In this post we are going to use nornir to manage the IP addresses and firewall rules of a simple hub and spoke topology.

design description.



Firewall information

Device Interface Address Zone
ny-fw-1 ge-0/0/0.0 Trust
ny-fw-1 ge-0/0/1.0 Untrust
ny-fw-1 st0.0 VPN
la-fw-1 ge-0/0/0.0 Trust
la-fw-1 ge-0/0/1.0 Untrust
la-fw-1 st0.0 VPN

disclaimer about beta nornir (link back to KB

[All in a Python virtual environment]
$ git clone
Cloning into 'nornir'...

# CD into the repo
$ cd nornir/

# Verify current branch
$ git branch
* develop

$ git fetch origin

# Create a 2.0 branch that tracks the origin/2.0 branch
$ git checkout -b 2.0.0-beta origin/2.0.0-beta
Branch 2.0 set up to track remote branch 2.0 from origin.
Switched to a new branch '2.0'

# Verify we are on the 2.0 branch
$ git branch
* 2.0.0-beta

# Install Nornir and its dependencies (including development dependencies)
$ pip install -r ./requirements-dev.txt
$ pip install -e .