Network Automation using Ansible for Cisco Routers Basic Configuration
Anuncio
Network Automation using Ansible for Cisco Routers Basic Configuration Jonathan Wijaya Telematics Laboratory, School of Electrical Engineering and Informatics, Bandung Institute of Technology, e-mail: [email protected] Abstract: Network programmability is a trend, protocols, like OpenFlow. However, the enhanced and inspired by Software Defined “traditional” non-SDN legacy networks need to Networks, that are based on scripting methods keep the pace and respond to dynamic network and standard programming languages used for changes. Network automation is a solution for controlling network operational expenses saving, improving not elements. This paper is illustrating a method in only the time spent for configuring the network configuring using devices, but also the efficiency of network automation, reducing time for equipment maintenance through procedures that are easier configuration and easier maintenance. It uses to follow and implement at large scale. and monitoring network devices of by Ansible in Ubuntu environment as the controller, and Cisco routers as the managed All major vendors, including Cisco, started nodes. These methods represent the future of promoting the software configurability of networks, allowing the management of an networks (e.g. Cisco DevNet concept that increased number of devices in a unitary way. promotes the creation of an open source community for network programmability [5]). Keywords: Network, Automation, Ansible. All new automation implementations are based on generic programing methods (python, java) 1. Introduction and standard interfaces (Secure Shell SSH or even RESTful webservices). The number of devices in a network and their heterogeneous nature is steadily increasing. However, only the newer devices have support The traditional methods used for network for the new programmatic methods, and this equipment configuration are time consuming, paper addresses methods to automate legacy taking into consideration also the vendor network elements. specific know-how needed. The Software Defined Networks (SDN) concept tries to The main objective of this paper is to eliminate the vendor dependency via standard demonstrate the efficiency of the scripting in configuring network devices. For that we have parts, usage of OpenSSH for transport (with created an emulated network topology in Eve- other transports and pull modes as alternatives), ng, having as main element an Ubuntu Desktop, and a language that is designed around with the role of a network controlling element. auditability by humans–even those not familiar We have controlled the network devices in a with the program. programmatic way using Ansible, based on Python. Ansible is appropriate for managing all environments, from small setups with a handful 2. Network Automation using Ansible of instances to enterprise environments with many thousands of instances. At its core, network automation has the main goal of simplifying the tasks involved in Ansible manages machines in an agent-less configuring, managing and operating network manner. There is never a question of how to equipment, network upgrade remote daemons or the problem of not services and network connectivity. In my being able to manage systems because daemons experimental setup I have used the Eve-ng are uninstalled. Because OpenSSH is one of the emulator which is a tool for building, designing most peer-reviewed open source components, and testing networks, capable now also to security exposure is greatly reduced. Ansible is connect to external networks and allowing decentralized–it relies on your existing OS integration with virtual images. credentials to control access to remote network topologies, machines. If needed, Ansible can easily connect A. Network Setup with Kerberos, LDAP, and other centralized authentication management systems. For the specific implementation, I have used an Ubuntu Desktop which is running Ansible, The scripts incorporate some functionalities allowing to connect to devices and automate like their configuration via ssh connections. configuration, and routing protocols. The hostname changing, IP address scripts can be used for almost all network Ansible is an IT automation tool. It can devices regardless of the vendor that produces configure systems, deploy software, and them. orchestrate more advanced IT tasks such as continuous deployments or zero downtime The topology contains a cloud (Net) which is rolling updates. used to connect the Ubuntu Desktop device which will run the Ansible and its automated Ansible’s main goals are simplicity and ease- scripts for configuring network devices, a of-use. It also has a strong focus on security and Switch (using Cisco vIOS) that is making the reliability, featuring a minimum of moving connection to 2 Routers that will be automatically configured (Figure 2.1). Packaging Tool (APT) in Ubuntu. The following commands will configure the Personal Package Archives (PPA), install Ansible, and install the newest python version. $ sudo apt update $ sudo apt install softwareproperties-common $ sudo apt-add-repository ppa:ansible/ansible $ sudo apt update $ sudo apt install ansible $ sudo apt install python Figure 2.1 Topology B. Ansible Automation Methods The Ubuntu Desktop needs to be in the same There are 3 main file in the Ansible directory, network as the devices that we want to hosts, ansible.cfg, and Ansible Playbook file. automatically configure so it can obtain an IP The hosts file is the inventory file where we add via a common DHCP or we can configure a our managed nodes to be controlled by Ansible. static IP address. It also must be connected to Ansible.cfg is the actual configuration file used Internet for downloading the necessary tools. to tweak Ansible parameters. Once the installation is done, we need to add some nodes The routers need to be configured first. What in the hosts file. In my case I add 2 IP addresses needs to be configured are IP address of the which belong to interface fa0/0 of my 2 routers. connected interface and SSH, so that the Here is the content of my hosts file: controller (Ubuntu Desktop) can access the //hosts [iosxr] 10.10.1.99 10.10.1.199 routers. An Ansible controller (the main component that manages the nodes), is supported on multiple flavors of Linux, but it cannot be installed on Windows. For managed nodes, since Ansible uses SSH to communicate with managed nodes, the node must be able to be accessed from SSH. Going back to controller machine installation, Python 2 (2.6 or above) needs to be installed. In my case, I am using Ubuntu as my OS, hence my focus would be on working with Ansible using Ubuntu as the underlying OS. A way of installing Ansible is to use the Advanced I grouped the 2 hosts with a group name ‘iosxr’ because they are Cisco routers using iosxr operating system. Then after the hosts file, the other file is the Ansible Playbook. Ansible playbook contains the configuration we want to push to the devices. The playbook file has ‘.yml’ file extension. In my case, the contents of my playbook file are the routers’ username and password, hostname configuration, IP address configurations, and OSPF configuration. Here is the content of my playbook file: //ansible-playbook --- name: config hosts: all connection: local gather_facts: no tasks: - name: configure provider set_fact: provider: username: cisco password: cisco - name: set hostname ios_config: provider: "{{provider}}" lines: hostname {{ inventory_hostname }} - name: interface IP address ios_config: provider: "{{provider}}" lines: - ip address 192.168.1.10 255.255.255.0 - no shutdown - full-duplex parents: interface FastEthernet 1/0 - name: loopback interface ios_config: provider: "{{provider}}" lines: - ip address 1.1.1.1 255.255.255.255 - no shutdown parents: interface Loopback0 - name: configure ospf network ios_config: provider: "{{provider}}" lines: - router-id 1.1.1.1 - network 192.168.1.10 0.0.0.255 area 0 parents: router ospf 1 Figure 2.2 Ansible Playbook Result Figure 2.2 above shows the result after I run the playbook file. The result shows that I successfully changed 4 configurations in the target routers. Those 4 configurations are hostname, interface IP address, loopback IP address, and OSPF. For my future work I plan to automate network devices using Ansible alongside NAPALM. Network Automation and Programmability Abstraction Layer with Multivendor support [9] is a Python library that implements a set of functions to interact with different router vendor devices using a unified API. The heterogeneous vendors are integrated via drivers, and NAPALM offers support for most of the important vendors. After making sure the files’ contents are correct, what we need to do is just run the playbook file. 3. Conclusions In my case, my playbook file’s name is ‘test.yml’, so what I need to type is: ansible-playbook test.yml Configuring and monitoring any device via automation, independent of vendors is a goal implementable not only on SDN devices, but also on other networking solutions. In this paper, I have demonstrated the importance of automation in a network that are not aware of OpenFlow SDN protocol. I have demonstrated that using Ansible, network engineers do not need to configure by themselves each individual device, they just need to create the proper infrastructure and by implementing automation scripting. The network controllability becomes easier and changes can be faster deployed, maybe even automatically, as response to events that take place in the network. So the legacy network elements becoming similar with SDNs. Reference 1. Ansible for Network Automation, https://docs. ansible.com/ansible/latest/network/index.html 2. Tischer R., Gooley J. 2016. Programming and Automating Cisco Networks. Cisco Press. 3. Cisco ”DevNet” Open Source Dev Center https://developer.cisco.com/site/opensource/ 4. NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) https://napalm.readthedocs.io/ en/latest/ 5. Ansible for Network Automation Tutorial, https://www.networkcomputing.com/networkin g/
