Network Automation & iy. Foundations :Table of Contents About the Autho1 What is Network Mangement Embedded Evern Manager - Example. Verify The TCL SCRIPTING. Challenges with Traditional Methods - for Network Management. Network Automation & Goal What can be Automate: Impact of Network Automation.. Software Defined Networking - SDN SDN Controllers. nal Networks. Managing Tradi Network Mangaed by SDN Controller: Models SDN - Impreative - Declar: Application Programming Interface (API) . API usage in SDN Networks .. Cisco Devnet - Sandbox. Cisco DNA Center - Lab Online Access Default Home Pag Rest - Based API... CHEF - Config Management Tool. Ansible - Config Management Tool. ENCODING With JSON .About the Author Sikandar Shaik, a Triple CCIE (RS/SP/SEC # 35012), is a highly experienced and extremely driven senior technical insfructor and network consultant. He has been training networking courses for more than 15 years, teaching on a wide range of topics including Routing and Switching, Service Provider and Security (CCNA to CCIE). In addifion, he has been developing and updating the content for these courses. He has assisted many engineers in passing out the lab examinations and securing certifications. Sikandar Shaik is highly skilled at designing, planning, coordinating, maintaining, troubleshooting and implementing changes to various aspects of mulfi-scaled, multi-platform, multi-protocol complex networks as well as course development and instruction for a technical workforce in a varied networking environment. His experience includes responsibilities ranging from operating and maintaining PC's and peripherals to network control programs for multi-faceted data communication networks in LAN, MAN and WAN environments. Sikandar Shaik has delivered instructor led trainings in several states in India as well as in abroad in countries like China, Kenya and UAE. He has also worked as a Freelance Cisco Certified Instructor globally for Corporate Major Clients. Acknowledgment First and foremost | would like fo thank the Almighty for his continued blessings and for always being there for me. You have given me the power and confidence fo believe in myself and pursue my dreams. | could never have done this without the faith I have in you. Secondly | would like to thank my family for understanding my long nights at the computer. | have spent a lot of fime on preparing workbooks and this workbook would not have been possible without their support and encouragement. 1 would also like fo recognize the cooperation of my students who took my trainings and workbooks. 1 believe my workbooks have helped them in upskilling themselves with respect fo the subject and technologies and | will continue preparing workbooks for the updated technology versions. Shaik Gouse Moinuddin Sikandar CCIE x 3 (RS/SP/SEC) Feedback Please send feedback if there are any issues with respect to the content of this workbook. | would also appreciate suggestions from you which can improve this workbook further. Kindly send your feedback and suggestions af [email protected]MW OA. Network Programmability And Automation + What is “Network Management” ~ Past/Present Methods Of Management + Challenges With Traditional Methods Sikandar Shaik CEIE3 (RS/SP)/SEC # 35012 Senior Technical Instructor Faceedlads odastllita? oERTIERED ofttirieo OeRTIFIED Facebook.com/sikandardoQl2/ é } aren (cci E} (care) (cote) os Iwitter.com/ sikandarccie roe, on Linkedin.com/in/sikandarshaik/ Www.Noasolutions.com Prerequisi Knowledge JM 2A, » Basic understanding of the roles of network infrastructure equipment © Routers , Switches, Firewalls Ete » Experience with configuring Network equipment via a command-line. » Understanding of basic IP packet routing concepts » High-level understanding of the usage of scripts,What is Network Mangement What is “Network Management” Pa ‘Configuration/Troubleshooting/Software upgrades SSH/Telnet/Console — indlvidual device. Notepad Inbuiit Scripts (TCL Scripts / EEM) Limited SNMP ist/Present Methods Of Network Management Physical installation of new equipments Router/Switch/Firewall/Server/ End points Initial configuration of equipment (i.e. “provisioning”) IP, Routing, VLAN, Trunking etc Monitoring/Testing, Software upgrades and patches Configuration Tuning and Enhancements Foretch ayadd t aeierory V {ping Snyaddresses repeat 100 size 512 source To}Sample Examples ~ Inbuilt Software Scripts telsh foreach myaddresses { 172-16.0.2 x 1023211, 10:2:2:1 1023231, 173-1610. 9, 1 ‘event manager applet Interface Shutdown event syslog pattern “Interface FastEtherneta/0, changed state to administratively down ‘etlon 1.9 ll command “enable” clon 15 el command “config” ‘tor 20h conmun here to Netflow a a ~ xEmbedded Evern Manager - Example Verify Embedded Event Manager Ri(config)sevent manager applet interface_shutdown Ri(config-applet}#$ FastEthernet0/0, changed state to administratively down" Ri(config-applet}#action 1.0 cli command "enable" Ri(config-applet}#action 1.5 cli command "config t Ri(config-applet}#action 2.0 cli command "interface fa 0/0" Ri(config-applet}#action 2.5 cli command "no shutdown" Ri(config-applet}tiend # Debug event manager action cl RA(config)tint 10/0 Ri(config-if}shutdown Ri(config-if}#end Mar 26 15:17:21,823: 96LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down "Mar 26 15:17:21,923: 96HA_EM-6-LOG: interface_Shutdown : DEBUG cli_lib) ‘Mar 26 15:17:21,951: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) :: OUT : R1> v interface_shutdown “Mar 26 15:17:21,999: 96HA_EM-6-LOG: interface Shutdown : Interface_shutdown Interface_shutdown : DEBUG{cli_lib) :: OUT : Enter configuration commands, one per line. End with CNTL/Z. Mar 26 15:17:22,071: %4HA_EM-6-LOG: interface_Shutdown : DEBUG(¢li_lib):: OUT : Ri{config)# ‘Mar 26 15:17:22.075: 94HA_EM-6-LOG: interface_shutdown : 5) IN ‘Mar 26 15:17:22,151: 96HA_EM-6-LOG: interface_Shutdown ) : OUT :RAlconfig-if} 155: %HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib) ::IN : 495: SHA_EM-6-LOG: interface_Shutdown : DEBUG(cl\_lib) :: OUT : RA{config-f}# "Mar 26 15:17:22,499: 96HA_EM-6-LOG: interface_Shutdown : DEBUG(cli_lib):: CTL :cli_close called Mar 26 15:17:22,539: “Mar 26 15:17:22,539: ty is now going through its death sequence "Mar 26 15:17:24,287: 96LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up Ritundebug all All possible debugging has been turned off R1#Show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/O —10.1.1.1 YES manual up. up Serialt/O 1.4.1.1 YESmanual up up Serialt/1. 4.4.4.2 —-YESmanual up up Serial1/2 unassigned YES unset administratively down down Serial1/3 unassigned YES unset administratively down down: Loopbacko 1.0.0.1 YES manual up up Loopback1 11.0.1.1 YES manual up up Loopback? 1.0.2.1 YES manual up up Loopback3. «1.0.3.1 YESmanual up up Ri(config-if}itendVerify The TCL SCRIPTING Riftel}foreach myaddresses { +> (tel}#12.0.0.1 +> (tel) #13.0.0.1, $>tel}#14.0.0.1 +>tel)#20.1.1.1 +t) #30.1.1.1 +>(tey#40.2.2.2 +>(tel}t) {ping Smyaddresses) Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: wun Success rate is 100 percent (5/5), round-trip min/avg/max = 52/96/152 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds: wun Success rate is 100 percent (5/5), round-trip min/avg/max = 100/123/152 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.0.0.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/104/148 ms ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.1.1.1, rm Success rate is 100 percent (5/5), round-trip min/avg/max = 52/98/148 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds: wn Success rate is 100 percent (5/5), round-trip min/avg/max = 96/110/148 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds: Hut \eout is 2 seconds Success rate is 100 percent (5/5), round-trip min/avg/max = 60/100/136 ms Raft)MK qT ional = for N rk Man Challenges With Traditional Methods for Network Mangement i a > a et = La > eget Segue Kowedge of ule network Oprsng Syne ctfueafes Multiple Engineers who of expertise selected Vendor ¢ increase Staff) Almginen bor sede vodea Ge eneons Neat atte) CISCO increas + Configuration on end devices ( all vendors) ARISTA Management software's: (How It works / option to select) > Box-by-box management we Consuming to configure/Troubleshoot each device. > Notepad...the engineer’ favorite tool © Easy to make configuration errors or lose documents ‘he win JUNOSNetwork Automation & Goals NETWORK ONLINE ACADEMYWhat is Network Automation ? NA, Goals Of Network Automation Process of automating the configuring, managing, testing, deploying, and operating of physical and virtual devices within a network. With everyday network tasks and functions automated Repetitive processes controlled and managed automatically. Improves Network service availability. Reduce box-by-box management model © Introduce automation of configuratlon/updates. Eliminate repetitive tasks Avoiding human errors and applying configuration fast Standardize software types and procedures © Identify Specific Device’ Platform Software/ Version / Features © Standard upgrade procedures & Consistent Changes. Utilize scripts and tools to perform mass upgrades/changes Apply consistent policy across the network Reduce time spent troubleshooting (Automate Troubleshooting) Automate Network Documentation / Diagrams MTRTypes of Network automation NPA, » Automation can be employed in any type of network, including © Local area networks (LANs) ~ SD Access © Wide area network (WANs) ~ SD-WAN Data center networks © Cloud networks: © Wireless networks. » Any network resource controlled through the CLI or an application programming interface (API) can be automated. > Hardware- and software-based solutions enable data centers, service providers, and enterprises to implement Network ‘Automation (SDN) » This Improve efficiency, reduce human error, and lower operating expenses. boWhat can be Automated What Can Be Automated? Plug-and-play initial provisioning » Automate deployment of new devices » Obtain initial image/configurations » Reduces the time a new device takes to join the network and become functional. branch Location ~ {SP Netwo {ame eecament What Can Be Automated? » Path segregation via dynamic Overlay Networks » Dynamic Qos Policies » Dynamic Security Policies de) a pepe 32 Mbps congestion wine GS. + 1S? Router Big Leaf RouerWhat Can Be Automated? | | i » Scheduled software deploymentsWhat Can Be Automated? OA. Intelligent and automated solutions to troubleshooting problems > Scan all network down the layers. » Identity health status & connections » Simple troubleshooting instructionsThe Impact Of Network Automation NA, How is network management impacted by automation? » Reduced Operation Costs » Time savings and elimination of repetition (Lower Errors) © Reduced likelihood of human error. an » Configuration consistency » Better Network Control GS nat pak* benno CAINE NOTE Network Admins will need to become familiar with Server OS, installation, patching and troubleshooting J . OA.NEA. Software Defined Networking (SDN) + Automation Origination Points « SDN & SDN Controllers + Managing Traditional Networks Network Managed by SDN Controllers Sikandar Shaik CCIE (RS/SP)/SEC # 35012 ee cits) / ofiHo ) / oflfho oan (ccle) cor (cor) Ree a sa sony Twitter.com/sikandarccie si Linkedin.com/in/sikandarshaik/ Www.Noasolutions.comAutomation Origination Points JM OA, Network Management Automation can happen from three different origins: > On-the-box automation using built-in scripts » Servers running Network Management protocols, » SDN Controllers i ¥ {ping Smyaddresses repeat 100 size 512 source lo} Satine oA Bo sven eter Ire Fame chgestt mi own ‘ton commando ction 25 ell command “no shutdown" Automation Origination Points NOA, Network Management Automation can happen from three different origins: > Onthe-box automation using built-in scripts » Servers running Network Management protocols » SDN Controllers Om sone > Z. : ea: = CHEF 4NS!8LE Servers running Network Management protocols » Server with Software management tools ( CHEF, ANSIBLE, PUPPET) > Provides GUI Based centralized control wns saris tonsa mearaeaahtonesam® Page 19Automation Origination Points NA, Network Management Automation can happen from three different origins: so cnr > Omthe-box automation using built-in scripts > Servers running Network Management protocols » SDN Controllers bos. » SDN - Software to control hardware, » SDN Controller is integral part of SDN. » With SDN, A Network engineer/Administrator can shape traffic from a centralized control console © Without having to touch individual switches in the networks Network Automation - SDN NA, » The future of networking is network automation. » SDN = Software Defined Networking > Software/Applications controls the hardware/Network Devices . » With SDN, A Network engineer/Administrator can shape traffic from a centralized control console * Without having to touch individual switches in the networks > Software defined networking is what makes network automation possible. a oS a Comrol Layer infasrctre Liner S oeWhat is SDN 2 NA. » Networking devices forward data in the form of messages, typically data-link frames like Ethernet frames. » Network programmability and Software Defined Networking (SDN) © Take those ideas, © Analyze the pieces, © Find ways to improve them for today’s needs, © and reassemble those ideas into a new way of making networks work. > Atthe end of that rearrangement, the devices in the network still forward messages, but the how and why have changed. » With SDN, A Network engineer/Administrator can shape traffic from a centralized control console © Without having to touch individual switches in the networks SON controler‘SDN Controllers SDN Controllers | ‘ONLINE A. » SDN Controller is the “brains” of the network. © SDN controller with Software to control network devices. » With SDN, A Network engineer/Administrator can shape traffic from a centralized control console © Without having to touch individual switches in the networks swig Progammatie Son controlerSDN Controllers NEA, » SDN Software comes in two form factors: Software pre-installed on a physical chassis (Le. “ Appliance”) Software installed on your own server (or in the Cloud) Cont Layer g SDN Controllers — Vendors ~™ ‘Vendors that offer SDN controllers include the following: > Cisco APIC > Vmware NSX » Nokia Nuage Networks » Juniper Contrail Networks \ et » Big Switch Networks tA > > Cumulus Networks » Hewlett Packard Enterprise Examples of Cisco SDN Controllers; > Picas s > Clsco AC/APIC. » Pluribus Networks (RCO hewtance > Cisco APIC-EM ee ‘radon Network eteare-Deted Network Control Layer covarune | mR <9 ae Insrucare Liner __ ment Gas este omnes page 2sNETWORK ONLINE ACADEMYManaging Traditional Networks i G 2A. Managing Traditional Networks a nd » — Box-by-box management ~ CLieien ie notepad conti fle Extensive use of Telnet/SSH/HTTP or SNMP » Devices start with minimal (or no) initial configs. © Complex CLI commands or box-by-box GUI implementation. consi Enterprise Network ere Pr e535 nachManaging Traditional Networks NA, Networking functions implemented In individual devices using vendor-proprietary ASICs lI, Traditional ASIC ee ee Catalyst 3850 - 24 Port ASIC Architecture 'Non-Blocking 24 Gbps, Non-Blocking age Pons 20 Gbps UplinkManaging Traditional Networks NA, Multiple, disparate servers for network management (DHCP, ISE, SNMP, WSA etc)Network Mangaed by SDN Controllers er Networks managed by SDN Controllers ape veel oitle Ache Dynamic implementation of initial configurations » Zero Touch Provisioning > Plug-and-play initial provisioning ‘Network Operations ee ceen Lemerprise or? a Remptebt Tero Tispnetwork Dajan 1 (atts) iternet) SES metas cecs the BF he comet the sss | 2) cate eth BE a cae em Sine mostofire Pim nhs > Automate deployment of new devices > Obtain initial image/configurations > Reduces the time a new device takes to join the network and become functional. Networks managed by SDN Controllers NOA, » Dynamic and automatic updates/changes to configurations based on pre-configured policies assNetworks managed by SDN Controllers NA, » Relocation of Control Plane functionality to a central SDN Controller © SDN Controller is the “brains” of the network. + SDN contoler with Software to control network devices. anti ree tet ~ rogaa cyuse “6 Networks managed by SDN Controllers » Controllers can consolidate multiple management services into one box. SDNNEA. SON Controllers - Architecture Identify Network Device Planes The Management Plane & SDN How SDN Affects The Control & Data Planes > SON- Imperative & Declarative Models SON Controller's Impact On Network Design + Controller-Based SON Architectures — Sikandar Shak CCIES (RS/SP)/SEC # 35012 ‘Underlay Network Overlay Network SDN Fabric Senior Technical Instructor teen (cc) (coe) (cor Youtube.com/sikandarshaik —— (ge cae) (car) Linkedincom/in/sikandarshtk/ Worn Noasolutions cam Identify Network Device Planes NEA Functionality of network Device segmented in to three separate contexts called Planes. 1» Controt Plane 2 Data Plane > Management PlaneData Plane NPA. » The Data Plane is responsible for transporting data through a network Packet forwarding between the device interfaces ( user traffic) Also called the “Forwarding Plane” > Traffic willbe in general IP (non-IP can also work using encapsulations) MAC Address Tables Routing Tables (“Forwarding Tables”) gy Be Be A) Cables, NICs © ® ® Packet buffers and queue ip db ip fj » Control plane should be functional for data plane to work. Leams information via control plane (Downloaded to data plane) ‘a Ce access Lover Data Plane —- Common Tasks JM BA. » Matching an Ethernet frame's destination Media Access Control (MAC) acldress to the MAC address table (Layer 2 switches) » Adding or removing an 802.1Q Trunking header (routers and switches) > De-encapsulating and re-encapsulating a packet In 4 data-nk frame (routers, Layer 3 switches) » Matching an IP packet's destination IP address to the IP routing table (routers, Layer 3 switches) > Discarding a message due to a fiter (access control lists {ACLs!, port security) » Changing the source or destination IP address (for Network Address Translation [NAT] processing) » Encrypting the data and adding a new IP header (for virtual private network [VPN] processing) | Frames IN Frames Out a} 8 S, nd o> > to a> covetoyer seca ayerControl plane » Learns information required for packet forwarding (Data plane) » Tells how the device to forward or act upon specific trafic. © Builds IP routing table & Routing protocols (OSPF, EIGRP, RIP, BGP) © Switeh MAC table, ARP, STP, VTP IGMP , PIM , NHRP, LDP , ICMPv6 © [ve Neighbor Discovery Protocol (NDP) Frame Franco » Any feature or protocol that exists to provide tis abity, resides in the Control Plane z > Control plane information has to be bulle( Where or How to forward packets) a Ss eilae o @ oo @ ah 4aP 4p a ieedi flee acess Layer Management Plane NEA. » Includes protocols that allow network engineers to manage the devices. ° Configure, monitor, troubleshoot » Used for Network device management & Telemetry ( network trafic visibility) © Console, Telnet, SSH, HTTPS ° AAA(TACACS+, RADIUS) NTP, Syslog, SNMP, Net flow > TrafMic destined to the network or sourced from the network device, : “Telnet, SSH, SNMP, Syslog ¥ | Management Plane ‘Wanagement Plano ‘Control Plane Control Plane Forws >[_Contot Plane Data Plane xp P+ Patets 15 Data Plane oa Frames IN Frames OutThe Management Plane & SDN OA, » How is the Management Plane affected by SDN? Many SDN Controllers rely on existing Management Plane mechanisms (Telnet, SSH or HTTPS) » Some new mechanisms have been developed for new types of access: Recor Sites NETCONF Communications — fe 4 + Lea) , NETCONF Communications Manager Scmaemenmrais ee Agent —_—_—__ fe eee neem NP See | ome D4 See] ee () = How SDN Affects The Control & Data Planes NA, » Moves the Control plane logic into software that runs as a centralized application called a controller: Controller has control over programming the forwarding path of the devices. » Centralized control console without having to touch individual switches. » The controller can perform all control plane functions, replacing the devices’ distributed control plane. > Controlier sits anywhere in the network that has IP reachability to the devices in the network.SDN - Imperative & Declarative Models > Separation of the Control and Data Planes ‘Two approaches for Controller implementation; Imperative approach Declarative approach SDN - Imperative Model » Al functions of the Control Plane centrally reside at SDN Controller Controller can directly program the Data Plane of devices, > Also called “Stateful SDN” sich \ Contra Plane (aa rane J | OA.SDN ~ Declarative Model NA, > Both Control and Data Planes reside within individual network devices. > Controller “declares” how it wishes the network to function (based on the application requirements) > Network devices declde how to translate that nto functlonal actlons ‘sen for programming their own, individual Data Plane constructs V sp » Cisco Approach of SDN controllers. > Also called, “Stateless SDN” oat prane Hey Switches! When SrA is talking o Srv-2, choose the path SDN Controller's Impact On Network Design NEA, » Hardware selected must understand the Controller's protocols > Controllers should be configured in clusters for redundancy a + Security is critical » Is training available for LT. staff on new protocols and software? \> Most of the software defined networks are based on the underlay and overlay both in order to achieve the separate control and data planes in the network » Underlay Network » Overlay Network » SDN Fabric (Overtay Network v Underlay Networks » Protocols and features used to establish full IP reachability between endpoints. » All links typically configured as Layer-3, point-to-point. » Common, industry-standard Routing Protocols used (OSPF or 15-15) » Network Engineers have been building/maintaining underlay networks for years Overay Network ow os siete oon aD. . wolbaaag _ gi g = SeamsOverlay Networks Mi OA. » Virtual network that is built on top of an underlay Networks ( Network infrastructure) » SDN Controller (Software) decides the path to use based on the dynamic policies. Running on the top of Underlay network (IP reachability end to end) Overlay Networks ~ Examples » Practically implemented via VRFs, MPLS-VPNs, VxLAN or other technologies. 10.1.1.1/30 10.1.1.2/30 e- (> +e 209.165.201.1 198.133.21987SDN - The Fabric NPA. > Physical infrastructure used to build the Underlay Network ‘Actual switches, routers, cables, and internal switching paths) » Describe ONLY those devices (in the Underlay Network) that can be programmed/controlled by the SDN controller » A fullmesh of devices with multiple, equal-cost paths between destinations Undertay NetworkNM OA. Application Programmable Interface (API) + API Examples + API—How it works + API—Types « API Usage In SDNs ~ Northbound & Southbound APIs Sikandar Shaik CCIEx3 (RS/SP)/SEC # 35012 ee ey cB) 7 ofthe (ccie faeerrarer (got) (coe) ccie)\(Ccie) Twitter.com sikandarecie =a? Son Linkedin.com/in/sikandarshaik/ Wor Noasolutions.comWhat Is An API? NPA. » Application Programming Interface > Aplece of codes to allow different applications to talk to each other. os Applications voces e@ Pern Se eA Se = §eg aN Seer aeons e = o- aa ras ° es ° x tmee ao 227008 > ee . = « a = - a e _ bate =<. a «API Examples iM 6 2A. Each time you use an apps you're using an API. equa Travel Bookings Check the weather on your phone /Google Logging-in with Facebook, —_— a paying with PayPal, Interacting with a Twitter bot Facebook, send an instant message 55" Login to your account | A Ce © 2 Pay with Other How it works JN © ZA. > Application on your mobile phone, the application connects to the Internet and sends data to a server. » The server then retrieves that data, interprets it, performs the necessary actions and sends it back to your phone. » The application then interprets that data and presents you with th » This is what an APL is all of this happens via API. formation you wanted in a readable way. Request. | re A Wobie Response Sener Apeation (Becond System) __ men Ges este omnes page arAPI — Types API Local Applications NEA, Those that allow internal applications in your local system to exchange data, API_— Remote Applications Coma RCL) <6 Pi RCCL ‘Those that use IP networking to exchange data between remote applications. Control Layer giles Bete Tafasacure LayerAPI Usage In SDNs NEA. » Two primary uses of APIs in the world of SDN; Applications connecting to Controllers (Northbound API) Controllers connecting to network devices (Southbound API) Northbound API Cee Corte API Usage In SDNs NA, » Both of these types of connections utilize the Internet Protocol (IP) * Frequently over HTTP interna Campus Network, Request _ntpmysrertasks y= Meaasyee > APIs use a Client/Server model © Application (API Client) communicates with SDN Controller (API Server) SDN Controller (API Client) communicates with Switch/Router (API Server)Northbound & Southbound APIs OA, » With reference to SDN, APIs are considered either Northbound or Southbound. » This is all in relationship to the position of the Controller in the topology. SDN Stack tS mn $385 = — hi Southbound API Northbound APIs JN SA, Northbound APIs are the link between the applications and the SDN controller. Northbound API SDN Stack Applications ttt ortwouns ‘The applications can tell the network what they need Controlers ie Ki ‘You might think of these: . » The capabilities of each devices - » The interfaces/ports on each device » The current state of each port » The topology—which devices connect to which, over which Interfaces » Device configuration—IP addresses, VLANs, and so on as configured on the devicesExamples Of Common NorthBound APIs NA, SOAP (Simple Object Access Protocol ) » XML-based protocol for accessing web services over HTTP. > XMLebased messaging protocol for exchanging information between devices (computers/routers etc) » Provides data transport for Web services. REST (Representation state transfer) » With respect to SDN, most common web service API > Uses HTTP « API Framework » Uses less bandwidth, making it more suitable for efficient internet usage. » Vendors using REST API ~ Intent (Cisco) Contrail Guniper) SouthBound APIs JN OA, » Used to communicate between the SDN Controller and the switches and routers of the network. » Allow the controller to program the data plane forwarding tables of the networking device. SDN Stack le Ws da at > ‘outhoouna Hardware/Firmware ¢ ¢ ° Southocund Inverse (S81)Examples Of Common SouthBound APIs MOA, South Bound API NETCONF RESTCONF ‘They can be open-source or proprietary. CLI (Telnet/SSH) and SNMP (used with Cisco APIC-EM) Openflow (from the ONF; www.opennetworking-org) OpFlex (from Cisco; used with ACH CLI (Teinew’SSH) and SNMP, and NETCONF (used with Cisco Software-Defined Access) IETF standard protocol (RFC 4741 and RFC 6241) Install, manipulate, request and delete the config of network devices Uses XML coding for edit /configure/query a network device ecb 3. Same like NETCONF ( provide RESTful API Experience Request and response data can be in XML or JSON format. BS vv Controller & Applications (NBI JN 2A. » The controller is software, running on some server, witich can be a VM or a physical server. » Application & Controller can be on the same device or different hosts Inside the Contoter aR App (Java) © a API Information Flows 1 all HTTP GET URI HTTP GET Response: JSON data Oo ® mn Controller API ‘Conc Gove == Same Device » use an NBI, which is an API, so that two programs can communicate. » API does not need to send messages over a network because both programs run on the same system Different Device » Allows applications to sit on different hosts, using HTTP messages to transfer data over the API. » API needs a way to send the data back and forth over an IP network, and RESTful APIs meet that need.Introduction to DNA Center NEA. Introduction To Cisco DNA Center + The Problems Defined + Introduction To Cisco DNA Center + DNACenter Components Sikandar Shaik CCIE (RS/SP)/SEC # 35012 Seater cits) / ofthe ) / oflfiRo Facebook.com/sikandarSo0l2/ k } eral (cae) (ce) (ccle) voor umes A me £ Xs Twitter.com/sikandarccie ae Linkedin.com/in/sikandarshaik/ Www.Noasolutions.comCisco DNA Center NA, » DNA = Digital Network Architecture > ea apace that proves Cente graphical etc and prpanming rfc 0 © Dein your network eamE™ Add & configure devices Monitor your network and devices Trains tev pees Of -0~ roa ae om Le Doe Selincetge so ‘The Fabric: | ' osenstnoceey | a CS EF coxa andar Doves Une | | Wades a owe | rilcOnACare | a (ner Pot Cisco DNA Center — What can do » Discover Your Network > Manage Your Inventory sd O—_ ae aed > Manage Software Images Provior » Display Your Network Topology » Design Network Hierarchy and Settings Atorson » Run Diagnostic Commands on Devices ee » Create Templates to Automate Device Configuration Changes ; > Configure Telemetry Profiles roman sete | » Identify Network Security Advisories Nar Ds Ue | cae cane MALI et > Configure Policies : — » Provision Your Network » Cisco DNA Assurance » Troubleshoot Cisco DNA Center Using Data Platform» Cisco DNA Center is available as a Physical appliance with the DNA Center ISO image pre-installed and tested. Cisco DN. ppliance NA, ne Ply SON Cntr ‘teeny Provision | Assurance ‘Meas engine Conte date Telnet rage ‘pean sty Gee F080S Network devices physical Cisco DNA Center Dashboard Cisco DNA Center Agptance cand virtual isco DNA Center also offered as DNA cloud > https://dcloud cisco.comv > https://www.cisco.comvc/dam/en_us/about/doing_ business /legal/OfferDescriptions/dna-center-cloud,pdf Cisco DNA- Appliance NPA, > When you buy DNA Center, you will get physical appliance = =z iB + Cisco UCS® C220 MS + Cisco UCS C220 M5 + Cisco UCS C480 MS Rack Server - 44 cores Rack Server - 56 cores Rack Server - 112 Cores + 1000 switches/routers + 2000 switches/routers + 18,000 devices + 4000 access points + 6000 access points + 100,000 clients: + 20,000 clients + 40,000 clientsCisco DNA Center Components Cisco APIC-DNA » Is the SDN Controller with GUI management ( DNA) Has builtin GUI via API which controls DNA Center. > APIC uses southbound API to communicate with devices ( ISE, Network Devices) Netfow HTTPS SYSLOG Cisco DNA Center Components Cisco ISE » _ISE provides Central part of security policies (like AAA) » DNA Center learn about network devices connected via ISE. (Application Policy eee) 1s Points ro DNA Center API Nettow HTTPS SYSLOG fon Cisco APIC - DNA |_tntrastructure Controter) Cisco ISE (identity Services Engine) Radius EAPOL Cisco APIC - DNA ‘(Application Policy Infrastructure Controller) Cisco ISE (identity Services ee oa or Engine) Radius EAPOLCisco DNA Center Components XA, Cisco NDP. » Network Datagram platform Is analytical Engine Collect information about network via NETFLOW, HTTPS, Logging etc Support Artificial Intelligence / Machine learning to spot problems & troubleshoot. Cisco APIC - DNA {Application Policy Infrastructure Controller) Cisco ISE (identity Services Engi Netfow HTTPS SYSLOG ey Router Cisco DNA Center Components MOA, ‘When you buy DNA Center, you will get physical appliance —— o_o | API Socal pees -Gemuesonme remmettet | cote || ere API | Cisco ISE i rire (lon Services Engine) Netw NETCONF AAA hres Sane tus Syatos Ee EAPOL eens itches int Routers rerco Devnet - Sandbox Cisco DevNet | OA, » Cisco's developer program to help developers and IT professionals, ‘who want to write applications and develop integrations with Cisco products, platforms, and APIs. sthtetlte cisco DEVNET LEARN CODE INSPIRE CONNECT » Cisco DevNet includes Cisco's products in Software-defined networking, security, cloud, data center, internet of things, Collaboration, and open-source software development. What is Cisco DevNet Sandbox? NPA, > DevNet Sandbox makes Cisco's free spread of technology available to developers and engineers by og ged Sees ? » That’ right, totally fret » Each sandbox typically highlight one Cisco product (think, CallManager, APIC, etc). 4d & @I > nnps:/developer:csco.comvsite/sandbox/ = eeWhat is Cisco DevNet Sandbox? NA. > Sandboxes can be used for Development, testing APIs, * Learning how to configure a product, training, hack-a-thons, and much moret » There are wo types of sandboxes, Always-On and Reservation gs Cael Bema =) (es we) a . AC! Simulator Ala ACI Hardware Rese. Seve + Beer ti trcinaty | AP Simulator Version APICHW ver 22010) 8 Nesom phi + Herb VPaa ann | 2.28) 79000-1220n) Pegs dna co Cer trig eet sree 9 sco + Gey selma ey Cisco DNA Center - HomePage NA, Log In to DNA Center » Access Cisco DNA Center by entering its network IP address in your browser. hheeps./server-io Example: https://192.0.21 » The home page has three main areas: Network Snapshot, Network Configuration, and Tools. acura ores > 700% % . 100% —— 1 ios 4 0 :Cisco DNA Center - HomePage NA, & Design & Policy @ Provision pe Assurancehttps://developer.cisco.com/site/sandbox Click Login Sikandar Shaik CCIEXS (RS/SP/SEC) Hyderabad, INDIA. Whatsapp - +91 9985048840, +91 7036826345 Page 55Get started with sandbox Selcet DNS always on (any lab)Read the below message on the left side This Lab Requires NO Reservation Overview Cisco Digital Network Architecture (DNA) Center is a centralized management application for the network. Cisco DNA Center provides a single pane of management to design, provision, enable policy, and assure network services with full visibility of user and device identity, operating systems and applications across the entire network fabric. Cisco DNA Center allows you to manage the enterprise network over a centralized dashboard and deploy networks in minutes, not days, using intuitive work flows. The Cisco DNA Center Sandbox provides the developer the ability to design, develop and test utilizing the Cisco DNA Center development platform with a sample Sandbox Lab Topology. In this sandbox the developer can The Cisco DNA Center Sandbox consists of a virtualized Controller and real Hardware sample network topology containg network elements and hosts that developers can utilize so they can develop, debug and test their sample Cisco DNA Center application + Developitest Cisco DNA Center type applications with the Cisco DNA Center. + Interact with the Cisco DNA Center API calls using a variety of REST clients such as POSTMAN wheat Saroninshonsasi maraseahtinnsem® Page 58Sandbox Access The Cisco DNA Center Sandbox is designed to be accessed via the internet. VPN is not required or provided to connect to the Cisco DNA Center Appliance and sample network. The developer does not have any direct access to the sample network elements and hosts. To access the shared environment and integrate with the sample database, please follow these steps: 4. Go to https://sandboxdnac2.cisco.com 2. Accept the self-signed certificate 3. Allow for showing of Browser Notifications 4. Login with credentials [devnetuser/Cisco123!] (ciscoONA CenterDefault Home Page After you log in, Cis main areas: Network Snapshot, Network#% Design # Provision Policy assurance 2 ed Tero FoorREST-based APIs NA. + APIDefinition What Are Web-Service APIs > ‘Types & Similarities Among * Web-Service APIs + Introducing REST + REST Architectural Constraints + HTTP Verbs& CRUD + RESTAPI Data Encoding Sikandar Shaik CCIEx (RS/SP)/SEC # 35012 Senior Technical Instructor Facebook com/sikandarSS012/ = Youtube com/sikandarshaik ofAT IRD ofAteD oeeriereD ee } a rr ico )s(ecte age }\c CCl GE) Linkedin.com/in/sikandarshaik/ Sy — ‘scan Www.Noasolutions.comWeb-Service APIs NA, » An APIs an Interface between two or more applications by which they can access each other » API can use any means of communications to interact between applications » Uses HTTP messages to send and recelve Information between the SDN controller and another application © A.common type of API to access data on a remote device over an IP-based network poe) Twente retrieve the ane AY’ interface Ol Wel > A.common type of API to access data on a remote device over an IP-based network » Uses HTTP messages to send and receive information between the SDN controller and another application » Data Is referenced in the API via URIs or URLs URI = Uniform Resource Identifier A string of characters used to identify a resource on a computer network + Example: /dna/intént/apirvisneowork-devicé/ {idan —EH#———. python Northbound InterFace (NBI) ervice APIs WOA. Web-service APIs can » Add new data (create) » Ask for data (read) > Modify existing data (update) > Destroy/erase data (delete) is imertce a) ——. em =mCommon Web Service APIs NA, SOAP (Simple Object Access Protocol } » XML-based protocol for accessing web services over HTTP. » XML-based messaging protocol for exchanging information between devices (computers/routers etc) » Provides data transport for Web services. =6 REST (Representation state transfer) » With respect to SDN, most common web service API » Uses HTTP & API Framework > uses less bandwidth, making it more suitable for efficient internet usage. » Vendors using REST API ~ © Intent (Cisco) © Contrail (juniper) Common Web Service APIs Mf OA, NETCONF » IETF standard protocol (RFC 4741 and RFC 6241) » Install, manipulate, request and delete the configuration of network devices Uses XML coding for edit /configure/query a network device Feviave the running eeetigurtion Change the running configuration Funa show command RESTCONF » Same like NETCONF ( provide RESTful API Experience » Request and response data can be in XML or JSON format. when saronieshonscai maassahtonssam Page 65REST API NeTWoR OA. » Representational State Transfer > With respect to SDN, most common web service API » REST is a software architectural style that defines the set of rules to be used for creating web services. » REST APIs act on “Resources” —= 3 @ : tf Rtsinertce — ‘Control Layer Soins AP Infrastructure Layer #3 pixar cemapvorers (trae crue resvteampl convapvovers 23 (tree ore #129) repvienampecemiapionrs (cate anon for ea rove hh recut) epviexampe cenianvore25 Lupa oe 123, tom ca roves wen he ree) ost rote anew resource = Pur Update aresouce == resvnnpecroioaen5 I (ence eh REST API NPA. > REST API commands utilize standard HTTP “verbs” (GET, PUT, POST, DELETE) PP. P ‘© Variables O_O HTTP GET URI HTTP GET Response: JSON data Controller APL » GET: A read-only method to retrieve a specified resource. » POST: Submits data to the specified resource to process. The POST method can also create new resources. > PUT: Updates the specified resource by replacing the existing data, » DELETE: Deletes the specified resource. wentto retrevethe Iwanttovet Aine web staN ric ‘ion T Network Automation Tools Capabilities of Configuration Management Tools Common Config Mngt Tools & Their Similarities Masters & Agents Push & Pull Madels What Are Configuration Files Puppet Terminology & Concepts Chef Terminology & Concepts + Ansible Terminology & Concepts Sikandar Shaik CEIEX3 (RS/SP)/SEE # 35012 Senior Technical Instructor oo ee eo oe Facebookconsikandar35012/ Youtube.com sikandarstik osnrireo ofmtireo faire penn (ccie)( ccie ):(CCIE) Linkadincon/i/sikandarshit/ ae? aah £ 2 Www.Noasolutions.com ae a ~ Network Automation Software Tools JM DA. Neowork Automation allows a Dynamic provisioning Initial Configurations Making changes Pushing down Images (Software upgrades) S$ 2% ANSIBLE CHEF 4 > puppet BS SALTSTACK a a B Ee ° e ecwor Cefn Tol Gut ca at SDN Cantar Antic ~N. Pa chet cee A | “SS ppt aConfiguration Management Tools - Capabilities NA, » Remove dependencies of box-by-box CLI management . » Automate deployment of changes, ether by scheduled process or manual deployment Lag ‘Avoiding human errors and applying configuration fast a 1 ‘Avoids configuration related problems , ~~ Elmiat epee as ~ » Centralize configuration and software management tasks onto a single Controller Effectively manages simultaneous updates, Utilize scripts and tools to perform mass upgrades/changes, » Plug and Play Initial Device provisioning (Day-Zero Automation) » Create resources that can be applied against a single node, or groups of nodes sense AF es ansiete. CHEF * @... > puppet GB SALTSTACK imilarities | O 2A. » All tools require some CLUscripting knowledge Some CLis resemble Cisco 10S Some are totally different (like YAML (python) or RUBY scripting languages) » Many tools include a GUI used to; Schedule automated tasks Manually instantiate events » Need to build config files with scripting language (associated GLI reference ) Config Management Tools & 2% ANSIBLE CHEF ( * puppet gS SALTSTACK wns seroeio, sh neat mamraeeahitinssam Page 68Masters & Agents WN Y fd. Some types of configuration management mechanisms require two pleces MASTER Server controls the configuration information >The Component Installed in your Server. AGENT » Each managed! agent node requests its own configuration catalog from the master. » Require the user to installa piece of software on each device that needs to be managed, called an agent. Devices that have the agen¢ (client) installed locally on the device = Master containe ll the configurations = Cd Puppet Agent | Puppet Agent J Puppet Agent i Masters & Agents JM OA. v > Puppet, Chef and Salt Stack are examples ofthis. > Config management Software's uses different names‘terminology: Puppet: Master-Agent CHEF: Master-Agent SALTSTACK: | Master-Minions (Master contains al the configurations Pree Puppet Agent [f Puppet Agent [J Puppet Agent Configurations are pulled from the Master by the Nodes,Config Mangement Tools - Agent_vs Agentless NA, Agent-based tools » Require the user to install a piece of software on each device that needs to be managed, called an agent. » Each of these agents then communicates to a controlling ‘master’ device, Which stores the desired configurations of the machines it manages. Master can make changes securely to the devices which have an agent installed » Examples - PUPPET, CHEF, SALTSTACK i Master contin athe configurations Ses Puppet Agent |) Puppet Agent ff Puppet Agent Conran ar piled rom the Master bythe Nodes . Config Mangement Tools - Agent_vs Agentless NOAA, Agentless tools » Do not require agents to be installed to manage machines and communicate via protocols such as SSH and WinRM. » Uses proxy agent speaking on behalf on devices ( no agent software) ‘On agent can proxy to multiple devices > ANSIBLE uses SSH for remote access » PUPPET BOLT ~ Simple agentless = 0 oe © S B BConfig Management Tools - Push & Pull Models NOA 7 ‘There are two types of configuration management approaches. oe8 | » Ne = i Od) Ausiete ae ee & Config Management Tools - Push Model JN OA, » Master pushes a configuration (or other change) down to the nodes » Good method for tools that require no Agent component. ‘Agent/client may or may not be installed on each node. Configurations either pushed Manually or scheduled, Examples ~ ANSIBLE , SALTSTACK ca wcnmmewnen SALTSTACK ANSIBLEConfig Management Tools - Pull Model “ Sa? nd) » The nodes (with Agent support) pull the configuration information from the server » Agents responsible to frequently poll the Master to detect changes. ‘Compare config from server & Update if mis-match » Always the agent/client that initiates communication, not the main server. » Examples - CHEF & PUPPET Creating Configuration Files NEA, » Configuration files defined on the master & pushed to the nodes/Devices +The complexity of creating device configuration files differ among these Configuration Automation Tools. > Ansible & SaltStack utilize YAML > Puppet & Chef utilize Ruby (or Ruby-derivatives) © Called “Domain-Specific Languages (DSLs) © Puppet configuration file Is called a “Manifest” (Sang ie" ctsore =} prevents nave: configure top Level configuration cisco_interface_ospf ‘ztherneti/2" do ‘os contie een eo Nae er cisco_interface nt ("Ethernett/2 Sample”: ove: configure interface settings engure’ Ss present, eseription test sntertace ip sedress 172,31.1,1.155.255.255.8 parent setertace Etheret] hello interval 200 + nae: conffgre ip belgers on mitiste fntertaces Message digest true ‘oncom nessage_digest encryption type ‘cisco type_1' tines Tip elper-adsress 172.25.2.18 ae 4 mn ae essage_digest_key_id 7 wh en: massage digest passvord "GHBLSSc09étasee! + terface Ethernet essive interface true saterface Gigabtetherseth end» Puppet is a configuration management and automation tool. © One of the more commonly used tools used for automation » Cisco supports the use of Puppet on a variety of devices, such as © Catalyst switches, Nexus switches, and the Cisco Unified Computing System (UICS) server platform » Puppet works with many different vendors » Uses pull Model ( needs an Agent installed on nodes) to get its own configurations. » Writing code within Puppet , Ruby Is the language used. ( Domain Specific Language) Puppet Terminology/Concepts NeTWoR OA. Puppet Master (Server) » Controls the configuration information/Automation tasks. » Communicate with devices that have the puppet agent(client) installed locally on the device. PUPPET Agent (Node) » Devices that have the puppet agent (client) installed locally on the device Require the user to install a piece of software on each device that needs to be managed » Each managed agent node requests its own configuration catalog. from the master. IPPET DATABASE > Changes or automation tasks are stored in the puppet database PuppetDB), * Can be located on the same puppet master server or on a separate box. ata Cntr Network Allows the tasks to be saved so they can be pushed out to the puppet agents at a later time.Puppet Terminology/Concepts NPA, PUPPET Manifest nitp_server { 11.234: » Configuration files defined on the master & pushed to the nodes/Devices ‘ensure => ‘present, » Written using Ruby programming language and saved with an extension of _pp Data Center Network source_interface => ‘Vian 42’, =e al coe cisco_ospf {"Sample": ensure => present, cisco_ospf_vrf {"Sample default": ‘ensure => ‘present’ default_netric auto_cost => '46¢ banner ‘default: motd => Violators will be prosecuted’, cisco_interface_ospf {"Ethernet1/2 Sample": i ‘ensure ent, area => cost => } Puppet Terminology/Concepts NPA. PUPPET Module > Modules are a collection of files and sctories such as Manifests, Class definitions. Puppet has many modules available for many different vendors and device types. » Examples - ® Cisco Module to install and configure Cisco Devices. © the MySQL module to install and configure MySQL etc. » They are the re-usable and sharable units in Puppet .Duppet. com puppetlabs/ciscopuppet > ttps:/for et.com/puppetlabs/cisco_losPuppet — Agent vs Agentless NA, » Puppet typically uses an agent-based architecture for network device support. » Some network devices enable Puppet support via an on-device agent » However, not every Cisco OS supports Puppet agents, » Puppet solves that problem using a proxy agent running on some external host (called agentless operation) Internal ‘Agent Puppet Master » Puppet supports both an agent-based and agentless architecture, » with the agentless architecture being the case of using an agent external to the network device » The extemal agent then uses SSH to communicate with the network device. Puppet — Pull Model NPA. Puppet uses a pull model to make that configuration appear in the device @ sui tie STEPS ® +. Build Contig files ( Manifest) foot @ruiveaie 2 Start Agent ( on Device or proxy) 2 Agent pull manifest details Sracces «Agent Pull config ( manifest) from server —— Puppet tasterCHEF NPA. » An open source configuration management tool (also available in paid enterprise versions) » Designed to automate configurations and operations of a network and server environment » Writing code within Puppet , Ruby isthe language used. ( Domain Specific Language) » Uses pull Model (needs an Agent installed on nodes) to get its own configurations. » Similar to PUPPET ( what we discussed previous topic) » Chefs structure, terminology, and core components are different from those of Puppet Chef eee Chef Server al ae meee - SamyCHEF — Terminology/ Concepts Although the core concepts of Puppet and Chef are similar, the terminology differs. Workstations chet servers CHEF ARCHITECTURE DD wD; Chef server Puppet master Server/master functions Chef client Puppet agent Client/agent functions — ae Code being deployed to make configuration changes Where users interact with configuration amas ee easnies management tool and create code Cookbook Module Collection of code or filesChef Recipes — Example action :update command * Interface loopbacks2 end ‘dsco_command_config loopa2’ do description Peering for AS 42 Ip address 192.168.1.42/24 action :update command" router bgp 42 network 1.0.0.0/8 neighbor 10.1.1. remote-as 99 cisco ospf ‘sample’ do action create end cisco_ospf_vrf ‘dark blue vrf1' do fauto_cost 46000 default metric 10 og adjacency "log" timer throttle Isa start timer throttle Isa hold 5600 timer_throttle Isa max 5800 timer_throttle_spf_start 277 timer_throttle spf_hold 1700 timer throttle spf_max 5700 end clsco_command_config ‘router_bgp_42’ do router-id 192.168.1.42 address-family ipv4 unicast NA. redistribute static roure-map bep-stats cisco_intertac apt ‘Sample area 200 ddoaq_interval 200 ello_snterva 200 age digest true encryption type ‘cisco_type_? nessage digest algorithn type ‘nd3" ressage digest key_id 7 gear password “OUEI99eu9dGaSee" “Ethernet/2° do passive interface true ondAnsible - Config Management Too! Ansible NETWORK OW. YA. > Ansible is an automation tool that is capable of Configuration management & Monitoring. Deployment of applications ‘Automating cloud provisioning > Popular due to open source «its simplicity > Is.an Agentless Tool (no software or agent needs to be installed on the client machines) > Ansible communicates using SSH for a majority of devices, and it can support Windows Remote Management (WinRM) and other transport methods » Uses push Model (no need of Agent software on nodes) to get its own configurations. > Ansible sends all requests from a control station, which could be a laptop or a server ANSIBLE B B Control Station Terminology/Concepts NA, Control Station > Ansible sends all requests from a control station, which could be a laptop or a server > Ansible does not require a master node. Ansibl » Tecan be run from any host that has the Ansible package installed and sut ‘contro Station ll oe oeAnsible — Terminology/Concepts NA, Playbooks » The config files where Ansible code is written (YAML format). » Contain the steps which the user wants to execute on a particular machine. (0) c an =a o. etary » Uses an inventory file to keep track of the hosts it manages. © These files provide device hostnames along with information about each device © ike device roles so Ansible can perform functions for subsets of the inventory Ansible — Playbook /Inventory Examples NOA, ‘en Ansible Configurelnterface yami Playbook ‘ont Ansible Host Inventory File ~ hosts: CSRIKV-1 lrouters) gather_facts: false 192.168.10.1 connection: local 192,168.20. tasis, + name: Configure GigabitEthernet2 Interface (switches) 4os_config: 192.168.10.25 tines: 192168.10.26 ~ description Configured by ANSIBLI ip address 10.1.1.1 255.285.2550 Iprimary- gateway] + no shutdown 192.168.10.1 parents: interface GigabitEthernet2 host: *{{ ansible_host }}" username: cisco password: testtestAnsible — Terminology/Concepts A, Templates » A template in Ansible file which contains all your devices configuration parameters (with Variables) > The template files will usually have the .j2 extension, which denotes the Jinja2 templating engine used. Variables: + Using YAML, a file can list variables that Ansible will substitute into templates » The variables in a template file will be denoted by the double curly braces, “{( variables }. Ansible conte Aegon vais ssn roan} —— | aya i PO Templates ec |— /gthub.conv lasonbarbee/ansible-cisco-templater/tree/master templatesEncoding Data With JSON «+ JSON Overview + JavaScript Foundational Overview + Benefits Of JSON « JSON Value Types «+ JSON Syntax Rules Sikandar Shaik CEIES (RS/SP)/SEC # 35012 Senior Technical Instructor Facebook.com/sikandar35012/ Youtube.com/sikandarshaik oennieo otto canTIFED Twitter con/siandarecie (c IE)! (ccie } (ccie) Linkedin.com/in/sikandarshik/ mae) sa Sey Www.Noasolutions.com ~ ¥ ~ API - Data Formats NA, » Defines the exact format ( data representation ) between with in the API. » The most common formats found in modern APIs are ‘YAML (YAML Ain't Markup Language) XML (Extensible Markup Language) JSON (JavaScript Object Notation) See oP = @SON Overview NA, » JavaScript Object Notation (Pronounced “Jay Sahn") » A ssubset of JavaScript syntax. » Uses human readable text to transmit data objects (SON objects) between server and clients. © Consisting of attribute and value pairs. » Used extensively by web-service APls (uch as REST APIs) Conirol Layer ‘San A - Inari LE a (Bade ter = Benefits Of JSON NEA. > Iris light-weight ://codebeautify. » Easy to read and write hnetps.//codebeautify.org/xmitojzon » Text based, human readable data exchange format Rissh run int fo/0 | format > Itis language independent 0" ancodingn"om ‘ hitps Eanevertcem"> 4a" =12421¢0000000072038", TieScontes XML Gescription": "3", eae ee wabeite®s H{CBAPA( pul} f> “ifenatAtmuli tsar JSON ——— {eoarAtwl1) )> , See itagtounery">s1(CDAEA [nll] ]> country"! "3", ‘pingcount yal {eDATAC mil]

‘stateorProvidence" : Shr YaLovGoncripeions<¥ contntnatl }IsSON Data Types > Strings { >» Numbers *number_1": 210, type” : “ethernet”, » Objects “if-name’ : "gigabitEtherneti”, > Arrays “description” : “outside” » Boolean ‘praddress” :"172.15.15.15", “subnet-mask" : “255.255.254.0", > Null *nat-direction” : "outside", } UL Mi OA, "Geek’:{ “name”:"Peter”, "age”:20, “score”: 50.05} } ISON Data Types Strings { ‘Any sequence of characters, inserted between " and " (double quotes). Must be written in double quotes “result” : true, grade”: null, ‘rolino” : 210 iM OA. "type" : “ethernet”, "if-name" : "gigabitEthernet1’, > Baample: {“name”: “Sikandar”} { Fase ion: ownide” “color”: “Purple” |) sip address”: "172.15.15.15", } *subnet-mask” : "255.255.254.0", ‘Numbers a "nat-direction” : “outside”, > Integers or floats } These include digits between 0 and 9. It can be a negative number (e.g. -10.) It can be a fraction (e.g. 5) Example: {"age”: 5) { *age’: 20 } { "percentage": 82.44) username’: "tod", "password": *reist2",SON Data Types NEA, Objects » Its. set of name or value pairs inserted between (} (curly braces). » Composed of one-or-more name-value pairs > Multiple key and value palts are separated by a, (comma). » Example: {“Department”;”Payroll”, “VLAN”:300, “Manager”:”’Bob”) { "Geek": { "name”:Peter’, “age”:20, “score”: 50.05} t { “type” : "ethernet, “ifname” : *gigabitEthernett”, "description" : “outside *, “ip-address” :"172.15.15.15", *subnet-mask” : "255.255.254.0", *nat-direction” : “outside”, J SON Data Types Mi OA. Arrays » isan ordered collection of values > Begins/end_ with [Square bracket] » The values of array are separated by comma). » Example: {““classAges” : [5 , 8, 9, 101) Booleans » This data type can be either true or false Statement. > Example: (“sale": true) vTaee Null | It is just a undefined valueSON Syntax Rules NA, » Data Is in name/value (key-value) palrs ( grouped by Colon : ) > Multiple name-value pairs within a single object are separated by commas > Curly braces hold objects. > Square brackets hold arrays. » Spaces and fine breaks don’t matter. 10]} *username": “tod", : "password": "retst2", “pw-type”: 7, i “privilege”: 15 Interpreting JSON Data - Lab demonstration NA, After viewing JSON data from a router, answer the following question; ss > Where would this router send a packet going to 44. > Will the FastEtherneto/1 interface be allowed to transmit a Telnet packet, sourced from 1.1.1.1 and destined to 20.2030.17for more Updates on new Releases New Video Training series and Updated workbooks. Upcoming Class schedule ke us on facebook https://www.facebook.com/sikandar35012, https://www.facebook.com/noasolutions Up. https://www.youtube.com/sikandarsh WV, https://twitter.com/sikandarccie twitter Linked [fi https://www. linkedin.com/in/sikandarshaik,