Table of Contents
Network Automation Tools help us to automate monitoring and configuration of network devices which can be useful especially in a large scale network environments.
As a network engineer, I classify automation tools into two main categories. Those based on native Python programming language which bring mainly flexibility and those not based on Python which bring mainly simplicity.
There are two categories of Python-based network automation tools. Those through which we send CLI commands to monitor and configure network devices and those that are based on the YANG data structure.
The target of this course is to automate network devices based on CLI-based Python automation libraries. Therefore, our comparison mainly focuses on the tools classified in this category.
YANG-based python automation tools will be discussed in another course.
Network automation with Ansible, a non-Python based automation tool, is already exist in the list of RAYKA courses.
Network Automation Tools Comparison
This is a figure that I have prepared to show what I think about network automation tools.
Ansible, Puppet, and Chef are some automation tools that are not based on Python programming language and have their own language.
I’ve been automating with Ansible and Puppet for more than two years. I’ve used Ansible for both network and server automation. And I used Puppet as a configuration repository and server automation.
What I can say after this not too big experience is that simplicity is the most important property of these automation tools. What is missing in these tools is the flexibility of the programming languages.
I believe that any network engineer, especially those with no programming experience, can start with Ansible. So they can enjoy automation and a simple automation language at the same time.
However, these tools are not the focus of this course. Because of this, I won’t talk about these tools anymore.
I want to focus my discussion to the comparing of automation tools which are based on python programming language.
YANG based Network Automation Tools
Python is a scripting programming language with many libraries which can be used in network automation.
These libraries can be classified in two main categories. Those who send final CLI commands to the network devices to monitor or configure them and those who are based on YANG structure.
YANG is a standard data modeling language and in network automation bring the capability to monitor and configure network devices with sending or receiving data to or from YANG data structure instead of sending final CLI command.
It has the potential of monitoring and configuring network devices independent of the vendor CLI commands. Therefore for configuring and monitoring of different vendors we do not need to use different CLI commands.
To better understand the YANG data modeling structure, suppose that you send BGP as number, BGP neighbors IP addresses/AS numbers and networks to be advertise in the form of data in YANG data structure and independent of the vendor if it is cisco, juniper, arsita or any other vendors.
It also bring the potential of monitoring network devices regardless of the vendor and in the format of structured data that can be easily processed without using regular expressions.
NETCONF, RESTCONF and gNMI are three famous protocols that use YANG data structure to automate network devices.
There are some libraries in the Python programming language which use these protocols to automate network devices based on the YANG data structure.
But that is the focus of another course which I hope will be the next course.
CLI based Network Automation Tools
CLI-based network automation is the topic of this course. Therefore, in this section, I am going to compare different CLI-based network automation python libraries and why I chose the Nornir to automate during the course.
Paramiko
Paramiko is the first python network automation library that is introduced.
Paramiko is not more than just a python SSH library. In other words in python you can program to connect to the network devices through SSH with this plug in.
Paramiko does not do anything more for you.
To give you some examples, if you connect to a device through paramiko and need to press the spacebar multiple times to access the shell, you need to implement it in your code.
To use the show monitoring command, you must switch to enable mode through your code. And to configure network devices, you need to enter configuration mode through your code.
You need to collect the output of your show commands and encode it by your code to make it human readable.
In short, Paramiko does nothing for you and it is only a SSH library.
Netmiko
In Python Netmiko library, you don’t have to worry about accessing the shell, switching to different modes to monitor or configure the device, or collecting and coding the output of commands to display them on the screen.
All of this is done by Python Netmiko device drivers.
For 10 devices, the drivers are always up-to-date and fully supported. Various Cisco devices including IOS, IOS-XE, IOS-XR, NX-OS and Cisco ASA, arista vEOS devices, Juniper Junos devices, HP ProCurve and Linux are devices fully supported by the Netmiko Python library.
But in addition to these devices, 95 other devices are partially supported by netmiko with limited tests and experiments.
You can find the list of devices supported by netmiko in this link.
Scrapli
Scrapli is another python network automation library which is enough popular and very handy.
Scrapli is a somehow more advanced version of netmiko with some improvements but at the same time some limitations.
Scrapli support only 5 device types. But the devices which are often used in the network infrastructures including cisco IOS-XR, IOS-XE, NX-OS, Juniper Junos and Arista EOS.
Scrapli: another useful link
So if we are automating a network with devices out of this list then obviously Netmiko is a right solution, otherwise Scrapli is mostly preferred.
There are some new features added in Scrapli. For example you have the capability to choose to replace an existing configuration or merge it with the current configuration.
It also support netconf protocol. It means you can configure devices also based on YANG data structure.
NAPALM
With looking at the network automation comparison table, we will get the feeling that NAPALM is an advanced version of scrapli and is preferred in most cases. But that’s not true and NAPALM isn’t used as often as netmiko or scrapli.
But the idea of NAPALM is interesting. NAPALM can automate the network regardless of the vendor (abstraction) and give us structured monitoring output for easy processing (structured output). Exactly the goals that we are following with the YANG data structure.
So why it is not famous?
NAPALM is still based on CLI commands, but not Cisco, Juniper, or Arista commands. It has its own commands, which are translated into vendor-specific commands in the background.
In other words for very famous commands like monitoring the IP address of interfaces, NAPALAM has invented its own command. When we call NAPALM command, it translate the command based on the vendor of managed device. For example “show ip interface brief” in cisco device or “show interface terse” in juniper device.
Obviously it does not support all commands but only very famous commands. Additionally it supports only show commands and has no advantage in configuration commands.
The other advantage of NAPALM is the structured output of monitoring commands.
To understand better, when you type “show interface terse” in juniper device or “show ip interface brief” in cisco device to extract the IP address and status of a specific interface, you need to use regular expressions to extract information and the regular expression obviously differs in Cisco and Juniper devices.
But with NAPALM you get an output that is firstly vendor independent and secondly you can easily extract any information from the output without using regular expressions.
Nornir
Python Nornir library is what we will use during the course and now we discuss why.
First of all you need to know that inside Nornir we are allowed to use Netmiko, Scrapli, Napalm and many other automation libraries through Nornir plugins. Therefore, in Nornir we have the advantage of all previous automation libraries.
But Nornir itself brings two new benefits, inventory management and multi-threading.
With previous Python automation libraries that don’t have inventory management, you configure the list of devices in your code.
However, in inventory management, the list of devices and group of devices are defined in separate inventory files. Then you can easily filter devices or device groups in your code to send commands to monitor or configure them.
Another benefit of the Python Nornir library is multithreading. This feature allows you to send commands to many devices at the same time. With other Python automation libraries, discussed earlier, commands are only sent to the devices one at a time.
Now we know why we chose Nornir plugin to automate network devices. We will use netmiko, napalm and scrapli plugins inside nornir during the course.