In this multi-posts series, We will deep dive into Juniper network automation and how to automate both configuration and operation for Juniper devices using different tools available such as PyEZ, NAPALM and Ansible.
if you missed the first part, Building Basic Configuration using Jinja2 Template, Please Read it first to understand the network topology that we will work on it and generate the initial configuration.
Intro to NAPALM
in this part, we will explore a python library called N.A.P.A.L.M. This is a shortcut for Network Automation and Programmability Abstraction Layer with Multi-vendor Support. It’s vendor neutral, cross-platform open source project that provides a unified API to network devices.
NAPALM works such that it connect to network devices through SSH interface or using vendor API (API of course is much easier to execute and parse) and execute commands directly on device CLI then parse the output using TextFSM modules and regular expressions to return the final output to use in structured format (lists and dictionaries) so you could basically use the same NAPALM getters methods(get_bgp, get_interfaces,get_mac_address…etc) to connect to devices from different vendors and get the output without even knowing the vendor command.
Moreover, The returned output will be in structured format so you can easily parse it and get the needed data. This allow you to have a unified access to data from all supported vendors with a few lines of codes
Our Use Cases
I’ll implement three use cases using NAPALM. First one is to get the interfaces TX/RX Errors and discards and print it in tabular format
Then I want to get summarized information for specific route like the next-hop, outgoing interface and protocol that advertise this route
Finally I want to generate compliance report for the running configuration
Note: I’ll upload all scripts to my GitHub repo
“Talk is Cheap, Show me the code” Linus Torvalds
we will start first by installing the napalm module in python using PIP like what we did before in netmiko
pip install napalm
Then we will import the get_network_driver from the installed napalm module. This method should be inatalized with vendor name as an input in order to prepare the proper configuration for each vendor and use the correct API
from napalm import get_network_driver junos_driver = get_network_driver("junos")
Finally we should provide the username and password for the device that we want to connect
mx_router = junos_driver(hostname=ip,username="root", password="access123") mx_router.open()
At this moment, The NAPALM will open session to the router and we will have the ability to run multiple getters and return the data. Lets try something simple like get_facts(). This method provide a general information about the device like the hostname, number of interfaces, running version and so on. I’ll create for loop to iterate over all devices in the topology and get the same information
Note that I’m checking the device is reachable and live before getting the data from it. The result of is_alive() function is either True or False so I could use it inside if statement
Note that the output is structured and actually a result of many executed commands and API calls to juniper device (like “show interface terse” , “show system uptime”, “show chassis hardware detail “). This allow you to focus on development not on finding and parsing the data returned from the device.
Use Case 1: Getting interfaces with errors
Ok, Now let’s implement our first use case. As mentioned, I want to get the Rx/Tx errors per interface in Tabular format. this could be used along with some scheduled jobs to generate nicely looking reports or even trigger an event like sending email or orchestrating another configuration and so on.
I’ll use additional module called “prettytable” that generate the take care of Table format like headers, rows, spacing
First I will ask user to enter the MX IP address as an argument to my script
Then I will create two tables with headers using the “prettytable” module. One that hold the Rx/Tx errors and the 2nd for Tx/Rx Discards (you can also create for unicast, multicast,..etc)
Finally I’m connecting to device and query the infromation and just selecting the data that I want from the returned output then populate the table with them. I’m using “get_interfaces_counters()” to get the needed data and also “get_interfaces()” to get the MAC address for each interface
Use Case 2: Searching in[et0] Routing Table
The second use case is to parse the device routing table and search for specific route attributes. This is useful when you’re troubleshooting large network and want to get a summarized view for a route. Also you can use it to visualize the control plane for the routing table (but this will require some additional modules like matplotlib and networkx).
Anyways, we just need to print the next-hop, protocol and outgoing interface for the provided route. I’ll use the same script above but this time I’ll use another method called “get_route_to()”
First I will add also another argument for the route
Then I will parse the returned output and search only for the needed attributes.
Two things worth to mention. First I wrapped the above code in “try..except” block to catch a case where the route is not exist on a target device. so instead of printeing ugly exception, I will print a custom message. Second, I choosed the first learned path “”. You could enhance the script by getting the length of all route entries and iterate over it. but for sake of bevrity, I just choosed the first occurance.
Use Case 3: Compliance Reporting
Our final use case is quite interesting! and it’s related to auditing and compliance stuff. Assume that I want to make sure a specific configuration exist in all my network devices such as TACACS servers, default routes and SNMP communities. or I want to make sure all my devices are running on a specific vendor OS version and so on
NAPALM has a cool feature that allow you to compare the returned information (either operational or in configuration) with a YAML template and if there’s a deviation from the template, it will mention that in the final report. You can check & compare ANY value that returned from device whether it’s IP addresses, interface counters, bgp peer status, OS version..etc
Moreover, You can check if a specific item is just exist regardless it’s value. for example you can check if the router-id is configured, local ASN, ipv4 on specific interface. This what we will do exactly next.
First I will define my YAML template with all values that need to verified and checked against the values inside the device
in the above template, I’m verifiying 4 things:
1- JunOS version is “14.1R1.10”
2- There’s IP address configured under ge-0/0/0.0
3-Device has an active BGP connection and peering
4- A router-id is configured under bgp_neighbors
So I’m basically checking both operational and configuration data.
Then I will use compliance_report() function and provide the YAML file created in previous step to check
The result will be also structured and will indicate which parts from the template are complied and which are not
The network automation is evolving rapidly!. Previously we just had PExpect and Paramiko modules that just establish a connection then execpt & read_until specific output. Now, we have a solid modules that able to handle different vendors and return a structured output in such a way that make network engineer/developer focus on building robust network automation solution & open a door for other modules that automate the daily operation tasks for network engineer.
I hope this been informative for you and I’d like to thank you for reading