Netmiko is a good first step into the world of network automation because it's very accessible. In a few lines of Python, you can start to automate what you already do today on the command line. However, Netmiko really isn't the best tool to use for network automation. In fact, it's actually intended to be used for connecting to legacy devices that don't support APIs (I'm including NETCONF and RESTCONF here).

That's because CLIs are designed for human interaction, not for programmatic interaction. Netmiko works by "screen-scraping" all the text sent over the ssh connection and trying to make sense out of it. That requires building logic to determine when output has stopped, and then matching patterns to determine what the output was. It's not an easy feat, and isn't without flaws.

Modern network devices by contrast, have APIs which are designed to be used by programs, not humans. With APIs, there's no guessing whether a command completed, or whether there might be more output coming. Since the responses are in formats like XML or JSON, things are much more structured and predictable.

Even for just managing legacy SSH devices, there are still other more robust options available such as NAPALM, Nornir, or even Ansible. In most enterprises, using larger frameworks like these are going to yeild better results in the long run.

When should you use Netmiko then? Well if you have better options available to you, my answer would be that you probably shouldn't. However, understanding that everything in IT is an iterative process, Netmiko could be a good starting point as it doesn't require much to get started. Adopting network programmability isn't easy and there's no real clear path to follow. It's a whole different way of thinking and requires an additional set of skills.

To get started and fuel adoption in your organization for example, Netmiko could be used in a script to help identify a specific bug or parse through some large output. Another use-case might be to use Netmiko to add some automation to existing systems. You might trigger a Netmiko script to run when an NMS alert occurs. The script could automatically log into a device when an alert triggers and add some key information into a ticket. If the problem was predictable enough, you might even be able to have it fix the problem automatically.

In conclusion, I'd recommend Netmiko as a great way to get started in network automation and get some immediate added value for small repeatable day-to-day tasks. Focus on information gathering and automating only things that won't entirely break the network. It's a great tool to have in your toolbelt, but it should be treated like a simple screwdriver--not a golden hammer.

- Brian Brookman


comments powered by Disqus