Blog

Why Python for Network Engineers — and How to Set Up Your Lab

If you have ever pasted the same VLAN configuration into forty switches, parsed a show ip route output by eye, or kept a spreadsheet of device IPs that drifted out of sync the moment someone touched the network, you already know why network engineers reach for Python. This is the first post in a 21‑day series that will take you from “I have heard of Python” all the way to writing real automation scripts that back up configs, push changes to dozens of devices at once, and turn raw show output into clean structured data you can act on.

Each day I will publish one focused lesson. You can read it over coffee, work through the examples in your lab, then attempt the exercises at the bottom — the answers are hidden behind a toggle so you actually try first. By the end of the three weeks you will have written your own multi‑vendor configuration tool. Today we set the stage.

Why Python and not Bash, Tcl, or Ansible?

The honest answer: because Python is the language the network industry has converged on. Cisco’s pyATS, NAPALM, Netmiko, Nornir, Scrapli, Genie, and almost every vendor SDK you will touch ship as Python libraries. NETCONF/RESTCONF tooling is Python. Ansible itself is written in Python and its custom modules are Python. If you learn one language for the next decade of network work, this is the one.

That does not mean Bash and Tcl go away. Bash is still the right tool for “do this once across a few Linux boxes,” and Tcl scripting (EEM applets) lives inside the IOS process so it can react to events Python cannot reach. But for anything that talks to multiple devices, parses output, or integrates with an API, Python wins on ecosystem alone.

What you will be able to do by Day 21

  • Loop over a YAML inventory of routers and switches, connect to each over SSH, and capture the running‑config to a Git repository.
  • Generate per‑device configuration from a single Jinja2 template — no more copy‑paste drift.
  • Call REST and NETCONF APIs to read interface state without ever screen‑scraping again.
  • Convert messy show output into Python dictionaries with TextFSM and act on them programmatically.
  • Write a tool that pushes a config snippet to dozens of devices in parallel and produces a diff report for change control.

None of that requires being a software engineer. It requires being comfortable with about a dozen Python concepts, which we will cover one per day this week.

Installing Python the right way

Use Python 3.11 or newer. Python 2 is dead, and 3.6/3.7 are missing features (like the := walrus and modern typing) you will see in libraries by 2026.

Linux (Ubuntu/Debian):

sudo apt update
sudo apt install -y python3 python3-venv python3-pip
python3 --version   # expect 3.11.x or newer

macOS:

brew install [email protected]
python3 --version

Windows: install from python.org (check “Add Python to PATH” during the installer) or use the Microsoft Store build. Then in PowerShell:

python --version

Do not install network libraries with sudo pip install. That pollutes the system Python and you will hit version conflicts within a month. The right pattern is one virtual environment per project, which is the next thing we set up.

Your first virtual environment

A virtualenv is a private folder of Python packages. Activate it and pip install only affects that folder. Create one for this whole series:

mkdir ~/python-net && cd ~/python-net
python3 -m venv .venv
source .venv/bin/activate         # Windows: .venv\Scripts\activate
python -m pip install --upgrade pip

Your shell prompt should now start with (.venv). From inside the venv, install the libraries we will need over the next three weeks:

pip install netmiko napalm ncclient requests pyyaml jinja2 textfsm ntc-templates

That is one command and you are tooled up for everything in this series. To leave the venv, type deactivate.

Pick an editor that helps you, not one that fights you

You can write Python in Notepad. You shouldn’t. Use an editor that gives you syntax highlighting, indentation guides, and at least basic linting:

  • VS Code with the official Python extension — free, cross‑platform, the de‑facto standard. Good remote‑SSH support if your lab is a Linux box.
  • PyCharm Community Edition — heavier, but powerful refactoring and a debugger that will teach you Python by accident.
  • Vim/Neovim with python-lsp-server if you already live in the terminal.

Whichever you pick, configure it to use the interpreter from your .venv folder, not the system one. In VS Code that is Ctrl+Shift+P → Python: Select Interpreter.

Pick a lab you can actually break

You need somewhere to push real config that does not page anyone at 3 AM. Three good options, cheapest first:

  1. EVE‑NG Community or GNS3 running CSR1000v / IOSvL2 / cEOS images on a beefy laptop or a small server. Free, infinitely repeatable, and the closest match to production behavior.
  2. Cisco DevNet Sandboxes — free reservable labs with always‑on IOS XE, NX‑OS, and DNAC instances. Perfect when you don’t have hardware. Search “DevNet Sandbox always on” and you will find an IOS XE device you can SSH into right now.
  3. Containerlab if you are comfortable with Docker — spin up an Arista cEOS or Nokia SR Linux topology in seconds.

For this series I will assume you can SSH to at least one device. If you can’t yet, set up the DevNet always‑on IOS XE sandbox today — it takes five minutes and we will use it from Day 12 onward.

The Python REPL is your CLI

One last habit before tomorrow: get used to the interactive Python prompt. From inside your venv, just type python:

$ python
Python 3.12.0 (main, Oct  2 2023, 11:27:05) [GCC 11.4.0] on linux
>>> 2 + 2
4
>>> "GigabitEthernet0/1".split("/")
['GigabitEthernet0', '1']
>>> exit()

Think of the REPL as show running for ideas — when you’re not sure how a function behaves, try it there before putting it in a script. We will use it constantly this week.

A 12‑line teaser of where this is going

Here is what your Day 12 script will look like, just so you can see the destination. No need to run it yet — we have a week of basics first.

from netmiko import ConnectHandler

device = {
    "device_type": "cisco_ios",
    "host": "sandbox-iosxe-latest-1.cisco.com",
    "username": "admin",
    "password": "C1sco12345",
}

with ConnectHandler(**device) as conn:
    output = conn.send_command("show ip interface brief")
    print(output)

Twelve lines, one SSH session, one structured connection object that closes itself. By Day 13 we will be running the same loop against a list of forty devices in parallel.

Exercises

Spend 15 minutes on these before tomorrow’s post. Try first, then expand the answer.

  1. Install Python 3.11+ on your workstation. Confirm python3 --version prints a version starting with 3.11 or higher.
  2. Create a virtualenv called .venv inside a fresh folder, activate it, and install netmiko. Then run pip list and confirm netmiko appears with its dependencies.
  3. Inside the activated venv, open the Python REPL and compute how many usable host addresses are in a /27. Hint: you do not need any library — it’s basic math, but get into the habit of using the REPL as a calculator.
  4. Reserve a Cisco DevNet always‑on IOS XE sandbox, find its hostname and credentials, and successfully SSH to it from your laptop’s terminal (not Python yet). Note the prompt — that’s the device we will automate from Day 12.
  5. Stretch: deactivate your venv, then activate it again. What does which python print before vs. after? Why is that the entire point of a virtualenv in one observation?

Answers

Show answer 1 
python3 --version
# Python 3.12.0

If you get something older, use your distro’s deadsnakes PPA (Ubuntu) or brew install [email protected] (macOS) rather than fighting your system Python.

Show answer 2 
mkdir test && cd test
python3 -m venv .venv
source .venv/bin/activate
pip install netmiko
pip list | grep -i netmiko
# netmiko       4.x.x

You will also see paramiko, cryptography, scp, etc. — Netmiko’s dependency tree.

Show answer 3 
>>> 2 ** (32 - 27) - 2
30

A /27 has 32 host bits in IPv4, leaves 5 host bits, so 2^5 = 32 addresses, minus network and broadcast = 30 usable. From Day 8 the ipaddress module will do this for you (and for IPv6) — but the math is worth knowing cold.

Show answer 4

Find an always‑on sandbox at devnetsandbox.cisco.com — the IOS XE one is typically reachable at sandbox-iosxe-latest-1.cisco.com with username admin and password C1sco12345. SSH:

ssh [email protected]
# accept fingerprint, type the password, and you should see csr1000v#

If SSH fails, your firewall may be blocking outbound 22 — try from a different network or use the reservable sandboxes which include a guest VM.

Show answer 5 
deactivate
which python
# /usr/bin/python  (system)
source .venv/bin/activate
which python
# /home/you/test/.venv/bin/python  (venv)

The whole point: pip install targets whatever python resolves to right now. Activating the venv just rewrites your PATH. That is why one venv per project keeps your tools from poisoning each other.

Coming tomorrow

Day 2: Python Syntax Crash Course for People Who Already Know IOS — variables, types, indentation, and the handful of syntactic rules that account for 90 percent of beginner errors. By the end of tomorrow you’ll be reading other people’s Python without panic.

Tags: , , ,

Leave a Reply