Module 14: Network Automation

Enterprise Networking, Security, and Automation v7.0

(ENSA)
14.1 Automation Overview

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Automation Overview
Video - Automation Everywhere
We now see automation everywhere, from self-serve checkouts at stores and automatic
building environmental controls, to autonomous cars and planes. How many automated
systems do you encounter in a single day?

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
14.2 Data Formats

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Data Formats
Video - Data Formats
This video covers the following:
• HTML
• XML
• JSON
• YAML

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Data Formats
The Data Formats Concept
• Data formats are simply a way to store and exchange data in a structured format. One
such format is called Hypertext Markup Language (HTML). HTML is a standard
markup language for describing the structure of web pages.
• These are some common data formats that are used in many applications including
network automation and programmability:
• JavaScript Object Notation (JSON)
• eXtensible Markup Language (XML)
• YAML Ain’t Markup Language (YAML)
• The data format that is selected will depend on the format that is used by the
application, tool, or script that you are using. Many systems will be able to support
more than one data format, which allows the user to choose their preferred one.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Data Formats
Compare Data Formats
message: success
timestamp: 1560789260
iss_position:
{ latitude: '25.9990’
"message": "success", longitude: '-132.6992'
"timestamp": 1560789260,
"iss_position": { YAML Format
"latitude": "25.9990", <?xml version="1.0" encoding="UTF-8" ?>
"longitude": "-132.6992" <root>
} <message>success</message>
} <timestamp>1560789260</timestamp>
JSON Format <iss_position>
<latitude>25.9990</latitude>
<longitude>-132.6992</longitude>
</iss_position>
</root>

XML Format
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Data Formats
JSON Data Format
• JSON is a human readable data format used by applications for storing, transferring
and reading data. JSON is a very popular format used by web services and APIs to
provide public data. This is because it is easy to parse and can be used with most
modern programming languages, including Python.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Data Formats
JSON Data Format (Cont.)
GigabitEthernet0/0/0 is up, line protocol is up (connected)
Description: Wide Area Network
Internet address is 172.16.0.2/24

{
"ietf-interfaces:interface": {
Compare the IOS output "name": "GigabitEthernet0/0/0",
above to the output in "description": "Wide Area Network”,
JSON format. Notice that "enabled": true,
each object (each "ietf-ip:ipv4": {
"address": [
key/value pair) is a
{
different piece of data "ip": "172.16.0.2",
about the interface "netmask": "255.255.255.0"
including its name, a }
description, and whether ]
the interface is enabled. }
}
} © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Data Formats
YAML Data Format (Cont.)
{ • IOS output in JSON is to the left. The same data
"ietf-interfaces:interface": {
"name": "GigabitEthernet2",
in YAML format is below. It is easier to read.
"description": "Wide Area Network", • Similar to JSON, a YAML object is one or more
"enabled": true, key value pairs. Key value pairs are separated
"ietf-ip:ipv4": { by a colon without the use of quotation marks. In
"address": [
YAML, a hyphen is used to separate each
{
"ip": "172.16.0.2", element in a list.
"netmask": "255.255.255.0"
}, ietf-interfaces:interface:
{ name: GigabitEthernet2
"ip": "172.16.0.3", description: Wide Area Network
"netmask": "255.255.255.0" enabled: true
}, ietf-ip:ipv4:
{ address:
"ip": "172.16.0.4", - ip: 172.16.0.2
"netmask": "255.255.255.0" netmask: 255.255.255.0
} - ip: 172.16.0.3
] netmask: 255.255.255.0
} - ip: 172.16.0.4
} netmask: 255.255.255.0
} © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Data Formats
XML Data Format
XML is one more type of human readable data format used to store, transfer, and read
data by applications. Some of the characteristics of XML include:
• It is like HTML , which is the standardized markup language for creating web pages
and web applications.
• It is self-descriptive. It encloses data within a related set of tags: <tag>data</tag>
• Unlike HTML, XML uses no predefined tags or document structure.

XML objects are one or more key/value pairs, with the beginning tag used as the name of
the key: <key>value</key>

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Data Formats
XML Data Format (Cont.)
<?xml version="1.0" encoding="UTF-8" ?>
The output shows the same data for <ietf-interfaces:interface>
GigabitEthernet2 formatted as an <name>GigabitEthernet2</name>
<description>Wide Area Network</description>
XML data structure. Notice how the <enabled>true</enabled>
values are enclosed within the object <ietf-ip:ipv4>
tags. In this example, each key/value <address>
<ip>172.16.0.2</ip>
pair is on a separate line and some <netmask>255.255.255.0</netmask>
lines are indented. This is not required </address>
but is done for readability. The list <address>
<ip>172.16.0.3</ip>
uses repeated instances <netmask>255.255.255.0</netmask>
of <tag></tag> for each element in </address>
the list. The elements within these <address>
<ip>172.16.0.4</ip>
repeated instances represent one or <netmask>255.255.255.0</netmask>
more key/value pairs. </address>
</ietf-ip:ipv4>
</ietf-interfaces:interface>

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
14.3 APIs

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
APIs
Video - APIs
This video will cover the following:
• Define API
• See examples of popular APIs:
• SOAP
• REST
• NETCONF
• RESTCONF
• Execute an API call in a browser and in Postman.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
APIs
The API Concept
• An API is software that allows other applications to access its data or services. It is a
set of rules describing how one application can interact with another, and the
instructions to allow the interaction to occur. The user sends an API request to a
server asking for specific information and receives an API response in return from the
server along with the requested information.
• An API is similar to a waiter in a restaurant, as shown in the following figure.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
APIs
Open, Internal, and Partner APIs
An important consideration when developing an API is the distinction between open,
internal, and partner APIs:
• Open APIs or Public APIs - These APIs are publicly available and can be used with
no restrictions. Because these APIs are public, many API providers require the user to
get a free key, or token, prior to using the API. This is to help control the number of
API requests they receive and process.
• Internal or Private APIs - These are APIs that are used by an organization or
company to access data and services for internal use only. An example of an internal
API is allowing authorized salespeople access to internal sales data on their mobile
devices.
• Partner APIs - These are APIs that are used between a company and its business
partners or contractors to facilitate business between them. The business partner
must have a license or other form of permission to use the API. A travel service using
an airline’s API is an example of a partner API.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
APIs
Types of Web Service APIs
A web service is a service that is available over the internet, using the World Wide Web.
There are four types of web service APIs:
• Simple Object Access Protocol (SOAP)
• Representational State Transfer (REST)
• eXtensible Markup Language-Remote Procedure Call (XML-RPC)
• JavaScript Object Notation-Remote Procedure Call (JSON-RPC)

Characteristic SOAP REST XML-RPC JSON-RPC

JSON, XML, YAML,
Data Format XML XML JSON
and others
First released 1998 2000 1998 2005
Flexible formatting and Well-established,
Strengths Well-established Simplicity
most widely used simplicity

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
14.4 REST

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Software-Defined Networking
Video - REST
This video covers the following:
• Execute a REST API request
• Web browser - HTTP
• Command Line - CURL
• Application - Postman
• Programming Language - Python, Javascript, Ruby, and more

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Software-Defined Networking
REST and RESTful API
• Web browsers use HTTP or HTTPS to request (GET) a web page. If successfully
requested (HTTP status code 200), web servers respond to GET requests with an
HTML coded web page.
• Simply stated, a REST API is an API that works on top of the HTTP protocol. It defines
a set of functions developers can use to perform requests and receive responses via
HTTP protocol such as GET and POST.
• Conforming to the constraints of the REST architecture is generally referred to as
being “RESTful”. An API can be considered “RESTful” if it has the following features:
• Client-Server - The client handles the front end and the server handles the back end. Either can
be replaced independently of the other.
• Stateless - No client data is stored on the server between requests. The session state is stored
on the client.
• Cacheable - Clients can cache responses to improve performance.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Software-Defined Networking
RESTful Implementation
A RESTful web service is implemented using HTTP. It is a collection of resources with four defined
aspects:
• The base Uniform Resource Identifier (URI) for the web service, such
as http://example.com/resources.
• The data format supported by the web service. This is often JSON, YAML, or XML but could be
any other data format that is a valid hypertext standard.
• The set of operations supported by the web service using HTTP methods.
• The API must be hypertext driven.
RESTful APIs use common HTTP methods including POST, GET, PUT, PATCH and DELETE. As
shown in the following table, these correspond to RESTful operations: Create, Read, Update, and
Delete (or CRUD).
HTTP Method RESTful Operation
POST Create
GET Read
PUT/PATCH Update
DELETE Delete © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Software-Defined Networking
Anatomy of a RESTful Request
• In a RESTful Web service, a request made to a resource's URI will elicit a response.
The response will be a payload typically formatted in JSON, but could be HTML, XML,
or some other format. The figure shows the URI for the MapQuest directions API. The
API request is for directions from San Jose, California to Monterey, California.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Software-Defined Networking
Anatomy of a RESTful Request (Cont.)
These are the different parts of the API request:
• API Server - This is the URL for the server that answers REST requests. In this example it is the MapQuest API
server.
• Resources - Specifies the API that is being requested. In this example it is the MapQuest directions API.
• Query - Specifies the data format and information the client is requesting from the API service. Queries can
include:
• Format – This is usually JSON but can be YAML or XML. In this example JSON is requested.
• Key - The key is for authorization, if required. MapQuest requires a key for their directions API. In the above URI,
you would need to replace “KEY” with a valid key to submit a valid request.
• Parameters - Parameters are used to send information pertaining to the request. In this example, the query
parameters include information about the directions that the API needs so it knows what directions to return:
"from=San+Jose,Ca" and "to=Monterey,Ca".

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Software-Defined Networking
RESTful API Applications
• Many web sites and applications use APIs to access information and provide service
for their customers.
• Some RESTful API requests can be made by typing in the URI from within a web
browser. The MapQuest directions API is an example of this. A RESTful API request
can also be made in other ways.
• Developer Web Site: Developers often maintain web sites that include information about the API,
parameter information, and usage examples. These sites may also allow the user to perform the
API request within the developer web page by entering in the parameters and other information.
• Postman: Postman is an application for testing and using REST APIs. It contains everything
required for constructing and sending REST API requests, including entering query parameters
and keys.
• Python: APIs can also be called from within a Python program. This allows for possible
automation, customization, and App integration of the API.
• Network Operating Systems: Using protocols such as NETCONF (NET CONFiguration) and
RESTCONF, network operating systems are beginning to provide an alternative method for
configuration, monitoring, and management.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
14.5 Configuration
Management Tools

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Configuration Management Tools
Video - Configuration Management Tools
This video will cover the following:
• Compare configuration management tools including Ansible, Puppet, Chef and
SaltStack.
• Review plays, tasks, modules, parameters, and variables in a sample playbook

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Configuration Management Tools
Traditional Network Configuration
Network devices have
traditionally been
configured by a network
administrator using the
CLI. Whenever there is
a change or new
feature, the necessary
configuration
commands must be
manually entered on all
of the appropriate
devices. This becomes
a major issue on larger
networks or with more
complex configurations.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Configuration Management Tools
Traditional Network Configuration
Simple Network Management Protocol
(SNMP) lets administrators manage
nodes on an IP network. With a
network management station (NMS),
network administrators use SNMP to
monitor and manage network
performance, find and solve network
problems, and perform queries for
statistics. SNMP is not typically used
for configuration due to security
concerns and difficulty in
implementation.
You can also use APIs to automate the
deployment and management of
network resources. Instead of manually
configuring ports, access lists, QoS,
and load balancing policies, you can
use tools to automate configurations.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Configuration Management Tools
Network Automation
We are rapidly moving away from a world
where a network administrator manages a
few dozen network devices, to one where
they are deploying and managing a great
number of complex network devices (both
physical and virtual) with the help of
software. This transformation is quickly
spreading to all places in the network. There
are new and different methods for network
administrators to automatically monitor,
manage, and configure the network. These
include protocols and technologies such as
REST, Ansible, Puppet, Chef, Python,
JSON, XML, and more.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Configuration Management Tools
Compare Ansible, Chef, Puppet, and SaltStack
Ansible, Chef, Puppet, and SaltStack all come with API documentation for configuring
RESTful API requests. All of them support JSON and YAML as well as other data formats.
The following table shows a summary of a comparison of major characteristics of Ansible,
Puppet, Chef, and SaltStack configuration management tools.

Characteristic Ansible Chef Puppet SaltStack

What
programming Python + YAML Ruby Ruby Python
language?
Agent-based or
Agentless Agent-based Supports both Supports both
agentless?
How are devices Any device can
Chef Master Puppet Master Salt Master
managed? be “controller”
What is created by
Playbook Cookbook Manifest Pillar
the tool?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
14.6 IBN and Cisco DNA
Center

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
IBN and Cisco DNA Center
Video - Intent-Based Networking
• You have learned of the many tools and software that can help you automate your
network. Intent-Based Networking (IBN) and Cisco Digital Network Architecture (DNA)
Center can help you bring it all together to create an automated network.
• Play the video by Cisco’s John Apostolopoulos and Anand Oswal explaining how
artificial intelligence and intent-based networking (IBN) can improve networks.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
IBN and Cisco DNA Center
Intent-Based Networking Overview
• IBN is the emerging industry model for the next generation of networking. IBN builds
on Software-Defined Networking (SDN), transforming a hardware-centric and manual
approach to designing and operating networks to one that is software-centric and fully
automated.
• Business objectives for the network are expressed as intent. IBN captures business
intent and uses analytics, machine learning, and automation to align the network
continuously and dynamically as business needs change.
• IBN captures and translates business intent into network policies that can be
automated and applied consistently across the network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
IBN and Cisco DNA Center
Intent-Based Networking Overview (Cont.)
Cisco views IBN as having three essential functions: translation, activation, and
assurance. These functions interact with the underlying physical and virtual infrastructure,
as shown in the figure.
Translation - The translation function enables the
network administrator to express the expected
networking behavior that will best support the
business intent.
Activation - The captured intent then needs to be
interpreted into policies that can be applied across
the network. The activation function installs these
policies into the physical and virtual network
infrastructure using networkwide automation.
Assurance - In order to continuously check that the
expressed intent is honored by the network at any
point in time, the assurance function maintains a
continuous validation-and-verification loop.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
IBN and Cisco DNA Center
Cisco Digital Network Architecture (DNA)
Cisco implements the IBN fabric
using Cisco DNA. The business
intent is securely deployed into the
network infrastructure (the fabric).
Cisco DNA then continuously
gathers data from a multitude of
sources (devices and applications)
to provide a rich context of
information. This information can
then be analyzed to make sure the
network is performing securely at its
optimal level and in accordance with
business intent and network
policies.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
IBN and Cisco DNA Center
Cisco Digital Network Architecture (DNA) (Cont.)
Cisco DNA
Description Benefits
Solution
•First intent-based enterprise networking solution
built using Cisco DNA.
•It uses a single network fabric across LAN and
Enables network access in minutes
WLAN to create a consistent, highly secure user
for any user or device to any
SD-Access experience.
application without compromising
•It segments user, device, and application traffic
security.
and automates user-access policies to establish
the right policy for any user or device, with any
application, across a network.
•It uses a secure cloud-delivered architecture to •Delivers better user experiences for
centrally manage WAN connections. applications residing on-premise or in
•It simplifies and accelerates delivery of secure, the cloud.
SD-WAN
flexible and rich WAN services to connect data •Achieve greater agility and cost
centers, branches, campuses, and colocation savings through easier deployments
facilities. and transport independence.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
IBN and Cisco DNA Center
Cisco Digital Network Architecture (DNA) (Cont.)
Cisco DNA
Description Benefits
Solution
•Allows you to identify root causes and
•Used to troubleshoot and increase IT
provides suggested remediation for faster
productivity.
troubleshooting.
•It applies advanced analytics and
•The Cisco DNA Center provides an easy-to-
Cisco DNA machine learning to improve performance
use single dashboard with insights and drill-
Assurance and issue resolution, and predict to
down capabilities.
assure network performance.
•Machine learning continually improves
•It provides real-time notification for
network intelligence to predict problems
network conditions that require attention.
before they occur.
•Used to provide visibility by using the •Reduce risk and protect your organization
network as a sensor for real-time analysis against threats - even in encrypted traffic.
Cisco DNA and intelligence. •Gain 360-degree visibility through real-time
Security •It provides increased granular control to analytics for deep intelligence across the
enforce policy and contain threats across network.
the network. •Lower complexity with end-to-end security.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
IBN and Cisco DNA Center
Cisco DNA Center (Cont.)

At the top, menus provide you access to DNA Center’s five main areas. As shown in the
figure, these are:
• Design - Model your entire network, from sites and buildings to devices and links, both physical
and virtual, across campus, branch, WAN, and cloud.
• Policy - Use policies to automate and simplify network management, reducing cost and risk while
speeding rollout of new and enhanced services.
• Provision Or Configuration - Provide new services to users with ease, speed, and security
across your enterprise network, regardless of network size and complexity.
• Assurance - Use proactive monitoring and insights from the network, devices, and applications to
predict problems faster and ensure that policy and configuration changes achieve the business
intent and the user experience you want.
• Platform - Use APIs to integrate with your preferred IT systems to create end-to-end solutions and
add support for multi-vendor devices.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
IBN and Cisco DNA Center
Video - DNA Center Overview and Platform APIs
This video is an overview of the Cisco DNA Center GUI. It includes
design, policy, provision, and assurance tools used to control multiple
sites and multiple devices.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
IBN and Cisco DNA Center
Video - DNA Center Design and Provision
This video is an overview of the Cisco DNA Center design and provision areas where you
can add new devices and update existing devices.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
IBN and Cisco DNA Center
Video - DNA Center Policy and Assurance
This video explains the Cisco DNA Center policy and assurance areas. The policy area
enables you to create policies that reflect your organization’s business intent and deploy
them across networks and devices. Assurance provides you with an interface to quickly
view and troubleshoot devices connected to the network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
IBN and Cisco DNA Center
Video - DNA Center Troubleshooting User Connectivity
This video explains how to use Cisco DNA Center to troubleshoot devices.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
14.7 Module Practice and Quiz

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44