Professional Documents
Culture Documents
CCIE ET Programmability PDF
CCIE ET Programmability PDF
Network Engineers
CCIE Evolving Technologies Blueprint
Jeff McLaughlin
Principal Technical Marketing Engineer
June 19, 2018
Your Host
• CCIE Routing/Switching (2004)
• Fun Stuff Studied: DLSw+, ATM, ISDN
• CCIE Security (2008)
• Fun Stuff Studied: NAC Framework, PIX, VPN 3k concentrator
• JNCIE Service Provider (2014, expired)
• CCIE Subject Matter Expert (Programmability/Automation)
• Principal TME in Enterprise business unit
• Manager of TME team for programmability and SD-Access
• http://www.subnetzero.info
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco
Cisco Confidential
Public
• CCIE ET Programmability
Overview
• Why Programmability
• Structured Data/YANG Models
Agenda • NETCONF/RESTCONF
• Config Mgmt Tools
• APIs
• Conclusion
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CCIE Evolving Technologies 1.1 Blueprint
This domain, worth 10 percent overall, ensures that all CCIE/CCDE candidates have a
clear understanding of important cloud, network programmability, and IoT concepts.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why automation and programmability?
hostname switch1
int g0/0
ip address 10.1.1.11/24
vlan 100,200,300
.
Needs to configure
Administrator
.
.
hostname switch6
int g0/0
ip address 10.1.1.16/24
vlan 100,200,300
...
* pseudo-code
DNA Center
int g0/0
ip address 10.1.1.0/24
no shutdown
router bgp 65001 CLI
router-id 172.17.1.99
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 40000
NF
neighbor 192.168.3.2 remote-as 50000 NETCO
address-family ipv4 unicast
neighbor 192.168.1.2 activate
network 172.17.1.0 mask 255.255.255.0
exit-address-family
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
REST
1 User types command into Webex
Teams 2 Command pulled down by script
3 Script sends NETCONF request 4 Switch replies via NETCONF with data
NETCONF
EEM
2 Change detected by EEM
3 EEM
© 2017 Cisco and/or its affiliates. All rights reserved.
CiscoTriggers
Cisco Confidential
Public on-box Python script
20
Structured Data/YANG
Models
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Human-Oriented Interface
Machine-Oriented Interface
Un-structured
Structured
{
<user1>
<name>John Smith</name>
<age>42</age>
First User
<phone>+1-415-555-1212</phone>
</user1>
{
<user2>
<name>Sarah Kim</name>
Second User <age>27</age>
<phone>+1-718-555-1212</phone>
</user2>
{
<interfaces xmlns:=“[…]yang:ietf-interfaces”> "ietf-interfaces:interfaces": {
<interface> "interface": [
{
<name>eth0</name> "name": "eth0”,
<type>ethernetCsmacd</type> "type": "ethernetCsmacd”,
<location>0</location> "location": "0”,
<enabled>true</enabled> "enabled": true,
<if-index>2</if-index> "if-index": 2
}
</interface> ]
</interfaces> }
}
NETCONF/RESTCONF RESTCONF
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco
Cisco Confidential
Public
29
Error!
<interface>Gigabit 1/0</interface>
<ifaddr>10.0.0.1/24</ifaddr>
Sends
Expecting
Expecting:
<interface>
<name>Gigabit 1/0</name>
<address>10.0.0.1/24</address>
</interface>
<interface>Ethernet 0/0</interface>
<name>Switch1 to UCS1</name>
<ipaddr>1.1.1.1/24</ipaddr>
<ifname>Ethernet 0/0</ifname>
<ifalias>Switch1 to UCS1</ifalias>
<ifaddr>1.1.1.1/24</ifaddr>
container ip {
list vrf { vrf red
rd 1:1 <vrf>red</vrf>
leaf rd
<rd>1:1</rd>
}
}
<vrf>red</vrf>
<rd>1:1</rd>
container ip {
vrf red
list vrf {
leaf rd rd 1:1 XML
}
}
{“vrf”: “red”
YANG Data “rd”: “1:1”}
Model
JSON
https://github.com/YangModels/yang/tree/master/vendor/cisco
We can write configuration data (think “conf t”), Operational data is read-only.
and we can read configuration data (think “show
run”).
Challenge: Write a Python script to go through the list of nearly 500 running
processes and print the names of only those with runtime of 10 seconds or greater.
-Stackexchange user
Challenge: Write a Python script to go through the list of nearly 500 running
processes and print the names of only those with runtime of 10 seconds or greater.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NETCONF RESTCONF gRPC
MESSAGES RPC
• Transactional
• Either all configuration is applied or nothing
• Avoids inconsistent state
• Both at Single Device and Network-wide level
• Error Management
• OK or error code
• Capability Exchange
ssh -p 830 admin@172.26.249.169 -s netconf
50
Main NETCONF Operations
Running running-config
Start-up startup-config
52
NETCONF Error Options
C3850-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
C3850-1(config)#aaa new-model
C3850-1(config)#aaa authentication login default local Enable AAA
C3850-1(config)#aaa authorization exec default local
C3850-1(config)#username admin password cisco
REST RESTCONF
GET
POST
API PUT
DELETE
55
RESTCONF protocol stack
Cat9k-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
• Not a standard!
http://www.grpc.io
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco
Cisco Confidential
Public
GPB (Google Protocol Buffers )
60
DEMO: YANG/NETCONF
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Configuration Management
Tools
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Configuration Management Tools
Desired State
(Intent)
configuration
Playbook
Play
Task
Module
http://docs.ansible.com/ansible/latest/YAMLSyntax.html
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco
Cisco Confidential
Public
Ansible Inventory
Common options:
• -u admin -k -K username and password at runtime
• -l 172.26.249.42 single or list of hosts
• -i ./hosts overrides inventory files
• -v verbose output
• -vvvv connection debug
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New e-Book!
http://cs.co/IOS-XE-Programmability-Book
• Learning Labs
• Sandboxes
• API Documentation
• Python, YDK, REST
• And More!
http://developer.cisco.com
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco
Cisco Confidential
Public
73
"If a thing is worth doing, it is worth doing
badly." - G.K.
Chesterton