kentoh - Fotolia

Tip

12 network automation ideas to implement in your network

What's your path to network automation? Here are 12 automation ideas that span different levels of expertise to help network teams get comfortable with network automation.

When network teams first start to use network automation, they should keep the tasks simple, low risk and quickly implementable. This means the tasks probably shouldn't make network changes.

The ideal starter project helps the operations team, who judge your work. Get operations on board with automation because they'll use the tools and can provide ideas for more projects. As you gain more experience, begin to implement more advanced automation tasks within your network.

This article outlines various network automation use cases, categorized from entry-level to advanced.

Entry-level network automation ideas

The four ideas below are easier tasks network teams can tackle to get started with automation.

1. Device locator

Find where a device is connected to the network from its name, IP address or MAC address. This is a common operational task, particularly when a firewall reports malware on an endpoint and you need to find it.

You might want to break this task into several steps. First, use the device name to find the device's IP address. Next, identify the subnet, and map the IP address to a MAC address. Finally, find the switch port where that device is connected.

2. Application connectivity check

Check the path between an endpoint and a specific application server, which might be load-balanced. Start with simple checks -- like pings -- that originate from both the endpoint and the server, or as close to each as you can get. Doing these checks manually is time-consuming, so create an automation task that can quickly run the tests and streamline results you can easily read.

3. Network infrastructure peer connectivity

Verify that each network infrastructure device -- router, switch, load balancer, firewall, etc. -- is properly connected to its neighbors. This task requires a small database -- use a file to keep it simple -- that identifies each neighboring network device and the interfaces that connect them to each other.

This task finds places where connectivity has failed, outages have occurred or connections were made to the wrong interfaces. Start with important interfaces, like EtherChannel groups, and then include router-to-switch and switch-to-switch links.

4. Network configuration checks

Use network automation for configuration management to identify discrepancies between network configurations and your configuration templates. Start by comparing simple configuration snippets, such as Network Time Protocol, Simple Network Management Protocol and admin logins. You can then advance to more complex configurations, such as Border Gateway Protocol (BGP). This automation should report only on discrepancies and not make any remediations.

Diagram showing steps on how to start with network automation

Intermediate network automation ideas

As you gain more experience and early success, the automation tasks can become more complex. At an intermediate level, you should understand basic software development principles, like modular design. You can also start to use APIs to gather data from vendor databases.

Here are four intermediate ideas for network automation.

1. Verify BGP connectivity

Verify that your external routers are peering with the desired external routers and that they are sending and receiving the correct set of routes. Then, consider extending the task to query looking-glass sites to verify that your network prefix is correctly advertised to the internet.

2. Automate password resets

Resetting passwords is a tedious but important task. Improve the process by verifying that new passwords conform to your organization's password standards. If you can, implement a two-factor authentication mechanism, closely validate user input and store passwords only in a protected identity repository.

3. Network inventory

Identify devices and collect model numbers, serial numbers and OS versions. Use vendor APIs and device details to do the following:

  • Look up security alerts and end-of-life information.
  • Provide reports on devices that are at end of support.
  • Validate the devices on maintenance contracts.

The OS version report can help standardize the OSes across the network, which reduces bugs and security vulnerabilities.

4. Network virtualization

Automate the configuration of whatever you use for network virtualization, such as virtual LAN, Virtual Extensible LAN or MPLS. You'll be pushing configuration updates, so take time to design and build a test environment where you can perform testing and validation on automation workflows.

Advanced network automation ideas

Perhaps you want to take on more complex automation tasks to update complex device configurations and reduce repetitive errors. Below are four advanced ideas you can implement within your network.

1. Firewall rule migration

Ease the process of switching firewall vendors by creating automation tasks that convert firewall rules from one vendor's format to another format. This is an opportunity to revisit security policies and rule sets and identify outdated rules that can be removed.

This task should identify the location of the IP addresses in the rules and verify whether the rules apply to the firewall configuration that is being converted. You might be surprised at the number of rules you can eliminate because they no longer apply.

2. Automate access control list updates

ACLs -- i.e., firewall rules -- can be challenging to maintain. Teams can frequently forget the origin of the rules, and no one wants to remove a rule for fear of breaking something. This automation project creates a database in which to store the ACL policy definitions -- i.e., why each policy exists and the criteria for changing or deleting it -- and the ACL rules. When a policy is changed or deleted, the automation process updates or removes the resulting ACL rules.

3. Data center pod provisioning

With a few parameters, you can create and install the configurations for all networking equipment within a data center pod.

4. Source of truth-driven automation

With this automation task, a single source of truth database is used to drive network automation. The source of truth defines network configuration intent and is the idea behind intent-based networking.

Making it happen

The network automation ideas above should be enough for network pros to learn and develop basic automation skills and familiarity with the following:

  • Software version control, such as Git.
  • Scripting languages, such as Python.
  • Automation languages, such as Ansible with Jinja2.

You might choose different implementations, perhaps using Salt or Napalm instead of Ansible, or Ruby instead of Python.

Each automation task you choose should have some easily identifiable criteria that determine when you accomplished the task and should move on to another task. Once the current project reaches its goal, move on to the next one. Otherwise, the project might take on a life of its own and consume more time than it saves. Note that automation might have other benefits that outweigh its creation time, such as situations when the speed of execution and accuracy are critical.

You don't have to take the automation journey alone. Many people have been successful with automation and have created courses that structure what you need to know. For example, the following courses provide good guidance:

Alternatives to software development

Network teams have alternatives to getting involved in software development projects. Many network automation vendors have done a lot of the development work, so customers mainly need to provide the device configurations.

If you're interested in software but want someone else to build it, some companies offer automation services. Finally, network vendors have automation staff members who can provide references to companies that match your requirements. Vendors are building their own automation tools and platforms, too, so don't overlook them.

Regardless of your approach, it's important to get started with network automation.

Editor's note: This article was originally written by Terry Slattery and updated by TechTarget editors to improve the reader experience.

Terry Slattery is an independent consultant who specializes in network management and network automation. He founded Netcordia and invented NetMRI, a network analysis appliance that provides visibility into the issues and complexity of modern router- and switch-based IP networks.

Next Steps

Phases to build a network automation architecture

Using microservices and containers in network automation

Best practices for secure network automation workflows

Dig Deeper on Network management and monitoring