Ensuring Network Configuration Consistency with StackStorm + NAPALM

Apr 11, 2017
by Matt Oswalt

If you’ve been paying attention to the news around new StackStorm integrations, you may have noticed the NAPALM pack was created a few weeks ago. For those unfamiliar with NAPALM, it’s a Python library that provides a multi-vendor abstraction layer for interacting with network devices like routers and switches (for those not working in the network industry, you can think of NAPALM as “libcloud” for your network).  This is really useful for doing network automation, because it means you only need to write a script (or a StackStorm action) once, targeting this library, and it’s immediately usable against the 10+ network vendors supported by NAPALM (a list that is growing all the time).

This provided a great opportunity for us to bring event-driven automation into the network space in a big way. We started developing a pack for this, and the community really ran with it. Community member Rob Woodward responded to our initial pull request with a bunch of new actions and workflows that covered a huge portion of the functionality in the NAPALM library. This was merged a few weeks ago, and while we’re still considering the pack to be in the “beta” stages for now, this made a huge step towards mature multi-vendor network automation with StackStorm. Thanks, Rob!

The presence of this pack means the worlds of multi-vendor network automation and event-driven automation are finally coming together. NAPALM already provides a lot of great features on its own, such as vendor-agnostic retrieval of operational data (like routing and neighbor tables), as well as pushing configuration changes to network devices. What’s really exciting about linking this up with the event-driven automation of StackStorm is that we can now trigger these activities in response to interesting events elsewhere, such as in your network monitoring system.

Check out the pack’s README for a full summary, but I’ll spoil a few of the goodies that are currently included in this pack:

  • Rules to automatically react to common network events, like a topology change, or a configuration update
  • Actions for retrieving network state, like ARP, BGP, and IPv6 neighbor tables, as well as actions for making changes, like running one-off commands, or installing full or partial configurations

Also, we’re not just talking about a handful of actions; right now the NAPALM pack supports just about everything that is exposed by the NAPALM library itself!

Again, all of these features are inherently multi-vendor because of the NAPALM library. If you want to use the “get_lldp_neighbors” action to retrieve LLDP neighbors on a Juniper firewall, and use the retrieved info to create a BGP configuration and push to a Cisco router using the “loadconfig” action, that’s now possible!

Checking Configuration Consistency

Ever since the very first version of the pack was published, we’ve been thinking of ways to add to the pack, specifically focusing on problems that network engineers have to solve every day, in an effort to make their lives easier. One important challenge in any network, especially when starting to automate, is the task of ensuring the network is configured the way you think it is.

To that end, we recently added an action to the NAPALM pack called “check_consistency”. This action will connect to the network device you specified, using the NAPALM library, and retrieve its configuration. Then it will compare it to a “golden configuration” that you’ve stored in a Git repository, and let you know if there are any deviations.

Oh, and it’s chatops-enabled, so you can do all this from the comfort of Slack or HipChat! Check out the video below for a quick walkthrough of this specific feature:

This is just one example of what you can do with the NAPALM pack. We’ll be producing all kinds of interesting network automation demos with this and related functionality, all aimed at improving the operational capabilities of the network engineer.

We’re not finished – this pack is going to get a lot of love in the near future, so if you have any interest in network automation, put it through its paces and let us know what you think! For those that are either already sold on NAPALM, or are already using it, but haven’t gotten into StackStorm yet, check out our StackStorm Overview to become familiar with the concepts and get started! If you want to know more about NAPALM, check out the project’s Github page.

Happy automating!