Getting Started with Network AutomationGetting Started with Network Automation
What factors should you consider when exploring network automation?
June 14, 2018
Earlier this month I had a productive discussion with a customer about getting started with network automation, and thought it'd be good to share some of the key thoughts. While this article addresses network automation, you can apply the same process when evaluating any new technology.
We started by discussing a few goals, then investigated the organization's network size and the network staff's capabilities. Does the organization want to use commercial products or build a system itself, based on open source tools? Does it have a good existing network management system? Does it need the ability to switch network hardware vendors?
Automation Goals
The most important step is accurately defining the goals of network automation. I like to create a list of goals, with a few notes about each goal and its relative priority. An organization can only tackle one or two goals at a time, so making a long list isn't productive.
For the conversation with my customer, I created a list of likely candidates. The customer could then edit the list and determine relative priorities. My list of four possible goals is suitable for an organization just getting started with network automation.
Initial provisioning -- This goal is likely to be valuable to an organization that needs to install a large number of devices, perhaps due to a hardware refresh program or a major expansion. However, working with one of the many vendors offering zero touch provisioning (ZTP) solutions can reduce the priority of this goal, even for organizations doing large rollouts. That said, its priority could be higher for organizations taking a multivendor approach.
Configuration management -- Managing configurations includes checking for configuration drift, performing updates, and creating initial configurations. The value of this goal depends on whether the organization already uses a network change and configuration management (NCCM) solution and how well it functions.
OS upgrades -- Upgrading network operating systems on a regular basis has become important in recent years due to the identification of security vulnerabilities in older code. Vendor solutions or an NCCM system may provide this capability already.
Verify operational correctness -- Validate that the network is configured and operating as designed. Verify interface connectivity, route propagation, VLAN trunking, and other operational state against a network state source of truth such as NSoT or NetBox. This goal is valuable if the most common network problem is due to undetected human error or element failure.
Organizational Characteristics
We then talked about the customer's organization. How big and dynamic is the network? Is it planning to install a lot of new hardware as part of an expansion or refresh?
I also wanted to understand the mix of hardware vendors. Most vendor-provided network management systems only work with that vendor's hardware. A wide variety of hardware would increase the importance of a vendor-independent automation system. Does it make more sense to replace multiple vendors with a single vendor? Operational expense often overrides capital expense.
We then moved on to discuss the organization's ability to implement a network automation system. How many people could work on the system and what level of expertise do they possess? How important is the staff's ability to support the solution, especially in the event that a key staff member departs? In what timeframe does it need or would it like to have a solution? Will the staff be able to create the desired solution in the desired timeframe? Finally, is the financial budget sufficient for the project?
I couldn't answer the above questions, but the customer provided valuable information I could use to help drive the direction of the ensuing discussion about specific approaches. An organization with capable staff and a low financial budget might opt for a build-it approach using open source software. A large organization that has special requirements may also consider the build-it approach. But an organization with limited technical resources should probably be considering commercial products or consulting firms with expertise in automation. With sufficient resources, including time, reviewing the implementation of two separate systems, perhaps one commercial and one open source, might be advisable.
One important additional consideration is: Does the organization have a good, basic network management system? Network automation is more likely to succeed when an organization applies principles of good network management processes to it. This consideration is an evaluation of the organization's corporate culture. Adding technology to a culture that doesn't embrace it is a recipe for failure.
Continue to next page: Possible Approaches
Possible Approaches
Our discussion then went on to three possible approaches:
Commercial products -- If your organization operates a single-vendor network, it might be able to use that vendor's automation tools. Do your homework to make sure the vendor's automation tools support all of its network products. This market is fairly new, so watch out for automation tools that only cover a subset of a vendor's products.
Open source software -- Many organizations are having success using packages like Ansible, Salt, Jinja2, netmiko, and NAPALM (network automation and programmability abstraction layer with multivendor support), and you can find many examples of their use in managing a variety of vendor hardware. Because an active development community is working to improve these tools, you'd have to include software upgrade processes into your open source software support plans. Also note that the IT support organization may use these systems, or their IT server equivalents: Puppet and Chef. If other factors drive you to open source software, you may appreciate the availability of books, training, and consulting services to help jump-start your effort. Do a quick Web search for "Ansible training" or "Ansible consulting" to find multiple sources.
Commercially supported open source, a hybrid approach -- The open source movement has created a new type of company, one that provides commercial support for an open source software system. The commercially supported version tracks the open source version, including consulting services and add-on capabilities. Good examples are Ansible Tower by Red Hat, Salt by SaltStack, or syslog-ng by Balabit.
Where Do You Go from Here?
You'll find no right or wrong answer. Educate yourself on the tradeoffs between approaches and on automation systems. Understand your goals and your environment. Select tools that are more likely to succeed in your organization's environment. Evaluate your organization's ability to successfully implement a given solution. Obtain basic training. It can help you avoid early mistakes. Use training and online forums to connect with peers and experts. You may find others who are tackling the same problems and are willing to share their solutions -- that's what makes the open source movement successful.
