Topics

I made another video: Getting started with network automation right now, with no resources.

One of my goals is to always give you code to steal for your projects. This is no exception. I demo a 1 day programing project I did, and give the code.

Building a ChatOps bot sounds terribly scary, I really wish I had known when I was getting started that it's not scary at all.

How do you get started on network automation when you are just starting, and don't have any resources beyond an ancient windows PC you managed to beg/borrow/steal from desktop management. Think you don't know python well enough? Well I think you do: the worst project is one that never gets started.

Intro to batfish

networking-forum.com seems to be dead.
That's sad.

I simplified my networking crawler so anyone can use it, and made a demo to show how to use it.
https://www.youtube.com/watch?v=koJc_LmFpAI

Connecting to a device with netmiko, and using the integrated TextFSM

https://www.youtube.com/watch?v=IrnxDiGFqes

https://www.youtube.com/watch?v=05bXXfZ32NU

I use configs as what I am working on, but it would work with any text in general.


http://packetpushers.net/using-ansible-generate-complex-configs/

For those that care I built a network walker a while back and it's based on a database now.

https://github.com/GoreNetwork/Network-Walker

From the database you get from this you can run this one to get a network map in yEd
https://github.com/GoreNetwork/Build-Network-Map



And this one to query for any network device that has an IP in that subnet
https://github.com/GoreNetwork/Query-IP-to-find-device-and-subnet

Looks something like this

C:\Python in process>python "subnet query.py"

IP address: 10.0.18.166

{'site_name': 'nc-sw-fake-1', 'ip': IPv4Address('10.0.19.253'), 'cider': '/22', 'snm': '255.255.252.0', 'subnet': IPv4Network('10.0.16.0/22')}

{'site_name': 'nc-sw-fake-2', 'ip': IPv4Address('10.0.19.252'), 'cider': '/22', 'snm': '255.255.252.0', 'subnet': IPv4Network('10.0.16.0/22')}

People on our networking team:  We can't trust the core to handle this traffic, what if it goes down?  Let's send it over a single Ethernet cable instead between 2 switches!!

https://github.com/GoreNetwork/Automate-IOS-upgrade

The 'upgrade info.csv' is the heart of this program.
Column A just just for your info to make it more human readable Column B is what the program looks for in "show ver" to figure out which row to use (So make sure the info correct and specific enough to not have false positives) Column C is where the IOS will be copied to and where the boot statment says it should be (careful, some switches require flash:/ and some routers don't like that) Column D is the IOS that will be copied to the device, these IOSs will need to be in the same folder as program you are running. Column E is the output that the program will verify is in the output from the verify command. This is exactly what will be there, so if it has the hash that should be there and the generated hash if you only put the correct hash in it could pass the check incorrectly. Column F does nothing, it use to let you specify what server you would be useing, but we needed to upload directly from the PC

This program SSHs to the box and runs "show ver" on it.

It then looks in the output for columb B in 'upgrade info.csv'.

It will then enable SCP server on the router/switch and SCP over the IOS in the corosponding row.

It will then run the verify command and verify that the exact output from Colum E is in there.

Next it will remove the 'ip scp server enable' command

Then it will remove the current boot statments

It will then run boot system "upgrade info.csv column C+column D"

Then write memory

Next check the boot statment to make sure the boot statment is in the startup config

PLEASE NOTE THIS DOESN'T DO ANY RESTARTS, THAT NEEDS TO BE DONE MANUALLY.

Wrote something to walk though our switches and tell us what is attached where.

https://github.com/GoreNetwork/What-s-attached-to-switch-walk-though

Interface

IP of device in port

Guess what device type it is

DNS name

MAC address

FastEthernet3/0/36 172.16.16.6 Phone phone.fake_name.com 00:1B:4F:20:60:1C

View readme for more info

Just posted part 2 If anyone cares
http://packetpushers.net/intro-python-network-automation-part-2/

Mainly deals with ciscoconfparse

Did a class with Laura Chappell a couple weeks ago, I put up a few notes over at.

https://packetpushers.net/wireshark-notes/

Hey

I am looking to join the HTCIA.  I need 2 current members to vouch for me.  Anyone here a member that would be willing?

I put the program to build a map of the network's physical connectivtiy over at.

https://github.com/GoreNetwork/Map-the-network

you give it a file named "results.csv", that files guts look like [device_1,device2,interface_on_device_1,interface_on_device_2]
see README for more info.

I am not posting the file that walks the network and builds the results.csv yet.  I hope to post it eventually though.  Currently the program is to fiddly to be useful to anyone but me.  However it builds the physical connectivity and the OSPF neighborships currently.  Gonna start working on EIGRP, and BGP today I think. :-)

Then it's just a matter of getting it working so anyone can use it, and getting better icons in yEd (currently it's little yellow boxes rather than routers/switches/APs.)

See that1guy15 in action with Kirk Byers and others 

http://thenetworkcollective.com/2017/08/ep10-grassroots-automation/

If you have missed it the Oculus Rift+Oculus Touch is on sale for ~$400.  I am afraid that this is a last ditch effort to save it... but not so scared that I didn't buy one.  The vive looks better, but $400 vs $800 seems worth it to me.

Alot of packet pushers stuff has a tendency to be on speculation type stuff, or on things that are super specific. and thus not as interesting as it might be, but this AWS podcast is very good. If you think you might ever want to do AWS stuff I highly recommend listening before you start.  Even if you aren't planning to do it the concepts are quite cool.  I am ~30% though and listening to it I kinda wish real networking was more AWS like.

http://packetpushers.net/podcast/podcasts/datanauts-090-aws-networking-deep-dive/

Wrote another blog for packetpushers
http://packetpushers.net/intro-python-network-automation/

For those that are interested I built a python CDP parser over on https://github.com/GoreNetwork/CDP-parser/tree/master

Give it a text file with the output from "show cdp entry *" from a Cisco IOS device and it will give you a list of dictionaries one dict for each device in this format

Code Select Expand


{'capabilities': 'Router Switch IGMP ',
'local_int': 'GigabitEthernet1/3',
'platform': 'cisco WS-C6509-E',
'remote_id': 'bob.GoreNetwork',
'remote_int': 'GigabitEthernet2/6',
'remote_ip': '10.0.0.1',
'version': 'Cisco IOS Software, s72033_rp Software '
            '(s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH5, RELEASE '
            'SOFTWARE (fc1)'},

Hey

I made a very basic (still being developed) web front end for python scripts.  It's over on github at https://github.com/GoreNetwork/Web-Front-End-Windows

Figuring out how stuff bounces around is kinda annoying and I think my readme is hard to follow, if you are interested and have issues or questions just holler. 

Still trying to figure out how to make it https.