Posts

In this post we will talk about primarily three components that will work together to get structured data out of the command line of a Cisco device. The three pieces are:

• Ansible Network Engine
• Google’s TextFSM
• Network to Code Templates

Why this Post? #

I’m writing this post because I was initially hesitant to start using the Ansible role originally when I was doing everything pretty well with the generic modules that come available with Ansible. I was challenged to migrate a Python script that was using TextFSM and Netmiko to be in Ansible. So I was originally aware of Ansible Network Engine, but had not done anything with it. So what better time than to put it to practice than when it is needed.

This is a post that I’m going to review some of the differences between the ios_config module and the new cli_config module within Ansible networking. I became interested in the module after a recent discussion between the two. I have decided to take a look at the differences between the two.

This is not an under the hood look at the modules. This has already been covered very well (and with better graphics than I can produce) here at the Ansible Blog look for “cli_command and cli_config” with your browser find function.

You have decided to move forward with using/trying Ansible. You can now connect to a device and get a green success that you get a hello world like command such as show hostname or show inventory and get the GREEN success on Ansible. Now what. You may want to see the output of the command that you sent and got information back. This is your post on getting started.

This is the process that I typically go through when developing a playbook for use. Let’s say this is a playbook that you wish to just get show information out of the device, say investigating if there are any configurations that are applied that would be part of a CVE bug, or just operational status.

Discontiguous masks are something that is going to be somewhat historic within the network design toolbox. It is basically a methodology of looking at particular bits of a network/host definition. The big thing to recall is that as a packet crosses a network device it does so within a packet. The packet is nothing more than a stream of bits. Within the packet header there are bits that define the source network address and the destination network address. This is where discontiguous masks come into play. With a system that can leverage discontiguous masks, you can access information about any part of the network bits, not just starting reading and then stopping (or vice versa) when you look at a bit boundry masking only.

In a recent podcast there was some discussion that it sounded like the term Micro Segmentation was being used where it was really traditional segmentation. So I thought I would put out a few thoughts on this front.

What is Segmnentation in Networking #

Segmentation is a methodology to create separatet zones of sorts of various traffic types. Various places you may want to do this is within a campus environment to separate students from faculty, or engineering from finance. The list of examples goes on and on. Go to a basic reading of VLANs and you will get the idea of what segmentation is. Once you have VLANs, really segmentation then builds upon this and allows policy to be applied. This policy can be whether or not hosts should be able to talk to each other, or various traffic treatments (QoS). This is something that is well covered already and I do not wish to cover more.

Life always gets busy. That is one thing that you always hear about. I am definitely in that boat as well that things are getting busy. With this in mind, I have never felt better about my ability to learn new things in the field. I do a few things that I feel are probably unique that I should share.

The first opportunity that has never been more capable of doing is to listen to podcasts. The commuting time to/from work is a tremendous opportunity. I leverage three podcasts as my primary learning mechanism these days.

Why this post? Because I decided to change the style of how I was hosting my blog. Before I had decided to just host the blog on something that was easy to get to and update. I could have kept on blogging there, but I found making blog posts a little bit more difficult than what I wanted to. I also wanted to learn some of the new ways of doing things within networking technologies.

At DevNet Create 2018 there is a video that was put together related to CI/CD in the NetDevOps world. This is something that is very exciting to see that there has been time put in to putting that together. The video can be seen here:

DevNet Create Video
Pete Lumbis CI/CD Info

With tools such as VIRL, EveNG, and GNS3, there should be a methodology to be able to put a network together to do testing. I have not yet put together the full pipeline, but is something that I’m very interested in getting built some day.

One of the more interesting features that I have just come across within the Ansible automation world is that of the block. I find this very helpful for both error handling, and also grouping tasks into logical separation.

Ansible Official Link #

Ansible Docs: Block

Blocks allow for logical grouping of tasks and in play error handling. Most of what you can apply to a single task can be applied at the block level, which also makes it much easier to set data or directives common to the tasks. This does not mean the directive affects the block itself, but is inherited by the tasks enclosed by a block. i.e. a when will be applied to the tasks, not the block itself.