Ansible: Automating a Multi-vendor Network

Automating OcNOS and Cisco config

In this article, I continue what we started in the previous article Getting started with Ansible: Automating OcNOS configuration. In addition to automating OcNOS configuration, I will look into automating Cisco configuration.

Let’s first start by editing our hosts file so that we can reference our routers by names instead of Ip addresses.

Next, we need to create our inventory file.

We will have 2 groups: ocnos and cisco.

The reason for creating two groups is that we have two different devices: OcNOS and Cisco, each device has its own variables and modules.

[ocnos]
OcNOS-1
OcNOS-2

[ocnos:vars]
ansible_user=ocnos
ansible_password=ocnos
ansible_connection = network_cli
ansible_network_os = ipinfusion.ocnos.ocnos

[cisco]
Cisco-1
Cisco-2

[cisco:vars]
ansible_user=cisco
ansible_password=cisco
ansible_connection = network_cli
ansible_network_os = ios

Now with our setup complete, let’s start crafting our playbooks.

The Cisco_interface_config.yml file is used to assign an IP address to the loopback interface on the Cisco routers.

---
- name: Configure loopback address on Cisco-1
  hosts: Cisco-1
  gather_facts: no
  tasks:
    - name: Configure loopback interface and IP address
      ios_config:
        lines:
          - ip address 2.2.2.2 255.255.255.255
        parents: interface loopback 1

- name: Configure loopback address on Cisco-2
  hosts: Cisco-2
  gather_facts: no
  tasks:
    - name: Configure loopback interface and IP address
      ios_config:
        lines:
          - ip address 4.4.4.4 255.255.255.255
        parents: interface loopback 1
Configuration successfully pushed to Cisco-2

The OcNOS_interface_config.yml file is used to assign an IP address to the loopback interface on the OcNOS routers.

---
- name: Configure loopback address on OcNOS-1
  hosts: OcNOS-1
  gather_facts: no
  tasks:
    - name: Configuring loopback interface
      ipinfusion.ocnos.ocnos_config:
        lines:
          - ip address 1.1.1.1/32 secondary
        parents: interface lo

- name: Configure loopback address on OcNOS-2
  hosts: OcNOS-2
  gather_facts: no
  tasks:
    - name: Configuring loopback interface
      ipinfusion.ocnos.ocnos_config:
        lines:
          - ip address 3.3.3.3/32 secondary
        parents: interface lo
We can see that the configuration was pushed to OcNOS-1

Now that we are done with the interface configuration, let’s jump into the OSPF configuration.

The Cisco_OSPF_config.yml file is used to configure OSPF on the Cisco routers.

---
- name: Configure OSPF on Cisco-1
  hosts: Cisco-1
  gather_facts: no
  tasks:
    - name: OSPF configuration
      ios_config:
        lines:
          - router ospf 1
          - network 10.10.10.0 0.0.0.255 area 0
          - network 2.2.2.2 0.0.0.0 area 0
          - router-id 2.2.2.2

- name: Configure OSPF on Cisco-2
  hosts: Cisco-2
  gather_facts: no
  tasks:
    - name: OSPF configuration
      ios_config:
        lines:
          - router ospf 1
          - network 10.10.10.0 0.0.0.255 area 0
          - network 4.4.4.4 0.0.0.0 area 0
          - router-id 4.4.4.4

The OcNOS_OSPF_config.yml file is used to configure OSPF on the OcNOS routers.

---
- name: Configure OSPF on OcNOS-1
  hosts: OcNOS-1
  gather_facts: no
  tasks:
    - name: OSPF configuration
      ipinfusion.ocnos.ocnos_config:
        lines:
          - router ospf 1
          - router-id 1.1.1.1
          - network 1.1.1.1/32 area 0
          - network 10.10.10.0/24 area 0

- name: Configure OSPF on OcNOS-2
  hosts: OcNOS-2
  gather_facts: no
  tasks:
    - name: OSPF configuration
      ipinfusion.ocnos.ocnos_config:
        lines:
          - router ospf 1
          - router-id 3.3.3.3
          - network 3.3.3.3/32 area 0
          - network 10.10.10.0/24 area 0
Cisco-1 neighbors table

With OSPF successfully configured, let’s jump to LDP configuration.

The Cisco_LDP_config.yml file is used to configure LDP on the CIsco routers.

---
- name: LDP configuration on the Cisco routers
  hosts: cisco
  gather_facts: no
  tasks:
    - name: LDP configuration
      ios_config:
        lines:
          - mpls ldp router-id loopback 1

    - name: Interface configuration
      ios_config:
        lines:
          - mpls ip
        parents: interface gi1

The OcNOS_LDP_config.yml file is used to configure OSPF on the OcNOS routers.

---
- name: LDP configuration on OcNOS-1
  hosts: OcNOS-1
  gather_facts: no
  tasks:
    - name: LDP configuration
      ipinfusion.ocnos.ocnos_config:
        lines:
          - router ldp
          - router-id 1.1.1.1
          - transport-address ipv4 1.1.1.1

- name: LDP configuration on OcNOS-2
  hosts: OcNOS-2
  gather_facts: no
  tasks:
    - name: LDP configuration
      ipinfusion.ocnos.ocnos_config:
        lines:
          - router ldp
          - router-id 3.3.3.3
          - transport-address ipv4 3.3.3.3

- name: Enabling LDP on the interface
  hosts: ocnos
  gather_facts: no
  tasks:
    - name: Enabling LDP
      ipinfusion.ocnos.ocnos_config:
        lines:
          - label-switching
          - enable-ldp ipv4
        parents: interface eth1
Cisco-1 forwarding table

We managed to automate the configuration of interface, OSPF and LDP configuration.

Let’s jump into L3VPN.

OcNOS-1 and CIsco-2 will act as the Provider Edge (PE) routers.

Cisco-1 and OcNOS-2 will act as the Provider (P) routers.

PC1 and PC2 will act as the customer edge (CE).

let’s start by creating our VRF instance “3G” on our PEs and attach interface gi2 to the VRF

The Cisco_VRF_config.yml file is used to create the VRF instance “3G” on Cisco-2.

---
- name: VRF configuration on Cisco-2
  hosts: Cisco-2
  gather_facts: no
  tasks:
    - name: VRF configuration
      ios_config:
        lines:
          - ip vrf 3G
          - rd 4.4.4.4:4
          - route-target both 100:4

    - name: Attaching VRF to the interface gi2
      ios_config:
        lines:
          - ip vrf forwarding 3G
          - ip address 30.0.0.1 255.255.255.0
          - no shutdown
        parents: interface gi2

The OcNOS_VRF_config.yml file is used to create the VRF instance “3G” on OcNOS-1.

---
- name: VRF configuration on OcNOS-1
  hosts: OcNOS-1
  gather_facts: no
  tasks:
    - name: VRF configuration
      ipinfusion.ocnos.ocnos_config:
        lines:
          - ip vrf 3G
          - rd 1.1.1.1:4
          - route-target both 100:4

    - name: Attaching VRF to the interface eth2
      ipinfusion.ocnos.ocnos_config:
        lines:
          - ip vrf forwarding 3G
          - ip address 20.0.0.1/24
        parents: interface eth2

Next, we need to configure BGP between the 2 PEs.

The Cisco_BGP_config.yml file is used to configure BGP on Cisco-2.

---
- name: BGP configuration on Cisco-2
  hosts: Cisco-2
  gather_facts: no
  tasks:
    - name: BGP configuration
      ios_config:
        lines:
          - router bgp 1
          - neighbor 1.1.1.1 remote-as 1
          - neighbor 1.1.1.1 update-source loopback 1
          - address-family vpnv4 unicast
          - neighbor 1.1.1.1 activate
          - exit
          - address-family ipv4 vrf 3G
          - redistribute connected

The Cisco_OcNOS_config.yml file is used to configure BGP on OcNOS-1.

---
- name: BGP configuration on OcNOS-1
  hosts: OcNOS-1
  gather_facts: no
  tasks:
    - name: BGP configuration
      ipinfusion.ocnos.ocnos_config:
        lines:
          - router bgp 1
          - neighbor 4.4.4.4 remote-as 1
          - neighbor 4.4.4.4 update-source lo
          - address-family vpnv4 unicast
          - neighbor 4.4.4.4 activate
          - exit
          - address-family ipv4 vrf 3G
          - redistribute connected

The routing table of the VRF instance “3G”

Cisco-2 MPLS forwarding table

Successful ping from PC1 to PC2

In summary, we successfully automated the configuration a multi-vendor MPLS L3VPN using Ansible. But why would we do that instead of using CLI? Using Ansible makes the process more efficient and less error-prone. In addition, you can apply configurations across multiple devices from multiple vendors simultaneously as we have seen here. The benefits of automating network configurations with Ansible become more apparent as network become larger and as the number of repetitive tasks grows.

I would be happy to see your comments about experience using Ansible for automating network configuration.