In this recipe, we will outline how to validate network reachability via ping using Ansible. ICMP allows us to validate proper forwarding across our network. Using Ansible to perform this task provides us with a robust tool to validate proper traffic forwarding, since we can perform this task from each node simultaneously and collect all the results for further inspection.

This recipe is built based on the network setup that was outlined in the chapter introduction, and I am assuming that the network has already been built in accordance with all the previous recipes in this chapter.

1. Create a new playbook called pb_net_validate.yml and add the following task to store all SVI IP addresses:

---
  - name: "PLay 1: Validate Network Reachability"
    hosts: core,wan
    vars:
      host_id: 10
      packet_count: 10
    tasks:
      - name: "Get all SVI Prefixes"
        set_fact:
          all_svi_prefixes: "{{ svi_interfaces | selectattr('vrrp') |
                                map(attribute='ipv4') | list }}"
        run_once: yes
        delegate_to: localhost
        tags: svi

2. Update the pb_net_validate.yml playbook with the following task to ping all the SVI interfaces:

      - name: "Ping Hosts in all VLANs"
        ios_ping:
          dest: "{{ item | ipaddr(10) | ipaddr('address') }}"
        loop: "{{ all_svi_prefixes }}"
        ignore_errors: yes
        tags: svi

In this playbook, we are using the ios_ping module, which logs into each node defined in our Ansible inventory, and pings the destination specified by the dest attribute. In this sample playbook, we would like to validate network reachability to a single host within the data, voice, and web VLANs, and we choose the tenth host in all these VLANs (just as an example). In order to build all the VLAN prefixes we set in the first task, we add a new variable called all_svi_prefixes and use multiple jinja2 filters to collect only those prefixes that are running VRRP (so as to remove any core VLANs). We get only the IPv4 attributes for these SVI interfaces. The following are the contents of this new variable after running the first task:

ok: [core01 -> localhost] => {
  "all_svi_prefixes": [
    "10.1.10.0/24",
    "10.1.20.0/24",
    "10.1.100.0/24"
  ]
}

We supply this new list data structure to the ios_ping module and we specify that we need to ping the tenth host within each subnet. As long as the ping succeeds, the task will succeed. However, if there is a connectivity problem from the router/switch to this host, the task will fail. We are using the ignore_errors parameter in order to ignore any failure that might occur owing to the fact that the host is unreachable/down, and to run any subsequent tasks. The following code snippet outlines the successful run:

TASK [P1T2: Ping Hosts in all VLANs] *****************************
 ok: [core01] => (item=10.1.10.0/24)
 ok: [core02] => (item=10.1.10.0/24)
 ok: [wan01] => (item=10.1.10.0/24)
 ok: [wan02] => (item=10.1.10.0/24)
 ok: [core01] => (item=10.1.20.0/24)
 ok: [core02] => (item=10.1.20.0/24)
 ok: [core01] => (item=10.1.100.0/24)
 ok: [wan01] => (item=10.1.20.0/24)
 ok: [wan02] => (item=10.1.20.0/24)
 ok: [core02] => (item=10.1.100.0/24)
 ok: [wan01] => (item=10.1.100.0/24)
 ok: [wan02] => (item=10.1.100.0/24)