A session in the DevNet Zone at Cisco Live, Berlin. Cisco's flagship data center platform, the Nexus series of switches, has a variety of programming protocols to offer. This session will provide participants with an overview and code examples on various protocols: * NX-API * XMPP * Netconf
6. PowerOn Auto Provisioning
• PowerOn Auto Provisioning will do the following:
1. Install the kickstart image
2. Install the system image
3. Copy a configuration to the switch
• PoAP runs if there is no startup config on the switch
• Also can be forced with boot poap enable
• Executes a Python or TCL script
6
7. Script Server
Nexus Switch
DHCP Server
Download Script
file onto the switch
and execute the
script
DHCP Discover phase:
Get IP Address, Gateway
Script server Script file
Download Configuration
License Software images
onto the switch
2
3 4
Default
Gateway
1
Power up Phase: Start Power
On Auto-Provisioning Process
Configuration and Software
Server
5
Reboot if needed. Switch up
and running the downloaded
image and config
POAP – Bring up your switch…zero touch!
8. Getting a hold of PoAP Scripts
8
CCO Downloads Page
Look for Kick Start images
PoAP Scripts
Python and TCL
11. Useful Links for PoAP
Ignite Tool:
https://github.com/datacenter/ignite
Data Center Network Manager:
http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-data-
center-network-manager/index.html
11
13. Python On-Box Python Off-Box
• Execute scripts on a Nexus
• Interpreter or script
• Use CLI modules
• Embedded in EEM
• Execute scripts on server
• Use requests module or
pycsco module
• Manage multiple devices
13
14. Python On-Box support (5-7K)
Nexus supports on-box Python 2.7 in two modes:
14
Interactive Mode
switch# python
Copyright (c) 2001-2012 Python
Software Foundation; All Rights
Reserved
switch# >>> print "hello world“
hello world
switch# >>> exit()
Non Interactive (script) Mode
Switch # source crc.py
------------------------------------------------
Started running CRC checker script
finished running CRC checker script
-------------------------------------------------
Switch # dir bootflash:scripts
946 Oct 30 14:50:36 2013 crc.py
7009 Sep 19 10:38:39 2013
myScript.py
22760 Oct 31 02:51:41 2012 poap.py
15. Python On-Box support (3K/9K)
Nexus supports on-box Python 2.7 in two modes:
15
Interactive Mode
switch# python
Copyright (c) 2001-2012 Python
Software Foundation; All Rights
Reserved
switch# >>> print "hello world“
hello world
switch# >>> exit()
Non Interactive (script) Mode
Switch # python crc.py
------------------------------------------------
Started running CRC checker script
finished running CRC checker script
-------------------------------------------------
Switch # dir bootflash:
946 Oct 30 14:50:36 2013 crc.py
7009 Sep 19 10:38:39 2013
myScript.py
22760 Oct 31 02:51:41 2012 poap.py
16. CLI Interaction with Python (On-Box)
import cisco or from cisco import *
cli: get the result of a cli command as a text string
nx-osv-1# >>> result = cli("show version")
nx-osv-1# >>> print result
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/
<etc, etc>
clid: get the result of a cli command as a dictionary
nx-osv-1# >>> result = clid("show version")
nx-osv-1# >>> print result['kickstart_ver_str']
7.2(0)D1(1)
clip: output the result without saving the value
16
nx-osv-1# >>> cli("conf t ; interface eth2/1 ; no shut”)
''
nx-osv-1# >>> cli("conf t ; int e2/1 ; encapsulation frame-relay")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
cisco.cli_syntax_error: % Invalid command at '===>' marker:
enc===>apsulation frame-relay
17. On Box script samples
Go to:
https://github.com/datacenter/nexus7000
cdp_description.py: Auto-generates interface descriptions based on CDP
neighbors
crc_checker_n7k.py: Checks interfaces for CRC errors and shuts an interface
down when errors exceed a threshold
garp.py: Checks for malformed ARP/GARP packets and dynamically creates an
ACL to block offenders
17
19. Embedded Event Manager
• EEM takes certain actions based on triggering events.
• Can also be set to execute on a schedule.
19
Events:
•cli
•oir
•temperature
•track
•Etc…
Actions:
•cli
•python
•reload
•syslog
•Etc…
Trigger
20. EEM Example – Port Tracking
event manager applet track_1_18_down
event track 1 state down
action 1 syslog msg “EEM applet track_1_18_down shutting down port eth1/33 as 1/18 went down”
action 2 cli command “conf term”
action 3 cli command “interface ethernet 1/33”
action 4 cli command “shut”
Config – State Down
event manager applet track_1_18_up
event track 1 state up
action 1 syslog msg “EEM applet track_1_18_up bringing up port eth1/33 as 1/18 came up”
action 2 cli command “conf term”
action 3 cli command “interface ethernet 1/33”
action 4 cli command “no shut”
Config – State Up
21. Python integrated with EEM
• Call a Python script as an action in an EEM script!
21
n7k# conf
n7k(config)# event manager applet link_monitor
n7k(config-applet)# event syslog pattern "IF_UP“
n7k(config-applet)# action 1 cli command “source cdp_description.py”
n7k(config-applet)# exit
This script will automatically add the CDP neighbor to
the interface description when an interface comes up
24. What is NX-API?
• NX-API Enables Programmatic access to Nexus over HTTP/S
• Runs in one of two modes:
• CLI Wrapper: Single URI; commands sent as CLI
• REST: Model-driven, specific URI
• Enable with “feature nxapi”
24
HTTP/S
JSON-RPC/JSON/XML
NGINX
27. Automatically generating Python
27
• Sandbox can turn your CLI into Python for you
• Click the “Python” button in the Request box
• Uses Python’s requests module
• Paste into a .py file and you’re good to go!
• Great way for novice Python users to learn
28. Python example using “requests” module
28
import sys
import json
import requests
my_headers = {'content-type': 'application/json-rpc'}
url = "http://172.25.91.147/ins"
username = "admin"
password = "ciscotme"
payload = [{'jsonrpc': '2.0', 'method': 'cli', 'params': ['show version',1], 'id': '1'}]
my_data = json.dumps(payload)
response = requests.post(url, data=my_data, headers=my_headers, auth=(username, password))
result = response.json()['result']
kick_start_image = response.json()['result']['body']['kickstart_ver_str']
system_image = response.json()['result']['body']['sys_ver_str']
host_name = response.json()['result']['body']['host_name']
print ("")
print ("===============================")
print ('host name:'+ host_name)
print ('kickstart image version: ' + kick_start_image)
print ('system image version: ' + system_image)
print ("===============================")
Using CLI wrapper, we always
use this same URL
tools:~$ python shver.py
===============================
host name:nx-osv-1
kickstart image version: 7.2(0)D1(1)
system image version: 7.2(0)D1(1)
===============================
Generating payload with
JSON-RPC
Send the request
Parse the output
Output
29. Python using Pycsco module
• Easy-to-use Python NX-API interface
• No need to use requests module
• Hence, no need to make headers and post requests
• Available at:
https://github.com/jedelman8/pycsco
Example:
>>> from pycsco.nxos.device import Device
>>> from pycsco.nxos.utils.nxapi_lib import *
>>> switch=Device(ip="172.16.1.61",username="admin",password="admin")
>>> get_list_of_vlans(switch)
['1', '104', '105', '106', '110', '120']
29
30. System
BgpEntity BgpInstance BgpDomain BgpPeer
BgpLocalASN
BgpPeerAf
BgpPeerEntry
L1PhysIf
ethpmPhysIf ethpmPortCap
L1Load
L1StormControl
Globally unique identifier for an object in the database
Naming rule on http://developer.cisco.com
Cisco Nexus Object Model
sys/bgp/inst/dom-default/peer-[192.168.0.2]sys/phys-[eth1/1]/phys/portcap
34. Configuration Management Tools
• In use for years to automate servers
• Ensure software packages are installed, services running
• Declarative model: not scripting!
• Use to push configurations, install software packages
34
CM Tool 3K/9K 5-7K
6.1 7.2
7.0 7.3 (New! Feb 2016)
7.0 7.3 (New! Feb 2016)
35. Puppet and Chef
35
Agent
LXC
Container
Puppet
Master/Chef
Server
• Puppet and Chef use a pull model (agent/client pulls from server)
• Agent/client contacts server every 30 mins by default
• Agent/Client lives in LXC container (optionally directly in bash on 3K/9K)
• Cisco modules in Puppet Forge or Chef Supermarket
Manifests/Coo
kbooks
Nexus sends data and request cfg every 30 mins
Server sends config to switch
SSL
Nexus
37. Ansible
37
Ansible
Server
• Ansible uses an agentless push model
• Configuration files (playbooks) use YAML
• Can configure using CLI or NXAPI
• Use nxos-ansible modules, or new Ansible 2.0 modules
Playbooks
Server sends config when playbook is run
NX-API (HTTP/S)
CLI (SSH)
Nexus
No agent
feature nxapi
Unlike server configuration Ansible does
not execute Python on-box
41. What is NETCONF?
Content
Configuration Data
Operations
<get-config>,<edit-config>
Messages
<rpc>, <rpc-reply>
Transport
SSH
Protocol Stack• NETCONF is an IETF standard, RFC 4741
• Used for device management, similar role as SNMP
• Separates Operational and Configuration Data
management (show commands v/s config)
• Defines capabilities for managing configuration data
• Candidate buffer for validation of config before
commit
• Rollback-on-error
42. NETCONF on Nexus
• Nexus switches support NETCONF
• Network Management Systems can use NETCONF to configure switches
• You can develop tools that take advantage of NETCONF:
• Test NETCONF directly with XMLAgent (ssh x.x.x.x -s xmlagent)
• Use | xmlin (pipe xmlin) to see CLI equivalent in NETCONF
• Use NCClient module in Python
42
jemclaug-hh14-n7700-2# sh vlan brief | xmlin
<?xml version="1.0"?>
<nf:rpc xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0"
xmlns="http://www.cisco.com/nxos:7.3.0.D1.1.:vlan_mgr_cli" message-id="1">
<nf:get>
<nf:filter type="subtree">
<show>
<vlan>
<brief/>
</vlan>
</show> (etc, etc, etc..)
43. Useful Links (NETCONF)
• NX-OS NETCONF using XML agent
https://tools.cisco.com/squish/5Cb9F
• NETCONF Central
http://www.netconfcentral.org/
• NCC Client (NETCONF module for Python)
http://pypi.python.org/pypi/ncclient
43
45. • Extensible Messaging and Presence Protocol (XMPP) is a message-
oriented protocol based on XML
• Used in instant messaging clients such as Gtalk, Jabber, Pidgin
• Supported across all Nexus platforms in current releases
• DCNM can be used as XMPP server
• Configure switches with an IM client!
What is XMPP?
45
46. Accessing Devices with XMPP
Python Bot
Pidgin User
Groups
Entities
Return Value
Return Output
47. XMPP on NX-OS
feature fabric access
hostname leaf1
ip host test-xmpp-server.cisco.com 192.168.1.100
…
fabric access server dcnm-ova.cisco.com vrf management password 7 xyz
fabric access group all-nodes leaf-nodes
fabric access ping interval 60 response 10 retry 5
Required if no DNS for the domain
Hostname is used for identification
leaf1# show fabric access connections
XMPP Ping :
Status = Enabled
Interval = 60 second(s)
Response = 10 second(s)
Retry = 5 time(s)
XMPP Payload CDATA-Encapsulated : Enabled
Device Connection :
JID = leaf1@test-xmpp-server.cisco.com/(fmgr-device)(TB01010000B)
State = AUTHENTICATED
JID identify the host in Jabber
Host S/N included in JID
XMPP chat groups
47
48. XMPP and Python
Writing a python bot
• Accessing NX-OS with Python with xmpppy library - http://xmpppy.sourceforge.net
import xmpp
cmd=“show vlann"
jid="python@test-xmpp-server.cisco.com"
pwd=“test123"
to="leaf0@dcnm-ova.cisco.com"
jid=xmpp.protocol.JID(jid)
cl=xmpp.Client(jid.getDomain(), debug=[])
cl.connect()
cl.auth(jid.getNode(),pwd)
cl.sendInitPresence()
message=xmpp.Message(to, cmd)
message.setAttr('type', 'chat')
cl.send(message)
XMPP python module
My JID
JID of device
Connect to XMPP server
Send Presence
Send Message
Create Message
49. Useful Links (XMPP)
• Protocol page:
http://xmpp.org/
• Instructions for using on Cisco devices:
http://blogs.cisco.com/getyourbuildon/xmpp-a-power-tool-in-your-tool-box
• Configuring DCNM XMPP Features:
https://tools.cisco.com/squish/83830
49
51. Summary
• The Nexus switching platform can be automated in a number of ways
• PoAP and CM Tools are an easy entry point to NX-OS automation
• Python and NX-API for more advanced users
• Netconf and XMPP for other use cases
• More useful links:
http://developer.cisco.com/
http://opennxos.cisco.com/
51
52. Let’s get started! (What do I need to do next?)
1. Setup a lab with a couple of switches, and some virtualization platform.
2. Alternatively look into VIRL.
3. Use the latest software image available for the latest and greatest features.
4. Download DCNM and experiment with PoAP.
5. Setup a Linux VM for testing off-box Python and CMT.
6. Start with Ansible (agentless), or Chef/Puppet
7. Use sandbox to build Python scripts
52
53. Deeper Dives!
• BRKDCT-2459: Programmability and Automation on Cisco Nexus Platforms
Abhinav Modi, Tues 2:15pm (watch the replay!)
• BRKDCT-2025: Maximizing Network Programmability & Automation with Open NX-OS
Nicolas Delecroix, Thurs 2:30pm
• BRKDCT-2024 - Automated Network Provisioning through POAP
Oliver Ziltener, Thurs 2:30pm
• DevNet-1075: Configuration Management Tools on NX-OS
Abhinav Modi, Fri 12:00pm
• Come visit us at the demo booth in World of Solutions!
53