The (Unofficial) CCNP-SP Study Guide
  • About
    • About the Author
    • About This Study Guide
  • MPLS
    • LDP
      • LDP Transport Address
      • LDP Conditional Advertisement
      • LDP Authentication
      • LDP/IGP Sync
      • LDP Session Protection
    • MPLS-TE
      • MPLS-TE Basics, Pt. 1 (TED)
      • MPLS-TE Basics, Pt.2 (RSVP)
      • MPLS-TE Basics, Pt.3 (CSPF)
      • MPLS-TE Basics, Pt.4 (Routing)
      • MPLS-TE Fast Reroute (FRR)
      • MPLS-TE with OSPF
    • Unified MPLS
    • Segment Routing
      • Introduction, Theory Pt.1
      • Introduction, Lab (OSPF) Pt.2
      • Introduction, Lab (ISIS) Pt. 3
      • Multi-Area/Level Segment Routing
      • Segment Routing using BGP
      • Migrating LDP to SR
      • LDP/SR Interworking
      • TI-LFA Pt. 1 (Theory)
      • TI-LFA Pt. 2 (Implementation)
      • TI-LFA Pt. 3 (Node and SRLG Protection)
      • SR-TE Pt. 1 (Overview)
      • SR-TE Pt. 2 (Creating an SR-TE Policy)
      • SR-TE Pt. 3 (Using a PCE)
      • SR-TE Pt. 4 (Automated Steering)
      • SR-TE Pt. 5 (On-Demand Nexthop)
      • SR-TE Pt. 6 (Flex Algo)
    • MPLS OAM
      • Classic Traceroute Behavior in MPLS Networks
      • LSP Ping
      • LSP Traceroute
  • Routing
    • BGP
      • BGP Synchronization
      • BGP Load Sharing (Multipath)
      • An Intuitive Look at Path Attributes
      • AS Path Prepending on XE and XR
      • RPL
    • BGP Security
      • BGP TTL Security, Pt. 1
      • BGP TTL Security, Pt. 2 (IOS-XE)
      • BGP TTL Security, Pt. 3 (IOS-XR)
      • BGP MD5 Authentication
      • BGP Maximum Prefixes
      • BGP RFD (Route Flap Dampening)
      • RTBH
      • Flowspec
      • BGPsec
    • L3VPN
      • An In-Depth Look at RD and RT, Pt. 1
      • An In-Depth Look at RD and RT, Pt. 2
      • An In-Depth Look at RD and RT, Pt. 3
      • An In-Depth Look at RD and RT, Pt. 4
      • Inter-AS L3VPN Pt. 1, Overview
      • Inter-AS L3VPN Pt. 2, Option A
      • Inter-AS L3VPN Pt. 3, Option B
      • Inter-AS L3VPN Pt. 4, Option C
      • CSC (Carrier Supporting Carrier)
      • PE NAT
    • OSPF
      • Type 7 to Type 5 Translation
      • OSPF Authentication
      • Troubleshooting OSPF Adjacencies
      • OSPFv3 LSA Types
      • OSPFv3 LSAs Example (Single Area)
    • ISIS
      • The Potential for Asymmetric Routing with Multi-Area ISIS
      • Interarea Routing is Distance-Vector
      • Basic ISIS - LSPDB
      • Multitopology
      • What is the role of CLNS and CLNP in ISIS?
      • Troubleshooting ISIS Adjacencies
    • IPv6 Transition
      • Overview
      • NAT64
      • 6to4
      • 6RD (IPv6 Rapid Deployment)
      • DS Lite (Dual Stack Lite)
      • MAP (Mapping of Address and Port)
      • Tunneling IPv6 Dynamic Routing Protocols over IPv4
    • Multicast
      • Introduction
      • IP and MAC Addressing
      • Tree Formation and Packet Forwarding
      • IGMP
      • PIM-DM (Dense Mode)
      • PIM-SM (Sparse Mode)
      • PIM-SM SPT Switchover
      • PIM-SM Tunnel Interfaces
      • PIM DR and the Assert Message
      • PIM-SM RP Discovery
      • PIM-BiDir
      • PIM-SSM (Source-Specific Multicast)
      • Interdomain Multicast (PIM-SM)
      • IPv6 Multicast
      • mVPN Introduction
      • mVPN Profile 0
      • mVPN Profile 1
      • Multicast Routing on IOS-XR
  • L2VPN & Ethernet
    • IOS-XE Ethernet Services
      • Service Instances
      • E-Line
      • E-LAN (VPLS)
      • E-Tree
      • E-Access
      • VPLS with BGP Autodiscovery
      • Martini/Kompella Circuits
    • EVPN
      • Introduction to EVPN
      • Learning EVPN VXLAN First
      • E-Line (EVPN VPWS)
      • E-Line (EVPN VPWS) on IOS-XR
      • E-Line (EVPN VPWS) Multi-Homed
      • E-LAN (EVPN Single-Homed)
    • Carrier Ethernet
      • 802.1ah (MAC-in-MAC)
      • 802.3ah (Ethernet OAM)
      • 802.1ag (CFM)
      • Cisco REP (Resilient Ethernet Protocol)
      • ITU G.8032 ERPS (Ethernet Ring Protection Switching)
  • Security
    • CoPP (Control Plane Policing)
    • LPTS (Local Packet Transport Services)
  • Misc
    • QoS
      • QoS Introduction (Part 1)
      • QoS Tools Overview and QoS Models (Part 2)
      • QoS Classification and Marking (Part 3)
      • QoS Queuing/Congestion Management (Part 4)
      • QoS Shaping and Policing (Part 5)
      • QoS for IPv6
      • MPLS QoS Basics
      • MPLS QoS Modes
      • MPLS TE QoS (DS-TE)
      • MPLS TE CBTS/PBTS
    • Automation and Assurance
      • NSO
      • NSO Command Cheat Sheet
      • Intro to YANG/NETCONF
      • YANG In-Depth
      • NETCONF In-Depth
      • RESTCONF
      • Model-Driven Telemetry
      • Automation Tool Comparison
      • Netflow
      • SNMP
    • Virtualization
      • NFV (Network Function Virtualization)
      • OpenStack
    • Transport
      • xPON
      • SONET/SDH
      • WDM
      • 4G and 5G RAN
    • High Availability (HA)
      • NSF/GR
      • NSR
      • NSF/NSR Whitepapers
      • BFD
      • Link Aggregation on IOS-XE
      • Link Aggregation on IOS-XR
    • IOS Software Overview
  • Labs
    • Lab Challenges
      • How to Use These Labs
      • Basic LDP
      • Advanced LDP
      • BGP Security
      • Unified MPLS
      • BGP Fundamentals
      • Ethernet Services
      • L3VPN Extranet
      • Multicast
      • Inter-area OSPF
      • ISIS
      • MPLS-TE
      • Control Plane Policing
      • QoS
Powered by GitBook
On this page
  • Puppet
  • Chef
  • SaltStack
  • Ansible
  • Further Reading/Watching
  1. Misc
  2. Automation and Assurance

Automation Tool Comparison

All configuration management tools mentioned here are idempotent. They can intelligently verify the current state of a device and only make a change if the current state does not match the desired state. For example, if you are pushing NTP servers and the device already has those NTP servers define, the tool will not re-apply the configuration.

Puppet

  • Created in 2005

  • Written in Ruby

  • Agent-based

    • An agent needs to be installed on a system in order to manage it with Puppet

  • Uses the concept of a master node

  • Uses Ruby DSL for configuration instead of YAML like SaltStack and Ansible

  • Classes define common configuration, which are grouped into manifests which are the actual Puppet code pushed to a device. Manifests are grouped into a module.

  • Has support for NETCONF which negates the need for an agent on an IOS-XE device. This is a bit confusing because the textbook answer is that ”Puppet is agent-based.” However by supporting NETCONF, this makes Puppet angetless.

    • From Cisco documentation (linked below):

    Puppet is a Configuration Management Tool (CMT) used for centralizing and automating configuration management. 
Traditionally, Puppet has used an agent-based architecture, requiring a software agent to be installed on the device 
being managed. However, Puppet now supports direct NETCONF integration to Cisco IOS XE devices.

  • Uses a pull model, where facts are periodically sent fromt he managed devices and config catalogs are pulled down from the master service to the device

  • Uses HTTP for transport

Chef

  • Written in Ruby

  • Agent-based

  • The instructions for a task is called a recipe

  • Uses Ruby DSL for configuration instead of YAML like SaltStack and Ansible

  • A collection of recipes comprises a cookbook

    • There is a Cisco cookbook you can download and use to configure Cisco devices

  • Uses a pull-based model like Puppet

SaltStack

  • Created in 2011 as an alternative to Puppet and Chef

  • Written in Python

  • Supports both agent-based and agentless interactions

  • Uses YAML for configuration with Jinja templates

  • Has the concept of masters and minions. A master is the controlling node, but is not always needed. You can also do a multi-master setup for redundancy.

  • Uses a push model, configuration is pushed to the devices

  • Uses SSH for transport

Ansible

  • Created in 2012 and acquired by Red Hat in 2015

  • Written in Python

  • Agentless

  • Configuration written in YAML domain specific language

  • The list of devices you manage via SSH/API is placed in an inventory

  • A playbook contains the tasks you run against managed devices.

  • Uses a push model

Further Reading/Watching

PreviousModel-Driven TelemetryNextNetflow

Last updated 2 years ago

See

https://github.com/ssplatt/salt101
https://www.cisco.com/c/en/us/td/docs/iosxr/asr9000/app-hosting/b-application-hosting-configuration-guide-asr9000/b-application-hosting-configuration-guide-asr9000_chapter_0101.html
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xe/nb-06-cisco-ios-xe-faq-en.html#Puppet
https://www.youtube.com/watch?v=W7B-vjvkW0I&ab_channel=KevinWallaceTraining%2CLLC
https://dzone.com/articles/chef-101-getting-started-with-automation
https://www.gspann.com/resources/blogs/puppet-vs-chef-vs-ansible/