In this post we are going to use nornir to manage the IP addresses and firewall rules of a simple hub and spoke topology.

design description.

topology

[topology]()

Firewall information

Device Interface Address Zone
ny-fw-1 ge-0/0/0.0 10.1.10.124 Trust
ny-fw-1 ge-0/0/1.0 192.0.2.230 Untrust
ny-fw-1 st0.0 172.16.123.124 VPN
la-fw-1 ge-0/0/0.0 10.2.10.124 Trust
la-fw-1 ge-0/0/1.0 192.0.2.630 Untrust
la-fw-1 st0.0 172.16.123.224 VPN

disclaimer about beta nornir (link back to KB https://pynet.twb-tech.com/blog/nornir/os-upgrade-p1.html)

[All in a Python virtual environment]
$ git clone https://github.com/nornir-automation/nornir
Cloning into 'nornir'...

# CD into the repo
$ cd nornir/

# Verify current branch
$ git branch
* develop

$ git fetch origin

# Create a 2.0 branch that tracks the origin/2.0 branch
$ git checkout -b 2.0.0-beta origin/2.0.0-beta
Branch 2.0 set up to track remote branch 2.0 from origin.
Switched to a new branch '2.0'

# Verify we are on the 2.0 branch
$ git branch
* 2.0.0-beta
  develop

# Install Nornir and its dependencies (including development dependencies)
$ pip install -r ./requirements-dev.txt
$ pip install -e .