Nornir Network Automation

Nornir is a Python library designed for Network Automation tasks. It enables Network Engineers to use Python to manage and automate their network devices. Unlike tools like Ansible which rely on domain-specific languages, Nornir leverages the full power of Python, giving you more flexibility and control over your automation scripts.

Nornir feels like what you'd get if Ansible and Python had a baby. If you're used to Ansible, you know that you first set up your inventory, write tasks, and execute them on all or selected devices concurrently. Nornir operates similarly, but the big difference is you use Python code instead of any Domain Specific Language.

My Life Without Nornir

Before I discovered Nornir, my approach to Python automation involved manually setting up a list of devices, specifying each one's vendor, and credentials. This setup could be a simple Python list or a dictionary. Then, I'd loop through each device with a for loop, using libraries like Netmiko or Napalm to execute tasks. These tasks ranged from getting data from the devices to sending configurations. Here is a very simple snippet of managing the devices and using them with Netmiko. This method can get complicated very easily once you start Continue reading

Getting Started With Juniper PyEZ Library

In this blog post, we're diving into how to use the PyEZ Python library to interact with Juniper devices. I'll be working with a Juniper vMX device as our example, but PyEZ can work with any other Junos-based device. So, whether you have a vMX, an SRX, or any other Junos device, you'll find this guide helpful.

What we will cover?

• What is Juniper PyEZ?
• Why do we need PyEZ?
• Prerequisites
• Getting facts from Juniper vMX
• Getting Interface Stats and Errors
• A few things to note
• Closing thoughts

What is Juniper PyEZ?

Junos PyEZ is a microframework for Python that enables you to manage and automate Junos devices. Junos PyEZ is designed to provide the capabilities that we would typically get from the CLI.

You can use Junos PyEZ to retrieve facts or operational information from a device, execute remote procedure calls (RPC) available through the Junos XML API and even install or upgrade the Junos software. But for the sake of this example, we will retrieve the facts from the vMX and then retrieve some interface statistics.

But, Why Do I need PyEZ?

If you're wondering why we need PyEZ, here's a straightforward reason from my experience. I often Continue reading

My Experience with IP Fabric Automated Network Assurance Platform

I've been following IP Fabric for some time now, checking out their updates and reading their blog posts. It made me curious to want to give their platform a try myself. So, I did just that and thought it'd be helpful to share my thoughts and experiences with you.

If you're curious about IP Fabric too, they offer a 90-day lab license, which is a great way to get hands-on with the platform. The nice people over at IP Fabric set me up with a trial license and I found the setup process to be very straightforward. In fact, it took me less than an hour to get everything up and running.

What we will cover?

• What is IP Fabric?
• Installation
• Automated Network Discovery
• What is a Snapshot?
• Topology Visualization
• Intent-based Verification
• Compliance and Security Checks
• Other Useful Features
• Closing thoughts

What is 'IP Fabric Automated Continue reading

Containerlab – Creating Network Labs Can’t Be Any Easier

What if I tell you that all you need is just a YAML file with just a bunch of lines to create a Network Lab that can run easily on your laptop? You'd call me crazy, right?

Well, in this blog post, I'll walk you through what Containerlab is and how it can simplify creating and managing your labs with ease. Let's dive in.

What we will cover?

• What is containerlab?
• Comparing EVE-NG/GNS3 to Containerlab
• Installation and initial setup
• Lab images (Arista cEOS)
• Containerlab terminology
• Lab example
• Cleaning up
• Closing thoughts

Cisco Restconf - Get Operational Data

In this blog post, we’ll use Restconf to pull operational data from a Cisco switch. So far in our previous posts, we’ve looked at getting and changing configuration data.

PacketswitchSuresh Vina

What is Containerlab?

The official definition is "Containerlab provides a CLI for orchestrating and managing container-based networking labs. It starts the containers, builds a virtual wiring between them to create lab topologies of users choice and manages labs lifecycle."

Simply put, containerlab is a Lab-as-a-code tool that helps you set up and manage your network labs easily. Instead of dealing with complex setups and configurations, containerlab simplifies everything for you. Continue reading

Slurp’it – Network Inventory & Discovery Tool

I recently came across a neat tool called 'Slurp'it', a Network Inventory and Discovery solution. If you've been following my blog for a while, you know I just had to give it a try and share my findings with you. So, in this post, I'm going to quickly go over how to get it up and running, along with a few ways you might find it useful. Let's dive in.

What We Will Cover?

• What is Slurp'it?
• Licenses
• Installation and Setup
• Data Collection
• Custom Planning
• Some Use Cases

What is Slurp'it?

The official definition is "Slurp’it is a powerful and easy-to-use network discovery solution that offers 100% accurate network inventory. No coding required." Out of the box, the tool supports almost all the vendors (117 as of writing this)

In a nutshell, Slurp'it simplifies the whole process of understanding your network's inventory. All you need to do is provide the IP address or hostname of your devices, along with the login credentials. Slurp'it takes it from there. It executes various 'show' commands on your devices, usesTextFSM to parse the outputs, and finally presents you with a tidy table detailing everything it has discovered. It's straightforward yet effective, Continue reading

Palo Alto EDL Hosting Service Example (GitHub URLs)

In this short blog post, we'll explore what the EDL (External Dynamic List) hosting service is and how it solves problems for us. An External Dynamic List is a text file that is hosted on an external server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy. To enforce policy on the entries included in the external dynamic list, you can reference the list in a security policy.

EDL Hosting Service

The EDL Hosting Service is a list of SaaS application endpoints maintained by Palo Alto. Each Feed URL contains an external dynamic list (EDL) that is checked daily for any new endpoints added to the publicly available Feed URLs published by the SaaS provider. 

When a SaaS provider adds a new endpoint for a SaaS application the corresponding Feed URL is updated. Leveraging the EDL Hosting Service allows for dynamic enforcement of traffic to and from your SaaS application without the need for you to host and maintain your own EDL.

GitHub Example

For an example, imagine you want to let users SSH into GitHub repositories. Without EDL, you'd either risk security by allowing SSH to 'all IP addresses' or manually Continue reading

Automating NetBox with Ansible

In this post, we're diving into automating NetBox with Ansible. We'll explore how to leverage Ansible's modules to fully automate setting up NetBox. I'll guide you through a simple scenario where we configure a single site, including two racks and several devices, and even detail setting up cabling through a patch panel using Ansible. This approach simplifies the whole process, and I'll make sure it's straightforward for you to follow and apply.

You can clone my repo from GitHub to follow along. I've included everything you see here in the repo, making it easy for you to get hands-on experience.

What we will cover?

• Why do we need Ansible?
• Prerequisites
• Diagram
• Basic Ansible Playbook
• Creating Sites, Racks, Devices and Cables

But why do I need Ansible though?

You might be thinking, "Why do I need Ansible? Can't I just set up and use NetBox manually?" Sure, you could if that's what works best for you and your team. But here are my reasons for choosing Ansible (or any other automation tool) over manual configuration:

Firstly, I'm not a fan of clicking through the GUI. It might seem quicker at first, but repeating the same tasks over and over can Continue reading

Ansible Subelements Lookup Example

When you're working with Ansible, you often come across situations where you need to deal with lists inside of lists. Imagine you have a bunch of servers, and each server has its own set of services to manage.

The subelements lookup plugin is designed to iterate over a list of dictionaries and a specified sub-list within each dictionary. Instead of writing complicated code to dig into each layer, subelements lets you glide through the outer list and then dive into the inner list easily.

What we will cover?

• Subelements syntax
• Subelements example
• What are item.0 and item.1?
• Subelements example with NetBox

Subelements Syntax

To use subelements in your playbook, you write a loop that tells Ansible what main list to look at and which sublist to go through. Here’s what a simple line of code looks like.

loop: "{{ query('subelements', your_main_list, 'your_sublist_key') }}"

your_main_list is where you have all your main items (like servers), and your_sublist_key is the name of the sublist inside each main item (like tasks for each server). Ansible will then loop through each main item and its sub-items in turn.

Ansible Subelements Example

Suppose you have the following data structure defined in your playbook.

 Continue reading

How to Export Large Traffic Logs from Palo Alto Firewall?

Recently, I faced a unique challenge, I needed to export a massive amount of traffic logs from a Palo Alto Firewall for analysis. Initially, I thought it would be straightforward, log into the GUI, apply the necessary traffic log filter, and export the logs as a CSV file. Easy peasy, right? Well, not exactly. I quickly ran into a roadblock that made me rethink my approach.

In this blog post, I'll share the hurdles I encountered and how I managed to find a workaround to export the logs and analyze them using Python Pandas.

The Problem

By default, Palo Alto only exports 65535 rows in the CSV file, which is not nearly enough. If you have a large network, that amount might only cover a few minutes of logs. Even if you change the value, the maximum it can support is 1048576, which might cover maybe an hour's worth of logs. But for my use case, I needed at least a month of logs. I couldn't get what I wanted from the built-in report options, so I was scratching my head. I then tried to export the logs via SCP on the CLI, but again encountered the same maximum row Continue reading

SuzieQ Network Observability

In today’s post, we’re exploring SuzieQ, an open-source network observability platform that’s making waves in the way we monitor and understand our networks. It supports a wide array of devices from top vendors like Arista, Cisco, and Juniper, among others. We’ll start with the fundamentals and finish with a practical example to clearly illustrate how SuzieQ sets itself apart from other automation tools.

What We Will Cover?

1. What exactly is SuzieQ?
2. How does SuzieQ work?
3. How to install SuzieQ?
4. SuzieQ terminology (Configuration, Inventory, suzieq-cli, poller)
5. Configuration and Inventory files
6. Examples using OSPF Topology
7. Path Analysis

What Exactly is SuzieQ?

I first came across SuzieQ a while back but didn't dive deep into it because tools like Netmiko or Napalm were fitting my needs just fine. That changed when I tuned into a recent Packet Pushers podcast featuring Dinesh Dutt, the brain behind SuzieQ. Hearing him talk about it got me really interested.

After the podcast, I couldn't hold back from giving SuzieQ a try. There have been many times when I found myself writing custom scripts to get things done, only to discover that SuzieQ could have handled those tasks much more smoothly.

So, what is SuzieQ? In simple Continue reading

How do we overcome Imposter Syndrome?

I was thinking of writing about Imposter Syndrome for so long but I didn't because I thought someone might figure out I don't know what I am talking about.

This is so real, I'm not even kidding. The feeling of doubting your abilities and feeling like a fraud. It's something many of us experience, especially when we're stepping out of our comfort zones or tackling new challenges. So, I decided to face this head-on and share some ways to deal with it. First, it's important to recognize when we're being too hard on ourselves. We often set unrealistically high standards and then beat ourselves up when we don't meet them. It's okay to not know everything – after all, we're all learning as we go.

Talking to others can also be a big help. You'll often find that many people feel the same way and have their own experiences with Imposter Syndrome. This can be a huge relief to know you're not alone in this.

What Exactly is Imposter Syndrome?

In plain terms, it's when you feel like you're not as competent as others perceive you to be. You might think you're not good enough, despite there being clear signs Continue reading