○─────────────────────────────────────────○
│ │
│ ┌──────────┐ ┌──────────┐ │
│ │ core-r01 │──────│ core-r02 │ │
│ └────┬─────┘ └────┬─────┘ │
│ │ │ │
│ ┌────┴─────┐ ┌────┴─────┐ │
│ │ sw-01 │ │ sw-02 │ │
│ └────┬─────┘ └────┬─────┘ │
│ │ ┌─────────┐ │ │
│ └────┤ fw-01 ├──┘ │
│ └────┬────┘ │
│ │ │
│ ┌────┴────┐ │
│ │ edge-r01│ │
│ └────┬────┘ │
│ │ ┌──────────────┐ │
│ └──│ INTERNET │ │
│ └──────────────┘ │
│ │
│ ● 10.0.1.1 Estab BGP 65001 │
│ ● 10.0.2.1 Estab BGP 65002 │
│ ○ 192.168.1.254 Active — │
│ │
○─────────────────────────────────────────○
NetNerd connects directly to your routers, switches, and firewalls via SSH and lets any engineer manage infrastructure through natural language — no CLI expertise required.
Every router, every switch, every firewall still demands the same cryptic commands from 1994. The industry built faster hardware and left the human interface behind.
Network operations demand engineers who memorize thousands of vendor-specific CLI commands. That expertise costs $130K+ per year and takes years to build.
A single typo in a routing command can take down an entire site. Network changes are high-stakes, high-stress, and largely undocumented after the fact.
When something breaks at 2AM, finding the root cause means manually SSHing across dozens of devices, reading raw output, and hoping you spot the right line.
Add your routers, switches, and servers via SSH credentials or serial console cable. Deploy NetNerd in one Docker command on any machine in your network.
"What's wrong with this router?" "Map the full network topology." "I need to isolate the guest WiFi." NetNerd understands the intent, not just the syntax.
It SSHes into the actual device, pulls live data, reasons across your full topology, and either delivers findings or proposes a configuration plan — waiting for your approval before touching anything.
Watch how NetNerd diagnoses a live network, maps topology, and safely applies a configuration change — all in plain English.
BGP sessions, interface health, CPU and memory, routing tables, system logs — analysed in seconds with a plain-English summary.
Proposes config changes with exact commands, waits for your approval, applies, and saves — across Cisco, Juniper, Arista, and more.
CDP neighbour discovery builds a persistent graph of every device and every physical link — visible and queryable at any time.
Before any change, NetNerd tells you exactly which devices and services would be affected. No surprises, no unplanned outages.
When a device is unreachable from outside, NetNerd BFS-searches the topology graph and tunnels through a physically adjacent device to reach it.
USB-to-serial console cable support for brand new devices with no IP or SSH configured. Day-one provisioning with zero prior setup.
Cisco IOS/IOS-XE/NX-OS/IOS-XR, Juniper JunOS, Arista EOS, Linux (Ubuntu/Debian), and VyOS — all managed from one interface.
Upload network diagrams, configs, or runbooks as PDF, DOCX, or text. NetNerd reads them and incorporates them directly into its reasoning.
First-time users describe their hardware and goals. NetNerd generates a personalized, step-by-step setup plan in plain English — no prior networking experience required.
Scans routers and Linux devices for Mirai, Kadnap, Cyclops Blink, and 30+ malware families. Detects C2 connections, backdoor ports, rogue cron jobs, and hidden root accounts.
Every command passes through a three-layer validator before reaching SSH. Blocks shell escapes, backtick execution, dangerous Linux commands, and invalid pipe usage. Cisco IOS pipes are context-aware — | include is allowed, shell injection is not.
Every tool call, every command sent, every blocked attempt is recorded — who ran it, which device, what command, what result. Exportable as CSV. Satisfies SOC 2, PCI-DSS, and enterprise compliance requirements out of the box.
CSV Export · Compliance readyEvery user message is scanned for 12 known LLM hijack patterns before reaching the AI. Attempts to override instructions, change agent behaviour, or inject malicious device output are detected and blocked before they reach the model.
12 detection patternsActively scans routers and Linux devices for known malware: Mirai, Kadnap, Cyclops Blink, VPNFilter. Detects C2 connections, backdoor ports, malicious cron jobs, and hidden root accounts — all without installing anything on the device.
30+ malware familiesPROMETHEUS_URL in .env to pull device metrics from your existing monitoring stack.
Managing a multi-site, multi-vendor network is exhausting. NetNerd dramatically accelerates diagnostics, enforces safe change management, and gives your whole team — not just senior engineers — the ability to operate the network confidently.
NetNerd lets your engineers manage more client environments with less overhead. Deploy one instance per client, or a shared instance with per-user device scoping. Audit logs give you the documentation your SLAs require.
New to networking or a seasoned tinkerer — NetNerd adapts. Complete beginners get a guided 5-step setup wizard that builds a personalized plan from your exact hardware. Advanced users get the full ops console with VyOS, Linux, Cisco, and more.
Network automation isn't new. But conversational, reasoning-first automation that works across vendors, executes commands, and runs fully on-premise — that is.
| Category | Examples | How they work | Where NetNerd differs |
|---|---|---|---|
|
Traditional Vendor Automation
Cisco DNA Center, NSO, Juniper Apstra
|
Cisco DNA Center, Cisco NSO, Juniper Apstra | GUI + policy engines tightly coupled to vendor hardware. Large deployment footprint, vendor lock-in, six-figure licensing. |
NetNerd works conversationally and is truly multi-vendor. One Docker container, no vendor contracts.
Multi-vendor · No lock-in
|
|
Automation Platforms
Itential, Gluware, BMC
|
Itential, Gluware, BMC | Workflow automation pipelines. Engineers design workflows in GUI. Good at repeatable processes, bad at reasoning through novel situations. |
NetNerd reasons about the situation first, then executes. No workflow design required — just describe the goal.
Reasoning + execution
|
|
NetDevOps Tools
Ansible, Terraform, Netmiko
|
Ansible, Terraform, Netmiko | Engineers write scripts, playbooks, and modules. Powerful but requires deep Python/YAML expertise and months to build and maintain libraries. |
NetNerd replaces scripting with natural language. A junior engineer can do what previously required a senior Ansible developer.
No scripting required
|
|
Monitoring Platforms
SolarWinds, Auvik, PRTG
|
SolarWinds, Auvik, PRTG | Monitoring and alerting dashboards. They tell you something is wrong. Finding root cause and fixing it still requires a human engineer on CLI. |
NetNerd actively diagnoses root cause and proposes (or applies) the fix. Monitoring tells you what broke — NetNerd fixes it.
Diagnose + fix
|
|
AI Network Copilots NEW
Cisco AI Assistant, Juniper Mist AI, Startups
|
Emerging tools from Cisco, Juniper, and startups | AI assists engineers — suggests commands, answers questions, summarizes logs. Generally cloud-hosted, vendor-specific, read-only assistants. |
NetNerd is the closest category match — but fully self-hosted, truly multi-vendor, and can actually execute changes (with approval). Not just a copilot — an autonomous agent.
Self-hosted · Executes changes · Multi-vendor
|
Request a live demo or deploy from GitHub today.