In my previous blog, “Why Network Engineers Need to Know Programming” I explored the many reasons why network engineers are learning more about programming. That was the ‘why,” and in this blog we will cover “what” skills network engineers will need to know to successfully utilize automation and programmability in their everyday day work life.
They say skills pay the bills. Even so, it might seem daunting to conquer this emerging landscape. Regardless where your current employer or you are on this trajectory, now is the time to train. The following is not an exhaustive training plan but represents many of the essential skills required for efficient automation and programmability of your network.
1 – Application Programmable Interfaces (APIs)
- Documentation: Interact with APIs with traditional documentation or online with Swagger.
- Authentication: Basic Authentication, Base64, Bearer tokens, and Cookies to name a few.
- Uniform Resource Identifier (URI): Understand how to dissect the REST API URL with server, resource, and parameters such as filters.
- Create, Read, Update, Delete (CRUD): For example, these are the methods (GET, POST, PUT, PATCH, and DELETE) for running actions to/from REST APIs.
- Structured data: Machine readable definition files and serialized encoded data (i.e., XML, JSON, YAML).
- Tools: Some examples include Postman, CURL, and Python Requests to interact with REST APIs.
2 – Python Programming
- Strings: Learn methods, literals, and formatting of characters.
- List: The ability to read in or create and access an index of ordered items.
- Dictionaries: The ability to read in or create and access keys value pairs.
- Conditions: Learn the operators (Boolean, in, is, not etc.)
- Loops: Learn how to iterate on items with “for” or “while” until a condition is met.
- Functions: Don’t repeat yourself, use blocks of code to pass data parameters and return data results.
- Parsing: There is always a need to match text strings and convert to structured data for network automation scripts.
3 – Python Network Automation (Libraries and Frameworks)
- Jinja2 Templates: Simplifies creating configuration templates for network devices using dynamic expressions and access to variables.
- Paramiko: Manages remote SSH access to network devices.
- Netmiko: Simplify the execution of show and configuration commands and the retrieval of output data.
- NAPALM: (Network Automation and Programmability Abstraction Layer with Multivendor support) is a Python library that simplifies config backups, and rollbacks.
- Nornir: Provides inventories similar to Ansible while supporting Netmiko, Napalm, Netconf, and other Python frameworks.
- Software Development Kit (SDK): Cisco Software Defined Controllers (DNAC, Meraki, ACI etc.) provide a Python SDK as an easy to use wrapper around the REST APIs with methods.
4 – Ansible
Red Hat’s Ansible is an open-source configuration management tool for managing all aspects of infrastructure and applications.
- Inventories: Learn how to target groups and lists of hosts to run playbooks against.
- Playbooks: Written in YAML these scripts make it very human readable to run automated tasks.
- Modules: Up until version 2.10, Python scripts are installed with Ansible releases. At playbook runtime the modules return information to the ansible engine by printing a JSON string to stdout before exiting.
- Collections: The new method in version 2.10 for developing and contributing modules. Collections can be released independently of Ansible, at whatever release cycle/cadence the collection maintainer prefers.
- AWX/Tower: At some point it becomes necessary to manage multiple playbooks in a workflow with various guardrails, triggers, and governance.
5 – Other Scripting Tools to Consider
- Terraform: Uses configuration files to describe the desired state of the infrastructure.
- Puppet: Based on a pull model, devices use agents to learn the desired state from the centralized Manifest files
- YANG/NETCONF/RESTCONF: A data modeling method for programmability that works with many other tools and frameworks.
6 – Version Control
Version Control is a system that records changes to a file or set of files over time so that you can recall specific versions later.
- Network as Code: Configuration files (XML, JSON, etc), templates, scripts are version controlled committed to a repository.
- GIT: a distributed version-controlsystem for tracking changes in “network” code during development and deployment.
7 – Single Source of Truth
Single Source of Truth is a mechanism to validate the state of a device configuration
- CODE: identify and reconcile DIFFs in version-controlled configuration files with current device configurations.
- Databases: scripts can reconcile configuration state from database sources
- Off the shelf: Solutions such as NetBox provide an API to SSOT data.
8 – NetDevOps
Automating and Testing Changes to the network using Continuous Integration Continuous Delivery (CICD) pipelines
- Automation Tools: (i.e., Gitlab, Jenkins, Travi,s etc)
- Testing Tools: (pylint, pytest, Ansible Lint, etc.)
9 – pyATS Framework
An open framework of Cisco Python testcases and parsers to automate testing the state of lower level device services. (routing tables, ARP, MAC tables, interfaces, etc)
- Testbed: inventory of devices to test with pyATS.
- Job: Python script to orchestrate running test cases in a specific order.
- Parser: convert standard output from device into structured data (dictionary).
- Learn: A high level model that uses multiple parsers to learn device features (ospf, bgp, interfaces etc.) from devices and save the state as files.
- Diff: Compare baseline files to post change files.
10 – Cisco Orchestration
Low Code alternatives to manage workflows and configuration state of infrastructure devices.
- Cisco Action Orchestrator: Manage Multi-Domain workflows across many tools (Python, Ansible, Terraform, etc.) and many different solution APIs (SD-WAN, DNAC, ACI, AWS, etc)
- Cisco Network Services Orchestrator (NSO): Creates a data model for devices and services with a database for operational state. NSO is accessed from an easy to use API for managing several actions (check synch, synch-from, synch-to, and rollback).
Again, this blog post isn’t intended to cover an exhaustive list of skills but hopefully it maneuvers you through the landscape of skills with more focus. More importantly, I suggest you focus on learning the skills that will effectively automate and test your network. As always, don’t do this alone! Cisco offers services supporting orchestration solutions such as NSO and Action Orchestrator provide layers of abstraction and low code workflows to make operationalizing automation much simpler. Also Skyline ATS is uniquely qualified to train you on the new DevNet curriculum with a certification path to mastering these skills.
Python and Web Services Training for Network Engineers
Cisco NSO Essentials for Programmers and Network Architects (NSO201)