Every network engineer eventually hits the same point. The job market has shifted. It is no longer enough to know spanning tree, BGP, and multicast inside out. Firms now expect you to understand automation as well.

I have spent most of my career in low-latency environments where stability and precision matter more than anything else. I can troubleshoot a data centre outage under pressure, I can build an EVPN fabric, I can handle multicast feeds for trading. I can also design and deploy firewalls where a single missed rule could block an exchange feed or expose a service. That background gives me discipline. What I am doing now is building the automation layer on top.

Start simple, not complex

It is tempting to jump into full frameworks like Ansible or Terraform straight away. The problem is that without the basics those tools feel like magic. You copy code from somewhere else, it works once, and then it breaks when you try to adapt it.

The smarter path is to start with the foundations of Python.

• Lists and dictionaries to represent VLANs, IP addresses, or firewall rules

• Functions to wrap repeat logic into something reusable

• File handling to read device inventories from YAML or JSON, or export Palo Alto rules into versioned files

• Error handling to stop one offline device or one bad API call from crashing the whole run

A basic example

This is one of the first exercises I tried: generate VLAN config from a list.

vlans = [101, 102, 103]

for v in vlans:
    print(f"vlan {v}")
    print(f" name USER-{v}")

Output:

vlan 101
 name USER-101
vlan 102
 name USER-102
vlan 103
 name USER-103

Example 2: Representing firewall rules as data

rules = [
    {"src": "10.1.1.0/24", "dst": "10.2.2.0/24", "action": "allow"},
    {"src": "0.0.0.0/0",    "dst": "10.2.2.100", "action": "deny"},
]

for r in rules:
    print(f"set rule from {r['src']} to {r['dst']} action {r['action']}")

Output:

set rule from 10.1.1.0/24 to 10.2.2.0/24 action allow
set rule from 0.0.0.0/0 to 10.2.2.100 action deny

This is the same pattern. Instead of typing commands one by one, represent the intent in a list or dictionary and loop over it.

Example 3: Reading devices from YAML

import yaml

with open("devices.yml") as f:
    devices = yaml.safe_load(f)

for d in devices:
    print(f"{d['hostname']:10} {d['mgmt_ip']:15} {d['role']}")

devices.yml

- hostname: leaf1
  mgmt_ip: 10.0.0.21
  role: leaf
- hostname: spine1
  mgmt_ip: 10.0.0.11
  role: spine

Output:

leaf1      10.0.0.21      leaf
spine1     10.0.0.11      spine

Now the network is data first. That data can feed Python, Ansible, or Terraform.

The same idea applies to firewalls. Instead of VLANs in a list, imagine a list of security rules with source, destination, and action. Loop through them and you can generate Palo Alto rule syntax or API calls. One pattern, many uses.

if you are a network engineer wondering where to start with automation, start with Python basics. They are small enough to practice in an evening and powerful enough to carry you through the whole stack.

Next I will show how I build device inventories as code and why “one device, one YAML” is the foundation for everything that follows.

Leave a comment