Login

r/networkautomation

I made a free browser-based tool for beginners to learn computer networking with hands-on labs
▲ 118 r/networkautomation+6 crossposts

I made a free browser-based tool for beginners to learn computer networking with hands-on labs

Hi everyone,

I recently built Natted Cloud: https://natted.cloud

It is a free tool for people who want to learn computer networking through practical labs, especially beginners.

The idea is simple: you can open the site and start experimenting with networking concepts without installing anything locally. No VM setup, no Docker setup, no complex environment preparation.

There is also a learning section here: https://natted.cloud/learn
It includes a few interactive learning posts on different networking topics, which I am slowly expanding.

It is completely free and currently in beta.

I am still improving it, so feedback is very welcome. If you are learning networking, teaching networking, or just curious about hands-on labs in the browser, I would love to hear what you think.

Thanks!

u/LazyLeoperd — 3 days ago
▲ 34 r/networkautomation

Network Automation Engineers salary in 2026

What are Network Automation Engineers getting paid these days? Been looking for a change, not sure if my salary is low, average, or high. I'm at ~150k AUD with 5+years of experience.

Curious about salary ranges based on experience, tech stack (Python/Ansible/NetBox/APIs/etc.), seniority, and industry

-- Edit: sorry, forgot to add I'm based in Australia. Still interested to know worldwide

reddit.com
u/Distinct-Force-2497 — 6 days ago
▲ 24 r/networkautomation+1 crossposts

Feels like a lot of network automation discussions skip over the messy middle

Every time I read about network automation it feels like the conversation jumps from:

“we have a few scripts”

straight to:

“full NetBox / Ansible / pipelines / GitOps setup”

however, it feels like most environments sit somewhere awkwardly in the middle for years

bits of automation, some manual work, different tools not really tied together, and documentation half there.

curious what that middle stage actually looked like for other people and what pushed you beyond it (if you ever did)

reddit.com
u/Admirable_Claim_3203 — 5 days ago
▲ 4 r/networkautomation+2 crossposts

Port change in mitsubishi plc and drives

Hey all,
I have a situation where I have 5 devices that are connected in my local network but only 1 external IP address available per robot from the clients end. I also have a wifi client connected to my local network in the robot. I’m planning to use port forward by putting a bunch of nat rules in my wifi client. But the problem is I have 4 mitsubishi drives of MR JEC series and a PLC of fx5uj series.

Ive tried port forwarding for the drives but since all of them communicate through cc link field basic, their ports are fixed. Is there a way to nat these drives? I also want to bring the drives in the same network, Incase I need to troubleshoot something in the future.

Seems like theres a similar issue with devices that communicate through Profinet? Is there any turn around for this?

reddit.com
u/Healthy_Chemist_3683 — 1 day ago
▲ 4 r/networkautomation+3 crossposts

Gomotz - Network monitoring system

GoMotz – a free, self-hosted Domotz alternative for Raspberry Pi

I just released the beta version of *GoMotz – an open-source network monitoring system built in Go, designed to run on a Raspberry Pi.

What it does

*Network Dashboard*

- Public IP detection with one-click copy

- ISP & ASN info, live uptime tracking

- Latency stats, success rate, connection history

*Device Monitoring*

- Auto-discovers all devices (IP, MAC, hostname, vendor)

- Filter Online / Offline / Conflict

*Network Tools*

- Portscan, TCP Check, DNS Lookup, Traceroute, Ping, HTTP(S) Check, Speedtest

*Monitoring*

- Device, TCP Port, SNMP, Ping, HTTP(s), Domain Expiry monitors

*Requirements:** Raspberry Pi 4 (2GB+), fully self-contained, no cloud.

It's beta – bugs are expected! Would really appreciate testing, feedback, and issue reports from the community.

🔗 GitHub: https://github.com/mascarenhasmelson/gomotz

📖 Read how it started: https://www.0xmm.in/posts/monitoring/

u/rawpackets — 3 days ago
▲ 23 r/networkautomation

Quick update for anyone who saw the earlier post about the 47-day cert cliff and certctl. The two connectors that were stubbed in that post (F5 BIG-IP and IIS) have shipped end to end. Plus a lot of other capability landed that's relevant if you're managing certs across mixed network infrastructure.

What you can do now:

Rotate certs across F5 BIG-IP, IIS, NGINX, Apache, HAProxy, Caddy, Traefik, Envoy, Windows Cert Store, Java keystore, Kubernetes Secrets, AWS ACM, Azure Key Vault, SSH known-hosts, and Postfix from one place. Fifteen target types in one Go binary, no plugins or scripts.

Issue from twelve CAs natively: Let's Encrypt and any ACME CA via a built-in client, an embedded ACME server you can point cert-manager / certbot / lego at directly, a built-in local CA with sub-CA mode for chaining under an existing enterprise root, step-ca, Vault PKI, EJBCA, AWS ACM PCA, Google CAS, DigiCert, Sectigo, GlobalSign, Entrust, plus an OpenSSL / shell-script adapter for anything custom.

Run your own SCEP server (RFC 8894). Useful for network gear that speaks SCEP for cert enrollment: Cisco IOS XE, Juniper Junos PKI, ASA, FTD, ChromeOS, plus most MDM-managed mobile fleets. Native Microsoft Intune challenge dispatch with replay protection. Per-profile dispatch so a corporate-laptop fleet and an IoT-sensor fleet share one endpoint with their own RA certs and challenge passwords.

Run your own ACME server (RFC 8555 + RFC 9773 ARI). Point cert-manager, certbot, or lego at it for internal services and they'll issue through certctl's policy and audit pipeline instead of a public CA. Two operating modes per profile: a public-trust-style mode with full HTTP-01 / DNS-01 / TLS-ALPN-01 validation, or a trust_authenticated mode where the JWS-authenticated client is already the proof of identity (useful for east-west service mesh certs where there's nowhere meaningful to mount HTTP-01).

Run your own EST server (RFC 7030) for HTTPS-based PKCS#10 enrollment: 802.1X / Wi-Fi authentication, IoT device enrollment.

Build multi-level CA hierarchies in certctl directly: root to intermediate to issuing CA chains, name constraints and path-length enforcement on every CA, end-to-end RFC 5280 path validation. Useful if you want certctl to be where your enterprise PKI lives, or for per-business-unit name-constrained sub-CAs without standing up a separate ADCS forest.

Require human approval before high-stakes certs issue. Flag a profile as RequiresApproval, the request lands in a queue, a non-requester approves, the scheduler dispatches. Two-person integrity at the service layer.

Get expiry alerts at configurable thresholds (default T-30/14/7/0) routed to email, Slack, Teams, PagerDuty, OpsGenie, or webhook. Immutable audit trail for every cert action. Network scanner finds certs you forgot about by probing CIDR ranges via TLS handshake.

The proxy-agent pattern from the original post still applies for network appliances: the agent doesn't run on the firewall, switch, or load balancer itself. It runs on a Linux host or container in the same network zone and pushes certs to the device via the device's API. F5 and IIS are the first two appliance connectors. Palo Alto via PAN-OS XML, FortiGate via FortiOS REST, and Citrix ADC via NITRO REST are next on the roadmap, same pattern, all free V2 work under BSL.

Where this ends up:

If your fleet is just one or two NGINX boxes, this is more orchestration than you need. Where it earns its keep is mixed environments with load balancers, web servers, network appliances, Java backends, and a mix of internal and external CAs all needing the same rotation cycle.

Try it

 git clone https://github.com/certctl-io/certctl.git
 cd certctl && docker compose -f deploy/docker-compose.yml up -d
 open https://localhost:8443

BSL 1.1 license, free to self-host. https://certctl.io

Treat as alpha for production. Lab and dev testing reports filed as GitHub issues are the most valuable feedback right now, especially on the F5 connector if you have a non-prod BIG-IP to point it at.

u/certctl — 9 days ago
▲ 7 r/networkautomation

So I'm finishing up my master's thesis and I'm kind of stuck on something that's been bothering me for a while.

For my project I built a full automation pipeline for a VXLAN/EVPN data center fabric running Nokia SRLinux and Arista together in ContainerLab. The idea is NetBox as source of truth, Ansible pulls from it and generates configs through Jinja2 templates, validates them against YANG models, then pushes via NETCONF. GitLab handles the CI/CD and version control so every change is tracked and tested before touching the network. Next step is integrating pyATS to spin up a validation lab in ContainerLab automatically and run network tests before anything reaches the main topology. The interesting part is doing all this across two vendors simultaneously.

The problem is every paper and book I read keeps talking about network automation in the context of SDN, like automation only makes sense if you have a controller somewhere. But that's not what I built at all and honestly not what I see people actually using in a lot of environments.

My current thinking is that what I built is kind of a parallel approach to something like Cisco ACI — same end goal of having a programmable automated network, just without the proprietary controller in the middle. And for multivendor environments specifically it actually makes more sense because no single SDN controller really handles Nokia and Arista together properly anyway.

But I'm not sure if that framing makes sense to people who actually work in networking or if I'm missing something obvious.

So a few questions if anyone has time:

  • Do you actually see SDN controllers deployed that much in production or is it mostly Ansible/NETCONF type automation?
  • Is the multivendor thing a real pain point or am I overblowing it?
  • Would you consider this kind of pipeline a realistic alternative to something like ACI for a mid-size DC?
  • How would you position this kind of work academically relative to SDN?

Appreciate any thoughts, even just a sentence or two helps honestly

reddit.com
u/abdou_inch — 10 days ago
▲ 1 r/networkautomation+1 crossposts

I'm a junior engineer working on a project and trying to understand how senior engineers handle pre-change verification and documentation. Would anyone be willing to share how you approach it?

My company has struggled with it, and used NetBrain in the past, but I don't think they use all of it's functionality or think it's worth the money they have paid.

reddit.com
u/HundK — 8 days ago