Home » Network Automation with Python: Netmiko, NAPALM, Nornir, Ansible, Jinja2 Templates และ CI/CD Pipeline
Network Automation with Python: Netmiko, NAPALM, Nornir, Ansible, Jinja2 Templates และ CI/CD Pipeline
Network Automation with Python: Netmiko, NAPALM, Nornir, Ansible, Jinja2 Templates และ CI/CD Pipeline
Network Automation with Python เปลี่ยนวิธีจัดการ network จาก manual CLI เป็น programmatic Netmiko เชื่อมต่อ SSH/Telnet อัตโนมัติ, NAPALM ให้ vendor-agnostic API, Nornir เป็น automation framework ที่ยืดหยุ่น, Ansible ทำ configuration management แบบ agentless, Jinja2 Templates สร้าง config จาก templates และ CI/CD Pipeline ทำให้ network changes ผ่าน review + test ก่อน deploy
Network automation เป็น ทักษะที่จำเป็นที่สุดสำหรับ network engineers ยุคใหม่: จัดการ 10 devices ด้วยมือได้ แต่ 100-10,000 devices ไม่ได้ → automation ลดเวลาจาก hours เป็น seconds, ลด human error (80%+ ของ outages มาจาก manual config mistakes), ให้ consistency (ทุก device config เหมือนกัน), และ audit trail (ทุก change ถูกบันทึก) DevOps/NetOps: “Infrastructure as Code” สำหรับ networking
Netmiko
| Feature |
รายละเอียด |
| What |
Python library for SSH connections to network devices — simplifies Paramiko for networking |
| Supports |
Cisco IOS/IOS-XE/NX-OS, Arista EOS, Juniper Junos, Palo Alto, HP, and 50+ platforms |
| Key Functions |
send_command() — show commands | send_config_set() — config changes | enable() — privilege mode |
| Auto-Detect |
SSHDetect class auto-detects device type from SSH banner |
| TextFSM |
Parse unstructured CLI output into structured data (JSON/dict) using TextFSM templates |
| Best For |
Simple automation tasks, one-off scripts, quick device interaction |
NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support)
| Feature |
รายละเอียด |
| What |
Vendor-agnostic Python library — same API for Cisco, Juniper, Arista, etc. |
| Getters |
get_facts(), get_interfaces(), get_bgp_neighbors(), get_arp_table() — structured data |
| Config Management |
load_merge_candidate() / load_replace_candidate() → compare_config() → commit_config() |
| Rollback |
rollback() — revert to previous config if commit causes issues |
| Validation |
compliance_report() — verify device state matches desired state (YAML) |
| Best For |
Multi-vendor environments, config management, compliance checking |
Nornir
| Feature |
รายละเอียด |
| What |
Python automation framework — like Ansible but pure Python (no YAML, no DSL) |
| Inventory |
YAML or custom inventory — hosts, groups, defaults with inheritance |
| Plugins |
nornir_netmiko, nornir_napalm, nornir_scrapli — use existing tools as plugins |
| Concurrency |
Built-in multi-threading — run tasks on 100s of devices simultaneously |
| Filtering |
Filter inventory: nr.filter(platform=”ios”, site=”bangkok”) → run task on subset |
| Best For |
Complex automation workflows, Python-centric teams, custom logic needed |
Ansible for Networking
| Feature |
รายละเอียด |
| What |
Agentless automation — YAML playbooks, SSH-based, declarative |
| Network Modules |
ios_config, nxos_config, junos_config, eos_config — vendor-specific modules |
| Collections |
cisco.ios, arista.eos, junipernetworks.junos — modular, installable via ansible-galaxy |
| Idempotent |
Apply config only if different from desired state — safe to run repeatedly |
| Roles |
Reusable automation packages: base config, NTP, SNMP, ACL — share across projects |
| AWX/Tower |
Web UI for Ansible — scheduling, RBAC, audit logging, API |
| Best For |
Teams with mixed skills (YAML is easier than Python), standardized workflows |
Jinja2 Templates
| Feature |
รายละเอียด |
| What |
Template engine — generate device configs from templates + variables (data) |
| Variables |
{{ hostname }}, {{ mgmt_ip }}, {{ ntp_server }} — replaced with actual values |
| Conditionals |
{% if platform == “ios” %} … {% endif %} — different config per platform |
| Loops |
{% for vlan in vlans %} vlan {{ vlan.id }} name {{ vlan.name }} {% endfor %} |
| Data Sources |
YAML, JSON, CSV, database, NetBox API — separate data from logic |
| Benefit |
One template + data for 1,000 devices → consistent configs, easy updates |
CI/CD for Network
| Stage |
Action |
Tools |
| 1. Code |
Engineer writes config change in Git (Jinja2 template or Ansible playbook) |
Git, VS Code, GitHub/GitLab |
| 2. Review |
Pull request → peer review → approve change |
GitHub PR, GitLab MR, Gerrit |
| 3. Test |
Automated: lint YAML/Jinja2, syntax check, test in lab (Batfish, GNS3, CML) |
Batfish (config analysis), pyATS (Cisco test), pytest |
| 4. Stage |
Deploy to staging/lab network → verify with automated tests |
Jenkins, GitLab CI, GitHub Actions |
| 5. Deploy |
Approved change deployed to production via Ansible/Nornir |
Ansible Tower/AWX, Nornir, custom scripts |
| 6. Verify |
Post-change validation: ping tests, BGP neighbor check, interface status |
pyATS, NAPALM validation, custom checks |
| 7. Rollback |
If verification fails → automatic rollback to previous config |
NAPALM rollback, config archive, Git revert |
ทิ้งท้าย: Network Automation = Infrastructure as Code for Networking
Network Automation with Python Netmiko: SSH automation for 50+ platforms — send_command(), send_config_set(), TextFSM parsing NAPALM: vendor-agnostic API — getters (structured data), config management (load/compare/commit/rollback) Nornir: pure Python framework — multi-threaded, inventory filtering, plugin-based (netmiko/napalm) Ansible: YAML playbooks, agentless, idempotent, roles, AWX/Tower web UI — easiest for teams Jinja2: templates + data = consistent configs for 1,000+ devices — separate logic from data CI/CD: Git → PR review → automated test (Batfish/pyATS) → stage → deploy → verify → rollback if needed Key: automation reduces errors 80%+, scales to thousands of devices, and enables Infrastructure as Code for networks
อ่านเพิ่มเติมเกี่ยวกับ Network Programmability YANG NETCONF RESTCONF gNMI และ SD-WAN Architecture Overlay Underlay ZTP ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com
