Cisco CCIE Security 350-701 – Network Automation
1. Challenges – Traditional Management
Probably in this topic we’ll try to see the different challenges of the traditional methods of network management. So if you remember in the previous we have discussed the different management options. So what is network management and what are the different management tools generally the network engineers use? So what are the challenges? You’ll see, like the main challenge challenge is the larger the network, the larger the It start. Because if you’re using traditional methods like one of the challenge is depending upon the size of your network, so the number of people or the number of devices you maintain, of course the size of the network also decides the number of devices you are going to run. And that is also going to increase the number of people or the staff required to maintain that particular network. So this is one big challenge. So if you are running a very big network again, that’s going to increase the requirement in general.
So the requirement is nothing but increase in the It staff as well. So that is one kind of challenge. So the next thing is like the frequently it requires the knowledge of multiple operating systems. Now what this means is now if you take an example in your network, we do have some network engineers and these network engineers need to have knowledge of multiple network operating systems because you normally see any specific network. Let’s say this is my network running. So it’s a little bit rare that you are running all Cisco devices. Like all Cisco routers, Cisco features, Cisco firewalls. So probably you may be running different vendors, normally, different vendor list. Like you might be running a Cisco routers, or maybe you also have some Jennifer routers in your network. Then you do have some Cisco switches as well as apart from that you have some HP switches or Arista switches. Like that you got different, different platforms. Let’s say you got a mix of multiple vendor devices, which means as a networking niche, in order to maintain your network or to manage your network, you need to have the knowledge of all these things of course.
Or you can have a specific individual who specializes on specific vendor. So apart from that, the more problem comes again, when you talk about Cisco again, in Cisco you have Cisco iOS, XR, XR, iOS even. You have Nexus and XOS again, you have iOS. Again, you have slightly different operating systems in different platforms or different platform or devices. So the command line will differ again. So the way you configure will automatically differ, which means you need to learn that command line as well. So that should change for each and every and every iOS. Again, if the vendor changes again, that may change totally. Okay? So to manage these things, you need to have either a specialized engineer, like you can say, okay, I got an engineer, A, who is responsible for managing all my Cisco devices, and I got a, software engineer, b, who is going to manage all my Juniper devices and let’s say C, probably managing your Aristocrat devices.
And probably this will again increase the staff requirements. So because when you are going with individual specialized engineers on each vendor, again, that is going to increase the staff requirements. And again the problem comes when any one of these employees on leave or let’s say he is on leave for two weeks or probably he exits the company. Now again, it becomes very difficult for others to manage because probably BNC may not be able to handle the job. What is done by a specific like finding the right person to manage is going to be a big challenge again. So either you need to have a separate engineers for each vendor, that’s the thing, what I said. Or you can have a group of engineers. Probably they should have the knowledge of all the vendors.
Again, that is going to take a lot of time because they need to learn. The learning curve will increase and that will make the network engines to more focus on learning, which means less they are productive for the company network. So, this is again another challenge you will see with the traditional network management because of having different network operating systems. These are the two different challenges what you will see in general.
So next thing, the knowledge of SNMP configuration because as I said, most of the networks run SNMP SNMP programs to monitor the network, right? So which means the network engineers working in your company or the network Edpains. So must have the knowledge of SNMP configurations, especially SNMP, how it is used, how to configure that, or how to manage that particular SNMP. There are two things they should know. One is they should know how to manage that on the server side.
So you’re running network management server. So, like the GUI. So which dashboard, which option, where to go for what option at the same time, whatever the end devices or the network devices you are running. And these network devices like you have Cisco, Juniper, again, different vendors. So he should also know how to configure these particular devices to enable some of the SNMP alerts. So that these particular alerts should be sent to the server, to the network engineer has to be familiar with, not only with the GUI of the SNMP server or the software. Also he should know the different options, the different options what you have inside the GUI.
And apart from that, he also need to know the command line configuration of individual devices. Again, that is again leading to learning curve because they will take some time to learn these options as well. So this is one more challenge you will face with the traditional network management. Now, the other options are like there is something called boss by box management. Now the box by box management is something like, let’s say you got hundreds of devices, hundreds or thousands of devices in your network, in remote sites, in your local. You got some firewalls routers switches and some other devices. So if you want to make any changes, change in the configurations or let’s say you want to make any configuration changes or maybe let’s say you want to upgrade specific software, software updates, you need to do like an example. Now we need to go to each and every device.
We need to log into that particular device by our command line and execute whatever the commands. Of course you have to remember all those commands as well. And you have to do one device at one time and then move to the next device and then do the same thing configure and move to the next device and so on. So the same repeated task you have to do on each and every device. So probably this is going to repeat the same task multiple times, which is going to do a lot of time consuming. That is one of the limitations. And again, if you are doing some kind of troubleshooting, let’s say instead of configuration, let’s say you are doing some kind of troubleshooting, again the same thing applies.
You need to go to individual devices, verify the configurations or verify with the specific show commands and then move to the next device and do the same thing again and again. Okay, so you can still use some kind of notepad. Probably that is something you can still do. It like the next thing. Like there is something called Notepad you still use which is the common tool or the favorite tool which most of the engineers use. So with the help of Notepad you can save a lot of time, especially when you are doing some kind of configurations. Let’s say, let’s say you have to implement some OSPF configurations and some BCP configurations or maybe some ACL Nat configurations with few slight changes on let’s say hundreds of devices.
So what I can do is I can copy paste this configuration in a notepad and then I can do some basic editing, some few change editing and then I can copy paste log into each and every device and copy paste on that and then I can save this config files as well. That is something I can do. But the problem comes, what if you make a small mistake? Maybe you have assigned the same IP to multiple devices so you forgot to change the IP address or you forgot to change the host name or you forgot to change some IPS whatever. So if you do any kind of mistake, which means again you have to log into each and every device and correct that mistake.
And let’s say you have completed on all the devices and after that you realize again you have to repeat the same thing. You need to log in and then make the changes on each and every device and change. So that is going to take a lot of time. Again, for troubleshooting. Okay, so notepad you still use but still there is a possibility of configuration errors. And also there is a possibility you lose the document. So you will say, okay, I’ll save all the configurations. Like the router one configurations, router two configurations, router three configuration files. You save them in this place. And what if you misplace those files or you lose those particular files? Then again, that is kind of one more problem or one more challenge. You will see. So these are some of the options I have listed. What you generally find in the traditional networks.
2. Network Automation – Goals
Next thing we’ll see in this section we’ll see what is network automation and what are the actual goals of network automation, why we need that and how it is going to simplify our job. And if you remember in the previous section we already discussed the different challenges or the methods, the traditional method, whatever we are using for network management, what are the challenges or the problems you will face? So in simple the network automation is automation of your task. So the name itself says it’s a process of automating most of the tasks. Like whatever the tasks, like you want to make some changes, those changes can be automated by some kind of software.
You can also manage your network automatically. Since you don’t need to go to each and every device and do that, you can also automatically test, you can test those things and even deploy any new device you want to add that can be automatically deployed and automatically the new device can have its own configurations within the network. So technically that is what we call it as network automation. It’s the automation of your network. Whatever the tasks we do generally in the network, those tasks can be automated. So whatever you do, like each and every network task and the functions can be automated. And this is going to minimize the repeat to task. Like every day you come and you generate a ping and verify or you make any changes like most of the repeated tasks can be minimized and that can be done automatically. This is going to improve your network service availability. So like availability of your network that can be improved. So let’s get into some more details like how or what exactly network automation will do to your network. So the first thing it is going to reduce like previously we have seen box by box management where you have to go to each and every device or each and every box you have to log into that particular command line and then copy paste the configurations or type the command line so those things can be minimized. So with the help of automation, network automation, let’s say you got hundreds of devices, hundreds, thousands of devices let’s say.
So all these devices you don’t need to go to go and confirm manually. Like we have said, manually. Normally you have to go to manual each and every device, one after the other and this process is more time consuming. Okay? So whatever this process, this process can be automated. So we can automate and say that okay, whatever the things you do, those tasks we are going to tell to the software and it’s going to do it automatically in the back end. Okay? So this is going to minimize the number of people because if you are doing manually the number of people require that will increase the It staff to complete that particular task. But if there is something automated then you don’t need to do much means human intervention is very less where automatically these things can happen at the back end. It can be configuration or it can be updates like these are the options can be automated. So next thing is like eliminate the repeated task. Now, with the help of network automation, there are some tasks, let’s say there are a few tasks which will be repeated on multiple devices.
Like maybe you got some kind of configurations like ACL, Nat, OSP of configurations or maybe some kind of plain configurations, trunking configurations, STP configurations. So these are like the repetition of the same configuration on multiple devices. And let’s say you have to set up this on hundreds of devices. So what we can do is we can tell these particular devices instead of going to each and every device and generally copy pasting that’s something. What we generally do, instead of using copy paste on each and every device, whatever the commands, five, six commands, ten commands or whatever, we can automate this. So we can go and say automate this particular process. So this will minimize the repeated tasks, eliminate the repeated task, you don’t need to do it again and again. And also this will avoid the errors because what we are going to do is we are going to provide some kind of script where it is done automatically with the help of some kind of software and all the confirmations will be applied in more faster way than normally when you do one by one.
So this is one more thing that can be automated and apart from that we can standardize the software types and the procedures. Now, standardized software types is nothing. But now once we eliminate the box by box management and once we remove all these things like eliminate the repetitive tasks or even the human errors, all these things can be removed based on the options, based on the automation. So this is going to provide you some kind of standardized procedure on all the devices. So you have a standardized procedure on all the devices, like common standardized procedure. So it actually removes the variations in how to do the things in different network operating systems. Which means when you are doing standardized procedure, when you follow so depending even though you are running some kind of different operating systems, probably it is going to remove most of the variations variations when you’re running multiple network operating systems. And apart from that you can also provide identify a specific device, specific platform, a specific software version like this.
Now this is something like let’s say in your production network we got some routers and maybe we got some hundreds of devices, hundreds of routers in that specifically you want to identify one model. Let’s say I want to identify a 3900 series router and this particular router should be identified from there. And also I want the software to check what is the operating system. It is running, let’s say it is running some kind of 150 iOS. So I want to check if it is running iOS anything less than fifteen zero. I want that to be upgraded to, let’s say 15 four so we can configure or automate the task to identify the devices or a specific platform and if it is running this iOS version, less than that so I can tell to upgrade this particular operating system or the IBASE so this can be done again. So that’s what here identify a specific device model or the platform and upgrade the software or the version or the features of that particular software. Okay so this is one more thing we can do and this will also lead to standard upgrade procedures, the same thing and also consistent changes.
Now consistent changes refers to, let’s take an example in your company we got a user one and we got a user two and the user one made some changes. Let’s say he logged into the device and he made some changes, let’s say three four commands and maybe the user two also logged in and made some other changes. Now there is some inconsistency in the configuration because the different users may log in and may made some changes which are different again. So these kind of things can be removed again. So you can have a consistent configuration changes on the network where you don’t need to worry about like the user one logged in and changed and maybe the next user logged in user to any change.
So you don’t need to worry about that because you are going to create one standardized procedure or standardized conflations to the automation software and it is going to apply the confirmations automatically in general. So again it is going to utilize some kind of scripts. Scripts are the tools to perform most of the changes. Like scripts are nothing but it is a kind of collection of commands. So a set of commands will be collected and all these commands are run at a particular time by using some kind of scripts which is something we’ll see in the software side. So this way we can automate the future confirmation changes in a specific time means I can say this particular set of commands should be executed. Let’s say you want to upgrade the operating system and you want to upgrade this operating system like copy probably you want to upgrade the operating system copy from so and so TFTP server so and so image into the flash you want to copy and you want to execute this particular command maybe let’s say around 03:00. P. m. Or maybe 04:00. P. m.
You can schedule it. So based on that schedule it is going to automatically make changes in the future, future changes or you can schedule it at a specific time so we can utilize those things, the scripts and the tools. Again, this will apply the consistent policy across the network. Now consistent policy is nothing but ensuring that the network is configured the same way as you think. Which means we can simply say, okay, whatever the changes I’m going to apply, are they exactly the same, what the way I want or what my company wants. Because normally there are multiple network engineers working at the same time and if the multiple networking is logging into the device and making changes that may not be consistent. But here when you are centralizing the changes from the software or from the automation point of view, then we can have consistency in the configurations and whatever the issues like inconsistent conflations can be minimized or we can avoid those things. Apart from that, reducing the time for troubleshooting, that’s the next thing. Now reducing the time in the sense, like most of the time in the network, you spend more time on troubleshooting. Because once you make any changes, once your network is ready, probably your job is to make sure that your network is up and running. And if there is any problem, your job is to make sure that that problem is actually identified and it’s being fixed. So with the help of automation, what we’ll be doing is we are going to reduce that time to troubleshoot or to repair your network probably up to 50, 60%, something like that. So how it is going to do that? So probably with the help of network automation, what it is going to do is it is going to identify specific problems.
And based on the problem it will provide you some kind of step by step solution. Like most of the automation softwares have something called artificial intelligence and even there is something called machine learning features. Now with the help of this artificial intelligence option so probably if there is any problem comes, so it is going to identify that okay, this is a problem, then it’s going to identify the problem and then it will provide you some kind of steps, some easy user friendly steps. Okay, there is some kind of routing issue. Let’s say the neighborship is down. So if the neighborship is down, okay, go and execute this command, show IQOS to your neighbor.
And then depending upon again the output, I can say if the output shows you something else. And based on that I can say okay, go and execute this command, this command like that. So with the help of this automation of the troubleshooting we can minimize the amount of time you spend on the troubleshooting. Okay? So this way we can reduce the time, the normal time what you spend on the troubleshoot and so that you can utilize that particular time in either learning or upgrading your network which will be more productive for the company. Apart from that, there is one more thing we can do with the network automation. Automate your network documentation and the diagrams. Like one of the challenge you will face in the network is the documentation. It’s probably the documentation and the diagrams because the documentation and the diagrams, it defines what your network is. Let’s say you’re working for a company, let’s say you got some ten plus years of experience and you are being hired by some XYZ company.
And before you start working, you need to understand the network and these documentations and the diagrams are going to give you an idea on what is your network, how it looks and what is exactly configured and what is exactly running in the network. So the normal scenarios, in the normal cases, most of the documentation and the diagrams has to be updated manually. Like whenever you make any changes, probably you need to use some kind of software like PCU or some kind of other softwares. So probably the network teams learn different software and this help of the software, they will be updating. And that may not be the exact sometimes because sometimes you may forget to do something, maybe you didn’t update a few things on the documentation or maybe sometimes the network diagrams may not be accurate or correct.
That is one kind of challenge what you will face normally. So with the help of automation, what I can do is we can automate these network diagrams, which means whenever you make any changes to the network with elbow automation software, it is going to automatically update the network diagram. As for the changes and also the documentation, this will make sure that it is up to date and where there is no manually, you have to prove this because.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »