] *********************************
changed: [localhost] => (item={'as': 20, 'hostname': 'juniper_template'})

TASK: [router | Generate configuration files] *********************************
changed: [localhost] => (item={'as': 30, 'hostname': 'vyatta_template'})

PLAY RECAP ********************************************************************
localhost : ok=4 changed=3 unreachable=0 failed=0

cisco_template.txt


configure terminal
interface lo0
ip address 1.1.1.1 255.255.255.0
interface lo1
ip address 11.11.11.11 255.255.255.0

router bgp 10
neighbor 172.16.2.2 remote-as 30
neighbor 172.16.3.2 remote-as 20
network 1.1.1.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0

juniper_template.txt


configure
set protocols bgp group external-peers type external
set routing-options autonomous-system 20
set protocols bgp group external-peers neighbor 172.16.3.1 peer-as 10
set protocols bgp group external-peers neighbor 172.16.4.2 peer-as 30
set interface lo0 unit 0 family inet address 2.2.2.2/24
set policy-options prefix-list Loopback 2.2.2.0/24
set interface lo0 unit 0 family inet address 22.22.22.22/24
set policy-options prefix-list Loopback 22.22.22.0/24
set policy-options policy-statement ebgp term 1 from prefix-list Loopback
set policy-options policy-statement ebgp term 1 then accept
set protocols bgp group external-peers export ebgp
commit

vyatta_template.txt


configure
set protocols bgp 30
set protocols bgp 30 neighbor 172.16.2.1 remoteā€as 10
set protocols bgp 30 neighbor 172.16.4.1 remoteā€as 20
set interface loopback lo address 3.3.3.3/24
set protocols bgp 30 network 3.3.3.0/24
commit


PUSH IT!

One last step remains to complete the lab: pushing the configuration to the devices. I used ParamikoĀ to do so. It is a useful Python library to interact with network devices. I’ve written aĀ run_command()Ā function to split each template in single commands and then pushing them. Once the configuration is completed, the script informs you about the accomplishment.


def run_commands(ip_address, user, password, commandList, platform, buffer=5000):
    """ this function runs the specified commands on the node. """
    print "Configuring " + ip_address
    remote_conn_pre = paramiko.SSHClient()
    remote_conn_pre.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    remote_conn_pre.connect(ip_address, username=user, password=password)
    remote_conn = remote_conn_pre.invoke_shell()
    if platform == "cisco":
        remote_conn.send("enable\n")
        time.sleep(1)
        remote_conn.send(password+'\n')
        time.sleep(1)
    commands = commandList.split('\n')
    for com in commands:
        remote_conn.send(com+'\n')
        time.sleep(1)
        output = remote_conn.recv(buffer)

LET’S VERIFY

Now we can verify that everything has gone well (click the images to watch them larger)

Cisco

show

Juniper

show1

Vyatta

show2


CONCLUSIONS

It’s been really funny to code for this lab. If you look at the code, you’ll see it isn’t well optimized at all and it can be improved to catch exception, errors, adding use cases and so on. Anyway, my goal with this lab was to start playing with Ansible and to write some code, but it’d be too lenghty trying to optimize it at the moment.

I’m really interested in this kind of stuff so I’m always looking for new ideas to make some practice. Any kind of suggestion, tips or feedbacks are highly appreciated šŸ™‚

Bye!

Brocade Certified vRouter Engineer

I know I said that I’d have been focused on Linux skills during this month, but then I was reached out by this video from Brocade:

As the video explains, Brocade is giving the possibility to enroll in a free virtual course and obtain the Brocade Certified vRouter Engineer (BCVRE)Ā certification view a free voucher! In addition, the Brocade’s ads promote the certification as NFV (Network Function Virtualization)Ā related and this made it so interesting to me. So, I couldn’t help to start working on it.


Exam preparation

Exam objectives and informations can be found here

Brocade’s free course is organized into small video lectures (25 minutes circa each) for a total of 5 hours course. There is also a free study guide which can be used toĀ review some key topics and configurations. In addition to all of this Brocade has made available, for a 60-days trial, a vRouter image for you to make practice with its CLI.


Personal study experience

I enjoyed learning somenthing about Brocade products, but at the same time I’m quite disappointed with Brocade’s statement about the NFV nature of the course. In fact, the exam is not designed around NFV at all, if it were not for the virtual nature of the vRouter itself.

The exam is pretty simple being at an associted level. I only had to learn some vRouter features and the new CLI “language”. The latter is similar to Junos OS from Juniper and I had no problem with it since I passed my JNCIA exam one month ago.


Final impressions

My overall mood about the certification is pretty positive but now I feel the need to advance my knowledge on a more “vertical” direction. I will do so through the JNCISĀ cert.

Now (this time I promise šŸ™‚ ) I will focus more on Linux and Automation skills. In particular, I’m working on an network automation project so the next post will be about it.

Stay tuned šŸ™‚

Summer update

After a little break due to university exams and other tasks, here we are again with the challenge.

As I said before, my plan is to improve my Linux and Automation skills during August, delaying the start of my JNCIS studies. Based on all this, the plan includes:

  • Studying Linux systems. In order to have a structured approach to the subject I’ll start reading LPIC-1 stuff too. The reading list includesĀ LPI Linux Certification in a NutshellĀ andĀ The Linux Command Line: A Complete Introduction.
  • Go automate. The commitment is to start thinking and working on personal projects aboutĀ network automation (I need some ispiration and ideas, so suggestions are more thanĀ welcome šŸ™‚ ) and I’ll also work on a project shared with a friend. More updates in next posts.
  • Publish at least two more interviews to network engineer interns.

This will be a practical month, so expect labs, simulations and other fancy stuff. It’ll be fun šŸ˜€


P.S.

Facebook has published a new video about Career at FB and I find it absolutely stunning. It makes me think “Shut up and take my resume!” šŸ˜€


“When you find an opportunity grab it, run with it, make it your own”

First Milestone Reached: JNCIA Certified

Good news over here: today I passed the JNCIA exam, the first milestone of my Project:Me10 journey! šŸ˜€

I’m reeeeeally happy about that! I had no experience with Juniper products and at first I found it a little bit difficult to start typing in Junos (I used to think in IOS šŸ™‚ ) but, once this first obstacle has been overcome, the preparation has been pretty easy.

Junos OS is an interesting platform and the JNCIA exam is focused on convincing you about this (succeeding). A nice thing about the Juniper Network Certification Program, is that you can obtain a 50% voucher over the exam prize passing a practice test on their website. That’s great! I only spent 50$ for my JNCIA exam!

My only complaintĀ is about the exam blueprintĀ whichĀ lacks of focus onĀ major networking protocols and technologies. The certification is designed to be an introduction to Juniper’s world, but I thought I was gonna find moreĀ CCNA-like contents. That’s why I can’t wait to start my JNCIS journey (which is the second milestone of the Project), in which I’ll find some interesting topics like IS-IS, BGP and High Availability (among many others).

But first I’ll take a little break and I’ll work on some Linux and Network Automation skills (and projects šŸ™‚ ).

Stay tuned.

P.S.

Few weeks ago I’ve also won a 10$ Amazon Gift Card solving a game posted by David SwaffordĀ (Datacenter Network Engineer at Facebook) in a network automation focused group on Facebook, which required to parse this command output in order to obtain a dictionary of port-channel numbers to their member interfaces (my solution here).

Nothing special, but something is better than nothing šŸ˜€