BRKSDN 2935

BRKSDN-2935
From Zero to
Network Programmability
in 90 minutes
Gabriel Zapodeanu
Technology Solutions Architect, Cisco Systems
gzapodea@cisco.com @zapodeanu,
github.com/zapodeanu zapodeanu
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKSDN-2935
BRKSDN-2935 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda
• Programmability? Why?
• Coding Essentials
• YANG Data Models
• JSON and XML
• NETCONF and RESTCONF
• REST APIs
• API Docs
• Python
• Programmability Use Case
• Remote Access Overview
• Elastic Remote Network Access (ERNA)
• Lessons Learned
• 90 Minutes to Your Application
• Summary
Agenda
• JSON and XML
• REST APIs
• API Docs
• Python
• Lessons Learned
• Summary
Programmability Skills
Andrew Lerner, Gartner:

https://blogs.gartner.com/andrew-lerner/2017/12/20/pragmatic-data-center-networking/?utm_medium=mailing&utm_campaign=NetAutSol
Why Network Programmability
Automation Integration Innovation
Programmability Use Cases
High
Security
Dynamic
Compliance
Application Configuration
Performance
Troubleshooting
Business Change Control
Value Green Field
Optimization
Design
Operations
Monitoring
Low
Low Business Risk High
Programmability Benefits
• Innovation and business agility

• Accelerated time to market
• Service delivery optimization
• Highly skilled architects and engineers focus on business
• Cost reduction and increased efficiencies
• Improved network availability due to reduced human error
Agenda
• JSON and XML
• REST APIs
• API Docs
• Python
• Lessons Learned
• Summary
What Are Data Models
• Data models are conceptual representations of data

• Define what data is required
• Define the format to represent data
• Enable access by multiple applications, or protocols
• Do not contain any data
YANG
• Yet Another Next Generation (YANG)
data modeling language – RFC 6020
• Describes network devices data
models
• YANG modules are hierarchical tree
structures for organizing data
• YANG data models are composed of
modules and sub-modules which
represent individual YANG files
YANG Data Models
• Used to model configuration and state data
NETCONF RESTCONF gRPC • Open - Standards based
YANG Data Models
(IETF, OpenConfig, …), supported by all vendors
Native –
Open Native
•
Configuration and Operation • Vendor and platform specific (Cisco IOS XE, XR…)
• Models augmented or deviated
Device Features
SNMP
• Where can I find the YANG data models?
Interface BGP QoS ACL … • Network devices
• https://github.com/YangModels/yang
YANG Tools
• YANG Explorer
• Pyang – Python library
• YANG Catalog
Search Tools for

YANG Data Models
Agenda
• JSON and XML
• REST APIs
• API Docs
• Python
• Lessons Learned
• Summary
Client to Server - Data Exchange
• We need to send and receive data, to and from the network device
• How do we select the IP address in these outputs?
GigabitEthernet1 is up, line protocol is up
Description: TO_vSWITCH0 {
Internet address is 172.16.11.11/24 "description": " TO_vSWITCH0",
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, "ipv4Address": "172.16.11.11",
reliability 255/255, txload 1/255, rxload 1/255 "ipv4Mask": "255.255.255.0",
Encapsulation ARPA, loopback not set "portName": "GigabitEthernet1",
Keepalive set (10 sec) }
Full Duplex, 1Gbps, media type is RJ45
CLI is not structured data JSON is structured data

• Exchange of structured data is critical:
• Easy for client application and server to process
• Common formats – JSON and XML
JSON - JavaScript Object Notation
• JSON
• Lightweight data-interchange format { “key”: ”value” }
• Easy for humans to read and write Cisco DNA Center - Get Interface API: JSON
• Wide applications support to parse and
{
generate "className": "GRETunnelInterface",
"status": "up",
• import json "interfaceType": "Virtual"
"pid": "C9300-48U",
• The Python standard library "serialNo": "FCW2123L0N3",
"portName": "Tunnel201" ...
• Encode/Decode Python types to JSON }
• This command is required in Python

REST APIs and RESTCONF support
• Json.org – extensive JSON resource
JSON and XML
XML - eXtensible Markup Language
{ <tag><value></tag> }
• XML
NETCONF Get Interface: XML
• Store and transport data
{
• Designed to be self-descriptive <interface>
• Language independent <name>GigabitEthernet1</name>
<description>TO_vSWITCH0</description>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:
• XML vs HTML: iana-if-type">ianaift:ethernetCsmacd</type>
<enabled>true</enabled>
• XML was designed to carry data <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
• HTML was designed to display data <address>
<ip>172.16.11.11</ip>
<netmask>255.255.255.0</netmask>
• Python support: </address>
</ipv4>
• Multiple libraries to help parsing xml </interface>
}
• XML resource -
https://www.w3schools.com/xml REST APIs and RESTCONF support JSON and XML
NETCONF supports only XML
YANG Relationship to JSON and XML
JSON XML
{ {
"ipv4Address": "172.16.11.11", <interface>
"ipv4Mask": "255.255.255.0", <name>GigabitEthernet1</name>
"portName": "GigabitEthernet1", <description>TO_vSWITCH0</description>
"description": " TO_vSWITCH0", <address>
} <ip>172.16.11.11</ip>
</address>
</interface>
}
Configuration YANG Data Models

Data
Configuration
Open Native
Data
Configuration and Operation
interface GigabitEthernet1
description TO_vSWITCH0
ip address 172.16.11.11 255.255.255.0
Agenda
• JSON and XML
• REST APIs
• API Docs
• Python
• Lessons Learned
• Summary
NETCONF - Network Configuration Protocol
• Rich functionality to manage configuration
and operational (state) data
NETCONF
• Client (application) initiates connection
(using SSH port 830) towards server
(network device)
SSH
• Capability exchange during session
initiation, XML encoding
• Supports running, candidate and startup XML
configurations
• Methods: <get-config>, <edit-config>,
<get>, … YANG
• Operations defined as RPCs
NETCONF RPC Request
from ncclient import manager
import xml
import xml.dom.minidom
SSH Connection Info:
with manager.connect(host= RW_HOST, port=PORT, username=USER, network device
password=PASS, hostkey_verify=False, username/password
device_params={'name': 'default'}, TCP Port
allow_agent=False, look_for_keys=False) as m:
(default 830)
# XML filter to issue with the get operation
# IOS-XE 16.6.2+ YANG model called "ietf-interfaces"
interface_filter = '''
<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
Filter <interfaces-state xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>GigabitEthernet1</name>
</interface>
</interfaces-state>
</filter>
Method '''
result = m.get(interface_filter) Parsing XML

xml_doc = xml.dom.minidom.parseString(result.xml)
NETCONF Response
<rpc-reply message-id="urn:uuid:50bf9d6e-7e5c-4182-ae6b-972a055ceef7"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<interfaces-state xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<admin-status>up</admin-status>
<oper-status>up</oper-status>
<phys-address>00:0c:29:6c:81:06</phys-address>
<speed>1024000000</speed>
<statistics>
<in-octets>5432293472</in-octets>
<in-unicast-pkts>28518075</in-unicast-pkts>
……………
<out-octets>2901845514</out-octets>
<out-unicast-pkts>18850398</out-unicast-pkts>
</statistics>
</interface>
</interfaces-state>
</data></rpc-reply>
NETCONF in Action
RESTCONF Protocol
• RESTful like API to manage

configuration and operational data RESTCONF
defined in YANG
• Uses HTTP(S) as transport HTTP / HTTPS
• Client-Server connection, stateless

on the server side JSON XML
• Uses XML or JSON for encoding
• Common REST APIs methods: YANG
• get, post, put, delete, patch
RESTCONF Request
URL API Resource
url = 'https://RO_HOST/restconf/data/interfaces-state/interface=GigabitEthernet1'
Device
Headers
header = {'Content-type': 'application/yang-data+json',
'accept': 'application/yang-data+json'}
Method Authentication
response = requests.get(url, headers=header, verify=False, auth=ROUTER_AUTH)
interface_info = response.json() Parsing JSON

oper_data = interface_info['ietf-interfaces:interface']
RESTCONF Response
{
"ietf-interfaces:interface": {
"name": "GigabitEthernet1",
"admin-status": "up",
"oper-status": "up",
"last-change": "2018-01-17T21:49:17.000387+00:00",
"phys-address": "00:0c:29:6c:81:06",
"speed": 1024000000,
"statistics": {
"in-octets": 5425386232,
"in-unicast-pkts": 28489134,
……………
"out-octets": 2899535736,
"out-unicast-pkts": 18844784
}
}
}
RESTCONF in Action
NETCONF and RESTCONF
<rpc-reply message-id="urn:uuid:50bf9d6e-7e5c-4182-ae6b- {
972a055ceef7" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" "ietf-interfaces:interface": {
xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
"name": "GigabitEthernet1",
<data>
"admin-status": "up",
<interfaces-state xmlns="urn:ietf:params:xml:ns:yang:ietf- "oper-status": "up",
interfaces">
"last-change": "2018-01-17T21:49:17.000387+00:00",
<interface>
"phys-address": "00:0c:29:6c:81:06",
"speed": 1024000000,
<admin-status>up</admin-status>
"statistics": {
<oper-status>up</oper-status>
"in-octets": 5425386232,
<phys-address>00:0c:29:6c:81:06</phys-address>
"in-unicast-pkts": 28489134,
<speed>1024000000</speed>
……………
<statistics>
"out-octets": 2899535736,
<in-octets>5432293472</in-octets>
"out-unicast-pkts": 18844784
<in-unicast-pkts>28518075</in-unicast-pkts>
}
……………
}
<out-octets>2901845514</out-octets>
}
<out-unicast-pkts>18850398</out-unicast-pkts>
</statistics>
</interface>
</interfaces-state>
</data></rpc-reply>
YANG Data Models
Network Device APIs
RESTCONF NETCONF
HTTPS HTTPS SSH (830)
{ {
"description": " TO_vSWITCH0", <address>
} <ip>172.16.11.11</ip>
</address>
</interface>
}
Configuration YANG Data Models

Data Configuration
Open Native
Data
Configuration and Operation
interface GigabitEthernet1
description TO_vSWITCH0
ip address 172.16.11.11 255.255.255.0
Agenda
• JSON and XML
• REST APIs
• API Docs
• Python
• Lessons Learned
• Summary
What is REST?
• REST – Representational State Transfer
• Client-server communications
• Stateless - client side could maintain session state, the server does not
• An architecture style for designing networked applications
• It is not a standard
• First edition of REST – between October 1994 and August 1995

• Published in 2000 by Roy Thomas Fielding, PhD Thesis Dissertation
“Architectural Styles and the Design of Network-based Software
Architectures”
What is REST API?
• API – Application Programming Interface
• Set of subroutine definitions, protocols, and tools for building application software
• Specifies how software components should interact with each other
• Many types of APIs exist, not only RESTful API’s
• RESTful API’s - Use HTTP requests to Create/Read/Update/Delete (CRUD)
operations:
• Creates a new resource
• Retrieves/Read a resource
• Updates an existing resource
• Deletes a resource.
How to Make a REST API Call
• REST APIs are centered around an HTTP request and response model
• Consuming an API is as simple as making an HTTP request
• Transport Protocol: HTTP/HTTPS
Request
Response
Client
Application Server
Your Application
REST API Request Components
• URL: Application Server and the API resource
• Authentication: HTTP Basic, Custom, OAuth, none
• Headers: HTTP Headers, example: Content-Type: application/json
• Request Body: JSON or XML - the data needed to complete request
• Method (CRUD) :
• POST - Creates a new resource
• GET - Retrieves/Read a resource
• PUT - Updates an existing resource
• DELETE - Deletes a resource.
REST API Request
Retrieve the Cisco DNA Center information for the client with the IP address {client_ip}
def get_client_info(client_ip, dnac_jwt_token):
User defined function
URL Application Server API Resource
url = DNAC_URL + '/api/v1/host?hostIp=' + client_ip
Headers Authentication
header = {'content-type': 'application/json', 'Cookie': dnac_jwt_token}
Method
response = requests.get(url, headers=header, verify=False)
client_json = response.json()
client_info = client_json['response'][0]
Parsing JSON
return client_info
REST API Response Components
• HTTP Status Codes
• 2xx Success - 200 OK, 201 Created
• 4xx Client Error - 400 Bad Request, 401 Unauthorized, 404 Not Found
• 5xx Server Error - 500 Internal Server Error
• Headers
• Content-Type – JSON or XML, cache control, date, encoding
• Response Body
• Payload with requested data formatted in JSON, XML, or other types
REST API Response
Retrieve the Cisco DNA Center information for the client with the IP address {client_ip}
Response 200 / success HTTP Status Codes
Cache-Control →no-cache
Content-Type →application/json;charset=UTF-8 Headers
…
{
"hostIp" : "10.93.140.35" ,
"hostMac" : "00:0c:29:6d:df:40" ,
"hostType" : "wired" ,
"connectedNetworkDeviceId" : "601c9ead-576c-402d-bcb1-224235b1e020" ,
"connectedNetworkDeviceIpAddress" : "10.93.140.50" ,
"connectedInterfaceId" : "eb613db0-0994-44ec-9146-1b65346f3d07" ,
"connectedInterfaceName" : "GigabitEthernet1/0/13" ,
"connectedNetworkDeviceName" : "NYC-9300" ,
JSON Response Body
"vlanId" : "123" ,
"lastUpdated" : "1528324633014" ,
"accessVLANId" : "123" ,
"id" : "841f9433-0d2c-4735-afe8-beb7547b7883"
}
REST API Request and Response Exchange
url = DNAC_URL + '/api/v1/host?hostIp=' + client_ip
header = {'content-type': 'application/json', 'Cookie': dnac_jwt_token}
client_response = requests.get(url, headers=header, verify=False)
Request
Client
Cisco DNA Center
Your Application Response
{
"hostIp" : "10.93.140.35" ,
"hostMac" : "00:0c:29:6d:df:40" ,
"hostType" : "wired" ,
The response value will "connectedNetworkDeviceIpAddress" : "10.93.140.50" ,
be assigned to variable "connectedInterfaceName" : "GigabitEthernet1/0/13" ,
client_response "connectedNetworkDeviceName" : "NYC-9300" ,
"vlanId" : "123" ,
…
}
client_json = client_response.json()
client_info = client_json['response'][0] Parse JSON
REST API in Action
Agenda
• JSON and XML
• REST APIs
• API Docs
• Python
• Lessons Learned
• Summary
API Docs – Cisco DNA Center
• To know what to send and

expect to receive back
• Docs are essential, REST APIs
are an architectural style not a
standard
• Quality of API docs is the
most important factor in API
adoption
API Docs – Cisco DNA Center
Some of the API Docs

include:
• Try It - Test API’s
without writing any code
• Code Preview - Create
sample code in several
different programming
languages
Agenda
• JSON and XML
• REST APIs
• API Docs
• Python
• Lessons Learned
• Summary
Programming Languages
• Automate and script actions using:

• Network Device APIs
• Controller APIs
• Applications APIs
• Integrate with business applications

• Many programming languages choices:
• Python, Ruby, Go, JavaScript, C# ….
• Developers, your peers have preferences
Programming Language - Python
• Ease of use for automation

• Python is simple to learn, general
purpose
• Wide support on Cisco devices and
Cisco software
• Great choice for network engineers
Why Should You Learn Python
• Extensive libraries, including for

machine learning
• Rich and active support communities
• Most of the SDKs will be in Python
• Python is the most wanted language -

2017, 2018 Credits: Stack Overflow
Ref: https://stackoverflow.blog/2017/09/06/incredible-growth-python/
Use Case APIs
ServiceNow
• The presented use case
written in Python will Rest APIs
use:
Application
• REST API’s Written in Python
• Controllers
• Firewalls Rest APIs
NETCONF
RESTCONF
• Collaboration
• DC Orchestration
• NETCONF and RESTCONF Webex DC Cisco ASA IOS
• IOS XE network devices Teams Automation DNA Center NGFW XE
operational data
Infrastructure
• ServiceNow REST APIs
Agenda
• JSON and XML
• REST APIs
• API Docs
• Python
• Lessons Learned
• Summary
Remote Network Access
• Vendors, contractors, IT engineers and developers need
access to devices or systems, inside the Enterprise
network (IP-enabled Devices – IP-Ds)
• Typically required for:
• Normal mode of operations, while providing services
• Software upgrades, patching and monitoring
• Troubleshooting
• Proof of Concepts and testing of new applications
• Encountered in all industries: Utilities, Healthcare, Retail,

Manufacturing, …
• These IP-enabled Devices (IP-Ds) may be connected
anywhere in the Enterprise Network
Agenda
• Architecture
• Implementation
• Flowchart
• Smart Configurations
• Utilized APIs
• Demo
• Lessons Learned
• Summary
Elastic Remote Network Access Requirements
Remote Access to IP-enabled Devices – IP-Ds
• On-demand or pre-scheduled access

• Dynamically provisioned network access
• Dissolvable as soon as work completed
• Provide support for any applications and protocols
• Scalable and secure
• Include approval process and recording of script
executions
• Network access request to be provisioned in minutes
High Level Architecture
End User Interface
Data Center Orchestration
Elastic Remote
Network Access Security Management
Application
Controller
Validation
Record
High Level Architecture - Components
End User Interface Webex Teams
Data Center Orchestration UCSD
Elastic Remote
Network Access Security Management ASAv
Application
Controller Cisco DNA Center
Validation Cisco DNA C, Device API
Record ServiceNow
High Level Architecture – Functional
Requirements • End User Interaction with the application
• Input access requests/receive approval
• Receive notifications
• Update status
• Compute provisioning
• Storage configuration
• Network provisioning
End User Interface Webex Teams
• Workflow automation
Data Center Orchestration UCSD
• Firewall configuration - add and
Elastic Remote remove Access Control Lists Entries
Network Access Security Management ASAv
Application
• Information about:
Controller Cisco DNA Center • Clients, Network Devices
• Topology physical and logical
Validation Cisco DNA C, Device API
• Configuration management
Record ServiceNow • Network Configuration Validation

• Path Trace
• Operational Data
• NETCONF, RESTCONF
• ITSM integration
• Create incident to record access,
and all configurations changes
Agenda
• Architecture
• Implementation
• Flowchart
• Utilized APIs
• Demo
• Lessons Learned
• Summary
Network Configurations
!
interface Loopback200
ip address 10.93.140.49 255.255.255.255
!
interface Tunnel201
ip vrf SECURE_REMOTE ip address 10.93.140.46 255.255.255.252
rd 201:1 tunnel source Loopback200
route-target export 201:1 tunnel destination 10.93.140.48
route-target import 201:1 keepalive
! !
interface Loopback200 !
ip address 10.93.140.48 255.255.255.255 router eigrp 123
! network 10.93.140.49 0.0.0.0
interface Tunnel201 !
ip vrf forwarding SECURE_REMOTE router eigrp 201
ip address 10.93.140.45 255.255.255.252 network 10.93.140.46 0.0.0.0
tunnel source Loopback200 redistribute static route-map REMOTE_ACCESS
tunnel destination 10.93.140.49 exit
keepalive !
! ip route $IPD 255.255.255.255 Vlan$VlanId
interface GigabitEthernet3 !
description to_SECURE_REMOTE ip prefix-list REMOTE_ACCESS_PLIST seq 5 permit $IPD/32
ip vrf forwarding SECURE_REMOTE
!
ip address 172.16.202.1 255.255.255.0
route-map REMOTE_ACCESS permit 10
negotiation auto
match ip address prefix-list REMOTE_ACCESS_PLIST
!
router eigrp 123
network 10.93.140.48 0.0.0.0 Customize configurations for
redistribute static the location of the IPD:
redistribute connected - Access VLAN
!
router eigrp 201 - IP-D IP address
address-family ipv4 vrf SECURE_REMOTE
network 10.93.140.45 0.0.0.0
network 172.16.202.1 0.0.0.0
autonomous-system 201
exit-address-family
GRE tunnel
Customize Firewall rules

using the IP-D IP address
access-list outside_access_in line 1 extended permit ip host 172.16.203.50 host $IPD

BRKSDN-2935 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Architecture
• Implementation
• Flowchart
• Utilized APIs
• Demo
• Lessons Learned
• Summary
ERNA Flowchart
Application DNS Timer Timer Activity
ERNA Start Lookup Started Expired Log
Webex End-User Requests Access Access

Teams Requests Access Approval Provisioned De-provisioned
Workflow Workflow
DC
Initiated Initiated
Get Config IP Config IOS XE APIs

Cisco DNA Center Auth JWT Remote SW Interface Status
Config & Job Status
Validation
Switch and Router
and
Locate IP-D Config Check Cisco DNA C
IOS XE APIs Switch/VLAN DC Router Job Status Path Trace
ASAv ASAv
ASAv
Config Config
ServiceNow ServiceNow
ServiceNow
Incident Update
Provisioning De-provisioning
Agenda
• Architecture
• Implementation
• Flowchart
• Utilized APIs
• Demo
• Lessons Learned
• Summary
Smart Configurations Deployment
• No duplicate IPv4 addresses

• Business Rules
• History of configuration deployments and approval
Duplicate IPv4 Address Prevention
• Simple Python application using Cisco DNA Center Platform APIs and
Python file and string operations
• Process each CLI template file before deployment
• Select the new IPv4 addresses to be configured
• Validate if proper IPv4 format and valid IPv4 addresses
• Verify using Cisco DNA Center APIs if IPv4 addresses already in use by:
• Network device interfaces (either up or down)
• Connected clients, wired or wireless
Duplicate IPv4 Address
Prevention In Action
Business Rules
• Enforce the business

policies:
• Limit device
configurations during
business hours
• Restrict vendor access
only to assets they are
allowed to
History of Approval and Configuration Deployment Status
Collect logs for tracking, compliance
• Vendor identity
• IP-D info – switch and access VLAN, physical location
• Time of day and day of the week
• Approved/denied access
• Configuration deployment successful or failed
• Validation of path segmentation
• Interface tunnel status and counters for traffic statistics
• This collection of rich data is very valuable
ERNA Lab Testing Logs
Machine Learning (ML)
• Machine learning is an application of Artificial Intelligence (AI) that provides systems
the ability to automatically learn and improve from experience without being explicitly
programmed.
• Good news, the heavy work is done for us
• ML libraries:
• TensorFlow
• Microsoft Cognitive Toolkit
• And many more …
• Use the logs we created to “learn”, and help

us to make better decisions https://www.tensorflow.org/
• Most popular programming language for ML/DL is Python
Agenda
• Architecture
• Implementation
• Flowchart
• Utilized APIs
• Demo
• Lessons Learned
• Summary
Webex Teams APIs Functions

Workflow Workflow
DC
Initiated Initiated

Config & Job Status
Validation
Switch and Router
and
ASAv ASAv
ASAv
Config Config
ServiceNow
Incident Update
Webex Teams API calls
• Cisco Webex teams as an user interface and messaging platform
• Vendor requests remote access an IP-enabled device
• Approval process
• API calls to Webex Teams:
• Check for messages
• Find the user identity
• Post messages
• Create/delete spaces
• Membership Operations
Webex Teams API Request
Retrieve the last message and user info from the room with {room_id}
WEBEX_AUTH = 'Bearer ' + ’ZTc0ZGUzNTctMWFlNC00ODQzLWFkYWEtM…’
Authentication
User Defined Function
def last_webex_room_message(room_id):
URL
url = WEBEX_URL + '/messages?roomId=' + room_id Authentication
Headers
header = {'content-type': 'application/json', 'authorization’: WEBEX_AUTH}
response = requests.get(url, headers=header)
Method
list_messages_json = response.json()
list_messages = list_messages_json['items']
last_message = list_messages[0]['text'] Parsing JSON
last_user_email = list_messages[0]['personEmail']
return last_message, last_user_email
Webex Teams API Response
Retrieve the last message and user info from the room with {room_id}
"items" : [ Response Body

{
"id": "Y2lzY29zcGFyazovL3VzL01FU1NBR0UvOD…",
"roomId": "Y2lzY29zcGFyazovL3VzL1JPT00vYTllYWIyO…",
"roomType": "group",
"text": "The user with this email gzapodea@cisco.com asked access to IPD
for 60.0 minutes",
"personId": "Y2lzY29zcGFyazovL3VzL1BFT1BMRS8zZDJmMTZjZC01…",
"personEmail": "gzapodea@cisco.com",
"created": "2018-01-29T13:22:48.957Z”
},
……….
]
last room message : The user with this email gzapodea@cisco.com asked access to IPD
for 60.0 minutes
last_user_email : gzapodea@cisco.com After parsing JSON
Cisco DNA Center APIs Functions

Workflow Workflow
DC
Initiated Initiated

Config & Job Status
Validation
Switch and Router
and
ASAv ASAv
ASAv
Config Config
ServiceNow
Incident Update
Cisco DNA Center Used Capabilities
• Complete inventory of network

devices and clients
• Physical and logical topologies
• Template configuration,
deployment, and job status
• Device synchronization
• Path Trace to validate deployment
• Duplicate IPv4 address prevention
Cisco DNA Center API Request
Retrieve all the information for the device with the Cisco DNA C {device_id}
def get_device_info(device_id, dnac_jwt_token):

URL url = DNAC_URL + '/api/v1/network-device/?id=' + device_id
Headers header = {'accept': 'application/json', ’Cookie': dnac_jwt_token} Authentication
device_response = requests.get(url, headers=header, verify=False)

Method
device_info = device_response.json()
Parsing JSON
return device_info['response’]
Cisco DNA Center API Response
Retrieve all the information for the device with the Cisco DNA C {device_id}
"response": [
{
"type": "Cisco Catalyst 9300 Switch",
"role": "ACCESS",
"lastUpdated": "2018-01-30 05:37:24",
"macAddress": "2c:ab:eb:37:c3:00",
"serialNumber": "FCW2123L0N3", Response Body
"softwareVersion": "16.6.1",
"hostname": "NYC-9300",
"softwareType": "IOS-XE",
"upTime": "53 days, 10:15:04.14,
"managementIpAddress": "10.93.130.21,
"reachabilityStatus": "Reachable,
………
}
]
Cisco DNA Center Platform and Assurance
• Configuration using Cisco DNA Center Platform APIs – template editor
• Customize templates for the IP-D location
• Upload, or update, CLI templates from text files
• Deploy CLI template to the layer 3 Catalyst 9300 access switch
• Deploy CLI template to the DC CSR1000v
• Get CLI deployment job status
• Cisco DNA Center Assurance APIs:
• Device Synchronization, Cisco DNA Center Path Trace
• As a result – a GRE tunnel will be provisioned, routing configured to
allow reachability only from DMZ VDI host to only IP-D host
IOS XE APIs Functions

Workflow Workflow
DC
Initiated Initiated

Config & Job Status
Validation
Switch and Router
and
ASAv ASAv
ASAv
Config Config
ServiceNow
Incident Update
Open IOS XE Operational Data
• Collect operational data from the remote L3 access switch and

DC router
• Tunnel interface operational state and interface counters
• Device APIs used:
• NETCONF to the Catalyst 9300 switch
• RESTCONF to the CSR 1000V router
RESTCONF Request
Get the operational data for the interface with the name {interface}
ROUTER_AUTH = HTTPBasicAuth(USER, PASS)
def get_restconf_int_oper_status(interface): User defined function

URL
url = 'https://' + RO_HOST + '/restconf/data/interfaces-state/interface=' + interface
header = {'Content-type': 'application/yang-data+json’,

'accept': 'application/yang-data+json’} Headers
response = requests.get(url, headers=header, verify=False, auth=ROUTER_AUTH)

Method Authentication
interface_info = response.json()
oper_data = interface_info['ietf-interfaces:interface’]
Parsing JSON
return oper_data
RESTCONF Response
Get the operational data for the interface with the name {interface}
{
"name" : "Tunnel201" ,
"type" : "iana-if-type:tunnel" ,
"admin-status" : "up" ,
"oper-status" : "up" ,
"last-change" : "2018-06-05T00:52:00.000142+00:00" ,
"if-index" : 8 , Response Body
"phys-address" : "00:00:00:00:00:00" ,
"speed" : 102400 ,
"statistics" : {
"discontinuity-time" : "2018-05-18T01:25:47.000868+00:00" ,
"in-octets" : 5106881043 ,
"in-unicast-pkts" : 27845535 ,
"in-unknown-protos" : 0 ,
"out-octets" : 1830179621 ,
"out-unicast-pkts" : 18592521 ,
…
}
}
ASAv API Functions

Workflow Workflow
DC
Initiated Initiated

Config & Job Status
Validation
Switch and Router
and
ASAv ASAv
ASAv
Config Config
ServiceNow
Incident Update
ASAv – Security Configuration
• We will need these operations:
• Find out the inbound Access Control List Id for the
outside interface
• Insert a new ACL Entry to allow data traffic from the
DMZ VDI to the IP-enabled Device IP address
• Delete the ACLE at the end of the de-provisioning
• API Docs - https://asa_ip_address/doc/
• ASA requires an agent to be downloaded,
installed and enabled
• Agents are available for both physical and
virtual ASA’s (ASAv)
ASAv – API Request
Retrieve existing ACL id for the {interface_name}
ASAv_AUTH = HTTPBasicAuth(ASAv_USER, ASAv_PASSW)

Authentication – HTTP Basic
def get_asav_access_list(interface_name):
“””
Find out the existing ASAv interface Access Control List
Call to ASAv - /api/access/in/{interfaceId}/rules
:param interface_name: ASA interface_name Build Code Documentation using PyDoc
:return: Access Control List id number
“”” URL
url = ASAv_URL + '/api/access/in/' + interface_name + '/rules'
header = {'content-type': 'application/json', 'accept-type': 'application/json'}
response = requests.get(url, headers=header, verify=False, auth=ASAv_AUTH)
acl_json = response.json()
Parsing JSON
acl_id_number = acl_json['items'][0]['objectId']
return acl_id_number
ASAv – API Response
Retrieve existing ACL id for the {interface_name}
{
"items" : [
{
"destinationService" : {
"kind" : "NetworkProtocol" ,
"value" : "ip"
} ,
"destinationAddress" : {
"kind" : "IPv4Address" ,
"value" : "172.16.41.55"
} ,
"sourceAddress" : {
"kind" : "IPv4Address" ,
"value" : "172.16.203.50"
} ,
"objectId" : "3677916132" ,
"sourceService" : {
"kind" : "NetworkProtocol" ,
"value" : "ip"
ServiceNow APIs Functions

Workflow Workflow
DC
Initiated Initiated

Config & Job Status
Validation
Switch and Router
and
ASAv ASAv
ASAv
Config Config
ServiceNow
Incident Update
ServiceNow Integration
• Integration with IT Service Management (ITSM) to record:
• Log requests for access and approval info
• Configuration changes to switches, routers, DC and firewalls
• CLI templates deployment status
• Validation:
• Path Trace, operational data
• De-provisioning status
• Use the ServiceNow:
• REST APIs
• SDKs and Cloud Integrations
ServiceNow API Request
Create new incident using the description, comments, user, password and severity
def create_incident(description, comment, username, password, severity):

caller_sys_id = get_user_sys_id(username)
url = SNOW_URL + '/table/incident’ URL
payload =
{'short_description': description,
'comments': (comment + ',Created using APIs by caller: ' + username),
'caller_id': caller_sys_id,
'urgency': severity, Request Body
}
Headers
headers = {'Content-Type': 'application/json', 'Accept': 'application/json’}
response = requests.post(url, auth=(username, password), data=json.dumps(payload),

headers=headers)
Method
incident_json = response.json()
Parsing JSON
return incident_json['result']['number']
ServiceNow API Response
Create new incident using the description, comments, user, password and severity
{
"sys_created_by" : "IOSXE" ,
"number" : "INC0010313" ,
"impact" : "3" ,
"priority" : "4" , Response Body
"sys_id" : "5d6bad014f2213004419ff6f9310c7c0" ,
"opened_at" : "2018-06-05 15:25:06" ,
"short_description" : "ERNA Execution" ,
"caller_id" : {
"link" : https://dev23452.service-now.com/api/now/table/sys_user/d0e8467d4f... ,
"value" : "d0e8467d4f191300…" } ,
"active" : "true" ,
"approval" : "not requested" ,
"parent_incident" : "" ,
"sys_domain_path" : "/" ,
"hold_reason" : "" ,
"activity_due" : "" ,
"severity" : "3" ,
}
ERNA - APIs Summary
• Webex Teams
• Create and delete spaces
• Read and post messages
• Find the identity of users posting messages
• Membership – invite new members to room
• Cisco DNA Center

• Create auth token
• Locate the IP-enabled Device based on the IP address (after DNS resolution)
• Find out the hostname of the layer 3 access switch and the access VLAN, physical location
• Duplicate IP address prevention – Network and Client APIs
• Upload, or update, CLI templates from text file
• Deploy CLI template to the layer 3 access switch
• Deploy CLI template to the data center CSR1000v
• Get CLI deployment status
• Device configuration synchronization
• Path trace, create and retrieve result
ERNA - APIs Summary - continued
• NETCONF
• Check Catalyst 9300 access switch operational data for the interface Tunnel
• RESTCONF
• Check CSR 1000V DC router operational data for the interface Tunnel
• ASAv
• Retrieve existing ASA access list for an interface
• Insert a new access control list entry
• Delete the inserted access control list entry
• ServiceNow
• Create incident, update incident, post comments, close incident
• Others – working with files and strings, logging to files, debugging, regular expressions pattern
matching, DC automation (UCSD – execute workflows)
Agenda
• Architecture
• Implementation
• Flowchart
• Utilized APIs
• Demo
• Lessons Learned
• Summary
Disclaimer
• The sample code in this presentation is intended for learning and
educational purposes only
• The application was created with the goal of ease of understanding
• Software is written based on assumptions that may not apply in your
environment
• It is not intended for use in any production environment without significant
testing, validation and re-write to meet your Enterprise Application
Development Policies
ERNA
Pre-Recorded Demo
Provisioning

Workflow Workflow
DC
Initiated Initiated

Config & Job Status
Validation
Switch and Router
and
ASAv ASAv
ASAv
Config Config
ServiceNow
Incident Update
De-Provisioning

Workflow Workflow
DC
Initiated Initiated

Config & Job Status
Validation
Switch and Router
and
ASAv ASAv
ASAv
Config Config
ServiceNow
Incident Update
ERNA Python code
• The use case code may be found here:
https://github.com/zapodeanu/BRKSDN-2935-Barcelona-2019
• The application written in Python
• CLI templates text files
• The Python modules used
• This code is shared for lab use
and learning only
Agenda
• JSON and XML
• YANG, NETCONF, RESTCONF
• REST APIs
• Python
• API Docs
• Lessons Learned
• Summary BRKSDN-2935 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Lessons Learned
• Think APIs first, CLI second

• Start to automate simple tasks
• Be creative by using APIs
• Your application does not have to be perfect, we are not developers
• Expect to troubleshoot your code, ask for help, check communities
• Join programmability communities
• Remember to have fun!
Agenda
• JSON and XML
• REST APIs
• Python
• API Docs
• Lessons Learned
How to Get Started in 90 Minutes?
Your Development Environment
• Learn about APIs

• Operating system selection
• Programming languages
• Text editors and IDEs
• Labs
• Communities, resources and code repositories
Learn about APIs
• DevNet Express Events
• DevNet learning tracks and labs
• API documentation
• APIs provide “Try it” features
https://developer.cisco.com/events/
Postman
• Postman - REST API client
• Learning and troubleshooting
• Generate code option
Operating System Choices
• Mac OS X, Linux, Windows – they will all work well
• Some advantages for Mac OS X, or Linux
• Isolation between your Python environments, and your OS:
• OS upgrades – what is the impact on your Python environment?
• What are your Python packages going to change in your OS?
• Do you need different Python packages versions for your
applications?
• Python virtual environments – easy to configure, highly
recommended
Operating System Choices - Continued
• Virtual machines –
• Ubuntu – free, easy to install
• Avoid some OS limitations (SSL versions)
• Will consume CPU/Memory
• Will need virtualization software
• Containers –
• Light, very easy to get started
• Application portability
• App Hosting and Guest Shells
• IOS XE
Programing Languages
• Large variety of programming languages: Python, JavaScript, Go,…

• For network engineers – Python
• If you are just starting – Python
• Learn about Python Virtual Environments and libraries
• Find on communities what is the choice for most of your peers
• Take in consideration your developers choice
Resources to Get Started with Python
• Cisco Learning Network:
• Programming for Network Engineers (PRNE), e-Learning
• Network Programmability Specialists:
• Design or Developer Engineer
• Courses and Cisco Certifications
• Cisco DevNet
• Introductory Python and XML/JSON learning modules and labs
• The Hitchhiker’s Guide to Python!
• PluralSight, CodeAcademy, Coursera, …
Text editors and
Integrated Development Environments
• Text editors – all of them will work for writing
Python code
• Advanced text editors will make your life easier:
• Atom, Sublime, Notepad++, TextMate …
• Integrated Development Environments (IDEs):
• Improve your code quality and productivity
• Code inspection and refactoring
• Will integrate with version control systems (VCS),
virtual environments, packages updates, debugging,
error correction
• PyCharm, Eclipse, VIM, Wind IDE, Spyder Python
JSON and
or XML
{ “key”: ”value” } { <tag><value></tag> }
{ {
"description": " TO_vSWITCH0", <enabled>true</enabled>
"status": "up", <address>
"adminStatus": "UP", <ip>172.16.11.11</ip>
"id": "7c274222-4329-47bd-b516-6c32510" <netmask>255.255.255.0</netmask>
... </address>
} </interface>
}
REST APIs and RESTCONF support JSON and XML, NETCONF supports only XML
Labs
• Cisco DevNet Sandboxes

• Cisco dCloud
• CML(Cisco Modeling Labs) and VIRL(Virtual
Internet Routing Labs)
• Your lab:
You may run virtual almost everything
Sandboxes
• DevNet Sandbox:
• Free DevNet Account
• Always-on, or reservation based
• Free, very easy to use and
schedule, nothing for you to
maintain
• Simulated or physical network
equipment
• Available sandboxes: Networking,
Catalyst 9k, Cisco DNA Center,
Security, Data Center,
Collaboration, Meraki, …
Other Labs
• Cisco dCloud:
• Five Data Centers around the world
• Customizable environments
• Enterprise Networking
• Collaboration
• DC
• Security, and more
• You will need a cisco.com account (CCO)
• CML(Cisco Modeling Lab) and VIRL(Virtual Internet Routing Lab)

Proof of Concept Lab
• Your lab may be required for
POC and POV
• Remember most Cisco
software has evaluation
licenses available
• Code development for the use
case:
• Started on DevNet Sandbox
• Tested on POC lab
My Lab
Communities, Resources and Code Repositories
• Cisco DevNet
• Cisco Webex
• Meraki Developers
• GitHub:
• Code hosting platform for
version control and collaboration
90 Minutes to Get Started with Programmability
DevNet, GitHub, Communities Join Communities, Download Sample Code and Run
Labs/Sandboxes DevNet Sandbox, Labs, Learning Tracks, dCloud and Your Lab
Integrated Development
PyCharm, Eclipse, VIM, Sublime, Atom, Notepad++
Environment, Text Editor
Python Install Modules Virtual environments, PIP, Python Packages
Programming Language Python, JS, Go, C# …, JSON and XML
Operating System Mac OS X, Ubuntu, Windows, VMs, Containers
Learn about API’s DevNet Express, Learning Labs, API docs, Postman
Agenda
• JSON and XML
• REST APIs
• Python
• API Docs
• Lessons Learned
Summary
Automation Integration Innovation
Summary
• Software reuse
• Efficiencies: design once, use many
• High availability: enables effective change control
• Flexibility in services delivery: on-demand, consumer driven
• Pervasive security: all network communications can be mapped to security
policies.
• Rapid provisioning and decommissioning with full traceability
• Decoupled from physical infrastructure: as long as there is an API exposed
Questions?
Cisco DNA Center Platform – Partner Solutions
Multiple Partners with Cisco DNA Engage at
Integrations @ CiscoLive Europe
• World of Solutions
Including (but not limited to): • EN Booth Partner Village
• Partner Booths
• Anyweb
• BlueCat • Italtel • Technical Seminars
• BT • LiveAction
• Breakout Sessions
• Conscia • Logicalis
• Dimension Data • MicroFocus • Panel Discussion
• IBM • Nefkens Advies
• IsarNet • Orange • Social Events and Reception
https://developer.cisco.com/ecosystem/dnacenter/
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKSDN-2935
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
Don’t forget: Cisco Live sessions will be available for viewing

on demand after the event at ciscolive.cisco.com
Continue Your Education
Demos in Meet the Related

Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings
Thank you

BRKSDN 2935

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKSDN 2935

Uploaded by

Copyright:

Available Formats

BRKSDN-2935

Andrew Lerner, Gartner:

Automation Integration Innovation

• Innovation and business agility

• Data models are conceptual representations of data

Search Tools for

CLI is not structured data JSON is structured data

• This command is required in Python

Configuration YANG Data Models

• Operations defined as RPCs

result = m.get(interface_filter) Parsing XML

• RESTful like API to manage

• Client-Server connection, stateless

URL API Resource

interface_info = response.json() Parsing JSON

YANG Data Models

HTTPS HTTPS SSH (830)

Configuration YANG Data Models

Configuration and Operation

• First edition of REST – between October 1994 and August 1995

• To know what to send and

Some of the API Docs

• Automate and script actions using:

• Integrate with business applications

• Ease of use for automation

• Extensive libraries, including for

• Python is the most wanted language -

• Encountered in all industries: Utilities, Healthcare, Retail,

• On-demand or pre-scheduled access

End User Interface

Data Center Orchestration

End User Interface Webex Teams

Data Center Orchestration UCSD

Controller Cisco DNA Center

Validation Cisco DNA C, Device API

Record ServiceNow • Network Configuration Validation

Customize Firewall rules

access-list outside_access_in line 1 extended permit ip host 172.16.203.50 host $IPD

Webex End-User Requests Access Access

Get Config IP Config IOS XE APIs

• No duplicate IPv4 addresses

• Enforce the business

• Use the logs we created to “learn”, and help

Webex End-User Requests Access Access

Get Config IP Config IOS XE APIs

"items" : [ Response Body

Webex End-User Requests Access Access

Get Config IP Config IOS XE APIs

• Complete inventory of network

User defined function

def get_device_info(device_id, dnac_jwt_token):

Headers header = {'accept': 'application/json', ’Cookie': dnac_jwt_token} Authentication

device_response = requests.get(url, headers=header, verify=False)

Webex End-User Requests Access Access

Get Config IP Config IOS XE APIs

• Collect operational data from the remote L3 access switch and

ROUTER_AUTH = HTTPBasicAuth(USER, PASS)

def get_restconf_int_oper_status(interface): User defined function

header = {'Content-type': 'application/yang-data+json’,

response = requests.get(url, headers=header, verify=False, auth=ROUTER_AUTH)

Webex End-User Requests Access Access

Get Config IP Config IOS XE APIs

ASAv_AUTH = HTTPBasicAuth(ASAv_USER, ASAv_PASSW)