Netmiko, Ansible, Nornir, Napalm or Plain Python?

What library do you need to use? There are a handful of libraries out there that do network related stuff. Let's review them.

Ansible maybe is the most famous one. Ansible started as an automated framework for configuring servers, like installing and configuring web servers, databases etc. The network modules were added later. There are plenty of modules that you can find.

Follow the below link for the Ansible Modules:

https://docs.ansible.com/ansible/2.9/modules/list_of_network_modules.html

If you want to do something you have to use a module. If there are no modules that do what you want, you have to write your own, which you have to write in a specific way, because modules have to abide by certain principles like idempotency. In addition in order to execute them, you have to write playbooks written in YAML. Because it always reads first the existing configuration, then executes a command, it can be slow. Personally, it is not my favourite way of doing things.

Napalm is a library that abstracts a lot of the underlying stuff and gives you an abstraction interface that you can use on all devices, e.g get_facts. “NAPALM tries to provide a common interface and mechanisms to push configuration and retrieve state data from network devices.” 

Supported Network Operating Systems:

  • Arista EOS
  • Cisco IOS
  • Cisco IOS-XR
  • Cisco NX-OS
  • Juniper JunOS

Again you rely on the functionality that is provided. If your network is a mix of the above devices, maybe it is a good choice. Personally, I want more control as I often want to get data not provided on the basic commands.

Nornir is a python library that can be used on top of other libraries like netmiko, napalm etc and provides multi-threading performance without you doing anything. It is a well-written library and definitely is an option. It requires an inventory that is a list in yaml with your network elements and their groups. You then create some tasks that you can run on a specific group or on all the hosts. Finally, you print the results on the screen.

Netmiko is a low-level python library that is based on paramiko for ssh. It provides basic functionality like running exec or config commands. It does not provide multi-threading or does not use an inventory list or anything else. You have to create these yourself. There is a learning curve if you are completely new, but running things with threads is not that difficult, and there are many examples. This is my favourite and what I use daily. The best thing is that you can customize the things exactly like you want. Recently I had to run “sh int transceiver detail” on NXOS routers and show only the interfaces that had errors. With the above frameworks you could run this command, but parsing the output would be harder. Of course, you need to know regular expressions if you want to do some clever parsing. I have used it to configure or run exec commands on hundreds of routers concurrently and I never had any problems.

There is also a library called pyATS/Genie by Cisco. 

https://developer.cisco.com/docs/pyats/ It started as a testing framework internally by Cisco. " Originally developed for internal Cisco engineering use, pyATS is at the core of Cisco’s Test Automation Solution. It’s currently used: as the de-facto test framework for internal Cisco engineers across different platform/functions, running millions of CI/CD, sanity, regression, scale, HA, solution… tests on a monthly basis." I haven’t used it yet, but it works the same way with some others. It reads the configuration file and parses the results and you can also compare two configs to see what has changed. You don’t have to write a line of code. If you want to get started watch some videos on youtube by Hank Preston.

If you don’t know any python, I think you can start with pyATS or Ansible or napalm. If you know, you can start with netmiko or nornir. I think Netmiko gives you the maximum flexibility with nornir second and ansible, pyATS and napalm third.

Just a word of caution. These are just automation tools. They don’t configure your network for you. You still need to know what commands to execute, in what order, what will happen if you run this command or the other. And because you can run it in many nodes simultaneously, you have to be extra careful.

What do you think?