Home » Network Automation: Ansible, Terraform, Netmiko, NAPALM, YANG Models และ GitOps for Networking
Network Automation: Ansible, Terraform, Netmiko, NAPALM, YANG Models และ GitOps for Networking
Network Automation: Ansible, Terraform, Netmiko, NAPALM, YANG Models และ GitOps for Networking
Network Automation ใช้ tools และ frameworks เพื่อ automate network configuration, deployment และ management Ansible เป็น agentless automation tool, Terraform จัดการ infrastructure as code, Netmiko เป็น Python library สำหรับ SSH to devices, NAPALM ให้ vendor-agnostic API, YANG Models กำหนด data models สำหรับ network config และ GitOps ใช้ Git เป็น single source of truth สำหรับ network state
Network engineers ส่วนใหญ่ ยัง configure ด้วยมือผ่าน CLI: copy-paste config ทีละ device, ผิดพลาดจาก typo, ใช้เวลาหลายชั่วโมงสำหรับ change window Network automation ลด human error 80%+, deploy changes ใน minutes แทน hours และ audit trail ผ่าน Git ทุก change ย้อนกลับได้ Facebook manage 10,000+ network devices ด้วย automation — ไม่มี manual CLI
Automation Tool Landscape
| Tool |
Type |
Language |
Best For |
| Ansible |
Configuration Management |
YAML (playbooks) |
Multi-vendor config push, agentless, declarative |
| Terraform |
Infrastructure as Code |
HCL |
Cloud networking (VPC, TGW, firewall rules), state management |
| Netmiko |
SSH Library |
Python |
Quick scripts, CLI automation, multi-vendor SSH |
| NAPALM |
Abstraction Library |
Python |
Vendor-agnostic get/set config, diff, rollback |
| Nornir |
Automation Framework |
Python |
Python-native alternative to Ansible (more flexible) |
| Batfish |
Network Verification |
Java/Python |
Pre-deployment validation, compliance checking |
Ansible for Networking
| Feature |
รายละเอียด |
| Agentless |
ไม่ต้อง install agent บน network devices — ใช้ SSH หรือ NETCONF |
| Playbooks |
YAML files ที่ define desired state → Ansible push config to devices |
| Modules |
ios_config, nxos_config, eos_config, junos_config — vendor-specific modules |
| Collections |
cisco.ios, arista.eos, junipernetworks.junos — community-maintained modules |
| Inventory |
Define devices (hosts) + groups + variables → target specific devices/groups |
| Idempotent |
Run multiple times → same result (only push changes if needed) |
| AWX/Tower |
Web UI, RBAC, scheduling, audit trail → enterprise automation platform |
Terraform for Network
| Feature |
รายละเอียด |
| Infrastructure as Code |
Define network resources in HCL → terraform plan → terraform apply |
| State Management |
Terraform tracks current state → knows what to create/modify/delete |
| Providers |
AWS (VPC, TGW, SG), Azure (VNet, NSG), GCP, Palo Alto, Fortinet, Cisco ACI |
| Plan |
terraform plan → show what will change (dry run) before applying |
| Modules |
Reusable modules สำหรับ common patterns (VPC module, firewall module) |
| Remote State |
Store state in S3/Azure Blob → team collaboration + locking |
| Best For |
Cloud networking, firewall policies, DNS, CDN — anything with API |
Netmiko
| Feature |
รายละเอียด |
| คืออะไร |
Python library ที่ simplify SSH connections to network devices |
| Multi-Vendor |
Cisco IOS/NX-OS/ASA, Arista EOS, Juniper JunOS, HP, Linux, etc. |
| Operations |
send_command (show), send_config_set (config), save_config, enable |
| Output Parsing |
ใช้ร่วมกับ TextFSM หรือ Genie Parser → structured output จาก CLI |
| Use Case |
Quick automation scripts, bulk show commands, config backup, compliance audit |
| vs Ansible |
Netmiko = Python library (more control) | Ansible = framework (more structure) |
NAPALM
| Feature |
รายละเอียด |
| คืออะไร |
Network Automation and Programmability Abstraction Layer — vendor-agnostic Python library |
| Unified API |
get_facts(), get_interfaces(), get_bgp_neighbors() — same function, any vendor |
| Config Management |
load_merge_candidate(), load_replace_candidate(), compare_config(), commit_config() |
| Config Diff |
compare_config() → show exactly what will change before commit |
| Rollback |
rollback() → revert to previous config if something goes wrong |
| Supported |
Cisco IOS/NX-OS/IOS-XR, Arista EOS, Juniper JunOS, Palo Alto PAN-OS |
| Integration |
Works with Ansible (napalm module), Nornir, Salt |
YANG Models
| Feature |
รายละเอียด |
| คืออะไร |
Data modeling language สำหรับ define structure ของ network configuration/state |
| OpenConfig |
Vendor-neutral YANG models (Google-led) — same model works on Cisco, Arista, Juniper |
| IETF Models |
Standard models (RFC) — ietf-interfaces, ietf-routing, ietf-acl |
| Vendor Models |
Cisco-IOS-XR, Arista-specific — full feature coverage but vendor-locked |
| NETCONF |
XML-based protocol ที่ใช้ YANG models สำหรับ config/get (SSH transport) |
| RESTCONF |
REST API ที่ใช้ YANG models (HTTP/JSON) — simpler than NETCONF |
| gNMI |
gRPC-based protocol ที่ใช้ YANG paths สำหรับ telemetry + config |
GitOps for Networking
| Principle |
Application |
| Git as Source of Truth |
All network configs stored in Git repo — current desired state |
| Pull Request Workflow |
Change config → PR → review → approve → merge → auto-deploy |
| CI/CD Pipeline |
Merge triggers: lint → validate (Batfish) → deploy (Ansible/Terraform) → verify |
| Audit Trail |
Every change tracked in Git history — who, when, what, why (commit message) |
| Rollback |
git revert → redeploy previous config → instant rollback |
| Drift Detection |
Periodically compare Git config vs actual device config → alert on drift |
ทิ้งท้าย: Network Automation = Reliability, Speed, Scale
Network Automation Ansible: agentless, YAML playbooks, idempotent, multi-vendor modules, AWX for enterprise Terraform: IaC for cloud networking (VPC, TGW, firewall), state management, plan before apply Netmiko: Python SSH library, quick scripts, multi-vendor, TextFSM parsing NAPALM: vendor-agnostic API, config diff/commit/rollback, unified get_facts/get_interfaces YANG: data models (OpenConfig vendor-neutral, IETF standard, vendor-specific), NETCONF/RESTCONF/gNMI GitOps: Git as source of truth, PR workflow, CI/CD pipeline, audit trail, drift detection Key: start with Ansible (easy) → add Terraform (cloud) → adopt GitOps (workflow) → implement YANG/gNMI (modern)
อ่านเพิ่มเติมเกี่ยวกับ Network Monitoring SNMP NetFlow gNMI Telemetry และ Network Observability OpenTelemetry AIOps ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com
