Network Automation Task using Ansible

Task Overview

This Task automates the configuration of Cisco and Juniper network devices using Ansible. It ensures consistency, eliminates manual errors, and simplifies managing VLANs, ACLs, and routing protocols such as OSPF and BGP.

Key Objectives

• Automate the configuration of network devices.
• Manage VLANs, ACLs, and routing protocols centrally.
• Use Ansible playbooks to enforce policies consistently.
• Implement network device backups before applying changes.
• Validate configuration changes using Ansible facts.

Technology Stack

• Ansible (for automation)
• Python (for custom scripts)
• Cisco IOS & Junos (network devices)
• GNS3/EVE-NG (for lab testing)
• GitHub/GitLab (for version control)
• Jenkins (for CI/CD automation in network changes)
• Prometheus & Grafana (for monitoring)

Project Architecture

+--------------------+
|    Network Admin  |
+--------------------+
         |
         v
+--------------------+
|   Ansible Tower    |  (Automation and Scheduling)
+--------------------+
         |
         v
+--------------------+
|    Network Devices |  (Cisco Switches, Juniper Routers)
+--------------------+
         |
         v
+--------------------+
| Monitoring System  |  (Prometheus & Grafana)
+--------------------+
    

Project Implementation Steps

1. Setup Ansible Environment

1. Install Ansible on the control node:

sudo apt update && sudo apt install ansible -y

2. Install network modules:

ansible-galaxy collection install cisco.ios juniper.junos

3. Create an inventory file (inventory.yml) with network devices:

all:
  hosts:
    cisco_switch:
      ansible_host: 192.168.1.1
      ansible_user: admin
      ansible_password: password
      ansible_network_os: cisco.ios
    juniper_router:
      ansible_host: 192.168.1.2
      ansible_user: admin
      ansible_password: password
      ansible_network_os: juniper.junos

2. Automating VLAN Configuration

Create an Ansible playbook (vlan_config.yml) to configure VLANs.

- name: Configure VLANs on Cisco Switch
  hosts: cisco_switch
  gather_facts: no
  tasks:
    - name: Create VLANs
      cisco.ios.ios_config:
        lines:
          - vlan 10
          - name HR_VLAN
          - vlan 20
          - name FINANCE_VLAN
        save_when: changed

Run the playbook:

ansible-playbook vlan_config.yml

3. Automating ACL Configuration

Create an Ansible playbook (acl_config.yml) to apply ACLs.

- name: Configure ACL on Cisco Switch
  hosts: cisco_switch
  gather_facts: no
  tasks:
    - name: Apply ACL for security
      cisco.ios.ios_config:
        lines:
          - ip access-list standard BLOCK_SSH
          - deny tcp any any eq 22
          - permit ip any any
        save_when: changed

Run the playbook:

ansible-playbook acl_config.yml

4. Automating Routing Protocol Configuration

OSPF for Cisco

Create a playbook (ospf_config.yml) for OSPF on Cisco devices.

- name: Configure OSPF Routing
  hosts: cisco_switch
  gather_facts: no
  tasks:
    - name: Configure OSPF
      cisco.ios.ios_config:
        lines:
          - router ospf 1
          - network 192.168.1.0 0.0.0.255 area 0
        save_when: changed

Run:

ansible-playbook ospf_config.yml

BGP for Juniper

Create a playbook (bgp_config.yml) for BGP on Juniper devices.

- name: Configure BGP on Juniper
  hosts: juniper_router
  gather_facts: no
  tasks:
    - name: Configure BGP
      juniper.junos.junos_config:
        lines:
          - set protocols bgp group EXTERNAL neighbor 192.168.2.1 peer-as 65000
          - set protocols bgp group EXTERNAL neighbor 192.168.2.1 export EXPORT_POLICY
        save_when: changed

Run:

ansible-playbook bgp_config.yml

5. Automating Backup of Network Configurations

Create a playbook (backup_config.yml) to backup configurations before changes.

- name: Backup Cisco Config
  hosts: cisco_switch
  tasks:
    - name: Save Running Config
      cisco.ios.ios_command:
        commands: show running-config
      register: config_output

    - name: Save Config to Local File
      copy:
        content: "{{ config_output.stdout[0] }}"
        dest: "backups/cisco_running_config_{{ ansible_date_time.date }}.txt"

Run:

ansible-playbook backup_config.yml

6. Continuous Integration with Jenkins

1. Install Jenkins Plugins:
• Ansible
• Pipeline
• Git
2. Create a Jenkins Pipeline Job
• Fetch the Ansible playbooks from GitHub
• Run `ansible-playbook` commands
• Monitor logs for failed configurations

7. Monitoring and Alerts

1. Install Prometheus and Grafana for monitoring
2. Set up SNMP polling on network devices
3. Create Grafana dashboards to visualize network health

Project Outcome

• Automated Network Configuration: No manual configurations, reducing errors.
• Consistent Policies: VLANs, ACLs, and Routing are configured uniformly.
• Scalability: Easily manage hundreds of devices using Ansible.
• Backup & Restore: Ensures quick rollback in case of misconfigurations.
• CI/CD for Networking: Jenkins automates and validates changes before deployment.

Future Enhancements

• Enable Zero-Touch Provisioning (ZTP) for new network devices.
• Use Ansible Tower for role-based access and scheduling.
• Integrate with NetBox (IPAM/DCIM) for dynamic inventory.

Conclusion

This project provides a fully automated solution for managing Cisco and Juniper network devices using Ansible, ensuring consistency, security, and reliability.