I get a “how do I get started with network automation” question every other week, and when I wrote a lengthy reply to one about configuration templating of existing snowflake network on networktocode Slack channel I decided it’s time to turn my replies into a blog post.
Go for easy wins. Periodically store configurations into a source control repository. Use RANCID, Oxydized, or something as simple as my Configuration-to-Git Ansible playbooks.
Start small. Abstract common variables in a data model, and use templates to build simple things (NTP servers, syslog servers, DNS servers, VTY lines…).
Check the proposed changes. Use Ansible --check-mode to identify the changes your templates would make to the network devices before deploying them. Collect those changes into a change report, get it approved, and then re-run the same playbook without check mode.
It’s a bit tricky to collect those changes when running Ansible in check mode until you figure out how check_mode parameter works (hat tip to David Barroso and his awesome NAPALM presentation). Here’s an example till I find time to write a proper blog post.
Start compliance reports. Checking your templated configurations against actual device configurations is a great way to ensure nothing bad happened to the device configurations.
Grow one configuration object at a time. After fixing the common configuration snippets, continue with more challenging concepts like routing protocols or VLANs. Yet again, you might find my MPLS deployment or VLAN services playbooks useful. They’re both pretty complex – I spent hours explaining the VLAN services solution in the Building Network Automation Solutions online course.
Add the snowflakes. After a while, when you manage most things with Ansible, use the brownfield trick from David Barroso to include device-specific configurations (source code on Github, videos are part of the Ansible for Networking Engineers webinar).
That should bring you to the stage where you control the whole configuration with an automation script, but have unstructured per-device exceptions. Next step: figure out what those exceptions are, why you made them in the first place, and abstract the snowflakes (per-user, per-service, per-site, per-whatever). I wrote about that challenge almost exactly a year ago.
Finally – if you’d like to get a head start, consider attending a training like my Building Network Automation Solutions course.
This blog post was initially sent to the subscribers of my SDN and Network Automation mailing list. Subscribe here.