Cisco SD-WAN Automation

and Programmability

Vaibhav Agrawal and Josh Halley

LTRENT-2527
Cisco Webex App

Questions?
Use Cisco Webex App to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space Enter your personal notes here

4 Enter messages/questions in the Webex space

Webex spaces will be moderated

until February 24, 2023.

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Who is Vaibhav?

Architect
14 + Years in
Cisco

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Who is Josh?

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
 • Introduction
• Primer
• SD-WAN Architecture
• SD-WAN API Overview
Agenda • Automation with Python
• Automation with Ansible
• SD-WAN Monitoring Automation
• Conclusion

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Primer
Evolution of WAN
• Circuit Switched Technologies
• ATM, Frame-Relay, ISDN
• MPLS and MPLS based VPNs
• MPLS Traffic Engineering
• Software Defined Methods, Transport Independent WAN
• Cloud Networking
• Cloud Security

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Pre-Network Automation

• Error Prone (especially at 4am)

• Monolithic
• Methodology differs from operator to operator
• Differing quality of data captured during changes

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
How management may perceive automation
• Limited human interaction
needed

• Less subject matter

expertise

• Foolproof

• Operationally disruptive(?)

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Network Automation Scripting
• Early Automation Approaches

• Perl Scripting Language

• CPAN Packages
• Manual Packages

• Expect
• Very basic scripts
• Low entry point
• Heavily used by new
operators
LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Network Automation Scripting
• Embedded Languages (Cisco Routers and Switches)

• IOS introduced the ability to directly launch TCL

from the shell

• This capability was initially used in conjunction

with Cisco Voice feature sets and later
expanded to EEM

• The ability to launch the script from a central

repository provided an initial means to
introduce change control in networks
LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Network Automation Terraform
• Heavily used in hyperscalers today (AWS, GCP, Azure etc..)

• Deployment simplified through the use of existing providers

• Maintains “state” of deployment, hence allowing Infrastructure as

Code approaches

• Provider language is written in GO Programming Language

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Network Automation Ansible
• Originally written by Michael DeHaan and later aquired by Red Hat

• Does not require an agent on the target system, leveraging SSH for
system connectivity

• Uses “Playbooks” to execute automation tasks against target

systems

• Modules can be used, and written in a range of languages

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
SD-WAN
Architectures
 Cisco SD-WAN Architecture
Analytics
Management Plane • Machine Learning
• Carrier Performance
• Single pane of glass
vManage vAnalytics • Bandwidth Forecasting
• Monitoring and Troubleshooting
• RBAC and APIs APIs Orchestration Plane
• First point of authentication
3rd Party
Control Plane Automation • Distributes list of vSmarts/
• SDN Architecture vManage to all Edge routers
• Flexible Connectivity & Security • Facilitates NAT traversal
Distribution vBond
• Horizontal Scale, Low Complexity vSmart Controllers

Data Plane
• Physical or Virtual MPLS 4G Cloud Security Application
• Zero Touch Provisioning INET Connectivity QoE
• On-Premise or Cloud SD-WAN Routers

Cloud Data Center CoLo Campus Branch

USERS
LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
SD-WAN Fabric Terminology
• Organization Name – Overlay identifier common to all elements of the fabric
• Site ID – Unique per-site numeric identifier used in policy application
• System IP – Unique per-device (vEdge and controllers) IPv4 notation identifier. Also
used as Router ID for BGP and OSPF on vEdge.
• Color – Control plane tag used for IPSec tunnel establishment logic
• Transport Locator (TLOC) – Transport attachment point and next hop route attribute
• Overlay Management Protocol (OMP) – Control plane protocol distributing reachability,
security and policies throughout the fabric
• VPN – Device-level and network-level segmentation

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
 SD-WAN Fabric Operation Walk-Through
OMP Update:
vSmart ▪ Reachability – IP Subnets, TLOCs
▪ Security – Encryption Keys
OMP
▪ Policy – Data/App-route Policies
DTLS/TLS Tunnel
OMP OMP
IPSec Tunnel Update Update
BFD OMP Policies OMP
Update Update

WAN Edge WAN Edge

T1 Transport1 T3

T3 T4 TLOCs TLOCs T1 T2
T4
T2
VPN1 VPN2 Transport2 VPN1 VPN2
BGP, OSPF, BGP, OSPF,
Connected, Connected,
Static A B C D Static

Subnets Subnets

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
SD-WAN API
Overview
Representational State Transfer

• Based heavily upon existing protocols from the Web

• An architectural styled API (Application program interface)
using existing Web methods using HTTP/HTTPS

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Key API Verbage

Source: https://tutorialedge.net/software-eng/what-is-a-rest-api/
LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
vManage REST APIs
• vManage uses REST 3rd Party Applications

architecture which is stateless,

client–server, cacheable
communications protocol vManage

• vManage exposes REST APIs

and webhooks to integrate with NetConf

3rd party systems

XE-SDWAN
vEdge

• vManage uses NetConf for (cEdge)

configuring and managing edge

devices

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
vManage–Using REST APIs

• API Documentation built-in –https://<vmanage-ip:port>/apidocs

• Test API calls can be tried out from swagger UI
LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Working with vManage APIs
• Postman

• Python

• Ansible

• CURL

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
URI Structure
https://vmanage-ip/dataservice/device/bfd/state/device?deviceId=1.1.1.7

Server or Host Resource Parameters

http:// or https:// Resource Parameters

• Protocol over which data is sent • The location of the data or object • Details to scope, filter, or clarify a
between client and server of interest request. Often optional
Server or Host
• Resolves to the IP and port to
which to connect
Every data service API request begins with the following Base URI.
https://<vmanage-server>/dataservice

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Using Postman
Using Postman for Automation
• Postman is a well known tool
that many network operators
use to support the execution of
API calls
• Using environment variables
common items can be reused
easily
• Test cases can be used
as to allow for testing
automation to be handled
directly out of postman
LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Automation with
Python
Using Python for Automation
• Since Pythons inception it has rapidly become
a key language used by network
administrators

• Its versitity and broad range of packages that

can be used and simply installed using PIP has
made it very popular in the field

• Integrating python scripts into GIT repositories

allow many organizations to maintain version
control

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Automation with
Ansible
Using Ansible for Automation

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
SD-WAN
Monitoring
Automation
Monitoring SDWAN Automation

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Conclusion
What we learned ?
• Automation is the lazy persons swiss army knife

• You do not need to be a Python core developer to simplify your

deployment

• Ansible can simplify automation for users who are even not familiar
with programming languages

• Now is a great time to begin the journey!!

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Lab Topology
Overview of Topology
Subtitle

DC Edge1 DC Edge2

MPLS INET

BR1 Edge1 BR1 Edge2 BR2 Edge1

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Complete your Session Survey
• Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (open from Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events Mobile App or
by logging in to the Session Catalog and clicking the
"Attendee Dashboard” at
https://www.ciscolive.com/emea/learn/sessions/session-
catalog.html

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Continue
Agenda Your Education

Visit the Cisco Showcase for related demos.

Book your one-on-one Meet the Engineer meeting.

Attend any of the related sessions at the DevNet,

Capture the Flag, and Walk-in Labs zones.

Visit the On-Demand Library for more sessions

at ciscolive.com/on-demand.

LTRENT-2527 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Thank you