1. DevNet-1606 APIC EM Rest API Adam Radford Distinguished
Systems Engineer
2. Introduction Quick Tour Use cases Agenda
3. Common Policy Approach Consistent Policy Across Cloud, DC,
WAN and Access Cloud Data Center WAN Access Application Network
Profile SLA, Security, QoS, Load Balancing User/Things Network
Profile QoS, Security, SLA, Device APIC APICAPIC APIC
4. The Cisco APIC Enterprise Module (APIC-EM) Advanced
Visualization for low risk SDN adoption Elastic Services for
scalability & HA Existing & New Installations Catalyst,
ISR, ASR Agile Integration Model Network Abstraction and Automation
APIC Masking Network Complexity, Exposing Network
Intelligence.
5. Cisco APIC Enterprise Module Architecture Abstracts Network
Devices to Mask Complexity Treat Network as a System Exposes
Network Intelligence For Business Innovation Cisco APIC Enterprise
Module Cisco and Third Party Applications Network Devices Catalyst,
ASR, ISR Network Info Database Policy Infrastructure Automation
REST API Southbound Interface: CLI Security QoS IWAN Network
PnP
6. APIC-EM: Services Layered View NB REST API Pxgrid Client +
LDAP client Radius Proxy + LDAP client Inventory Topology Policy
Analysis PnP Network Discovery Network Programmer Policy Programmer
(QoS, ACL) Network Tapping Easy QoS Network Events Policy Manager
Conflict Detection and Resolution (BI and NI) Business Intent to
Network Intent Conversion NETWORK MODEL DEVICE MODEL DEVICE
INTERFACE Application Visibility PfR APIC-EMServicesAPIC-EMApps
IWAN Services APIC-EM Services IWAN Services Basic Services for
Controller Availability Inventory Visualizer Topology Visualizer
Application Visualizer Discovery Easy QoS Visualizer Compliance
Check ACL Visualizer Network PnP Network Tapping Visualizer Policy
Manager
20. Netops ACL Get ACL for a Device
https://test-apic/api/v0/acl/device/cceaf2fe-c3d9-4d37-bf14-fba071c27d6e
Get ACL for Interface GigabitEthernet0/0/0
https://test-apic/api/v0/acl/interface/ad8c543b-c698-468b-bb64-e0a418d6c517
Check for consistency of an ACL
https://test-apic/api/v0/acl/conflict/dea7a366-4cdd-4006-ad51-27f0a0b2fb40
Cisco Confidential $python check-acl.py
23. Applications { "id":
"46de799b-7f51-4a5e-8d08-46e2e78ff619", "applicationGroup":
"other", "category": "voice-and-video", "subCategory":
"consumer-video-streaming", "encrypted": "false", "p2pTechnology":
"false", "tunnel": "false", "name": "appleqtc", "enabled": "true",
"nbarId": "92", "engineId": "3", "globalId": "L4:458",
"selectorId": "458", "helpString": "apple quick time",
"longDescription": "Apple QuickTime is an extensible proprietary
multimedia framework developed by Apple Inc., capable of handling
various formats of digital video, picture, sound, panoramic images,
and interactivity. QuickTime is available for Windows XP and later,
as well as Mac OS X Leopard and later operating systems.",
"appProtocol": "tcp/udp", "tcpPorts": "458", "udpPorts": "458",
"references": "http://www.apple.com/quicktime/", "url": "",
"valid": true }
28. Task for Policy creation - failure
https://test-apic/api/v0/task/f5c07be7-ae8e-4350-80b0-1971874803c8
GET "response": { "id": "f5c07be7-ae8e-4350-80b0-1971874803c8",
"rootId": "f5c07be7-ae8e-4350-80b0-1971874803c8", "serviceType":
"Policy Service", "progress": "Policy Creation Failed",
"errorCode": "PartialSuccess", "failureReason":
"04ea2f11-1e9d-435a-9db2-ded3fbcd732f: Inactive Policy - Interfaces
where this policy needs to be programmed are not within the same
policy scope. Hence skipping policy creation for this policy.",
"isError": true, "startTime": 1412425907975, "endTime":
1412425910331 },
29. Policy for Security https://test-apic/api/v0/policy POST {
"policyName": "deny_some", "policyOwner": "Admin", "actions":
["DENY"], "networkUser": {"userIdentifiers": ["40.0.0.15"]},
"resource": {"userIdentifiers": ["10.10.20.3"],
"applications":[{"raw": "81;TCP"}]} } Cisco Confidential Sourcefire
use case. (policy) App -> Class -> Mapping (cvd) Queuing on
interfaces Bandwidth allocation to classes /policy /network-
device/{tags} /host /user ACL Traffic Redirection QoS Marking /qos
API's automatically create policies for QoS Marking.
31. /qos 32 1 2 3 GET /qos/app-class-map/mapping GET,POST
/network-device/tag POST /qos GET /qos/status 4
32. Plug And Play CA2 release
33. PnP Server Use Case: Device Deployment in Campus DHCP
Server Switch running PnP Agent Device receives PnP server specific
metadata info configured in DHCP option 43 Device validates servers
location and establishes a communication with the server Installer
Remote Installer Mount and cable devices Power-on Day 1 Network
Admin remotely monitors status of install while in progress. Day 1
Cisco APIC - Enterprise Module
36. List all images
https://adam-iwan/api/v1/file/config/file-list GET will show config
files https://adam-iwan/api/v1/file/image/file-list GET "response":
[ { "nameSpace": "image", "name":
"c2960x-universalk9-mz.152-2.E1.bin", "downloadPath":
"/file/571c8887-0e71-4a6f-8267-e1f25bfa46f4", "fileSize":
"21208064", "fileFormat": "application/octet-stream", "id":
"571c8887-0e71-4a6f-8267-e1f25bfa46f4" },{ "nameSpace": "image",
"name": "c2960x-universalk9-mz.152-3.E.bin", "downloadPath":
"/file/5bc3f28e-61b7-4438-a946-4d62396341db", "fileSize":
"23343104", "fileFormat": "application/octet-stream", "id":
"5bc3f28e-61b7-4438-a946-4d62396341db" }],
37. User Interface
38. Create a site https://adam-iwan/api/v1/ztd-site POST {
"siteName": "Sydney" } { "response": { "taskId":
"832e26a7-b10a-4a4a-9cd9-1dfc2a9d3da3", "url":
"/api/v1/task/832e26a7-b10a-4a4a-9cd9-1dfc2a9d3da3" }, "version":
"0.0" }
39. Result of the task { "response": { "rootId":
"db96e8f5-cf68-4f1f-9cc2-f6c18fdeeaaf", "serviceType": "Ztd
Service", "progress": "{"message":"Success creating new
site","siteId": "05159d12-3654-4ce1-b391-b5f4a3cdc6a9"}",
"startTime": 1420948314682, "endTime": 1420948314714, "id":
"db96e8f5-cf68-4f1f-9cc2-f6c18fdeeaaf" }, "version": "0.0" }
40. Create a Rule https://adam-iwan/api/v1/ztd-site/device POST
{ "hostName" : "test-switch6", "site" : "Sydney", "platformId" :
"WS-C2960X-48FPD-L" } IMPORTANT: Name of "site" rather than UUID
These are only three mandatory attributes Default "status" is
PENDING "serialNumber", "configId", "imageId", are often used
41. Result of the Rule task { "response": { "rootId":
"c8c9fec8-e564-4368-a0fe-1f3559926ce6", "serviceType": "Ztd
Service", "progress": "{"message":"Success creating new site
device(rule)","ruleId":"8fbc09aa-87b2-4c4a-bc91-6d1b851429d8"}",
"startTime": 1420965737439, "endTime": 1420965737492, "id":
"c8c9fec8-e564-4368-a0fe-1f3559926ce6" }, "version": "0.0" }
42. Rules for a specific site
https://adam-iwan/api/v1/ztd-site/device?site_id=05159d12-3654-
4ce1-b391-b5f4a3cdc6a9&offset=1&limit=10 GET { "response":
[ { "hostName": "test-switch6", "platformId": "WS-C2960X-48FPD-L",
"site": "Sydney", "state": "PENDING", "attributeInfo": {}, "id":
"8fbc09aa-87b2-4c4a-bc91-6d1b851429d8" } ], "version": "0.0" }