Friday 29 April 2016

Python for Network Engineers - Part 1

In this blog article, we’re going to look at how to get started learning Python as a Network Engineer.

We’ll look at some great resources to use to learn the basics, some links to source network focused resources and steer in the right direction for modules and packages which a network engineer will find useful.

This will also be the first blog in a series.  In subsequent posts, we are going to walk through using Python and APIs to configure various devices such as Junos, Cisco Nexus, F5, Arista and Palo Alto.

Blog Series

Python for Network Engineers - Part 1 - Introduction
Python for Network Engineers - Part 2 - Making REST calls
Python for Network Engineers - Part 3 - Using Cisco Nexus NX-API
Python for Network Engineers - Part 4 - Using Arista EOS eAPI
Python for Network Engineers - Part 5 - Using Junos NETCONF interface
Python for Network Engineers - Part 6 - Using Cisco Nexus NETCONF interface
Python for Network Engineers - Part 7 - Using Palo Alto Networks XML API


Why Python

There are many scripting languages out there such as PowerShell, Perl and Ruby.  So why choose Python?

For me Python is very quick to pick up, is quite flexible, there are lots of resources and examples out there and it’s just very easy to write a short piece of code to do some powerful tasks.

Python is cross-platform.  However many modules are hooked into Linux.  If you to run your code on a Microsoft OS, then perhaps PowerShell is the language for you.  PowerShell’s advantage is in the modules that help you work with MS products (ie IIS, SCOM, SharePoint etc.)

Also Puppet and Chef are both built on Ruby.  So if you’re planning to heavily use these tools then perhaps try Ruby as well / instead.

Python Basics


The first thing you’ll need to do is get to grips with the basics of Python.  I would recommend the following resources:
1.   https://www.codecademy.com/learn/python - This starts from the very basics and easy for complete beginners to get started with Python.  Also, it’s completely hands-on using a Python interpreter in the web browser.
2.   https://developers.google.com/edu/python/?hl=en – This comprises of a couple of youtube videos and some exercises.  Again this starts as if you know very little or no python.  However, it moves at a faster pace.  The exercises are the best part as they will get you doing some very useful and powerful things with only a small amount of code.  For this, you’ll need to install python.  I use a VM with Ubuntu for this purpose.

The main aim for learning the basics will be to understand how to:

  • Work with the various objects in Python (Strings, Integers, floats, Lists, tuples and Dictionaries)
  • Work with if/else/for loops and conditionals (and, in, not, etc)
  • Loading in modules and creating your own modules
  • Understand classes and their attributes and functions.  Even if you don’t create your own classes then you will use them all the time.   So it will really help you understand Python if you learn about classes and objects.
  • Using the interactive prompt and the online help() and dir() functions.  Dir() will list all the attributes and functions available in an object, so this is very valuable.

Once you’re comfortable with the above then you’re only a step away from automating all your network kit !!

Python Modules

When you first start off using Python then you’ll probably spend a lot of time trying to find the right module for the task in hand.  Or worse, try to write something that is easily available in a module.  To help you out then here is a list of modules that I use:

  • requests – this module is a HTTP client.  I always use it for talking to REST APIs as it very flexible and easy to use
  • json – JSON formatted data looks the same as a dictionary object in Python.  However when you read data from a REST API or from a file it will be read as a string.  This library will convert a string to a dictionary object and vice versa.
  • yaml – I also use this for loading string data into a dictionary.  I found sometimes where you have nested dictionaries inside dictionaries or lists inside dictionaries the yaml module will interpret all of it correctly, where the json library wouldn’t.
  • xmltodict – Converts xml data into a dictionary.  Dictionaries are obviously easier to work within Python so this can be very useful.
  • ncclient – This module is for working with NETCONF devices.  This makes it very easy to start working with Junos and Cisco Nexus in particular.  But also many other vendors that have implemented NETCONF.
  • optparse – module to read in arguments from a command-line script.  There are many modules that do this, including sys.argv, but this is just the first one I started using.
  • getpass – will allow an interactive user to input a string without echoing what they type.
  • netaddr – This is what I use for working with IP addresses.  However there is also ipaddr which was written by google, so I imagine this will be a better module going forward.
  • MySQLdb – for writing / reading from a MySQL database.  Again I’m sure there are multiple modules out there to achieve this but this one works well for me
  • time – good for grabbing the current date and/or time for logging and creating unique filenames
  • paramiko – this is the most commonly used SSH client in Python
  • re – regular expression matching.  If you’re working with Paramiko then this library will be invaluable to try to pick out the bits of output you’re interested in.

Working with Network Devices

So I have mentioned Paramiko above.  However for this series of blog posts I will not look at Paramiko in detail.  Using SSH to automate is a failure in my book, as it is designed to be worked with interactively by a human.  Some people veer towards this as that’s what they are used to working with, but when writing code it is very messy.  All the latest software from all the vendors offers APIs so we will concentrate on that.  To summarise then when working with network devices we can use the following methods:

  • Junos – Supports NETCONF over SSH.  You can basically send set commands and get back XML data.  If you purchase Junos Space then this has a REST API.  However, I find the NETCONF interface easier to use and it’s free with Junos.  Also Junos Space acts as a middle layer and actually uses NETCONF to program the Junos devices.
  • Cisco Nexus – Has a REST API in 7.2 onwards.  Before that there is a very good NETCONF interface.  For both NX-API and NETCONF you can just send cli commands and get back data in JSON or XML respectively.
  • Arista EOS – Has a REST API.  Again very easy to use as you just send cli commands and get back JSON data.
  • F5 – Has a REST API in version 11.5 onwards.  Before that there is a SOAP interface (if using this then F5 have a bigsuds python module).
  • Palo Alto – Has a HTTP XML API
  • FortiGate – You will need to purchase FortiManager, but that will then give you a REST API.
From each API then we are either getting back XML or JSON data.  Either way, we can easily load this data into a dictionary object and start working with it very quickly and easily with Python.

Network Specific Resources

Last of all then please see a few other network specific resources out there which may be of some use:


In the next post we’ll take a look at the requests library.

About the Author

The author of this blog works for Vanguard IT who provide a range of professional services and managed services

For more information go to https://vanguard-it.net

No comments:

Post a Comment