Network Automation Tools List
The world of network engineering is changing at a rapid pace and Network Automation Tools are now becoming essential to the network engineer. The search for the best network automation tool is never ending.
If you want an automated network, the best tool might be Ansible or just Python. Read the reviews of all the tools below to make your own choice to automate large and small networks.
What is Network Automation?
Network automation is the practice of using software to automate network and security provisioning, configuration and management in order to continuously maximize network efficiency and functionality and is often used in conjunction with network virtualization.
For a more in depth read check out my other post titled What is Network Automation?
Check out the Best Network Automation Tools & Software for 2021:
Network Automation Software
What tools do you need to automate your systems and networks?
- Ansible for Network Automation
- Ansible Tower
- Python for Network Automation
- Cisco NSO
- NetYCE – Network Automation Framework
- Cisco Network Automation Tools
- Juniper Apstra
Click the link above to go directly to that section.
We will also be covering Git / Gitlab / Github & Python which is technically a programming language but also a very powerful automation tool!
This list is growing continuously, but as of June 2020 the current leader in the Open Source Automation Tools race is Ansible which can be used for configuration management and orchestration and at the time of writing is one of the easiest network automation platform to use.
This post will provide an in-depth description of each tool, what it does and why one is better than another for different tasks. The post will end will some paid options but mainly in the devops world most tools are open source.
At the time of writing the tools listed below are seen as the best network automation tools in use today.
Here are my Best Network Automation Tools & Software for 2023
Ansible is an open source automation platform which was purchased by Red Hat in October 2015. It is used heavily by the server admin community to administer and deploy updates and patches to Linux servers. In the last few years it has gained a great following from the network community who are now using it to administer and automate network operations across a wide variety of platforms. Ansible is written in Python.
More Ansible posts:
- What is Ansible and what is it good for?
- What are the advantages of Ansible Roles
- Understanding the Ansible Host File
As of today Ansible has over 200 different network modules for vendors such as F5, Arista, Cloudengine and Junos to name a few.
Main benefits of Ansible
The main benefit of Ansible and why it is so heavily used by the network community is that it’s agentless. Ansible only requires an SSH connection to the target device to be able to manage it. Chef and Puppet require the installation of an agent on the target device which is fine for Linux servers but is near impossible for Cisco 3850 switch.
How does Ansible work?
Ansible operates by running a Playbook. This is a file that is written in Yaml which describes each task that it is going to perform and which module is going to perform it. The YAML file is human readable so even the most junior engineers can understand what a Playbook is going to go.
This is also described as self documenting the network.
If you are looking for Cisco automation tools as we keep saying Ansible is the current tool of choice.
An example playbook below shows how to run a few simple commands on a Cisco router to configure SNMP
--- - hosts: ROUTERS gather_facts: false connection: local tasks: - name: Configure SNMP String on all devices ios_config: save_when: changed lines: - snmp-server community read_only RO - snmp-server community read_write RW 1 - ip domain name roger.com - snmp-server enable traps - logging host 10.0.100.77
Even without knowing any YAML you could read this Playbook and know what it was going to do.
Ansible is open source and is free to run for as many devices as you want. The free version is called Ansible Core and is command line driven. There is also a GUI version called Ansible Tower which operates a paid license model depending on how many devices you want to automate.
There is also a version called Ansible Engine which is the core of Ansible driven by CLI but with a paid support model from RedHat.
If you are looking for free network configuration automation tools, you can’t go wrong with Ansible Core.
If you want to use the GUI for Ansible there is also an open source version called Ansible AWX – this is unsupported but does give you the chance to benefit from all the features of Tower for free.
If you are looking for network engineer software tools, Ansible is one of the best network automation tools, if you can do it on the CLI then you can get Ansible to automate it.
For more information please visit www.ansible.com/integrations/networks
2. Ansible Tower
Ansible core is driven by the command line, but if you want to drive Ansible with a GUI there is Ansible Tower, This is a paid option (you can run the trial version for free on 10 nodes) It gives you options to track plays and schedule playbook runs, you can also assign permissions to different groups of users via AD.
There is also another option with Ansible AWX which an open source version, this is the latest code and it’s what Ansible Tower is based upon, there is no support but it’s a great way to get the Tower features for free.
BackBox is a purpose-built network automation platform, automating both daily administrative tasks and large projects on thousands of networks worldwide. BackBox allows you to automate the operations of network and security devices at scale, across networks of any size, without having to write any code. It also provides multi-tenancy support for service providers or distributed management teams to ensure data privacy and network isolation across customers.
For more information – check out What is Backbox?
The BackBox Automation Library gets you started quickly with support for devices from over 180 vendors, and thousands of ready made automations that can be used as-is or customised for your own use.
Can’t find a pre-built automation that fits your criteria? Build your own using only the CLI or API commands that you already use for administration.
No Python, YAML, or any other scripting language required.
The BackBox support team can also create new automations to your specifications.
Using a unique distributed queuing engine architecture, BackBox can automate networks at any scale and which can be deployed on-premise, in the public cloud, or as-a-service.
BackBox can be up and running and automating your network operations in under an hour. Installation is simple, and network discovery is automatic and with an Automation Library containing thousands of automations that can be customised for any environment without having any special scripting skills, network administrators say the BackBox user experience is best in class.
- Backup & Restore. One-click restore process with validation ensures that your backup can be restored quickly and easily when needed. Each backup goes through a 5-step validation process so you can trust the backup. A rich backup history helps administrators quickly answer “what changed?”
- Network Vulnerability Remediation. BackBox can take a dynamic inventory snapshot and model it against a threat intelligence data set to highlight vulnerabilities and their severity. Administrators use this insight to prioritize software updates and patching that keep the network as secure and performant as possible.
- OS Updates and Patching. Updates are time-consuming and disruptive. BackBox includes prebuilt automations that allow for 100% hands-off completion of complex updates, including multistep updates and updates to high-availability pairs. Automation chaining enables pre- and post-checks to be integrated into the update process, lowering the risk of disruption.
- Compliance. Sometimes managing compliance is simply about preventing or repairing configuration drift. Other times, compliance is about keeping devices in line with organizational standards. BackBox makes it easy to get started on a compliance project or keep your network compliant with CIS Benchmarks, HIPAA, PCI, and more.
- Task Automation. Complex or repetitive changes are prone to human error. Administrative activities can be scaled without introducing configuration errors or additional risk to network operations.
- Complementing vendor tools. In multi-vendor environments, customers often have their own process to drive activities like backups or OS updates. BackBox can integrate with vendor tools to enhance these processes, whether to improve flexibility over backup history or integrate pre- and post-checks into OS updates.
For more information visit backbox.com
Puppet is another open source network automation tool that is predominantly used for server admin automation. It was released in 2005 and is written in Ruby. It’s main function is configuration management. The main difference between Puppet and Ansible is that Puppet requires an agent to be installed on the target device.
This is not a problem for Linux servers but does provide a few challenges for network engineers!
With Cisco Nexus switches you can install a puppet agent and utilise all the features of Puppet. However for older devices that do not support the installation of an agent there is a solution. Cisco also support a zero touch methodology to deploy the Puppet agent on bootup to start managing Cisco devices from day 1.
As of Puppet version 2.7 the Puppet Network Device system is a way to configure some network devices’ (switches, routers). This is currently limited to a subset of Cisco IOS devices, but the system could be extended with new device types.
For the moment only two aspects of a network device can be managed, interfaces and vlans.
Puppet uses its own configuration language, which was designed to be accessible to sysadmins. The Puppet language does not require much formal programming experience and its syntax was inspired by the Nagios configuration file format.
The Puppet infrastructure generally consists of one or more puppetmaster servers along with the puppet agent on each client node
Puppet nodes periodically pull definitions from the puppetmaster server to verify config against master config, whereas Ansible is only a push model.
Puppet also runs it’s own declarative language whereas Ansible is configured with Yaml.
Puppet also requires nodes certificates to be signed (manually) on the master. This gives you some confidence that the code won’t run or be executed against the servers that are not trusted (or configured).
Also you may want to run tasks every so often, Puppet agents run every 30 minutes by default confirming that the state of the check in node matches the desired config. Ansible does not have this functionality and if you wanted that you would have to look at Ansible Tower.
Whilst Puppet looks like a very good tool to manage Nexus devices, there is still some work to make it as easy to use for older network devices.
For more information check – https://puppet.com/solutions/networking-automation
If we had to decide on Puppet vs Ansible, we would always use Ansible for the fact it is agentless and only requires and SSH connection to the target device, which is the case for most network hardware.
Chef is similar to Puppet in terms of overall concept, there’s a master server and agents installed on managed nodes, but it differs in actual deployment. In addition to a master server, a Chef installation also requires a workstation to control the master. The agents can be installed from the workstation using the knife tool that uses SSH for deployment. Thereafter, managed nodes authenticate with the master through the use of certificates.
Configuration of Chef revolves around Git, so knowledge of how Git works is a prerequisite for Chef operation. Like Puppet, Chef is based on Ruby, so knowledge of Ruby is also required. As with Puppet, modules can be downloaded or written from scratch, and deployed to managed nodes following required configuration.
Chef uses the cooking theme with recipies for tasks, however you still need to get an agent onto the target device
As an example with Junos the Chef agent is supported on the same OS based devices as Puppet. The Juniper Chef module provides options for configuring (same as Puppet) – Physical interfaces, L2 switch ports, VLANs, Link aggregation groups. Similar to Puppet, for Junos operations, the Chef agent makes configuration changes under exclusive lock, and logs all commit operations. But you are limited as with Puppet to network devices that actually support having an agent installed.
Saltstack or Salt is another open source automation tool that has been predominantly used for server automation.
Salt works on a master / minion topology. The master is the controller and minions are the clients. Salt also faces the same challenges that Puppet and Chef do with installing an agent. There are some solutions to that in that the salt-minion can be installed on newer systems that run the operating system in a container e.g NX-OS or IOS-XR
There is a also a function called proxy minions that enables Salt to control devices that cannot run the standard Salt-Minion i.e Network devices. Proxy Minions are not out of the box features and if your network device is non-standard you might have to write your own interface.
There is a also a collaboration between Napalm and Salt called napalm-salt using Salt as the automation framework and Nampalm to talk to the network devices.
For companies that already use Saltstack to manage their server infrastructure it makes sense to use the same platform to manage your network.
Interesting video showing network automation with Salt and Napalm
Jenkins is another open source tool that is becoming more popular in the network automation world. Jenkins is CI/CD tool or Continuous Integration / Continuous Delivery tool.
Jenkins will monitor for example a Git repository and if some code changes i.e a developer has made an update to a build it will take that code change and start the process of deploying that code via one of tools above i.e Anisble. It can also have some testing built in to verify the correct code before making live.
The source code is mostly Java, with a few Groovy, Ruby, and Antlr files.
Jenkins is then run from a WAR standalone or as a servlet in a Java application server such as Tomcat. In either case, it produces a web user interface and accepts calls to its REST API. You configure a pipeline which defines tasks that you want to run e.g staging, verification, testing & deployment. Each one is executed one by one and you can define check points along the way.
If you really want to have an automated network you need a CI/CD tool to run day and night.
Jenkins also has the best logo of all the tools!
8. Git / Github / Gitlab
Git is a suite of tools that basically provide version control and code repositories. When you create network configurations on your laptop and what to keep track of code changes you would use a local Git repository, which would track the changes to the files. I personally use Git to keep track of the changes to my Ansible Playbooks.
This is fine for one person locally, but you want a system that you can upload and share code to. This is where Github and Gitlab come in.
Github is a website where you can define your repositories and upload your code, this code can then be shared with others who can clone or download your repository to their local machine. Within Github there two options paid and free. With the free option your code is visible to the public which is great for personal projects or code you are happy to have in the public domain. With a paid plan you are able to create private repositories.
Gitlab allows you to install a Git server within your infrastructure or within your cloud, you are then in control of the server and it’s access.
9. Python for Network Automation
That is true but a network engineer armed with some good Python scripts can do a lot of good automation.
A tool is something that you use to make your job easier, and if you are a network engineer you should be learning Python as it will be a great tool for you going into the future. Python is also great for analytics and testing.
10. Cisco NSO – Network Services Orchestrator
Cisco NSO is free to use for non-production networks and can be downloaded from https://developer.cisco.com/site/nso/
Previously known as Tail-F the orchestrator provides a single network wide interface for all network devices and services as well as a common modeling language and data store for both services and devices.
Check out my guide: Cisco NSO Installation Guide for Ubuntu
11. NetYCE – Network Automation Framework
A bonus entry to the list is NetYCE. Although not actually Open Source software NetYCE is a paid product but in January 2019 they released a free community version.
NetYCE is a network automation framework specifically developed for network engineers to build their own network automation solutions in no time without coding.
The framework is an ideal alternative to Ansible and Python if you prefer using your network engineering skills to build network automation use-cases over learning programming skills.
Check out a more in depth review of NetYCE here:
12. Cisco Network Automation Tools
Aside from all the open source options, Cisco are not lagging behind and have their own network automation tool.
For a long time there has always been Cisco Prime Infrastructure which does provide a way to automatically backup configs and push config via templates.
In the Data Center space there is Cisco Data Center Network Manager which provides an automated way to push configurations to Nexus deployments.
And also in the service provider space there is Crosswork
Which enables you to plan, implement, operate, monitor and optimize your Service Provider Network Automation and gain the mass awareness, augmented intelligence and proactive control for data driven, outcome based network automation. (Cisco’s words not mine)
Also mentioned earlier and probably the product that will be leading the way is Cisco Network Services Orchestrator (NSO)
If you are looking for some network automation examples using Ansible – check out my Github
Listed above are all the current network automation software tools that are being used by organisations and individuals. Just having the software is not the whole picture and you need to start to get your team to embrace network automation and once people start to accept it as the way things are done you will get the support you need to develop the solutions.
13. Juniper Apstra
Originally an open source vendor agnostic network automation focussed on provisioning and automating data centre network fabrics. Apstra has now been purhcased by Juniper Networks and now called Juniper Apstra. Whilst a lot of development is being done on Juniper, it is still a very capable tool for automating networks. It is intent based, so you just need to define what you want your network to do and Apstra will handle all the code.
Read more: What is Juniper Apstra?
Free Network Automation Tools
Whilst most of the network automation tools listed above are free as they are all open source, most do come with an enterprise option which includes support. It all depends on what skills you have in house
Frequently asked questions
Is Ansible the most popular tool for Network Automation?
At this moment in time Ansible is by far the most popular tool to use for network automation, is it the best? Well that’s another discussion but it’s certainly the most popular.
Is Nornir better than Ansible? Nornir vs Ansible?
Nornir is a Python Network Automation Framework, it gives you a lot more control and granularity if you want to perform a specific task, the main feature being it’s inventory. It does require some good Python skills to operate. Ansible uses YAML to run playbooks. Both are good tools, Ansible is easier to get started with, Nornir requires some Python knowledge but is more powerful.
Check out my Nornir course
Do Network Engineers have to become developers?
No, this is a very common question and whilst the world of Network Engineering is moving more towards the development world every day, you just need to have a good understanding of coding. You don’t need to become a developer.
✅ How does Network Automation work?
Network Automation works by using pre-written scripts in (typically) Python to run configuration on multiple network devices instead of connecting to each device and manually making changes.
✅ What are network automation tools?
Any software, either open source or paid that enables you to automate the configuration, testing or audit of network devices can be referred to as network automation tools. e.g Ansible, Python, Cisco NSO, DNA centre are some of the best network automation tools.
What is a network automation tool?
A network automation tool is software designed to automate network management tasks and streamline network operations. These tools typically use a combination of programming and scripting languages to automate repetitive network tasks such as device configuration, monitoring, and troubleshooting.
Network automation tools can be used to manage a variety of network devices, including switches, routers, firewalls, load balancers, and more. They can help network administrators and engineers to reduce manual errors, improve network security, increase network uptime, and optimize network performance.
Examples of network automation tools include Ansible, Puppet, Chef, SaltStack, and Netmiko. These tools use a variety of automation techniques, such as configuration management, orchestration, and scripting, to help automate network operations.
What are different types of network automation?
There are several different types of network automation, including:
- Configuration Management: This involves automating the process of configuring and maintaining network devices such as routers, switches, and firewalls. Configuration management tools like Ansible, Chef, and Puppet can help automate the process of configuring network devices and ensure consistency across the network.
- Orchestration: Orchestration involves automating the process of managing multiple network devices as a single unit. This can be useful for complex network architectures that require multiple devices to work together seamlessly. Tools like Cisco ACI and VMware NSX use orchestration to automate the deployment and management of network resources.
- Provisioning: Provisioning involves automating the process of setting up new network devices, including configuring network settings and installing necessary software. Provisioning tools like Foreman and Terraform can help automate the process of setting up new network devices and ensure consistency across the network.
- Monitoring and Analytics: Network automation tools can also be used to automate the process of monitoring network devices and analyzing network data. Tools like Nagios and Zabbix can be used to monitor network performance and detect issues before they cause downtime.
- Security Automation: Network automation tools can also be used to automate the process of managing network security. Tools like Cisco ISE and Palo Alto Networks Panorama can be used to automate the process of configuring and managing network security policies.
What is Ansible Network Automation?
Ansible network automation is a type of network automation that uses the open-source automation tool Ansible to automate network management tasks. Ansible is a popular IT automation tool that allows network engineers to automate network configuration, provisioning, and management tasks using a simple and easy-to-learn language called YAML.
With Ansible network automation, network engineers can use playbooks (a set of instructions written in YAML) to automate tasks such as device configuration, firmware updates, and network monitoring. Ansible modules provide a set of predefined tasks that can be used to automate common network management tasks, such as managing VLANs, configuring network interfaces, and configuring access lists.
Ansible network automation allows network engineers to achieve greater efficiency, consistency, and reliability in managing network infrastructure. It can help reduce the risk of human error, improve network uptime, and increase the speed of network deployments and updates. Additionally, Ansible network automation can be easily integrated with other automation tools and platforms, making it a versatile tool for network automation.
Most people get started with Ansible Core by RedHat and then move to Ansible Automation Platform which is a paid / supported version with a GUI and so much more.
Whilst there are so many Network Automation Tools to choose from, you have to decide if you want to go the Open Source route or the paid support route.
Open Source tools give you so much more flexibility as you can pretty much make them do exactly what you want, but you will need to have skilled network automation engineers on staff to run them, but I would assume if you are embracing devops then this should not be an option.
If you go for the paid options like Cisco Prime or Solarwinds etc you are limited to the functionality that is built in, but if things go wrong you do have the support.
Whatever you do, you just need to start automating your network
Paid Network Automation Tools
Whilst all the tools above are open source and thus free, there is also a whole world of offerings if you want to pay for it.
Some of the best network automation tools in this category are include.
Solarwinds Network Automation Manager
Solarwinds Network Configuration Manger
Managengine Network Configuration Manager
Truesight and Lan-Secure Configuration Center, Cisco DNA Centre, Cisco DCNM and this list goes on and on!
Network automation is the process of using software to control and manage network devices, such as routers and switches. This allows for greater efficiency and scalability, as well as improved accuracy and consistency in network configuration. One of the most popular programming languages for network automation is Python, due to its ease of use and extensive libraries.
There are several Python-based network automation tools available, each with their own strengths and weaknesses. Some popular options include:
- Ansible: Ansible is a simple, yet powerful, automation tool that allows for easy management of network devices. It uses a simple, human-readable language called YAML to define automation tasks, and can be used to automate a wide range of network tasks, including configuration management and software deployment.
- SaltStack: SaltStack is a powerful automation tool that allows for the management of large numbers of network devices. It uses a simple, yet powerful, language called Salt to define automation tasks, and can be used to automate a wide range of network tasks, including configuration management, software deployment, and security management.
- Pyntc: Pyntc is a Python library for automating Cisco network devices. It provides a simple, yet powerful, API for interacting with network devices, and can be used to automate a wide range of network tasks, including configuration management, software deployment, and security management.
- Netmiko: Netmiko is a Python library for automating network devices. It provides a simple, yet powerful, API for interacting with network devices, and can be used to automate a wide range of network tasks, including configuration management, software deployment, and security management.
All these tools have their own unique features that make them ideal for different use cases. Ansible and SaltStack are great for managing large numbers of network devices, while Pyntc and Netmiko are more specialized for automating Cisco devices.
Python-based network automation tools are becoming increasingly popular, as they allow for greater efficiency and scalability in network management. They are also relatively easy to use, making them a great choice for network administrators of all skill levels. Overall, network automation is a powerful tool that can help organizations to improve their network management, and Python-based tools are a great choice for achieving this goal.
What does a Network Automation Engineer do?