NetDevOps for the Network Dude How to get started with API's, Ansible and Python

Kevin Kuhls, Technical Leader

@sdn_dudeDEVNET- 1002

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 2DEVNET- 1002

• Introduction• Automation Motivation• Tools• Infrastructure as Code• Programmable Modules• Conclusion

Agenda

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3DEVNET- 1002

Who’s this guy?

• 1998 – Cisco Router• 2002 – PIX Firewall• BIG LULL• 2012 – DC Technologies (UCS, Nexus, VMWare)• 2014 – OpenStack, ACI • 2015 – Network Programmability, SDN

• Old Dog learning new tricks

…and should I listen or look at my phone?

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 4DEVNET- 1002

Motivators for Automation• Lots of Equipment

• ~1000 Network Devices

• Multiple Operating Systems• IOS• IOSXR• IOSXE• NXOS• ASA OS• Multivendor Security Appliances (WAF,

DDoS, LB)

• Small team• 6 people

• Rapid Deployment• Several new Datacenters per year• Several Service Deployments

requiring changes

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 5DEVNET- 1002

Demo – Automated Fabric Install

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6DEVNET- 1002

Automation Requirements

• Efficient

• Repeatable

• Reusable

• Observable

• Revision controlled

• Standard

We need an Automation framework that is full of ERRORS

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

What is AnsibleAnsible, an open source community project sponsored by Red Hat, is the simplest way to automate IT. Ansible is the only automation language that can be used

across entire IT teams – from systems and network administrators to developers and managers.

Ansible by Red Hat provides enterprise-ready solutions to automate your entire application lifecycle – from servers to clouds to containers and everything in between.

It uses no agents and no additional custom security infrastructure, so it's easy to deploy - and most importantly, it uses a very simple language (YAML, in the form of Ansible Playbooks) that allow you to describe your automation jobs in a way that approaches plain English.

DEVNET- 1002

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

Why did we choose Ansible?• Agentless • Server and support teams already using Ansible • Infrastructure as code• Simple to use and learn• Community and vendor driven• Modular framework, easily modified• Leverage many common programming languages

DEVNET- 1002

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9DEVNET- 1002

Exercise 1 - Ansible 2.1 IOS

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10DEVNET- 1002

Jinja Template

# Simple Variable Replacmenthostname {{sitecode}}-fw

# Variable Replacement based on Dictionaryroute outside 0.0.0.0 0.0.0.0 {{config['vlan101']['ip'][1]}}

# Loop Through set of data to create multiple lines{%for route in config['routes'] %}route oob-vpn {{config['routes'][route]['network']}} {{config['routes'][route]['mask']}} {{config['vlan90']['ip'][1]}}{% endfor %}

# Conditional Statements{% if config[‘vlan41’] is defined %} route dmzext {{config['vlan41']['ip'][0]}} {{config['vlan41']['ip'].netmask}} {{config['vlan102']['ip'][1]}}{endif %}

Contains variables and/or expressions which get replaced with values when rendered

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11DEVNET- 1002

Yaml• Structure to define:

• dictionary (unordered set of key value pairs, lists)

• list of items• key value pair

# A sample employee record name: Kevin Kuhlsjob: Network Engineerskill: Advanced employed: True certifications: - CCIE RS - CCIE DC - CISSP - VCP languages: perl: Novice python: Intermediate education: | BS in Computer Engineering

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

Exercise 2 – Ansible 2.1 IOS

DEVNET- 1002

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13DEVNET- 1002

Infrastructure as Code

svc_object_groups: - name: ossdm-elk-ports-tcp protocol: tcp values: - 9092net_object_groups: - name: ossdm-elk values: - '{{ ossdm_kfk_001 }}'

- '{{ ossdm_kfk_002 }}'

- '{{ ossdm_kfk_003 }}’

Represent a Configuration as a set of machine-processable definition files

access_lists: - name: APPS-IN entry: dest_address: ossdm-elk src_address: cis-apps dest_service: ossdm-elk-ports-tcp permit: true protocol: tcp position: 1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14DEVNET- 1002

Infrastructure as Code exercise

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

Customize or Write your own

DEVNET- 1002

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16DEVNET- 1002

Network Device Application Program Interfaces• IOS

• CLI

• IOS-XE• CLI• Netconf (with ConfD)

• IOS-XR• CLI• Netconf

• NXOS• CLI• NXAPI

• ACI• APIC Rest API

• ASA• CLI• ASA Rest API

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

ReferencesAnsible – http://www.Ansible.comJinja - https://kontrolissues.net/2016/01/14/intro-to-jinja2/YAML - http://www.yaml.org/start.htmlVIRL – Virtual Internet Routing Lab (how the demos were deployed) http://virl.cisco.com/dCloud – The Cisco Demo Cloud (where the demos were deployed) https://dcloud.cisco.com/ Source code in Github:• Clone exercises from session: git clone git@github.com:kuhlskev/devnet1002.git• Ansible Networking - https://github.com/ansible/ansible-modules-core/tree/stable-2.1/network • Napalm - https://github.com/napalm-automation/napalm• Pycsco - https://github.com/jedelman8/pycsco• Pyiosxr - https://github.com/fooelisa/pyiosxr• ASA - https://github.com/networklore/ansible-cisco-asa, https://github.com/kuhlskev/ansible-cisco-asa• Netmiko - https://github.com/ktbyers/netmikoBlogs:• https://pynet.twb-tech.com/• http://jedelman.com/home/ansible-for-networking/• https://pynet.twb-tech.com/blog/automation/napalm-ios.html• https://networklore.com/

DEVNET- 1002

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.

18DEVNET- 1002

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

Continue Your Education• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions:• DEVNET-1016 Transforming Network Operations from Configuration Automation

Through State Validation with Ansible• LABNMS-1023 NX-OS Programming Lab• BRKDCT-2459 Programmability and Automation on Cisco Nexus Platforms

DEVNET- 1002

Thank you

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20DEVNET- 1002

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

Network Programmability Cisco Education OfferingsCourse Description Cisco Certification

Integrating Business Applications with Network Programmability (NIPBA);Integrating Business Applications with Network Programmability for Cisco ACI (NPIBAACI)

Learn networking concepts, and how to deploy and troubleshoot programmable network architectures with these self-paced courses.

Cisco Business Application Engineer Specialist Certification

Developing with Cisco Network Programmability (NPDEV); Developing with Cisco Network Programmability for Cisco ACI (NPDEVACI)

Learn how to build applications for network environments and effectively bridge the gap between IT professionals and software developers.

Cisco Network Programmability Developer Specialist Certification

Designing with Cisco Network Programmability (NPDES); Designing with Cisco Network Programmability for Cisco ACI (NPDESACI)

Learn how to expand your skill set from traditional IT infrastructure to application integration through programmability.

Cisco Network Programmability Design Specialist Certification

Implementing Cisco Network Programmability (NPENG); Implementing Cisco Network Programmability for Cisco ACI (NPENGACI)

Learn how to implement and troubleshoot open IT infrastructure technologies.

Cisco Network Programmability Engineer Specialist Certification

For more details, please visit: http://learningnetwork.cisco.comQuestions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

DEVNET- 1002