M2 – Configuration ‘Main components’ of NaC model – Part 2. Weeks 12-13

Greetings!

The milestone 2 report — a second part.


Contents:

Part 1:

1. Why GNS3?

2. Device management in GNS3

Part 2:

3. NetBox

4. GitLab

5. Ubuntu WS


If you have not read the ‘Introduction’ post, it is a good starting point to understand what I will talk about.


3. NetBox

NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. Initially conceived by the network engineering team at DigitalOcean, NetBox was developed specifically to address the needs of network and infrastructure engineers.

https://github.com/digitalocean/netbox

‘NetBox’ is (Source of Truth) of NaC model. The most reliable source of information about the network. The database of the network.

Serve as a “Source of Truth”


NetBox intends to represent the desired state of a network versus its operational state. As such, automated import of live network state is strongly discouraged. All data created in NetBox should first be vetted by a human to ensure its integrity. NetBox can then be used to populate monitoring and provisioning systems with a high degree of confidence.

https://netbox.readthedocs.io/en/stable/

All network data about the fictional company ‘X’ will be in ‘NetBox’.

NetBox has a REST API for interacting with database objects, for example, search, create and etc.

‘Pynetbox’ is the Python API client library for NetBox.

https://github.com/digitalocean/pynetbox

A couple of examples:

https://ttl255.com/pynetbox-netbox-python-api-client-p1-getting-info/

https://avleonov.com/2018/09/05/retrieving-it-asset-lists-from-netbox-via-api/

NetBox does not have auto-discovery of devices in the network.
Also, NetBox requires pre-configuration of fields to add devices (such as manufacturer, model, role and etc.).

It does not contain any data by default.

Ideally, you need to think very well about the structure of the data inside, which fields are needed, which are not.

Before installation, you can add custom fields or scripts.
It is a very flexible solution.

https://github.com/netbox-community/netbox-docker

Does it possible to automate it?

Imagine the situation that the Network Engineer wants to implement NetBox to document the entire network. For example, the network is already existed and configured. All equipment have SSH access.
Total of the network equipment is 100 routers and switches.

How to add automatically all 100 devices to the database?

To write data of the required fields about devices, such as (hostname, serial number, platform and etc.) We need to take that information from somewhere. Ideally, this data will be automatically collected from the devices and added to the database.

NetBox has the ability to import devices to the database using CSV format, for example:

name,device_role,tenant,manufacturer,model_name,platform,serial,asset_tag,status,site,rack_group,rack_name,position,face,comments

BR1-AC1,Access,,Cisco,vSW,IOSv2,XXXXXXXXvirtual,,Active,BR1,,BR1-Rack1,5,Front,

BR1-ED1,Edge,,VyOS,VyOS-1-1-8,,XXXXXXXXvirtual,,Active,BR1,,BR1-Rack1,6,Front,

BR2-FW1,Firewall,,Juniper,vSRX-17.3R1,vSRX,XXXXXXXXvirtual,,Active,BR2,,BR2-Rack1,6,Front,

But I cannot add additional information (interfaces, physical connections, MGMT IP (primary address), platform)

It is impossible to add all the information about the devices using only one file.

The CSV format is useful to add information about the device (type, manufacture, roles) but not everywhere.

We need to use NetBox REST API to automate this task.

NetBox is a very flexible tool, but it takes a lot of time and knowledge from the software development world to customize everything as you wish.

I have some idea,

Some kind of python script that use NAPALM drivers or other to interact with devices to get the necessary information such as hostname, serial number and etc. Next, using parsing data to leave only the necessary information and send it to the REST API to the NetBox database.

P. S. The author is not a programmer, it’s just thinking, how cool it would be in my opinion to do that.

For the project, that goes to Future directions, because I do not have time to work it out.


4. GitLab

Gitlab is a code tracking system for all changes in the network.
In short, the control center of the network. It is existed on fourth and third layers of NaC model that combines the ‘Source of Truth’ (mostly for device configuration files, ansible playbooks, roles and etc.) and the Distributed Source Control system.

That is an everyday tool for Software Developers but for Network Engineers, it will be a novelty.

GitLab is one of the main tools in the NaC model ‘Main components’

It will record all the problems and updates in the network.

It will merge all changes that will occur in the test and production environments.

The main feature of GitLab is CI/CD (Continuous integration and continuous delivery)

In short, all changes will first have to go through the test environment and after that will go to production.

For the project, GitLab CE is deployed using the ‘docker-compose.yml’ file along with Docker-runner1 (robot) that performs CI/CD tasks.


5. Ubuntu WS

‘Ubuntu VM’ – is the workstation from that the Network Engineer interacts with all environments.

The workstation includes main components: Git, Python, Ansible, NAPALM and PyATS / Robot Framework.

Of course, other types of components have existed, everything depends on the initial data of the network and knowledge.

The components which I have chosen for the project may not be very flexible or not allow to implement complex logic in other conditions.
It always depends on …

Briefly about each component:
  • Git – tracks changes of all files which used to work with the network.

  • Python is a universal language for interacting with devices, NetBox and etc.

  • Ansible – is an open-source software provisioning, configuration management, and application deployment tool.

For example, it generates configurations and executes on network devices.

Ansible also has a large set of different network modules:

https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html


  • NAPALM is a library (a set of drivers) for interacting with network devices from different vendors.

Supported vendors:

https://napalm.readthedocs.io/en/latest/support/index.html

Additional community drivers:

https://github.com/napalm-automation-community


  • PyATS / Robot Framework are what will auto test services on network devices, for example, how is routing work as planned or not.

I think, make automatic tests for the company ‘X’ network will be the most difficult part of the project.

Example of PyATS:

https://developer.cisco.com/site/pyats/

Example of Robot Framework:

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: