netsert

Declarative network state testing via gNMI

What is it?

netsert validates network device state using gNMI. Define what your network should look like in YAML — interfaces up, BGP sessions established, hostnames correct — and netsert validates that against live devices.

Think of it as unit tests for your network.

Why netsert?

Traditional approach

  1. Engineer pushes config change
  2. Maybe runs show commands manually
  3. Hope nothing broke
  4. Find out at 3am when monitoring alerts

With netsert

  1. Engineer pushes config change
  2. CI runs netsert run assertions.yaml
  3. If anything breaks → exit code 1 → pipeline blocked
  4. Fix before merge

Installation

Using Go

go install github.com/ndtobs/netsert/cmd/netsert@latest

From source

git clone https://github.com/ndtobs/netsert.git
cd netsert
go build -o netsert ./cmd/netsert

Quick start

Create an assertion file:

# assertions.yaml
assertions:
  - target: router1:6030
    path: interfaces[Ethernet1]/state/oper-status
    expect: UP

  - target: "@leaves"
    path: bgp[default]/neighbors[10.0.0.1]/state/session-state
    expect: ESTABLISHED

Run it:

$ netsert run -f assertions.yaml -u admin -p admin --insecure

 router1: interfaces[Ethernet1]/state/oper-status = UP
 leaf1: bgp[default]/neighbors[10.0.0.1]/state/session-state = ESTABLISHED
 leaf2: bgp[default]/neighbors[10.0.0.1]/state/session-state = ESTABLISHED

3/3 passed

Features

Why gNMI?

gNMICLI/SSH
Structured data (protobuf)Unstructured text (regex parsing)
Fast (gRPC)Slow (SSH overhead)
Vendor-neutral pathsVendor-specific commands
Real-time stateCached CLI output
Writing assertions → GitHub