When network teams start using network automation, they should keep the tasks simple, low-risk and quickly implementable. This means that the tasks should probably not make any changes to the network.
The ideal initial design will help the operations team, who will judge your work. You'll want to incorporate operations with automation, because they will use the tools and can provide ideas for more projects.
As you gain more experience, you can start implementing more advanced automation tasks in your network.
What is the best path to network automation?
The four network automation ideas below are the easiest tasks you can tackle to get started with automation.
1. device locator
Find out where a device is connected to the network from its name, IP address or MAC address.
This is a common operational task, especially when a firewall reports malware on an endpoint and you need to find it. You may want to divide this task into several steps.
First, use the device name to find the IP address of the device. Next, identify the subnet and map the IP address to a MAC address. Finally, find the switch port where the device is connected.
2. Checking application connectivity
Check the path between an endpoint and a specific application server, which may have load balancing. Start with simple checks, such as pings, that originate from the endpoint and the server or as close as possible to each.
Doing these checks manually is time-consumingSo create an automation task that can run the tests quickly and produce results that you can read easily.
3. Network infrastructure point connectivity
Check that each network infrastructure device: router, switch, load balancer, firewall, etc., is correctly connected to its neighbors.
This task will require a small database, use a file to keep it simple, that identifies each neighboring network device and the interfaces that connect them to each other. This task finds places where connectivity has failed or where connections have been made to the wrong interfaces.
Start with important interfaces and then include router-to-switch and switch-to-switch links.
4. Network configuration checks
Identify discrepancies between parts of network configurations and their configuration models. Start by comparing simple configuration fragments, such as Network Time Protocol, Simple Network Management Protocol and administrator logins.
You can then move on to more complex configurations, such as the Border Gateway Protocol (BGP). This automation should only report discrepancies and not make any changes.
Intermediate network automation ideas
As you gain more experience and initial success, automation tasks can become more complex.
At an intermediate level, you should understand the basic principles of software development, such as modular design. You can also start using APIs to collect data from vendor databases. Here are four intermediate ideas for network automation.
5. Check BGP connectivity
Check that your external routers are paired with the desired external routers and that they are sending and receiving the correct set of routes. Then consider extending the task to look at mirror sites to check that the network prefix has been announced correctly on the Internet.
6. Automate password resets
Resetting passwords is a tedious but important task. Improve it by checking that the new passwords comply with your organization's password standards. If you can, implement a two-factor authentication mechanism, closely validating user input and storing passwords only in a protected identity repository.
7. Network inventory
Identify devices and collect model numbers, serial numbers and operating system versions. Use vendor APIs and device details to search for security alerts and end-of-life information, provide reports on end-of-support devices and validate devices in maintenance contracts.
Operating system version reporting can help you standardize operating systems across the network, which reduces bugs and security vulnerabilities.
8. Network virtualization
Automate the configuration of everything you use for network virtualization, such as virtual LAN, extensible virtual LAN or MPLS. You'll be sending out configuration updates, so take the time to design and build a test environment.
Advanced network automation ideas
Eventually, you will want to perform more complex automation tasks to update complex device configurations and reduce repetitive errors. Below are four advanced network automation ideas that you can implement in your network.
9. Firewall rule migration
You can make the process of switching firewall vendors easier by creating automation tasks that convert firewall rules from one vendor's format to another.
This is an opportunity to revisit the rule sets and identify which of them are outdated and can be removed.
This task should identify the location of the IP addresses in the rules and check that they apply to the configuration of the firewall being converted. You may be surprised how many rules you can eliminate because they no longer apply.
10. Automate access control list updates
ACLs (access control lists), i.e. firewall rules, can be difficult to maintain. Often, teams can forget the origin of the rules and no one wants to remove a rule for fear of breaking something.
This automation project creates a database in which to store ACL policy definitions, why each policy exists and the criteria for changing or deleting it. When a policy is changed or deleted, the resulting ACL rules can be updated or removed.
11. Provisioning parameters in the data center
With a few parameters, you can create and install the configurations for all the network equipment in a data center.
12. Source of automation based on use cases
This is the ultimate automation task, in which a single database source is used to drive the automation of the network. The use case source defines the intent of the network configuration and is the idea behind the network based on the actual intent.
Each automation task you choose should have some easily identifiable criteria that determine when you have finished and should move on to another task. As soon as the current project reaches its goal, move on to the next one.
Otherwise, the project could take on a life of its own and consume more time than it saves. Note that automation can have other benefits that outweigh its creation time, such as situations where speed of execution and precision are critical.
You don't have to make the automation journey alone. Contact the experts at Conversys now and find out about Aruba Networks' security, network management and connectivity solutions. We're here to help you meet your new challenges.
About Conversys
Conversys IT Solutions is a provider of Information and Communication Technology services and solutions operating throughout Brazil.
With a highly qualified technical and commercial team and a network of partners that includes the main global technology manufacturers, Conversys IT Solutions is able to deliver customized IT and Telecom Infrastructure solutions to clients.
We invest in our employees and partners and strive for a long-lasting relationship with our clients, because we believe that this is how we gain the skills and knowledge we need to innovate and generate value for the businesses in which we operate.
