Automate your network in 5 easy steps with Python and Netmiko
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 18 | |
| Autor | ||
| Mitwirkende | ||
| Lizenz | CC-Namensnennung 4.0 International: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/69806 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
5
12
00:00
ExpertensystemProzessautomationRechnernetzDatennetzNichtlinearer OperatorSoftwareentwicklerRouterSkriptspracheAdditionCoxeter-GruppeSystemtechnikProzessautomationProzess <Informatik>RechnernetzGesetz <Physik>ComputeranimationVorlesung/KonferenzXML
02:12
MathematikRechnernetzKonfigurationsraumElektronische PublikationDifferenteDatennetzElektronische PublikationMathematikRechnernetzKonfigurationsraumKontextbezogenes SystemComputeranimation
03:09
RechnernetzMathematikElektronische PublikationKonfigurationsraumMathematikElektronische PublikationCASE <Informatik>KonfigurationsraumRechter WinkelInhalt <Mathematik>FokalpunktDifferenteProgrammverifikationComputeranimationProgramm/Quellcode
04:27
RechnernetzMathematikElektronische PublikationKonfigurationsraumSampler <Musikinstrument>VerschlingungProtokoll <Datenverarbeitungssystem>VersionsverwaltungCASE <Informatik>KonfigurationsraumRechter WinkelNetzadresseInterface <Schaltung>LoopMathematikDeskriptive StatistikProgrammverifikationGleitendes MittelSystem FErwartungswertFreewareComputeranimationVorlesung/KonferenzJSONProgramm/Quellcode
06:18
FehlermeldungKonfigurationsraumHyperbelverfahrenKonfigurationsraumGeradeDokumentenserverElektronische PublikationDatennetzRechnernetzFehlermeldungComputeranimation
07:04
WiderspruchsfreiheitSkalierbarkeitRechnernetzMathematikZentrische StreckungDatennetzGarbentheorieSoftwareElektronische PublikationBitOpen SourceSkriptspracheDifferenteProdukt <Mathematik>FehlermeldungPunktMultiplikationsoperatorRechnernetzWort <Informatik>ProgrammbibliothekKonfigurationsraumUnternehmensarchitekturSkalierbarkeitUmwandlungsenthalpieVorlesung/KonferenzComputeranimationXML
09:23
KonfigurationsraumSoftwareentwicklerProgrammverifikationKonfigurationsraumMathematikDatennetzProgrammbibliothekRechnernetzGarbentheorieSkriptspracheDatenverwaltungEinfach zusammenhängender RaumErwartungswertNeuroinformatikVorlesung/KonferenzComputeranimation
10:46
ProzessautomationRechnernetzSuite <Programmpaket>DatennetzTypentheorieMailing-ListeKlasse <Mathematik>MultiplikationsoperatorMessage-PassingNetzadresseGeradeEinfach zusammenhängender RaumDeskriptive StatistikSystemplattformFolge <Mathematik>KonfigurationsraumInterface <Schaltung>Funktion <Mathematik>SkriptspracheProgrammverifikationPasswortLoopSchlüsselverwaltungDefaultInstantiierungData DictionaryRechter WinkelXMLProgramm/Quellcode
13:23
Protokoll <Datenverarbeitungssystem>VerschlingungFunktion <Mathematik>Interface <Schaltung>DatennetzNetzadresseProgramm/QuellcodeComputeranimation
14:03
URLSyntaktische AnalyseFunktion <Mathematik>AnströmwinkelInterface <Schaltung>Data DictionaryKonfiguration <Informatik>TypentheorieFunktion <Mathematik>SchaltnetzMailing-ListeSkriptspracheLoopSyntaktische AnalyseRechter WinkelVorlesung/KonferenzProgramm/Quellcode
15:22
Funktion <Mathematik>Syntaktische AnalyseGammafunktionMereologieRechter WinkelMailing-ListeKonfiguration <Informatik>Syntaktische AnalyseTemplateInterface <Schaltung>SkriptspracheFunktion <Mathematik>
15:53
GoogolOpen SourceDatennetzCLIInformationTemplateEin-AusgabeFunktion <Mathematik>TemplateFunktion <Mathematik>CLIEin-AusgabeSyntaktische AnalyseDatenstrukturOpen SourceDatennetzRechter WinkelInformationComputeranimation
16:28
ZeitzoneTemplateWebDAVMultiplikationsoperatorSkriptspracheZeitzoneStrömungsrichtungFunktion <Mathematik>MusterspracheDifferenteMinimumRechter WinkelRegulärer Ausdruck <Textverarbeitung>RechnernetzTemplateComputeranimation
17:31
Repository <Informatik>TemplateDatennetzRechnernetzDifferenteTemplateComputeranimation
18:02
Fundamentalsatz der AlgebraRechnernetzTemplateDatennetzFundamentalsatz der AlgebraSkriptspracheMultiplikationsoperatorOpen SourceNetzadresseParallelrechnerKonfigurationsraumDifferenteTemplateVariableSyntaktische AnalyseRohdatenRechnernetzThreadVorlesung/KonferenzComputeranimation
19:57
Simulated annealingSoftwareSoftwareentwicklerIntegritätsbereichExpertensystemDatennetzCOMRechnernetzSoftwareDatennetzDigitales ZertifikatMAPCodeWeg <Topologie>ExpertensystemMultiplikationsoperatorProzess <Informatik>StichprobenumfangProjektive EbeneE-LearningSystemtechnikNormalvektorSyntaktische AnalyseData MiningBitAssoziativgesetzSoftwareentwicklerSkriptspracheRechter WinkelVorlesung/KonferenzFlussdiagramm
21:51
Mobiles InternetRouterProtokoll <Datenverarbeitungssystem>KonfigurationsraumProgrammverifikationProgrammbibliothekEinfach zusammenhängender RaumZentrische StreckungDatennetzRechnernetzFramework <Informatik>SoftwaretestZurücksetzung <Transaktion>Interface <Schaltung>MathematikElektronische PublikationRechter WinkelSkriptspracheAggregatzustandPrimzahlzwillingeVirtuelle MaschineQuellcodeCodeProdukt <Mathematik>Güte der AnpassungFolge <Mathematik>MultiplikationsoperatorSuite <Programmpaket>Funktion <Mathematik>Physikalisches SystemMechanismus-Design-TheorieQuaderGleitendes MittelUnternehmensarchitekturRouterBitComputeranimationVorlesung/Konferenz
27:39
Objektorientiertes DesignPi <Zahl>BenutzerfreundlichkeitProgrammbibliothekVirtuelle MaschineNetzbetriebssystemRoutingPasswortMereologieDatennetzProgrammierumgebungRechter WinkelMultiplikationsoperatorMomentenproblemKonfigurationsraumPhysikalisches SystemRouterSoftwareAggregatzustandKonfiguration <Informatik>DifferenteGrenzschichtablösungRechnernetzElektronische PublikationEinfach zusammenhängender RaumKontrollstrukturVektorpotenzialReelle ZahlHardwareProdukt <Mathematik>ATMMathematikDatenverwaltungSystemplattformSkriptspracheZentrische StreckungE-MailVariableVirtualisierungGüte der AnpassungMusterspracheVorlesung/KonferenzJSON
Transkript: Englisch(automatisch erzeugt)
00:04
Luca Kupfeler is a System Engineer at Onweight, one of our sponsors. And in his job, he needs to automate a lot of stuff. And he loves network automation. Since I already struggle with configuring my router at home,
00:24
I'm not sure I share this love for network automation. But maybe if I could automate this trouble, I would learn to love it. So we are looking forward to hear about NetMiko, which might turn out to be a useful addition to your toolbox and handling network automation.
00:44
So, Luca, are you ready? Yes. Welcome to Lookup and thanks a lot. So, yeah. Hello, welcome. And welcome to my presentation about Automate Your Network in 5 ECPX with Python and NetMiko. So in this talk, I want to introduce you to the concept of network automation.
01:06
So what that is and why we need that. Now, I'm also going to talk about some network automation tools that you could use. And obviously, NetMiko is one of these tools. And after that, I'll talk about the five steps to automate your network with NetMiko.
01:23
And in the end, there's just some conclusion and next steps. So after this talk, you'll be able to understand challenges that network engineers face today. You'll also understand the need for network automation and you'll even be able to write some basic NetMiko scripts yourself.
01:44
Now, first, what is network automation? It's also called DevNet or NetDevOps. And it's actually quite similar to DevOps. So in DevOps, you combine software development with operations. And DevNet tries to do the same thing. So you combine software development with network engineering.
02:04
And basically what it means is that you just write scripts to manage your network. So to better show you how this works, I'm going to show you a more traditional network change workflow. So that's how people usually apply network changes today.
02:24
The first thing that a network engineer has to do is to prepare a change. So what would happen is that someone creates a folder with network configs in this example. And in this folder, we can see that we have a single folder for every device. And inside of these folders, we have a text file with the network change.
02:44
Here, you can see some example context or config on that file. So we have the first step where we just have some config commands that we want to apply to device. After that config is applied, we need to verify the config is actually working as expected.
03:02
So we execute different show commands. And in the end, if everything is working, we save the config. Now, changes usually happen after business hours to avoid any disruptions. This means that you start your change at 9 p.m. And if everything is working out well, maybe or hopefully you're finished by 10 p.m.
03:24
But that's just the best case example. It could also be that your config files look something like this. And I'm sure that if you worked with Word files in the past, you're familiar with that. So you prepare everything, and sooner or later you realize that you need to add some changes or verify something.
03:44
So you copy the config file, add some more content in there, and maybe or hopefully you're happy with that. But maybe you also add some more or different configs. Let's focus on just this example right here. For the Switch 2 device, we have three different config files.
04:04
And what I want to show you is that no one is really sure which of these config files is correct. So it could be the final two config files, but it could also be another config file. And no one really knows. Only the engineer who created these config files knows for sure. But I'm sure that he even forgets that a few hours after he copied these files.
04:26
Now, if your config files look like this, your working hours tend to lean more towards the worst case. So you still start at 9 p.m., applying the config is quite quickly, but then you have some issues and you need to troubleshoot something,
04:42
and maybe you're not finished until 5 a.m. And even then, maybe the change is not successful and you need to perform a rollback and revert all the changes. Now, in the next example right here, I'm going to show you how such a change is performed. So an engineer has to manually SSH into a device.
05:03
And once that is done, we can enter the config command to configure the device. And in this example right here, I'm just going to configure a simple loopback interface. So we execute the interface loopback42 command. And here we can now set a description for that.
05:22
So in this example, Swiss Python Summit with a typo. So that's a mistake, we need to fix that. And we do that by simply writing the same description command again to override the previous command. And in the end, all that is left to do is to add an IP address for that interface.
05:41
Once that is finished, we can exit the config command and start with our verification. So the first command you're going to execute is to show IP interface free. And with that command, we can see all the different interfaces we have on that device. Right here we can see that we have the loopback42 interface.
06:01
And the last step right now is to show the running config of that interface and verify that everything is configured as expected. Here we can see the config that we applied. So right now we're finished and everything should be working. Now, there are several challenges we faced with this workflow.
06:23
And as network engineers, we are humans too. And some of the most common mistakes are just basically human error. So it could be that you make some copy-paste mistakes. So when you open your config file, you forget to copy all the lines that you want to apply to the device. And then there's something missing.
06:42
Another mistake could be that you opened the wrong config file and applied the wrong config to the wrong device. And you don't realize that until much later. And the last mistake is just that you completely forget to configure a device. Now, another mistake or challenge is that a lot of network engineers do not know about versioning.
07:03
So it would be a quick fix if we just add all the config files to Git repository and do some commits in there. And that way we would see all the changes between the config files. But again, not a lot of network engineers know about that. And this leads us to the benefits of network automation.
07:22
So that's actually the solution for most of the challenges I just mentioned. So basically, you write software that applies all the different config files for you. And you still start the change at 9 p.m., but with the press of a button, the script applies all the different configs for you.
07:42
So scripts tend to do not human errors, unless you have some bugs, but at least everything will be applied consistently across all different devices. Now, you're also more efficient because if the script executes all the changes, you only press a button and five minutes later, everything should be finished. And because of that, downtimes are also significantly reduced.
08:05
And the last point is just scalability, because scripts scale much better than humans. I mean, sure, a script will take a bit more time to run if you execute it across more devices, but it's still much faster than if a human would try to do the same.
08:22
Now, before we start with the network automation itself, just one word of caution. Network automation is great because it allows us to apply a lot of changes to a lot of different devices, but there's actually no faster way to bring down a whole production network than with network automation. So before you start your change, just make sure and verify that everything or all the configs are actually correct
08:46
and you're sure that you want to apply all the configs to the devices. Now, in this next section, I want to introduce you to some network automation tools or Netmico specifically. Now, there are a lot of different tools for network automation out there that you could use.
09:04
Some of them are geared more towards enterprise networks, some are easier to learn, and some others are more flexible or offer more performance. Now, in my talk, I want to introduce you to Netmico. This is an open source Python library developed by Kirk Byers.
09:22
It is designed to simplify the automation of network devices. Netmico is built on top of the Paramico library, and that's another Python library that just enables SSH connections to a device, and then Netmico adds features and methods on top of that to simplify network device management.
09:42
In my opinion, Netmico is one of the easiest tools out there to learn, and it's both easy to read and understand for both network engineers and software developers. So in the next section, I'm now going to introduce you then to some config examples,
10:00
and you shouldn't have a problem to follow that. And in fact, I'm even 100% sure that after listening to my talk, all of you should be able to start writing basic Netmico scripts. So first, let's talk about how Netmico works. Basically, the first steps that we need to do is to establish an SSH connection to a device.
10:23
Once that connection is established, we can then send commands over the connection to computer devices, and that's just the next step. So we send config commands and apply all the changes to a device. And the last step, after we configured all the devices,
10:41
we need to do some verification and check if everything is working as expected. So without further ado, here are the five steps to automate your network using Netmico. First, we need to define an inventory. In here, I'm just inside of a Python script, and I created a dictionary with some key values.
11:03
So the first one you can see right here is the device type, which is Cisco Annex OS. Cisco is the manufacturer, and Annex OS is the platform. Next, we add a host. In this example, it's an FQDN, but it could also be an IP address. And in the last two lines, we add the username and the password that we need to authenticate.
11:26
Now, by default, Netmico is using port 22 for SSH, and if your device is using something else, you should also add that in here. Once we specified that inventory, it's time to connect to the device.
11:44
To do that, we import the connect handle clause from Netmico, and we can then use or create an instance of the connect handle clause and simply pass in the whole dictionary that we created previously. So if you execute the script right now, you would have an SSH connection to one of your devices.
12:05
The next step after we establish the SSH connection is to send some config commands. So right here, you can see that we have a simple list with some commands in here. So the first one that we want to execute is interface loopback 42 to create a new loopback interface.
12:22
Then we add a description, and we also specify an IP address. So these are the same commands that you've seen previously when we logged in manually to a device and executed every command by hand. Now, to send this config to a device, we use the send config set method of the connect handle clause, and we simply pass in the whole list of commands,
12:44
and every command will be executed in sequence. So if you execute the script right now, you would have created a new interface. So the next step is to do some verification, and we can do that by using the send command method,
13:02
again, from the connect handle clause, and inside of that method, we specify a show command that we want to execute on one of our devices. Right here, we are just executing the show IP interface brief command, and in the last line, we just print out the whole output.
13:24
So right here, you can see the output that we receive when we execute this command, and this is the same output that you've seen previously when we executed that command manually. Now, this is quite easy for us to understand.
13:41
So right now, you can see we have some different interfaces, and every interface has an IP address and an interface status. And that's one of the biggest problems that we have in network engineering, because network devices were created for humans, so that the human executes commands on a device, and the human executes show commands to verify everything's working.
14:03
If you have a Python script, you want to do the verification inside of your script, but if you have some output like this, it's quite difficult to use that inside of a Python script, because you need to do some parsing, so maybe you have to iterate over each line and do some regex
14:20
and see if your loopback42 interface is configured or not. So this leads us to the last step in our five steps. So right now, we just want to parse the output. So we want to have the raw data that I showed you previously, and we have to do some parsing
14:40
so that we have a list with dictionaries or something like that that we can then use inside of our Python script. And right here, we can see that it's quite simple. So inside of the sendCommand method, we simply add the useTextFSM option and set this one to true. And in the background, it will, or NetMiko will use TextFSM templates to parse the output.
15:04
And by combining the device type from the top of the script, so the Cisco Annex OS, with the combination of the showCommand that we execute, NetMiko knows which template it should use to parse our data.
15:21
And if you execute the same script again, you should receive some output like this. So I just omitted a part of it to make it more visible. So right now, you can see that we have a list with all different interfaces, and you see each interface is a dictionary with some key and values. And it's much easier to use that inside of a Python script right now.
15:43
Now, parsing looks quite simple because it was just this single option that we specified. But in the background, there's quite a lot going on by using the TextFSM templates. So what is that? This is an open source tool developed by Google,
16:00
and it is used to parse semi-structured text into structured outputs. And it was specifically designed to access information from the CLI of network devices and parse that output. And basically how it works is that it takes a template, so you have a TextFSM template, and you combine it with some raw input. So that's the showCommand that you execute on the device.
16:22
And if you combine these two, you receive some parsed output. Now, right here, you can see an example of a TextFSM template that I wrote the other day. So on the top left, you can see a showCommand that we execute on one of the devices. And right here, it's just showClock,
16:42
which shows us the current date, current time, and the time zone. And then on the bottom left, you can see the TextFSM template. First of all, we specify some values. For example, the year, which is identified by a regex pattern. And we do that for every value that we want to extract from our output.
17:02
And at the bottom of this TextFSM template, you can see that we just combine all the different values from the top, and we try to match the output that we receive on the CLI. And if we combine this raw output with the TextFSM template,
17:22
we receive the output on the right side. So right now, we have a dictionary with some key values that we can then use inside of our script. Now, luckily for you, there's a company called Network to Code, and they provide a lot of different TextFSM templates. So this repository contains more than 800 different templates
17:44
from more than 50 vendors. So if you use one of the most common network devices or vendors, you shouldn't have the issue of writing these TextFSM templates all by yourself. So yeah, these were the five steps to automate your network using Netmico.
18:03
So right now, I just want to do some conclusion and give you some outlook. So you've learned more about the network automation fundamentals and why we need network automation in general. You also learned the basics of Netmico, and you should be able to write some basic Netmico scripts by yourself.
18:23
And I even showed you how the parsing using TextFSM templates actually works. So what now? Vertical next. So the example I showed you is, again, quite simple. I specify the network device directly inside of Python script,
18:43
and obviously, you wouldn't do that because you would have to change that every time. So a good approach would be to use some external inventory or source of truth, like Netbox. Netbox is a tool where you can add all your different network devices
19:01
and IP addresses and stuff like that, and then you can extract that data inside of your Netmico script, which will make it more scalable. Another idea would be that we replace the config commands, which we, again, added directly inside of the script, and that you extract these config scripts and do some change-up templates with that
19:22
and combine that with variables that you receive from Netbox, for example, which will make your script more scalable, so you can use it across more devices. And another idea would be to add some multithreading or parallel programming or asynchronous programming, for example, using AsyncIO,
19:43
and I think there's even a talk later today that introduces you to that. And this will make our scripts more scalable so that we can configure more devices at the same time and do not have to wait. So, yeah, what are the next steps for now? Network automation is actually quite new,
20:03
and there's the company called Cisco, and they released a new DevNet certification track. This certification track is designed for network engineers who want to go into network automation, but you are all software developers, so it would be much easier for you to get started with these certificates.
20:21
So you could skip the associate and the specialist level, for example, and just go for the professional and the expert level certification. And there's also quite a lot of demand for network engineers, right? Sorry, network automation engineers. And, yeah, I even took the DevNet expert certificate,
20:41
and after I passed this certification, I decided to create my own e-learning for this certificate. And why am I showing you this? So I understand that for a lot of software developers, it's quite difficult to get started with network automation because maybe you do not have a network device lying around that you can use to do some labs.
21:01
So I decided to create a small sample course where you get some hands-on experience using Netmic code. So inside of this course, you'll be able to write your scripts, I'm going to show you how you can find some sandbox devices that you can use to execute some commands on top of them,
21:22
and we'll also do some parsing. Now, unfortunately, it took me a bit more time to prepare this talk, so I didn't have time to release that course yet, but if you come back in a week, this course should be ready. And, yeah, DevNet Academy is just a side project of mine. I also have a normal day job where I work at Oneway,
21:42
and it was already announced that they are the sponsor, or a sponsor of the Swiss Python Summit. So we are a company of around 30 employees, but we manage more than 500 virtual machines, we manage more than 6,000 mobile routers, and there are around 500,000 daily active Wi-Fi sessions on our network.
22:05
And, in fact, I'm almost certain that all of you connected to one of our networks without even knowing that it was our company. So, yeah, if you have any questions about that, it would be awesome if you come to me and talk with me.
22:22
So, yeah, that's actually it about my talk for now. So I hope you enjoyed it and you learned something new. I think there's some time if you have any questions.
22:43
Yes, there is indeed some time for questions, so raise your hand. We have one over here on the left. How do you do testing?
23:00
How do you know that when you make one of these scripts that they will not cost box at 10 o'clock in the evening? It's quite difficult because you basically need to have a lab and execute your scripts first against some device where it doesn't matter if it doesn't work in the end because, I mean, most of the companies do not have,
23:23
or most of the companies have one production network and they do not have a digital twin with a lot of devices that mimics the same network. And Netmiko is just one of the simple scripts. There are more advanced tools or protocols out there that would perform a rollback if something doesn't work, but with Netmiko you do not have that.
23:41
So basically it just opens an SSH connection and sends the commands and there's no mechanism that detects that your config is not working in the end. So you have to have a lab, execute your script against a lab device and verify if everything is working in there. From right there.
24:02
Good morning, everyone. From my side I would be interested... Can you hear me? Sorry, can you hear me? Good morning, everyone. From my side I would like to ask if you have observed as well the opportunity of PyATS because this networking automation framework
24:21
allows you to actually do quite easily pre-checks, both checks, and especially for the big vendors. It's quite supportive. Tell us something about this. Yeah, PyATS would be another tool that you could use. Most of you maybe know about PyTest.
24:41
This is a library that you can use to just test your code. There's Florian in the background right there. PyTest is designed to test software code. And we need to have a similar framework to test configs on network devices. And that's where PyATS comes in. So it's called automated test system.
25:03
Something like that, I guess. And it was used to test config of network devices. So it allows you to establish a connection to one of your devices, execute some commands on the device and verify that the output is working. And in the end, you have a suite of tests that you can execute
25:23
and it will tell you that all of your config is correct or not. So for example, before you do a change, you start all your tests and verify that all your interfaces are up, all your OSPF neighbors are active, all your BGP sessions are enabled or established.
25:40
And when you verify that everything is working, you could start your change. So you use a script to apply the config to all the devices. And when you're certain that you're finished with the change, you execute the PyATS test again and verify that everything is still working.
26:00
So it's much faster to do that by hand than to just SSH into a device and do the verification by hand. So did that answer your question? A little bit. And secondary, basically you've showed some configuration, but from the scale of, let's say, this 500 VMs,
26:23
I'm wondering how big is the template size and so on. So what we do at our company, we do not manage the virtual machines using NetMiko. We use Ansible to do that. But yeah, it would be quite a lot of,
26:40
I mean, it depends on your network. So or the change that you want to do. And under certain circumstances, your config files would be quite large that you want to apply to the device. And if you want to have like a more enterprise-grade network automation tool, you would use something like NetConf. That's a more advanced protocol that you could use.
27:01
And the benefit of that is that it will basically do a rollback of all your changes if something doesn't work. So right now, with this NetMiko script, the problem is that it executes every command in sequence across 10 devices, for example. But if there's a mistake on one of these devices, it's quite difficult for us to figure out
27:22
what it actually applied and where it stopped. So we need to do manual troubleshooting to figure that out. And the benefit with NetMiko, no sorry, the benefit with NetConf is that it would do an automatic rollback of all the devices and you always know what kind of state your network is in.
27:41
Thank you. Do you have a question over there? Hello, good morning. Thank you for the talk. That was very interesting. I would be quite excited to try this stuff, but could you maybe advise some affordable routers and switches that I could buy to play around? So the cool part is that you actually do not
28:01
have to buy network devices. So Cisco has some sandbox devices that you could use. So all you need to do is create a free account on their platform and then you get access to these sandbox devices. And the device I showed in here is also one of these sandbox devices. So it's available for you. You can SSH onto that device and execute commands.
28:22
So you do not have to actually buy some hardware. I want to buy hardware to do real stuff. Okay, yeah, you can still do that. I mean, yeah, I do not know how you would do that.
28:41
I never decided to buy some hardware. So maybe you could go to eBay or something like that. But yeah, all you basically need is a device which enables SSH connections to contribute to the devices. And then it doesn't matter what kind of devices that you use to automate. Are there further questions?
29:02
They're in the back. Hi. I just saw that... So you said that you use Ansible for the VM. Yes. Netmiko for the configuration devices.
29:23
The network devices. Can you briefly explain why you would use the difference between them? And then with my understanding with Ansible, you have a playbook that tells the final state of what you want your VMs to be. How would you handle that with Netmiko?
29:41
So we actually do not use... At the moment, we don't use Netmiko in our company. So to manage the virtual machines, we use Ansible. And to manage our mobile routers, we use our own software. So they have our... We developed the operating system on the devices or on the routers. So we use our own config to manage them.
30:01
Now, again, yeah, for Ansible, we have lots of different roles or playbooks. And we do execute all playbooks and all roles across all devices once per night. And then in the morning, we receive an email where you just see what changed the day before.
30:20
So one thing that we struggled with is that before we had Ansible in our company, a lot of people just logged in manually to a device, applied some changes, and that's it. And for us, if you have 500 virtual machines, it's quite difficult to figure out the current state all your VMs are in. So how do we know that someone changed something on one VM and now it's not working and this doesn't scale really well?
30:42
So with Ansible, we can execute all the roles, all the playbooks in check mode, and then we see the changes and we see, okay, in this config file, something changed, and then we can figure out why that changed. So maybe it was a quick fix because there was an issue, and then we need to take this change inside of our playbooks or roles and apply it across all devices.
31:01
Or maybe that was just a mistake because by accident, someone logged into a device, deleted a line inside of a config file and didn't realize that. So with Ansible, we get the current state of our infrastructure basically every day. Sorry, but is there a specific reason why you wouldn't use Ansible for the network license?
31:23
I mean, you could use Ansible for the network as well, so that's also one of the tools that you could use, right? But this is a Python summit and not an Ansible summit, so I decided to use NATMECO to show you that. And I went for NATMECO because it's one of the simpler
31:41
and easier to use libraries out there. So that's basically the reason why NATMECO. Yeah, perfect, thanks. You're welcome. All right, we have time for one more question over there. Yeah, I have questions regarding your example.
32:03
How do you manage credentials with NATMECO? Because in your example, you had it in plain text and I'm sure for big productions, you don't want to have it in plain text and like in GitLab.
32:20
So what different options do you have for NATMECO? So just to mention, the credential or the password I added in there was replaced by me, so I didn't actually add in the correct password. But yeah, it's an issue that we have in network automation and there are several steps or things that you could do.
32:40
So if you have the same password across all different devices, you could save the password as environment variable and do that. Now there's even some more advanced tools or basically you could use HashiCorp Vault to add your credentials in there and then you have some API calls inside of your pattern script
33:00
that tries to extract the password of the devices. So that's what I would do. Thanks a lot. Thank you. Yeah, we will have time in the coffee break afterwards to ask even more questions. I'm sure you will be available. Yeah, if you have any questions, just come talk to me. Thank you very much.