Skip to content

Task 5 - Automation with Ansible

NDFC's native API architecture allows users to streamline workflows and increase efficiency. Network Operators and Administrators can interact with these APIs in various ways, such as:

  • Direct API Calls (curl, Postman, etc.)
  • Python Scripts
  • Ansible playbooks for various use cases with the DCNM/NDFC Module
  • Terraform HCL with the DCNM/NDFC Provider

Step 1: Automating Networks and VRFs with Ansible Playbook

  1. This lab guides you through running an existing Ansible playbook that pulls Networks and VRFs from an external resource—in this case, Netbox.
  2. Keep in mind this external resource could be any database, file, or system Ansible can read.

Step 2: Exploring Netbox VRFs, Networks, and VLANs

  1. To open Netbox IPAM, click here and then use the following credentials:

    Field Value
    Username lab_user
    Password C1sco12345

    Note:
    There is no need to open this link from the lab environment. In this task, you only need to observe the data contained in Netbox.

    Ubuntu_Access

  2. Expand the IPAM section and explore the VRFs, VLANs, and Prefixes. Notice that Netbox currently contains definitions of overlays that are not yet part of NDFC.

    Ubuntu_Access

Step 3: Inspecting the Ansible Playbook

  1. Access the Ubuntu-Desktop VM either via the dCloud Web RDP utility or by using a direct RDP session from your laptop to 198.18.133.101.
    This direct RDP session is only applicable if you are connected via VPN.

    Ubuntu_Access

  2. Info: Use the following credentials if access is not automatic:

    Field Value
    Username root
    Password C1sco12345

  3. Click on Activities in the top-left corner and open the PyCharm IDE.

    Ubuntu_Access

  4. Navigate to the Ansible Playbook located in the /root/Desktop/ltrdcn-2419 directory.

    Ubuntu_Access

    Ubuntu_Access

  5. If required click on Trust Project

  6. Expand the folders in the left column and open the file sync_netbox_networks.yaml

    Ubuntu_Access

  7. Review the playbook. Each line is commented for clarity.

General workflow of this playbook:

  1. Prepare the Layer 2–only networks for Task 7 - Firewall Insertion

    • Configure Ethernet 1/8 on Site-1 Leaf-1 and Leaf-2 as access ports for Server5 and Server6.
    • Define two new networks and attach them to these interfaces; each interface will have its own network.

  2. Deploy Netbox Configurations

    • Connect to Netbox via APIs, read the VRFs, and create them in NDFC using the cisco.dcnm.dcnm_vrf module.
    • Connect to Netbox via APIs, read the Networks, and create them in NDFC using the cisco.dcnm.dcnm_network module. Trunk these networks to Eth1/10-11 on a couple of leaves.
    • Use the flexible dcnm_rest module to gather the list of MSD children.
    • Trigger a Recalculate & Deploy in each of them.

Step 4: Running the Ansible Playbook

  1. From the Ubuntu Activities menu, open Show Applications, then launch the Terminal.

    Ubuntu_Access

  2. Change directory to Desktop/ltrdcn-2419:

    cd Desktop/ltrdcn-2419

    Ubuntu_Access

  3. Execute the Ansible Playbook:

    ansible-playbook -i inventory/hosts.yaml playbooks/sync_netbox_networks.yaml

    Ubuntu_Access

  4. Wait for the playbook to complete.

    Ubuntu_Access

  5. You can now disconnect from the Ubuntu-Desktop VM.

Step 5: Verifying the NDFC Status

  1. Access NDFC via the wkst1 WebRDP or, if connected via VPN, directly at NDFC.

  2. From Manage --> Fabrics, double-click on VXLAN-Multisite.

    Ubuntu_Access

  3. Go to the Networks section and confirm that all the Netbox networks have now been deployed into the fabric.

    Ubuntu_Access

Example:
If you want to verify directly on Site1-Leaf1, run the following command to ensure these networks are provisioned:

show ip interface brief

You can continue now with Task #6