By Roger Perkin, IOD Expert
The tools and processes network engineers have used to manage networks have not really changed in the last 25 years. Using tools like Putty or SecureCRT, a network engineer would connect to a device using SSH (and previously Telent) and perform some configuration changes or check a device status. However, with the scale of networks today, it is no longer practical to make these changes on a device-by-device basis.
Network automation is fast becoming a skill network engineers ought to master. As a result of using developers’ tools for many years, network engineers are seeing the benefit of these tools for performing network administration and configuration tasks.
If you’re a network engineer looking to do the same, this will be a good post to start you on that journey. We’re going to review the top 5 network automation tools in use today. If you’re already using one or more of the tools below, I would love to hear your feedback on your experience. Leave a comment in the comments box below!
1. Ansible
Ansible deserves its place at the top of the list of network automation tools in use today. Founded in 2013, Ansible was purchased in 2015 by RedHat for a rumored $150 million.
Since then, the development of Ansible for network automation has been a major focus for RedHat with the amount of network modules now over 500, with most vendors covered.
Ansible is written in Python and was previously developed to automate the management of Linux servers, but is now capable of automating most network tasks. The software remains open source and as such is free to use. There is also a strong community providing good support.
For corporate users who require a more formal support model, there is Ansible Engine which is a fully supported version of Ansible. Both products are driven from the command line interface (CLI). Finally, there is Ansible Tower, the company’s GUI management tool, a licensed product based on the number of devices being managed.
Ansible uses the concept of a playbook in which you define a list of tasks, consisting of small items of configuration such as the creation vlans or defining interfaces. The playbook file is written in YAML which is very human readable and also uses Jinja2 for writing templates.
Ansible works on a push methodology: you define what you want to do and push it to the nodes. Ansible will confirm if the changes actually need to be made by verifying if the code is in place already. If so it will skip that task. This is referred to as idempotency. Only making changes when they are actually required. If the playbook determines a change does not need to be made, it will skip that task.
The main reason Ansible is such a great tool for network automation is that it is agentless, meaning that to manage any network device you only require SSH access. This is its main advantage over tools we will look at below like Puppet or Chef which require an agent to be installed. This is very easy on a Linux server, but not as simple on network devices.
2. Git
Git (/ɡɪt/) is a version-control system for tracking changes in computer files and coordinating work on those files among multiple people.
Git is far more than that and over the last few years has become the #1 solution for tracking changes in code for network engineers. So successful is the use of Git that Microsoft purchased Github in 2018 for $7.5 billion.
There are currently 28 million developers sharing code with Github. Within the world of network automation and NetDevOps there needs to be a tool for network engineers to version control their code or configurations in a better way than just saving text files with the date to their laptop.
There are many parts to Git and many tools that bear the Git name that actually are not associated with Git. Let’s look at some of the specifics.
- Git – This is the main product which is installed locally on a machine and will allow you to version control your code. Each time a change is made you commit it to the Git repository and this allows you to track the changes to the file (which will retain its name) and allow you to rollback those changes if required.
- Github (free) – This is the web-based portal where Git users sync their local Git repositories to an online repository. This allows you to share your code with the world. Once you have a Github account you can then sync your changes to other users with their local Git repositories. It also allows you to create code that can easily be shared with other others. Just Git Clone a repository to your local machine.
- Github (paid) – While you can upload and share as much code for free as you like, most organizations require something a bit more secure for their code. You can purchase a paid plan on Github which give you private repositories
- Gitlab – While bearing the name Git, it has no association with GitHub. It uses the Git version control system, but allows you to host your own Git repositories. So Gitlab is Github for your own servers. There is also an SaaS GitLab if you don’t want to install it yourself. It also does a lot more and allows you to create your own CI/CD pipelines among many other features.
3. Chef
Chef is another popular tool for network automation. The setup is a little more involved than Ansible and Git. For one, there is a master server and agents are installed on managed nodes. A Chef installation also needs a workstation to control the master. Once an agent has been installed on the managed device, the nodes authenticate to the master with the use of certificates.
A lot of Chef configuration is performed using Git, so a basic knowledge of how Git works is a requirement. Additionally, Chef is written in Ruby so you should ideally also come with basic knowledge of Ruby.
As the name suggests, Chef utilizes a cooking theme and “recipes” instead of tasks. However, to use Chef for network automation, you still need to get an agent onto your target device.
One network device that will support a Chef agent is Junos, as the operating system is Linux-based. Also becoming more popular is Linux networking. A name to watch in this space is Cumulus Linux, which is a linux-based software that you can install on white box switches. Since it’s linux-based, it will support an agent.
However, Ansible will always have the edge as it does not require an agent, only SSH.
4. Puppet
Puppet is another open-source automation tool that was initially used for managing Linux servers, but is also gaining popularity in the network automation world. As with Chef, it requires an agent to be installed on the target device. Puppet uses its own configuration language, which is completely proprietary, making Puppet more complex to learn than Ansible, Salt, or even Chef.
Puppet devices periodically pull their device configuration from the puppet master server. This differs from Ansible in which it is a purely push model.
You can define a standard build, and ensure the target devices maintain that build by checking in with the puppet master server.
5. Saltstack
Saltstack or Salt is another open source automation tool which is being adopted by network engineers. Salt works on a master/minion topology. Some newer NX-OS images will allow the installation of a minion.
A handy function within Salt is a proxy minion. This enables Salt to control devices that cannot run the standard Salt minion; for example, network devices. There is also a collaboration between Salt and Napalm called Napalm-Salt, which uses Salt as the automation framework and Napalm to talk to the network devices.
Conclusion
While there are new tools being developed every day for network automation, the list above highlights the main ones in use today. The big question you have to ask yourself when looking into automation is: which tool can I use across my infrastructure and multiple teams? Each tool has its pros and cons. Let me know which ones you try!
