Here we are with yet another blog on the Forward Network Query Engine (or NQE for short).
If you have been reading our previous blogs on this topic, you already know how passionate I am about NQE.
In my first blog Query Your Network like a Database, I talked about how NQE helps to solve common challenges in network automation when it comes to retrieving network device configuration and state to verify the network posture, especially in large networks comprised of many different vendors, technologies, spread across on-prem and cloud deployments.
In a subsequent blog, In-App NQE Checks Examples Now Available on GitHub I described how In-App NQE Checks helps build network verification checks based on the NQE data entirely in the Forward Enterprise user interface, and I’ve introduced a GitHub repository with some examples.
If you haven’t read those blogs and you are not familiar with NQE, well, you might want to do some reading on the topic before coming back here 🙂
Still (or back) here? Great!
In this blog, I’m going to talk about a big improvement we have made in our latest release, the NQE Library.
Many of our customers are enthusiastic about In-App NQE Checks. They say it’s very easy to find violations to their network intent using the intuitive language, the built-in documentation, data model schema based on OpenConfig, the provided examples, and so on.
As it frequently happens, the more customers use a product extensively, the more use cases come up.
One of the use cases that came up from several NQE users has been:
“In some scenarios, we are not looking for violations [yet] but network insights instead.
Can we do that with NQE?”
Now you can with the NQE Library!
At a very high level, we have decoupled the NQE queries from the NQE Checks to enable the new use case (find network insights) while preserving the original use case (find network violations).
In a nutshell, the NQE Library allows you to easily create and organize collections of NQE queries.
The NQE Library workflow consists of the following steps:
As shown in the NQE Library page below:
To simplify the creation of NQE queries we have built the NQE Integrated Development Environment (IDE).
It consists of 4 different panes:
All the panes are collapsable and resizable to allow you to manage the screen space more efficiently.
If you are familiar with the IDE we built for the In-App NQE checks you will notice that the biggest difference is the introduction of the Files pane to organize the queries.
The easiest way to get started is by using one of the examples in the Help pane.
For instance, the first check can be used to find every interface whose admin status is UP but operational status is not UP.
The query iterates through all interfaces on all devices of any vendor and returns the device name, the interface name, the admin state, the operational state, and finally, the violation field is set to true if the admin state is UP but the operational state is down for the given interface.
Simply copy the example of your choice by clicking on the Copy query icon, paste it in the Editor pane and optionally click on Prettify to properly align all the lines in the query to make it more readable.
The NQE Editor supports many useful features like auto-completion, auto-save and, automatic error fix suggestions based on the Data Model among the others.
When you are done editing a query, select the Network and Snapshot you want to run the NQE query against and click on Calculate to see the query result.
All the changes made to a query are automatically saved but they are visible only to you in the NQE Library application.
You need to commit the NQE query to make them available to everybody in your organization as well as to be used as NQE Verification Checks.
A quick refresh on NQE Verification Checks: they are formulated as queries for violations.
If the query finds no violations, then the check passes. If the query finds violations, the check is marked as failed, and the identified violations form the failure diagnosis.
By default, all the NQE queries published in the NQE library are disabled (inactive state) in the Verify NQE page.
To turn an NQE query in an NQE Verification Check, simply enable it by clicking on the toggle button on the left side of the query.
If the NQE Verification Checks fails, you can see the violations as well as the queries by clicking on the Failed status link.
In a networking world that is moving at a steady pace toward network automation and network-as-code, versioning of code, configuration, intent, etc. has become a prerequisite for adoption. The same concept applies to NQE queries.
Every time an NQE query is modified and published, a new version of the query is made available in the Verify NQE application. You can select a specific version or always run the latest version available via the Version used option:
I always try to stay away from product roadmaps in customer-facing publications but…rest assured this is not the last time you are going to see a blog on NQE, so stay tuned!
In the meantime, check this demo video out and happy querying with the Forward NQE Library!