Introduction:
Ansible is a powerful automation tool that allows network administrators to efficiently manage and configure network devices, including Cisco network switches. With Ansible, you can automate repetitive tasks, ensure consistency across your network infrastructure, and greatly simplify the management process. In this blog post, we will walk you through the process of writing an Ansible playbook specifically designed to manage Cisco network switches.

Prerequisites:
Before diving into writing an Ansible playbook for Cisco switches, make sure you have the following prerequisites in place:

1. Ansible Installation: Ensure that you have Ansible installed on your system. You can refer to the official Ansible documentation for installation instructions specific to your operating system.
2. Access to Cisco Network Switches: Make sure you have SSH access to the Cisco network switches you intend to manage using Ansible. Also, ensure that you have the necessary administrative privileges to execute the required commands.
3. Inventory File: Create an inventory file that lists the IP addresses or hostnames of your Cisco switches. This file will be used by Ansible to identify the devices it needs to manage.

Let’s now proceed with writing the Ansible playbook:

Step 1: Create the Playbook File
Start by creating a new file with a “.yaml” extension (e.g., cisco_switch_playbook.yaml). This file will contain the playbook’s instructions.

Step 2: Define the Hosts
In the playbook file, define the hosts section to specify the target hosts for the playbook. You can reference the inventory file or directly provide the IP addresses or hostnames of the Cisco switches. For example:

---
- name: Manage Cisco Switches
  hosts: cisco_switches
  gather_facts: false

Step 3: Establish SSH Connection
Next, define the connection details for SSH in the playbook file. This ensures Ansible can establish a secure connection with the Cisco switches. Add the following lines to the playbook:

  vars:
    ansible_connection: network_cli
    ansible_network_os: ios
    ansible_user: <your_ssh_username>
    ansible_password: <your_ssh_password>
    ansible_become: true
    ansible_become_method: enable

Replace <your_ssh_username> and <your_ssh_password> with the appropriate SSH credentials for your Cisco switches.

Step 4: Write Tasks
Within the playbook, specify the tasks you want Ansible to perform on the Cisco switches. For example, you might want to configure VLANs or enable specific protocols. Here’s an example task to configure a VLAN:

  tasks:
    - name: Configure VLAN
      ios_vlan:
        vlan_id: 100
        name: Production
        state: present

Step 5: Run the Playbook
Save the playbook file and execute it using the ansible-playbook command, providing the path to your playbook file:

$ ansible-playbook cisco_switch_playbook.yaml

Ansible will connect to the Cisco switches, execute the tasks defined in the playbook, and provide detailed output about the changes made.

Conclusion:
By leveraging Ansible’s powerful automation capabilities, you can simplify the management of your Cisco network switches. With the step-by-step guide provided in this blog post, you should now be equipped to write your own Ansible playbooks to configure and manage your Cisco switches effectively. Empower yourself with automation, save time, and ensure consistency across your network infrastructure. Happy automating!

Introduction

In today’s highly interconnected and dynamic networking landscape, network operators face numerous challenges in managing and controlling their networks effectively. Border Gateway Protocol-Link State (BGP-LS) has emerged as a powerful technology that offers enhanced network visibility and control. In this blog post, we will explore the key concepts of BGP-LS, its benefits, and how it is transforming the way networks are managed.

Understanding BGP-LS

BGP-LS is an extension to the traditional Border Gateway Protocol (BGP), which is primarily used for routing between autonomous systems on the Internet. While BGP focuses on exchanging routing information, BGP-LS extends this capability to include the exchange of detailed network topology information.

BGP-LS enables network devices, such as routers and switches, to advertise their link-state information to other devices within the network. This information includes details about the network topology, such as the links, nodes, and their attributes. By leveraging BGP as the underlying protocol, BGP-LS allows network operators to collect and distribute this information in a scalable and standardized manner.

Benefits of BGP-LS

1. Enhanced Network Visibility: BGP-LS provides network operators with a comprehensive view of the network topology. By collecting link-state information from various devices, operators can gain real-time insights into network connectivity, node and link attributes, traffic engineering, and more. This visibility enables better network monitoring, troubleshooting, and capacity planning.
2. Dynamic Network Control: With BGP-LS, network operators can dynamically adapt their network to changing conditions. By exchanging link-state updates, devices can quickly react to link failures, congestion, or new network additions. This dynamic control allows for faster rerouting and traffic engineering, resulting in improved network performance and resiliency.
3. Seamless Integration with Existing Infrastructure: BGP-LS can be seamlessly integrated into existing network infrastructure that already utilizes BGP. Network operators can leverage their existing BGP deployments, avoiding the need for significant infrastructure changes. This compatibility makes BGP-LS a practical choice for network operators looking to enhance their network management capabilities.
4. Multi-Vendor Support: BGP-LS is an industry-standard protocol supported by various networking vendors. This interoperability ensures that network operators can deploy BGP-LS in multi-vendor environments without vendor lock-in. It promotes healthy competition and innovation while giving operators the flexibility to choose the best-suited equipment for their needs.

Use Cases of BGP-LS

1. Traffic Engineering: BGP-LS allows network operators to gather detailed link-state information, enabling them to optimize traffic flows across the network. By analyzing this information, operators can make informed decisions about path selection, load balancing, and traffic prioritization.
2. Fast Network Convergence: In the event of network failures or changes, BGP-LS facilitates faster network convergence by disseminating link-state updates. Devices can quickly react to topology changes, rerouting traffic to maintain network connectivity with minimal disruption.
3. Network Virtualization: BGP-LS plays a crucial role in Software-Defined Networking (SDN) and network virtualization. By providing accurate and up-to-date network topology information, BGP-LS enables SDN controllers to make intelligent routing decisions and dynamically allocate network resources.

Conclusion

In an era where networks are becoming increasingly complex and dynamic, BGP-LS has emerged as a valuable technology for network operators. By extending BGP’s capabilities to include link-state information, BGP-LS provides enhanced network visibility, dynamic control, and seamless integration with existing infrastructure. With its numerous benefits and support from various vendors, BGP-LS is transforming the way networks are managed, enabling operators to optimize performance, improve resiliency, and adapt to evolving network conditions.

Below you’ll find the steps to install ExaBGP on ubuntu as well as install the Erco frontend for it so you don’t have to worry about the cli to announce/withdraw any routes. Make sure to update the files/scripts below with the relevant paths for your setup.

OS: Ubuntu 22.04

ExaBGP : 4.2.17
Python : 3.10.6

Install ExaBGP

apt update
apt upgrade -y
apt install python3-pip
apt install python3-exabgp

Install Erco

apt-get install build-essential
cPan Carton

git clone https://framagit.org/luc/erco.git
cd erco
carton install --deployment
cp erco.conf.template erco.conf

cp utilities/init/erco.service /etc/systemd/system

systemctl daemon-reload
systemctl enable erco.service

systemctl start erco

apt install nginx
cp utilities/nginx/erco.conf /etc/nginx/sites-available/
ln -s /etc/nginx/sites-available/erco.conf /etc/nginx/sites-enabled/
nano nginx -t && nginx -s reload

Erco SystemD file

nano /etc/systemd/system/erco.service

[Unit]
Description=Erco
Documentation=https://erco.xyz/doc/index.html
#Requires=network.target exabgp.service
After=network.target

[Service]
Type=forking
User=root
RemainAfterExit=yes
WorkingDirectory=/opt/erco/
PIDFile=/opt/erco/script/hypnotoad.pid
ExecStart=/usr/local/bin/carton exec hypnotoad script/erco
ExecStop=/usr/local/bin/carton exec hypnotoad -s script/erco
ExecReload=/usr/local/bin/carton exec hypnotoad script/erco

[Install]
WantedBy=multi-user.target

Erco Nginx Config

server {
        listen 80;
        listen [::]:80;


        index index.html;
        root /root/erco/templates/layouts;
        server_name set_hostname_here;

        location / {
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_pass http://127.0.0.1:8080;
        }
}

Once Erco is setup, make sure you edit the erco.conf file to setup your next-hops, communities, exabgp pid and conf file paths.

ExaBGP SystemD File

[Unit]
Description=ExaBGP
Documentation=man:exabgp(1)
Documentation=man:exabgp.conf(5)
Documentation=https://github.com/Exa-Networks/exabgp/wiki
After=network.target
ConditionPathExists=/etc/exabgp/exabgp.conf
 
[Service]
Environment=exabgp_daemon_daemonize=false
Environment=exabgp.daemon.pid=/var/run/exabgp/exabgp.pid
ExecStartPre=-/bin/mkdir /run/exabgp
ExecStartPre=/bin/bash -c "/usr/bin/mkfifo -m 0666 /run/exabgp/exabgp.{in,out}"
ExecStopPost=/bin/bash -c "/bin/rm -f /run/exabgp/exabgp.{in,out}"
ExecStart=/usr/sbin/exabgp /etc/exabgp/exabgp.conf
ExecReload=/bin/kill -USR1 $MAINPID
 
[Install]
WantedBy=multi-user.target

ExaBGP Config File

process socket {
        run "/root/erco/utilities/bin/exabgp-ws-server";
}

template {
        neighbor change-name-here {
                api {
                        processes [ socket ];
                }
                local-as 65533;
                peer-as your-asn-here;
                hold-time 180;
                group-updates false;

                static {
                        #ERCO CONTROLLED PART

                        #END OF ERCO CONTROLLED PART
                }
        }
}

neighbor x.x.x.x {
        inherit change-name-here;
        description "test";
        router-id z.z.z.z;
        local-address z.z.z.z;
}

Script to start ExaBGP

#!/bin/bash

mkfifo /var/run/exabgp/exabgp.in
mkfifo /var/run/exabgp/exabgp.out
chmod 600 /var/run/exabgp/*

env exabgp.log.destination=/var/log/exabgp.log exabgp.daemon.user=root exabgp.daemon.daemonize=true exabgp.daemon.pid=/var/run/exabgp.pid exabgp /etc/exabgp/exabgp.conf

Script to check if ExaBGP is running and restart if not

#!/bin/bash
service=/usr/sbin/exabgp

if (( $(ps -ef | grep -v grep | grep $service | wc -l) > 0 ))
then
echo "$service is running!!!"
else
/root/exabgp.sh
fi