A financial customer explained his first automation priority in the most visual and understandable way: “I want to paint all of my network devices with the color of the company.” What I like about that analogy is that it clearly describes the first rule for automation: customers must define their golden configurations (the color to paint) to be able to automate configurations and later assess compliance, and remediate any issues accordingly.
A “golden configuration” usually refers to a Day 1 configuration, and covers the minimal settings needed for a network device to be configured after a fresh network operating system installation. This usually includes common services such as NTP, DNS, AAA, Syslog, SNMP, and ACLs for management connectivity.
As part of this blog, I will provide an overview for new automation capabilities available to achieve some of these Day 1 configuration activities. In addition to the enhancements for network configuration management, I will cover new Ansible Automation Platform capabilities that are frequently required by our network customers, such as:
- Detailing common operational benefits of Ansible Automation Platform.
- Measuring the value of automation use cases.
- Leveraging execution environments and automation mesh.
Certified Collections available in Ansible automation hub
An Ansible Content Collection is a format for organizing and distributing Ansible automation content, using a specific directory structure. This allows content creators to ship bundles of modules, plugins, roles, and documentation together, in a consistent and structured way, and disaggregate automation content from the Ansible Core execution component.
The Collections are validated to work against certain versions of Ansible Core, and are shipped separately from the Ansible Core executable, allowing more agility to get fixes or enhancements for specific Ansible Content Collection modules.
Red Hat Ansible Certified Content Collections are officially maintained and supported by Red Hat and its technology partners and available for download in Ansible automation hub. Ansible automation hub has over 30 certified Collections for network automation, including network platforms from technology partners such as: A10 Networks, Arista, Aruba, Check Point, Cisco, FRR, Juniper networks, Fortinet, F5, Open vSwitch, VyOS and WTI.
Red Hat Ansible Certified Content Collections include the content to automate network devices such as firewalls, routers, switches, but also common enterprise needed integrations with external platforms such as Infoblox, Splunk, and Service Now.
New network resource modules for Collections
An Ansible network resource module can read and configure a specific resource, such as interfaces or VLANs, on a network device. They allow for configuration of subsections or resources within the network device configuration, in a consistent way across multi-vendor network devices.
You can use the network resource modules to specify the behavior of your configuration by assigning the following states: merged, replaced, overridden, gathered, rendered, parsed, or deleted.
The latest resource modules added for network automation cover prefix_lists, SNMP server, NTP, hostname, banner, and logging capabilities for Arista EOS, Cisco NX-OS, Cisco IOS, Juniper JunOS, VYOS, and Cisco IOS-XR devices.
In addition, the newest ansible.network.resource_manager platform-agnostic role, part of ansible.network collection, enables users to:
- Get a list of resource modules supported for a given network operating system.
- Gather the facts for a given resource and store them as host_vars, thus enabling the capability to gather facts for all the hosts within the inventory and then store them in a structured format.
- Push the resource config stored as host_vars to the remote host.
Operational benefits of network automation via Ansible Automation Platform
Some of the common advantages of utilizing Ansible Automation Platform for network automation include:
- Security: A single, trusted connection platform to trigger automation tasks and workflows. Avoiding script execution from different sources.
- Delegation: Using Role-Based Access Control (RBAC). Including Single Sign-On (SSO) through central authentication functions for your Ansible Automation Platform.
- Control: Schedule jobs for automated playbook runs.
- Flexibility: Launch job templates using surveys.
- Integrations: Through Red Hat Ansible Certified Content Collections like ServiceNow, Splunk and Infoblox.
- Compliance: Run jobs in check mode for audits.
Moreover, Ansible Automation Platform 2.1 has two major improvements that benefit network automation use cases:
- Reduced effort to move from development to production environments. Leveraging automation execution environments, Collections, python and libraries, Ansible Core, and RHEL8 UBI are packaged and distributed as portable and flexible container images.
- Separate control and execution layers. Ansible Automation Platform 2.1 allows having a centralized controller as a single connection and integration point for automation, but distributed execution via automation mesh. This way, execution nodes with automation execution environments can be placed in different locations that are closer to the network endpoints to reduce latency and enable automation for edge use cases. One common example is network devices in branch offices for retail or financial companies.
Measuring the business value of network automation efforts
It is critical for network managers and architects to visualize the benefits of their team automation effort, and be able to justify their investment. This can be obtained as part of an Ansible Automation Platform subscription, through the information available in Red Hat Insights:
- Download top reports for statistics at an organizational level, which can include:
- The network hosts changed by job template within a specific time range.
- Total changes made by each job template in a specified time window, to make sure the correct number of changes are made per network element, and see which job templates make the most changes.
- Number of network hosts by organization.
- Number of job templates and tasks executions grouped by organizations.
- Templates explorer to visualize the status and network tasks that fail the most, to identify any bottlenecks or problems within templates.
- Most used modules, tasks, or job templates.
Having these metrics allows network automation architects and managers to measure the number of automated tasks, determine the tasks that are the most frequently executed for operators and identify recurrent failures.
- Automation savings planner helps to plan and analyze potential efficiency improvements and cost savings, if you choose to automate a specific network process. Considering the initial example for Day 1 SNMP and logging configuration, which can be automated across all network devices, there might be a recurrent validation of it. You can identify the tasks to automate, the corresponding manual time, frequency of execution, number of hosts, and templates that will be used. The output will reflect the monetary or time savings due to this process automation.
- This Automation Savings Planner blog written by Roger Lopez details the step by step process to use it.
- Automation calculator is a ROI (return on investment) calculator using aggregated data. It estimates the manual cost for a template against the automation cost for template and can quantify the savings.
What can I do next?
- Network automation instructional.
- Network automation for everyone.
- Network automation using Ansible.
- Additional Ansible use cases.
- Network automation using Ansible session by Ganesh Nalawade, that includes a nice explanation on why using network resource modules.
- Automate networks of all sizes with Ansible session by Nicolas Leiva, covering lessons learned, use cases and best practices for a network automation journey.