When network teams start using network automation, they should keep tasks simple, low-risk, and deployable quickly. This means that the tasks should probably not make any changes to the network.
The ideal initial design will help the operations team, who will judge your work. You will want to incorporate operations with automation, because they will use the tools and can provide ideas for more projects.
As you gain more experience, you can start implementing more advanced automation tasks in your network.
What is the best way to network automation?
The four network automation ideas below are easier tasks you can tackle to get started with automation.
1. device locator
Find out where a device is connected to the network from its name, IP address, or MAC address.
This is a common operational task, especially when a firewall reports malware on an endpoint and you need to find it. You may want to divide this task into several steps.
First, use the device name to find the IP address of the device. Next, identify the subnet and map the IP address to a MAC address. Finally, find the switch port where the device is connected.
2. Verifying Application Connectivity
Check the path between an endpoint and a specific application server, which may have load balancing. Start with simple checks, such as pings, that originate from the endpoint and the server or as close to each as possible.
Doing these checks manually is time consumingSo create an automation task that can run the tests quickly and produce results that you can read easily.
3. Network Infrastructure Point Connectivity
Check that each network infrastructure device: router, switch, load balancer, firewall, etc. is correctly connected to its neighbors.
This task will require a small database, use a file to keep it simple, that identifies each neighboring network device and the interfaces that connect them to each other. This task finds places where connectivity failed or connections were made to the wrong interfaces.
Start with important interfaces and then include router-to-switch and switch-to-switch links.
4. Network configuration checks
Identify discrepancies between parts of your network configurations and your configuration models. Start by comparing simple configuration fragments, such as Network Time Protocol, Simple Network Management Protocol, and administrator logins.
You can then move on to more complex configurations, such as Border Gateway Protocol (BGP). This automation should only report discrepancies and not make any changes.
Intermediate Network Automation Ideas
As you gain more experience and initial success, automation tasks can become more complex.
At an intermediate level, you should understand the basic principles of software development, such as modular design. You can also start using APIs to collect data from vendor databases. Here are four intermediate ideas for network automation.
5. Check BGP connectivity
Check that your external routers are pairing with the desired external routers and whether they are sending and receiving the correct set of routes. Then consider extending the task to query mirror sites to verify that the network prefix has been correctly advertised on the Internet.
6. Automate password resets
Resetting passwords is a tedious but important task. Improve it by checking that new passwords conform to your organization's password standards. If you can, implement a two-factor authentication mechanism, closely validating user input and storing passwords only in a protected identity repository.
7. Network inventory
Identify devices and collect model numbers, serial numbers and operating system versions. Use vendor APIs and device details to search for security alerts and end-of-life information, provide reports on devices that are at the end of support and validate devices in maintenance contracts.
Operating system version reporting can help you standardize operating systems across the network, which reduces bugs and security vulnerabilities.
8. Network Virtualization
Automate the configuration of everything you use for network virtualization, such as virtual LAN, extensible virtual LAN, or MPLS. You will be sending configuration updates, so take the time to design and build a test environment.
Advanced Network Automation Ideas
Eventually, you will want to perform more complex automation tasks to update complex device configurations and reduce repetitive errors. Below are four advanced network automation ideas that you can implement in your network.
9. Firewall rule migration
You can ease the process of switching firewall vendors by creating automation tasks that convert firewall rules from one vendor's format to another.
This is an opportunity to revisit the rule sets and identify which ones are outdated and can be removed.
This task should identify the location of the IP addresses in the rules and verify that they apply to the firewall configuration being converted. You may be surprised at how many rules you can eliminate because they no longer apply.
10. Automate access control list updates
ACLs (access control list), or firewall rules, can be difficult to maintain. Often, teams can forget the origin of the rules and no one wants to remove a rule for fear of breaking something.
This automation project creates a database in which to store the ACL policy definitions, why each policy exists, and the criteria for changing or deleting it. When a policy is changed or deleted, the resulting ACL rules can be updated or removed.
11. Provisioning Parameters in the Data Center
With a few parameters, you can create and install the settings for all network equipment in a data center.
12. Source of automation based use cases
This is the ultimate automation task, in which a single database source is used to drive network automation. The use case source defines the intent of the network configuration and is the idea behind the network based on the actual intent.
Each automation task you choose should have some easily identifiable criteria that determine when you have completed and should move on to another task. Once the current project reaches its goal, move on to the next one.
Otherwise, the project can take on a life of its own and consume more time than it saves. Note that automation can have other benefits that outweigh its creation time, such as situations where execution speed and accuracy are critical.
You don't have to make the automation journey alone. Contact the experts at Conversys now to learn about Aruba Networks' security, network management and connectivity solutions. We're here to help you meet your new challenges.
About Conversys
Conversys IT Solutions is a provider of Information Technology and Communication services and solutions acting all over Brazil.
With a highly qualified technical and commercial team and a partner network that includes the main global technology manufacturers, Conversys IT Solutions is able to deliver customized solutions for IT Infrastructure and Telecom to its clients.
We invest in our employees and partners and strive for a long-lasting relationship with our clients, because we believe that this way we gain the skills and knowledge necessary to innovate and generate value to the businesses in which we operate.
