Closing the Loop on Automation: Forward Networks + Ansible

by Fabrizio Maccioni

In my previous blog post Query Your Network like a Database, I talked about how companies are embracing Network Automation in order to become more agile. I described how Network Automation can be very powerful but frighteningly dangerous without a proper safety guard. I explained what the Forward Networks Network Query Engine is and how it can help in building a rock solid network verification solution.

But now I’ll explain how customers can build a complete network automation and verification solution with Ansible and Forward Networks.

Ansible (by Red Hat) is a simple, powerful and agentless tool used by many customers to automate the deployment and configurations of applications, servers and network devices.

Forward Networks’ flagship platform, Forward Enterprise, documents, searches, verifies, and predicts the behavior of your network by creating an always-accurate software copy of your entire network infrastructure for both on-prem and cloud.
With available REST APIs, it easily integrates into existing network management workflow and tools.

For instance, Forward Enterprise integrates with Ansible by leveraging the Ansible uri Core Module. A module provided by Ansible to interact with webservices like the Forward Networks REST APIs

In this example, an Ansible Playbook is accustomed to configuring networks in the Forward Enterprise platform:

Figure 1 Get all networks with a given keyword name

The main information needed in the Ansible uri module are the Forward Enterprise networks endpoint and the credentials.

By running the Ansible Playbook you’ll get all of the Forward Networks in an easy to parse JSON format.

Figure 2 Playbook output using the Ansible uri module

Similarly, you can automate the process of getting the ‘snapshots’ list, gathering all ‘checks’ for a given network, updating the network devices credentials and so forth.

Another option is to use the Ansible modules built specifically for Forward Enterprise:

forward_check:     to add, remove or to verify if a forward check passed or failed

forward_network:   to get the networks list from the platform

forward_snapshot:  to collect a new full or partial collection for a given network

They leverage the same REST APIs as the uri module, but they provide an easier and more custom-tailored integration.

For instance, the same networks list we got using the uri module before, can be retrieved leveraging the forward_network module. Moreover, the forward_network module supports the option to provide a keyword to get all of the networks with a name that includes the provided keyword, like in the example below:

Figure 3 Playbook to get all networks by keyword name

Another use case can be a change-window scenario where the forward_check and forward_snapshot modules can be used in a to quickly provide confidence that a network change had the intended effect, as well as no unexpected ones.

The entire verification process can be implemented with two simple Ansible tasks:

  • In the first task, the forward_snapshots module can be used to start a new full or partial collection.
  • In the second task, forward_checks module to verify the connectivity between the source and the destination device on a given destination port

Take a look at the following ‘Playbook example:

Figure 4 Intent Verification Playbook

After running the Ansible Playbook you can verify if the ‘Intent Check’ is functioning correctly by looking at the ‘Intent Checks’ page in the Forward Enterprise interface:

Taking it a step further, the Forward platform can be integrated into a Network as Code and Continuous Integration and Continuous Deployment framework, or CI/CD.

For instance, all network configurations as well as the Ansible playbooks can be stored in a Git repository and the entire CI/CD process can be managed by an orchestrator server.

In summary, Forward Enterprise can be easily integrated in customers’ workflows based on Ansible to provide a complete and reliable Network Automation and Verification solution. The integration can be based on the Ansible uri or the Forward Networks modules. All the modules leverage the same Forward Enterprise REST APIs.

Take a look at the Ansible modules for Forward Enterprise in this GitHub repository for a deeper dive: https://github.com/forwardnetworks/fwd-ansible

Happy Network Automation and Verification with Ansible and Forward Networks!