Matching snowflakes


The code

The associated repository and Ansible playbook can be found here:

https://github.com/cidrblock/identify_port_profiles_across_devices

Introduction

One of the more critical steps in fully automating a brownfield network, is to move the source of truth from the network devices to a repository. Then the configuration be programmatically modified and pushed back to the device. Change the data, change the network. The concept of infrastructure as data not infrastructure as code can be tracked back to the early days of Ansible prior to networking support.

netcopa can be used to convert device configuration files from text into yaml for use in Ansible. One downside of converting every network device configuration independently to a host_vars file is that the files are large and can have a high degree of duplication. This is especially evident when converting switches at the access layer where multiple interfaces share the same configuration. The yaml files should be DRYed up.

Some OSs support port profiles, but if this capability does not exist or is currently not in use, it would be necessary to manually review the configurations and identify switch ports that have a common configuration to remove the duplication. Configuration inheritance can be added to Ansible with a loopkup plugin. One example of that technique is here. https://github.com/cidrblock/shared_ansible_data_model

This post and the associated Ansible playbook demonstrates a technique to programmatically identify commonly configured interfaces across multiple network devices, promote those profiles to definitions shared across devices, and replace the individual interface configurations with an inheritance link to the parent profile. The associated Ansible playbook is fully functional and can be used to test profile changes and review the proposed changes across devices.

Technique

The steps in the process to DRY up the host_vars files include:

1) Remove the name and description keys from the netcopa host_vars files. In some environments the description may also be consistent across interfaces so it could be left in.

2) Serialize the remaining interface configurations across all devices, and reduce to a set of unique configurations.

3) Limit the list to interface configurations that occur only 2 or more times across all devices.

4) Generate a unique identifier for the newly identified profiles.

5) Modify the host_vars file for each device such that each interface inherits from a profile and retains the original name and description.

6) Write the profiles to the group_vars directly so they can be inherited by each device during the Ansible playbook run.

Walk through

Review the configurations in the repository configurations directory. A high degree of duplication can be seen in the interface configurations. For example:

interface GigabitEthernet1/1
 switchport access vlan 267
 switchport mode access
 switchport voice vlan 867
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input company-user-access-450x
 service-policy output company-user-access-dbl

This interface configuration is common to many of the interfaces in both sample configurations. the duplication can also be seen in the netcopa created host_vars files for each device.

GigabitEthernet1/1:
  name: GigabitEthernet1/1
  service_policies:
  - direction: input
    name: company-user-access-450x
  - direction: output
    name: company-user-access-dbl
  spanning-tree:
    bpduguard: true
    portfast: true
  switchport:
    access:
      vlan: 267
    mode:
    - access
    voice:
      vlan: 867
GigabitEthernet1/10:
  name: GigabitEthernet1/10
  service_policies:
  - direction: input
    name: company-user-access-450x
  - direction: output
    name: company-user-access-dbl
  spanning-tree:
    bpduguard: true
    portfast: true
  switchport:
    access:
      vlan: 267
    mode:
    - access
    voice:
      vlan: 867

A sample python script exists in the utilities directory that identifies common interface configurations. Upon running the script the original host_vars files are copied to a host_vars_original directory.

➜  utilities python find_profiles.py
11 profiles identified and written to port_profiles.yml
➜  utilities

The host_vars files have been reduced from 4000+ lines to 800.

Each identified port profile is assigned a uuid. For example:

b185b52c-70b9-4949-b5a1-e0a8d4ab779c:
  service_policies:
  - direction: input
    name: company-user-access-450x
  - direction: output
    name: company-user-access-dbl
  spanning-tree:
    bpduguard: true
    portfast: true
  switchport:
    access:
      vlan: 267
    mode:
    - access
    voice:
      vlan: 867

Note: In a production environment the uuid would likely be replaced with something more meaningful such as "user_access_port".

The port profiles are written to the group_vars directory in port_profiles.yml.

The interfaces matching the profile across all devices have been modified to reflect their inheritance of the parent configuration.

GigabitEthernet1/1:
  inherit_from: b185b52c-70b9-4949-b5a1-e0a8d4ab779c
  name: GigabitEthernet1/1

Review of the Ansible playbook

The Ansible playbook includes two custom plugins.

1) A filter plugin to remove the leading spaces from the interface jinja template output. The template was directly copied from netcopa.

2) A lookup plugin used to modify the interface configurations run-time to add the inherited port profile configuration.

The Ansible playbook include two simple roles.

1) An interface role which loads files specific to the device OS and iterates through the interfaces using with_items and the ios_config module. The configuration is loaded from a file in this example.

2) A "change log" role. This role simply reports the proposed changes to each device at the end of the playbook run.

Make a change and run the playbook.

We will modify the port profile for the example above. The user's access vlan will be moved to vlan 600 from vlan 267.

b185b52c-70b9-4949-b5a1-e0a8d4ab779c:
  service_policies:
  - direction: input
    name: company-user-access-450x
  - direction: output
    name: company-user-access-dbl
  spanning-tree:
    bpduguard: true
    portfast: true
  switchport:
    access:
      vlan: 600 # was 267
    mode:
    - access
    voice:
      vlan: 867

Playbook results

The playbook takes some time to run as a total of 400+ interfaces exist across both devices.

  /working ansible-playbook -i inventory.txt site.yml --check
<...>
TASK [ansible_change_report : Show config changes for device] ******************
ok: [xe_int_sample_01] => {
    "msg": [
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/41",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/29",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/28",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/30",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/31",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/34",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/35",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/1",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/3",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/2",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/1",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/3",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/2",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/5",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/4",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/6",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/4",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/5",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/2",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/3",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/1",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/48",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/46",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/47",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/44",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/45",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/42",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/43",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/40",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/41",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/15",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/48",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/47",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/46",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/45",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/44",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/43",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/42",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/38",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/40",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/36",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/37",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/34",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/35",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/32",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/33",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/30",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/31",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/32",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/33",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/2",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/3",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/1",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/6",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/4",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/5",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/48",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/17",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/43",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/42",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/41",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/40",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/37",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/46",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/45",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/5",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/4",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/6",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/16",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/25",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/33",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/32",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/31",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/30",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/37",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/36",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/35",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/34",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/39",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/26",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/42",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/43",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/40",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/41",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/46",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/47",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/44",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/45",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/48",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/25",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/26",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/28",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/29",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/37",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/36",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/35",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/34",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/33",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/32",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/31",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/30",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/27",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/39",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/38",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/36",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/38",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/25",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/26",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/27",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/47",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/39",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/28",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/29",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/14",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/39",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/44",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/38",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/18",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/18",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/13",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/13",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/14",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/15",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/16",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/17",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/29",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/28",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/25",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/27",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/27",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/26",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/14",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/15",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/16",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/17",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/13",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/18",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/6",
        "switchport access vlan 600"
    ]
}
ok: [xe_int_sample_02] => {
    "msg": [
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/41",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/29",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/28",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/30",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/31",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/34",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/35",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/1",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/3",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/2",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/1",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/3",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/2",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/5",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/4",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/6",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/4",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/5",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/2",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/3",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/1",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/48",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/46",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/47",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/44",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/45",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/42",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/43",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/40",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/41",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/15",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/48",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/47",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/46",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/45",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/44",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/43",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/42",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/38",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/40",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/36",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/37",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/34",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/35",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/32",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/33",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/30",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/31",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/32",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/33",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/2",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/3",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/1",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/6",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/4",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/5",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/48",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/17",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/43",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/42",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/41",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/40",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/37",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/46",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/45",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/5",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/4",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/6",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/16",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/25",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/33",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/32",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/31",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/30",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/37",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/36",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/35",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/34",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/39",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/26",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/42",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/43",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/40",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/41",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/46",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/47",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/44",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/45",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/48",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/7",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/9",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/25",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/26",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/8",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/28",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/29",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/37",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/36",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/35",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/34",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/33",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/32",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/31",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/30",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/27",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/39",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/38",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/36",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/38",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/25",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/26",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/27",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/23",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/47",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/39",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/28",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/29",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/14",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/39",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/44",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/38",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/18",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/18",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/13",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/13",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/14",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/15",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/16",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/17",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet7/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/29",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/28",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/25",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/24",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/27",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/27",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/21",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/20",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/26",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/22",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/14",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/15",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/16",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/17",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/11",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/13",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/18",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet5/19",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet1/12",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet2/10",
        "switchport access vlan 600",
        "*** ROLE: interface ***",
        "interface GigabitEthernet6/6",
        "switchport access vlan 600"
    ]
}

PLAY RECAP *********************************************************************
xe_int_sample_01           : ok=703  changed=198  unreachable=0    failed=0
xe_int_sample_02           : ok=703  changed=198  unreachable=0    failed=0

The port profile change would result in 400 interface changes across both devices.

Wrap up

If you have hundreds of devices in a facility that share a configuration, or simply want to track down common configuration data between devices this may be a useful approach. The same technique could be used for access-lists, qos configurations, or any subset of a network device configuration.

By doing the comparison across the structured device data instead of the actual running configuration, common data can be identified between OSs, assuming a consistent data model is used.