Ansible is widely used in data networking for automating configuration, management, and compliance across diverse network devices. We published an article on what this tool is, and how you can set up a lab environment for learning this tool that you can read here.
Here are real-world examples of Ansible use cases in data networking:
Automated Configuration Management
- Use Case: Push consistent configurations (like VLANs, BGP, SNMP, NTP) to routers, switches, firewalls.
- Example: Automatically configure all Cisco switches in a branch office with identical port security policies.
Network Device Backup
- Use Case: Periodically back up configurations from network devices.
- Example: Automate nightly retrieval of configuration files from all Juniper routers and store them in a version-controlled Git repository.
Compliance and Audit Checking
- Use Case: Check if network devices comply with internal or regulatory standards.
- Example: Audit Cisco IOS access control lists (ACLs) to verify they match security baselines.
- You can read our more detailed article on how to do this right here.
Zero Touch Provisioning (ZTP)
- Use Case: Automatically configure new network devices when they connect for the first time.
- Example: Provision a new Arista switch with a base config, SNMP settings, and management VLANs as soon as it boots and gets an IP.
Network OS Upgrade Automation
- Use Case: Automate firmware or OS updates across a fleet of devices.
- Example: Roll out IOS-XE firmware upgrades to hundreds of Cisco routers with rollback options.
Dynamic Inventory from CMDB or Netbox
- Use Case: Pull network device information dynamically using APIs.
- Example: Use NetBox or ServiceNow to dynamically populate the Ansible inventory with IP addresses, roles, and locations of network devices.
Multi-Vendor Configuration
- Use Case: Manage devices from different vendors (Cisco, Juniper, Arista, Palo Alto) using a unified playbook.
- Example: Push OSPF settings to Cisco and Juniper routers using the same abstracted playbook with vendor-specific modules.
Network Telemetry and Monitoring Integration
- Use Case: Enable or configure streaming telemetry or SNMP settings automatically.
- Example: Configure telemetry pipelines on Arista EOS devices to feed into a Grafana/InfluxDB dashboard.
On-Demand Troubleshooting and Diagnostics
- Use Case: Run automated ping, traceroute, or interface status checks.
- Example: Trigger an Ansible playbook to run
show interfaceson all access switches during an outage and log status changes.
Template-Based Configuration Rollouts
- Use Case: Use Jinja2 templates to standardize device configs.
- Example: Automatically render and deploy BGP configurations to routers based on a YAML topology file.
Use Case: Automated BGP Configuration Deployment
Here’s a sample Ansible playbook and a topology diagram to illustrate a real-world use case: automated BGP configuration rollout across a multi-vendor network using templates. You have Cisco and Juniper routers in your environment. You want to configure BGP sessions with consistent ASN, neighbors, and route policies using Ansible and Jinja2 templates.
Sample Inventory (inventory.yml)
yaml:
children:
cisco:
hosts:
cisco-r1:
ansible_host: 192.0.2.10
juniper:
hosts:
juniper-r1:
ansible_host: 192.0.2.11
Group Variables (group_vars/all.yml)
yaml:bgp_asn: 64512
bgp_neighbors:
- ip: 192.0.2.1
remote_as: 64513
- ip: 192.0.2.2
remote_as: 64514
Jinja2 Template (Cisco) templates/cisco_bgp.j2
jinja2router bgp {{ bgp_asn }}
{% for neighbor in bgp_neighbors %}
neighbor {{ neighbor.ip }} remote-as {{ neighbor.remote_as }}
{% endfor %}
Jinja2 Template (Juniper) templates/juniper_bgp.j2
jinja2protocols {
bgp {
group external {
type external;
local-as {{ bgp_asn }};
{% for neighbor in bgp_neighbors %}
neighbor {{ neighbor.ip }} {
peer-as {{ neighbor.remote_as }};
}
{% endfor %}
}
}
}
Playbook (configure_bgp.yml)
yamlCopyEdit- name: Configure BGP on Cisco and Juniper Routers
hosts: all
gather_facts: no
vars_files:
- group_vars/all.yml
tasks:
- name: Generate config from template
template:
src: "templates/{{ inventory_hostname | regex_search('cisco') | ternary('cisco_bgp.j2', 'juniper_bgp.j2') }}"
dest: "/tmp/{{ inventory_hostname }}_bgp.conf"
- name: Push config to device (Cisco)
when: "'cisco' in group_names"
ios_config:
src: "/tmp/{{ inventory_hostname }}_bgp.conf"
- name: Push config to device (Juniper)
when: "'juniper' in group_names"
junos_config:
src: "/tmp/{{ inventory_hostname }}_bgp.conf"
load: merge
commit: yes
Use Case: Audit Cisco Router Config for Compliance
Goal:
Verify that all Cisco routers:
- Have
ntp server 192.0.2.1configured - Have logging enabled
- Use a specific banner
Project Structure
cssCopyEditaudit/
├── inventory.yml
├── playbook.yml
├── group_vars/
│ └── all.yml
├── templates/
├── expected_config.yml
Inventory File (inventory.yml)
yamlCopyEditall:
hosts:
cisco-rtr1:
ansible_host: 192.0.2.1
ansible_connection: network_cli
ansible_network_os: cisco.ios.ios
ansible_user: admin
ansible_password: admin123
Expected Config (expected_config.yml)
yamlCopyEditntp_servers:
- "192.0.2.1"
logging_enabled: true
banner_motd: "AUTHORIZED USE ONLY"
Playbook (playbook.yml)
yamlCopyEdit- name: Audit Cisco Configurations
hosts: all
gather_facts: no
vars_files:
- expected_config.yml
tasks:
- name: Gather running-config
ios_command:
commands:
- show running-config
register: config_output
- name: Check for NTP server
fail:
msg: "Missing required NTP server: {{ item }}"
with_items: "{{ ntp_servers }}"
when: "'ntp server {{ item }}' not in config_output.stdout[0]"
- name: Check if logging is enabled
fail:
msg: "Syslog logging is not enabled"
when: "'logging' not in config_output.stdout[0]"
- name: Check for correct banner
fail:
msg: "MOTD banner is incorrect or missing"
when: "'banner motd ^AUTHORIZED USE ONLY^' not in config_output.stdout[0]"
Result
- Ansible does not change anything—only checks config.
- Playbook will fail with clear messages if requirements are not met.
- You can log or report results in a CI/CD pipeline or dashboard.
Some Possible Extensions
- Combine with NetBox inventory for dynamic auditing.
- Export to a JSON report for compliance teams.
- Use
assertinstead offailif you want soft checks.
So there are a couple of real world examples of how you can use Ansible in automation of the network.
Comments are welcomed below from registered users. You can also leave comments at our Discord server.
If you would like to see more content and articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!