Python For Network Engineers Book – Editor’s Note: This 2018 edition is out of date. The new third edition, updated for 2020, includes Python 3.8, with extensive coverage with Azure, AWS, and Ansible 2.8, and data analysis using Elastic Stack has just been released. Master the art of using Python for a variety of network engineering tasks. Key Features• Discover the power of Python libraries to efficiently and effectively solve difficult networking problems• Use Python for network appliance automation, DevOps and software-defined networking• Become an expert at performing advanced networking-related tasks with PythonBook DescriptionNetworking in your infrastructure . It forms the basis for how your application can be deployed, maintained and maintained. Python is the ideal language for network engineers to explore tools previously available to system engineers and application developers. In this second edition of Mastering Python Networking, you will embark on a Python-based journey to transition from a traditional network engineer to a network developer ready for next-generation networking. This book starts with an overview of the basics of Python and teaches you how Python can communicate with legacy and API-enabled network devices. As you flip through the chapters, you’ll learn how to use high-level Python packages and frameworks to perform network engineering tasks for enhanced automation, monitoring, management, and security. In the concluding chapter, you will use Jenkins for continuous network integration and testing tools to verify your network. By the end of this book, you will be able to perform all networking tasks with ease using Python. What You’ll Learn • Use Python libraries to communicate with your network • Integrate Ansible 2.5 using Python to network Cisco , Juniper, and Arista eAPI manageable devices • Leverage existing frameworks to build high-level APIs • Learn how to build virtual networks in the AWS Cloud • Understand how Jenkins can be used to automatically make changes to your network • Use PyTest and Unittest for Test Driven Network Development Who this book is for Mastering Python Networking for network engineers and programmers who want to use Python for networking. Basic knowledge of Python programming and network related concepts such as Transmission Control Protocol/Internet Protocol (TCP/IP) would be helpful.
Network Monitoring with Python – Part 1 Imagine you get a call at 2:00 am. The person on the other end of the line says, “Hello, we’re dealing with a difficult issue that impacts the production service. We suspect it’s network related. Can you look into this for us? For this type of urgent , open-ended question.” what are you going to do first?” Usually you think about: what has changed between when the network was working and when something went wrong? Chances are you check your monitoring tools and see if all the important metrics are in a changed few hours. ago. It is better if you receive monitoring alerts from basic deviation metrics. In this book, we have discussed several ways to systematically make predictable changes to our network, with the aim of keeping the network running as smoothly as possible. however, network is not static – far from it – they are probably one of the smoothest parts of the entire infrastructure Networks, by definition, connect different parts of the infrastructure together, constantly passing traffic back and forth There are many moving parts that can cause your network to stop working as expected: hardware failures, software and bugs, human error despite the best of intentions, and more. It is not a question of whether things go wrong, but rather when and what goes wrong when things go wrong. We need a way to monitor our network to make sure it’s working as expected and hopefully notify us when it’s not. In the next two chapters, we’ll look at different ways to perform network monitoring tasks. Many of the tools we’ve seen so far can be integrated with or managed directly by Python. Like many tools we’ve seen, network monitoring comes in two parts. First we need to know what information the device can send. Second, we need to identify useful information that can be interpreted from it. We will see some tools that allow us to effectively monitor the network: Simple Network Management Protocol (SNMP) Matplotlib and Pygal Visualization MRTG and Cacti This list is not exhaustive and there is certainly no shortage of commercial network monitoring vendors. Space However, the basics of network monitoring we’ll look at are good for both open source and commercial tools. The lab setup for this chapter is the same as Chapter 6, Network Security and Python, except that both network devices are IOSv devices. Here’s an illustration of this: two Ubuntu hosts will be used to generate traffic on the network, so we can see some non-zero counters. SNMP SNMP is a standard protocol used to collect and manage devices. While the default allows you to use SNMP for device management, in my experience most network administrators prefer to keep SNMP as an information-gathering mechanism. Because SNMP works on unrelated UDP, and takes into account the relatively weak security mechanisms in version 1 and 2, switching devices via SNMP often makes network operators a little worried. SNMP version 3 added cryptographic security and new concepts and terminology to the protocol, but the way the technology is adapted varies by network vendor. SNMP is widely used in network monitoring and has been around since 1988 as part of RFC 1065. Operation is simple and network administrators send GET and SET requests to devices and devices and SNMP agents respond with information per request. The most commonly used standard is SNMPv2c, which is defined in RFC 1901 – RFC 1908. It uses a simple community-based security scheme for security. It has also introduced new features such as the ability to get bulk information. The diagram below shows the high-level operations for SNMP: SNMP Operations The information in this device is structured in the Management Information Base (MIB). MIB uses a hierarchical namespace that contains an Object Identifier (OID), which represents information that can be read and passed back to the requestor. When we talk about using SNMP to query device information, we are really talking about using a management station to query a specific OID that represents the desired information. There are common OID structures, such as system and interface OIDs, that are shared among vendors. In addition to the general OID, each trader can also specify a specific company-level OID. As an operator, you must make an effort to integrate information into the OID structure in your environment to obtain useful information. It can sometimes be a tedious process to find one OID at a time. For example, you can make a request to the OID device and receive a value of 10,000. What is that value? Is it interface traffic? Is it in bytes or bits? Or maybe it’s a number of packages? How do we know? We will have to consult the standard or the supplier’s documentation to find out. There are tools that help with this process, such as MIB browsers that can give more metadata to the values. But, at least in my experience, building an SNMP-based monitoring tool for your network can sometimes feel like a cat-and-mouse game to find missing values. Some of the key points to get out of the operation are as follows: The implementation is highly dependent on the amount of information the agent can provide. This again depends on how the vendor treats SNMP: as a core feature or an additional feature. SNMP agents generally require a control plane CPU cycle to return a value. Not only is it inefficient for devices with large BGP tables, for example, it is also not feasible to use SNMP to query data at small intervals. The user must know the OID to query the data. Since SNMP has been around for a long time, I assume you already have experience with it. Let’s jump straight to the package installation and our first SNMP example. Setup First, let’s make sure we have SNMP managed devices and worker agents in our setup. The SNMP package can be installed on a host (client or server) in our lab or a management device in the management network. As long as the SNMP manager has an IP range for the device and the managed device allows inbound connections, SNMP should work. In production, you only need to install the software on the management host and only allow SNMP traffic on the control plane. In this lab, we installed SNMP on both Ubuntu hosts in the management network