DO457 - ch06s11

In this scenario, it is important to the networking team that the devices they manage can be reached by way of the management network. The customer served by the networking team, though, cares about connectivity from end station to end station. The closest point to an end station that falls within the responsibility of the networking team is the access interface through which traffic enters or exits the network.

A common troubleshooting pattern involves segmenting the problem domain into the network, the two local spans, and the two end stations. Local spans can be relatively easy to verify.

Notice that the assertions built into this exercise test for 0% packet loss or 100% success. When MAC addresses are not already available in the ARP cache, though, Cisco's ping lists the first few packets as discarded.

Note

Assertions of 0% packet loss or 100% success may fail the first time, until MAC addresses are cached. In this exercise, if the play fails unexpectedly on the assertions, try rerunning the playbook first.

In this exercise, you will automate the process of verifying end-to-end reachability across the network.

Outcomes

You should be able to:

Update the host inventory to support end-to-end reachability testing.
Add variables that identity ingress and egress points as source and destination for ping test.
Perform a play that verifies reachability across the network on an end-to-end basis.

Open a terminal window on the workstation VM and change to the ~/proj/ directory.

Update the host inventory to support end-to-end reachability testing. Ensure that the hosts inventory contains a group that identifies some devices as access-layer routers. Modify the inventory file so it contains content similar to the following:
```
[leafs]
leaf[01:02]

[spines]
spine[01:02]

[border-routers]
spine01
spine02
cs01

[access-layer]
leaf01
leaf02
cs01

[cloud-services]
cs01

[ios]
cs01

[vyos:children]
spines
leafs

[network:children]
vyos
ios
```
Add variables that identity ingress and egress points as source and destination for ping test. Create a variables file named vars/ping-srcdst.yml that contains this data:
```
pingcount: 2
ping_data:
  leaf01:
  - { src: "10.10.10.1", dst: "192.168.10.1" }
  - { src: "10.10.10.1", dst: "172.16.10.1" }
  leaf02:
  - { src: "192.168.10.1", dst: "10.10.10.1" }
  - { src: "192.168.10.1", dst: "172.16.10.1" }
  cs01:
  - { src: "172.16.10.1", dst: "10.10.10.1" }
  - { src: "172.16.10.1", dst: "192.168.10.1" }
```
It is possible to use Ansible and Jinja2 to automatically generate the data in this variables file, but for now we are going to keep matters as simple as possible and start with this data.

Perform a play that verifies reachability across the network on an end-to-end basis.

Compose a multivendor playbook that loops over the ping data tuples for each host and pings from source to destination. Include a task that loops over the result set and asserts that output from the ping test matches patterns that reliably indicate a successful test.

Create a file named e2e.yml with content similar to the following:

---
- name: verify connectivity end-to-end
  hosts: access-layer
  vars_files:
    - vars/ping-srcdst.yml

  tasks:

  - name: run ping commands on VyOS access layer device
    # this runs a ping command across the link
    vyos_command:
      commands:
      - ping {{ item.dst }} interface {{ item.src }} count {{ pingcount }}
    register: ping_result
    loop: "{{ ping_data[inventory_hostname] }}"
    when: ansible_network_os == 'vyos'
    # registering within loop associates values with varname.results

  - name: looped assertion of ping results from VyOS access layer device
    assert:
      that: "', 0% packet loss' in item.stdout[0]"
    loop: "{{ ping_result.results }}"
    when: ansible_network_os == 'vyos'

  - name: prime IOS arp cache
    ios_command:
      commands:
      - ping {{ item.dst }} source {{ item.src }} repeat 1
    loop: "{{ ping_data[inventory_hostname] }}"
    when: ansible_network_os == 'ios'

  - name: "run ping commands on IOS access layer device {{ inventory_hostname }}"
    ios_command:
      commands:
      - ping {{ item.dst }} source {{ item.src }} repeat {{ pingcount }}
    register: ping_result
    loop: "{{ ping_data[inventory_hostname] }}"
    when: ansible_network_os == 'ios'

  - name: looped assertion of ping results from IOS access layer device
    assert:
      that: "'Success rate is 100 percent' in item.stdout[0]"
    loop: "{{ ping_result.results }}"
    when: ansible_network_os == 'ios'

Perform the play found in your new playbook.

[student@workstation proj]$ ansible-playbook e2e.yml

If all goes well, the play recap should show ok=2 and failed=0 for each device.

PLAY RECAP
PLAY RECAP *********************************************************************
cs01                       : ok=2    changed=0    unreachable=0    failed=0
leaf01                     : ok=2    changed=0    unreachable=0    failed=0
leaf02                     : ok=2    changed=0    unreachable=0    failed=0

This concludes the guided exercise.

Discuss Red Hat Ansible for Network Automation

Go to community

Welcome to the Red Hat Ansible for Network Automation (DO457) group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Ansible for Network Automation! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO457.Read more about Red Hat Ansible for Network Automation here.

3120

Revision: do457-2.5-4693601