55

Automating with NX-OS: Let's Get Started!

Embed Size (px)

Citation preview

Page 1: Automating with NX-OS: Let's Get Started!
Page 2: Automating with NX-OS: Let's Get Started!

Automating with NX-OS -Let's Get Started

Jeff McLaughlin, Principal TME

[email protected], @ccie14023

Page 3: Automating with NX-OS: Let's Get Started!

• Introduction to Automating Nexus

• Power on Auto Provisioning

• Python

• EEM

• NX-API

• Configuration Management Tools

• Netconf

• XMPP

• Conclusion

Agenda

Page 4: Automating with NX-OS: Let's Get Started!

Nexus Product Portfolio

4

Nexus 2000

Nexus 3000

Nexus 5000/ 6000

Nexus 7000

(ACI)

Nexus 9000

10G / 40G

10G / 40G / 100G

• 2000-series (FEX) inherits automation capabilities from parent switch

• 3K/9K have some different features and/or configurations from 5/6/7K.

Page 5: Automating with NX-OS: Let's Get Started!

PowerOn Auto Provisioning (PoAP)

5

Page 6: Automating with NX-OS: Let's Get Started!

PowerOn Auto Provisioning

• PowerOn Auto Provisioning will do the following:

1. Install the kickstart image

2. Install the system image

3. Copy a configuration to the switch

• PoAP runs if there is no startup config on the switch

• Also can be forced with boot poap enable

• Executes a Python or TCL script

6

Page 7: Automating with NX-OS: Let's Get Started!

Script Server

Nexus Switch

DHCP Server

Download Script file onto the switch and execute the script

DHCP Discover phase:Get IP Address, GatewayScript server Script file

Download Configuration License Software images onto the switch

23 4

Default Gateway

1Power up Phase: Start Power On Auto-Provisioning Process

Configuration and Software Server

5

Reboot if needed. Switch up and running the downloaded

image and config

POAP – Bring up your switch…zero touch!

Page 8: Automating with NX-OS: Let's Get Started!

Getting a hold of PoAP Scripts

8

CCO Downloads Page

Look for Kick Start images

PoAP Scripts

Python and TCL

Page 9: Automating with NX-OS: Let's Get Started!

Customizing scripts

• Variables at top of script need to be customized

• Image name, TFTP/SCP server, credentials, etc.

Page 10: Automating with NX-OS: Let's Get Started!
Page 11: Automating with NX-OS: Let's Get Started!

Useful Links for PoAP

Ignite Tool:

https://github.com/datacenter/ignite

Data Center Network Manager:

http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-data-center-network-manager/index.html

11

Page 12: Automating with NX-OS: Let's Get Started!

Python

12

Page 13: Automating with NX-OS: Let's Get Started!

Python On-Box Python Off-Box

• Execute scripts on a Nexus

• Interpreter or script

• Use CLI modules

• Embedded in EEM

• Execute scripts on server

• Use requests module or pycsco module

• Manage multiple devices

13

Page 14: Automating with NX-OS: Let's Get Started!

Python On-Box support (5-7K)

Nexus supports on-box Python 2.7 in two modes:

14

Interactive Mode

switch# python

Copyright (c) 2001-2012 Python

Software Foundation; All Rights

Reserved

switch# >>> print "hello world“

hello world

switch# >>> exit()

Non Interactive (script) Mode

Switch # source crc.py

------------------------------------------------

Started running CRC checker script

finished running CRC checker script

-------------------------------------------------

Switch # dir bootflash:scripts

946 Oct 30 14:50:36 2013 crc.py

7009 Sep 19 10:38:39 2013

myScript.py

22760 Oct 31 02:51:41 2012 poap.py

Page 15: Automating with NX-OS: Let's Get Started!

Python On-Box support (3K/9K)

Nexus supports on-box Python 2.7 in two modes:

15

Interactive Mode

switch# python

Copyright (c) 2001-2012 Python

Software Foundation; All Rights

Reserved

switch# >>> print "hello world“

hello world

switch# >>> exit()

Non Interactive (script) Mode

Switch # python crc.py

------------------------------------------------

Started running CRC checker script

finished running CRC checker script

-------------------------------------------------

Switch # dir bootflash:

946 Oct 30 14:50:36 2013 crc.py

7009 Sep 19 10:38:39 2013

myScript.py

22760 Oct 31 02:51:41 2012 poap.py

Page 16: Automating with NX-OS: Let's Get Started!

CLI Interaction with Python (On-Box)

import cisco or from cisco import *

cli: get the result of a cli command as a text string

nx-osv-1# >>> result = cli("show version")

nx-osv-1# >>> print result

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Documents: http://www.cisco.com/en/US/products/ps9372/

<etc, etc>

clid: get the result of a cli command as a dictionary

nx-osv-1# >>> result = clid("show version")

nx-osv-1# >>> print result['kickstart_ver_str']

7.2(0)D1(1)

clip: output the result without saving the value

16

nx-osv-1# >>> cli("conf t ; interface eth2/1 ; no shut”)

''

nx-osv-1# >>> cli("conf t ; int e2/1 ; encapsulation frame-relay")

Traceback (most recent call last):

File "<stdin>", line 1, in <module>

cisco.cli_syntax_error: % Invalid command at '===>' marker:

enc===>apsulation frame-relay

Page 17: Automating with NX-OS: Let's Get Started!

On Box script samples

Go to:

https://github.com/datacenter/nexus7000

cdp_description.py: Auto-generates interface descriptions based on CDP neighbors

crc_checker_n7k.py: Checks interfaces for CRC errors and shuts an interface down when errors exceed a threshold

garp.py: Checks for malformed ARP/GARP packets and dynamically creates an ACL to block offenders

17

Page 18: Automating with NX-OS: Let's Get Started!

EEM

18

Page 19: Automating with NX-OS: Let's Get Started!

Embedded Event Manager

• EEM takes certain actions based on triggering events.

• Can also be set to execute on a schedule.

19

Events:•cli•oir•temperature•track•Etc…

Actions:•cli•python•reload•syslog•Etc…

Trigger

Page 20: Automating with NX-OS: Let's Get Started!

EEM Example – Port Tracking

event manager applet track_1_18_downevent track 1 state downaction 1 syslog msg “EEM applet track_1_18_down shutting down port eth1/33 as 1/18 went down”action 2 cli command “conf term”action 3 cli command “interface ethernet 1/33”action 4 cli command “shut”

Config – State Down

event manager applet track_1_18_upevent track 1 state upaction 1 syslog msg “EEM applet track_1_18_up bringing up port eth1/33 as 1/18 came up”action 2 cli command “conf term”action 3 cli command “interface ethernet 1/33”action 4 cli command “no shut”

Config – State Up

Page 21: Automating with NX-OS: Let's Get Started!

Python integrated with EEM

• Call a Python script as an action in an EEM script!

21

n7k# conf

n7k(config)# event manager applet link_monitor

n7k(config-applet)# event syslog pattern "IF_UP“

n7k(config-applet)# action 1 cli command “source cdp_description.py”

n7k(config-applet)# exit

This script will automatically add the CDP neighbor to

the interface description when an interface comes up

Page 22: Automating with NX-OS: Let's Get Started!

Useful Links (Python and EEM)

Nexus 7000 GitHub page:

https://github.com/datacenter/nexus7000

Nexus EEM examples:

https://tools.cisco.com/squish/2C58D

On-Box Script Examples:

https://github.com/datacenter/opennxos/tree/master/on-box

22

Page 23: Automating with NX-OS: Let's Get Started!

NX-API

23

Page 24: Automating with NX-OS: Let's Get Started!

What is NX-API?

• NX-API Enables Programmatic access to Nexus over HTTP/S

• Runs in one of two modes:

• CLI Wrapper: Single URI; commands sent as CLI

• REST: Model-driven, specific URI

• Enable with “feature nxapi”

24

HTTP/S

JSON-RPC/JSON/XML

NGINX

Page 25: Automating with NX-OS: Let's Get Started!

25

Message Format

XML/JSON/JSON-RPC

Command Box

Enter CLI here

Output

Preview of request, and

response

Page 26: Automating with NX-OS: Let's Get Started!

26

Page 27: Automating with NX-OS: Let's Get Started!

Automatically generating Python

27

• Sandbox can turn your CLI into Python for you

• Click the “Python” button in the Request box

• Uses Python’s requests module

• Paste into a .py file and you’re good to go!

• Great way for novice Python users to learn

Page 28: Automating with NX-OS: Let's Get Started!

Python example using “requests” module

28

import sys

import json

import requests

my_headers = {'content-type': 'application/json-rpc'}

url = "http://172.25.91.147/ins"

username = "admin"

password = "ciscotme"

payload = [{'jsonrpc': '2.0', 'method': 'cli', 'params': ['show version',1], 'id': '1'}]

my_data = json.dumps(payload)

response = requests.post(url, data=my_data, headers=my_headers, auth=(username, password))

result = response.json()['result']

kick_start_image = response.json()['result']['body']['kickstart_ver_str']

system_image = response.json()['result']['body']['sys_ver_str']

host_name = response.json()['result']['body']['host_name']

print ("")

print ("===============================")

print ('host name:'+ host_name)

print ('kickstart image version: ' + kick_start_image)

print ('system image version: ' + system_image)

print ("===============================")

Using CLI wrapper, we always

use this same URL

tools:~$ python shver.py

===============================

host name:nx-osv-1

kickstart image version: 7.2(0)D1(1)

system image version: 7.2(0)D1(1)

===============================

Generating payload with

JSON-RPC

Send the request

Parse the output

Output

Page 29: Automating with NX-OS: Let's Get Started!

Python using Pycsco module

• Easy-to-use Python NX-API interface

• No need to use requests module

• Hence, no need to make headers and post requests

• Available at:

https://github.com/jedelman8/pycsco

Example:>>> from pycsco.nxos.device import Device

>>> from pycsco.nxos.utils.nxapi_lib import *

>>> switch=Device(ip="172.16.1.61",username="admin",password="admin")

>>> get_list_of_vlans(switch)

['1', '104', '105', '106', '110', '120']

29

Page 30: Automating with NX-OS: Let's Get Started!

System

BgpEntity BgpInstance BgpDomain BgpPeer

BgpLocalASN

BgpPeerAf

BgpPeerEntry

L1PhysIf

ethpmPhysIf ethpmPortCap

L1Load

L1StormControl

Globally unique identifier for an object in the database

Naming rule on http://developer.cisco.com

Cisco Nexus Object Model

sys/bgp/inst/dom-default/peer-[192.168.0.2]sys/phys-[eth1/1]/phys/portcap

Page 31: Automating with NX-OS: Let's Get Started!

CLI POST Request without DMEPOST Request BGP Object with

DME

router bgp 11

router-id 1.1.1.1

POST http://Switch-IP/ins {'content-

type':'application/json-rpc'}.json()

{ "jsonrpc": "2.0",

"method": "cli",

"params": {

"cmd": "config t",

"version": 1 }, "id": 1 },

{ "jsonrpc": "2.0",

"method": "cli",

"params": {

"cmd": "router bgp 11",

"version": 1 }, "id": 1 },

{ "jsonrpc": "2.0",

"method": "cli",

"params": {

"cmd": "router-id 1.1.1.1",

"version": 1 }, "id": 2 }]

POST http://Switch-IP/api/mo/sys/bgp/inst.json

{ "bgpInst" : {"children" : [{"bgpDom" : { 11

"attributes" : {"name" : "default","rtrId" : "1.1.1.1"

}}

}]

}}

Object Based Programmability – BGP Configuration Example

Page 32: Automating with NX-OS: Let's Get Started!

Useful Links (NX-API)

• NX-API Guide:

https://tools.cisco.com/squish/da18E7

• NX-API on Github

https://github.com/datacenter/nexus9000/tree/master/nx-os/nxapi

32

Page 33: Automating with NX-OS: Let's Get Started!

Configuration Management Tools

33

Page 34: Automating with NX-OS: Let's Get Started!

Configuration Management Tools

• In use for years to automate servers

• Ensure software packages are installed, services running

• Declarative model: not scripting!

• Use to push configurations, install software packages

34

CM Tool 3K/9K 5-7K

6.1 7.2

7.0 7.3 (New! Feb 2016)

7.0 7.3 (New! Feb 2016)

Page 35: Automating with NX-OS: Let's Get Started!

Puppet and Chef

35

Agent

LXC Container

Puppet Master/Chef

Server

• Puppet and Chef use a pull model (agent/client pulls from server)

• Agent/client contacts server every 30 mins by default

• Agent/Client lives in LXC container (optionally directly in bash on 3K/9K)

• Cisco modules in Puppet Forge or Chef Supermarket

Manifests/Cookbooks

Nexus sends data and request cfg every 30 mins

Server sends config to switch

SSL

Nexus

Page 36: Automating with NX-OS: Let's Get Started!

Puppet and Chef code examples

36

cisco_interface 'Ethernet1/1' do

action :create

ipv4_address '10.1.1.1'

ipv4_netmask_length 24

ipv4_proxy_arp true

ipv4_redirects true

shutdown true

switchport_mode 'disabled'

end

cisco_interface 'Ethernet1/2' do

action :create

access_vlan 100

shutdown false

switchport_mode 'access'

switchport_vtp true

end

#Setup VLAN

cisco_vlan {"${vlanid}":

vlan_name => $vlanname,

ensure => present

}

#Create VLAN Interface (step2)

cisco_interface { $intfName :

description => $vlanname,

shutdown => false,

ipv4_address => $intf_ip,

ipv4_netmask_length => $intf_ip_mask,

}

Page 37: Automating with NX-OS: Let's Get Started!

Ansible

37

Ansible Server

• Ansible uses an agentless push model

• Configuration files (playbooks) use YAML

• Can configure using CLI or NXAPI

• Use nxos-ansible modules, or new Ansible 2.0 modules

Playbooks

Server sends config when playbook is run

NX-API (HTTP/S)

CLI (SSH)

Nexus

No agent

feature nxapi

Unlike server configuration Ansible does not execute Python on-box

Page 38: Automating with NX-OS: Let's Get Started!

Ansible code example

38

tasks:

- name: Configuring PKL on 7k1

nxos_vpc: domain=1 pkl_src=172.26.244.91 pkl_dest=172.26.244.81 state=present host=n7k1

- name: Configuring PKL on 7k2

nxos_vpc: domain=1 pkl_src=172.26.244.81 pkl_dest=172.26.244.91 state=present host=n7k2

- name: Configuring Port Channel 1

nxos_portchannel:

group: 1

members: ['Ethernet7/1','Ethernet7/2']

mode: 'active'

state: present

host: "{{ inventory_hostname }}"

- name: Configuring Port Channel 2

nxos_portchannel:

group: 2

members: ['Ethernet9/1','Ethernet9/2']

mode: 'active'

state: present

host: "{{ inventory_hostname }}"

- name: Configuring Port Channel 3

nxos_portchannel:

group: 3

members: ['Ethernet9/3','Ethernet9/4']

mode: 'active'

state: present

host: "{{ inventory_hostname }}"

- name: Configuring VPC peer link

nxos_vpc_interface: portchannel=1 peer_link=true host={{ inventory_hostname }}

- name: Configuring VPC 2

nxos_vpc_interface: portchannel=2 vpc=2 host={{ inventory_hostname }}

- name: Configuring VPC 3

nxos_vpc_interface: portchannel=3 vpc=3 host={{ inventory_hostname }}

Configure PKL

Configure port

channels

Configure VPC peer

link

Configure VPC for

port-channels

Page 39: Automating with NX-OS: Let's Get Started!

Useful Links (Configuration Management Tools)

• Cisco Puppet Module

https://github.com/cisco/cisco-network-puppet-module

• Cisco Chef Module

https://github.com/cisco/cisco-network-chef-cookbook/

• NX-OS Ansible Modules

https://github.com/jedelman8/nxos-ansible

39

Page 40: Automating with NX-OS: Let's Get Started!

Netconf

40

Page 41: Automating with NX-OS: Let's Get Started!

What is NETCONF?

Content

Configuration Data

Operations<get-config>,<edit-config>

Messages

<rpc>, <rpc-reply>

TransportSSH

Protocol Stack• NETCONF is an IETF standard, RFC 4741

• Used for device management, similar role as SNMP

• Separates Operational and Configuration Data management (show commands v/s config)

• Defines capabilities for managing configuration data

• Candidate buffer for validation of config before commit

• Rollback-on-error

Page 42: Automating with NX-OS: Let's Get Started!

NETCONF on Nexus

• Nexus switches support NETCONF

• Network Management Systems can use NETCONF to configure switches

• You can develop tools that take advantage of NETCONF:

• Test NETCONF directly with XMLAgent (ssh x.x.x.x -s xmlagent)

• Use | xmlin (pipe xmlin) to see CLI equivalent in NETCONF

• Use NCClient module in Python

42

jemclaug-hh14-n7700-2# sh vlan brief | xmlin

<?xml version="1.0"?>

<nf:rpc xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0"

xmlns="http://www.cisco.com/nxos:7.3.0.D1.1.:vlan_mgr_cli" message-id="1">

<nf:get>

<nf:filter type="subtree">

<show>

<vlan>

<brief/>

</vlan>

</show> (etc, etc, etc..)

Page 43: Automating with NX-OS: Let's Get Started!

Useful Links (NETCONF)

• NX-OS NETCONF using XML agent

https://tools.cisco.com/squish/5Cb9F

• NETCONF Central

http://www.netconfcentral.org/

• NCC Client (NETCONF module for Python)

http://pypi.python.org/pypi/ncclient

43

Page 44: Automating with NX-OS: Let's Get Started!

XMPP

44

Page 45: Automating with NX-OS: Let's Get Started!

• Extensible Messaging and Presence Protocol (XMPP) is a message-oriented protocol based on XML

• Used in instant messaging clients such as Gtalk, Jabber, Pidgin

• Supported across all Nexus platforms in current releases

• DCNM can be used as XMPP server

• Configure switches with an IM client!

What is XMPP?

45

Page 46: Automating with NX-OS: Let's Get Started!

Accessing Devices with XMPP

Python Bot

Pidgin User

Groups

Entities

Return Value

Return Output

Page 47: Automating with NX-OS: Let's Get Started!

XMPP on NX-OS

feature fabric access

hostname leaf1

ip host test-xmpp-server.cisco.com 192.168.1.100

fabric access server dcnm-ova.cisco.com vrf management password 7 xyz

fabric access group all-nodes leaf-nodes

fabric access ping interval 60 response 10 retry 5

Required if no DNS for the domain

Hostname is used for identification

leaf1# show fabric access connections

XMPP Ping :

Status = Enabled

Interval = 60 second(s)

Response = 10 second(s)

Retry = 5 time(s)

XMPP Payload CDATA-Encapsulated : Enabled

Device Connection :

JID = [email protected]/(fmgr-device)(TB01010000B)

State = AUTHENTICATED

JID identify the host in Jabber

Host S/N included in JID

XMPP chat groups

47

Page 48: Automating with NX-OS: Let's Get Started!

XMPP and PythonWriting a python bot

• Accessing NX-OS with Python with xmpppy library - http://xmpppy.sourceforge.net

import xmpp

cmd=“show vlan\n"

jid="[email protected]"

pwd=“test123"

to="[email protected]"

jid=xmpp.protocol.JID(jid)

cl=xmpp.Client(jid.getDomain(), debug=[])

cl.connect()

cl.auth(jid.getNode(),pwd)

cl.sendInitPresence()

message=xmpp.Message(to, cmd)

message.setAttr('type', 'chat')

cl.send(message)

XMPP python module

My JID

JID of device

Connect to XMPP server

Send Presence

Send Message

Create Message

Page 49: Automating with NX-OS: Let's Get Started!

Useful Links (XMPP)

• Protocol page:

http://xmpp.org/

• Instructions for using on Cisco devices:

http://blogs.cisco.com/getyourbuildon/xmpp-a-power-tool-in-your-tool-box

• Configuring DCNM XMPP Features:

https://tools.cisco.com/squish/83830

49

Page 50: Automating with NX-OS: Let's Get Started!

Conclusion

50

Page 51: Automating with NX-OS: Let's Get Started!

Summary

• The Nexus switching platform can be automated in a number of ways

• PoAP and CM Tools are an easy entry point to NX-OS automation

• Python and NX-API for more advanced users

• Netconf and XMPP for other use cases

• More useful links:

http://developer.cisco.com/

http://opennxos.cisco.com/

51

Page 52: Automating with NX-OS: Let's Get Started!

Let’s get started! (What do I need to do next?)

1. Setup a lab with a couple of switches, and some virtualization platform.

2. Alternatively look into VIRL.

3. Use the latest software image available for the latest and greatest features.

4. Download DCNM and experiment with PoAP.

5. Setup a Linux VM for testing off-box Python and CMT.

6. Start with Ansible (agentless), or Chef/Puppet

7. Use sandbox to build Python scripts

52

Page 53: Automating with NX-OS: Let's Get Started!

Deeper Dives!

• BRKDCT-2459: Programmability and Automation on Cisco Nexus Platforms

Abhinav Modi, Tues 2:15pm (watch the replay!)

• BRKDCT-2025: Maximizing Network Programmability & Automation with Open NX-OS

Nicolas Delecroix, Thurs 2:30pm

• BRKDCT-2024 - Automated Network Provisioning through POAP

Oliver Ziltener, Thurs 2:30pm

• DevNet-1075: Configuration Management Tools on NX-OS

Abhinav Modi, Fri 12:00pm

• Come visit us at the demo booth in World of Solutions!

53

Page 54: Automating with NX-OS: Let's Get Started!

Thank you

Page 55: Automating with NX-OS: Let's Get Started!