SUNET is currently working on a new offer for its customers, the universities and research institutions in Sweden, a service to offer a managed campus network (Campus Network as a Service, CNaaS). As part of this project we are developing a software to help automate the management of the networks.

We are developing features such as:

  • Zero-touch provisioning of switches.
  • Automation of common changes for campus LAN.
  • Automated procedure for firmware upgrades.
  • Multi-vendor support.
  • Monitoring of equipment.
  • 802.1X/MAB for wired client using FreeRADIUS.

We are developing a solution that does not just apply configuration templates but something that also have a lot of program logic to automatically figure out what parameters to use when rendering templates instead of relying on manual inputs. We know from the start that the project would be mainly written using Python since this has become a very popular language for network automation and that makes it a bit easier to find people willing to work on this.

Because of the requirement to support multiple vendors in this solution we mainly looked at two different approaches, either using NETCONF or using a solution like NAPALM.

If using NETCONF you can either go for the option of just writing the XML code needed yourself and passing it to a library like ncclient to send it to the network elements, or using a more complete automation solution like Cisco NSO. We have previous experience of using Cisco NSO for other parts of the SUNET network, but in this case where we need to automate a large amount of very small network devices like access-switches in the campuses we concluded that the licensing cost per-device would be prohibitive.

We also want it to be easy not just for the developers but for the existing network administrators to develop new templates, and writing NETCONF XML is not very fun. So we are building a solution which uses NAPALM to be able to use easy to understand vendor-specific CLI templates. If using NETCONF we would still have to use vendor-specific models since many of the things we need to configure on the access switches like 802.1X does not really have any approved standard models yet.

On top of NAPALM we are using a framework called Nornir to help with keeping inventory of devices and parallelize the communication with devices. Nornir also allows using other communication options besides NAPALM so we could end up using NETCONF via ncclient/YDK or even netmiko for devices that are not supported by NAPALM at a later stage.

Another important point is that everything SUNET develops is released as open-source, so you can follow along with the development on GitHub or make your own contributions if you wish. Of course you are free to use the software any way you like, either in its entirety or just using some specific part like the zero-touch provisioning.

Currently we can do:

  • Zero touch of multiple platforms, a video demonstrating this can be found here:
  • Pushing configuration to devices. The configuration is rendered from configuration templates that can be easily modified.
  • Basic support for 802.1X and MAB using FreeRADIUS.
  • And extensible plugin system which makes it easier to integrate our solution with for example monitoring systems.
  • A fully containerised solution which uses Docker compose.

All code can be found on GitHub: