Netmiko and TextFSM

By Kirk Byers

In Netmiko 2.0, I added support for direct integration to TextFSM particularly for ntc-templates.

What does TextFSM and ntc-templates allow you to do?

Simply stated, it allows you to take unstructured data and convert it to structured data. Or worded differently, it takes a block of text and converts it to lists and dictionaries (or some combination thereof).

Expanding Netmiko's Secure Copy Support

By Kirk Byers

I have recently been working on expanding the Secure Copy file transfer capabilities that are included in Netmiko. Ultimately this code should make OS upgrades and other file transfer operations easier to accomplish.

At this point, I have working and tested code on Cisco IOS, IOS-XE, NX-OS, IOS-XR, Juniper Junos, and Arista EOS. This is for both Secure Copy 'get' and 'put' operations and also includes associated methods that check whether the file exists, that verify disk space is available and that perform an MD5 comparison on the transferred file.

Using Ansible to Configure and Verify DHCP Helpers

By Kirk Byers

The problem...

I need to configure a DHCP helper on a set of VLANs across a set of network devices. I also need to ensure that DHCP helpers are not configured on any other VLANs besides the ones specified.

Additional qualifications—the network devices are brownfield. In other words, I can't just load full configurations programmatically (i.e. skip the verification step because I am generating the entire configuration).

Ansible and Network Backup

By Kirk Byers

There are obviously a lot of solutions for backing up network device configurations.

Let's look at how this could be accomplished using Ansible.

First, let's start by backing up some Cisco IOS devices (i.e. just using plain-old SSH).

Expanding netmiko-tools

By Kirk Byers

A few months back I created a grep-like utility based on Netmiko. At the time, I wrote an article about that utility including details on specifying the device inventory. I recently expanded on these netmiko-tools by adding two new utilities: netmiko-show and netmiko-cfg. I would consider these two utilities experimental at this point.

The install process is straightforward. On a Linux system, do the following:

# Requires Netmiko >= 1.0.0
$ pip install netmiko
$ git clone https://github.com/ktbyers/netmiko_tools/
$ cd netmiko_tools/netmiko_tools/

Zero-Touch ASA Upgrade using Python

By Kirk Byers

Because of Cisco's recent IKE vulnerability, I have some Cisco ASAs that need upgraded. One of these ASAs is in my lab environment and I thought it would be interesting to upgrade this ASA programmatically.

This lab ASA is currently running an old operating system (*cough*, *cough*, 8.0(4)32...yes, I know it's old). In order to get started, I created a virtualenv on one of my AWS servers and then installed Netmiko 0.4.1. This AWS server has SSH access into the ASA.

Through a process of iterative testing, I wrote the following code.

NAPALM, Ansible, and Cisco IOS

By Kirk Byers

In 2015, David Barroso and Elisa Jasinska created a library called NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support).

The general idea behind this library is to create a standardized, multivendor interface for certain file and get operations. Last fall, Gabriele Gerbino added Cisco IOS support to NAPALM.

Independent of NAPALM, I have been thinking about and experimenting with programmatic file operations using Cisco IOS. I wrote a proof of concept related to this here. Consequently, I thought it made sense to add/improve the Cisco IOS file operations in NAPALM.

Netmiko Library

By Kirk Byers

Since late 2014, I have been working on an open-source Python library that simplifies SSH management to network devices. The library is based on the Paramiko SSH library and is named Netmiko.

You can find the library here and the latest released version of the software can be downloaded here.

The purposes of the library are the following:

Automating Cisco IOS

By Kirk Byers

I recently started working on a method to automate various tasks in Cisco IOS using Python and Ansible. The general method consists of an SSH control channel and a separate SCP channel to transfer files.

Once you have a reliable, programmatic file transfer mechanism, then there are several interesting automation use cases--loading new software images; loading a device's initial configuration; restoring a configuration (for a failed device); loading configuration changes (configuration merge); and loading a completely new configuration file (configure replace).

Arista and Ansible using pyeapi

By Kirk Byers

Arista recently created a library called pyeapi and they have integrated this library into their Ansible modules.

pyeapi itself is fairly staightforward to use. The main gotcha is that you need to create a .eapi.conf file in your home directory. This file contains information about the connection:

Ansible and Dynamic Inventory

By Kirk Byers

So you are chugging along using Ansible, but are having problems maintaining your Ansible inventory.

Remember, Ansible uses inventory information about hosts and groups of hosts to connect to and manage client devices. By default, inventory information is stored in /etc/ansible/hosts. This inventory information can also be expanded to include the 'group_vars' and 'host_vars' directories.

An example, Ansible inventory file could look like the following:

Juniper's PyEZ - Loading Configuration Changes

By Kirk Byers

Juniper has a Python library known as PyEZ which was created to simplify the programmatic management and control of Juniper devices.

You can find the PyEZ library at: https://github.com/Juniper/py-junos-eznc

This library relies upon the Junos API which uses NETCONF. NETCONF is a standardized protocol that facilitates the programmatic control and management of network devices. It was first published in December of 2006 in RFC4741 and was later revised in RFC6241.

Juniper's PyEZ - Commit, Confirm, Rollback

By Kirk Byers

In the last article, we loaded configuration changes from a file using PyEZ. Now let's look at some other aspects of PyEZ and configuration file management.

First, let's lock the candidate config so that no one else can make changes:

Getting Started with Juniper and Ansible

By Kirk Byers

In this article, I will discuss the steps required to use Ansible on Juniper equipment. We will then use Ansible to gather facts from a Juniper SRX. Finally, we will use Ansible to transfer a small configuration change to the SRX.

For more information on Ansible, see the following:

Network Config Templating using Ansible, Part1

By Kirk Byers

In this article, I will show you how to use Ansible to generate network device configurations based on a template and a variables file. The article presupposes that you have Ansible installed on your system and you have some basic familiarity with Ansible. The Ansible documentation is very good. You can find it at http://docs.ansible.com/. You might want to read through the Getting Started section and through some of the Intro to Playbooks section. Both of these sections are fairly short.

The general problem that we are trying to solve is—we want a systematic way of creating network device configurations based on templates and variables.

Network Config Templating using Ansible, Part2

By Kirk Byers

In Part1 of this series, I established a basic framework for using Ansible for network device configuration templating. In this article, I am going to expand upon this to generate the entire router configuration for five fictional remote-office routers.

As a quick reminder, we have three parts to our templating system—1)the tasks file (tasks/main.yml), 2)the vars file (vars/main.yml), and 3)the template file (templates/router.j2). These are all organized under an Ansible role (in my example, ./RTR-TEMPLATE/roles/router).

Network Config Templating using Ansible, Part3

By Kirk Byers

In Part1 of this blog series, I demonstrated the basics of using Ansible for network configuration templating. In Part2, I expanded upon this system to create full configuration files including using conditionals. In this article, I am going to generalize the system and show you how to: 1)use different templates for a single role, 2)create a template hierarchy, and 3)use different roles.

As a quick reminder, there are three parts to this system—1)the tasks file (tasks/main.yml), 2)the vars file (vars/main.yml), and 3)the template file (currently, templates/router.j2). These files are all organized under an Ansible role (in my example, ./RTR-TEMPLATE/roles/router).