Network Automation using Ansible for Cisco
Routers Basic Configuration
Telematics Laboratory, School of Electrical Engineering and Informatics,
Bandung Institute of Technology, e-mail: nathanjaya123@gmail.com
Abstract: Network programmability is a trend,
enhanced and inspired by Software Defined
Networks, that are based on scripting methods
and standard programming languages used for
controlling and monitoring of
elements. This paper is illustrating a method in
configuring network devices by
automation, reducing time for equipment
configuration and easier maintenance. It uses
Ansible in Ubuntu environment as the
controller, and Cisco routers as the managed
nodes. These methods represent the future of
networks, allowing the management of an
increased number of devices in a unitary way.
Keywords: Network, Automation, Ansible.
1. Introduction
The number of devices in a network and their
heterogeneous nature is steadily increasing.
The traditional methods used for network
equipment configuration are time consuming,
taking into consideration also the vendor
specific know-how needed. The Software
Defined Networks (SDN) concept tries to
eliminate the vendor dependency via standard
Jonathan Wijaya
protocols, like OpenFlow. However, the
“traditional” non-SDN legacy networks need to
keep the pace and respond to dynamic network
changes. Network automation is a solution for
network operational expenses saving, improving not
only the time spent for configuring the network
using devices, but also the efficiency of network
maintenance through procedures that are easier
to follow and implement at large scale.
All major vendors, including Cisco, started
promoting the software configurability of
networks (e.g. Cisco DevNet concept that
promotes the creation of an open source
community for network programmability [5]).
All new automation implementations are based
on generic programing methods (python, java)
and standard interfaces (Secure Shell SSH or
even RESTful webservices).
However, only the newer devices have support
for the new programmatic methods, and this
paper addresses methods to automate legacy
network elements.
The main objective of this paper is to
demonstrate the efficiency of the scripting in
configuring network devices. For that we have
created an emulated network topology in Eve-
ng, having as main element an Ubuntu Desktop,
with the role of a network controlling element.
We have controlled the network devices in a
programmatic way using Ansible, based on
Python.
2. Network Automation using Ansible
At its core, network automation has the main
goal of simplifying the tasks involved in
configuring, managing and operating network
equipment, network topologies, network
services and network connectivity. In my
experimental setup I have used the Eve-ng
emulator which is a tool for building, designing
and testing networks, capable now also to
connect to external networks and allowing
integration with virtual images.
A. Network Setup
For the specific implementation, I have used an
Ubuntu Desktop which is running Ansible,
allowing to connect to devices and automate
their configuration via ssh connections.
Ansible is an IT automation tool. It can
configure systems, deploy software, and
orchestrate more advanced IT tasks such as
continuous deployments or zero downtime
rolling updates.
Ansible’s main goals are simplicity and ease-
of-use. It also has a strong focus on security and
reliability, featuring a minimum of moving
parts, usage of OpenSSH for transport (with
other transports and pull modes as alternatives),
and a language that is designed around
auditability by humans–even those not familiar
with the program.
Ansible is appropriate for managing all
environments, from small setups with a handful
of instances to enterprise environments with
many thousands of instances.
Ansible manages machines in an agent-less
manner. There is never a question of how to
upgrade remote daemons or the problem of not
being able to manage systems because daemons
are uninstalled. Because OpenSSH is one of the
most peer-reviewed open source components,
security exposure is greatly reduced. Ansible is
decentralized–it relies on your existing OS
credentials to control access to remote
machines. If needed, Ansible can easily connect
with Kerberos, LDAP, and other centralized
authentication management systems.
The scripts incorporate some functionalities
like hostname changing, IP address
configuration, and routing protocols. The
scripts can be used for almost all network
devices regardless of the vendor that produces
them.
The topology contains a cloud (Net) which is
used to connect the Ubuntu Desktop device
which will run the Ansible and its automated
scripts for configuring network devices, a
Switch (using Cisco vIOS) that is making the
connection to 2 Routers that will
automatically configured (Figure 2.1).
Figure 2.1 Topology
The Ubuntu Desktop needs to be in the same
network as the devices that we want to
automatically configure so it can obtain an IP
via a common DHCP or we can configure a
static IP address. It also must be connected to
Internet for downloading the necessary tools.
The routers need to be configured first. What
needs to be configured are IP address of the
connected interface and SSH, so that the
controller (Ubuntu Desktop) can access the
routers.
An Ansible controller (the main component that
manages the nodes), is supported on multiple
flavors of Linux, but it cannot be installed on
Windows. For managed nodes, since Ansible
uses SSH to communicate with managed nodes,
the node must be able to be accessed from SSH.
Going back to controller machine installation,
Python 2 (2.6 or above) needs to be installed. In
my case, I am using Ubuntu as my OS, hence
my focus would be on working with Ansible
using Ubuntu as the underlying OS. A way of
installing Ansible is to use the Advanced
be Packaging Tool (APT) in Ubuntu. The
following commands will configure the
Personal Package Archives (PPA), install
Ansible, and install the newest python version.
$ sudo apt update
$ sudo apt install software-
properties-common
$ sudo apt-add-repository
ppa:ansible/ansible
$ sudo apt update
$ sudo apt install ansible
$ sudo apt install python
B. Ansible Automation Methods
There are 3 main file in the Ansible directory,
hosts, ansible.cfg, and Ansible Playbook file.
The hosts file is the inventory file where we add
our managed nodes to be controlled by Ansible.
Ansible.cfg is the actual configuration file used
to tweak Ansible parameters. Once the
installation is done, we need to add some nodes
in the hosts file. In my case I add 2 IP addresses
which belong to interface fa0/0 of my 2 routers.
Here is the content of my hosts file:
//hosts
[iosxr]
10.10.1.99
10.10.1.199
I grouped the 2 hosts with a group name ‘iosxr’
because they are Cisco routers using iosxr
operating system. Then after the hosts file, the
other file is the Ansible Playbook. Ansible
playbook contains the configuration we want to
push to the devices. The playbook file has ‘.yml’
file extension. In my case, the contents of my
playbook file are the routers’ username and
password, hostname configuration, IP address
configurations, and OSPF configuration. Here
is the content of my playbook file:
//ansible-playbook
---

- name: config
hosts: all
connection: local
gather_facts: no
tasks:
- name: configure provider
set_fact:
provider:
username: cisco
password: cisco
- name: set hostname
ios_config:
provider: "{{provider}}" Figure 2.2 Ansible Playbook Result
lines: hostname
{{ inventory_hostname }}
- name: interface IP address Figure 2.2 above shows the result after I run the
ios_config:
provider: "{{provider}}" playbook file. The result shows that I
lines:
- ip address 192.168.1.10 successfully changed 4 configurations in the
255.255.255.0 target routers. Those 4 configurations are
- no shutdown
- full-duplex hostname, interface IP address, loopback IP
parents: interface
FastEthernet 1/0 address, and OSPF.
- name: loopback interface
ios_config:
provider: "{{provider}}" For my future work I plan to automate network
lines:
- ip address 1.1.1.1 devices using Ansible alongside NAPALM.
255.255.255.255 Network Automation and Programmability
- no shutdown
parents: interface Abstraction Layer with Multivendor support
Loopback0
- name: configure ospf network [9] is a Python library that implements a set of
ios_config: functions to interact with different router
provider: "{{provider}}"
lines: vendor devices using a unified API. The
- router-id 1.1.1.1
- network 192.168.1.10 heterogeneous vendors are integrated via
0.0.0.255 area 0 drivers, and NAPALM offers support for most
parents: router ospf 1
of the important vendors.

After making sure the files’ contents are correct,

3. Conclusions
what we need to do is just run the playbook file.
In my case, my playbook file’s name is
Configuring and monitoring any device via
‘test.yml’, so what I need to type is:
automation, independent of vendors is a goal
ansible-playbook test.yml
implementable not only on SDN devices, but
also on other networking solutions. In this
paper, I have demonstrated the importance of
automation in a network that are not aware of
OpenFlow SDN protocol.

I have demonstrated that using Ansible,

network engineers do not need to configure by
themselves each individual device, they just
need to create the proper infrastructure and by
implementing automation scripting. The
network controllability becomes easier and
changes can be faster deployed, maybe even
automatically, as response to events that take
place in the network. So the legacy network
elements becoming similar with SDNs.

Reference

1. Ansible for Network Automation, https://docs.

ansible.com/ansible/latest/network/index.html
2. Tischer R., Gooley J. 2016. Programming and
Automating Cisco Networks. Cisco Press.
3. Cisco ”DevNet” Open Source Dev Center -
https://developer.cisco.com/site/opensource/
4. NAPALM (Network Automation and Pro-
grammability Abstraction Layer with Multi-
vendor support) https://napalm.readthedocs.io/
en/latest/
5. Ansible for Network Automation Tutorial,
https://www.networkcomputing.com/networkin
g/