Gain insights into automating network reconnaissance, orchestrating repetitive changes, and transforming network configuration management. Discover CI/CD pipeline migration for full network automation.

ansibleFinal1.tar.gz

gitjob

CIPhosts

CIPhosts-copy

gather_info

gather_important_facts

facts_to_md

facts_to_csv_html

tools

frr01

frr02

first_gather_important_facts

​​Network automation begins with automating network reconnaissance. This is accomplished by gathering important information from network devices while building a library of dynamic on-demand utilities and generating living documentation. Starting small, the course exhibits the simplicity and elegance of network automation.

Next, you will learn how to automate larger changes that require a high number of repetitive steps. These changes will be executed serially in a specific orchestrated order, making them perfect for an automated solution. After gaining comfort with the new tools, you can fully transform network configuration management to an automated, intent-based, self-documenting system.

The final step is learning how to migrate to a continuous integration/continuous delivery (CI/CD) pipeline, thereby fully automating the network.

Automate Your Network

# Security
Some of the largest security breaches occur because **telnet** is open on a
port with a public-facing IP address. Security standards and best
practices can now be hard-coded into templates guaranteeing the enforcement
of policies. Often complex configurations are required on interfaces at
the access layer to address security risks. 

Consider the access layer
and all the following security standards that should be implemented:

-   Spanning-tree toolkit commands
    -   Bridge Protocol Data Unit (BPDU) controls
    -   Portfast
-   802.1x or port-security commands
-   Data and voice VLANs
-   QoS settings
-   CDP settings
-   Power over Ethernet (PoE) settings
-   Native VLAN established
-   Native VLAN applied on trunk ports
-   NTP source
-   Security banner presented at login
-   AAA
-   RADIUS / TACACS+
-   ACLs on management ports
-   VLAN 1 disabled

Security requirements, if missed or incorrectly applied, lead to
vulnerabilities and threats within the network. These vulnerabilities
can be exploited, lead to outages, or bring about data loss in certain
scenarios. Having a guaranteed templated configuration ensures that
important security components are hard-coded into every template and
applied to the device's global configuration as well as to every
interface configuration. Every access port throughout the campus can now
be configured the same way and will automatically include security
posture standards.

# Agility
In an on-demand world, networks continue to be the bottleneck of many
projects. One of the driving factors for moving to automation is the
agility it offers. Most of the common changes to the network become
updates to existing data models. When new feature requirements arise,
such as the need for multicast, new templates, and new data model
variables are developed. The feature is then released and
incorporated into the orchestration of playbooks as a new task. A very
repeatable and modular process evolves, which provides the agility to
deliver projects more efficiently.

# Design
Traditional network design often revolves around device configuration
commands. While these commands are essential at implementation, it is
the data that should drive network design. Network engineers' new
responsibilities include crafting human-readable data models and the
logic that drives the dynamic templates. 

Existing or new dynamic
documentation should reflect new features as templates are added or
updated. By thinking about data first, and the configuration second,
network designs evolve.

# Deployment
The biggest advantages found in network automation are often on the
operational side of network management. Large-scale changes are often
very difficult to roll out to an enterprise. 

Introducing QoS to a
network, for example, means touching all devices in all layers of the
network- often with different code per platform. Devices using
Multi-Layer Switching (MLS) or Modular Quality of Service Command Line
(MQC) lead to different requirements and configuration commands by
platform. 

Operations receive approved, finalized, network designs,
along with deployment steps, from the network engineers. This often
requires weeks or months to then complete the delivery to campus from
start to end. Network automation- even a hybrid model where operators
run Ansible playbooks manually- solves operational headaches related to
deploying configurations to the network. Deployment time is drastically
reduced when using Ansible playbooks while quality and accuracy
significantly increase.

Let's learn about the security, agility, design, and deployment aspects of the network automation process.

Introduction

What Is Network Automation?

Why Automate the Network?

How to Automate the Network

Where to Start with Network Automation

Repository Structure

Network Reconnaissance

Tactical Playbooks

Data Models and Dynamic Templates

Dynamic Intent-Based Documentation

Configuration Management

Continuous Integration/Continuous Delivery

Conclusion

Security, Agility, Design, and Deployment

Security