Helpful Tools for Network Automation: A Practical Cheat Sheet

pDamascenopDamasceno
4 min read

Table of contents

Hey there! Today we will be building a cheat sheet to facilitate using some very helpful tools for network automation. This helps us get some fast information on network devices and verify the information and formats beforehand and while debugging when scripting. Let's get to it.

Overview of Tools

The following tools are essential for network automation, covering SSH, SNMP, and YANG-based protocols:

  • SSH: For secure command-line access and NETCONF operations.

    • NAPALM: A Python library for multi-vendor network automation.

    • Netmiko

  • SNMP: For monitoring and managing network devices.

    • NET-SNMP: A suite of tools for SNMP operations.

  • YANG-based:

    • Cisco YANG Suite: A tool for exploring and testing YANG models.

    • GNMIc/Pygnmi: Tools for gNMI protocol interactions.

    • SSH (NETCONF): For YANG-based device management via NETCONF.

NAPALM

NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) simplifies network device management through a unified API. It can be used via CLI or integrated into Python scripts.

Installation

Install NAPALM using pip:

pip3 install napalm

Reference

  • NAPALM Documentation

Usage

Run NAPALM from the CLI to interact with devices:

napalm --user <username> --password <password> --vendor <driver> <ip_address> call <getter>

Example: get_facts

Retrieve device facts such as hostname, model, and OS version:

napalm --user admin --password admin --vendor ios 192.168.1.1 call get_facts

Example Output:

Result

GNMIc

GNMIc is a powerful CLI tool for interacting with network devices via the gNMI (gRPC Network Management Interface) protocol, ideal for telemetry and configuration.

Installation

Install GNMIc using the provided installation script:

bash -c "$(curl -sL https://get-gnmic.kmrd.dev)"

Reference

Common Commands

CAPABILITIES

Check the gNMI capabilities of a device:

gnmic -a <ip:port> --username <user> --password <password> --insecure capabilities

Example:

gnmic -a 10.80.255.30:6030 -u admin -p admin --insecure capabilities

GET

Retrieve a snapshot of device data using a specific path:

gnmic -a <ip:port> --username <user> --password <password> --insecure get --path "/components/component/state/temperature"

SET

Modify device state (refer to GNMIc Set Documentation):

gnmic -a <ip:port> --username <user> --password <password> --insecure set --update-path "/interfaces/interface[name=Management1]/config/description" --update-value "Updated via gNMI"

SUBSCRIBE

Subscribe to real-time telemetry data:

gnmic -a <ip:port> --username <user> --password <password> --insecure subscribe --path "/interfaces/interface[name=Management1]/state/counters"

GNMI Prompt

Start an interactive session with preconfigured credentials:

gnmic --insecure --username admin --password admin --address <ip

NET-SNMP

NET-SNMP is a suite for interacting with SNMP-enabled devices, providing tools to query and manage network statistics.

Installation

Follow the official guide for installation:

Common SNMP OIDs

Key OIDs for interface statistics (MIB-II, RFC 1213):

OID NameOID ValueDescription
ifInOctets.1.3.6.1.2.1.2.2.1.10Bytes received on an interface
ifOutOctets.1.3.6.1.2.1.2.2.1.16Bytes sent on an interface
ifInErrors.1.3.6.1.2.1.2.2.1.14Inbound errors
ifOutErrors.1.3.6.1.2.1.2.2.1.20Outbound errors

Querying Interface Statistics

Query SNMP-enabled devices (e.g., IP 192.168.1.1, community string public). Replace IF_INDEX with the interface index (discoverable via ifDescr).

Example (SNMPv2c):

snmpget -v2c -c public 192.168.1.1 .1.3.6.1.2.1.2.2.1.10.IF_INDEX .1.3.6.1.2.1.2.2.1.16.IF_INDEX
snmpget -v2c -c public 192.168.1.1 SNMPv2-MIB::sysUpTime.0 # SYS UPTIME
snmpbulkwalk -v2c -c public 192.168.1.1 .1.0.8802.1.1.2.1.4.1.1.9 #LLDP NEIGHORS

Example (SNMPv3):

Retrieve system name with SNMPv3:

snmpget -v3 -u USERNAME -a SHA -x AES -l authPriv -A AUTHPASS -X PRIVPASS 192.168.1.1 .1.3.6.1.2.1.1.5.0

Cisco YANG Suite

YANG Suite is a valuable tool for working with YANG-based models.

Installation

You can install Cisco YANG Suite either via Docker or pip. Check the GitHub Repository for instructions.

Running YANG Suite

Once installed, run the suite using:

yangsuite

Access the web interface to explore YANG models and execute operations.

SSH (NETCONF)

NETCONF over SSH enables YANG-based device management. It’s useful for retrieving schemas and performing operations.

Starting a NETCONF Session

Initiate a NETCONF session (default port 830):

ssh -s <username>@<device-ip> -p 830 netconf

This opens an interactive session for NETCONF operations, such as retrieving YANG schemas or configuring devices.

Note: While NETCONF over SSH is supported, tools like NAPALM or GNMIc often provide more efficient workflows.

Conclusion

This cheat sheet consolidates essential tools for network automation, including NAPALM, GNMIc, NET-SNMP, Cisco YANG Suite, and NETCONF over SSH. These tools enable efficient device querying, configuration, and telemetry, streamlining network management tasks. Use this guide as a quick reference to enhance your automation workflows.

0
Subscribe to my newsletter

Read articles from pDamasceno directly inside your inbox. Subscribe to the newsletter, and don't miss out.

netconfgnminapalmyangnetsnmpen

Written by

pDamasceno
pDamasceno