DEVNET- 1002

1. NetDevOps for the Network Dude
How to get started with API's, Ansible and Python
Kevin Kuhls, Technical Leader
@sdn_dude
DEVNET- 1002

2. • Introduction
• Automation Motivation
• Tools
• Infrastructure as Code
• Programmable Modules
• Conclusion
Agenda

3. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3DEVNET- 1002
Who’s this guy?
• 1998 – Cisco Router
• 2002 – PIX Firewall
• BIG LULL
• 2012 – DC Technologies (UCS, Nexus, VMWare)
• 2014 – OpenStack, ACI
• 2015 – Network Programmability, SDN
• Old Dog learning new tricks
…and should I listen or look at my phone?

4. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 4DEVNET- 1002
Motivators for Automation
• Lots of Equipment
• ~1000 Network Devices
• Multiple Operating Systems
• IOS
• IOSXR
• IOSXE
• NXOS
• ASA OS
• Multivendor Security Appliances
(WAF, DDoS, LB)
• Small team
• 6 people
• Rapid Deployment
• Several new Datacenters per year
• Several Service Deployments
requiring changes

5. Demo – Automated Fabric Install

6. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6DEVNET- 1002
Automation Requirements
• Efficient
• Repeatable
• Reusable
• Observable
• Revision controlled
• Standard
We need an Automation framework that is full of ERRORS

7. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Ansible
Ansible, an open source community project sponsored by Red Hat, is the simplest
way to automate IT. Ansible is the only automation language that can be used
across entire IT teams – from systems and network administrators to developers
and managers.
Ansible by Red Hat provides enterprise-ready solutions to automate your entire application
lifecycle – from servers to clouds to containers and everything in between.
It uses no agents and no additional custom security infrastructure, so it's easy to deploy -
and most importantly, it uses a very simple language (YAML, in the form of Ansible
Playbooks) that allow you to describe your automation jobs in a way that approaches plain
English.
7DEVNET- 1002

8. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why did we choose Ansible?
• Agentless
• Server and support teams already using Ansible
• Infrastructure as code
• Simple to use and learn
• Community and vendor driven
• Modular framework, easily modified
• Leverage many common programming languages
8DEVNET- 1002

9. Exercise 1 - Ansible 2.1 IOS

10. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10DEVNET- 1002
Jinja Template
# Simple Variable Replacment
hostname {{sitecode}}-fw
# Variable Replacement based on Dictionary
route outside 0.0.0.0 0.0.0.0 {{config['vlan101']['ip'][1]}}
# Loop Through set of data to create multiple lines
{%for route in config['routes'] %}
route oob-vpn {{config['routes'][route]['network']}} {{config['routes'][route]['mask']}} {{config['vlan90']['ip'][1]}}
{% endfor %}
# Conditional Statements
{% if config[‘vlan41’] is defined %}
route dmzext {{config['vlan41']['ip'][0]}} {{config['vlan41']['ip'].netmask}} {{config['vlan102']['ip'][1]}}
{endif %}
Contains variables and/or expressions which get replaced with values when rendered

11. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11DEVNET- 1002
Yaml
• Structure to define:
• dictionary (unordered set of key value
pairs, lists)
• list of items
• key value pair
# A sample employee record
name: Kevin Kuhls
job: Network Engineer
skill: Advanced
employed: True
certifications:
- CCIE RS
- CCIE DC
- CISSP
- VCP
languages:
perl: Novice
python: Intermediate
education: |
BS in Computer Engineering

12. Exercise 2 – Ansible 2.1 IOS

13. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13DEVNET- 1002
Infrastructure as Code
svc_object_groups:
- name: ossdm-elk-ports-tcp
protocol: tcp
values:
- 9092
net_object_groups:
- name: ossdm-elk
values:
- '{{ ossdm_kfk_001 }}'
- '{{ ossdm_kfk_002 }}'
- '{{ ossdm_kfk_003 }}’
Represent a Configuration as a set of machine-processable definition files
access_lists:
- name: APPS-IN
entry:
dest_address: ossdm-elk
src_address: cis-apps
dest_service: ossdm-elk-
ports-tcp
permit: true
protocol: tcp
position: 1

14. Infrastructure as Code exercise

15. Customize or Write your own

16. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16DEVNET- 1002
Network Device Application Program Interfaces
• IOS
• CLI
• IOS-XE
• CLI
• Netconf (with ConfD)
• IOS-XR
• CLI
• Netconf
• NXOS
• CLI
• NXAPI
• ACI
• APIC Rest API
• ASA
• CLI
• ASA Rest API

17. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
References
Ansible – http://www.Ansible.com
Jinja - https://kontrolissues.net/2016/01/14/intro-to-jinja2/
YAML - http://www.yaml.org/start.html
VIRL – Virtual Internet Routing Lab (how the demos were deployed) http://virl.cisco.com/
dCloud – The Cisco Demo Cloud (where the demos were deployed) https://dcloud.cisco.com/
Source code in Github:
• Clone exercises from session: git clone git@github.com:kuhlskev/devnet1002.git
• Ansible Networking - https://github.com/ansible/ansible-modules-core/tree/stable-2.1/network
• Napalm - https://github.com/napalm-automation/napalm
• Pycsco - https://github.com/jedelman8/pycsco
• Pyiosxr - https://github.com/fooelisa/pyiosxr
• ASA - https://github.com/networklore/ansible-cisco-asa, https://github.com/kuhlskev/ansible-cisco-asa
• Netmiko - https://github.com/ktbyers/netmiko
Blogs:
• https://pynet.twb-tech.com/
• http://jedelman.com/home/ansible-for-networking/
• https://pynet.twb-tech.com/blog/automation/napalm-ios.html
• https://networklore.com/
17DEVNET- 1002

18. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 Amazon gift card.
• Complete your session surveys
through the Cisco Live mobile
app or from the Session Catalog
on CiscoLive.com/us.
18DEVNET- 1002

19. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions:
• DEVNET-1016 Transforming Network Operations from Configuration Automation
Through State Validation with Ansible
• LABNMS-1023 NX-OS Programming Lab
• BRKDCT-2459 Programmability and Automation on Cisco Nexus Platforms
19DEVNET- 1002

20. Thank you

22. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Programmability Cisco Education Offerings
Course Description Cisco Certification
Integrating Business Applications with Network
Programmability (NIPBA);
Integrating Business Applications with Network
Programmability for Cisco ACI (NPIBAACI)
Learn networking concepts, and how to deploy and troubleshoot
programmable network architectures with these self-paced courses.
Cisco Business Application
Engineer Specialist Certification
Developing with Cisco Network Programmability
(NPDEV);
Developing with Cisco Network Programmability
for Cisco ACI (NPDEVACI)
Learn how to build applications for network environments and effectively
bridge the gap between IT professionals and software developers.
Cisco Network Programmability
Developer Specialist Certification
Designing with Cisco Network Programmability
(NPDES);
Designing with Cisco Network Programmability
for Cisco ACI (NPDESACI)
Learn how to expand your skill set from traditional IT infrastructure to
application integration through programmability.
Cisco Network Programmability
Design Specialist Certification
Implementing Cisco Network Programmability
(NPENG);
Implementing Cisco Network Programmability
for Cisco ACI (NPENGACI)
Learn how to implement and troubleshoot open IT infrastructure
technologies.
Cisco Network Programmability
Engineer Specialist Certification
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com
22DEVNET- 1002