NetDevOps for the Network Dude

How to get started with API's, Ansible and Python

Kevin Kuhls, Technical Leader
@sdn_dude
DEVNET- 1002
Agenda

Introduction
Automation Motivation
Tools
Infrastructure as Code
Programmable Modules
Conclusion
Whos this guy?
and should I listen or look at my phone?
1998 Cisco Router
2002 PIX Firewall
BIG LULL
2012 DC Technologies (UCS, Nexus, VMWare)
2014 OpenStack, ACI
2015 Network Programmability, SDN

Old Dog learning new tricks

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Motivators for Automation
Lots of Equipment Small team
~1000 Network Devices 6 people
Rapid Deployment
Multiple Operating Systems
Several new Datacenters per year
IOS Several Service Deployments
IOSXR requiring changes
IOSXE
NXOS
ASA OS
Multivendor Security Appliances
(WAF, DDoS, LB)

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Demo Automated Fabric Install
Automation Requirements
We need an Automation framework that is full of ERRORS
Efficient
Repeatable
Reusable
Observable
Revision controlled
Standard

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
What is Ansible
Ansible, an open source community project sponsored by Red Hat, is the simplest
way to automate IT. Ansible is the only automation language that can be used
across entire IT teams from systems and network administrators to developers
and managers.

Ansible by Red Hat provides enterprise-ready solutions to automate your entire application
lifecycle from servers to clouds to containers and everything in between.

It uses no agents and no additional custom security infrastructure, so it's easy to deploy -
and most importantly, it uses a very simple language (YAML, in the form of Ansible
Playbooks) that allow you to describe your automation jobs in a way that approaches plain
English.

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Why did we choose Ansible?
Agentless
Server and support teams already using Ansible
Infrastructure as code
Simple to use and learn
Community and vendor driven
Modular framework, easily modified
Leverage many common programming languages

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Exercise 1 - Ansible 2.1 IOS
Jinja Template
Contains variables and/or expressions which get replaced with values when rendered

# Simple Variable Replacment

hostname {{sitecode}}-fw

# Variable Replacement based on Dictionary

route outside 0.0.0.0 0.0.0.0 {{config['vlan101']['ip'][1]}}

# Loop Through set of data to create multiple lines

{%for route in config['routes'] %}
route oob-vpn {{config['routes'][route]['network']}} {{config['routes'][route]['mask']}} {{config['vlan90']['ip'][1]}}
{% endfor %}

# Conditional Statements
{% if config[vlan41] is defined %}
route dmzext {{config['vlan41']['ip'][0]}} {{config['vlan41']['ip'].netmask}} {{config['vlan102']['ip'][1]}}
{endif %}

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Yaml
Structure to define: # A sample employee record
dictionary (unordered set of key value name: Kevin Kuhls
pairs, lists) job: Network Engineer
list of items skill: Advanced
key value pair employed: True
certifications:
- CCIE RS
- CCIE DC
- CISSP
- VCP
languages:
perl: Novice
python: Intermediate
education: |
BS in Computer Engineering
DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Exercise 2 Ansible 2.1 IOS
Infrastructure as Code
Represent a Configuration as a set of machine-processable definition files
svc_object_groups: access_lists:
- name: ossdm-elk-ports-tcp - name: APPS-IN
protocol: tcp entry:
values: dest_address: ossdm-elk
- 9092 src_address: cis-apps
net_object_groups: dest_service: ossdm-elk-
- name: ossdm-elk ports-tcp
values: permit: true
- '{{ ossdm_kfk_001 }}' protocol: tcp
- '{{ ossdm_kfk_002 }}' position: 1
- '{{ ossdm_kfk_003 }}

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Infrastructure as Code exercise
Customize or Write your own
Network Device Application Program Interfaces
IOS NXOS
CLI CLI
NXAPI
IOS-XE
CLI ACI
Netconf (with ConfD) APIC Rest API
IOS-XR ASA
CLI CLI
Netconf ASA Rest API

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
References
Ansible http://www.Ansible.com
Jinja - https://kontrolissues.net/2016/01/14/intro-to-jinja2/
YAML - http://www.yaml.org/start.html
VIRL Virtual Internet Routing Lab (how the demos were deployed) http://virl.cisco.com/
dCloud The Cisco Demo Cloud (where the demos were deployed) https://dcloud.cisco.com/
Source code in Github:
Clone exercises from session: git clone git@github.com:kuhlskev/devnet1002.git
Ansible Networking - https://github.com/ansible/ansible-modules-core/tree/stable-2.1/network
Napalm - https://github.com/napalm-automation/napalm
Pycsco - https://github.com/jedelman8/pycsco
Pyiosxr - https://github.com/fooelisa/pyiosxr
ASA - https://github.com/networklore/ansible-cisco-asa, https://github.com/kuhlskev/ansible-cisco-asa
Netmiko - https://github.com/ktbyers/netmiko
Blogs:
https://pynet.twb-tech.com/
http://jedelman.com/home/ansible-for-networking/
https://pynet.twb-tech.com/blog/automation/napalm-ios.html
https://networklore.com/
DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Complete Your Online Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 Amazon gift card.
Complete your session surveys
through the Cisco Live mobile
app or from the Session Catalog
on CiscoLive.com/us.

Dont forget: Cisco Live sessions will be available

for viewing on-demand after the event at
CiscoLive.com/Online

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Lunch & Learn
Meet the Engineer 1:1 meetings
Related sessions:
DEVNET-1016 Transforming Network Operations from Configuration Automation
Through State Validation with Ansible
LABNMS-1023 NX-OS Programming Lab
BRKDCT-2459 Programmability and Automation on Cisco Nexus Platforms

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Thank you
Network Programmability Cisco Education Offerings
Course Description Cisco Certification
Integrating Business Applications with Network Learn networking concepts, and how to deploy and troubleshoot Cisco Business Application
Programmability (NIPBA); programmable network architectures with these self-paced courses. Engineer Specialist Certification
Integrating Business Applications with Network
Programmability for Cisco ACI (NPIBAACI)

Developing with Cisco Network Programmability Learn how to build applications for network environments and effectively Cisco Network Programmability
(NPDEV); bridge the gap between IT professionals and software developers. Developer Specialist Certification
Developing with Cisco Network Programmability
for Cisco ACI (NPDEVACI)

Designing with Cisco Network Programmability Learn how to expand your skill set from traditional IT infrastructure to Cisco Network Programmability
(NPDES); application integration through programmability. Design Specialist Certification
Designing with Cisco Network Programmability
for Cisco ACI (NPDESACI)

Implementing Cisco Network Programmability Learn how to implement and troubleshoot open IT infrastructure Cisco Network Programmability
(NPENG); technologies. Engineer Specialist Certification
Implementing Cisco Network Programmability
for Cisco ACI (NPENGACI)

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

DEVNET- 1002 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22