APIs for Automating Network

Element Deployment

Ryan Shoemaker
Technical Solutions Architect
CCIE #7405
DEVNET-2323
Cisco Webex Teams

Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda

• Introduction
• IOS-XE with ZTP
• IOS-XR with ZTP
• NXOS with POAP
• PNP with IOS-XE
• REST with other Network Elements
• Conclusion

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
One admin can easily set up one network device

Image

Admin

Config

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
But that process does not scale up 1000 devices

Image

Admin

Config

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
APIs to the rescue?

• What does API Stand for?

• Application Programming Interface

• Definition of API
• API consists of a set of rules describing how one
application can interact with another, and the mechanisms
that allow such interaction to happen.

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
IOS-XE with Zero
Touch Provisioning
(ZTP)
ZTP overview

• Open bootstrap to automate network device provisioning in

heterogeneous environments
• Enters mode when initial installation begins, and device cannot find the
device’s requisite startup file
• Additional APIs to integrate programming scripts like Python and Bash
with device’s CLI
• Runs across IOS-XE, IOS-XR, and NXOS

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
How about ZTP on IOS-XE?
Device Type Release Added
Cat92001 16.12.1
• Enters mode when initial
installation begins, and device Cat93002 16.6.1
cannot find a startup Cat9400 16.6.2
configuration
Cat9500 16.6.1
• Guest Shell service provides
environment to execute Python Cat9600 16.11.1
script for configuration Cat9800 16.11.1
• Leverages DHCP to locate Cat3Ks 16.6.1
TFTP or HTTP(S) server to
push Python script ISR4Ks 16.6.1

• DHCPv6 also an option (added ASR1Ks3 16.8.2

with 16.9.1) 1Not supported on 9200L
2Support for HTTP server added (TFTP server support in 16.5.1)
3Support for ASR1001X, 1002X, 1001HX and 1002HX in 16.7.1

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Guest Shell Overview
Linux Shell Environment On IOS-XE

• Maintain IOS-XE system integrity

• Isolated User Space
• Fault Isolation
Linux
• Resource Isolation applications

• On-box rapid prototyping

• Device-level API Integration Guest Shell

• Scripting (Python)
Open Application Container
• Application Hosting API

• Integrated with IOS-XE Network OS

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
 ZTP boot process
Support for both
DHCP
in-band and
Management Ports

TFTP/HTTP Server: 172.16.118.125 (opt. 150)

2
File: /ZTP-Files/IOS-XE1.py (opt. 67)

1 Startup Config? 3
IOS-XE
Device

Guest Shell 4

6
5

TFTP/
HTTP
IOS-XE1.py
172.16.118.125
DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
ZTP boot process (static)
TFTP/HTTP server returns Python script
Configuration can be finished by:
a) Copying a complete Config into IOS-XE’s running-config.
b) Implementing CLI API and instantiating configuration

IOS-XE If Option a:
Device

Guest Shell
6
7

TFTP/
Config HTTP
Python Config
Script
DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
 The CLI Python API

What does this do?

- Permits Python calls to use CLI commands directly and return results
- Integrated into Python interpreter inside Guest Shell
- Enabled by adding library cli (import cli)

COMMANDS
• cli.cli(command) or cli.clip(command) – takes IOS command as argument, runs through IOS parser,
and returns/prints result
• cli.execute(command) or cli.executep(command) – executes a single exec command and
returns/prints result
• cli.configure(command) or cli.configurep(command) – configures device with configuration in
commands, multiple commands can be separated by commas, and returns/prints result

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Individual calls operate independently

cli.cli(“conf t”)
cli.cli(“hostname Switch1”)

cli.cli(“conf t; hostname Switch1”)

cli.configure([“interface Loopback1”, “ip address 192.168.255.1 255.255.255.255”, “end”])

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
 How do we use this API in Python?

Import CLI API

CLI API Commands

(Show Commands)

CLI API Commands

(Configure Commands)

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
 We could also just push a config file…

Name of Config File

cli.cli() function

CLI command to copy

remote config file to
startup-config

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Setup for ZTP provisioning
• Using MAC Address
Subnet <DHCP_SUB> netmask <NETMASK> {
range <DHCP_IP_START DHCP_IP_END;
host <HOSTNAME-A> {
DHCP
fixed-address <IP_ADDRESS>;
hardware ethernet <MAC_VLAN1>;
option bootfile-name !<opt 67> ”/ZTP-FILES/HOSTNAME-A.py";
option tftp-server-name !<opt 150> “<TFTP_SERVER_IP”;
}
}

IOS-XE Uses
VLAN 1 MAC
TFTP Server
TFTP ZTP-Files
or HOSTNAME-A.py
HTTP HOSTNAME-B.py
Python HOSTNAME-C.py
Scripts

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
But what if we don’t know VLAN1’s MAC?
build a Python script to do the following…

• Have IOS-XE device provide its serial number

• Leverage SN in a REST query to a server
• Server can then provide device specific parameters from file
• Python script can combine config with variables for device specific config

Example can be found here:

https://blogs.cisco.com/developer/look-mom-no-hands-automating-device-
deployment-with-ios-xe

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
 Dynamic implementation
DHCP
2
HTTP Server: 172.16.118.125 (opt. 150)
6 File: /ZTP-Files/Dynamic-XE1.py (opt. 67)

Dynamic-XE1.py: 3
def get_serials():
inv = cli(‘show inventory | format’)
doc = minidom.parseString(inv[1:]) 4
serials =[]
for node in doc.getElementsByTagName('InventoryEntry’):
Guest Shell
match = re.match('"Switch ([0-9])"', chassis.firstChild.data)
if match:
Dynamic- HTTP
serials.append(node.getElementsByTagName('SN')[0].firstChild.data)
XE1.py 5 Python
return serials
7 Script

Python Script REST

API
Finds SN
Server
i.e. FOO

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
IOS-XR with Zero
Touch Provisioning
ZTP in IOS-XR – what’s different?
URL:
http://<HTTP_SERVER_IP>/<SCRIPT>.sh (opt. 67 or 59)
OR
2 DHCP
http://<HTTP_SERVER_IP>/<CONFIG>.txt (opt. 67 or 59)

1 Username?

IOS-XR
Device
ZTP agent
3
4
Script
HTTP

Config Image

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
DHCP setup for ZTP provisioning – option 1

Subnet <DHCP_SUB> netmask <NETMASK> {

range <DHCP_IP_START DHCP_IP_END;
host <HOSTNAME> {
DHCP
fixed-address <IP_ADDRESS>;
hardware ethernet <MAC_MGMT>;
option bootfile-name ”http://<HTTP_SERVER_IP>/<HOSTNAME>.sh";
}
}

HTTP

Config Image Script

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
DHCP setup for ZTP provisioning – option 2

Subnet <DHCP_SUB> netmask <NETMASK> {

range <DHCP_IP_START DHCP_IP_END;
host <HOSTNAME> {
DHCP
fixed-address <IP_ADDRESS>;
option dhcp_client_identifier <SERIAL_#>;
option bootfile-name ”http://<HTTP_SERVER_IP>/<HOSTNAME>.sh";
}
}

HTTP

Config Image Script

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Options for returned URI

File downloaded from URI must be:

1. Text File
2. Less than 100MB in size

IOS-XR analyzes 1st line of downloaded file:

1. If starts with “!! IOS XR” – this is config file so pass to CLI interpreter and commit it
2. If starts with “#!/bin/bash” or “#!/bin/sh” – this is script so start execution
3. Else - erase the file and terminate ZTP execution

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
ZTP utilities

• This is a shell script that is included in IOS-XR and can be

sourced on the device.
• It provides simple utilities to access XR functionalities
• Sourced by using the “ztp_helper.sh” in user script

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
 ZTP utility functions

xrcmd – Runs an IOS-XR exec command

xrapply – Merges configuration from a file into running

xrapply_with_reason – same, with a reason for commit history

Example:
cat>/tmp/config<<EOF
!! XR config example
hostname Saturn
EOF

xrapply_with_reason "this is an important name change" /tmp/config

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
ZTP utility functions

xrapply_string – Applies block of configuration from a string

xrapply_string_with_reason – with a reason for commit history

Input: Configuration string

Example:
xrapply_string “hostname MyRouter \n int vlan 1 \n ipv4 address 10.0.0.1/24
\n”

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
 Let’s look at a sample

Execute a Shell Script

Leverage On-Box
Utilities

Script

XR Utility

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
For more complex implementations…

• HTTP server can host CSV file containing device serial number followed by
hostname
• Through HTTP POST, provide serial number and query back-end database
to obtain hostname (using PHP for example)
• Then make a query to PHP server providing hostname
• Downloads device specific config and installs

Example can be found here:

https://xrdocs.io/software-management/tutorials/2016-08-26-working-with-
ztp/

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
NXOS with
Platform-specific
Power On Auto
Provisioning
(POAP)
POAP agent boot process – ZTP compliant

TFTP Server: 172.16.118.125 (opt. 150)

1 2 DHCP File: /ZTP-Files/NXOS-1.py (opt. 67)

Startup config?

NXOS
Device
POAP agent
3
4
Script TFTP
or
FTP
Config Kickstart System
Image Image

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Prepare for platform-specific POAP provisioning

Subnet <DHCP_SUB> netmask <NETMASK> {

range <DHCP_IP_START DHCP_IP_END;
host <HOSTNAME> {
DHCP
fixed-address <IP_ADDRESS>;
option dhcp-client-identifier “<Serial Number>”;
option bootfile-name !<opt 67> ”/ZTP-FILES/<HOSTNAME>.py";
option tftp-server-name !<opt 150> “<TFTP_SERVER_IP”;
}
}

TFTP *Client-identifier can

also be MAC Address
FTP
Script Config Kickstart System
Image Image
DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
 The CLI Python API

What does this do?

- Permits Python calls to use CLI commands directly and return results
- Integrated into Python interpreter on NX-OS
- Enabled by adding library cli (import cli)

COMMANDS
• cli(command) – takes NX-OS command as argument, runs through NX-OS parser and returns result
• clid(command) – returns JSON output for CLI command
• clip(command) – prints output of CLI command directly to stdout

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Just like IOS-XE, individual calls operate
independently
cli.cli(“conf t”)
cli.cli(“interface eth4/1”)

cli.cli(“conf t ; interface eth4/1 ; no shut”)

Key Difference from IOS-XE, commands are separated with “ ; “

(The ; must be surrounded with single blank characters).

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Sample scripts can be downloaded from
cisco.com

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
POAP additional references

• https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-
x/programmability/guide/b_Cisco_Nexus_9000_Series_NX-
OS_Programmability_Guide/b_Cisco_Nexus_9000_Series_NX-
OS_Programmability_Configuration_Guide_chapter_01.pdf
Example Script:
• https://software.cisco.com/download/release.html?mdfid=283815894&reltype=latest&reli
nd=AVAILABLE&dwnld=true&softwareid=282088130&rellifecycle=&atcFlag=N&release=6.
0(2)U6(9)&dwldImageGuid=7CABFAABE42D1903F3826813E83403DFC1C1925C&flowid
=24921

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
REST APIs for
Automating
Deployment
Representational State Transfer (REST)

• Common API Type

• Communicates over HTTP
• Users Common HTTP verbs (GET, POST, PUT, DELETE) to extract data
from the server
• Returns data in different formats per request (XML, JSON)
• Commonly Utilized in Cisco Network Elements with Web GUIs
• Cisco DNA Center
• Viptela vManage
• FTD/FMC
• ENCS/NFVIS

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
REST
How does it work

Client Request
API Service

Do Something

Response

Client Action

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
REST – Request
What do you need to know

Server Resources Parameters

• Client Request
• Header:
• Content-Type: application/json or application/xml
• Authorization: API Key

• Action
• Get: Retrieve Data.
• Post: Create new Record.
• Put: Update a Record, if it does not exist, Create it.
• Delete: Remove Record.

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
PnP agent boot & secure deploy process

IP Address: 172.16.118.125
1 2 DHCP

Startup config?
3 Returns IP Address: 172.16.165.51
IOS-XE Option 43: 5A1D;B2;K4;I172.16.118.90;J80
Device
PnP agent

Config Image
Cisco DNA Center
IP Address: 172.16.118.90
DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
API calls with Cisco DNA C
first need to request a token

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
 Token used to authenticate other API calls

Header = ’X-Auth-Token’

Token

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
PNP through APIs API
first Get template ID
Token

Template Name

Template ID

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Then get template details…
Template ID

Variables

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Now let’s upload our image…

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
And collect our image ID…

Image Id

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Import the device into PNP

API

values of device
for import

Locate
Device ID

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Find the site ID
API

Locate
Site ID

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
 Let’s provision the device!

Site ID

Device ID

Image ID

Template ID

and template
variables

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
More information can be found online through
DEVNET

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Provisioning Other
Network Elements
with REST APIs
 Viptela

• Leverages REST APIs

• Authentication : username /
password

• Explore Capabilities On-Box:

https://{{vManage-IP}}/apidocs
• Swagger 1.2
• Can test out APIs right from vManage

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
 FTD and FMC

• Leverages REST APIs

• Authentication : token – but

value returned in header rather
than in body
• Explore Capabilities On-Box:
https://{{FMC-IP}}/api/api-
explorer

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Conclusion
APIs for Deployment Summary

• Zero Touch Provisioning (ZTP) options across IOS-XE, IOS-XR, and NXOS
• REST APIs are offered with GUI-based network elements like Cisco DNA
Center, vManage, NFVIS, Firesight Management Centers
• Program REST-based API devices in large scale with tools like Postman
• Leverage Python or Bash scripting for powerful combination of
configuration and image deployments
• Python engine native inside IOS-XE and NXOS
• Bash engine native inside IOS-XR
• Python API permits CLI commands from Python script

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.

Cisco Live sessions will be available for viewing on

demand after the event at ciscolive.com.

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Continue your education

Demos in the
Walk-In Labs
Cisco Showcase

Meet the Engineer

Related sessions
1:1 meetings

DEVNET-2323 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Thank you