The Problem Nobody Talks About Until Automation Breaks

Every network team has a version of the same story. A device gets moved to a new site, a subnet changes, or a switch gets replaced, and nobody updates the spreadsheet, the static inventory file, or the CMDB. Weeks later, an Ansible playbook targets the wrong host, a compliance check flags a device that no longer exists, or an engineer spends an hour debugging a job that failed simply because the inventory was stale.

This is inventory drift, and it is not a discipline problem. It is a process problem. Manual inventory management cannot keep pace with a live network, and the gap between what your documentation says and what your network actually looks like widens silently, every single day.

Why Drift Is Dangerous for Automation

In a world of manual operations, stale inventory is an inconvenience. In an automated environment, it is a breaking dependency. Automation tools like Ansible rely on inventory data to know what to target, what credentials to use, and what state to enforce. When that data is wrong, automation does not just slow down; it fails, or worse, it succeeds against the wrong device.

Static inventory files are particularly fragile. The moment a device is added, renamed, or reassigned to a different site, the file is out of date. Teams compensate by adding manual update steps to their workflows, which reintroduces exactly the human error they were trying to eliminate.

The Solution: A Live, Automated Sync Pipeline

NetBox Labs addresses this with two components designed to work together: Orb Agent and Diode.

Orb Agent is a lightweight, containerized agent that runs continuously in the background. Rather than waiting for an engineer to trigger an import, it polls Cisco Catalyst Center on a configurable schedule every 15 minutes in a typical lab setup and retrieves the current device inventory, site assignments, and network topology. It requires no manual intervention and restarts automatically if it crashes.

Diode is the ingestion layer that sits between Orb Agent and NetBox. It receives data from the agent over an encrypted gRPC connection and writes it into NetBox in a safe, idempotent way, creating records that do not yet exist, updating records that have changed, and leaving everything else untouched. Critically, Diode never overwrites data that was intentionally set in NetBox by a human operator. It translates Catalyst Center's data model into NetBox objects, including custom fields like catalyst_id, catalyst_device_id, and catalyst_serial_number that preserve the link back to the source system.

How the Pipeline Fits Together

The result is a source of truth that reflects the real state of the network automatically, continuously, and without human intervention at any step.

Catalyst Center to Netbox Integration Workflow

What This Means in Practice

With this pipeline in place, every Ansible playbook that uses NetBox as its dynamic inventory source is guaranteed to be working from current data. New devices discovered in the Catalyst Center appear in NetBox within 15 minutes. Site reassignments propagate automatically. Decommissioned devices stop appearing in playbook runs.

The pipeline also creates an audit trail. Because Diode tracks what it has written and when, teams can see exactly when a device record was last updated and whether the data came from the automated sync or a manual edit, giving operators confidence in the data they are acting on.

Getting Started

Setting up the pipeline requires three things: a running Catalyst Center instance with devices in inventory, a NetBox deployment with Diode enabled, and the Orb Agent container configured with your Catalyst Center credentials and Diode target. The agent configuration is a single YAML file that specifies the sync schedule, site scope, and authentication details. Once running, the pipeline is largely self-managing — and inventory drift becomes a problem your team no longer has to think about.

Technologies