Network Observability with SuzieQ: Part One

Fresh out of attending Autocon1 (Network Automation Forum) in Amsterdam, I was excited to try out SuzieQ, a network observability tool that I heard a lot about. Though I had heard about SuzieQ before, and even tried it out in a lab environment before, I wanted to dive deeper into it and see how it could help me in my day-to-day work now that i was in a 100% network automation role.

What we will cover in the multipart series

In this multipart series, we will cover the following topics:

1. Introduction to SuzieQ - Part 1
2. Setting up SuzieQ using Docker Compose - Part 2
3. Interacting with SuzieQ data - Part 3

Introduction to SuzieQ

SuzieQ is a network observability tool that provides a snapshot of the network at a given point in time. It collects data from network devices and stores it in a database at specified intervals. This data can then be queried to get insights into the network. It allows for us to have a historical view of the network and help us answer questions like What changed in the network between 2 points in time? or What is the state of the network at a given point in time?. This can particularly be useful in troubleshooting network issues, auditing the network state, post-change validation, and more.

Some of the features of SuzieQ include:

1. Multi-vendor support: It supports a wide range of network devices from different vendors like Cisco, Juniper, Arista, Cumulus and more.
2. Agent less: It does not require any software to be installed on the network devices. It uses SSH or REST APIs to collect data from the network devices.
3. Data Normalization: It normalizes the data collected from different vendors to provide a consistent view of the network.
4. Historical Data: It stores the data collected from the network devices in a database, allowing us to query the data at different points in time.
5. Query Language: It provides a query language that allows us to query the network snapshot to get insights into the network.
6. REST API: It provides a REST API that allows us to interact with the network snapshot programmatically.
7. Web UI: It provides a web UI that allows us to interact with the network snapshot using a web browser.
8. Integration with Source of Truth tools: It can integrate with Source of Truth tools like NetBox to source the inventory data.

SuzieQ Terminology

Before we dive into SuzieQ, let's understand some of the terminologies used in SuzieQ:

1. Configuration File: The configuration file is a YAML file that contains the configuration for SuzieQ. It contains information that defines how SuzieQ behaves and interacts with the network devices.
2. Inventory File: The inventory file is a YAML file that contains the list of devices that SuzieQ will collect data from. It contains information like the device's hostname, IP address, username, password, and more. SuzieQ can source the inventory data from NetBox, a popular network Source of Truth tool.
3. Poller: The poller is the heart of SuzieQ. It is responsible for collecting data from the network devices and storing it in the database. It logs into the devices, collects data, normalizes it across vendors, and stores it in the database.
4. Parquet Database: SuzieQ uses a Parquet database to store the data collected from the network devices. Parquet is a columnar storage format that is optimized for querying and processing large datasets.
5. SuzieQ-CLI: SuzieQ-CLI is a command-line interface that allows us to interact with the data that SuzieQ has collected.
6. Namespace: A namespace is a logical grouping of devices in SuzieQ. It allows us to group devices based on criteria like location, vendor, or function. Namespaces can be used to filter devices when querying the data.

How does SuzieQ Work?

SuzieQ requires read only access to your network devices. It then connects to each of your devices either via SSH or HTTP to collect data on the state of the device like route table, BGP state, OSPF state and stores it in a database. SuzieQ has the ability to understand relationships and dependencies between devices giving us a holistic view of the network.

Wrapping Up

Wrapping up part 1 of this multipart series, we have covered an introduction to Suzieq, its features, and some of the terminologies used in Suzieq.

In part two of this multipart series, we will cover setting up Suzieq using docker compose. This is something that is less documented and I am excited to share my experience setting it up. Also in part two, we will cover the configuration file and inventory file in detail.