Network automation is no longer reserved for the most cutting-edge network administrators. Time-tested programming languages and modern software development tools have become standard operating procedure for many network operations teams.
Instead of configuring and managing network devices one at a time, network admins now apply automation practices to make operations more efficient, agile and less error-prone. Three of the most common network automation use cases that have emerged in the last few years are device provisioning, information gathering and configuration compliance validation.
Make changes to many devices at once
Device provisioning refers to making configuration changes to network devices. This could mean changing an IP address of a firewall's interface or adding Border Gateway Protocol configuration to a newly deployed WAN router.
However, when provisioning devices, the true benefit of network automation is making the same change to many devices at once. For a human to make small network changes over and over on device after device is quite tedious, highly inefficient and very error-prone.
For example, to deploy 802.1x authentication on a wired network, every access switch must have the global 802.1x configuration and individual interface configurations. Even a small network of 100 access switches could require the manual configuration of nearly 5,000 ports. When deploying 802.1x authentication to a larger wired network, the speed of deployment, accuracy and efficiency all decline very quickly.
To take advantage of network automation use cases, a network engineer could use homegrown Python scripts, Ansible playbooks or a proprietary automation platform. In any case, scripting repetitive tasks, maintaining device inventory files and incorporating a continuous delivery workflow will increase the speed of configuration deployment, accuracy and overall network operations efficiency.
Reduce processing pressure
Collecting information from devices -- such as interface statistics, link up and down events or switch stack failures -- has traditionally been done with Simple Network Management Protocol (SNMP) and screen scraping. These methods, however, have not scaled alongside the increase in network size and complexity.
For example, SNMP polling in large networks is highly inefficient in part because of how SNMP device agents, or network devices, communicate with polling stations, or network management systems. Gathering ephemeral data, such as interface statistics, requires the polling station to request information from a device multiple times to collect the specific information the network admin is interested in. This places a processing burden on the router or switch, which might seem trivial in smaller networks, but can be burdensome in large networks with busy devices.
This method allows network devices to run policies through which they send specific information in single packets to specific destinations much more efficiently and with less burden on network resources than legacy means.
Confirm configuration correctness
Validating configuration compliance to regulatory bodies and validating new configuration correctness prior to deployment is extremely important to a network operations team tasked with providing network security maximum uptime. However, these tasks are extremely tedious to do manually and are often skipped altogether.
How can a network engineer guarantee that the new configuration being pushed to all the WAN routers is correct? How can a network engineer guarantee that all the configuration already in the production network is correct?
Logging into each device one at a time can take an unacceptable amount of time and could rely on a team of error-prone network operations staff. Though well intentioned, a group of network administrators logging into hundreds if not thousands of devices to run various show commands will inevitably miss a device or misread an output.
Ansible playbooks running workflows that call on Python scripts can be used to programmatically retrieve real-time information from large groups of devices at once. In this way, a network admin can determine quickly if a specific configuration exists in all devices in an inventory file or that large groups of devices are working in the correct operational state.
For example, a regulatory body may require that all Enhanced Interior Gateway Routing Protocol adjacencies are protected with a password. In a larger network with 1,800 routers, this could take weeks and would likely produce unreliable results. Using even the simplest homegrown network automation methods can achieve reliable results in a tiny fraction of the time.
Pre-deployment checks have normally been done by a simple network admin peer review. However, this relies on the expertise, attitude and work ethic of those in the change advisory board. A model-based approach programmatically checks configuration syntax for correctness and, in very advanced automation practices, can even determine all the possible outcomes of deploying the configuration.
In this use case, network automation provides an incredible improvement to the accuracy of configuration before it hits devices or that already exists in the network -- neither of which are realistic with a perfunctory peer review.
Keeping pace with complex networks
Network automation does not eliminate the human factor from network operations. Someone still needs to write scripts and create workflows.
However, network automation use cases -- from their simplest form to the most complex workflows and proprietary platforms -- can still dramatically improve the efficiency, accuracy and agility of a network operations team struggling to keep pace with the growth, changes and validation of today's complex networks.