Tecdcn 2941 PDF

How To Manage your Data
Center Network Leveraging

Programmability and Automation
TECDCN-2941
Luis Flores System Engineer luflores@cisco.com @Luis_E_Flores

Cesar Obediente, Principal System Engineer co@cisco.com @cobedien
Jason Pfeifer Technical Solutions Architect jpfeifer@cisco.com @jason_pfeifer
Errol Roberts Distinguished Systems Engineer eroberts@cisco.com @errolfroberts
Cisco Spark
Questions?
Use Cisco Spark to chat with the
speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
Cisco Spark spaces will be cs.co/ciscolivebot#TECDCN-2941

available until July 3, 2017.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Session Abstract
Today's Data Center networks have increased in size exponentially and the demand for faster
services has not increased. Instead, customers are demanding faster deployment to production.
Network automation and programmability can be leveraged by network engineers to provide the
agility customers are demanding.
During this session students will learn how to leverage Open NX-OS and ACI in order to program
and automate their Data Center meets these demands. Throughout this session we will be
exploring the Open NX-OS foundation and ACI constructs which it includes a rich Linux foundation
that exposes APIs (NX-API CLI, NX-API REST and ACI API), data models, and programmatic
constructs. We will be also covering automation tools like Ansible.
During the session, we will review use cases leveraging programmatic models to show case
infrastructure automation.
TECDCN-2941 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda
• Introduction
• NX-OS Programmability
• Break
• ACI Programmability
• Tetration Analytics
• Summary
Introduction
Why should we automate, what are the benefits?
Greater Lower Capital Reduced Costs/ Lower Operating Resource
Business Agility Expenses Complexity Cost Optimization
58% 25% 21% 45% 10-20%

Reduce CAPEX Reduce Reduce Compute and
Network Reduction Management Power and Storage
Provisioning Costs Cooling Costs Optimization
Evolving The Network Software Stack
Application Unified Evolved VPN: Custom
CCS Apps …
Software Communications CloudVPN,…
Management:
Orchestration: Prime, ACI, NFM, Optimization: …
NSO, .. DCNM.. WAE, ..
Infrastructure Connection
Software Base Control Creation Expansion
Infrastructure Reporting Fault Mgmt
Network OS: Plugins:

Embedded IOS-XE, NX-OS, … Puppet, Guest shell,…
Software Base OS: Protocols:
virtual physical
Linux, … IETF, IEEE, …
Building Blocks
New Applications,
APIs, Declarative Control, Data Model Controllers, Software Platform, Evolve Control-Plane Architecture
Solutions, Services; Leverage Virtualization
Cisco Data Center Networks: Providing Choice in Automation and
Programmability
Application Centric
Programmable Fabric Programmable Network
Infrastructure
Connection
Creation Expansion
VTS
Reporting Fault Mgmt
DB DB
Web Web App Web App
Turnkey integrated solution with VxLAN-BGP EVPN Modern NX-OS with enhanced
security, centralized management, standard-based NX-APIs
compliance and scale
3rd party controller support DevOps toolset used for Network
Automated application centric-policy Management
model with embedded security Cisco Controller for software (Puppet, Chef, Ansible etc.)
overlay provisioning and
Broad and deep ecosystem management across N2K-N9K
Automation, API’s, Controllers and Tool-chain’s

Value of Automation
Save Time Human Error Customize Innovate
Automation Un-Jargoned
We have a whole new world of Acronyms..
Puppet OpenFlow
ACI CI/CD Neutron
IaaS ML2
Python SDK OpenStack API
Agile
Salt YANG DevOps
Netconf
IDE Git
OpenDaylight Waterfall
Chef Container
Go
Ansible
NX-API REST BASH
Eclipse JSON
Controller Docker
LXC
Unicorn XML NFV
Let’s De-mystify
a few of them
What Formats are used for exchange of Info ?
XML JSON
<?xml version="1.0" encoding="UTF-8"?>
<ins_api> "ins_api": {
<type>cli_show</type> "type": "cli_show",
<version>1.0</version> "version": "1.0",
<sid>eoc</sid> "sid": "eoc",
<outputs> "outputs": {
<output> "output": {
<body> "input": "sho ver",
<header_str>Cisco Nexus Operating System (NX-OS) Software "msg": "Success",
TAC support: http://www.cisco.com/tac "code": "200",
Copyright (C) 2002-2014, Cisco and/or its affiliates. "body": {
All rights reserved "header_str": "Cisco Nexus Operating System (NX-OS)
http://www.gnu.org/licenses/old-licenses/library.txt.
</header_str>
"kickstart_ver_str": "6.1(2)I2(2a)",
<bios_ver_str>07.11</bios_ver_str> "bios_cmpl_time": "05/28/2014",
"kick_file_name": "bootflash:///n9000-dk9.6.1.2.I2.2a.bin",
<kickstart_ver_str>6.1(2)I2(2a)</kickstart_ver_str>
"rr_reason": "Reset Requested by CLI command reload",
<bios_cmpl_time>05/28/2014</bios_cmpl_time>
"rr_sys_ver": "6.1(2)I2(2a)",
<kick_file_name>bootflash:///n9000-dk9.6.1.2.I2.2a.bin</kick_file_name>
"rr_service": "",
<manufacturer>Cisco Systems, Inc.</manufacturer>
"manufacturer": "Cisco Systems, Inc.",
</body>
}
<input>sho ver</input>
}
<msg>Success</msg>
}
<code>200</code>
}
</output>
}
</outputs>
</ins_api>
Elements <> | Parsers and Validation Key-Value Pairs | Readable | Simpler
APIs
• A set of function calls that allow talking to

the system
• Building blocks of a program
• APIs can have various properties
• Transport (SSH)
• Request-Response Mechanism
• State Requirements
• Some examples of APIs

• The Java API
• Twitter API
RESTful APIs
RESTful
GET |PUT | POST | DELETE
• A framework– not a
standard
GET
POST
• Architectural constraints
• Client–server
API PUT • Stateless
DELETE • Cacheable
• Layered system
• Uniform interface
Consistency in Designing Applications
SDKs
• A Development Kit – APIs,

Libraries bundled together API
• Enables software development for

a particular platform
SDK
• Some Examples
• JDK (The Java SDK) Compilers,
Tools
Runtime
Python
• General purpose programming language
• High-level programming language
• Object-oriented
• Express concept in fewer line of code Emphasizes
code readability
• Interactive prompt
• Includes
• Advanced language constructs such as loops and
conditions
• Robust selection of libraries
http://www.codecademy.com/en/tracks/python
https://www.coursera.org/course/interactivepython1
NX-OS
Introduction
Cisco NX-OS – Programmable – Extensible – Open
DCNM NX-API
POAP
CLI
PXE
Native Agent NX-API
SDK
REST
BootStrap Package and Standard Extensibility Programmability Server

and Application Open Tools Management
Provisioning Management Interfaces Tools
Ease of Ready for

Modular Open 3rd Party Apps Programmable
Operations DevOps
Open NX-OS 2.0
Expanding your options to automate & manage your network
Open Infrastructure Open APIs Open DevOps
NETCONF
YANG
Streaming
Kubernetes/Docker Telemetry
Tracer (EFT)
Open NX-OS
Programmable Programmable
Fabric Network
Native Shell
Native Shell
• Access to the underlying Linux system on the device.
• It’s the shell of the Linux OS actually running the switch.
• Linux Kernel: Wind River 3.4.43

• Distribution: Yocto 1.2
• Access is only for users with NX-OS dev-ops role or network-admin role.
• (conf t)# feature bash-shell
(conf t)# run bash
bash$ sudo su
bash#
• Supported on N3K and N9K today.
Manage Your Switch Like a Server: Linux Networking in the Native Shell
• Leverage Linux command toolkit for monitoring configuration

and troubleshooting
• # tcpdump –i Eth1-1
• Use ethtool to display detailed interface statistics:

• # ethtool –S Eth2-1
• Use ifconfig to change mtu for an interface to jumbo MTU:

• # ifconfig Eth2-1 mtu 9000
• Use ip route to add a static route:

• # ip route add 203.0.113.0/24 via 198.51.100.2
• Interface configuration and routes are synchronized

between Linux and NX-OS
3rd Party Apps in the Native Shell
Linux Networking in the Native Shell
Business problem
• Manage Your Switch Like a Server:
Demo
EEM
EEM Example – Port Tracking
Config – State Down
event manager applet track_1_18_down
event track 1 state down
action 1 syslog msg “EEM applet track_1_18_down shutting down port eth1/33 as 1/18 went down”
action 2 cli command “conf term”
action 3 cli command “interface ethernet 1/33”
action 4 cli command “shut”
Config – State Up
event manager applet track_1_18_up
event track 1 state up
action 1 syslog msg “EEM applet track_1_18_up bringing up port eth1/33 as 1/18 came up”
action 2 cli command “conf term”
action 3 cli command “interface ethernet 1/33”
action 4 cli command “no shut”
On Board Python
Interactive Mode
On Board Python switch# python
Copyright (c) 2001-2012 Python Software
Foundation; All Rights Reserved
• Simple way to get stuff done
switch# >>> print "hello world“
• No configuration required hello world
switch# >>> exit()
• Integrate with EEM, Scheduler – get
some data from the box and work
on it ! Non Interactive (script) Mode
• Use it for event based activity – Switch # dir bootflash:scripts

946 Oct 30 14:50:36 2013 crc.py
where polling may not be possible 7009 Sep 19 10:38:39 2013 myScript.py
22760 Oct 31 02:51:41 2012 poap.py
Switch # source crc.py

------------------------------------------------
Started running CRC checker script
finished running CRC checker script
-------------------------------------------------
Python integrated with EEM
• Call a Python script as an action in an EEM script!
n9k# conf
n9k(config)# event manager applet link_monitor
n9k(config-applet)# event syslog pattern "IF_UP“
n9k(config-applet)# action 1 cli command “python bootflash:cdp_description.py”
n9k(config-applet)# exit
This script will automatically add the CDP neighbor to

the interface description when an interface comes up
How to collect Transceiver
Information
Business problem
• Create a pretty table with transceiver information and CDP

neighbor detail for each Ethernet interface present in the
system
Demo
GITHUB
https://github.com/datacenter/nexus9000/blo
b/master/nx-os/python/samples/showtrans.py
Guest Shell
Guest Shell 2.0
Open Source
Tools, utilities, applications,
Puppet, Chef
It’s an open Linux environment, 3rd Party

Apps
decoupled from NX-OS.
DevOps
It allows to run applications that
monitor, control and extend the NX-OS CLI GUEST SHELL
switch.
Apps Apps
Apps
Supported on Nexus 3K and 9K Python Open Source

bootflash:
today. enabled
CentOS 7.0
Packages Apps
rootfs Cisco
Packages
Secure Linux Container (sLXC)

64-bit CentOS 7 application
environment. N9K / N3K
Instantiate and Enter the Guest Shell
Nexus-9K# guestshell resize ?
cpu Resize the system CPU share allocated to guest shell
memory Resize the system memory allocated to guest shell
rootfs Resize the guest shell root filesystem to a larger value
Nexus-9K# guestshell enable

Nexus-9K# show virtual-service list
Virtual Service List:
Name Status Package Name

-----------------------------------------------------------------------
guestshell+ Activated guestshell.ova
Nexus-9K# guestshell
[guestshell@guestshell ~]$
[guestshell@guestshell ~]$ exit
Logout
Nexus-9K#
The Guest Shell and NX-OS can Interact
Run guest shell commands from NX-OS:
Nexus-9K# run guestshell cat /bootflash/scripts/hello.py
print "Hello World!"
Nexus-9K# run guestshell python /bootflash/scripts/hello.py
Hello World!
Nexus-9K#
Nexus-9K#
Run NX-OS commands from the guest shell:

[guestshell@guestshell ~]$ dohost "conf t ; cdp time 22 ; line console ; exec-timeout 0"
Enter configuration commands, one per line. End with CNTL/Z.
[guestshell@guestshell ~]$ dohost "sh run | in cdp" "sh run | sec line"
cdp timer 22
line console
exec-timeout 0
line vty
exec-timeout 0
3rd Party Applications: Richly Populated Repositories
[guestshell@guestshell #]$ cat /etc/centos-release
CentOS Linux release 7.1.1503 (Core)
[guestshell@guestshell #]$
[guestshell@guestshell ~]$ cd /etc/yum.repos.d/

[guestshell@guestshell yum.repos.d]$ ls -l
total 15
-rw-r--r-- 1 root root 1664 Nov 3 19:25 CentOS-Base.repo
-rw-r--r-- 1 root root 1309 Nov 3 19:25 CentOS-CR.repo
-rw-r--r-- 1 root root 649 Nov 3 19:25 CentOS-Debuginfo.repo
-rw-r--r-- 1 root root 1331 Nov 3 19:25 CentOS-Sources.repo
-rw-r--r-- 1 root root 1002 Nov 3 19:25 CentOS-Vault.repo
-rw-r--r-- 1 root root 290 Nov 3 19:25 CentOS-fasttrack.repo
[guestshell@guestshell yum.repos.d]$
[guestshell@guestshell ~]$ chvrf management yum repolist all

Loaded plugins: fastestmirror
[...]
base/7/x86_64 CentOS-7 - Base enabled: 9007
Install a 3rd Party Application with one Command
[guestshell@guestshell ~]$ sudo yum install git

Loaded plugins: fastestmirror
[...]
---> Package git.x86_64 0:1.8.3.1-6.el7 will be installed
[...]
Complete!
[guestshell@guestshell ~]$ git

usage: git [--version] [--help] [-c name=value]
Ansible
Ansible
• Ansible uses an agentless push model
• Configuration files (playbooks) use YAML
• Can configure using CLI (SSH) or NX-API
• Use nxos-ansible modules, or new core Ansible 2.1 modules (to be released)
Ansible
Server
Server sends config when playbook is run
NX-API (HTTP/S) No agent

Playbooks
CLI (SSH) feature nxapi
Nexus
Unlike server configuration Ansible does
not execute Python on-box
Configuration And Patch Deployment
Business problem
• Need to update a large number of switches
Demo
NXOS Object Model
NXOS Model Driven Programmability Architecture
Restconf gRPC Netconf Telemetry
NX-API-REST
Client Client Client Receiver
DME Models YANG Models
Restconf gRPC Netconf Data

NGINX Agent Agent Agent Encoder
Telemetry
Model Transformation (YANG) Agent
Data Management Engine

Transaction Commit Status: Success/Raise
Object Store Fault
BGP VLAN LACP ACL QoS
Sandbox
NX-API REST Developer Sandbox
Web-based UI
 Convert CLI configuration to DME/YANG Model based Payload
 Facilitate adaptation of model-based NX-API REST interface and NETCONF Interface
Enter CLI Option ‘nx-api rest’
configuration –CLI configuration
commands. commands to NX-
API REST JSON
Click to convert the payload
entered CLI
configuration
commands to NX-
API REST JSON
payload.
(Converting is
done on the
device.)
POST the
converted NX-API
REST JSON
payload to the
device.
Output of NX-API
REST JSON
Generate Python code
payload.
snippet of NX-API REST
POST of the converted NX-
API REST JSON payload
Deploy VXLAN EVPN Overlays
Business problem
• Ability to deploy a large scale VXLAN EVPN fabric
Demo
Software
Telemetry
Three Principles of Nexus 9K Streaming
Telemetry
Push Not Pull
Analytics-Ready Data
Data-Model Driven
Use Case: VXLAN BGP EVPN
http://docker.io/dockercisco/telemetryreceiver
and
http://docker.io/dockercisco/elklat
ELK Collector Sample
VXLAN Programmable Fabric Dashboard
BGP
PEERS
PEER/ AND
# EVPN STATE
ROUTES
VNI TYPE
AND NVE DEVICE
STATE PEERS AND VNI
AND # VNIs STATE
Break
ACI Programmability
What is ACI
App
Agility
ACI
Simplification / Abstraction
Centralized Provisioning and Visibility
Automation and Programmability
Topology – Single Logical System
Fabric
Modules Spine 1 Spine 2
40 – 100Gb
Analytics
Line
Cards Leaf 1 Leaf 2 Leaf 3 Leaf 4
Supervisor APIC Server Firewall LB

APIC
Outside
Single Point of Any – to – Any

Flat / Fast / Flexible Inherently Secure
Management Connectivity
ACI Visibility
System Health Endpoint

Scores Tracker
Statistics Per Real-time

App Heat Maps
Endpoint
Contract Deny Troubleshooting
Logs Wizard
How to Interact with ACI
TECDCN-2941
GUI Programmatically ACI CLI
How to Interact with ACI
ACI CLI GUI Programmatically
import requests
import json
import constant
name_pwd = {'aaaUser': {'attributes': {'name': constant.USERNAME, 'pwd':

constant.PASSWORD}}}
get-svs-apic1# show health tenant TN-POD17 json_credentials = json.dumps(name_pwd)
Score Change(%) UpdateTS Dn login_url = constant.APIC_URL + '/api/aaaLogin.json'
----- ----- ------------------- ------------------------------ #print login_url
100 0 2017-03-02T11:11:37 uni/tn-TN-POD17/health post_response = requests.post(login_url, data=json_credentials)
auth = json.loads(post_response.text)
login_attributes = auth['imdata'][0]['aaaLogin']['attributes']
auth_token = login_attributes['token']
cookies = {}
cookies['APIC-Cookie'] = auth_token
sensor_url = constant.APIC_URL+ '/api/node/mo/uni/tn-TN-POD17/health.json'
get_response = requests.get(sensor_url, cookies=cookies, verify=False)

data = get_response.json()
print data['imdata'][0]['healthInst']['attributes']['cur']
ACI Open Interfaces
ACI Open Interface
TECDCN-2941
• ACI Provides rich REST based API
• 100% match between GUI and API calls
• Visore
• Arya
• Python SDK (“Cobra”)
• ACIToolkit
• MoQuery
Tenant: Yankees Tenant: RedSox Fabric
• Eventing provided through web sockets
App Profile App Profile Switch
• L4-L7 Device Packages
EPGs EPGs Line Cards
• OpFlex open protocol
L3 Networks L3 Networks Ports
REST API: Basics
• Standard REST methods supported • Stateless
• No state for requests or sessions
Method Action Behavior
• HTTP1.1 / HTTPS (default)
GET Read Nullipotent
• Handled by any APIC in cluster
POST Create / Idempotent
Update • Access to switches via APIC
DELETE Delete Idempotent • Create, read, update & delete
Managed Objects
• Payloads can be either XML or JSON
– Specified by the file extension in URI
– Content-Type and Accept header is ignored
REST API: Read Operations
http(s):// host:port /api /{mo|class} /{dn|classname} .{xml|json} ?[options]
http or Specify Distinguished Specify filters,

APIC host API Encoding for
https Managed name or Object selectors or
and port Operator response
protocol Object or Class Class modifiers to query,
Operator joined using
ampersand (&)
Read properties for an EPG by Distinguished Name
http://apic/api/mo/uni/tn-Cisco/ap-Software/epg-Download.xml
Find all 10G ports on Fabric
http://apic/api/class/l1PhysIf.xml?query-target-filter=eq(l1PhysIf.speed,"10G")
REST API: Create/Update Operations
http(s):// host:port /api /mo /dn .{xml|json} ?[options]
<fvTenant name="NewTenant">
<fvAp name="NewApplication">
<fvAEPg name="WebTier">
<fvRsPathAtt encap="vlan-1" mode="regular"
tDn="topology/pod-1/paths-17/pathep-[eth1/1]"/>
</fvAEPg>
</fvAp>
</fvTenant>
Payload is XML/JSON representation of API Command Body
ACI Object Model
• Everything APIC knows is modeled:

topRoot
• Network, Compute, Application, etc
• Tree Based compUni
polUni
• MIT has distinct branches for
different functional areas
• Every node is a managed object:
• has a class & distinguished name
ACI Programmatic Structure
ACI API Structure
ACI Toolkit
Language / HTTP Bindings

Python COBRA SDK (Ex: python request) GUI
REST Layer
REST
APIC Controller
OPFLEX
ACI Tools
API Inspector – Convert GUI clicks to REST Calls
• API calls made by GUI are captured

• GET, POST
• Navigating through panes fetches
data with GET requests
• Submitting configuration changes
uses POST requests
API Inspector
APIC REST to Python Adapter: arya.py
{"fvTenant":{"attributes":{"dn":"uni/tn-
Cisco","name":"Cisco","rn":"tn-
Cisco","status":"created"},"children":[{"fvBD":{"attributes":{"dn
":"uni/tn-Cisco/BD-
• GUI creates REST CiscoBd","mac":"00:22:BD:F8:19:FF","name":"CiscoBd","rn":"BD-
CiscoBd","status":"created"},"children":[{"fvRsCtx":{"attributes"
:{"tnFvCtxName":"CiscoNetwork","status":"created,modified"},"chil
XML/JSON dren":[]}},{"fvSubnet":{"attributes":{"dn":"uni/tn-Cisco/BD-
CiscoBd/subnet-[10.0.0.1/8]","ip":"10.0.0.1/8","rn":"subnet-
• API Inspector shows REST [10.0.0.1/8]","status":"created"},"children":[]}}]}},{"fvCtx":{"a
ttributes":{"dn":"uni/tn-Cisco/ctx-
CiscoNetwork","name":"CiscoNetwork","rn":"ctx-
CiscoNetwork","status":"created"},"children":[]}}]}}
• arya.py creates code from
REST
• Auto-generate code to arya.py
automate tasks, without
heavy lifting
• Available at fvTenant = cobra.model.fv.Tenant(topMo, name='Cisco')
fvCtx = cobra.model.fv.Ctx(fvTenant, name='CiscoNetwork')
http://github.com/datacenter/arya Python fvBD = cobra.model.fv.BD(fvTenant, mac='00:22:BD:F8:19:FF',
name='CiscoBd')
code fvRsCtx = cobra.model.fv.RsCtx(fvBD, tnFvCtxName=fvCtx.name)
fvSubnet = cobra.model.fv.Subnet(fvBD, ip='10.0.0.1/8')
ARYA
Object Browser: Visore
• APIC has built in object browser to

navigate the object tree and inspect
the state of objects
• Point the web browser to Visore:
http://<apic>/visore.html
• Search for a particular object or dn
(fvTenant, topSystem, topology/pod-
1/node-101)
Moquery APIC: moquery –c fabricNode | more
• CLI Object Model query tool
• Runs on APIC terminals
• Runs on switch terminals
Leaf: moquery -c ethpmPhysIf | grep -E 'dn|operSpeed'
Basic Moquery Commands
BRIDGE DOMAIN
moquery -c fvBD
moquery -c fvBD -f "fv.BD.name==\"BDname\""
CONTEXT
moquery -c fvCtx
EPG
moquery -c fvAEPg
moquery -c fvAEPg -f 'fv.AEPg.pcTag=="xxxx"'
ENDPOINT
moquery -c fvCEp
moquery -c fvCEp | grep x.x.x.x -A 10 -B 5
CONSUMED CONTRACT
moquery -c vzBrCP
PROVIDED CONTRACT
moquery -c vzBrCP
L3 OUT
moquery -c l3extInstP
moquery -c l3extDomP
FAULT
moquery -c faultInst -f 'fault.Inst.code=='F0053"' TECDCN-2941 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
ACI Toolkit Custom
Sample
Python
Applications
Scripts
• Simple toolkit built on top of APIC API
Python Library ACI Toolkit
Used to generate REST API calls
APIC
Runs locally
• Small set of classes than native APIC

“Intuitive” names
• Most common functionality presented

Focused primarily on configuration
• Preserves the ACI basic concepts

Tenants, EPGs, Contracts, etc.
• http://datacenter.github.io/acitoolkit/
ACI - Use Cases
Getting Started – ACI Toolkit
fvAp fvAEPg
polUni fvTenant vzFilter vzEntry
vzBrCP vzSubj
fabricPathEp
topRoot fabricPathEp
Cont
fabricTopology fabricPod
fabricNode
vmmProvP vmmDomP vmmCtrlrP
ACIToolkit - Sample
tenant = Tenant('tnDemo') Create tenant ‘tnDemo’
app = AppProfile('anpDemo', tenant) Create application ‘anpDemo’ inside of tnDemo
epgDB = EPG('epgDB', app) Create endpoint group (epgDB) in anpDemo

epgWeb = EPG('epgWeb', app) Create endpoint group (epgWeb) in anpDemo
contract = Contract('icmp_contract', tenant) Create a contract (icmp_contract) in tnDemo
entry1 = FilterEntry('ICMP', applyToFrag='no', Add ICMP filter information to icmp_contract

arpOpc='unspecified', etherT='ip',
prot='icmp', parent=contract)
epgDB.provide(contract) Assign epgDB as provider of icmp_contract

epgWeb.consume(contract) Assign epgWeb as consumer of icmp_contract
# Dump the necessary configuration Display configuration objects

print 'URL:', tenant.get_url()
print 'JSON:', tenant.get_json()
send_to_apic(tenant) Send configuration to APIC

ACIToolkit Sample Applications
• Endpoint Tracker
• Lint
• Cableplan
• Configuration Snapshot and Rollback
• Visualization Examples
• Event Feeds
• Intersite Configuration Federation
• Connection Search
• ACI Reports
Getting Started – ACI API’s
Business problem
• Need to gather device names, device roles, and serial

numbers from the fabric.
API Inspector
API Interaction
API Interaction
API Interaction
Python Code __author__ = 'cobedien'
import requests
import json
import apic_login
import constant
from prettytable import PrettyTable
def serial_number():
token = apic_login.aaaLogin() TopSystem API

try:
response = requests.get(
url=constant.APIC_URL + "/api/node/class/topSystem.json",
headers={
"Cookie": "APIC-cookie=" + token, "Content-Type": "application/json; charset=utf-8",
},
)
structured_data = json.loads(response.text)
fields = ['name', 'role', 'serial']
data = []
for endpoints in structured_data['imdata']:

for endpoint_data in endpoints['topSystem'].items():
line_dict={}
for field in fields:
line_dict[field] = endpoint_data[1][field]
data.append(line_dict)
table = PrettyTable()
table.field_names = ['Name','role','serial']
for row in data:

table.add_row([row['name'],row['role'],row['serial']])
print table
except requests.exceptions.RequestException:
print('HTTP Request failed')
Output
Dashboards
Business problem
• Customer implementing IoT change in box sorting facility

sensors
• Wants visibility of the network in relationship to the IoT
devices
Network Resolution
• Use ACI as a means to provide
network visibility in relation to each
of these production lines
• Place devices inside policy groups
(using Tenants ) to isolate and
provide high level visibility and the
capability of granularity
Integration of Network and IOT
• Use ANP or Tenant
as boundary for
Scan Temp Servers
production lines
• Utilize Health
Scores, Endpoint
counts and other
operational controls
to provide high level
state of package line
Servers Scan Temp
Dashboard
• Utilize web based dashboard

• based on Dashing-IO converted to Python
• Provide customer with integration to ACI giving capability
to expand towards specific vendor IOT devices
Demo
GITHUB
Author: Rafael Muller

Cesar Obediente
Jason Pfeifer
Based on: PyDashie
https://github.com/tecdct2941/aci_dashboard
Incident Reporting
Business Problem
• Incident Reporting between ServiceNow, Cisco Spark, and ACI
Create incident
Event
Notify Users
Demo
NCA+
Network Centric Application +

Business problem
• Needs a simple way for them to deploy L2 classical

“VLAN” networks using the ACI fabric
• Simplify classical network to ACI
Network
• Different Components: Security, IP Telephony,

Wireless etc.
• Extend classical Ethernet L2 networks into the
fabric
• Ability to group around these constructs but expand
functionality to provide operational telemetry and
management domains for each one.
Layer 2 integration
VLAN 100
Fabric
VLAN 200
Cat3750 Cat3750
VLAN 100 VLAN 200
Application
• Hides all ACI

network constructs
behind this
application
• Map business
processes to groups
Groups
• Groups can relate to

high level business
functions
• Cameras
• Phones
• Sensors
• Wireless
Network
• Networks tie into

classical Ethernet
VLANS
• These belong to
primary groups and
contain many
VLANS
Demo
GITHUB
https://github.com/datacenter/NCAplus
Author: Santiago Flores / Rafael Muller

• Application built on Python/Flask
• Makes possible to deploy L2 Networks easily without
having to view ACI GUI
• Uses CobraSDK
• Need to install in Virtual Environment to match APIC
version
Use Case
Hybrid Cloud Management / ITSM Integration
Business problem
• Customer wants to act as an internal service provider and

allow for creation of an instant developer environment
• Wants to leverage API’s from multiple toolchains to create
a simple Service Management based workflow
Solution
• Leverage a ServiceNow service catalog and API

infrastructure to drive environment creation
• Leverage Cisco CloudCenter to spin up compute
• Use integration between CloudCenter and ACI to
automatically configure network
Cisco CloudCenter (Formerly CliQr)
Any Application. Any Cloud. One Platform.
Data
Center
DEPLOY
Private
MODEL
Cloud
MANAGE Public
Cloud
Single Integrated Lifecycle

Enterprise-Ready
Platform Management
CloudCenter Provides Unique Value
Model Once. Deploy and Manage Anywhere.
Data
Center
DEPLOY
Private
MODEL
Cloud
MANAGE Public
Cloud
• Single Application Profile
• Graphical Modeler
• Broad Application Support
• Broad Cloud Support
• Enterprise Ready
Business Centric Services Stack (Customer & Partner Driven)
Big Data ChatOps

ITSM
(Tetration) (Cisco Spark)
CloudCenter Service & Application Modeling
POLICIES
SERVICES APPLICATIONS Governance / Cost Modelling
UCSD (IaaS)
(Infrastructure Centric Management and Workflow Automation)
Infra Centric App Centric
Containers AWS,
Converged Infrastructure (Kubernetes, Azure,
Mesosphere, (Other
Storage / Docker Public
Microsoft RedHat Swarm) Clouds)
Compute SAN Network VMware
Hyper-V / KVM /
(UCS) (Partners/ (ACI) vSphere
SCVMM RHEV
MDS)
Cataloging
Demo
Tetration Analytics
Cisco Tetration Analytics
New
Application Forensics: User
Application Whitelist Policy Policy
Segmentation Every Packet, Applications
Insight and Generation Compliance
Every Flow
Dependency and Simulation (Automated
Enforcement)
API
Tetration Platform
Message Bus
Software Hardware
Sensor Sensor
Data Lake
Software
Tetration Analytics Application Discovery
Sensors Appliance
SW Sensors
3rd Party
Feed
SW Sensors Integrate
Realtime & Historical Simulation
Nexus 9300-EX
HW Sensors
Whitelist Policy
Recommendation
SW
Recommend
Sensors
in Cloud
Compliance Verification
3rd
Policy
Party Enforcement
Record, Analyze
and Store Remediate
Listen Interact / Verify
Tetration API Access Key
Create API Key to allow access:
Tetration Python SDK
The tetration SDK can be installed through python pip:
# pip install tetpyclient
Boilerplate instantiation:
from tetpyclient import RestClient
API_ENDPOINT="https://<UI_VIP_OR_DNS_FOR_TETRATION_DASHBOARD>"
# ``verify`` is an optional param to disable SSL server authentication.

# By default, Tetration appliance dashboard IP uses self signed cert after
# deployment. Hence, ``verify=False`` might be used to disable server
# authentication in SSL for API clients. If users upload their own
# certificate to Tetration appliance (from ``Settings > Company`` Tab)
# which is signed by their enterprise CA, then server side authentication should be enabled.
# credentials.json looks like:
#{
# "api_key": "<hex string>",
# "api_secret": "<hex string>"
#}
restclient = RestClient(API_ENDPOINT,
credentials_file='<path_to_credentials_file>/credentials.json',
verify=True)
# followed by API calls, for example API to retrieve list of sensors.

# API can be passed /openapi/v1/sensors or just /sensors.
resp = restclient.get('/sensors')
Tetration Python Sample
Get application scopes:
#!/usr/bin/python
import jsonfrom tetpyclient import RestClient
API_ENDPOINT = "https://<tetration ip>”
client = RestClient(API_ENDPOINT,
credentials_file='/<credential file location>', verify=False)
resp = client.get('/app_scopes')
if resp.status_code != 200:
print resp.status_code
print resp.text
else:
print json.dumps(resp.json(), indent=4, sort_keys=True)
Get applications:
#!/usr/bin/pythonimport json
resp = client.get('/applications/')
print resp.text
else:
Get specific application:
#!/usr/bin/pythonimport json
resp = client.get('/applications/5937286a755f02568bdba1d8/details')
print resp.text
else:
Tetration Embedded Applications
User written applications can be embedded directly into the Tetration Platform
Supports Python, SQL, Scala
Tetration As a Billing Platform
Business problem
• Customer wants “charges back” to the Exchange Team

based on consumption i.e. bandwidth utilization.
• Customer requires to group servers based on:

• Port Number
• IP address range
• Timeslot
Solution
• Leverage Tetration Analytics to provide the information

require in order to charge back the Exchange team.
Demo
Summary
Summary
Save Time Human Error Customize Innovate
Thank you
Participate in the “My Favorite Speaker” Contest
Promote Your Favorite Speaker and You Could Be a Winner
• Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle <Speaker—enter your Twitter handle here>
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Complete Your Online
Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
• Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be

available for viewing on demand after the
event at www.CiscoLive.com/Online.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Please join us for the Service Provider Innovation Talk featuring:
Yvette Kanouff | Senior Vice President and General Manager, SP Business
Joe Cozzolino | Senior Vice President, Cisco Services
Thursday, July 14th, 2016

11:30 am - 12:30pm, In the Oceanside A room
What to expect from this innovation talk

• Insights on market trends and forecasts
• Preview of key technologies and capabilities
• Innovative demonstrations of the latest and greatest products
• Better understanding of how Cisco can help you succeed
Register to attend the session live now or

watch the broadcast on cisco.com

Tecdcn 2941 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Tecdcn 2941 PDF

Загружено:

Авторское право:

Доступные форматы

How To Manage your Data

Center Network Leveraging

Luis Flores System Engineer luflores@cisco.com @Luis_E_Flores

Cisco Spark spaces will be cs.co/ciscolivebot#TECDCN-2941

58% 25% 21% 45% 10-20%

Software Base Control Creation Expansion

Infrastructure Reporting Fault Mgmt

Network OS: Plugins:

Web Web App Web App

Automation, API’s, Controllers and Tool-chain’s

Save Time Human Error Customize Innovate

Elements <> | Parsers and Validation Key-Value Pairs | Readable | Simpler

• A set of function calls that allow talking to

• Some examples of APIs

• A Development Kit – APIs,

• Enables software development for

BootStrap Package and Standard Extensibility Programmability Server

Ease of Ready for

• Linux Kernel: Wind River 3.4.43

• Supported on N3K and N9K today.

• Leverage Linux command toolkit for monitoring configuration

• Use ethtool to display detailed interface statistics:

• Use ifconfig to change mtu for an interface to jumbo MTU:

• Use ip route to add a static route:

• Interface configuration and routes are synchronized

• Manage Your Switch Like a Server:

• Use it for event based activity – Switch # dir bootflash:scripts

Switch # source crc.py

This script will automatically add the CDP neighbor to

• Create a pretty table with transceiver information and CDP

It’s an open Linux environment, 3rd Party

Supported on Nexus 3K and 9K Python Open Source

Secure Linux Container (sLXC)

Nexus-9K# guestshell enable

Virtual Service List:

Name Status Package Name

Run NX-OS commands from the guest shell:

[guestshell@guestshell ~]$ cd /etc/yum.repos.d/

[guestshell@guestshell ~]$ chvrf management yum repolist all

[guestshell@guestshell ~]$ sudo yum install git

[guestshell@guestshell ~]$ git

NX-API (HTTP/S) No agent

• Need to update a large number of switches

DME Models YANG Models

Restconf gRPC Netconf Data

Data Management Engine

• Ability to deploy a large scale VXLAN EVPN fabric

Push Not Pull

Centralized Provisioning and Visibility

Automation and Programmability

Supervisor APIC Server Firewall LB

Single Point of Any – to – Any

System Health Endpoint

Statistics Per Real-time

GUI Programmatically ACI CLI

name_pwd = {'aaaUser': {'attributes': {'name': constant.USERNAME, 'pwd':

sensor_url = constant.APIC_URL+ '/api/node/mo/uni/tn-TN-POD17/health.json'

get_response = requests.get(sensor_url, cookies=cookies, verify=False)

• ACI Provides rich REST based API

• 100% match between GUI and API calls

• Python SDK (“Cobra”)

http or Specify Distinguished Specify filters,

Find all 10G ports on Fabric