In my previous blog post, I mentioned a few tools you can get started with when beginning your journey into Network Automation. Today, I hope to dive into them further and explore them and a few others in more detail. While there are many tools available for network automation, some are more common than others and will serve as a good foundation when getting started.

If you missed Part 1 of this Intro to Automation series, you can find it here.

Tools Overview

As mentioned in Part 1 of this series, making the transition from Network Engineer to Network Automation Engineer requires a shift in how you think of your network. But with this shift comes a different set of tools you’ll start to use, which will help you as you progress into this field.

There are so many tools out there for Software Developers, but we as Network Engineers tend to think differently and use different tools. It can be overwhelming figuring out which tools to start out with. In this post, I hope to go over some of the most popular ones used by Network Automation Engineers and explain them in a way that you not only understand, but that shows their real-world value to a Network Engineer.

Before I get into tools and software themselves, I need to put in a disclaimer. Just like with all things, there is no “one-size-fits-all” tool or solution that will always work in every situation. Some of these tools will work most of the time, and some will work only in specific instances. My goal is to outline the ones that are the most popular today with a wide range of community or commercial support and explain the pros and cons to each.

I put Git as the first tool in the list on purpose because I believe it is one of the most important tools a Network Engineer can learn to use. Even if you never write a single script or piece of automation, Git can still be very useful for a Network Engineer.

There are many non-automation related use cases, including:

• Config backups
• Script backups
• Version controlling
• Auditing

Note: Regarding auditing, it can be helpful internally or for external auditors, but may require some advanced setup to meet different auditing and compliance criteria.

Git can be used locally without ever needing to create an account with popular online services like GitHub or Bitbucket. As a new Network Automation Engineer, you can use it to create backups of scripts you write or device configurations. These can be used later to undo a mistake you made, or even answer the timeless question, “when was the last change made and what was it?”

Git is not GitHub, just like the Linux kernel is not Ubuntu.

Git is the most popular version control system available, and used by the majority of developers around the world. It is open-source, easy to use, and with a wide user base has a lot of community support available. While it is natively used with CLI commands, there are various GUI applications that can make learning and using Git easier when getting started. A brief list of some popular ones are:

• Sourcetree (my personal favorite)
• Sublime Merge
• GitKraken
• Fork
• GitHub Desktop

Or if you use an IDE for writing scripts, they usually include Git support as well. I discuss IDEs more in a later section below.

PlayStation in a Git Article?

There are many features and benefits to Git, but seeing as Git is a VCS or Version Control System, the main one I use Git for is keeping track of different files and how they change over time. In other words, keeping track of all changes made to a set of files and folders.

Here’s a fun analogy for video gamers when learning about Git. When I was a kid, I was playing Tomb Raider II on the original PlayStation. I got in the habit of frequently saving and did it so often I could save the game without thinking about it. Well at one point, I fell off a cliff at the end of a level and went to reload my last save. But muscle memory kicked in and I accidentally saved the game instead of loading it! I had to restart the whole level over from the beginning! I learned a lesson that day, and it’s stuck with me the rest of my gaming life: always have multiple save files, and backup those files whenever possible.

Git can be thought of similarly but with multiple files or directories. Every time you make a “commit” in Git (save your progress), it’s like saving your game in a brand-new save file every single time. Did you spend hours working on a script, only to have it break and you have no idea why? You can easily revert back to any previous snapshot (commit) and start over or use it as a reference point. Yes, I’ve done exactly this before too many times to count!

Fun fact: Git was created by Linus Torvalds, the same person who created Linux!

If there is one programming language I would recommend to a Network Engineer getting into automation, it is without a doubt Python. According to the TIOBE Index, as of September 2021, Python is the 2nd most popular programming language in the world, and about to take over the #1 spot from C. In fact, I’d be surprised if you haven’t heard of Python’s benefits by now or even started learning it. If you haven’t, the best time to start is today.

One of the driving factors behind its popularity is its ease of use and learning curve, specifically for people without programming backgrounds. The benefits of this make it very easy to get into and start writing something useful pretty fast, and yet it can still be used to write complex automation.

With such popularity comes large community support. While learning Python, when you run into a question, chances are someone else has already posted the answer online, and it’s a quick Google search away.

Some of the cons can be realized after using Python for a few years. For example, there are other languages that are inherently faster with certain tasks, though they’re more complicated to learn. Additionally, there are certain software development “best practices” that are taken care of for you under the hood of Python, but need to be learned when using other languages.

In summary, from a Network Engineer just getting into scripting and automation to seasoned senior-level engineers, Python is perfect.

Fun fact: Did you know that some network hardware vendors have native Python support built right in to their devices? For example, if it’s installed and enabled, you can run the command python from privileged exec mode on a Cisco 9k switch and load a Python prompt!

Hello World

In the world of programming languages, there’s a concept called the “Hello World” program. Essentially, it’s when someone who is learning a new programming language learns just enough to print out the phrase “Hello World!” to the screen. It’s seen as a good starting point while learning the basics and is actually really fun to do!

To demonstrate the simplicity of Python when compared to the other programming languages, here’s a “Hello World” program written in the other 2 languages at the top of the TIOBE Index I mentioned earlier, C and Java:

Python

print("Hello World!")

C

#include <stdio.h>
int main() {
   printf("Hello World!");
}

Java

class HelloWorld {
  static public void main( String args[] ) {
    System.out.println( "Hello World!" );
  }
}

Python is about as simple as you can get and makes it easy to get started! As I mentioned before, you may not need to understand what everything in the C or Java examples is right away since Python handles most of that behind the scenes, but you will eventually want to learn what they are and why they’re important.

Important: When starting with Python, make sure you’re using and learning Python 3, not Python 2.

Ansible is an open-source automation platform used for managing multiple devices easily. It was acquired by Red Hat in 2015, and it remains one of the most popular open-source automation tools for network automation engineers. Ansible can be used for relatively simple playbooks (scripts that you run) for a single switch, all the way up to complex fleet management systems for thousands of devices!

While there are other open-source tools available that are similar, Ansible is the best and most popular choice for managing network devices for a few reasons:

1. Agentless – Ansible connects directly to a network device, usually over SSH but can use other methods, and does not require an “agent”, or other piece of software, to already be pre-installed on the device. Installing an agent on a network device for management is not feasible, so this is where Ansible works well compared to similar tools like Chef or Puppet.
2. Inventories – Want to configure 100 switches without manually connecting to them one at a time? This is where Ansible really shines! Just provide it with a specially formatted inventory file, which includes a list of devices and a few other parameters, and Ansible will handle connecting to them all behind the scenes.
3. Modular – Similar to Python, with Ansible’s popularity comes a wide range of modules (plugins) you can use. Some are submitted by the open-source community, while others are officially supported third-party modules (e.g., Arista EOS).
4. Customization – If you need Ansible to do something unique to your environment, or there is a feature not yet created by the open-source community, you can write your own using…..Python! That’s right, Ansible runs off of Python and natively supports custom Python scripts to be imported into Ansible playbooks.
5. Commercial Support – Since Red Hat’s acquisition of Ansible in 2015, companies can now purchase commercial support for Ansible through Red Hat, or even through third-party companies like Network to Code.

IDEs and Text Editors

Earlier I mentioned a couple popular IDEs available that are free for personal use, however I want to explain them in more detail. An IDE or fancy text editor aren’t things you hear about much, but they’re SO important when working with automation.

As a network engineer, my text editor of choice was a generic notepad-style application, where I mostly used it to write out a switch config before configuring the device by copy/pasting the text into the CLI.

When you get into automation, you’ll be spending a lot more time with scripts, configs, settings files, etc. For this reason, I highly recommend you get a good IDE or text editor right away. The more you use it, the more familiar you’ll become with it. Eventually, you’ll never want to work without it!

One feature that is an absolute must have for whichever program you choose is syntax highlighting. While different programs will use different colors for syntax highlighting, they all essentially work the same. Instead of explaining what this is, look at the below images and ask yourself this question: which one is easier to read through?

IDEs

An Integrated Development Environment, or IDE for short, is an application that contains many common tools used for writing software (or even basic scripts) and is frequently used by software developers. There are many benefits to IDEs, and the popular ones have too many features to list.

Some of the downsides to them are also found with their strengths. They can be complex with many settings that make no sense when first starting out scripting. However in my opinion, their benefits strongly outweigh the negatives and I encourage you to try one out and give it some time before giving up on it right away. Don’t worry about every button or feature, and focus on the basics. As you become more familiar with them, you’ll start learning their features and other benefits more and more.

Two of the most popular ones available today used by Network Automation Engineers are VSCode by Microsoft and PyCharm by JetBrains. The syntax highlighting example above is from this free VSCode extension for Cisco IOS configs, though both support many other color variations and file formats.

Text Editors

There are many, many good text editors out there. Ask anyone who’s been in IT long enough, and they’ll not only have a favorite but a list of reasons why it’s the best. The real answer is there is no “best” text editor, only the one that works best for you. Most popular GUI-based text editors now offer some level of built-in syntax highlighting, but not all. If you’re uncomfortable with starting out with an IDE right away, or if you just want something better than Notepad to use in your day-to-day activities, I list three of the more popular ones available right now that are free to use:

• Sublime
• Atom
• Notepad++

APIs

While not necessarily a specific tool, APIs are more of a back-end technology. In fact, I’m sure you’ve heard before how great APIs are by now from someone you know. Before I wrote my very first script, I had IT friends telling me how great APIs were and how they used them and loved them. But when trying to explain to me what they are, I couldn’t understand why they were so good. I wrote this section in a way that hopefully explains APIs to network engineers that have a hard time grasping their usefulness, and in a way I wish they had been explained to me years ago.

An API allows one application or system to be able to interact with a completely different application or system in a structured, predefined manner with expected inputs and outputs on both sides. Simplified, it is a way for two programs to be able to talk to each other.

An analogy would be how people talk to each other using the English language. If two people can both speak English, then they are both able to understand what each word means, know how to talk to someone so they understand what was said, know what to expect as a response, and what that response means. One person’s response may even differ to the exact same request if it comes from someone they know (authenticated) vs. coming from someone they do not (unauthenticated).

Think of an API like this. Amy natively speaks Spanish (application 1) and Bob natively speaks French (application 2). They normally can’t understand each other, but if they both agree to speak to each other in their secondary language English (APIs), they can communicate in a limited but effective manner. In that analogy, an API is not a translator, but a predefined set of rules (English) for Amy and Bob to talk to each other.

To take it a step further, some types of APIs (like REST APIs) can require another application to be authenticated before it will listen to what it has to say (process the data). In the previous analogy, it is similar to how if Amy is friends with Bob (authenticated), they may respond to each other in one way. However if a complete stranger named Charley (unauthenticated) walked up to Amy and started saying the same thing Bob was saying, she may respond differently.

Note: There are multiple types of APIs, each with its own sets of rules, data formats, communication methods, etc.

Previously as a network engineer, I never really understood why I would need to use them. As a network automation engineer, I now use APIs for my automation scripts to be able to interact with network devices.

Traditionally, if I want to enable an interface on a Cisco switch, I have to connect to the CLI on the switch over SSH, and run these commands:

switch01# config t
switch01(config)# interface FastEthernet1/1
switch01(config-if)# no shutdown
switch01(config-if)# end
switch01# copy running-config startup-config

Simple right? Well, at least simple for humans to perform and understand. However when you start writing scripts to do this, you’ll find it’s a lot harder and very unreliable to do it this way. When I started writing scripts to configure switches, I would have my script connect over SSH and configure it in the exact same way as I would via CLI. While this worked, there are faster, more reliable, and easier ways of doing so.

A common scenario occurs when you try to configure a setting across multiple network devices with different OSs, or sometimes even different versions of the same OS. For example, if you look at the AAA configuration for Cisco IOS, compared to Cisco NX-OS, then compare it again to Cisco ASA, they are all different. As an engineer, I can manually adjust the commands in the CLI on the fly, but in my scripting, I have to account for each variation I might encounter.

Important: I also have to account for variations I am not aware of!

This is where APIs come in. Instead of worrying about variations in each OS or how each command is different, what if I could have my script configure it using the same method and know for certain it will get configured as expected? Or if it fails, can I have it tell me there’s an error without breaking anything? Using an API, you absolutely can!

In this example, you can use a network device or application’s built-in API to send it specific data. It will then receive the request, and since it already knows what to expect, it’s able to parse it out, perform any action requested, then return data back to your script in a pre-formatted and expected way. If you send it information in a way that it isn’t expecting, or are missing information that’s necessary, it will let you know as well!

Examples of data returned can be anything, including:

• Was the job successful?
• Command output
• Configurations
• Errors encountered
• etc.