Hello and Happy New Year everyone! Network to Code is very excited to start this new year presenting at Networking Field Day 27. Here is a list of our speakers and their topics:
John Anderson – Nautobot App Platform Overview
This session briefly covers Nautobot as a Source of Truth (SoT) and then moves on to cover, in depth
Nautobot as an App Platform
Why the concept of a platform is important
Open source Nautobot apps currently available
Tim Fiola – Automating Circuit Maintenances
Managing circuit maintenances and notifications is a well-known problem by network operators. Circuit maintenances are scheduled by Network Service Providers (NSPs) and temporarily affect the actual state of a circuit. There are steps that must be done to ensure network operators and automation tools know the state of a circuit that is ultimately dictated by an NSP.
This session explains how you can let Nautobot automatically take care of fetching notifications, normalizing their data (most common case is that every NSP has its own notification template), and finally updating the SoT to keep track of past, present, and future changes related to circuit maintenances.
Tim Schreyack – NetDevOps-Driven Configuration Compliance
Network Automation is a journey and there are still growing trends around NetDevOps and learning skills and tools such as JSON, YAML, Jinja2 templating, Python, and Ansible.
This session walks through how you can take a gradual path to learning and how you can apply those skills to achieve NetDevOps-Driven Configuration Compliance.
Tim Schreyack – Using ChatOps to Talk to Your Network
With network automation, you must consider how users will interact with the automation infrastructure. Who opens every network request you work on? How often are you fielding requests just to get data and relay it to another team? Wouldn’t it be great to have a bot respond to requests to bounce a port, check an interface’s VLANs, check a rack elevation diagram, view inventory, view dashboards in tools like Grafana, and a whole lot more?!
This session showcases network-centric ChatOps showcasing demos that combine Microsoft Teams, Webex Teams, Slack, and Mattermost chatting with Arista CloudVision, Cisco ACI, Cisco Meraki, Grafana, Nautobot, IP Fabric, Kentik, and Ansible, and more!
John Anderson – Synchronizing Data to Create a Single Source of Truth
It is extremely important that the Source of Truth (SoT) hold data on the intended state of the network. However, it is near impossible to store all authoritative data required to manage network configurations in any single application. This is why it is critical to have a framework that synchronizes data across multiple authoritative sources for different types of data into your SoT, including:
IPAM/DDI platforms
CMDBs
Circuit databases
Any other tool that is the authoritative source for a specific dataset
In this sense, the SoT acts as an aggregation layer across all your authoritative sources. This aggregation allows users to leverage existing tools while getting the data into a Single Source of Truth that then has a unified view into ALL data and can be used to power network automation.
Conclusion
Please do join us and tune in at this link at 10:30am-12:30pm Pacific (10:30-12:30 PT / 1:30pm-3:30pm ET) to view the livestream!
Does this all sound amazing? Want to know more about how Network to Code can help you do this, reach out to our sales team. If you want to help make this a reality for our clients, check out our careers page.
When engineers are starting their network automation journey, everybody asks where and how they should start. Their immediate thought is coming up with methods of automating changes within their environments. However, doing so can be scary for those who are risk averse about automation making changes. The question then comes about how automation can be used to help solve some of the big problems facing network teams today. One of those problems that we’ve repeatedly heard from our customers and fellow network engineers is around configuration drift. This issue typically occurs for multiple reasons:
Lack of standardization for device configurations
Multiple individuals independently making changes
Mergers and acquisitions
Thankfully, this issue can be addressed without making any changes on your devices. You might ask, “How do I do that?” That is where the Golden Configuration plugin for Nautobot comes in. The Golden Configuration plugin is comprised of four components:
Configuration Backup
Source of Truth Aggregation
Configuration Intended
Configuration Compliance
Utilizing these components, you can define the Golden Configuration standard for each of your devices and compare their adherence to that standard, otherwise known as their configuration compliance. This post will delve into those various components and how they function to handle your device backups, generate intended configuration utilizing data aggregated from your Source of Truth, and finally, determining compliance of said devices to that intended configuration.
Setting Up the Plugin
Like all Nautobot plugins, the Golden Configuration plugin can be installed from PyPI by issuing the following:
pip3 install -y nautobot-golden-config
If you want to live on the bleeding edge, you also have the option to install directly from the project GitHub repo:
At this point, pip should install all necessary dependencies for the plugin and install it inside the relevant Python environment. Ensure this is the same environment that Nautobot and the worker are running in for proper functionality. Once that’s been done, you’ll also need to update your nautobot_config.py file to enable and configure the plugin like below:
The environment variable must be accessible on the web service. This often means simply exporting the environment variable will not suffice, but instead requiring users to update the nautobot.service file, however this will ultimately depend on your own setup. See here for more details.
Please note that you will need to ensure that nautobot-plugin-nornir is installed along with nautobot-golden-config, and that both are added to the PLUGINS section to enable them in Nautobot. Next, you will want to append the PLUGINS_CONFIG portion to your existing configuration. Details of the various parameters can be found in the README. Once this is completed, you will be required to restart your Nautobot instance. Once that’s been completed, it should show the Golden Configuration portion in the Plugins section of Nautobot:
With the plugin installed and operational, I’ll now delve into the specific components of the plugin.
Configuration Backup
When Nautobot was forked from the Netbox project, one of the main features added to the core code was the integration of Git Repositories. The Configuration Backup component of the Golden Config plugin utilizes this feature to retrieve configurations from your devices and store them in a specified Git repository. Besides the obvious benefit of having backups for your devices, using Git as your storage allows you to easily track changes over time.
Prior to starting backups of your devices, you will need to update the Plugin Settings to specify the format of your backup path. This will define the structure of how your backups are stored and is an integral part of the Compliance component that will be detailed later. Here is an example:
With that setting in place, you can now have Nautobot initiate the configuration backup of your devices. To do so, simply go to Plugins -> Golden Configuration -> Home. Click on the Execute button and then Backup:
You will then be provided a form like below to specify which devices to back up:
At this point, a job will be executed using Nornir to connect to your devices, retrieve their configurations, and push them to the specified remote Git repo. In each subsequent run, only the changes should then be synchronized to your repository.
Oftentimes your configurations contain information that you’d like to either remove or replace for security considerations or to prevent unnecessary backups due to a timestamp change or the like. These situations can be handled by the Config Replacements and Config Removals feature. The plugin includes a few standard ones, specifically around IOS secrets and stripping unnecessary information from the configuration. Each utilizes a regex pattern to identify the configuration snippet in question.
More details about this component can be found in the Navigating Backup section of the documentation.
Source of Truth Aggregation
Data is the heart of your Source of Truth. An empty Source of Truth is useless, but getting data into and out of that Source of Truth is almost as important as the data residing in it. Being able to quickly and easily get the relevant information and only the relevant information from your Source of Truth is extremely important when it comes to automation. While pulling data via an API is easy, it can also require a lot of intermediary steps and filters to get to the data you truly care about. This causes a lot of unnecessary computational load and delay that can make automation less than desirable. To address this, the Nautobot team decided to add GraphQL support. As our own Tim Fiola has detailed in manyblogposts and YouTubevideos, GraphQL allows the user who is querying data to get only the specific data they desire quickly and efficiently. This can take something that might take twenty API calls and reduce it to one. With a large number of devices this can save you a great deal of time.
Once you’ve populated data in Nautobot, you’ll need to define the data you wish to retrieve for use in generating your configurations. For the Golden Configuration plugin this is done with two settings: the GraphQL Query and the Scope. The GraphQL query defines which datapoints to pull from Nautobot. This is also where aliases are defined:
I’ve provided a duplication of the query I used for this guide below:
The Scope setting allows you to restrict the devices that are included in your queries. This specifically aids in removing unnecessary devices such as servers or unmanaged devices. In the example here, it is restricting which platforms will be queried, allowing you to ignore platforms that you don’t care about:
As you can see from the example query, there’s a lot of data that can be pulled from Nautobot. However, sometimes the built-in models and data fields aren’t sufficient and you need to attach additional data to your devices in Nautobot. To do this you can add that data to the config contexts for that device. This is also supported by the Git Repositories feature and gives you the ability to add variables like below to your Git repo and have it automatically pulled and applied to the appropriate devices:
With your data defined, you can have Nautobot generate the Aggregate Data for each of your devices. By simply going to the Home page of the Golden Config plugin you should see a list of all devices that have had any configuration generated or backed up. You may need to perform a dry run of Intended for the Aggregate Data to be created. In the list of devices on the right there is a row of Action icons:
The {…} icon when clicked will display all of the variables relevant to that device that you can use in your templates:
When paired with variables for a device you’re able to quickly and easily create a standardized configuration programmatically. For example, by pulling the hostname of the jcy-bb-01.infra.ntc.com appliance from our demo environment and applying it to the following template:
hostname {{hostname}}
You’ll get hostname jcy-bb-01.infra.ntc.com when the configuration is generated. As you can see, by changing your variables for each device being created, you can easily generate configuration for an unlimited number of devices. That brings us to the next component, Configuration Intended, where you’ll flesh out your devices’ Golden Configurations further.
Configuration Intended
With your device configurations being backed up and your interesting device data defined, the next step is to define your Intended Configuration for those devices. This is accomplished with Jinja2 templates paired with the Source of Truth Aggregation component. As was shown in the last section, by defining configuration snippets as templates paired with information pulled from Nautobot you can programmatically generate the intended configurations for each of your devices. A template like below can even be used to configure features like BGP routing:
Like the rest, configuration of the Intended component is done through the plugin Settings:
The Intended Path setting defines the storage structure of your intended configurations similar to how your backups are structured. The Intended repository is the Git Repository in which the intended configurations are stored. With those defined, you can then utilize the plugin’s Intended Configuration generator to create your Golden Configurations by following similar steps to the backups. Go to the plugin Home page, click Execute and then Intended:
Similar to backups, you’ll be presented a filter form where you define which devices will have configurations generated. This will launch a Nornir job to combine the Aggregate Data of your devices with your Intended Configuration templates to generate configurations and then push them to your Git repository. From there, these configurations can be pushed to your fleet, can be used for zero-touch provisioning (ZTP) of new equipment, or even for determining your fleet’s compliance to your standard, as I’ll detail in the next section.
Configuration Compliance
Now that you have your current device state via backups and have generated your intended configurations, you can compare the two and see where things are out of alignment. This is what we define as Configuration Compliance. With that data, it’s relatively easy to see which corrections need to be made and prevent potential issues.
In order to gather this information, you must first define your Compliance Features and then your Compliance Rules. Compliance Features are labels for the configuration snippets that you want compliance resolved on, such as hostname, aaa, dns, etc. These are shared across platforms. You can add them by going to Plugins -> Golden Configuration -> Compliance Features and clicking the + button. You’ll be presented with a screen like below:
After you’ve added all of your Compliance Features that you wish to look at, you’ll next need to define the Compliance Rules for each platform. These are essentially which portions of the configuration are included in the feature to be inspected. Like before, to add Compliance Rules you’ll need to go to Plugins -> Golden Configuration -> Compliance Rules and click the + button. From there you’ll need to define which portion of the configuration to match:
The configuration matches specifically the parent line of configuration segments, so any indented configuration is ignored. This is also where you’ll define whether order of the configuration is required for compliance to be achieved. This is typically important with configuration segments like ACLs where order of the configuration lines is exact and must be in order to be correct. The default setting is to ignore the order of configuration lines for compliance.
With everything defined, you’re now able to run a Compliance job against your fleet to see how everything lines up. Just like backups and intended, this is also kicked off from the Execute button:
After defining the set of devices to have the Compliance job run against, a Nornir job will run. Utilizing a platform parser from the netutils library and a Nornir play, it will generate a report for each device, site, and an overall compliance report. The most important of these being an individual device’s compliance on specific Compliance Features. You can find this information by going directly to the device in Nautobot where two new sections have been added:
The Configuration Types section links to each of the relevant configurations (actual, intended, and compliance) and the Aggregate Data for the device. The Config Compliance Validation section shows the compliance status for that device relative to each Compliance Feature. When you click on the section header, it will then take you to the compliance details for that device:
From here you can see which parts of the configuration are missing or extraneous. Also from here, it’s very easy to retrieve this information from the GUI or API and push corrections to the devices in whichever method is preferred. You can also see the compliance of a particular site by going to the site itself in Nautobot where a new section has been added:
Finally, if you wish to see a more wholistic view of your fleet’s compliance status, there are a few options for that. The first is a simple Compliance view for those devices that have been reviewed:
This screen shows a simple green checkmark or red cross to reflect compliance status for that feature on a device. This allows for a quick glance to see the state of your fleet’s compliance on individual Compliance Features. If you prefer more of a graphical representation, there is also an Overview Report that presents it in a more friendly format. You can reach this by going to Plugins -> Golden Configuration -> Configuration Compliance and clicking on the Report button:
You will then be presented with the view below:
From here you can narrow down the report to any specific tenant, site, region, etc. that you desire.
Conclusion
Today I’ve given you a brief overview of the various components of the Golden Configuration plugin for Nautobot. I hope that it helped show how a bit of automation doesn’t necessarily require pushing changes to make an impact and helps you on your automation journey.
Does this all sound amazing? Want to know more about how Network to Code can help you do this, reach out to our sales team. If you want to help make this a reality for our clients, check out our careers page.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. In case of sale of your personal information, you may opt out by using the link Do not sell my personal information. Privacy | Cookies
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
__hssc
30 minutes
HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc
session
This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
__cf_bm
30 minutes
Cloudflare set the cookie to support Cloudflare Bot Management.
li_gc
5 months 27 days
Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc
1 day
LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory
1 month
LinkedIn sets this cookie for LinkedIn Ads ID syncing.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
__hstc
5 months 27 days
Hubspot set this main cookie for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga
1 year 1 month 4 days
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_gtag_UA_*
1 minute
Google Analytics sets this cookie to store a unique user ID.
_gid
1 day
Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
AnalyticsSyncHistory
1 month
Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT
2 years
YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
hubspotutk
5 months 27 days
HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
ln_or
1 day
Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
bcookie
1 year
LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie
1 year
LinkedIn sets this cookie to store performed actions on the website.
li_sugr
3 months
LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
VISITOR_INFO1_LIVE
5 months 27 days
YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC
session
Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId
never
YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests
never
YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.