WEBVTT 0:00:03.160000 --> 0:00:06.740000 Welcome to this video, which is called an overview of network automation 0:00:06.740000 --> 0:00:11.540000 tools. So for our CCNA boot camp series here, this will be our last topic 0:00:11.540000 --> 0:00:17.160000 under the umbrella of network programmability and automation. 0:00:17.160000 --> 0:00:28.020000 So I've mentioned already that these, that there are tools and we, in 0:00:28.020000 --> 0:00:31.260000 a previous video, I gave you just real quickly some names of them like 0:00:31.260000 --> 0:00:33.740000 Ansible, Chef, Puppet, Salt, Stack. 0:00:33.740000 --> 0:00:38.820000 And I said, the main goal of these tools is to be able to automate the 0:00:38.820000 --> 0:00:41.100000 configuration of your devices. 0:00:41.100000 --> 0:00:45.620000 They can also reach out to devices, see what their existing configuration 0:00:45.620000 --> 0:00:51.240000 is, and if their existing configuration does not match what we would consider 0:00:51.240000 --> 0:01:01.580000 a golden config, and a golden company, every switch should have VLANs 0:01:01.580000 --> 0:01:05.840000 one through five, every switch should be running rapid spanning tree. 0:01:05.840000 --> 0:01:08.620000 That's what we've decided is the best practice. 0:01:08.620000 --> 0:01:11.340000 Well network automation tool could reach out to all my switches. 0:01:11.340000 --> 0:01:15.800000 Maybe I would program it to do that like every day at 5 AM, retrieve the 0:01:15.800000 --> 0:01:20.700000 configuration, and see if the configuration has VLANs one through five, 0:01:20.700000 --> 0:01:22.440000 and if it's running rapid spanning tree. 0:01:22.440000 --> 0:01:26.280000 If it's not, that network automation tool could then be programmed to 0:01:26.280000 --> 0:01:30.560000 reach back into the switch that's not doing that and program it to do 0:01:30.560000 --> 0:01:34.980000 that. So the main idea here is that we're removing the dependencies of 0:01:34.980000 --> 0:01:37.420000 box by box CLI management. 0:01:37.420000 --> 0:01:40.440000 We don't want to have to log in to each switch each router one at a time 0:01:40.440000 --> 0:01:45.260000 like we've had to do for dozens of years and program them each independently. 0:01:45.260000 --> 0:01:49.960000 We want an automation tool to do that for us. 0:01:49.960000 --> 0:01:56.740000 Okay, so just going to give a real high level overview here of these configuration 0:01:56.740000 --> 0:01:58.500000 management tools. 0:01:58.500000 --> 0:02:02.560000 For the purposes of the CCNA exam, you should be able to recognize these 0:02:02.560000 --> 0:02:05.860000 names as being network automation tools. 0:02:05.860000 --> 0:02:08.300000 You should recognize that that's what their purpose is. 0:02:08.300000 --> 0:02:15.000000 Okay, so there are some similarities between these. 0:02:15.000000 --> 0:02:20.220000 Number one, all these tools require some sort of CLI or scripting knowledge. 0:02:20.220000 --> 0:02:22.600000 Oh my gosh, you mean I gotta learn scripting? 0:02:22.600000 --> 0:02:26.100000 Yes, unfortunately you do, at least if you're going to work with one of 0:02:26.100000 --> 0:02:31.240000 these puppies. So some of them are very similar to Cisco iOS. 0:02:31.240000 --> 0:02:35.340000 And a lot of times you can go on to websites and you can see example scripts 0:02:35.340000 --> 0:02:36.880000 that came with the tool. 0:02:36.880000 --> 0:02:39.100000 You can say, oh, I see how that was put together. 0:02:39.100000 --> 0:02:43.620000 So if I just erase that IP address there in the sample and put in my own 0:02:43.620000 --> 0:02:46.140000 IP address, I can get it to work. 0:02:46.140000 --> 0:02:48.100000 And yes, you absolutely could. 0:02:48.100000 --> 0:02:51.360000 Some are like totally out there and totally different. 0:02:51.360000 --> 0:02:55.040000 And they use scripting languages like Yamal and Ruby. 0:02:55.040000 --> 0:02:57.900000 I have no idea how that stuff works. 0:02:57.900000 --> 0:02:59.700000 Good luck to you if you do. 0:02:59.700000 --> 0:03:04.320000 Some of those tools also have a GUI component as well, which makes life 0:03:04.320000 --> 0:03:09.020000 useful. And you can use the GUI to schedule automated tasks, manually 0:03:09.020000 --> 0:03:12.640000 instantiate events. 0:03:12.640000 --> 0:03:19.540000 And typically the associated GUI, if there is one, will reference that 0:03:19.540000 --> 0:03:24.760000 script that you created with Yamal or Ruby or something along those natures. 0:03:24.760000 --> 0:03:33.060000 Okay, so here's some differences between these tools. 0:03:33.060000 --> 0:03:38.620000 Some network automation tools, you will download and install unlike your 0:03:38.620000 --> 0:03:40.580000 Linux server or something. 0:03:40.580000 --> 0:03:44.660000 And then you'll create a script using whatever language it uses. 0:03:44.660000 --> 0:03:47.840000 And in that script, you'll probably identify, you know, the IP address 0:03:47.840000 --> 0:03:52.360000 of switch one, the IP address of router five, so it knows where all the 0:03:52.360000 --> 0:03:55.640000 devices are. You'll provide like the login credentials that will need 0:03:55.640000 --> 0:03:57.380000 to log into all those devices. 0:03:57.380000 --> 0:03:59.640000 And then you type a command to get to start. 0:03:59.640000 --> 0:04:04.420000 And that tool can just reach out just like you were on secure CRT or putty 0:04:04.420000 --> 0:04:06.300000 or hyper terminal or something. 0:04:06.300000 --> 0:04:09.140000 And it can reach into those devices and start configuring them and reading 0:04:09.140000 --> 0:04:12.160000 them. And you can just program it to do that like every day at five AM 0:04:12.160000 --> 0:04:16.800000 or something. So that case, that tool is like a standalone tool. 0:04:16.800000 --> 0:04:21.420000 Other tools like we see here require two components. 0:04:21.420000 --> 0:04:25.300000 They have the server aspect that you download unlike the server or something. 0:04:25.300000 --> 0:04:29.560000 But then they also have another component that you actually have to install 0:04:29.560000 --> 0:04:32.860000 in your networking device itself. 0:04:32.860000 --> 0:04:34.860000 Now let me pause here for a moment. 0:04:34.860000 --> 0:04:40.300000 All of these network automation tools, they were not originally developed 0:04:40.300000 --> 0:04:46.440000 to automate routers and switches and network infrastructure things. 0:04:46.440000 --> 0:04:51.480000 They can nowadays, but that wasn't their original intent. 0:04:51.480000 --> 0:04:56.120000 As a matter of fact, a lot of these tools, their original intent was to 0:04:56.120000 --> 0:04:57.480000 work with servers. 0:04:57.480000 --> 0:05:02.540000 Specifically, imagine an environment where you have virtual machines and 0:05:02.540000 --> 0:05:06.460000 you've got some server that's got a bunch of virtual machines in it. 0:05:06.460000 --> 0:05:09.440000 And you need some automated tool that will automatically at a certain 0:05:09.440000 --> 0:05:13.020000 time every day, check to see if certain virtual machines are running, 0:05:13.020000 --> 0:05:17.940000 create virtual machines on the fly, delete existing virtual machines, 0:05:17.940000 --> 0:05:21.760000 look at the configuration of virtual machines in your VMware environment. 0:05:21.760000 --> 0:05:26.000000 That is what these tools were originally designed to do. 0:05:26.000000 --> 0:05:30.720000 Not work with Cisco router switches and firewalls, but they've been upgraded 0:05:30.720000 --> 0:05:35.900000 and changed over time so they can do that as well work with your network 0:05:35.900000 --> 0:05:42.120000 infrastructure. So when I say that some tools require a master and an 0:05:42.120000 --> 0:05:45.980000 agent where the master would be, okay, I've downloaded this network automation 0:05:45.980000 --> 0:05:50.840000 tool on my Linux server and then you need an agent, which is running in 0:05:50.840000 --> 0:05:52.840000 your device and it will respond to the master. 0:05:52.840000 --> 0:05:56.280000 Well, if the, you know, remember, this was designed that the agent would 0:05:56.280000 --> 0:06:00.900000 be installed on your VM, you know, your VM running Linux or your VM running 0:06:00.900000 --> 0:06:05.240000 a virtualized router or something like that, just another software component. 0:06:05.240000 --> 0:06:09.820000 But a lot of routers and switches out there don't allow you to install 0:06:09.820000 --> 0:06:14.040000 an agent. Like think of your common Cisco router or switch. 0:06:14.040000 --> 0:06:18.280000 Can you go onto your router or switch and install notepad? 0:06:18.280000 --> 0:06:21.500000 Can you install secure CRT? 0:06:21.500000 --> 0:06:23.300000 Can you install anything on it? 0:06:23.300000 --> 0:06:29.060000 No, it's a self-contained box of a CLI and that's all it is really meant 0:06:29.060000 --> 0:06:33.940000 for. Well, that type of box would not be a good candidate for a network 0:06:33.940000 --> 0:06:38.220000 automation tool that uses masters and agents. 0:06:38.220000 --> 0:06:42.580000 But other Cisco devices, like some of our newer iOS, XE devices and stuff, 0:06:42.580000 --> 0:06:49.440000 do allow you to install the agent component of these automation tools. 0:06:49.440000 --> 0:06:58.200000 Okay, so depending on the names, they have different names, different 0:06:58.200000 --> 0:07:02.740000 terminology. So for example, puppet has a concept of a puppet master, 0:07:02.740000 --> 0:07:04.740000 kind of cool puppet master, right? 0:07:04.740000 --> 0:07:07.820000 That's the server, the Linux server that's reaching out to all the devices 0:07:07.820000 --> 0:07:09.600000 and puppet agents. 0:07:09.600000 --> 0:07:14.580000 So if you want to use puppet to manage your network infrastructure, all 0:07:14.580000 --> 0:07:18.640000 your router switches, firewalls, they have to have the ability to install 0:07:18.640000 --> 0:07:21.820000 a puppet agent on them. 0:07:21.820000 --> 0:07:25.800000 Chef also has a master agent, salt stack. 0:07:25.800000 --> 0:07:27.080000 This one's kind of funny. 0:07:27.080000 --> 0:07:34.120000 Master and minions must install the binions on your routers and switches. 0:07:34.120000 --> 0:07:38.620000 All right, something else that differentiates these network automation 0:07:38.620000 --> 0:07:40.880000 tools from each other. 0:07:40.880000 --> 0:07:46.120000 So is whether or not they use a push or pull model. 0:07:46.120000 --> 0:07:52.380000 So if I'm talking about a network automation tool that does not use masters 0:07:52.380000 --> 0:07:56.620000 and agents. So for example, a network automation tool that I can just 0:07:56.620000 --> 0:07:58.400000 load it onto my Linux server. 0:07:58.400000 --> 0:08:02.920000 Like I said, give it the IP addresses of my devices, give it the SSH login 0:08:02.920000 --> 0:08:05.960000 credentials, and then it can just reach out to them. 0:08:05.960000 --> 0:08:08.560000 That would be called a push model. 0:08:08.560000 --> 0:08:12.780000 That network automation tool is pushing down to those devices. 0:08:12.780000 --> 0:08:15.300000 What I want to do is pushing the config. 0:08:15.300000 --> 0:08:20.560000 That's the push model. 0:08:20.560000 --> 0:08:23.460000 And ancable and salt stack are like that. 0:08:23.460000 --> 0:08:28.000000 So honestly, if you're not, let's just focus on Cisco for a moment. 0:08:28.000000 --> 0:08:32.560000 If your network is composed mostly of just regular iOS mainline Cisco 0:08:32.560000 --> 0:08:36.540000 devices that don't allow you to install an agent, don't allow you to install 0:08:36.540000 --> 0:08:39.580000 anything. You're probably going to want to use one of these two, ancable 0:08:39.580000 --> 0:08:46.400000 or salt stack. Now the pull model is one where you have an agent. 0:08:46.400000 --> 0:08:53.600000 And the agent will actually pull the master and say, Hey master, what 0:08:53.600000 --> 0:08:55.340000 should I look like right now? 0:08:55.340000 --> 0:08:56.960000 What should my config be? 0:08:56.960000 --> 0:08:59.820000 Has anything changed since the last time I pulled it? 0:08:59.820000 --> 0:09:04.000000 Oh, the last time I pulled you, you said I should have VLAN five. 0:09:04.000000 --> 0:09:06.420000 Now I'm pulling you and you're saying I should have VLAN nine. 0:09:06.420000 --> 0:09:08.140000 Oh, okay, I need to do that. 0:09:08.140000 --> 0:09:08.900000 That's the pole. 0:09:08.900000 --> 0:09:11.980000 That's the pole model. 0:09:11.980000 --> 0:09:18.600000 And puppet and chef rely on that. 0:09:18.600000 --> 0:09:20.380000 Creating configuration files. 0:09:20.380000 --> 0:09:22.880000 So this is another big differentiator between this network automation 0:09:22.880000 --> 0:09:26.880000 tools. Do you want to learn scripting or do you want to try to stay away 0:09:26.880000 --> 0:09:29.260000 from scripting as if your life depended on it? 0:09:29.260000 --> 0:09:35.240000 Well, so ancable and salt, salt stack utilize yaml. 0:09:35.240000 --> 0:09:38.460000 Now I don't know, I know yaml stands for yet another markup language. 0:09:38.460000 --> 0:09:41.520000 I know that. And I've done some real brief Googling and stuff on yaml. 0:09:41.520000 --> 0:09:48.620000 And from what I can see, yaml is a pretty human readable scripting language. 0:09:48.620000 --> 0:09:53.800000 It looks like it wouldn't take a lot of time to understand how yaml is 0:09:53.800000 --> 0:09:57.180000 formatted and put a yaml script together that could do what you need to 0:09:57.180000 --> 0:10:00.820000 do to, you know, program around a static route or program spanning tree 0:10:00.820000 --> 0:10:14.780000 or something. So this is a lot more complex than yaml. 0:10:14.780000 --> 0:10:18.200000 And this is why a lot of people prefer ancable and salt stack because 0:10:18.200000 --> 0:10:22.340000 they don't want to have to learn Ruby or how Ruby works. 0:10:22.340000 --> 0:10:30.780000 So in puppet, the configuration file is called a manifest. 0:10:30.780000 --> 0:10:34.240000 And here's a great article that you can look up. 0:10:34.240000 --> 0:10:37.640000 If you're curious about some more, the differences between puppet, chef, 0:10:37.640000 --> 0:10:39.340000 ancable and salt stack. 0:10:39.340000 --> 0:10:42.820000 This is actually where I got a lot of the information for this video. 0:10:42.820000 --> 0:10:47.920000 All right, now let's just finish up with some, some unique terms that 0:10:47.920000 --> 0:10:49.820000 are unique for each one of these things. 0:10:49.820000 --> 0:10:51.460000 Let's start out with puppet. 0:10:51.460000 --> 0:10:54.640000 So I've mentioned with puppet, you've got the puppet master and the puppet 0:10:54.640000 --> 0:10:59.240000 agents. So the puppet master master is the puppet software that's loaded 0:10:59.240000 --> 0:11:00.700000 on your like your Linux server. 0:11:00.700000 --> 0:11:05.560000 The puppet agent is software as a software component that would be loaded 0:11:05.560000 --> 0:11:09.000000 into your router into your switch into your firewall. 0:11:09.000000 --> 0:11:11.900000 If that device allows you to do so. 0:11:11.900000 --> 0:11:27.580000 There are things called puppet modules, which give providers and types. 0:11:27.580000 --> 0:11:31.640000 And let's just talk about puppet manifest. 0:11:31.640000 --> 0:11:37.000000 So the puppet manifest is the file you create with your desired configuration 0:11:37.000000 --> 0:11:42.500000 statements. So when you're thinking about, okay, this is what I want. 0:11:42.500000 --> 0:11:44.680000 And remember puppet has a master and agent, right? 0:11:44.680000 --> 0:11:46.060000 So this is that poll model. 0:11:46.060000 --> 0:11:49.820000 This is where the agent is going to poll the puppet master every once 0:11:49.820000 --> 0:11:52.780000 in a while and say, okay, this is what my config file looks like right 0:11:52.780000 --> 0:11:57.100000 now. Puppet master, what's my config file supposed to look like? 0:11:57.100000 --> 0:12:01.700000 Well, that config file that it's polling for was configured as a puppet 0:12:01.700000 --> 0:12:08.020000 manifest. Puppet forge, this is basically like a website where it's got 0:12:08.020000 --> 0:12:09.820000 sample manifest. 0:12:09.820000 --> 0:12:11.980000 It's got code you can download. 0:12:11.980000 --> 0:12:14.900000 So if you're interested in puppet, you want to learn more about it. 0:12:14.900000 --> 0:12:17.740000 I would definitely recommend that you Google puppet forge and you look 0:12:17.740000 --> 0:12:22.220000 for that. So here's an example of a puppet manifest. 0:12:22.220000 --> 0:12:25.900000 So you can see it is pretty human readable. 0:12:25.900000 --> 0:12:28.900000 It makes sense when you read through it. 0:12:28.900000 --> 0:12:34.640000 All right, what about chef? 0:12:34.640000 --> 0:12:40.300000 So we have our chef server, which is your center of operations that stores, 0:12:40.300000 --> 0:12:43.580000 manages and provides configuration data. 0:12:43.580000 --> 0:12:53.900000 You've got your chef workstations. 0:12:53.900000 --> 0:13:01.560000 So with chef, it breaks it up into two different components, workstations 0:13:01.560000 --> 0:13:08.760000 and nodes. So a chef workstation would be like your laptop, your PC, where 0:13:08.760000 --> 0:13:10.860000 you're creating your configuration code. 0:13:10.860000 --> 0:13:15.480000 You're creating your configuration files. 0:13:15.480000 --> 0:13:21.440000 And the chef node is an actual server that's talking to the workstation. 0:13:21.440000 --> 0:13:24.180000 So it's like two different devices are talking to each other. 0:13:24.180000 --> 0:13:31.020000 So changes are pushed from the workstation to the server. 0:13:31.020000 --> 0:13:33.900000 And then pulled from the server to the node. 0:13:33.900000 --> 0:13:35.180000 Lot of this stuff. 0:13:35.180000 --> 0:13:35.960000 Don't worry about it. 0:13:35.960000 --> 0:13:41.640000 You don't have to know this at the CC level. 0:13:41.640000 --> 0:13:46.600000 Chef cookbooks and recipes. 0:13:46.600000 --> 0:13:53.940000 Okay. So a chef cookbook is a data construct that allows chef to know 0:13:53.940000 --> 0:13:56.600000 how it's going to talk to a device. 0:13:56.600000 --> 0:14:03.480000 So for example, if I want chef to talk to a Cisco device, okay, my chef 0:14:03.480000 --> 0:14:07.120000 cookbook might include like, okay, you need SSH. 0:14:07.120000 --> 0:14:08.920000 Here's the SSH parameters. 0:14:08.920000 --> 0:14:10.760000 You're going to need to supply it and able password. 0:14:10.760000 --> 0:14:14.780000 You know, what are, how is chef going to know how to talk to my Cisco 0:14:14.780000 --> 0:14:17.640000 device and how is that going to be different than the chef is going to 0:14:17.640000 --> 0:14:20.620000 talk to my Juniper device or my Rista device? 0:14:20.620000 --> 0:14:22.400000 That's the chef cookbook. 0:14:22.400000 --> 0:14:30.420000 And then a chef recipe is where your actual configuration elements are. 0:14:30.420000 --> 0:14:35.260000 So for example, you would create a chef recipe to allow chef to know how 0:14:35.260000 --> 0:14:41.640000 to create a VLAN, how to shut down a port, how to configure OSPF. 0:14:41.640000 --> 0:14:44.320000 That would be in the recipe. 0:14:44.320000 --> 0:14:48.200000 So your cookbook would say, I, so you go into a chef and you say, I want 0:14:48.200000 --> 0:14:52.160000 to pull up the, oh, the Cisco cookbook, which tells it how to ask you 0:14:52.160000 --> 0:14:55.960000 access Cisco. And then you would say, within the Cisco cookbook, I want 0:14:55.960000 --> 0:15:01.160000 to pull up the OSPF recipe or the spanning tree recipe, which will allow 0:15:01.160000 --> 0:15:06.140000 chef to know how to configure those components of your Cisco device. 0:15:06.140000 --> 0:15:09.560000 Main takeaway here, what do you need to know for the exam? 0:15:09.560000 --> 0:15:14.300000 You need to know that chef uses these terms of cookbooks and recipes. 0:15:14.300000 --> 0:15:15.800000 That's really what you got to focus in. 0:15:15.800000 --> 0:15:18.320000 You don't have to know what the differences are between a cookbook and 0:15:18.320000 --> 0:15:21.020000 a recipe. Just know that those are chef terms. 0:15:21.020000 --> 0:15:24.540000 And here's more information about chef. 0:15:24.540000 --> 0:15:26.600000 If you want to dig into this. 0:15:26.600000 --> 0:15:35.220000 And here's an example of a chef recipe, what that would look like. 0:15:35.220000 --> 0:15:38.600000 You can see we have a couple of them here for OSPF. 0:15:38.600000 --> 0:15:43.580000 Well, actually all of these relate to OSPF and configuring OSPF VRFs, 0:15:43.580000 --> 0:15:46.300000 configuring OSPF on an interface. 0:15:46.300000 --> 0:15:54.660000 So this is a little bit more cryptic than what we previously saw with 0:15:54.660000 --> 0:16:01.460000 puppet. All right, Ansible. 0:16:01.460000 --> 0:16:04.020000 This has the Ansible master. 0:16:04.020000 --> 0:16:06.620000 This is the guy you're probably going to want to use because this doesn't 0:16:06.620000 --> 0:16:08.080000 require any kind of agent. 0:16:08.080000 --> 0:16:13.140000 This doesn't require anything special running on the router or the switch. 0:16:13.140000 --> 0:16:17.500000 Ansible is going to use SSH to connect to managed devices. 0:16:17.500000 --> 0:16:22.940000 And it utilizes Ansible playbooks and Ansible modules. 0:16:22.940000 --> 0:16:35.200000 Okay, so a playbook is similar in chef to how do I connect to a device? 0:16:35.200000 --> 0:16:37.820000 What's the uniqueness of a Cisco device? 0:16:37.820000 --> 0:16:44.000000 I need to know to connect to that versus an HP or a Juniper device. 0:16:44.000000 --> 0:16:49.280000 And an Ansible module is that's where you would actually find your iOS 0:16:49.280000 --> 0:16:53.060000 command. So if we're talking about Cisco, your iOS commands to configure 0:16:53.060000 --> 0:17:04.860000 Spanning Tree to configure OSPF, that will be found in your Ansible module. 0:17:04.860000 --> 0:17:10.440000 And here is an example of what an Ansible module looks like. 0:17:10.440000 --> 0:17:16.220000 You can see probably of all the ones we've looked at, this one is probably 0:17:16.220000 --> 0:17:20.860000 the most human readable of all of them. 0:17:20.860000 --> 0:17:26.560000 Okay, so that concludes our review of network automation tools.