1.

5 Introduction to Network Programmability

Network Programmability and Automation

Open Transcript

Open Transcript
This topic reviews what network programmability and automation is including several example scenarios to help
you understand its purpose and value in modern networking.

Current Network Operation:

CLI was built for manual human interaction

Configuration is one device at a time

Copying and pasting are the standard

Configuration is prone to error

Tasks are not easily repeatable

Notepad is the most common text editor

Future Network Operation:

Version controls all configurations monitoring changes

Version control is the source of the truth

Automated systems perform testing before any change is made to the configuration including system, style,
reachability, etc.

Network operations, as you know it, is based on human interaction with network devices. Commonly using
notepad, one of the most common text editors, network engineers configure one device at a time. It poses several
problems when working at scale.

First, the CLI was designed for human interaction limiting the speed of configuration to as fast as a person can
work.

Second, manual configuration and common copying and pasting methods are extremely prone to error especially
when configuring multiple devices.

Third, tasks are not easily repeatable resulting in extremely inefficient workflows.

Using tools that are common in software development, network engineers can perform more optimal workflows
such as using version control systems to store network configurations. This way, configurations are versioned and
tracked, and in addition, which used as the source of truth. Also, any change that is accepted will be fully tested
using automated tooling to ensure one or more changes are valid.

Uses of Network Automation

This subtopic examines several uses for network automation.

Types of Network Automation

Device Provisioning

Data Collection & Telemetry

Compliance Checks

Reporting
 Troubleshooting

Network automation is used for various common tasks. Several of the most common are:

Device Provisioning: Device provisioning is likely one of the first things that comes to engineers’ minds when
they think about network automation. Device provisioning is simply configuring network devices more efficiently,
faster, and with fewer errors because human interaction with each network device is decreased.

Data Collection & Telemetry: A common part of effectively maintaining a network is collecting data from
network devices and telemetry on network behavior. Even the way data is collected is changing as now many
devices such as IOS-XR devices can push data (and stream) off box in real time in contrast to being polled
every 5-15 minutes.

Compliance Checks: Network automation methods allow the unique ability to quickly audit large groups of
network devices for configuration errors and automatically make the appropriate corrections with built-in
regression tests.

Reporting: Automation decreases the manual effort that is needed to extract information and coordinate data
from disparate information sources in order to create meaningful and human readable reports.

Troubleshooting: Network automation makes troubleshooting easier by making configuration analysis and
real-time error checking very fast and simple even with many network devices.

Network Automation Scenarios

In this subtopic, you will look at several real-world scenarios in which the network programmability concepts and
skills you will learn in this course can be applied to perform network automation tasks.

Data Collection

For a Cisco ISE deployment, an IT manager needs to perform an audit of network switches to gather the
hostname, IP address, platform, and serial numbers from all network devices in the organization.

Correlate user switchport given their IP Phone Extension

An example of using network automation for data collection is a Cisco ISE deployment on a large network. For this
deployment, an IT manager needs to perform an audit of network switches to gather the hostname, IP address,
platform, and serial number from each network device in the entire organization. Especially in a larger network,
this task can take an incredible amount of time and is extremely prone to human error as network engineers log in
to each switch, copy serial numbers, hostnames, and so on, and paste them into cells on a spreadsheet.

The network automation methods that you will learn in this course can be leveraged to gather all this information
very quickly and automatically create a spreadsheet from the returned data. Rather than days, or weeks, of
manually logging in to every device and entering data in to a spreadsheet, the entire process can be reduced to a
few days of development, testing, and deployment.

Configuration Management Scenarios

Due to new vulnerability, new ACLs needed to be added to Cisco ASA FWs at each branch site.

ISE Deployment requires commands on each and every switch.

Enterprise needs to add BGP peers frequently for business partners.

Documented processes lend themselves to automation.

An example of using network automation for device provisioning is an urgent request from management to add
new access control lists to Cisco ASA firewalls at all branch sites in a multi-site organization. Due to a new security
vulnerability, these ACLs must be configured on every device immediately and without error. Again, the network
automation skills you will learn in this course can help you test and deploy new configuration with much greater
speed, accuracy, and built-in checks.

This subtopic examines how APIs are used by an end-user or other external source to communicate with a
network device.

Traditionally, methods such as SNMP, Telnet, and SSH were among the only options to interact with a network
device. However, over the last few years, networking vendors, including Cisco, have developed and made
available APIs on their platforms in order for network operators to more easily manage network devices and gain
flexibility in functionality.

The API is the mechanism by which an end user makes a request of a network device and the network device
responds to the end user. This method provides increased functionality and scalability over traditional network
management methods. In order to transmit information over the wire, APIs require a transport mechanism such as
SSH, HTTP, and HTTPS though there are various possible transport mechanisms as well.

Traditional methods to manage a network device are:

SNMP

TELNET

SSH

Programmatic methods to manage network devices use APIs such as:

 NX-API

REST

NETCONF

RESTCONF

gRPC

For the Cisco Nexus platform, for example, NX-API uses HTTP, and HTTPS to make command line calls to the
network device and supports the XMLand JSON encoding formats.

PERL, Expect, and SSH connectivity has existed for years

It was possible – tedious and error prone, but possible

Manual parsing – lots of regular expressions

Going forward

– Programmatic APIs

– No parsing

– Automatic failure on rollback

– Configuration changes as a transaction

If you are one of the few that has been automating network, you have probably used PERL or Python and
combined that with manual parsing of long strings to be able to make use of the data being returned. So, network
automation has been possible, but it has been tedious and error prone. Going forward, as modern programmatic
APIs become command place, there will be no parsing. All will be returned will be structured as an object. Also,
configurations will be treated as a transaction. All configuration changes are applied or none of them—you would
not end up with only partially good configurations.

Open Source Tools and Enterprise Platforms

This subtopic compares how several open source and commercial platforms that are already used in automating
systems operations are now being utilized for network operations.
For several years, system operations teams have been utilizing several commercial and open source tools to
automate virtual environments and workloads and create an entirely programmable infrastructure. SysOps
engineers have used and are using commercial platforms such as VMware vCenter, Microsoft System Center, and
Citrix XenServer as well as open source methods such as Ansible, Puppet, SaltStack, and Chef.

Today, network operations teams who have seen the incredible power in programmable infrastructure are utilizing
some of these same methods to manage their network. Commercial platforms such as Cisco’s APIC-EM and
OpenDaylight are being used along with some of the very same open source methods such as Ansible and Puppet
to automate and orchestrate entire infrastructures.

Commercial platforms that are used by system operations teams include:

VMware vCenter

Microsoft System Center

Citrix XenServer

Open source methods that are used by system operations teams include:

Ansible

Puppet

SaltStack

Chef

Commercial platforms being used by network operations teams include:

Cisco ACI

Cisco APIC-EM

Cisco UCS Director

Cisco UCS Director

Cisco Network Services Orchestrator (NSO)

Cisco Open SDN Controller (OSC)

Open source methods being used by network operations teams include:

Ansible

Puppet

SaltStack

Chef

And with each of them, they are underpinned with Linux and use either Python or Ruby as their programming
language of choice.

Network Programmability Technology

This subtopic introduces various network programmability technologies and processes.

Linux

Device and Controller APIs

Version Control

Software Development

Automated Testing

Continuous Integration

Network Programmability is so much more than having programmatic interfaces on network devices. As you will
learn throughout the course, there are many technologies that are used when introducing network programmability
and automation into a given environment.

Linux—The foundation of everything begins with Linux. From version control to programming languages and
configuration management tools such as Ansible and Puppet that is almost always run on Linux OSs.

Device & Controller APIs—You will learn about various Cisco device & controller APIs throughout the course.
They are how modern tools interact with network devices.

Version Control—Everything should be versioned using a system such as GIT. Using a platform such as GIT
makes it easier to share and collaborate on projects involving anything from code to configuration files.

Software Development —While not every network programmability engineer will be an expert programmer,
understanding software development processes is critical and understanding how software development can be
used to extend or customize open source tools.

Automated Testing —A key area of network programmability (and software development) is automated testing.
Deploying proper testing, for example pre and post change on the network, in an automated fashion improves the
predictability and determinism of network resources. You should have tests that run automatically under defined
conditions (or whenever a change is being proposed).
Continuous Integration (CI)—Used commonly by developers, as are many of these tools and technologies, can
drastically improve the release cycle of not only software, but of network configuration changes. Deploying CI tools
and pipelines can help with execution of your tests so that they run when changes are being proposed (using
version control tools).

All topics are covered in much greater detail throughout the course.

Network Automation Workflow

This subtopic reviews an advanced workflow for deploying configuration to network devices utilizing several
previously discussed technologies.

Configuration Management Workflow [Sample]

This advanced workflow integrates many different tools to accomplish automated testing in an environment where
version control (git) is used to manage configuration files. The sample workflow would be something like this (note:
it is covered in greater detail in later modules):

Check out the latest configs (master branch) using GIT

You realize you need to fix the routing policy currently on the device, but because what’s in version control is on
the device and because you deploy from version control, you first need to fix git and the change pushes back to
the upstream repository

You make you required changes (in a new branch)

Using GitHub, you issue a pull request to get your proposed changes back into the master branch

When it happens, automated tests that were pre-built start to get executed

– There are many flavors of these tests – they are up to you to define!

– Tests can catch much more than the human eye

Once all tests pass, senior engineers can perform a review and merge the change back into the master branch
Finally, the configuration is deployed to a network device – for the workflow, the step is left to perform via
whatever means necessary, but adding that to the workflow makes it even more advanced. The point is there is
much that can be done with testing and automation even without deploying to production.

Content Review Question

Network automation is used for which common tasks. (Choose two.)

Device Provisioning

Accounting

Data Entry

Reporting

Submit