Within this post, we are going to explore the network automation platform Netpicker.
Netpicker is a Python-powered network automation platform that provides various features to allow you to configure, back up, and perform compliance testing across 150+ vendors.
Because it’s built using open-source libraries such as Netmiko, Pytest, TextFSM, and Git, it’s highly flexible and customizable.
Let's dive in!
What is Netpicker?
Netpicker is a network automation platform. But what does that mean?
In short, Netpicker allows engineers to back up, diff, and search across configurations, automate tasks, ensure compliance, and use NetBox data as part of their automation workflows. Let's get into the details …
At its core, Netpicker provides:
- Rules - For defining compliance checks and tests for validating your network.
- Jobs - For automating tasks such as updating NTP, adding VLANs to interfaces, and more.
- Scheduling - To automate recurring or time-based tasks.
- Integration with NetBox
- Allows you to use NetBox as an inventory source.
- Allows you to use NetBox data within your rules or jobs.
- Simple and Python Modes
- Simple Mode – useful for users without Python experience, allowing easy rule and job creation.
- Python Mode – designed for users with Python experience, providing greater control to build advanced and customized automation or compliance logic.
High-Level Architecture
Below is a high-level overview of the Netpicker Platform and its main components:
Netpicker Use Cases
Netpicker lends itself to a number of use cases, such as:
- Configuration Backups – automatically back up configurations from multiple devices.
- Compliance Checks – validate device configurations against defined standards or security baselines.
- Automated Changes – trigger configuration updates automatically when devices fail compliance checks.
- Compliance Reporting – generate detailed reports showing device status, rule results, and overall compliance levels.
- Vulnerability Management – detect and track device vulnerabilities using CVEasy, and pair findings with Jobs for automated alerts or remediation.
Automation
Let’s now look at one of the main features that Netpicker provides.
Automation in Netpicker is handled through Jobs. A Job is a repeatable action that runs on one or more devices. Jobs can be executed on demand or on a set schedule.
Jobs can be created in two modes:
- Simple Mode – allows you to provide the job values through an easy set of inputs in the UI.
- Python Mode – allows you to utilize Python code for greater control and flexibility.
Example Python Job:
from comfy.automate import job
import logging
@job(platform='juniper*')
def set_ntp_server(device, ntp_server: str):
logging.info(f"Job on device {device.ipaddress}")
result = device.cli.send_config_set([
f"set system ntp server {ntp_server}",
"commit"
])
logging.info(result)
return result
This example runs on Juniper devices and sets the NTP server configuration using CLI commands.
The function connects to the device, applies the configuration, commits the changes, and returns the command output.
Compliance
Compliance is driven by Rules, which define what should be true across your network.
Rules validate live device configurations, CLI outputs, or NetBox data against expected patterns or values.
Rules can be created in either Simple or Python mode.
Example Python Rule:
@medium(
name='rule_test_mtu',
platform=['cisco_ios'],
commands={"interfaces": "show interfaces"}
)
def rule_test_mtu(configuration, commands, device):
for i in commands.interfaces.fsm:
mtu_value = i.get('mtu', 'unknown')
interface_name = i.get('interface', 'unknown')
assert mtu_value == '1500', (
f"Incorrect MTU Value: {interface_name} has MTU {mtu_value}, expected 1500."
)
This example runs a compliance check to ensure that all interfaces on Cisco IOS devices have an MTU of 1500.
It retrieves parsed interface data from CLI output and verifies the MTU value for each interface.
Rules can be used independently or combined with Jobs for automated compliance checks and remediation.
Reports
Netpicker allows you to build reports on the results of various policies and rules that run against your network. These reports can be viewed via the UI or exported as CSV or PDF.
The great thing about the reports is that they include visual graphs and also summarisation statistics, which help you see the "wood through the trees," especially in large networks.
Below are some examples of the graphing and summaries provided:
ChatGPT AI Netpicker Network Test Creator
Netpicker also provides a ChatGPT AI Netpicker Network Test Creator that allows you to generate test code automatically by simply describing the test you want to create.
NetBox Integration
Netpicker integrates deeply with NetBox, allowing you to leverage your source of truth within automation, compliance, and backup workflows.
Within Netpicker, you can use NetBox in several ways:
- Inventory Source – define which devices Netpicker will back up, validate, or automate, based on the devices you have defined within NetBox.
- Within Rules – use your NetBox data as the expected state within your rules for validation and compliance.
- Within Jobs – use your NetBox data within jobs, for example, pulling MTU, VLAN, or ASN data from NetBox for Netpicker to configure on devices.
NetBox Plugin
Netpicker provides a plugin that allows you to run automation jobs, back up configurations, view diffs, and perform searches directly from the NetBox UI.
CVEasy
Netpicker includes CVEasy, a built-in module for identifying and tracking device vulnerabilities.
It operates on two levels. First, it checks your device inventory against published CVE databases based on the device’s OS version to highlight potential risks. Second, with a CVEasy subscription, Netpicker runs detailed pytest-based analysis for all CVEs, inspecting each device configuration in depth to identify verified vulnerabilities.
You can pair CVEasy results with Jobs to automatically notify teams or apply remediations where supported.
It checks your device inventory against published CVE databases to highlight potential risks.
You can pair CVEasy results with Jobs to automatically notify teams or apply remediations where supported.
Backups
Netpicker includes a Backup feature that allows you to automatically back up network device configurations on a schedule. It's also worth noting that the backup feature is entirely free and has no restrictions.
- Multi-vendor configuration collection.
- Version control using Git for change tracking.
- Integration with NetBox to determine which devices to back up.
- Comparison and diff viewing between historical versions.
- Ability to use configuration backups within rules for compliance testing.
In addition, you can compare your configs to see the differences, which is extremely useful for troubleshooting.
Installing Netpicker
Netpicker can be installed quickly and easily using either an OVA appliance or a Docker container.
Example Docker command:
docker run -d --name netpicker -p 8080:8080 packetcoders/netpicker
Once deployed, you can access the web interface to define Rules, create Jobs, connect to NetBox, and start automating.
Summary
Netpicker is a modern network automation platform designed to help engineers automate configuration, backups, and maintain compliance, without needing to write large amounts of boilerplate code, manage databases, or build custom user interfaces.
You may be asking, this all sounds great, but where do I start?
Luckily, the team at Netpicker has compiled everything you need to get started in one place. Just click below to get started:
Happy automating, and happy packet coding!
Sponsored by
