Gathering network device versions with Ansible using SNMP

Ansible SNMPUntil there is a universal standard which states how to access network devices I believe SNMP is the best option when it comes to determining what a device actually is. While SNMP’s glory days might be long gone, if there in fact were any. There are still some instances where SNMP is more handy than the modern APIs we have now. All network devices respond in the same way to SNMP queries. This can be compared to a REST API where you have to know the URL of the API before you can target a device. Even with SSH which is also a standard the implementation differs between various vendors, while this doesn’t matter if you are connecting to the device manually it does if you are using a script. Looking at Netmiko a Python library for SSH, you have to specify device vendor and class when you connect. This is because SSH doesn’t work the same with Cisco devices, compared to HP devices, as prompts and paging work differently. However with SNMP it always works the same, sure all vendors have specific MIBs that they use. But general queries for standard MIBs work the same. Using a standard MIB it’s possible to identify the manufacturer of a device and often it’s version.

SNMP and Ansible

Around a year ago I started looking at the inner workings of Ansible modules and as a first test I wrote a module which could gather Ansible facts from SNMP. Some time after that the module I created became part of Ansible 1.9. Later on I wanted to do more tests with SNMP and Ansible and created a few modules which specifically targets Cisco IOS. Those modules relied on the Python library Nelsnmp and as I continued the development of Nelsnmp I created a function to determine the vendor, os and version of network devices. For the most parts this information comes from polling the sysDescr and sysObjectId OIDs, though some devices such as the Cisco WLCs require additional SNMP queries. It’s this feature of Nelsnmp which I’m using in this new Ansible module called snmp_device_version.

Why gather device vendor and os?

You could use this for compliance reporting of device versions, as you can with Nagios. However the main reason I want to do this with Ansible is to be able to use the information with other modules. For example if you had switches from different vendors and wanted to collect the vlan information from each switch in your network. You could then run the snmp_device_version module to determine the vendor and operating system, then pass this along to the ntc_show_command module which allows you to login to different network devices and collect data in a structured way based on the output of show commands. The end result would be that you could gather data from all your switches in a vendor agnostic way.

Which network devices are supported?

Currently the list of supported devices have been those that I have easy access to. This includes several Cisco products, Huawei and some Alcatel. You can see the full list at the HostInfo page. If you need other devices send me a note and I’ll try to help.

Demonstration

Running a playbook using the module with the verbose option. Here I’m targeting a Cisco switch, standalone access-point and ASA firewall.

Gather device versions

The device info is returned as Ansible facts which can be used in other templates or as input to other modules.

Download

There’s some more information on the module page. The actual files can be downloaded from the GitHub repo.