OpenStack API
RESTJSON
XML
OpenFlow
Controller
Agile
IaaS
Puppet
Chef
OrchestrationAutomation
DevOps
Ansible
NX-API
WaterfallOpenDaylight
NFV
Netconf YANG
IDE
SDKPython
Go
LXC
Container
Docker
CI/CD
Salt
NeutronML2
BASHEclipse
Git
Unicorn
Programmability and Automationon
Cisco Nexus Platforms
Abhinav Modi, Technical Marketing Engineer @ Cisco
BRKDCT-2459
[email protected] / @abhinav_m
Agenda
• Why Programmability ?
• Programmability on the Nexus
• POAP
• PXE Boot
• On-Board Python and EEM
• Netconf
• NX-API and DME
• XMPP
• Linux Containers, Guest-shell, Bash
• Configuration Management :• Puppet/Chef
• Ansible
• Understand the various use cases and aspects of Programmability
• Have an overview of various Nexus programmability tools and protocols
• Techniques you can use on your Nexus devices today, or in near future
• Cover Nexus Portfolio – N3k, N5/6k, N7k, N9k Stand-alone
• All demos are available at http://tinyurl.com/brkdct2459demos
Session Goals
• Become a programmability super-hero
• Controllers and “SDN”
Session Non-Goals
TodayEarlier
Evolution of Server Configuration
NEXUS# config terminalNEXUS(config)# interface ethernet 1/1NEXUS(config-if)# no switchportNEXUS(config-if)# ip address 1.1.1.1 255.255.255.0NEXUS(config-if)# no shutdownNEXUS(config-if)# exitNEXUS(config)# feature eigrpNEXUS(config)# router eigrp Test1NEXUS(config)# interface ethernet 1/1NEXUS(config-if)# ip router eigrp Test1NEXUS(config-if)# no shutdownNEXUS(config-if)# endNEXUS# copy run start
CAT6K>enableCAT6K# config terminalCAT6K(config)# interface fastethernet 1/1CAT6K(config-if)# ip address 1.1.1.1 255.255.255.0CAT6K(config-if)# no shutdownCAT6K(config-if)# exitCAT6K(config)# router eigrpCAT6K(config-router)# network 1.1.1.0CAT6K(config-router)# exitCAT6K(config)# exitCAT6K# copy run start
Evolution of Network Configuration
TodayEarlier
Why is Programmability Important?
Save Time Customize InnovateHuman Error
Programmability and APIs are ComingBrownfield Integration of Programmability
API Proliferation
Orchestration
Router Firewall
API
API
API
Programmatic Control
Development
Switch
Python
SDK
Overlay Networking
Overlay Networking
API
Management Platform
API
? Integration
Fully Programmatic NetworksGreenfield and Ground-Up Programmability Solutions
Cloud and Orchestration
Public Cloud
Private Cloud
Productized Solutions
ACI Fabric
SDK API Automation
Niche Use Cases
TOOLS
SDN Matrix
Controller
Optical Taps
OpenFlow
Java and Restful
Cloud and Orchestration
Cisco Intercloud
How does
automation
work with
my tools?
Scripting
Environments?
Puppet,
Chef, other?
Open Source
Controllers?
What is their
current state?What is the rate of
change in my
environment?
What am I
aiming for?Realistic
expectations?
Is dynamic
configuration
required?
How does
automation help
with my
objectives?
Optimize
Infrastructure?
Automated
provisioning?
Better
Diagnostics?
Address gaps
in Vendor
offerings?
Aligning expectations with
skills and objectives…
Training
required?
What skills and tools
do I need to
accelerate delivery of
services?
Network Programmability: Considerations
Use Cases
Automation ComplexityRis
k
Network MonitoringAutomated Troubleshooting
and Data Visibility
Automated Provisioning
Scripted Pre-Provisioning
Subset of Existing Management Tools
DevOps Workflows
Custom Integration
Self Healing and Adaptive NetworksReal Time
Provision
Passive
Event Triggered Scripts
Check your
Copy and Paste
Folder For Examples
Quality AssuranceDevelopment
Technology Operations
DevOps
What Can We Learn from DevOps ?
Network Operations
Network Automation Enablers
Linux is the Home of Open Source
• Majority of Tools and Endpoints are Linux Systems
• Aim for end-user proficiency
• Software Development and DevOps are Linux Cultures
• Containers, Linux Utilities, BASH, Nexus 9000, Cloud Operating Systems
Python and Programming
• Large user community, flexible language, easy to start
• Aim for end-user proficiency
• Hack variables together, troubleshoot simple problems
• Proficiency in other languages is an equal substitution
• Understand the terminology and challenges
Ecosystem Langua
ge
Novice Programmers Python
Network Programming Python
Web Development
Configuration Management
Ruby,
Python
Containers Go
Enterprise Applications Java
C++
Scripting
Web Applications
Perl
PHP
Git – Version Control
• Git is a Version Control System
• github.com is free place to put public Code
• Use :
• To search for libraries and software
• Maintain your scripts, libraries, automation infra
• Give back – share your code !
IOS XR NX-OS IOS XE IOS
Virtualized in
IOS XRv
Virtualized in NX-OSv
Virtualized in CSR1000v
Virtualized in IOSv
Servers
Ubuntu, Cirros, 3rd party
appliances
Virtual Machines run the operating system but are NOT representations of
a particular hardware platform – no fans, no switch fabric, no ASIC models
VIRL (Virtual Internet Routing Labs)Virtualized Platform Operating Systems
Virtual Internet Routing Labs (VIRL)
A network orchestration and virtualization platform that enables:
• Point-and-click network design
• Painless configuration
• Integration of platform-sync’d code
• Rapid setup and tear-down
• Seamless connectivity with ‘real’ networks
• Portability and repeatability
• A Quick Way to Get Started with Networking Concepts
Cisco DevNet - developer.cisco.com• Cisco’s Developer Community
21
DevNet Portal DevNet APIs & SDKs
DevNet Sandbox Platform
Community
Developer
Support
Events
Nexus Programmability
Complete Nexus Product Portfolio
Nexus 2300 Nexus 3100 Nexus 5600
One Operating System—NX-OS
Operational Simplicity
Architectural Flexibility
Open/ Programmable
Resilienceand Scale
Investment Protection
Nexus 7000 Nexus 9000
(ACI)
10G / 40G 10G / 40G / 100G
Nexus Programmability Features
• Day-0 Provisioning
• POAP, iPXE
• Base Features
• SNMP, Native Python, EEM
• APIs
• Netconf, XMPP, NX-API, DME
• Linux Containers and BASH
• Linux Containers, Guest Shell, Bash
• Configuration Management
• Ansible, Puppet, Chef
Power On Auto Provisioning (POAP)
POAP – Bring up your switch … fast !!
• Easy Day-1 Bringup
• Automatic Provisioning
• Accurate, Consistent, Repeatable Configurations
• Minimize Operational Costs
• Reduce Deployment Time
Supported on Nexus 3000 : 5.0(3), Nexus 5000 : 5.1(3)N2(1), Nexus 7000 : 6.1(2), Nexus 9000 : FCS
Script Server
Nexus Switch
DHCP Server
Download Script file onto the switch and execute the script
DHCP Discover phase:Get IP Address, GatewayScript server Script file
Download Configuration License Software images onto the switch
23 4
Default Gateway
1Power up Phase: Start Power On Auto-Provisioning Process
License, Configuration and Software Server
5
Reboot if needed. Switch up and running the downloaded
image and config
POAP – Bring up your switch … fast !!
• Leverage existing compute deployment
infrastructure (PXE/iPXE) for NX-OS
• Deploy NX-OS from a web / TFTP server
• Support IPv4 and IPv6
• Support for stateless address auto-configuration
(SLAAC) and stateful IP auto-configuration
variants for DHCPv6. iPXE supports boot URI and
parameters for DHCPv6 options.
• NX-OS CLI option added to select boot option
either <bootflash(default) > or <pxe>
Boot Server(DHCP & HTTP/TFTP)NX-OS Image Repository
DHCP
DISCOVER(v4/v6)
IP Address &
File/Image URL
TFTP GET
FILE/HTTP
URL
http://n9k-dk9.bin..
Validate Image
Checksum &
Boot
iPXENexus 3/9k
Q3CY15
On-Board Python
On Board Python
• Simple way to get stuff done
• No configuration required
• Integrate with EEM, Scheduler – get some data from the box and work on it !
• Use it for event based activity – where polling may not be possible
Are you leveraging it?
Interactive Mode
switch# python
Copyright (c) 2001-2012 Python Software
Foundation; All Rights Reserved
switch# >>> print "hello world“
hello world
switch# >>> exit()
Non Interactive (script) Mode
Switch # dir bootflash:scripts
946 Oct 30 14:50:36 2013 crc.py
7009 Sep 19 10:38:39 2013 myScript.py
22760 Oct 31 02:51:41 2012 poap.py
Switch # source crc.py
------------------------------------------------
Started running CRC checker script
finished running CRC checker script
-------------------------------------------------
Some key modules
syslog
Generate a syslog message with user defined severity and text
cisco
Contains functions such as cli() to execute CLI commands from within Python
json
Functions for converting data structures to/from JSON format
User’s Pure Python module can be installed on switch!
How is Python being used ?
• Run scripts manually via CLI
• Upgrade MOPs – EEM + Python for customizing interface bring-up timing
• Scheduler based – Periodic collection of data
• Monitor events on the device and take actions
• Large number of events and actions supported
• EEM has been supported on IOS, IOS-XR and NX-OS
• Many default policies run in the background to manage switch health
• Sample Events :• Hardware changes (module OIR)
• Interface Flaps
• Syslog pattern matches
• GOLD failures
• And many more…
• Sample Actions : • Send out an SNMP Trap
• Generate a Syslog message
• Generate Run a Python Script
Embedded Event Manager (EEM)
DEMO
EEM Port Tracking
• Summary• Bring down a secondary list of interfaces when primary interface goes down
• Description• Monitor Link state for activity
• When a primary interface goes down, admin shut secondary links as well
• When a primary interface comes back up, trigger un-shut of the secondary interfaces
• Script : https://github.com/tecdct2941/scripts/blob/master/eem/port_check_applets
• All demos are available at https://www.youtube.com/playlist?list=PLSnd2FpPvsTwr96p8S-0kNzd-dhg7RFZ7
• Shorter Link : http://tinyurl.com/brkdct2459demos
Demo – EEM Port Tracking
Super Command – Command Chaining
• A set of commands chained together so that interesting information can be passed through it.
• Useful for repetitive debugging
• Helps extract data related to a particular parameter (eg : IP address) instead of having to go through entire table / data
Find IP in
‘show ip arp’
Find MAC in ‘show
mac address-table’
Interface Run ‘show cdp neigh
interface’ and gather
details
IP MAC
Print out details
ARP, MAC, CDP
Exit
Nexus 3/9k
Shipping
Super-commands: Pythonarp = json.loads(cli.clid('show ip arp %s vrf all' % ip))['TABLE_vrf']['ROW_vrf']['TABLE_adj']['ROW_adj']
ip, timer, mac, interface = arp['ip-addr-out'], arp['time-stamp'], arp['mac'], arp['intf-out’]
for cam in cli.cli('show mac address-table address %s' % (mac)).split('\n'):
if mac in cam: break
else:
raise Exception('Unable to find %s in CAM output' % mac)
cam_fields = cam.split()
if cam_fields[0] in ['*', 'G', 'R', '+']:
cam_fields.pop(0)
vlan, mac, entrytype, age, secure, ntfy, port = cam_fields
cdp = json.loads(cli.clid('show cdp neighbor interface %s‘ %port))['TABLE_cdp_neighbor_brief_info']['ROW_cdp_neighbor_brief_info’]
print('Here is some information on %s:' % ip)
print(' ' * 4 + 'MAC address: %s' % mac)
print(' ' * 4 + 'Local interface: %s' % port)
print(' ' * 4 + 'VLAN: %s' % vlan)
print(' ' * 4 + 'L3 gateway: %s' % interface)
print(' ' * 4 + 'CDP Platform: %s' % cdp['platform_id'])
print(' ' * 4 + 'CDP Device ID: %s' % cdp['device_id'])
print(' ' * 4 + 'CDP Port ID: %s' % cdp['port_id'])
Super-commands: ResultsQuery an IP connected to our switch
Services2-116# python bootflash:supercommand.py 130.131.1.101
Here is some information on 130.131.1.101:
MAC address: 0000.0c07.ac00
Local interface: Po50
VLAN: 231
L3 gateway: Vlan231
CDP Platform: N9K-C93128TX
CDP Device ID: Services-nagtor-73(SAL1733B948)
CDP Port ID: Ethernet1/100
Use an alias to integrate with CLI
Services-1-117(config)# cli alias name supercommand python bootflash:supercommand.py
Services-1-117# supercommand
usage: Supercommand [-h] ip
Protocols
Some Theoretical Concepts
• XML
• JSON
• API
• REST
What's XML?
• stands for “Extensible Markup Language”
• way to represent data
• requires you define your own tags
• designed to be self-descriptive
<?xml version="1.0"?>
<ins_api>
<version>1.0</version>
<type>cli_show</type>
<chunk>0</chunk>
<sid>sid</sid>
<input>sho ver</input>
<output_format>xml</output_format>
</ins_api>
RequestRoot Element
Each Element
Has a start and end tag
<?xml version="1.0" encoding="UTF-8"?>
<ins_api>
<type>cli_show</type>
<version>1.0</version>
<sid>eoc</sid>
<outputs>
<output>
<body>
<header_str>Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2014, Cisco and/or its affiliates.
All rights reserved
http://www.gnu.org/licenses/old-licenses/library.txt.
</header_str>
<bios_ver_str>07.11</bios_ver_str>
<kickstart_ver_str>6.1(2)I2(2a)</kickstart_ver_str><bios_cmpl_time>05/28/2014</bios_cmpl_time>
<kick_file_name>bootflash:///n9000-
dk9.6.1.2.I2.2a.bin</kick_file_name>
<manufacturer>Cisco Systems, Inc.</manufacturer>
<TABLE_smu_list>
<ROW_smu_list>
<install_smu_id>n9000-
dk9.6.1.2.I2.2a.CSCup81353.bin</install_smu_id>
</ROW_smu_list>
</TABLE_smu_list>
</body>
<input>sho ver</input>
<msg>Success</msg>
<code>200</code>
</output>
</outputs></ins_api>
Response
What's JSON?
• stands for “JavaScript Object Notation”
• is a data format that uses human-readable text to transmit
data objects consisting of
• attribute–value pairs
• is easy for machines to parse and generate
• is built on two structures:
• a collection of name/value pairs
• an ordered list of values
Request{
"ins_api": {
"version": "1.0",
"type": "cli_show",
"chunk": "0",
"sid": "1",
"input": "sho ver",
"output_format": "json"
}
}
Response"ins_api": {
"type": "cli_show",
"version": "1.0",
"sid": "eoc",
"outputs": {
"output": {
"input": "sho ver",
"msg": "Success",
"code": "200",
"body": {
"header_str": "Cisco Nexus Operating System (NX-OS)
"kickstart_ver_str": "6.1(2)I2(2a)","bios_cmpl_time": "05/28/2014",
"kick_file_name": "bootflash:///n9000-dk9.6.1.2.I2.2a.bin",
"rr_reason": "Reset Requested by CLI command reload",
"rr_sys_ver": "6.1(2)I2(2a)",
"rr_service": "",
"manufacturer": "Cisco Systems, Inc.",
"TABLE_smu_list": {
"ROW_smu_list": {
"install_smu_id": "n9000-dk9.6.1.2.I2.2a.CSCup81353.bin"
}
}
}
}
}
}
}
What's an Application Programming Interface (API)?
• A set of requirements that govern how an application can be
used by another
• An API exposes internal functions to the outside world— this
allows for other external applications to utilize functionality
within the application
• Not a new concept—most applications have an API of some
sort
• Often uses authentication (though key exchanges, certificates,
etc.)
• Communication often uses either Java scripting, Python, XML,
or simple HTTP
What's REST?
Stands for “Representational State Transfer”
Architecture style for designing networked applications
Uses HTTP(S) to make calls between entities
Operates on resource representations, each one identified by an URL/URI
Examples:
Resource : person (xyz)
Service : contact information (GET)
Representation:
Name, address, phone number
JSON or XML format
REST
HTTP
REST Follows a Familiar Model
HTTP GET
HTML
Describes how data
should be displayed to
please human viewer
HTTP GET
JSON/XML
Describes data in a
format applications
can understand
{"ids":[303776224, 19449911, 607032789,
86544242, 2506725913, 17631389],
"next_cursor":0, "next_cursor_str":"0",
"previous_cursor":0,
"previous_cursor_str":"0"}
Web Browsing REST API Twitter: IDs of last five followers
Uniform Resource Identifier (URI)
• There are two types of URIs
• URL: Uniform Resource Locator
• URN: Uniform Resource Name
• A URL has three important elements
• Protocol/scheme: http, ftp, etc, telnet, mailto, NNTP
• Hostname: wwwin.cisco.com
• Path and file name: /index.html
https://10.87.34.16/#c:a.1|topology/pod-1/node-105/sys/phys-[eth1/1]
Host Path and/or FilenameOptional Port80/443Scheme
URL Examples http://10.87.107.99/index.html
https://10.87.34.16/#c:a.1|topology/pod-1/node-105/sys/ch/supslot-1/sup/sensor-1
ftp://ftpeng.cisco.com
mailto:[email protected]
http://www.cisco.com/go/aci
Absolute vs. relative www.cisco.com/go/aci
<img src="../images/apic.gif" width="..." height="..." />
Now…Let’s Get to The Protocols
Netconf
NETCONF is an IETF Configuration Management Protocol
Content
Operations
Messages
Transport
Protocol Stack• Netconf is a standard based
communication protocol (RFC 4741)
• Separates Operational and Configuration Data management (show commands v/s config)
• Defines capabilities for managing configuration data
• Candidate buffer for validation of config before commit
• Locking the config space
NETCONF Uses a Client-Server Model
ServerClient
• Connection-oriented
• Authenticated
• Reliable
• Trustworthy
• Secure
Transport Requirements
Clients Make Requests Using RPCs
ServerClient
• NMS
• Script
• Plugin
• Manual Cut-n-Paste
<rpc>
<rpc-reply>
NETCONF uses a simple Remote Procedure Call (RPC) paradigm to facilitate
communication between the client and the server (aka the network device).
Multiple client
types possible
Netconf Operations
Operation Description
<get-config> Retrieve all or part of specified configuration datastore
<edit-config> Loads all or part of a configuration to the specified configuration
datastore
<copy-config> Replace an entire configuration datastore with another
<delete-config> Delete a configuration datastore
<commit> Copy candidate datastore to running datastore (ex: XR)
<get> Retrieve running configuration and device state information
<lock> / <unlock> Lock or unlock the entire configuration datastore system
<close-session> Graceful termination of NETCONF session
<kill-session> Forced termination of NETCONF session
NETCONF Data Stores: Target of Operations
• Data stores are named buckets that may hold an entire copy of the configuration
• Not all data stores are supported by all devices
• Running is the only mandatory data store
• Not all data stores are writable
• Check the device’s capabilities
• To make changes to a non-writeable data store, copy from a writable one
Running Startup Candidate URL…
NETCONF Protocol Stack Summary
• Config / Operational DataContent
• <get>, <get-config>, etcOperations
• <rpc>,<rpc-reply>Messages
• SSHTransport
• Nexus currently supports get, edit-config on Running
• Support for following features :
• Candidate
• Validate
• Commit, Confirm-commit
• Rollback, Continue-on-Error
• URL Capability
• Validate from XML/URL without adding to candidate
• Copy
• Provides for flagging syntax errors before buffer is committed to configuration
Netconf Enhancements on Nexus
Nexus 2-7k
Q2CY15
• To know any schema, pipe the command via xmlin tool on the switch
• Eg : “show interface | xmlin” returns the Netconf request to get show intoutput from Nexus
• No need to refer to Schema documents – available on-box
• Also available as an interacting command on the Nexus : Type “xmlin” at Exec prompt
• For automation with Netconf : Use ncclient
• Supports various Cisco devices and vendors
• Location : https://pypi.python.org/pypi/ncclient
Using Netconf – Some Tips
Netconf - Demo
• Summary• Interact with Netconf (xmlagent) on a nexus switch
• Description• Open a Netconf session from a terminal
• Reply to Hello
• Perform various Netconf operations – get, edit-config
Demo – Using Netconf
NX-API
JSON-RPC/JSON/XML Request/response format
request/response
NXAPI web server
Nexus
Switch# conf t
Switch(config)# feature nxapi
Switch(config)# exit
HT
TP/S
Introducing NX-API
HT
TP/S
NX-API Developer Sandboxhttp://<mgmt0_IP>
To Enable :
nx-osv-1# show run nxapiversion 7.2(0)D1(1)feature nxapinxapi sandbox
Sample Script : Add Vlan using NXAPIimport requests
import json
print "enter ip address"
ip=raw_input()
print "enter vlan to be configured"
vlanId=raw_input()
myheaders = {'content-type': 'application/json-rpc'}
url = "http://"+ip+"/ins"
username = "admin"
password = "ciscotme"
payload=[
{"jsonrpc": "2.0","method": "cli","params": {"cmd": "conf t","version": 1},"id": 1},
{"jsonrpc": "2.0","method": "cli","params": {"cmd": "vlan "+vlanId,"version": 1},"id": 2},
{"jsonrpc": "2.0","method": "cli","params": {"cmd": “exit”,"version": 1},"id": 2},
]
response = requests.post(url,data=json.dumps(payload), headers=myheaders,auth=(username,password)).json()
Requests python module
Get IP Address of switch
URL of switch
Payload:
>Conf t
> vlan <>,
> exit
NX-API: Sample Use Cases
• Data Collection and Display
• Resources, Interface Statistics
• Switch Configuration and Feature Provisioning
• Consistency Checks
• Cable Plan
• VLAN
• vPC
DEMO
VLAN Scale Check
• Checking VLAN scale on device periodically is useful
• Script checks list of devices for number of VLANs configured
• Alert if current configuration exceeds threshold (defined in script)
• Use NX-API for fetching VLAN count
• Use NX-API to execute Python commands on the Nexus switch
• The Python code generates a Syslog on the Nexus switch to alert the NOC
• Script : https://github.com/datacenter/nxos/blob/master/nxapi/samples/vlan_scale.py
VLAN Scale Check
DME – Model Driven Architecture
NXAPI Evolution - Model Driven Architecture
• Asynchronous, model driven programmability
• Support for various manageability agents (CLI, REST, JSON RPC, SNMP)
• Consistent user experience (+ AAA) from all access methods
• Support for object create/update/delete operations
• Event/Fault Handling via web-sockets asynchronously
Nexus 3/9k
Q3CY15
CLI POST Request without DMEPOST Request BGP Object with
DME
router bgp 11
router-id 1.1.1.1
POST http://Switch-IP/ins {'content-
type':'application/json-rpc'}.json()
{ "jsonrpc": "2.0",
"method": "cli",
"params": {
"cmd": "config t",
"version": 1 }, "id": 1 },
{ "jsonrpc": "2.0",
"method": "cli",
"params": {
"cmd": "router bgp 11",
"version": 1 }, "id": 1 },
{ "jsonrpc": "2.0",
"method": "cli",
"params": {
"cmd": "router-id 1.1.1.1",
"version": 1 }, "id": 2 }]
POST http://Switch-IP/api/mo/sys/bgp/inst.json
{ "bgpInst" : {"children" : [{"bgpDom" : { 11
"attributes" : {"name" : "default","rtrId" : "1.1.1.1"
}}
}]
}}
Object Based Programmability – BGP Configuration Example
DME – BGP Demo
XMPP
What is XMPP ?
• Open Standard
• 1:1 or 1:N (Group) communication
• Provides auto sensing of presence
• Secure
• Popular :• Cisco Jabber, Gtalk
• Clients : Jabber, Pidgin and many more
• Entities can be • Humans
• Bots (Software Processes)
• Servers and Devices
XMPP
ServerH1
H2
H2 H3
XM
PP
Serv
er
H2 H3
H1
Group 1
Group 2
H4
• Nexus 5K/6K/9k already support XMPP
• Nexus 7k will support XMPP in 7.2 release (Q2CY15)
• Nexus 3k will support XMPP in 7.0 release (Q3CY15)
• XMPP supports up to privilege level 15 (configuration mode)
• NX-OS devices use their hostname to login to the XMPP service
• Any XMPP server software can be used
XMPP on NXOS
Cisco PrimeData Center Network Manager
XMPP Use Cases
• Network Admin – Quick Checks, Configuration
• Presence Monitoring
• Scripts – Data Collection, Provisioning
• Standalone Fabric Management with DCNM and integrated XMPP
XMPP on NX-OS
feature fabric access
hostname leaf1
ip host test-xmpp-server.cisco.com 192.168.1.100
…
fabric access server dcnm-ova.cisco.com vrf management password 7 xyz
fabric access group all-nodes leaf-nodes
fabric access ping interval 60 response 10 retry 5
Required if no DNS for the domain
Hostname is used for identification
leaf1# show fabric access connections
XMPP Ping :
Status = Enabled
Interval = 60 second(s)
Response = 10 second(s)
Retry = 5 time(s)
XMPP Payload CDATA-Encapsulated : Enabled
Device Connection :
JID = [email protected]/(fmgr-device)(TB01010000B)
State = AUTHENTICATED
JID identify the host in Jabber
Host S/N included in JID
XMPP chat groups
XMPP and Standalone FabricCisco Prime Data Center Network Manager
• Data Center Network Manager release 7.0(1) integrates the Cisco Jabber daemon
• DCNM is delivered as an OVA that can be deployed on VMware ESX server
• XMPP DB populated via POAP information – no need to add nodes separately !
DATA Center Network Management
Setup, Visualization, Management and Monitoring of Data Center Infrastructure
(Network – Compute – Storage)
POAP XMPP
NX-OS
HOST
Populate XMPP DB with Configuration Values
User
Group
Templates
Values
Variables
Status
POAP DB XMPP DB
Accessing Devices with XMPP
Python Bot
Pidgin User
Groups
Entities
Return Value
Return Output
XMPP and PythonWriting a python bot
• Accessing NX-OS with Python with xmpppy library - http://xmpppy.sourceforge.net
import xmpp
cmd=“show vlan\n"
jid="[email protected]"
pwd=“test123"
to="[email protected]"
jid=xmpp.protocol.JID(jid)
cl=xmpp.Client(jid.getDomain(), debug=[])
cl.connect()
cl.auth(jid.getNode(),pwd)
cl.sendInitPresence()
message=xmpp.Message(to, cmd)
message.setAttr('type', 'chat')
cl.send(message)
XMPP python module
My JID
JID of device
Connect to XMPP server
Send Presence
Send Message
Create Message
Summary of Nexus Protocols
Comparison of Nexus Programmability Technologies
On/off box Data Format Possible Use Case Good for configuration
management
Native Python On boxASCII/XML/JS
ONScripts on-box for analysis,
data collectionNo
XMPP Off box ASCII/XMLControl many switches
without CMYes
Netconf Off Box XMLConfig/Oper with Config
validationYes
NXAPI Off box XML/JSONEasy Operational Data
Access, Web AppsYes
DME Off Box JSONBetter Configuration Model,
Web AppsYes
Linux Containers, Guest-Shell and Bash
Device Accessibility :
• Safely build and run applications on our network devices
• Open up access to the device
• Access underlying features and capabilities
• Use familiar tools, local on-device analysis
BashNative PythonApplication
Hosting
(OVA)
Guest
Shell
Open SystemClosed System
NX-API
Secure LXC
• Base LXC support
• Namespace separation with LXC
• C-groups to limit resource usage
• Secure LXC
• Drop capabilities to limit a privileged user
• Use of Secure Linux technology, like SMACK, to address risks to host 3rd party applications running at root privilege
AppTIPC
LXC Container
/root
/proc/dev
NX-OS
Host
cgroups
HOST
LXC
CPU MEM DISK
Trust Boundary for Secure
LXC Containers
Nexus 3/9k
Shipping
Secure Guest Shell
Kernel (cgroup, LSM)
NX-OS root file system
Native Linux
Processes
Native Linux
ProcessesBash Bash
Native Linux
Processes
Native Linux
Processes
Native Linux
Processes
Guest root file systemPkg-1.rpm Pkg-2.rpm
Pkg-2.rpm Pkg-3.rpm
Ns=globalNs=global Ns=guestshell Ns=guestshell Ns=guestshellNs=global Ns=guestshell
Native Shell, RPM +
Containers
Guest Shell: Bash + Built-In Secure Linux
Environment with customizable root file system
• A controlled open environment from which the host “can’t” be corrupted
• Secure common distro CentOS7 environment in which customer may install their own custom applications
• Use “guestshell resize” command to restrict CPU/memory/rootfs resources available to Guest Shell
Pkg-4.rpm
DEMO – Guest ShellGit
On Device Git
• Git provides a free, open-source version control mechanism
• Easy to learn
• Tiny footprint
• Large community
• Git package available within Guestshell environment:
[guestshell@guestshell ~]$ git --version
git version 1.8.3.1
[guestshell@guestshell ~]$
https://github.com/datacenter/nxos
• Summary
• Implement Config snapshot / Diff on switch using Git in guestshell
• Description
• Git runs on the switch in a guestshell
• Use EEM to copy running-config to the Git repo on config change
• Sync Git repo to github
Demo – On Device Git
•Issue a CLI to gain access to Linux Bash Shell
•Leverage favorite Linux commands like ps, grepetc.
•Bash shell can have non-root privileges to protect against unintended operator errors
•Role-based access to Bash
•Use Cases :
•Tcpdump, Bash has access to front-panel ports
•Install 3rd Party applications via RPMs (Future, Q3CY15)
BASH
Nexus 3/9k
Shipping
RPM Package Management via YUM
• Ability to install Linux Daemon in an LXC or in the NX-OS kernel
• Install 3rd party apps like tcpdump, tcollector, iperf etc.
• Install standard config management systems like Puppet/Chef
• Daemon managed via standard Linux interfaces
• Built-in support for YUM package manager
• Patching and upgrade using standard rpm/yum workflows
• BGP can be upgraded via “yum update
LXC And Native Daemons
Package as RPM
C app with
standard Linux
constructs
Open
Embedded 64
bit Build
Environment
YUM
Repositor
y
RPM local
repository
RPM uploadYUM Install
Linux Daemon
Linux Kernel
• Raw Socket
• Netdevs
• Libpcap
init.d
UDP Hello
Monitoring
server
ASIC
Build Server Target Switch
Nexus 3/9k
Q3CY15
• PSODCT-2030 - How OpenNXOS enables more Open, Extensible, Modular and Flexibile Datacenters
• Tuesday 1 PM to 2 PM, 11B Upper Level
Learn More About Open NX-OS
Configuration Management
Configuration Management Software
• DevOps: Applying IT Tools to Network Management
• Switch as Server
• Manage multiple devices and the automation around it
• Repeatable, Granular Tasks
• Crowd Sourced Scripts, modules
Introducing Configuration Management Software
Agent v/s Agent-less Architecture
• Agent based CM are “pull based”
• Agent on managed device connects with master for config information periodically
• Changes made on master are pulled down and executed
• Agent-less CM are “push based”
• CM scripts are run on the master
• Scripts connect to the managed device and execute the tasks
• No timer, control lies with the master
• Ansible is agent-less
1.DEFINE USING DECLARATIVE LANGUAGE 2. SIMULATE DEPLOYMENT
4. REPORT
Re-usable infrastructure-as-code
Define Desired State of Nodes
Before deploying changes, put node
into simulation state
Automatically and reliablyInsight into changes
DESIRED STATE
CURRENTSTATE
3. ENFORCE SYSTEM TO DESIRED STATE
}
PuppetNexus 3/9k
Shipping
Chef
• Chef Supermarket: Repository of all chef
agents, Cisco agent RPM will be posted here
and on Github
• Chef Client: Installed on every node under
management and will execute configuration
tasks specified in the run-list
• Chef Server: Local Repository of cookbooks,
policies for application on infrastructure
Nexus 3/9k
Shipping
Puppet Master Server
Native Linux Service
/etc/init.d/puppet.d
NX-OS
Cisco Puppet Agent
Cisco Puppet Module
Linux Software Repository Server
Yum/RPM install
puppet.rpm
• Cisco Puppet Agent RPM/software package
posted to Puppetforge and Open Sourced to
Github
• Install Cisco Puppet Module on Puppet
Master
• Yum install Puppet Agent rpm on switches
• Switch Agent periodically will poll Puppet
Master for updated catalog and attempt to
converge switch to desired state
Ansible
• Agentless
• Support for multiple scripting languages
• Orchestration
• Simplicity
• Human Readable Files (YAML)
Nexus 3/9k :
Shipping
Nexus 5-7K :
Q2CY15 with
NX-API
• Inventory
• List of hosts to manage, can be categorized in groups
• Task
• A granular work item to perform on node. Eg : install package
• Play
• A set of tasks to perform on the node
• Playbook
• A collection of Plays
• Idempotence
• If desired state is reached, subsequent runs result in no-op
Some Ansible Terminology
• Ansible runs on a server
• Playbooks, Inventory present on the server
• When a Playbook is executed :
• Ansible SSHes into the managed device
• Copies a Python script to /tmp
• The Python script gets locally executed on the managed device using its Python stack
How Ansible Typically Works
• Use Ansible in local mode – connect via NX-API
• 3rd Party Open Source Library for NX-API connection : pycsco
• 3rd Party Ansible Modules on Github: nxos-ansible
• Eliminates need for Python on switch
• Instead of NX-API we could also :
• Use Netconf
• Use CLI (Expect Libraries)
How Ansible Works with Nexus
Nexus 3/9k :
Shipping
Nexus 5-7K :
Q2CY15 with
NX-API
DEMO
Operational Data Collection
Demo – Gather Operational Data
• Summary
• Gather operational data from multiple switches
• Description• Playbook to gather show version, related information from all nodes listed in inventory file
• Dump the gathered information to different files, each named after the switch hostname
• Script : https://github.com/datacenter/nxos/blob/master/ansible/nexus_get_facts.yml
Putting it all Together
Use Cases
Automation ComplexityRis
k
Network MonitoringAutomated Troubleshooting
and Data Visibility
Automated Provisioning
Scripted Pre-Provisioning
Subset of Existing Management Tools
DevOps Workflows
Custom Integration
Self Healing and Adaptive Networks
Real Time
Provision
Passive
Event Triggered Scripts
NX-API, Netconf, XMPP
Python
Puppet/Chef/
Ansible
POAP/PXE
EEM
• “Programmability” have various connotations: clarify the context!
• Nexus switches support multiple technologies
• Evolution of protocols towards open APIs
• DevOps and Configuration Management:Leverage existing IT Management Best Practices
• Crowd Source, Reuse ! Github, Open source code
Key Takeaways
• Getting started with Python
• codeacademy.org, MOOCs (Coursera)
• Github
• https://github.com/datacenter/nxos (Scripts used in this session are posted here)
• https://github.com/datacenter/nexus9000
• https://github.com/datacenter/nexus7000
• NX-API DevNet Community - https://developer.cisco.com/site/nx-api/
• Breakout Session Videos on Youtube-https://www.youtube.com/playlist?list=PLSnd2FpPvsTwr96p8S-0kNzd-dhg7RFZ7
Additional Resources
Participate in the “My Favorite Speaker” Contest
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle @abhinav_m
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could Be a Winner
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification
Cisco Data Center CCIE Unified Fabric
Workshop (DCXUF);
Cisco Data Center CCIE Unified Computing
Workshop (DCXUC)
Prepare for your CCIE Data Center practical exam with hands on lab
exercises running on a dedicated comprehensive topology
CCIE® Data Center
Implementing Cisco Data Center Unified Fabric
(DCUFI);
Implementing Cisco Data Center Unified
Computing (DCUCI)
Obtain the skills to deploy complex virtualized Data Center Fabric and
Computing environments with Nexus and Cisco UCS.
CCNP® Data Center
Introducing Cisco Data Center Networking
(DCICN); Introducing Cisco Data Center
Technologies (DCICT)
Learn basic data center technologies and how to build a data center
infrastructure.
CCNA® Data Center
Product Training Portfolio: DCAC9k, DCINX9k,
DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K
Get a deep understanding of the Cisco data center product line including
the Cisco Nexus9K in ACI and NexusOS modes
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Network Programmability Cisco Education OfferingsCourse Description Cisco Certification
Integrating Business Applications with Network
Programmability (NIPBA);
Integrating Business Applications with Network
Programmability for Cisco ACI (NPIBAACI)
Learn networking concepts, and how to deploy and troubleshoot
programmable network architectures with these self-paced courses.
Cisco Business Application
Engineer Specialist Certification
Developing with Cisco Network Programmability
(NPDEV);
Developing with Cisco Network Programmability
for Cisco ACI (NPDEVACI)
Learn how to build applications for network environments and effectively
bridge the gap between IT professionals and software developers.
Cisco Network Programmability
Developer Specialist Certification
Designing with Cisco Network Programmability
(NPDES);
Designing with Cisco Network Programmability
for Cisco ACI (NPDESACI)
Learn how to expand your skill set from traditional IT infrastructure to
application integration through programmability.
Cisco Network Programmability
Design Specialist Certification
Implementing Cisco Network Programmability
(NPENG);
Implementing Cisco Network Programmability
for Cisco ACI (NPENGACI)
Learn how to implement and troubleshoot open IT infrastructure
technologies.
Cisco Network Programmability
Engineer Specialist Certification
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
Thank you