Category: automation

One of my readers sent me a description of their automation system that manages firewall rulesets on Fortigate firewalls using NAPALM to manage device configurations.

In his own words:

We are now managing thousands of address objects, services and firewall policies using David Barroso’s FortiOS Napalm module. This works very well and with a few caveats (such as finding a way to enforce the ordering of firewall policies) we are able to manage all the configuration of our firewalls from a single Ansible playbook.

The did the right thing and implemented an abstracted data model using GitOps to manage it:

One of the attendees of my Building Network Automation Solutions online course sent me this suggestion:

Stick to JUST Ansible - no GitHub, Vagrant, Docker or even Python - all of which come with their own significant learning curves.

While I understand how overwhelming the full-blown network automation landscape is to someone who never touched programming, you have to make a hard choice when you decide to start the learning process: do you want to master a single tool, or understand a whole new technology area and be able to select the best tool for the job on as-needed basis.

Last week we published the first half of interview with Patrick Ogenstad, guest speaker in Spring 2019 Building Network Automation Solutions online course (register here). Here’s the second half.

ZTP is about provisioning. Can this include configuration as well?

You could argue that provisioning is a form of configuration and in that sense, provisioning can certainly include configuration. If your ZTP solution is good at configuration management is another question.

The final topic David Gee and Christoph Jaggi mentioned in their interview was big data and AI (see also: automated workflows, hygiene of network automation and network automation security):

Two other concurrent buzzwords are big data and artificial intelligence. Can they be helpful for automation?

Big Data can provide a rich pool of event-sourcing information and, as infrastructures get more complex, it’s essential that automation triggers are as accurate as possible.

Zero-touch provisioning is always one of the big topics in the Building Network Automation Solutions online course, so we decided to invite Patrick Ogenstad (the author of excellent ZTP tutorial) to be a guest speaker in Spring 2019 course (register here).

In the meantime, enjoy his interview with Christoph Jaggi.

Last week we published Matt Oswalt’s thoughts on using virtual labs in training and testing. In the second part of his interview with Christoph Jaggi he talked about building a virtual lab.

Matt will cover the same topic in way more details in his guest speaker presentation in Spring 2019 Building Network Automation Solutions online course. Register here.

One of the fundamentals I always emphasize in introductory parts of my network automation workshops and online courses is the fact that we’re about to develop software that will control the most-mission-critical part of IT infrastructure, and should therefore use software development methodologies like version control, testing…

However, there’s a “small” glitch. While it’s perfectly possible to test most software in some virtual environment you can spin up on-the-fly using Vagrant, Docker, Jenkins, Travis, or some other CI/CD tool, testing a network automation solution requires access to network devices.

One of the points David Gee, a guest speaker in Spring 2019 Building Networking Automation Solutions online course, and Christoph Jaggi touched on in their interview was the security of network automation solutions (see also: automated workflows and hygiene of network automation).

What are the security risks for automation?

Security is an approach, not an afterthought.

David Gee decided to talk about hygiene of network automation in the Spring 2019 Building Network Automation Solutions online course, and (not surprisingly) Christoph Jaggi wanted to know more:

You highlight the hygiene of automation. What is it and why does it matter?

Hygiene is the important but boring bit of automation most beginners and amateurs pass by.

After a series of forward-looking podcast episodes we returned to real life and talked with Carl Buchmann about his network automation journey, from managing upgrades with Excel and using Excel as the configuration consistency tool to network-infrastructure-as-code concepts he described in a guest blog post in February 2018

David Gee is coming back to Building Network Automation Solutions online course – in early March 2019 he’ll talk about hygiene of network automation. Christoph Jaggi did an interview with him to learn more about the details of his talk, and they quickly diverted into an interesting area: automated workflows.

Automation is about automated workflows. What kind of workflows can be automated in IT and networking?

Workflows most often fall into categorizations of build, operations and remediation.

You know that time of year when snowflakes mean more than description of uniqueness of your networking infrastructure? Some people love to complain about that season and how the weather hinders them, others put on sturdy winter boots and down jackets, change tires on their car, and have tons of fun.

Network automation is no different. Sometimes you can persuade your peers that it makes sense to simplify and standardize the infrastructure to make it easier to abstract and automate (consider that an equivalent of going to a tropic island with shiny beaches and everlasting summer), other times you have to take out your winter boots and make the best out of what you got.

In spring 2018 I started collecting real-life automation wins reported by the attendees of my Building Network Automation Solutions online course. I presented them at Troopers, and as a set of network automation use cases that are available to all ipSpace.net subscribers, some of them even with free subscription.

Today let’s start with how did it start story.

This blog post was initially sent to subscribers of my SDN and Network Automation mailing list. Subscribe here.

After publishing the Manual Work Is a Bug blog post, I got this feedback from Michele Chubirka explaining why automating changes in your network also increases network security:

The “everyone should be a programmer” crowd did a really good job of scaring network engineers (congratulations, just what we need!). Here’s a typical question I’m getting:

Do I need to be good in scripting to attend your automation course.

TL&DR: Absolutely not.