The Great Automation Debate: When to Choose Nornir Over Ansible (and Vice Versa)

Written By Chris Grundemann

Summarizing Suhaib Saeed's practical comparison from AutoCon3

"This is a very polarizing and divisive topic," admitted Suhaib Saeed as he opened his talk comparing Nornir and Ansible. "A lot of people have very strong opinions, as do I. But I'm going to try my best to keep it as balanced as possible... but no promises."

What followed was exactly the kind of honest, practical guidance that network engineers need when choosing between these two popular automation frameworks.

The Moment of Truth: When Python Isn't Enough

Saeed painted a familiar picture that resonated with many in the audience: You're a traditional network engineer who just learned Python. You've had that magical "Eureka moment" automating your first change, and you're buzzing with ideas about all the mind-numbing tasks you'll never have to do manually again.

But then reality hits. How do you share and reuse your scripts? How do you manage variables and IP addresses across environments? What happens when you need to scale from one device to 100 devices—will your code take 100 times as long to execute?

This is where automation frameworks become essential, providing structure for managing inventory, executing tasks concurrently, and breaking complex automation into manageable pieces.

Ansible: The Approachable Powerhouse

For teams looking to get started quickly, Ansible offers compelling advantages:

The Good:

  • No Python required - YAML-based approach means quick wins for non-programmers

  • Massive community - Easy to find tutorials, help, and enterprise support

  • Built-in idempotency - Run your playbook multiple times, get the same result

  • Pre-built modules - Want to configure OSPF on a Cisco router? There's a module for that

The Painful: As Saeed put it bluntly, "Ansible is fantastic for simple things, but as you ramp up complexity, it becomes rope to tie yourself with." Anyone who's worked with Ansible long enough recognizes that "massive wall of red text" when troubleshooting goes wrong. And for large-scale operations, Ansible can be frustratingly slow.

Nornir: The Python Native Alternative

For teams comfortable with Python, Nornir offers a different philosophy:

The Powerful:

  • Pure Python - No domain-specific language to learn; it feels natural to Python developers

  • Superior performance - Up to 100 times faster for large inventories

  • Better debugging - Python error tracebacks beat Ansible's cryptic messages

  • Ecosystem integration - Use standard Python tools like pytest, black, and rich

  • Flexibility - Easy to integrate with web frameworks like Flask and Django

The Challenging: Nornir demands Python fluency. Basic concepts like variables, functions, and nested data structures aren't optional—they're prerequisites. There's no enterprise support, and the smaller community means fewer learning resources.

The Real-World Decision Framework

Rather than declaring a winner, Saeed provided a practical decision matrix:

Choose Ansible when:

  • Your team has limited Python experience

  • You're automating mixed environments (servers + network devices)

  • Other teams already use Ansible

  • Enterprise support matters for your organization

  • Use cases are relatively straightforward

Choose Nornir when:

  • Multiple team members are comfortable with Python

  • You're automating large numbers of devices (performance matters)

  • Complexity is high enough that you're writing custom Ansible modules anyway

  • You need tight integration with other Python-based tools

A Hybrid Success Story

Saeed shared an intriguing real-world example where his team used both tools together for a complex network testing project. Nornir's speed and flexibility powered a custom test framework that executed 7,000 tests across multiple vendors (Fortigate, Palo Alto, Cisco, Juniper). Meanwhile, Ansible handled data collection from Linux devices, feeding results back into the Nornir-based framework.

The outcome? They completely removed the network team from customer migration processes, eliminating overtime costs and dramatically improving efficiency.

The Broader Lesson

What made this talk valuable wasn't the technical comparison—it was Saeed's honest acknowledgment that tool selection isn't about finding the "best" framework. It's about matching capabilities to team skills, organizational constraints, and project requirements.

As the network automation community matures, we're moving beyond religious wars about tools toward pragmatic discussions about fit-for-purpose solutions. Sometimes that means Ansible. Sometimes Nornir. Sometimes both.

The key insight? Don't let perfect be the enemy of good. Start with what your team can actually use and maintain, then evolve as your capabilities grow.

The Bottom Line

If you're just starting your automation journey, Ansible's gentle learning curve might be perfect. If you're ready to embrace Python fully and need maximum performance and flexibility, Nornir could be your answer.

Just remember Saeed's practical warning: "If your use case is so complex that you're writing custom Ansible modules in Python anyway, maybe consider a Python-based framework like Nornir in the first place."

Sometimes the best tool is simply the one your team will actually use.

Watch the full presentation: Clash of the Titans: Nornir vs Ansible

Chris Grundemann

Executive advisor. Specializing in network infrastructure strategy and how to leverage your network to the greatest possible business advantage through technological and cultural transformation.

https://www.khadgaconsulting.com/
Previous

From Scripts to Microservices: The Evolution of Enterprise Network Automation
Next

Start at the Beginning: Why Network Automation Needs Better Foundations