Network Virtualization: Enterprise Networking, Security, and Automation v7.0 (ENSA)

Network Virtualization
Enterprise Networking, Security, and Automation v7.0

(ENSA)
Module Objectives
Cloud Computing
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Cloud Computing
Video - Cloud and Virtualization
This video will cover the following:
• Data centers
• Cloud computing (SaaS, PaaS, and IaaS)
• Virtualization (Type 1 Hypervisor, Type 2 Hypervisor)
Cloud Computing
Cloud Overview
Cloud computing addresses a variety of data management issues:
• Enables access to organizational data anywhere and at any time
• Streamlines the organization’s IT operations by subscribing only to needed services
• Eliminates or reduces the need for onsite IT equipment, maintenance, and
management
• Reduces cost for equipment, energy, physical plant requirements, and personnel
training needs
• Enables rapid responses to increasing data volume requirements
Cloud Computing
Cloud Services
The three main cloud computing services defined by the National Institute of Standards
and Technology (NIST) in their Special Publication 800-145 are as follows:
• Software as a Service (SaaS) - The cloud provider is responsible for access to
applications and services that are delivered over the internet.
• Platform as a Service (PaaS) - The cloud provider is responsible for providing users
access to the development tools and services used to deliver the applications.
• Infrastructure as a Service (IaaS) - The cloud provider is responsible for giving IT
managers access to the network equipment, virtualized network services, and
supporting network infrastructure.
Cloud service providers have extended this model to also provide IT support for each of
the cloud computing services (ITaaS). For businesses, ITaaS can extend the capability of
the network without requiring investment in new infrastructure, training new personnel, or
licensing new software.
Cloud Computing
Cloud Models
There are four primary cloud models:
• Public clouds - Cloud-based applications and services made available to the general
population.
• Private clouds - Cloud-based applications and services intended for a specific
organization or entity, such as the government.
• Hybrid clouds - A hybrid cloud is made up of two or more clouds (example: part
private, part public), where each part remains a separate object, but both are
connected using a single architecture.
• Community clouds - A community cloud is created for exclusive use by a specific
community. The differences between public clouds and community clouds are the
functional needs that have been customized for the community. For example,
healthcare organizations must remain compliant with policies and laws (e.g., HIPAA)
that require special authentication and confidentiality.
Cloud Computing
Cloud Computing versus Data Center
These are the correct definitions of data center and cloud computing:
• Data center: Typically, a data storage and processing facility run by an in-house IT
department or leased offsite. Data centers are typically very expensive to build and
maintain.
• Cloud computing: Typically, an off-premise service that offers on-demand access to
a shared pool of configurable computing resources. These resources can be rapidly
provisioned and released with minimal management effort.
Data centers are the physical facilities that provide the compute, network, and storage
needs of cloud computing services. Cloud service providers use data centers to host their
cloud services and cloud-based resources.
Virtualization
Virtualization
Cloud Computing and Virtualization
• The terms “cloud computing” and
“virtualization” are often used
interchangeably; however, they mean
different things. Virtualization is the
foundation of cloud computing.
Without it, cloud computing, as it is
most-widely implemented, would not
be possible.
• Virtualization separates the operating
system (OS) from the hardware.
Various providers offer virtual cloud
services that can dynamically
provision servers as required. These
virtualized instances of servers are
created on demand.
Virtualization
Dedicated Servers
Historically, enterprise servers consisted of a
server OS, such as Windows Server or Linux
Server, installed on specific hardware. All of
a server’s RAM, processing power, and hard
drive space were dedicated to the service
provided (e.g., Web, email services, etc.).
• When a component fails, the service that is
provided by this server becomes unavailable.
This is known as a single point of failure.
• Dedicated servers were generally underused.
They often sat idle for long periods of time,
waiting until there was a need to deliver the
specific service they provide. These servers
wasted energy and took up more space than
was warranted by the amount of service
provided. This is known as server sprawl.
Virtualization
Server Virtualization
• Server virtualization takes advantage of idle
resources and consolidates the number of
required servers. This also allows for
multiple operating systems to exist on a
single hardware platform.
• The use of virtualization normally includes
redundancy to protect from a single point of
failure.
• The hypervisor is a program, firmware, or
hardware that adds an abstraction layer on
top of the physical hardware. The
abstraction layer is used to create virtual
machines which have access to all the
hardware of the physical machine such as
CPUs, memory, disk controllers, and NICs.
Virtualization
Advantages of Virtualization
One major advantage of virtualization is overall reduced cost:
• Less equipment is required
• Less energy is consumed
• Less space is required
These are additional benefits of virtualization:

• Easier prototyping
• Faster server provisioning
• Increased server uptime
• Improved disaster recovery
• Legacy support
Virtualization
Abstraction Layers
A computer system consists of the following abstraction layers: Services, OS, Firmware,
and Hardware.
• At each of these layers of abstraction, some type of programming code is used as an
interface between the layer below and the layer above.
• A hypervisor is installed between the firmware and the OS. The hypervisor can
support multiple instances of OSs.
Virtualization
Type 2 Hypervisors
• A Type 2 hypervisor is software that creates and runs VM instances. The computer,
on which a hypervisor is supporting one or more VMs, is a host machine. Type 2
hypervisors are also called hosted hypervisors.
• A big advantage of Type 2 hypervisors is that management console software is not
required.
Virtual Network Infrastructure
Type 1 Hypervisors
• Type 1 hypervisors are also called the “bare metal” approach because the hypervisor
is installed directly on the hardware. Type 1 hypervisors are usually used on
enterprise servers and data center networking devices.
• With Type 1 hypervisors, the hypervisor is installed directly on the server or
networking hardware. Then, instances of an OS are installed on the hypervisor, as
shown in the figure. Type 1 hypervisors have direct access to the hardware resources.
Therefore, they are more efficient than hosted architectures. Type 1 hypervisors
improve scalability, performance, and robustness.
Installing a VM on a Hypervisor
• Type 1 hypervisors require a “management console” to manage the hypervisor.
Management software is used to manage multiple servers using the same hypervisor.
The management console can automatically consolidate servers and power on or off
servers as required.
• The management console provides recovery from hardware failure. If a server
component fails, the management console automatically moves the VM to another
server. Cisco Unified Computing System (UCS) Manager controls multiple servers
and manages resources for thousands of VMs.
• Some management consoles also allow server over allocation. Over allocation is
when multiple OS instances are installed, but their memory allocation exceeds the
total amount of memory that a server has. Over allocation is a common practice
because all four OS instances rarely require the all their allocated resources at any
one moment.
The Complexity of Network Virtualization
• Server virtualization hides server resources. This
can create problems when using traditional
network architectures.
• VMs are movable, and the network administrator
must be able to add, drop, and change network
resources and profiles to support their mobility.
This process would be manual and time-
consuming with traditional network switches.
• Traffic flows differ from the traditional client-
server model. Typically, there is a considerable
amount of traffic being exchanged between
virtual servers (East-West traffic) that changes in
location and intensity over time. North-South
traffic is typically traffic destined for offsite
locations such as another data center, other
cloud providers, or the internet.
The Complexity of Network Virtualization (Cont.)
• Dynamic ever-changing traffic requires a flexible approach to network resource
management. Existing network infrastructures can respond to changing requirements
related to the management of traffic flows by using Quality of Service (QoS) and
security level configurations for individual flows. However, in large enterprises using
multivendor equipment, each time a new VM is enabled, the necessary
reconfiguration can be very time-consuming.
• The network infrastructure can also benefit from virtualization. Network functions can
be virtualized. Each network device can be segmented into multiple virtual devices
that operate as independent devices. Examples include subinterfaces, virtual
interfaces, VLANs, and routing tables. Virtualized routing is called virtual routing and
forwarding (VRF).
Software-Defined Networking
Video - Software-Defined Networking
• Network Programming
• SDN (Open Network Foundation, OpenFlow, and OpenStack)
• Controllers
Control Plane and Data Plane
A network device contains the following planes:
• Control plane - This is typically regarded as the brains of a device. It is used to make
forwarding decisions. The control plane contains Layer 2 and Layer 3 route forwarding
mechanisms, such as routing protocol neighbor tables and topology tables, IPv4 and
IPv6 routing tables, STP, and the ARP table. Information sent to the control plane is
processed by the CPU.
• Data plane - Also called the forwarding plane, this plane is typically the switch fabric
connecting the various network ports on a device. The data plane of each device is
used to forward traffic flows. Routers and switches use information from the control
plane to forward incoming traffic out the appropriate egress interface. Information in
the data plane is typically processed by a special data plane processor without the
CPU getting involved.
Control Plane and Data Plane (Cont.)
• CEF is an advanced, Layer 3 IP switching
technology that enables forwarding of
packets to occur at the data plane without
consulting the control plane.
• SDN is basically the separation of the
control plane and data plane. The control
plane function is removed from each
device and is performed by a centralized
controller. The centralized controller
communicates control plane functions to
each device. Each device can now focus
on forwarding data while the centralized
controller manages data flow, increases
security, and provides other services.
Control Plane and Data Plane (Cont.)
• The management plane is responsible for managing a device through its connection
to the network.
• Network administrators use applications such as Secure Shell (SSH), Trivial File
Transfer Protocol (TFTP), Secure FTP, and Secure Hypertext Transfer Protocol
(HTTPS) to access the management plane and configure a device.
• The management plane is how you have accessed and configured devices in your
networking studies. In addition, protocols like Simple Network Management Protocol
(SNMP), use the management plane.
Network Virtualization Technologies
Two major network architectures have been developed to support network virtualization:
• Software-Defined Networking (SDN) - A network architecture that virtualizes the
network, offering a new approach to network administration and management that
seeks to simplify and streamline the administration process.
• Cisco Application Centric Infrastructure (ACI) - A purpose-built hardware solution
for integrating cloud computing and data center management.
Network Virtualization Technologies (Cont.)
Components of SDN may include the following:
• OpenFlow - This approach was developed at Stanford University to manage traffic
between routers, switches, wireless access points, and a controller. The OpenFlow
protocol is a basic element in building SDN solutions.
• OpenStack - This approach is a virtualization and orchestration platform designed to
build scalable cloud environments and provide an IaaS solution. OpenStack is often
used with Cisco ACI. Orchestration in networking is the process of automating the
provisioning of network components such as servers, storage, switches, routers, and
applications.
• Other components - Other components include Interface to the Routing System
(I2RS), Transparent Interconnection of Lots of Links (TRILL), Cisco FabricPath (FP),
and IEEE 802.1aq Shortest Path Bridging (SPB).
Traditional and SDN Architectures
In a traditional router or switch architecture, the control plane and data plane functions
occur in the same device. Routing decisions and packet forwarding are the responsibility
of the device operating system. In SDN, management of the control plane is moved to a
centralized SDN controller. The figure compares traditional and SDN architectures.
Traditional and SDN Architectures (Cont.)
• The SDN controller is a logical entity that enables
network administrators to manage and dictate how the
data plane of switches and routers should handle
network traffic. It orchestrates, mediates, and facilitates
communication between applications and network
elements.
• The complete SDN framework is shown in the figure.
Note the use of Application Programming Interfaces
(APIs). An API is a standardized definition of the proper
way for an application to request services from another
application.
• The SDN controller uses northbound APIs to
communicate with the upstream applications, helping
network administrators shape traffic and deploy services.
The SDN controller uses southbound APIs to define the
behavior of the data planes on downstream switches
and routers. OpenFlow is a widely implemented
southbound API.
Controllers
Controllers
SDN Controller and Operations
• The SDN controller defines the
data flows between the
centralized control plane and the
data planes on individual routers
and switches.
• Each flow traveling through the
network must first get permission
from the SDN controller, which
verifies that the communication is
permissible according to the
network policy.
• All complex functions are
performed by the controller. The
controller populates flow tables.
Switches manage the flow tables.
Controllers
SDN Controller and Operations (Cont.)
Within each switch, a series of tables implemented in hardware or firmware are used to
manage the flows of packets through the switch. To the switch, a flow is a sequence of
packets that matches a specific entry in a flow table.
The three table types shown in the previous figure are as follows:
○ Flow Table - This table matches incoming packets to a particular flow and specifies the functions
that are to be performed on the packets. There may be multiple flow tables that operate in a
pipeline fashion.
○ Group Table - A flow table may direct a flow to a Group Table, which may trigger a variety of
actions that affect one or more flows.
○ Meter Table - This table triggers a variety of performance-related actions on a flow including the
ability to rate-limit the traffic.
Controllers
Video - Cisco ACI
• Very few organizations actually have the desire or skill to program the network using
SDN tools. However, the majority of organizations want to automate the network,
accelerate application deployments, and align their IT infrastructures to better meet
business requirements. Cisco developed the Application Centric Infrastructure (ACI)
to meet these objectives in more advanced and innovative ways than earlier SDN
approaches.
• Cisco ACI is a hardware solution for integrating cloud computing and data center
management. At a high level, the policy element of the network is removed from the
data plane. This simplifies the way data center networks are created.
Controllers
Core Components of ACI
There are three core components of the ACI architecture:
• Application Network Profile (ANP) - An ANP is a collection of end-point groups (EPG), their
connections, and the policies that define those connections.
• Application Policy Infrastructure Controller (APIC) - APIC is a centralized software controller

that manages and operates a scalable ACI clustered fabric. It is designed for programmability and
centralized management. It translates application policies into network programming.
• Cisco Nexus 9000 Series switches - These switches provide an application-aware switching
fabric and work with an APIC to manage the virtual and physical network infrastructure.
The APIC is positioned between the APN and the ACI-enabled network infrastructure. The
APIC translates the application requirements into a network configuration to meet those
needs.
Controllers
Core Components of ACI (Cont.)
Controllers
Spine-Leaf Topology
• The Cisco ACI fabric is composed of the
APIC and the Cisco Nexus 9000 series
switches using two-tier spine-leaf
topology, as shown in the figure. The leaf
switches attach to the spines, but they
never attach to each other. Similarly, the
spine switches only attach to the leaf and
core switches (not shown). In this two-
tier topology, everything is one hop from
everything else.
• When compared to SDN, the APIC
controller does not manipulate the data
path directly. Instead, the APIC
centralizes the policy definition and
programs the leaf switches to forward
traffic based on the defined policies.
Controllers
SDN Types
The Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM)
extends ACI aimed at enterprise and campus deployments. To better understand APIC-
EM, it is helpful to take a broader look at the three types of SDN:
• Device-based SDN: Devices are programmable by applications running on the device
itself or on a server in the network, as shown in the figure.
Controllers
SDN Types (Cont.)
Controller-based SDN: Uses a centralized controller that has knowledge of all devices in
the network, as shown in the figure. The applications can interface with the controller
responsible for managing devices and manipulating traffic flows throughout the network.
The Cisco Open SDN Controller is a commercial distribution of OpenDaylight.
Controllers
SDN Types (Cont.)
Policy-based SDN: Similar to controller-
based SDN where a centralized controller
has a view of all devices in the network,
as shown in the figure. Policy-based SDN
includes an additional Policy layer that
operates at a higher level of abstraction.
It uses built-in applications that automate
advanced configuration tasks via a
guided workflow and user-friendly GUI.
No programming skills are required.
Cisco APIC-EM is an example of this
type of SDN.
Controllers
APIC-EM Features
Cisco APIC-EM provides a single
interface for network management
including:
• Discovering and accessing device
and host inventories.
• Viewing the topology (as shown in
the figure).
• Tracing a path between end points.
• Setting policies.
Controllers
APIC-EM Path Trace
The APIC-EM Path Trace tool allows
the administrator to easily visualize
traffic flows and discover any
conflicting, duplicate, or shadowed
ACL entries. This tool examines
specific ACLs on the path between
two end nodes, displaying any
potential issues. You can see where
any ACLs along the path either
permitted or denied your traffic, as
shown in the figure. Notice how
Branch-Router2 is permit all traffic.
The network administrator can now
make adjustments, if necessary, to
better filter traffic.
Module Practice and Quiz
What Did I Learn In This Module?
• Cloud computing involves large numbers of computers connected through a network that can be
physically located anywhere. Cloud computing can reduce operational costs by using resources
more efficiently.
• The three main cloud computing services defined by the National Institute of Standards and
Technology (NIST) are Software as a Service (SaaS), Platform as a Service (PaaS), and
Infrastructure as a Service (IaaS).
• The four types of clouds are public, private, hybrid, and community.
• Virtualization is the foundation of cloud computing. Virtualization separates the operating
system (OS) from the hardware.
• Virtualization reduces costs because less equipment is required, less energy is consumed, and
less space is required. It provides for easier prototyping, faster server provisioning,
increased server uptime, improved disaster recovery, and legacy support.
• With Type 1 hypervisors, the hypervisor is installed directly on the server or networking
hardware. A Type 2 hypervisor is software that creates and runs VM instances. It can be
installed on top of the OS or can be installed between the firmware and the OS.
• Type 1 hypervisors are also called the “bare metal” approach because the hypervisor is
installed directly on the hardware. Type 1 hypervisors have direct access to the
hardware resources and are more efficient than hosted architectures. They improve
scalability, performance, and robustness.
• Type 1 hypervisors require a “management console” to manage the hypervisor.
• Server virtualization hides server resources, such as the number and identity of
physical servers, processors, and OSs from server users. This practice can create
problems if the data center is using traditional network architectures.
• Traffic flows in the data center differ substantially from the traditional client-server
model. Typically, a data center has a considerable amount of traffic being exchanged
between virtual servers (East-West traffic) and can change in location and intensity
over time. North-South traffic occurs between the distribution and core layers and is
typically traffic destined for offsite locations such as another data center, other
cloud providers, or the internet.
• Two major network architectures have been developed to support network virtualization:
Software-Defined Networking (SDN) and Cisco Application Centric Infrastructure (ACI).
• Components of SDN may include OpenFlow, OpenStack, and other components .
• A network device contains a control plane and a data plane. The control plane is regarded as
the brains of a device.
• SDN is basically the separation of the control plane and data plane. The control plane function
is removed from each device and is performed by a centralized controller
• The SDN controller is a logical entity that enables network administrators to manage and
dictate how the data plane of switches and routers should handle network traffic.
• The data plane, also called the forwarding plane, is typically the switch fabric connecting the
various network ports on a device, and is used to forward traffic flows.
• The management plane is responsible for managing a device through its connection to the
network.
• The SDN controller is a logical entity that enables network administrators to manage and
dictate how the data plane of switches and routers should handle network traffic.
• Cisco developed the Application Centric Infrastructure (ACI) which is more advanced and
innovative than earlier SDN approaches.
• Cisco ACI is a hardware solution for integrating cloud computing and data center management.
• At a high level, the policy element of the network is removed from the data plane. This
simplifies the way data center networks are created.
• The three core components of the ACI architecture are Application Network Profile (ANP),
Application Policy Infrastructure Controller (APIC), and Cisco Nexus 9000 Series switches.
• The Cisco ACI fabric is composed of the APIC and the Cisco Nexus 9000 series switches using
two-tier spine-leaf topology.
• When compared to SDN, the APIC controller does not manipulate the data path directly. Instead,
the APIC centralizes the policy definition and programs the leaf switches to forward traffic
based on the defined policies.
• There are three types of SDN: Device-based SDN, Controller-based SDN, and Policy-based SDN.
• Policy-based SDN includes an additional Policy layer that operates at a higher level of
abstraction. Policy-based SDN is the most robust, providing for a simple mechanism to control
and manage policies across the entire network.
• Cisco APIC-EM is an example of policy-based SDN. Cisco APIC-EM provides a single interface for
network management including discovering and accessing device and host inventories, viewing the
topology, tracing a path between end points, and setting policies.
• The APIC-EM Path Trace tool allows the administrator to easily visualize traffic flows and
discover any conflicting, duplicate, or shadowed ACL entries. This tool examines specific ACLs
on the path between two end nodes, displaying any potential issues.
Module 13: Network Virtualization
New Terms and Commands
● cloud computing ▪ management plane
● Software as a Service (SaaS) ▪ Cisco Application Centric
● Platform as a Service (PaaS) Infrastructure (ACI)
● Infrastructure as a Service (IaaS) ▪ OpenFlow
● IT as a Service (ITaaS) ▪ OpenStack
● public clouds ▪ Application Network Profile (ANP)
● private clouds ▪ Application Policy Infrastructure
● hybrid clouds Controller (APIC)
▪ spin-leaf topology
● community clouds
▪ device-based SDN
● virtualization
▪ controller-based SDN
● abstraction layers
▪ policy-based SDN
● type 1 hypervisor
▪ Application Policy Infrastructure
● type 2 hypervisor Controller - Enterprise Module
● bare metal server (APIC-EM)
● software-defined networking ▪ APIC-EM path trace
● control plane
● data plane
Network Automation
Enterprise Networking, Security, and Automation v7.0

(ENSA)
Module Objectives
Automation Overview
Automation Overview
Video - Automation Everywhere
We now see automation everywhere, from self-serve checkouts at stores and automatic
building environmental controls, to autonomous cars and planes. How many automated
systems do you encounter in a single day?
Automation Overview
The Increase in Automation
These are some of the benefits of automation:
• Machines can work 24 hours a day without breaks, which results in greater output.
• Machines provide a more uniform product.
• Automation allows the collection of vast amounts of data that can be quickly analyzed
to provide information which can help guide an event or process.
• Robots are used in dangerous conditions such as mining, firefighting, and cleaning up
industrial accidents. This reduces the risk to humans.
• Under certain circumstances, smart devices can alter their behavior to reduce energy
usage, make a medical diagnosis, and improve automobile driving safety.
Automation Overview
Thinking Devices
• Many devices now incorporate smart technology to help to govern their behavior. This
can be as simple as a smart appliance lowering its power consumption during periods
of peak demand or as complex as a self-driving car.
• Whenever a device takes a course of action based on an outside piece of information,
then that device is referred to as a smart device. Many devices that we interact with
now have the word smart in their names. This indicates that the device has the ability
to alter its behavior depending on its environment.
• In order for devices to “think”, they need to be programmed using network automation
tools.
Data Formats
Data Formats
Video - Data Formats
This video covers the following:
• HTML
• XML
• JSON
• YAML
Data Formats
The Data Formats Concept
• Data formats are simply a way to store and exchange data in a structured format. One
such format is called Hypertext Markup Language (HTML). HTML is a standard
markup language for describing the structure of web pages.
• These are some common data formats that are used in many applications including
network automation and programmability:
• JavaScript Object Notation (JSON)
• eXtensible Markup Language (XML)
• YAML Ain’t Markup Language (YAML)

• The data format that is selected will depend on the format that is used by the
application, tool, or script that you are using. Many systems will be able to support
more than one data format, which allows the user to choose their preferred one.
Data Formats
Data Format Rules
Data formats have rules and structure similar to what we have with programming and
written languages. Each data format will have specific characteristics:
• Syntax, which includes the types of brackets used, such as [ ], ( ), { }, the use of white
space, or indentation, quotes, commas, and more.
• How objects are represented, such as characters, strings, lists, and arrays.
• How key/value pairs are represented. The key is usually on the left side and it
identifies or describes the data. The value on the right is the data itself and can be a
character, string, number, list or another type of data.
Data Formats
Compare Data Formats
message: success
timestamp: 1560789260
iss_position:
{ latitude: '25.9990’
"message": "success", longitude: '-
"timestamp": 1560789260, 132.6992'
"iss_position": { YAML Format
"latitude": <?xml version="1.0" encoding="UTF-8" ?>
"25.9990", <root>
"longitude": "-132.6992" <message>success</message>
} <timestamp>1560789260</timestamp>
} JSON Format <iss_position>
<latitude>25.9990</latitude>
<longitude>-132.6992</longitude>
</iss_position>
</root>
XML Format
Data Formats
JSON Data Format
• JSON is a human readable data format used by applications for storing, transferring
and reading data. JSON is a very popular format used by web services and APIs to
provide public data. This is because it is easy to parse and can be used with most
modern programming languages, including Python.
Data Formats
JSON Data Format (Cont.)
GigabitEthernet0/0/0 is up, line protocol is up (connected)
Description: Wide Area Network
Internet address is 172.16.0.2/24
{
"ietf-interfaces:interface": {
Compare the IOS output "name": "GigabitEthernet0/0/0",
above to the output in "description": "Wide Area Network”,
JSON format. Notice that "enabled": true,
"ietf-ip:ipv4": {
each object (each
"address": [
key/value pair) is a {
different piece of data "ip": "172.16.0.2",
about the interface "netmask": "255.255.255.0"
including its name, a }
description, and whether ]
the interface is enabled. }
}
}
Data Formats
JSON Syntax Rules
These are some of the characteristics of JSON:
• It uses a hierarchical structure and contains nested values.
• It uses braces { } to hold objects and square brackets [ ] hold arrays.
• Its data is written as key/value pairs.
With JSON, the data known as an object is one or more key/value pairs enclosed in
braces { }. The syntax for a JSON object includes:
• Keys must be strings within double quotation marks " ".
• Values must be a valid JSON data type (string, number, array, Boolean, null, or
another object).
• Keys and values are separated by a colon.
• Multiple key/value pairs within an object are separated by commas.
• White space is not significant.
Data Formats
JSON Syntax Rules (Cont.)
At times a key may contain more than one value. This is known as an array. An array in
JSON is an ordered list of values. Characteristics of arrays in JSON include:
• The key followed by a colon and a list of values enclosed in square brackets [ ].
• The array is an ordered list of values.
• The array can contain multiple value types including a string, number, Boolean, object
or another array inside the array.
• Each value in the array is separated by a comma.
Data Formats
JSON Syntax Rules (Cont.)
For example, a list of IPv4 {
addresses might look like the "addresses": [
following output. The key is {
“addresses”. Each item in the list is "ip": "172.16.0.2",
a separate object, separated by "netmask": "255.255.255.0"
braces { }. The objects are two },
key/value pairs: an IPv4 address {
(“ip”) and a subnet mask "ip": "172.16.0.3",
(“netmask”) separated by a comma. "netmask": "255.255.255.0"
The array of objects in the list is },
also separated by a comma {
following the closing brace for each "ip": "172.16.0.4",
object. "netmask": "255.255.255.0"
}
]
}
Data Formats
YAML Data Format
YAML is another type of human readable data format used by applications for storing,
transferring, and reading data. Some of the characteristic of YAML include:
• It is like JSON and is considered a superset of JSON.
• It has a minimalist format making it easy to both read and write.
• It uses indentation to define its structure, without the use of brackets or commas.
Data Formats
YAML Data Format (Cont.)
{
"ietf-interfaces:interface": { • IOS output in JSON is to the left. The same data
"name": "GigabitEthernet2", in YAML format is below. It is easier to read.
"description": "Wide Area Network", • Similar to JSON, a YAML object is one or more
"enabled": true, key value pairs. Key value pairs are separated
"ietf-ip:ipv4": {
"address": [
by a colon without the use of quotation marks. In
{ YAML, a hyphen is used to separate each
"ip": "172.16.0.2", element in a list.
"netmask": "255.255.255.0"
}, ietf-interfaces:interface:
{ name: GigabitEthernet2
"ip": "172.16.0.3", description: Wide Area Network
"netmask": "255.255.255.0" enabled: true
}, ietf-ip:ipv4:
{ address:
"ip": "172.16.0.4", - ip: 172.16.0.2
"netmask": "255.255.255.0" netmask: 255.255.255.0
} - ip: 172.16.0.3
] netmask: 255.255.255.0
} - ip: 172.16.0.4
} netmask: 255.255.255.0
}
Data Formats
XML Data Format
XML is one more type of human readable data format used to store, transfer, and read
data by applications. Some of the characteristics of XML include:
• It is like HTML , which is the standardized markup language for creating web pages
and web applications.
• It is self-descriptive. It encloses data within a related set of tags: <tag>data</tag>
• Unlike HTML, XML uses no predefined tags or document structure.
XML objects are one or more key/value pairs, with the beginning tag used as the name of
the key: <key>value</key>
Data Formats
XML Data Format (Cont.)
<?xml version="1.0" encoding="UTF-8" ?>
The output shows the same data for <ietf-interfaces:interface>
<name>GigabitEthernet2</name>
GigabitEthernet2 formatted as an <description>Wide Area Network</description>
XML data structure. Notice how the <enabled>true</enabled>
values are enclosed within the object <ietf-ip:ipv4>
<address>
tags. In this example, each key/value <ip>172.16.0.2</ip>
pair is on a separate line and some <netmask>255.255.255.0</netmask>
lines are indented. This is not </address>
<address>
required but is done for readability. <ip>172.16.0.3</ip>
The list uses repeated instances <netmask>255.255.255.0</netmask>
of <tag></tag> for each element in </address>
<address>
the list. The elements within these <ip>172.16.0.4</ip>
repeated instances represent one or <netmask>255.255.255.0</netmask>
more key/value pairs. </address>
</ietf-ip:ipv4>
</ietf-interfaces:interface>
APIs
APIs
Video - APIs
• Define API
• See examples of popular APIs:
• SOAP
• REST
• NETCONF
• RESTCONF
• Execute an API call in a browser and in Postman.
APIs
The API Concept
• An API is software that allows other applications to access its data or services. It is a
set of rules describing how one application can interact with another, and the
instructions to allow the interaction to occur. The user sends an API request to a
server asking for specific information and receives an API response in return from the
server along with the requested information.
• An API is similar to a waiter in a restaurant, as shown in the following figure.
APIs
An API Example
To really understand how APIs
can be used to provide data
and services, we will look at
two options for booking airline
reservations. The first option
uses the web site of a specific
airline. Using the airline’s web
site, the user enters the
information to make a
reservation request. The web
site interacts directly with the
airline’s own database and
provides the user with
information matching the
user’s request.
APIs
An API Example (Cont.)
A travel site can access this same
information, not only from a specific
airline but a variety of airlines. In this
case, the user enters in similar
reservation information. The travel
service web site interacts with the
various airline databases using APIs
provided by each airline. The travel
service uses each airline API to request
information from that specific airline,
and then it displays the information from
all the airlines on the its web page.
The API acts as a kind of messenger
between the requesting application and
the application on the server that
provides the data or service. The
message from the requesting
application to the server where the data
resides is known as an API call.
APIs
Open, Internal, and Partner APIs
An important consideration when developing an API is the distinction between open,
internal, and partner APIs:
• Open APIs or Public APIs - These APIs are publicly available and can be used with
no restrictions. Because these APIs are public, many API providers require the user to
get a free key, or token, prior to using the API. This is to help control the number of
API requests they receive and process.
• Internal or Private APIs - These are APIs that are used by an organization or
company to access data and services for internal use only. An example of an internal
API is allowing authorized salespeople access to internal sales data on their mobile
devices.
• Partner APIs - These are APIs that are used between a company and its business
partners or contractors to facilitate business between them. The business partner
must have a license or other form of permission to use the API. A travel service using
an airline’s API is an example of a partner API.
APIs
Types of Web Service APIs
A web service is a service that is available over the internet, using the World Wide Web.
There are four types of web service APIs:
• Simple Object Access Protocol (SOAP)
• Representational State Transfer (REST)
• eXtensible Markup Language-Remote Procedure Call (XML-RPC)
• JavaScript Object Notation-Remote Procedure Call (JSON-RPC)
Characteristic SOAP REST XML-RPC JSON-RPC
JSON, XML, YAML,
Data Format XML XML JSON
and others
First released 1998 2000 1998 2005
Flexible formatting and Well-established,
Strengths Well-established Simplicity
most widely used simplicity
REST
Video - REST
This video covers the following:
• Execute a REST API request
• Web browser - HTTP
• Command Line - CURL
• Application - Postman
• Programming Language - Python, Javascript, Ruby, and more
REST and RESTful API
• Web browsers use HTTP or HTTPS to request (GET) a web page. If successfully
requested (HTTP status code 200), web servers respond to GET requests with an
HTML coded web page.
• Simply stated, a REST API is an API that works on top of the HTTP protocol. It
defines a set of functions developers can use to perform requests and receive
responses via HTTP protocol such as GET and POST.
• Conforming to the constraints of the REST architecture is generally referred to as
being “RESTful”. An API can be considered “RESTful” if it has the following features:
• Client-Server - The client handles the front end and the server handles the back end. Either can
be replaced independently of the other.
• Stateless - No client data is stored on the server between requests. The session state is stored
on the client.
• Cacheable - Clients can cache responses to improve performance.

RESTful Implementation
A RESTful web service is implemented using HTTP. It is a collection of resources with four defined aspects:
• The base Uniform Resource Identifier (URI) for the web service, such as http://example.com/resources.
• The data format supported by the web service. This is often JSON, YAML, or XML but could be any other data
format that is a valid hypertext standard.
• The set of operations supported by the web service using HTTP methods.
• The API must be hypertext driven.

RESTful APIs use common HTTP methods including POST, GET, PUT, PATCH and DELETE. As shown in the
following table, these correspond to RESTful operations: Create, Read, Update, and Delete (or CRUD).
HTTP Method RESTful Operation

POST Create
GET Read
PUT/PATCH Update
DELETE Delete
URI, URN, and URL
Web resources and web services such as RESTful APIs are identified using a URI. A URI
is a string of characters that identifies a specific network resource. A URI has two
specializations:
• Uniform Resource Name (URN) - identifies only the namespace of the resource (web page,
document, image, etc.) without reference to the protocol.
• Uniform Resource Locator (URL) - defines the network location of a specific resource. HTTP or
HTTPS URLs are typically used with web browsers. Protocols such as FTP, SFTP, SSH, and
others can use a URL. A URL using SFTP might look like: sftp://sftp.example.com.
These are the parts of the URI https://www.example.com/author/book.html#page155 :
• Protocol/scheme – HTTPS or other protocols such as FTP, SFTP, mailto, and NNTP
• Hostname - www.example.com
• Path and file name - /author/book.html
• Fragment - #page155
Anatomy of a RESTful Request
• In a RESTful Web service, a request made to a resource's URI will elicit a response.
The response will be a payload typically formatted in JSON, but could be HTML, XML,
or some other format. The figure shows the URI for the MapQuest directions API. The
API request is for directions from San Jose, California to Monterey, California.
Anatomy of a RESTful Request (Cont.)
These are the different parts of the API request:
• API Server - This is the URL for the server that answers REST requests. In this example it is the MapQuest
API server.
• Resources - Specifies the API that is being requested. In this example it is the MapQuest directions API.
• Query - Specifies the data format and information the client is requesting from the API service. Queries can
include:
○ Format – This is usually JSON but can be YAML or XML. In this example JSON is requested.
○ Key - The key is for authorization, if required. MapQuest requires a key for their directions API. In the
above URI, you would need to replace “KEY” with a valid key to submit a valid request.
○ Parameters - Parameters are used to send information pertaining to the request. In this example, the
query parameters include information about the directions that the API needs so it knows what
directions to return: "from=San+Jose,Ca" and "to=Monterey,Ca".
Anatomy of a RESTful Request (Cont.)
Many RESTful APIs, including public APIs, require a key. The key is used to identify the
source of the request. Here are some reasons why an API provider may require a key:
• To authenticate the source to make sure they are authorized to use the API.
• To limit the number of people using the API.
• To limit the number of requests per user.
• To better capture and track the data being requested by users.
• To gather information on the people using the API.

Note: The MapQuest API does require a key. Search the internet for the URL to obtain a
MapQuest key. Use the search parameters: developer.mapquest. You can also search
the internet for the current URL that outlines the MapQuest privacy policy.
RESTful API Applications
• Many web sites and applications use APIs to access information and provide service for their customers.
• Some RESTful API requests can be made by typing in the URI from within a web browser. The MapQuest
directions API is an example of this. A RESTful API request can also be made in other ways.
• Developer Web Site: Developers often maintain web sites that include information about the API, parameter
information, and usage examples. These sites may also allow the user to perform the API request within the
developer web page by entering in the parameters and other information.
• Postman: Postman is an application for testing and using REST APIs. It contains everything required for
constructing and sending REST API requests, including entering query parameters and keys.
• Python: APIs can also be called from within a Python program. This allows for possible automation,
customization, and App integration of the API.
• Network Operating Systems: Using protocols such as NETCONF (NET CONFiguration) and RESTCONF,
network operating systems are beginning to provide an alternative method for configuration, monitoring, and
management.
Configuration Management
Tools
Configuration Management Tools
Video - Configuration Management Tools
• Compare configuration management tools including Ansible, Puppet, Chef and
SaltStack.
• Review plays, tasks, modules, parameters, and variables in a sample playbook
Traditional Network Configuration
Network devices have
traditionally been
configured by a network
administrator using the
CLI. Whenever there is
a change or new
feature, the necessary
configuration
commands must be
manually entered on all
of the appropriate
devices. This becomes
a major issue on larger
networks or with more
complex configurations.
Traditional Network Configuration
Simple Network Management Protocol
(SNMP) lets administrators manage
nodes on an IP network. With a
network management station (NMS),
network administrators use SNMP to
monitor and manage network
performance, find and solve network
problems, and perform queries for
statistics. SNMP is not typically used
for configuration due to security
concerns and difficulty in
implementation.
You can also use APIs to automate the
deployment and management of
network resources. Instead of manually
configuring ports, access lists, QoS,
and load balancing policies, you can
use tools to automate configurations.
Network Automation
We are rapidly moving away from a world
where a network administrator manages a
few dozen network devices, to one where
they are deploying and managing a great
number of complex network devices (both
physical and virtual) with the help of
software. This transformation is quickly
spreading to all places in the network. There
are new and different methods for network
administrators to automatically monitor,
manage, and configure the network. These
include protocols and technologies such as
REST, Ansible, Puppet, Chef, Python,
JSON, XML, and more.
Configuration management tools make use of RESTful API requests to automate tasks
and can scale across thousands of devices. These are some characteristics of the
network that administrators benefit from automating:
• Software and version control
• Device attributes such as names, addressing, and security
• Protocol configurations
• ACL configurations
Configuration management tools typically include automation and orchestration.
Automation is when a tool automatically performs a task on a system. Orchestration is the
arranging of the automated tasks that results in a coordinate process or workflow.
Configuration Management Tools (Cont.)
There are several tools available to make configuration management easier:
• Ansible
• Chef
• Puppet
• SaltStack
The goal of all of these tools is to reduce the complexity and time involved in configuring
and maintaining a large-scale network infrastructure with hundreds, even thousands of
devices. These same tools can benefit smaller networks as well.
Compare Ansible, Chef, Puppet, and SaltStack
Ansible, Chef, Puppet, and SaltStack all come with API documentation for configuring
RESTful API requests. All of them support JSON and YAML as well as other data
formats. The following table shows a summary of a comparison of major characteristics of
Ansible, Puppet, Chef, and SaltStack configuration management tools.
IBN and Cisco DNA Center
Video - Intent-Based Networking
• You have learned of the many tools and software that can help you automate your
network. Intent-Based Networking (IBN) and Cisco Digital Network Architecture (DNA)
Center can help you bring it all together to create an automated network.
• Play the video by Cisco’s John Apostolopoulos and Anand Oswal explaining how
artificial intelligence and intent-based networking (IBN) can improve networks.
Intent-Based Networking Overview
• IBN is the emerging industry model for the next generation of networking. IBN builds
on Software-Defined Networking (SDN), transforming a hardware-centric and manual
approach to designing and operating networks to one that is software-centric and fully
automated.
• Business objectives for the network are expressed as intent. IBN captures business
intent and uses analytics, machine learning, and automation to align the network
continuously and dynamically as business needs change.
• IBN captures and translates business intent into network policies that can be
automated and applied consistently across the network.
Intent-Based Networking Overview (Cont.)
Cisco views IBN as having three essential functions: translation, activation, and
assurance. These functions interact with the underlying physical and virtual infrastructure,
as shown in the figure.
Translation - The translation function enables the
network administrator to express the expected
networking behavior that will best support the
business intent.
Activation - The captured intent then needs to be
interpreted into policies that can be applied across
the network. The activation function installs these
policies into the physical and virtual network
infrastructure using networkwide automation.
Assurance - In order to continuously check that the
expressed intent is honored by the network at any
point in time, the assurance function maintains a
continuous validation-and-verification loop.
Network Infrastructure as Fabric
• From the perspective of IBN, the physical and
virtual network infrastructure is a fabric; an
overlay that represents the logical topology
used to virtually connect to devices. The
overlay limits the number of devices the
network administrator must program and
provides services and alternative forwarding
methods not controlled by the underlying
physical devices.
• The overlay is where encapsulation protocols
like IPsec and CAPWAP occur. Using an IBN
solution, the network administrator can use
policies to specify exactly what happens in the
overlay control plane. Notice that how the
switches are physically connected is not a
concern of the overlay.
Network Infrastructure as Fabric (Cont.)
The underlay network is the
physical topology that includes
all hardware required to meet
business objectives. The
underlay reveals additional
devices and specifies how these
devices are connected. End
points, such as the servers in
the figure, access the network
through the Layer 2 devices.
The underlay control plane is
responsible for simple
forwarding tasks.
Cisco Digital Network Architecture (DNA)
Cisco implements the IBN fabric
using Cisco DNA. The business
intent is securely deployed into the
network infrastructure (the fabric).
Cisco DNA then continuously
gathers data from a multitude of
sources (devices and applications)
to provide a rich context of
information. This information can
then be analyzed to make sure the
network is performing securely at its
optimal level and in accordance with
business intent and network
policies.
Cisco Digital Network Architecture (DNA) (Cont.)
Cisco Digital Network Architecture (DNA) (Cont.)
Cisco DNA Center
• Cisco DNA Center is the foundational controller and analytics platform at the heart of
Cisco DNA. It supports the expression of intent for multiple use cases, including basic
automation capabilities, fabric provisioning, and policy-based segmentation in the
enterprise network. Cisco DNA Center is a network management and command
center for provisioning and configuring network devices. It is a hardware and software
platform providing a ‘single-pane-of-glass’ (single interface) that focuses on
assurance, analytics, and automation.
• The DNA Center interface launch page gives you an overall health summary and
network snapshot. From here, the network administrator can quickly drill down into
areas of interest.
Cisco DNA Center (Cont.)
At the top, menus provide you access to DNA Center’s five main areas. As shown in the
figure, these are:
• Design - Model your entire network, from sites and buildings to devices and links, both physical
and virtual, across campus, branch, WAN, and cloud.
• Policy - Use policies to automate and simplify network management, reducing cost and risk while
speeding rollout of new and enhanced services.
• Provision - Provide new services to users with ease, speed, and security across your enterprise
network, regardless of network size and complexity.
• Assurance - Use proactive monitoring and insights from the network, devices, and applications to
predict problems faster and ensure that policy and configuration changes achieve the business
intent and the user experience you want.
• Platform - Use APIs to integrate with your preferred IT systems to create end-to-end solutions and
add support for multi-vendor devices.
Video - DNA Center Overview and Platform APIs
This video is an overview of the Cisco DNA Center GUI. It includes
design, policy, provision, and assurance tools used to control multiple
sites and multiple devices.
Video - DNA Center Design and Provision
This video is an overview of the Cisco DNA Center design and provision areas where you
can add new devices and update existing devices.
Video - DNA Center Policy and Assurance
This video explains the Cisco DNA Center policy and assurance areas. The policy area
enables you to create policies that reflect your organization’s business intent and deploy
them across networks and devices. Assurance provides you with an interface to quickly
view and troubleshoot devices connected to the network.
Video - DNA Center Troubleshooting User Connectivity
This video explains how to use Cisco DNA Center to troubleshoot devices.
Module 14 : Network Automation
New Terms and Commands
How to be a Network Engineer in a
Programmable Age
Network Programmability Basics/Introduction/How to be a Network Engineer in a Programmable Age

Topics to Cover
• The Network Engineer of Old
The Network Engineer Evolves
• The Four Ages of
Networking
• Cloud to the Rescue rtr$ conf t
• Today’s Network Engineer

• Network Programmability
Basics Course
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Network Engineer of Old
©
2
0
1
7
C
i
s
c
o
Meet Carl the Network Engineer
a
n
d
/
o
● Networking Skills
•
r
i
t
Spanning-Tree
s
a • Routing Protocols
•
f
f
i
QoS
l
i • VPN Design
•
a
t
e
Spanning-Tree
s
.
Programming Skills • VOIP
•
A
l
Fibre Channel
•
l
r
i
TCL • Security Policy
g
h • EEM • MPLS
•
t
s
r
Expect Scripts • Spanning-Tree
•
e
s
e
Did I mention Spanning-
r
v Tree?
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
The Network…
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
The Network…
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
The Network…
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
The Network…
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
The Network…
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
The Network…
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
The OSI Model of Networking…

2
0
1
7
C
i
s
c
o
a
L7: Application
Please don’t ask
n
d
/
o
r
about this…
i
t
s
L6: Presentation
a
f
f
i
l
i
L5: Session
a
t
e
s
.
A
L4: Transport Oh Yeah…We Got
l
l
r
i
g
h
t
L3: Network this
s
r
e
s
e
r
v
L2: Data Link
e
d
.
C
Black Magic
i
s
L1: Physical
c
o
C
o
n
The Four Ages of
Networking
©
2
0
1
7
C
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
Stone Age
f
i Spanning Tree
l
i
a VLANs
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
The Four Ages of Networking…..

C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
a
n
d
/
o
r
i
t
s
a Stone Age Bronze Age
f
f
Spanning Tree Routing Protocols
i
l
i
VLANs WAN Design
a
t
e IP-magedon
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.

C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
a
n
d
/
o
r
i
t
s
a Stone Age Bronze Age The Renaissance
f
f
Spanning Tree Routing Protocols SDN
i
l
i
VLANs WAN Design OpenFlow
a
t
e IP-magedon Controllers
s
.
A Overlays
l
l
r MP-BGP
i
g
h VXLAN
t
s
r Micro-Segmentation
e
s
e White Box
r
v
e
d
.

C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
a
n
d
/
o
r
i
t
s
a Stone Age Bronze Age The Renaissance Programmable Age
f
f
Spanning Tree Routing Protocols SDN Cloud
i
l
i
VLANs WAN Design OpenFlow Python
a
t
e IP-magedon Controllers REST / APIs
s
.
A Overlays NETCONF / YANG
l
l
r MP-BGP “Fabrics”
i
g
h VXLAN Network Function
t
s
Micro-Segmentation Virtualization (NFV)
r
e
s
White Box DevOps
e
r
v Containers
e
d
.

C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
Internet of Things Tech Unicorns

c
o
a
n
App Economy
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e User Expectations and If it isn’t connected, don’t Low barrier of entry for
bother…
s
e
r
Agility disruptors
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
The Cloud You Plan to
a
n
d
/
Build
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
The Cloud You Plan to
a
n
d
/
Build
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
The Cloud You End
Up With
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
Today’s Network Engineer
©
2
0
Carl’s 3 Step Approach to Network Programmability

1
7
C
i
s
c
o
a
n
d
/
o
r
Phase 1 Phase 2 Phase 3
i
t
s
a
• Python • Linux Skills • Linux Networking
f
f
i
• REST APIs • Ansible • Container Networking
l
i
a
• JSON/XML • Docker • NFV
t
e
s
• git/GitHub • NETCONF/YANG
.
A
l
l
r
As Needed
i
•
g
h
t
Network Controllers
•
s
r
e
IOT Networking
•
s
e
r
Cloud Networking
•
v
e
d
NFV
• ”DevOps”
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s Carl has Embraced Programmability!
c
o
a
(and got himself a new shirt)
n
d
/
o
r
i
“New” Networking Stuff

t
s
a
f
Core Programming
f
i
l
i
• Python • Network Controllers
a
t
e
• REST APIs • NETCONF/YANG
s
.
A
• JSON/XML • Container Networking
l
l
r
• Linux Skills • Cloud Networking
i
g
h
• Ansible • Linux Networking
t
s
(Puppet/Chef/etc) • IOT Networking
r
e
s
• git/GitHub • NFV
e
r
v
• Docker
e
d
.
• ”DevOps”
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
Self-Study This Week - Session 2 and 4
13
Introduction to API and python
warm up
Network Programmability Basics/Introduction/How to be a Network Engineer in a Programmable Age

Preparation Tips => Linux
Preparation Tips => Python
Python Warming Up
Python Warming Up (2)
VARIABLE in PYTHON
equal sign = (Refer to it later in the code)
Python experiments
Make Geopy run using different tools:

- Jupyter Notebook https://jupyter.org/install
- Python IDLE
- Visual studio code
- different tools in DEVASC-VM
Github
https://github.com/wleppens/PythonExperiments
How To Install PIP to Manage Python Packages
On Windows
https://phoenixnap.com/kb/install-pip-windows
Understanding and Using APIs
REST web service APIs
A REST web service API (REST API) is a
programming interface that communicates over
HTTP while adhering to the principles of the
REST architectural style
Since REST APIs communicate over HTTP, they use

the same concepts as the HTTP protocol, such
as:
HTTP requests/responses
HTTP verbs
HTTP status codes
HTTP headers/body
Understanding and Using APIs
REST web service APIs
A REST web service API (REST API) is a
Request/reponses programming interface that communicates over
HTTP while adhering to the principles of the
Verbs REST architectural style
Get – download
Post – add new date (insert) Since REST APIs communicate over HTTP, they use
Put – update the same concepts as the HTTP protocol, such
Delete as:
Status codes HTTP

HTTP
requests/responses
verbs
4xx – user error
5xx – server error HTTP status codes
HTTP headers/body
Headers/body
headers – metadata (format html, json…)
body – information/payload
TOOL : Postman (learning tool for API)
learn how to :
- to use API
- to create headers
- to see bodies
curl
Curl is a command-line tool for transferring
data specified with URL syntax. It can be used
to execute http and other commands from the
command line
curl Manual
● https://curl.haxx.se/docs/manual.html
curl
Curl is a command-line tool for transferring
data specified with URL syntax. It can be used
to execute http and other commands from the
command line
curl Manual
● https://curl.haxx.se/docs/manual.html
STATEMENTS:
It can do the same thing as a browser!
The response is the same, but the response is in text format.
Text format is necessary for Automation!
What can be done with CURL can also be done with Python!
Curl supports user: pass or custom headers

School Library API => authentication + API + curl
– documentation technology
School Library API => swagger - Standard for Interactive documentation
VERBS – API developer will choose and define

School Library API => swagger
School Library API => swagger
GET!
JSON OUTPUT:
JSON OUTPUT via CURL - Visual Studio Code:
Save your CURL script first and RUN it! - Visual Studio Code:
bash script (Linux) : shell script (extention .sh)
Is your Curl script executable?
Executable : chmod +x *.sh
Not Executable :
chmod -x *.sh
Run your curl script!
./ from current directory

Add my book – Very good very nice
https://www.youtube.com/watch?v=ij8yy-7EQ2Y
API key required!
API Security is in the header!
Add API Token and add a book:
Security - Authentication is in the header!!!

Delete a book:
Delete a book with a bash script using variables:
In a Bash script NO spaces!!

$ is used to refer to variables (Unix)
Add and delete books with Python Rest API:
4.5.5 - Lab - Explore REST APIs with API Simulator

and Postman
School Library AP- more books
School Library API => Python script add books
#!/usr/bin/env python3
# PREPARE
import requests
import json
from faker import Faker
APIHOST = "http://library.demo.local"
LOGIN = "cisco"
PASSWORD = "Cisco123!"
School Library API => Python script (2)
def getAuthToken():
authCreds = (LOGIN, PASSWORD)
r = requests.post(
f"{APIHOST}/api/v1/loginViaBasic",
auth = authCreds
)
if r.status_code == 200:
return r.json()["token"]
else:
raise Exception(f"Status code {r.status_code} and text {r.text}, while trying to Auth.")
def addBook(book, apiKey):
r = requests.post(
f"{APIHOST}/api/v1/books",
headers = {
"Content-type": "application/json",
"X-API-Key": apiKey
},
data = json.dumps(book)
)
if r.status_code == 200:
print(f"Book {book} added.")
else:
raise Exception(f"Error code {r.status_code} and text {r.text}, while trying to add book {book}.")
# EXECUTE
# Get the Auth Token Key

apiKey = getAuthToken()
# Using the faker module, generate random "fake" books

fake = Faker()
for i in range(90, 100):
fakeTitle = fake.catch_phrase()
fakeAuthor = fake.name()
fakeISBN = fake.isbn13()
book = {"id":i, "title": fakeTitle, "author": fakeAuthor, "isbn": fakeISBN}
# add the new random "fake" book using the API
addBook(book, apiKey)
School Library API => RUN Python script (5)
# OUTPUT
devasc@labvm:~/labs/devnet-src/school-library$ python3 /home/devasc/labs/devnet-src/school-library/add100RandomBooks.py

Book {'id': 90, 'title': 'Enhanced multi-state matrices', 'author': 'James Robertson', 'isbn': '978-0-929666-93-8'} added.
Book {'id': 91, 'title': 'Devolved transitional hardware', 'author': 'Harold Fleming', 'isbn': '978-1-895623-50-5'} added.
Book {'id': 92, 'title': 'Advanced full-range definition', 'author': 'Angela Graham', 'isbn': '978-0-07-406191-6'} added.
Book {'id': 93, 'title': 'Operative methodical standardization', 'author': 'Barry Brown', 'isbn': '978-1-377-88589-6'} added.
Book {'id': 94, 'title': 'Implemented stable ability', 'author': 'Aaron Rosario', 'isbn': '978-0-576-88757-1'} added.
Book {'id': 95, 'title': 'Vision-oriented grid-enabled paradigm', 'author': 'Andrew Keith', 'isbn': '978-0-635-80731-1'} added.
Book {'id': 96, 'title': 'Enhanced asymmetric Local Area Network', 'author': 'Hector Hill', 'isbn': '978-1-05-626907-8'} added.
Book {'id': 97, 'title': 'Advanced transitional groupware', 'author': 'Michael Williams', 'isbn': '978-0-301-07348-4'} added.
Book {'id': 98, 'title': 'Cloned explicit frame', 'author': 'Jason Allen', 'isbn': '978-0-7508-4310-2'} added
Book {'id': 99, 'title': 'Synergistic holistic budgetary management', 'author': 'Brianna Campbell', 'isbn': '978-1-242-90439-4'} added
Explore Python
Python review installation
python3 –v : version of python

which python3 : the directory for the local Python environment
Pip and Python Virtual Environments

pip3 install ‘package’ : pip installs packages (risk to introduce competing dependencies)
→ Python VIRTUAL ENVIRONMENT
install only the packages needed for your project
use the venv tool
python3 –m venv ‘devfun’ : create python3 virtual environment

(devfun) source devfun/bin/activate : activate the virtual environment
(devfun) pip3 freeze : verify python packages
python3 –m pip freeze | grep ‘package’ : find of the package installed

Python – Sharing Virtual Environment
Python – requirements file
pip3 freeze > requirements.txt : generate output file
pip3 install –r requirements.txt : install the same packages in new virtual environment
https://www.analyticssteps.com/blogs/working-python-json-object
Labs to do:
3.1.12 - Lab - Explore Python Development Tool – pip, virtual environment
4.5.5 - Lab - Explore REST APIs with API Simulator and Postman School library
API
Data Formats: Understanding and
using JSON, XML and YAML
A Network Programmability Basics Presentation
Network Programmability Basics/Programming Fundamentals/Data Formats: Understanding and using JSON, XML and YAML
©
2
0
1
7
C
i
s
c
o
a
Topics to Cover
n
d
/
o
r
• Importance of a Data Format
i
t
s
a
f
• Common Data Formats in
f
i
l
Programming
i
a
t
e
• Demystify XML
s
.
A
l
l
• Breakdown JSON
r
i
g
h
t
• Simplify YAML
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
C
o
n
Importance of a Data
Format
Know Your Audience
Interface IP-Address OK? Method Status Proto
col
GigabitEthernet1 10.0.2.15 YES DHCP up up
GigabitEthernet2 172.16.0.2 YES manual up up
GigabitEthernet3 172.17.0.1 YES manual up up
> ????
CARL Defy
{
"ietf-interfaces:interfaces": {
"interface": [
Know Your Audience {

"name": "GigabitEthernet2",
"description": "Wide Area Network",
"type": "iana-if-type:ethernetCsmacd",
"enabled": true,
"ietf-ip:ipv4": {
"address": [
{
"ip": "172.16.0.2",
"netmask": "255.255.255.0"
}
]
}
},
{
> :-) "description": "Local Area Network",
"type": "iana-if-type:ethernetCsmacd",
"enabled": true,
"ietf-ip:ipv4": {
"address": [
{
"ip": "172.17.0.1",
"netmask": "255.255.255.0"
}
]
}
}
]
}
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential }
Common Data Formats
in Programming
©
2
0
1
7
C
i
s
c
o
Vocabulary summary
a
n
d
/
o
r
i
/ Slashes (schuine streep)
t
s
a
f
f
““ Quotation marks or quotes (aanhalingstekens)
i
l
i
a
t
- Dash (streepje)
e
s
.
A
l
{} Curly braces (accolades)
l
r
i
g
[] Square brackets (vierkante haakjes)
h
t
s
r
e
() Round brackets (ronde haakjes)
s
e
r
v
e
: Colon (dubbele punt)
d
.
C
i
s
, Comma
c
o
C
o
n
Common Data Formats in Programming
XML
JSON <interface xmlns="ietf-interfaces">
{
<description>Wide Area Network</description>
"ietf-interfaces:interface": {
<enabled>true</enabled>
<ipv4>
"description": "Wide Area Network”,
<address>
"enabled": true,
<ip>172.16.0.2</ip>
"ietf-ip:ipv4": {
<netmask>255.255.255.0</netmask>
"address": [
</address>
{
</ipv4>
"ip": "172.16.0.2",
</interface>
"netmask": "255.255.255.0"
}
] YAML
} ---
} ietf-interfaces:interface:
} name: GigabitEthernet2
description: Wide Area Network
enabled: true
ietf-ip:ipv4:
address:
- ip: 172.16.0.2
netmask: 255.255.255.0
©
2
0
1
7
C
i
s
c
o
"Key" : "Value"
a
n
d
/
o
r
i
• "Key" identifies/labels a set of • "Value" is the Data
t
s data
a
f
f
• Right side of colon
i
l • Left side of the colon
i
a • Can be:
t
e
s
.
• Inside of "quotes" • String
A
l
l
• Integer
r
• Array/List
i
g
h
t
s
r { • Bool
e
s
e
"name": "GigabitEthernet2", • Object
r
v
"description": "Wide Area Network”,
e
d "enabled": true
.
C }
i
s
c
o
C
o
n
Demystify XML
©
2
0
1
7
C
i
s
c
o
XML- eXtensible Markup Language.
a
n
d
/
o
r
i
t
<interface xmlns="ietf-interfaces">
s
a <name>GigabitEthernet2</name>
f
f <description>
i
l Wide Area Network
i
a
t
A human readable data structure </description>
e
that applications use to
s
.
A <ipv4>
l
l
r store, transfer, and read data. <address>
i
g
<ip>172.16.0.2</ip>
h
t <netmask>255.255.255.0</netmask>
s
r </address>
e
s
e
</ipv4>
r
v
</interface>
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
XML
a
n
d
/
o
r
• Designed for the Internet
i
t
s
a • Schema or namespace defines
f
f
i
l
data model
i
a
t
e
• <tags></tags> surround
s
.
A
elements for structure and
l
l
r
i
layout
g
h
t
s
• Key/Value representation
r
e
s
• <key>value</key>
e
r
v
e
d
.
• Whitespace not significant
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
XML Object
a
n
d
/
o
r
i
• A related set of data surrounded
t
s
a
by <tags></tags>
f
f
i
l
i
• An object can contain other
a
t
e
objects or data entries
s
.
A
l
l
• <key>value</key> contained
r
i
g
within the object tags
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
XML List
a
n
d
/
o
r
i
▪ List of data
t
s
a
f
▪ Can be composed of XML objects
f
i
l
i
a
▪ Repeated instances of
t
e
s
<tags></tags> for each
.
A
l
element
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
Breakdown JSON
©
2
0
1
7
C
i
s
c
o
JSON - JavaScript Object Notation
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
A human readable data structure
e

s
.
A
l
l
r
i
store, transfer, and read data.
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
JSON
a
n
d
/
{
o
r
i
• A data-interchange text format "ietf-interfaces:interface": {
t
s
a
f
f
• Notated with {} for objects, [ ] "description": "Wide Area Network",
i
l
i
for arrays "enabled": true,
a
t
"ietf-ip:ipv4": {
e
s • Key/Value representation "address": [
.
{
A
l
l
• "key": "value" "ip": "172.16.0.2",
r
i "netmask": "255.255.255.0"
g
h
t
• Whitespace not significant }
s
r ]
e
s
e
}
r
v
}
e
d }
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
JSON Object
a
n
d
/
{
o
r
i
• Data surrounded by { } "ietf-interfaces:interface": {
t
s
a
f
f
• An object can contain other "description": "Wide Area Network",
i
l
i
objects or data entries "enabled": true,
a
t
"ietf-ip:ipv4": {
e
s • Key/Value set separated by "address": [
.
{
A
l
l
comma "ip": "172.16.0.2",
r
i
g • No comma at the end! "netmask": "255.255.255.0"
h
t }
s
r ]
e
s
e
}
r
v
}
e
d }
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
JSON List
a
n
d
/
{
o
r
i
▪ List of data "addresses": [
t
s
a ▪ Can be composed of JSON {
f
"ip": "172.16.0.2",
f
i
l
objects "netmask": "255.255.255.0"
i
a },
t
e
s
▪ Notated with brackets {
.
A "ip": "172.16.0.3",
l
l
r
▪ Comma Separated "netmask": "255.255.255.0"
i
g
},
h
t {
s
r "ip": "172.16.0.4",
e
s
e
"netmask": "255.255.255.0"
r
v
}
e
d ]
.
C }
i
s
c
o
C
o
n
Simplify YAML
©
2
0
1
7
C
i
s
c
o
YAML - “YAML Ain’t Markup Language”
a
n
d
/
o
r
---
i
t
ietf-interfaces:interface:
s
a name: GigabitEthernet2
f
f description: Wide Area Network
i
l enabled: true
i
a
t
A human readable data structure ietf-ip:ipv4:
e
address:
s
.
A - ip: 172.16.0.2
l
l
r store, transfer, and read data. netmask: 255.255.255.0
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
YAML
a
n
d
/
---
o
r
i
• Minimalist format commonly ietf-interfaces:interface:
t
s
a
used for configuration files name: GigabitEthernet2
f
f description: Wide Area Network
i
l
i
• Whitespace indentation defines enabled: true
a ietf-ip:ipv4:
t
e
structure address:
s
.
A
l
• No commas - ip: 172.16.0.2
l
r
netmask: 255.255.255.0
i
g
• Key/Value representation
h
t
s • key: value
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
YAML Object
a
n
d
/
---
o
r
i
• Related set of data at the ietf-interfaces:interface:
t
s
a
common indentation level under name: GigabitEthernet2
f
f
name description: Wide Area Network
i
l
i
enabled: true
a ietf-ip:ipv4:
t
e
• An object can contain other address:
s
.
A
l
objects or data entries - ip: 172.16.0.2
l netmask: 255.255.255.0
r
i
g
• key: value pairs left aligned
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
YAML List
a
n
d
/
---
o
r
i
▪ List of data addresses:
t
s
a ▪ Can be composed of YAML - ip: 172.16.0.2
f
netmask: 255.255.255.0
f
i
l
objects - ip: 172.16.0.3
i
netmask: 255.255.255.0
Uses “ - ” character to indicate a
a
▪
t
e
s - ip: 172.16.0.4
.
A
l
list element netmask: 255.255.255.0
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
Summing up
©
2
0
1
7
C
i
s
c
o
Review
a
n
d
/
o
r
i
• Importance of the Audience
t
s
a
f
f
• Common data formats in programming
i
l
i
• XML
a
t
e • JSON
s
• YAML
.
A
l
l
r
i
g
h
• Data Formats are mostly interchangeable
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
Working with data
©
2
0
1
7
C
i
s
c
o
Parsing
a
n
d
/
o
r
i
• Parsing means analyzing a message, breaking it into its
t
s
a
f
component parts, and understanding the purpose of each part
f
i
l
in context.
i
a
t
e
s
• Data parsing is the process of taking data in one format and
.
A
l
transforming it to another format
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
Parsing is needed when you need (examples):
a
n
d
/
o
r
i
• XML in Python
t
s
a
f
f
• JSON in Python
i
l
i
a
t
• YAML in Python
e
s
.
A • Serialization in Python
l
l
r
i
g
• ……
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
Useful Python Libraries for
Network Engineers
Libraries to Work with Data
Manipulating Data of All Formats
• XML - xmltodict • CSV
• pip install xmltodict • import csv
import xmltodict
• JSON
• import json
• YAML - PyYAML
• pip install PyYAML
import yaml
Treat XML like Python Dictionaries with xmltodict
• Easily work with XML data
• Convert from XML - > Dict* and
back
• xmltodict.parse(xml_data)
• xmltodict.unparse(dict)
• Python includes a native Markup

(html/xml) interfaces as well
• More powerful, but also more
complex
* Technically to an OrderedDict
https://pypi.python.org/pypi/xmltodict
netprog_basics/programming_fundamentals/python_part_3/xml_example.xml
To JSON and back again with json
• JSON and Python go together
like peanut butter and jelly
• json.loads(json_data)
• json.dumps(object)
• JSON Objects convert to

Dictionaries
• JSON Arrays convert to Lists
https://docs.python.org/3/library/json.html
netprog_basics/programming_fundamentals/python_part_3/json_example.json
YAML? Yep, Python Can Do That Too!
• Easily convert a YAML file to a
Python Object
• yaml.load(yaml_data)
• yaml.dump(object)
• YAML Objects become

Dictionaries
• YAML Lists become Lists
https://pypi.python.org/pypi/PyYAML/3.12
netprog_basics/programming_fundamentals/python_part_3/yaml_example.yaml
Import Spreadsheets and Data with csv
• Treat CSV data as lists
• csv.reader(file_object)
• Efficiently processes large files

without memory issues
• Options for header rows and
different formats
https://docs.python.org/3/library/csv.html
netprog_basics/programming_fundamentals/python_part_3/csv_example.csv
Python – Things you must know
What is a dictonary in
Python?
What is a dictonary in Python?
● Python’s implementation of a data structure
● A data structure for storing a group of objects
● Tree structure
● A dictonary is needed in order to be processed by python. It’s using
pointers!
● It’s using identation (blanc spaces
● A dictonary starts with curly brackets {}
● Curly brackets indicates it’s a complex structure
● A dictionary consists of a collection of key-value pairs
● Each key-value pair maps the key to its associated value
What is a dictonary in Python? (continuation)
● Python Dictionary is a set of key-value pairs. The keys are unique in a dictionary.
● A dictionary is an object of class dict. It’s an unordered collection.
● Dictionary keys must be immutable. So we can use string, numbers, tuple as dict key.
● If the tuple contains any mutable objects, we can’t use it as a dictionary key.
● We can’t use a List as a Dictionary key because they can be modified.
● A dictionary is created using a pair of braces {}. The key-value pairs are separated
using a comma.
● The dictionary keys and values can be of any types. They can also be None.
● The key and its value are separated using a colon.
● Dictionary records are indexed using the key.
Key and value pairs in a dictionary:
● KEY : VALUE
○ Key – in databases (column name)
○ Value can be :
■ Atomic
■ Non-Atomic, for example a list []
■ Or a DICT
Data Type in Python:
● Data type
○ Determines what you can do in Python
○ It can be a DICT or a string
○ Converting different data types (TypeCasting)
■ Dict or number into a string
○ DICT = uses single quotes (Pointers)
○ String = uses double quotes

Search in Python needs a list:
● Search
○ You need a list []
○ Not possible in a DICT {}
○ Search in a list can only be done by using a LOOP
○ Looping is possible when you select a KEY where the value is a

list (a list uses indexes)
○ In databases (Dict~colums, list ~Rows)

Labs to do:
Serialization and deserialization
©
2
0
1
7
C
i
s
c
o
Serialization and Deserialization
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
Serialization and Deserialization
a
n
d
/
o
Data in use by a program is often stored in discontiguous
r
i
t
memory locations with internal references made by pointers.
s
a
f
f
i
Those pointers only have meaning in that computer - if you
l
i
a
want to communicate the data to another computer, you
t
e
s
.
need a representation as a sequence of bytes (STRING) that
A
l
l
have no pointers.
r
That process is called “serialization”.

i
g
h
t
s
r
e
s
e
The reverse process, transforming the sequence of bytes
r
v
e
into an in-memory structure that’s suitable for the intended
d
.
C
computation is called “deserialization”.
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
Serializing is needed when sending data over the
c
o
a
n
d
network
/
Data needs to be transformed into a form that’s suitable for

o
r
i •
t
s
a
f
sending over the network!
f
i
l
i
a
t
e
s
.
A
l
l
r
i
g
h
t
s
r
e
s
e
r
v
e
d
.
C
• Converting into a sequence of bytes
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
What is serialization in Python?
a
n
d
/
o
r
i
• Serializing takes complex data and list it in a sequential
t
s
a
f
manner
f
i
l
i
• In Python, when we want to serialize and de-serialize a
a
t
e
s
Python object, we use functions and methods from the
.
A
l
module Python ‘Pickle’, which has a binary serializable
l
r
i
format
g
h
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
Working with Python and
JSON objects
Working with Python JSON objects
● use the python “json” package to convert a python object into a JSON
object.
● The method of converting python objects into JSON is called

serialization. It is because when we convert a python object into a
JSON (and vice versa), it is a process of storing the data into a series
of bytes.
Different methods in the python JSON module
1. json.dumps() - This method allows you to convert a python object
into a serialized JSON object.
2. json.dump() - This method allows you to convert a python object into
JSON and additionally allows you to store the information into a file
(text file)
3. json.loads() - Deserializes a JSON object to a standard python
object.
4. json.load() - Deserializes a JSON file object into a standard python
object.
Table of conversion for python vs JSON objects
Demo Time!
Data types : string vs dict
JSON & YAML PRACTICE -- servers & services
---
rack: {
- server: "rack": [ .
dev_id: S1
{ "server": {"dev_id": "S1" , "server_name": "svr1" ,
domain: biasc.be
ip-address: 10.2.3.1 "domain": "biasc.be", "ip-address": "10.2.3.1" ,
os: linux "os": "linux" , "server_type": "vm" ,
server_name: svr1 "services": [ .
server_type: vm {"service": "ad" , "service_type": "vm",
services: "protocol": "tcp", "port": "389"},
- port: '389' {"service": "dns", "service_type": "vm",
protocol: tcp
"protocol": "udp", "port": "53"},
service: ad
service_type: vm {"service": "ntp", "service_type": "vm",
- port: '53' "protocol": "udp", "port": "123"}
protocol: udp ]
service: dns }
service_type: vm },
- port: '123' ...
protocol: udp
service: ntp
service_type: vm ]
- server: }
dev_id: S2
JSON & YAML PRACTICE -- network devices
---
rack: {
- device: "rack": [ .
dev_id: D1
dev_name: R1 { "device": {"dev_id": "" , ...
interfaces:
- interface: GigabitEhternet1 "interfaces": [ .
ipaddress: 10.0.1.1 {"interface": "" , ... },
subnet_mask: 255.255.255.0
- interface: GigabitEhternet2 ]
ipaddress: 10.0.3.1 }
subnet_mask: 255.255.255.0 },
… ...
- device:
dev_id: D2 ]
dev_name: C1 }
interfaces:
- interface: VLAN1
ipaddress: 10.0.1.2
subnet_mask: 255.255.255.0
JSON Practice -- Webex Team Spaces & Users
{
"groups": [
{ "group": { "group_name": "GROUP_MICRO" ,
"members": [
{"person_name": "Nick", "email": "nick@biasc.be"},
{"person_name": "Marcus", "email": "marcus@biasc.be"},
{"person_name": "Lisa", "email": "lisa@biasc.be"}
]
}
},
{ "group": { "group_name": "GROUP_NANO" ,
"members": [
{"person_name": "Martin", "email": "martin@biasc.be"},
{"person_name": "Bob", "email": "bob@biasc.be"},
{"person_name": "Alice", "email": "alice@biasc.be"}
]
}
}
]
}
Webex Rest API -- basic code to create spaces and users
import requests ### pip install requests
import json ### pip install json
access_token = "Add your own token here"

url = 'https://api.ciscospark.com/v1/rooms'
headers = {'Authorization': 'Bearer {}'.format(access_token),'Content-Type': 'application/json' }
for rec in groups_struc["groups"]:
create_group_name = rec["group"]["group_name"]
payload_space={"title": create_group_name}
res_space = requests.post(url, headers=headers, json=payload_space)
NEW_SPACE_ID = res_space.json()["id"]
for mbr in rec["group"]["members"]:
room_id = NEW_SPACE_ID
person_email = mbr["email"]
url2 = 'https://api.ciscospark.com/v1/memberships'
payload_member = {'roomId': room_id, 'personEmail': person_email}
res_member = requests.post(url2, headers=headers, json=payload_member)
Webex Rest API -- safer code
import requests
import json

url = 'https://api.ciscospark.com/v1/rooms'
headers = {'Authorization': 'Bearer {}'.format(access_token),'Content-Type': 'application/json' }
for rec in groups_struc["groups"]:
create_group_name = rec["group"]["group_name"]
print("Creating ... " + create_group_name)
payload_space={"title": create_group_name}
if payload_space["title"] != None: ### avoid errors if room title is unknown
res_space = requests.post(url, headers=headers, json=payload_space)
if res_space.status_code < 300: ### only create members if space has been created
NEW_SPACE_ID = res_space.json()["id"]
for mbr in rec["group"]["members"]:
room_id = NEW_SPACE_ID
person_email = mbr["email"]
url2 = 'https://api.ciscospark.com/v1/memberships'
payload_member = {'roomId': room_id, 'personEmail': person_email}
res_member = requests.post(url2, headers=headers, json=payload_member)
Webex Teams SDK => delete rooms used in the demo
from webexteamssdk import WebexTeamsAPI ### pip install webexteamssdk

api = WebexTeamsAPI(access_token=access_token)
# Find all rooms that have 'GROUP_' in their title

all_rooms = api.rooms.list()
demo_rooms = [room for room in all_rooms if 'GROUP_' in room.title]
# Delete all of the demo rooms

for room in demo_rooms:
print("Deleting ... " + room.title)
api.rooms.delete(room.id)
©
2
0
1
7
C
i
s
c
o
Call to Action!
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
3.6.6 - Lab – Parse different Data Types with Python
l
l
r
i
g
h
(no detailed understanding of XML required)
t
s
r
e
s
e
3.4.6 - Lab – Python Classes Review
r
v
e
d
.
C
8.6.7 - Lab – Construct a Python Script to Manage Webex Teams
i
s
c
o
C
o
n
3.3 Version Control Systems
Version Control Systems
Types of Version Control Systems
• Version control, also called version control systems, revision control or source control, is a
way to manage changes to a set of files in order to keep a history of those changes.
• Benefits of version control are:
• Enables collaboration
• Accountability and visibility
• Work in isolation
• Safety
• Work anywhere
• There are three types of version control systems:
• Local
• Centralized
• Distributed
Types of Version Control Systems (Contd.)
Local Version Control
System (LVCS)
• LVCS uses a simple database to keep

track of all of the changes to the file.
• In most cases, the system stores the

delta
between the two versions of the file.
• When the user wants to revert to the

file, the delta is reversed to get to the
requested version.
Centralized Version Control
System (CVCS)
• CVCS uses a server-client model.
• The repository is stored in a centralized

location, on a server.
• In CVCS, only one individual can work

on a
particular file at a time.
• An individual must check out the file to

lock it and make the required changes
and check in once done.
Distributed Version Control
System (DVCS)
• DVCS is a peer-to-peer model.
• The repository can be stored on a client

system, but it is usually stored in a
repository hosting service.
• In DVCS, every individual can work on any

file, at the same time, because the local
file in the working copy is being modified.
Hence, locking is not required.
• When the individual has made the

changes, they push the file to the main
repository that is in the repository hosting
service, and the version control system
detects any conflicts between file changes.
Git
• Git is an open source implementation of a distributed version control system that is currently the latest
trend in software development.
• A Git client must be installed on a client machine. It is available for MacOS, Windows, and Linux/Unix.
• One key difference between Git and other version control systems is that Git stores data as snapshots
instead of differences (the delta between the current file and the previous version).
• If the file does not change, Git uses a reference link to the last snapshot in the system instead of taking a
new and identical snapshot.
Git (Contd.)
• Git is organized by 3s- three
stages and three states.
• The three stages are:

• Repository (the .git
directory)
• Working directory
• Staging area
• The three states are:

• Committed
• Modified
• Staged
Local vs. Remote Repositories
• Git has two types of repositories: local and remote.
• A local repository is stored on the file system of a client machine, which is the same one on
which the git commands are being executed.
• A remote repository is stored somewhere other than the client machine, usually a server or
repository hosting service.
• A remote repository with Git continues to be a DVCS because the remote repository will contain
the full repository, which includes the code and the file history.
• When a client machine clones the repository, it gets the full repository without requiring to lock
it, as in a CVCS.
• After the local repository is cloned from the remote repository or the remote repository is
created from the local repository, the two repositories are independent of each other until the
content changes are applied to the other branch through a manual Git command execution.
What is Branching?
• Branching enables users to work on code independently without affecting the main code in the
repository. When a repository is created, the code is automatically put on a branch called Master.
• Branches can be local or remote,

and they can be deleted and have
their own history, staging area, and
working directory.
• Git's branch creation is lightweight,
and switching between branches is
almost instantaneous.
• When a user goes from one branch
to another, the code in their working
directory and the files in the staging
area change accordingly, but the
repository (.git) directories remain
unchanged.
GitHub and Other Providers
• Git and GitHub are not the same.
• While Git is an implementation of distributed version control and provides a command line
interface, GitHub is a service provided by Microsoft that implements a repository hosting
service with Git.
• In addition to providing the distributed version control and source code management
functionality of Git, GitHub provides additional features such as:
• code review
• documentation
• project management
• bug tracking
• feature requests
• GitHub introduced the concept of the ‘pull request’, which is a way of formalizing a request
by a contributor to review changes such as new code, edits to existing code, etc., in the
contributor's branch for inclusion in the project's main or other curated branches.
Git Commands
Setting up Git
• To configure Git, use the --global option to set the initial

global settings.
Command: git config --global key value
Create a New Git Repository
• Git provides a git init command to create an empty Git
repository, or make an existing folder a Git repository.
• When a new or existing project becomes a Git
repository, a hidden .git directory is created in
that project folder.
• The .git directory is the repository that holds the
metadata such as the compressed files, the commit
history, and the staging area. In addition, Git also
creates the master branch.
Git Commands (Contd.)
Command: git init
• To make a new or existing project a Git repository, use the following command:
$ git init <project directory>
where the <project directory> is the absolute or relative path to the new or existing project.
• For a new Git repository, the directory in the provided path will be created first, followed by the creation of
the .git directory.
Get an Existing Git Repository
• Command: git clone <repository> [target

directory]
where <repository> is the location of the

repository to clone.
• Git supports four major transport protocols

for accessing the <repository>: Local,
Secure Shell (SSH), Git, and HTTP.
Git Commands (Contd.)
View the Modified Files in the Working Directory
• Git provides a git status command to get a list of files that have differences between the
working directory and the parent branch.
• Command: git status
Compare Changes Between Files

• Git provides a git diff command that is essentially a generic file comparison tool.
• Command: git diff
• When using the git diff command, the file does not need to be a Git tracked file.
Adding and Removing Files
Adding Files to the Staging Area
• Command: git add
• This command can be used more than once before the
Git repository is updated (using commit).
• Only the files specified in the git command can be
added to the staging area
• To add a single file to the staging area:
$ git add <file path>
• To add multiple files to the staging area, where

the <file path> is the absolute or relative path of the file
to be added to the staging area.
$ git add <file path 1> ... <file path n>
• To add all the changed files to the staging area: $ git

add.
Adding and Removing Files (Contd.)
Removing Files from the Git Repository
• There are two ways to remove files from the Git
repository.
• Option 1: git rm command is used to remove files
from the Git repository and add to the staging area.
• Command: git rm
• To remove the specified file(s) from the working
directory and add the change to the staging
area, use the following command:
$ git rm <file path 1> ... <file path n>
where <file path> is the absolute or relative path

of the file to be deleted from the Git repository.
Adding and Removing Files (Contd.)
• To add the specified file(s) to be removed from the staging area without removing the file(s)
itself from the working directory, use the following command:
$ git rm --cached <file path 1> ... <file path n>
The git rm command will not work if the file is already in the staging area with changes.
• Option 2: This option is a two-step process. First use the regular filesystem command to
remove the file(s) and then add the file to the stage using the Git command.
$ rm <file path 1> ... <file path n>
$ git add <file path 1> ... <file path n>
This two step process is equivalent to using the git rm <file path 1> ... <file path n> command.
Using this option does not allow the file to be preserved in the working directory.
Updating Repositories
Updating the Local Repository with the
Changes in the Staging Area
Command: git commit
• This command combines all the content
changes in the staging area into a single
commit and updates the local Git
repository.
• To commit the changes from the staging

area, use the following command:
$ git commit
• To commit the changes from the staging

area with a
message, use the following command:
$ git commit -m "<message>"
Updating Repositories (Contd.)
Updating the Remote Repository
Command: git push
• This command will not execute successfully if

there is a conflict with adding the changes from
the local Git repository to the remote Git
repository.
• To update the contents from the local repository

to
a particular branch in the remote repository,
use the following command:
$ git push origin <branch name>
• To update the contents from the local repository

to the master branch of the remote repository,
use the command: $ git push origin master
Updating Your Local Copy of the Repository
• Local copies of the Git repository do not automatically get updated when another contributor
makes an update to the remote Git repository.
• Updating the local copy of the repository is a manual step.
Command: git pull
• When executing the command, the following steps occur:
• The local repository ( .git directory) is updated with the latest commit, file history, and so
on from the remote Git repository.
• The working directory and branch is updated with the latest content from step 1.
• A single commit is created on the local branch with the changes from step 1.
• The working directory is updated with the latest content.
• To update the local copy of the Git
repository from the parent branch,
$ git pull
Or
$ git pull origin
• To update the local copy of the Git

repository from a specific branch,
$ git pull origin <branch>
Branching Features
Creating and Deleting a Branch
Option 1: git branch command to list, create, or delete a branch.
$ git branch <parent branch> <branch name>

Option 2: git checkout command to switch branches by updating the working directory with the contents of
the branch.
$ git checkout -b <parent branch> <branch name>
Deleting a Branch
• To delete a branch, use the following command:
$ git branch -d <branch name>
Get a List of all Branches
• To get a list of all the local branches, use the following command:
$ git branch Or $ git branch --list
Branching Features (Contd.)
Merging Branches
• Branches diverge from one
another when they are modified
after they are created.
• When Git merges the branch, it
takes the changes/commits
from the source branch and
applies it to the target branch.
• During a merge, only the target
branch is modified.
• The source branch is
untouched and remains the
same.
Fast-Forward Merge
• A fast-forward merge is when the Git algorithm is able to apply the changes/commits from the
source branch(es) to the target branch automatically and without any conflicts.
Merge Conflicts
• A merge conflict is when Git is not able to perform a fast-forward merge because it does not
know how to automatically apply the changes from the branches together for the file(s).
Performing the Merge
• Git provides a git merge command to join two or more branches together.
• Command: git merge
• To merge a branch into the client's current branch/repository, use the below command:
$ git merge <branch name>
• To merge a branch into a branch that is not the client's current branch/repository, use the
following command:
$ git checkout <target branch name>
$ git merge <source branch name>
• To merge more than one branch into the client's current branch/repository, use the below
command:
$ git merge <branch name 1>...<branch name n>
.diff Files
What is a .diff file?
• A .diff file is used to show how two different versions of a file have changed.
• By using specific symbols, this file can be read by other systems to interpret how files can
be updated.
• The symbols and meanings in a unified diff file are:
Symbol Meaning
+ Indicates that the line has been added.
- Indicates that the line has been removed.
/dev/null Shows that a file has been added or removed.
or "blank" Gives context lines around changed lines.
@@ A visual indicator that the next block of information is starting. Within the changes for one
file, there may be multiple.
index Displays the commits compared.
Lab - Software Version Control with Git
• In this lab, you will complete the following objectives:
• Part 1: Launch the DEVASC VM
• Part 2: Initializing Git
• Part 3: Staging and Committing a File in the Git Repository
• Part 4: Managing the File and Tracking Changes
• Part 5: Branches and Merging
• Part 6: Handling Merge Conflicts
• Part 7: Integrating Git with GitHub
©
2
0
1
7
C
i
s
c
o
Call to Action!
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
l
r
8.6.7 - Lab – Construct a Python Script to Manage Webex Teams

i
g
h
t
s
r
e
s
e
r
3.3.11 - lab - Software-version-control-with-git
v
e
d
.
C
i
s
c
o
C
o
n
APIs aren’t scary… you
already use them
©
2
0
1
7
C
i
s
c
o
Command Line Interface (CLI)
● Designed for Humans… so more a UI than API
a
n
d
/
o
r
i
t
● but...
s
a
f
f
i
• Network Management Systems
l
i
a
t
• Expect Scripts
e
s
.
A
l
• Paramiko/Netmiko
l
r
i
g
h
• NAPALM
t
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
Simple Network Management Protocol (SNMP)
a
n
d
/
o
r
i
• “designed as a programmatic
t
s
a
interface between management
applications and devices”*
f
f
i
l
i
a
t
e
• Widely used for monitoring
s
.
A
l
l
• Limited use for configuration
r
i
g
h
t
• Network Management Systems
s
r
e
primary consumer
s
e
r
v
e
d
.
C
i
s
c
* https://tools.ietf.org/html/rfc3535
o
C
o
n
Other APIs out there
©
2
0
1
7
C
i
s
c
o
API can be based on multiple protocols
a
n
d
/
o
r
i
• SOAP
t
s
a
f
f
i
l
• REST
i
a
t
e
s
.
• XML-RPC and JSON-RPC
A
l
l
r
i
g
h
t
• NETCONF
s
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
Simple Object Access Protocol (SOAP)
a
n
d
/
o
r
i
• Mature standard designed by
t
s
a
Microsoft
f
f
i
l
i
• Used to build “Web Services”
a
t
e
(software available over the
s
.
A internet)
l
l
r
i
g
• Typically uses HTTP, and
h
t
s
r
dependent on XML
e
s
e
r
• Sometimes considered complex
v
e
d
and rigid
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
Representational State Transfer (REST)
a
n
d
/
o
r
i
• API framework intended to build
t
s
a
simpler web services than
f
f
i SOAP
l
i
a
t
e
• Another use for the HTTP
s
.
A
l
protocol
l
r
i
g
• Popular due to performance,
h
t
s
scale, simplicity, and reliability
r
e
s
e
r
• Technically an API framework
v
e
d
.
* More detailed coverage in later lessons
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
XML-RPC and JSON-RPC
a
n
d
/
HTTP POST
o
r
i
• Simple frameworks for REQUEST BODY:
t
s
a
communicating over HTTP [
f
f {
i
l
i
• RPC = Remote Procedure Call "jsonrpc": "2.0",
a
"method": "cli",
t
e
s
• When one system requests "params":
.
A
l
another system to execute code {
l
r
"cmd": "show version",
i
g
• Offer XML and JSON data "version": 1
h
t
formats respectively },
s
r "id": 1
e
s
e
}
r
v
]
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
NETCONF (NETwork CONFiguration) Protocol
a
n
d
/
o
r
i
• Designed as replacement for
t
s
a
SNMP
f
f
i
l
i
• Standardized in 2006 / Updated
a
t
e
2011
s
.
A
l
l
• Leverages SSH and XML
r
i
g
h
t
• Defines transport and
s
r
e
communication
s
e
r • Titled coupled to YANG for data
v
e
d
. * More detailed coverage in later lessons
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
RESTCONF Protocol
a
n
d
/
o
r
i
• Provide REST API like interface
t
s
a
to network
f
f
i
l
i
• Standardized in 2017
a
t
e
s
.
• Supports XML and JSON
A
l
l
r
i
• Defines transport and
g
h
t
communication
s
r
e
• Titled coupled to YANG for data
s
e
r
v
* More detailed coverage in later lessons
e
d
.
C
i
s
c
o
C
o
n
©
2
0
1
7
C
i
s
c
o
Transport (Protocol) vs Data (Model)
a
n
d
/
o
r
i
t
s
a
f
f
i
l
i
a
t
e
s
.
A
l
• NETCONF • YANG
l
r
i
g
h
t
s
• RESTCONF
• gRPC
r
e
s
e
r
v
e
d
.
C
i
s
c
o
C
o
n
API Libraries
Access Different APIs Easily
• REST APIs – requests
• pip install requests
import requests
• NETCONF – ncclient
• pip install ncclient
import ncclient
• Network CLI – netmiko

• pip install netmiko
import netmiko
NETMIKO
● Python for Network Engineers - Netmiko Library
● https://pynet.twb-tech.com/blog/netmiko-python-library.html
● netmiko.base_connection API documentation

● https://ktbyers.github.io/netmiko/docs/netmiko/base_connection.html#netmiko.base_connection.Bas
eConnection.check_config_mode
● Learning Python for a Network Engineer

● https://networktechstudy.com/home/learning-python
● GitHub - ktbyers/netmiko: Multi-vendor library to simplify Paramiko SSH connections to network

devices
● https://github.com/ktbyers/netmiko
● SSH Configuration with Netmiko – YouTube

● https://www.youtube.com/watch?v=cRLnaxXERuM
● GitHub - bigevilbeard/Basic_NetMiko: Getting started with Netmiko using devnet always on

Sandbox
● https://github.com/bigevilbeard/Basic_NetMiko
Getting the “YANG” of it with
Standard Data Models
Network Programmability Basics/Network Device APIs/Getting the “YANG” of it with Standard Data Models
Network Programmability Basics Modules
• Network Device APIs
Topics to Cover
• Model Driven Programmability
• What is YANG?
• Working with YANG Data Models
• Network Device Data in YANG
The Network is No Longer Isolated
What about SNMP?
• Typical config: SNMPv2 read-only
community strings
SNMP works • Typical usage: interface
“reasonably well for statistics queries and traps
device monitoring” • Empirical Observation: SNMP is not

used for configuration
• Lack of Writeable MIBs
• Security Concerns
RFC 3535: Overview of the 2002 IAB Network
Management Workshop – 2003 • Difficult to Replay/Rollback
https://tools.ietf.org/html/rfc3535 • Special Applications
Model Driven Programmability
• NETCONF – 2006 – RFC 4741
(RFC 6241 in 2011)
• YANG – 2010 – RFC 6020

• RESTCONF – 2017 – RFC 8040
• gRPC – 2015 – OpenSource
project by Google
Transport (Protocol) vs Data (Model)
• NETCONF • YANG
• RESTCONF
• gRPC
What is YANG?
Three Meanings of “YANG “
What is a Data Model?
• Person
• Gender - male, female, other
A data model is simply a well • Height - Feet/Inches or Meters
understood and agreed upon • Weight - Pounds or Kilos
method to describe "something". • Hair Color - Brown, Blond, Black,

As an example, consider this Red, other
simple "data model" for a • Eye Color - Brown, Blue, Green,
person. Hazel, other
YANG Modeling Language
module ietf-interfaces {
import ietf-yang-types {
• Module that is a self-contained top- prefix yang;
level hierarchy of nodes }
• Uses containers to group related nodes container interfaces {
list interface {
• Lists to identify nodes that are stored in key "name";
sequence leaf name {
• Each individual attribute of a node is type string;
}
represented by a leaf
leaf enabled {
• Every leaf must have an type boolean;
associated type default "true";
}
}
Example edited for simplicity and brevity

YANG Data Modeling Language
RFC-6020 RFC-7950
YANG is a data modeling language used to model

configuration and state data
YANG models the hierarchical organization of

data as a tree
What might a YANG Data Model describe?
Working with YANG
Data Models
Where do Models Come From?
Industry Vendor
Standard Specific
• Standard definition • Vendor definition

(IETF, ITU, OpenConfig, etc.) (i.e. Cisco)
• Compliant with standard • Unique to Vendor Platforms

ietf-diffserv-policy.yang cisco-memory-stats.yang
ietf-diffserv-classifer.yang cisco-flow-monitor
ietf-diffserv-target.yang cisco-qos-action-qlimit-cfg
https://github.com/YangModels/yang
Where to get the Models?
• https://github.com/YangModels/yang
“YANG modules from standard

organizations such as the IETF, open
source such as Open Daylight or
vendor specific modules”
YANG Data Models
The model can be displayed and represented in any number of
formats depending on needs at the time. Some options include:
• YANG Language
• Clear Text
• XML
• JSON
• HTML/JavaScript
Working with YANG Models
DevNet$ pyang –f tree ietf-
interfaces.yang
module: ietf-interfaces
+--rw interfaces
| +--rw interface* [name]
| +--rw name string
| +--rw description? string
| +--rw type identityref
| +--rw enabled? boolean
| +--rw link-up-down-trap-enable? enumeration {if-
mib}?
Example output edited for simplicity and brevity
netprog_basics/network_device_apis/yang/ietf-interfaces.yang
Using pyang module: ietf-interfaces
+--rw interfaces
Module Name
| +--rw interface* [nKaemey]
container
| +--rw name strinL
g eaf
Python YANG Library
list
• | +--rw type identityref
| +--rw enaObplteiodn?al boolean
• Validate and display | +--rw link-up-down-trap-enable?

+--ro interfaces-state
enumeration {if-mib}?
YANG files +--ro interface* [name]

+--ro name string
+--ro type identityref
• Many formats for display +--ro admin-status enumeration {if-mib}?
+--ro oper-status enumeration
• Text: tree
containe
+--ro last-change? yang:dateD
-aa ta
nd-tT
imyepe
list
+--ro if-index int32 {if-mib}?
• HTML: jstree
+--ro phys-address? yang:phys-address
+--ro higher-layer-if* interface-state-ref
r
Read +--ro lower-layer-if* interface-state-ref
Only +--ro speed? yang:gauge64
+--ro statistics
+--ro discontinuity-time yang:date-and-time
+--ro in-octets? yang:counter64
[OUTPUT REMOVED]
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Example edited for simplicity and brevity
Network Device Data in
YANG
Actual Device Data Modeled in YANG
Use NETCONF to Retrieve ietf-interfaces data
• NETCONF details covered in
another session
• ncclient provides a Python
client for NETCONF
• Using built-in library to print
reply
• xml.dom.minidom
netprog_basics/network_device_apis/yang/device_info.py
netprog_basics/network_device_apis/yang/example1.py
Use NETCONF to Retrieve ietf-interfaces data
DevNet$ python example1.py
netprog_basics/network_device_apis/yang/device_info.py
netprog_basics/network_device_apis/yang/example1.py
Summing up
Review
• YANG is a Data Modeling Language
• YANG Modules are constructed to create standard data models for
network data
• YANG Data sent to or from a network device will be formatted in
either XML or JSON depending on the protocol (ex: NETCONF or
RESTCONF)
Goodbye SNMP <hello> NETCONF!
A Network Programmability Basics Presentation
Network Programmability Basics/Network Device APIs/Goodbye SNMP <hello> NETCONF!

Topics to Cover
• Understanding NETCONF
• NETCONF in Code with
Python
• Automate Your Network with
NETCONF
Understanding NETCONF
Introducing the NETCONF Protocol
Some key details:

• Initial standard in 2006
with RFC4741
• Latest standard
is RFC6241 in 2011
• Does NOT explicitly define
content
NETCONF Protocol Stack
Transport - SSH
$ ssh admin@192.168.0.1 -p 830 -s netconf
admin@192.168.0.1's password: SSH Login
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability>
Server (Agent)
<capability>urn:ietf:params:xml:ns:yang:ietf-interfaces</capability> sends hello
[output omitted and edited for clarity]
</capabilities>
<session-id>19150</session-id></hello>]]>]]>
<?xml version="1.0" encoding="UTF-8"?>

<capabilities> Client (Manager)
<capability>urn:ietf:params:netconf:base:1.0</capability> sends hello
</capabilities>
</hello>]]>]]> Example edited for simplicity and brevity
Transport - SSH
$ ssh admin@192.168.0.1 -p 830 -s netconf
admin@192.168.0.1's password:
<capabilities>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability>
Don’t NETCONF Like this!

<capability>urn:ietf:params:xml:ns:yang:ietf-interfaces</capability>
[output omitted and edited for clarity]
</capabilities>
<session-id>19150</session-id></hello>]]>]]>

<capabilities>
</capabilities>
</hello>]]>]]> Example edited for simplicity and brevity
Messages - Remote Procedure Call (RPC)
Operations - NETCONF Actions
Operation Description
<get> Retrieve running configuration and device state information
<get-config> Retrieve all or part of specified configuration data store
<edit-config> Loads all or part of a configuration to the specified configuration
data store
<copy-config> Replace an entire configuration data store with another
<delete-config> Delete a configuration data store
<commit> Copy candidate data store to running data store
<lock> / <unlock> Lock or unlock the entire configuration data store system
<close-session> Graceful termination of NETCONF session
<kill-session> Forced termination of NETCONF session
NETCONF Data Stores
Data Store Key Points

• Entire or partial configuration
• "running" is the only mandatory data store
• Not all data stores are writeable
• A "URL" data store is supported by IOS to
enable <config-copy>
• Every NETCONF message must target a
data store
result = m.get_config('running')
NETCONF Communications
NETCONF in Code with
Python
NETCONF and Python: ncclient
• Full NETCONF Manager
implementation in Python
• https://ncclient.readthedocs.io
• Simplifies connection and
communication.
• Deals in raw XML
From: http://ncclient.readthedocs.io/en/latest/
Saying <hello> with Python and ncclient
• example1.py: Saying <hello>
• manager.connect() opens
NETCONF session with device
• Parameters: host & port, user &
password
• hostkey_verify=False
Trust cert
• Stores capabilities
netprog_basics/network_device_apis/netconf/device_info.py
netprog_basics/network_device_apis/netconf/example1.py
Understanding the Capabilities List
Here are the NETCONF Capabilities
urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:base:1.1
.
urn:ietf:params:xml:ns:yang:ietf-interfaces?module=ietf-interfaces&revision=2014-05-08&features=pre-
provisioning,if-mib,arbitrary-names&deviations=ietf-ip-devs
.
http://cisco.com/ns/ietf-ip/devs?module=ietf-ip-devs&revision=2016-08-10
.
http://cisco.com/ns/yang/Cisco-IOS-XE-native?module=Cisco-IOS-XE-native&revision=2017-02-07
Two General Types

• Base NETCONF capabilities
• Data Models Supported
urn:ietf:params:xml:ns:yang:ietf-interfaces
? module=ietf-interfaces
& revision=2014-05-08
& features=pre-provisioning,if-mib,arbitrary-names
& deviations=ietf-ip-devs
.
http://cisco.com/ns/ietf-ip/devs
? module=ietf-ip-devs
& revision=2016-08-10
Data Model Details
• Model URI
• Module Name and Revision Date
• Protocol Features
• Deviations – Another model that modifies this one
Automate Your Network
with NETCONF
Getting Interface Details
• example2.py: Retrieving info
with ncclient
• Send <get> to retrieve config
and state data
• Process and leverage XML
within Python
• Report back current state of
interface
Interface Details:
Name: GigabitEthernet1
Description: DON'T TOUCH ME
Type: ianaift:ethernetCsmacd
MAC Address: 00:50:56:bb:74:d5
Packets Input: 592268689
Packets Output: 21839
Configuring Interface Details
• example3.py: Editing
configuration with ncclient
• Constructing XML Config
Payload for NETCONF
• Sending <edit-config>
operation with ncclient
• Verify result
netprog_basics/network_device_apis/netconf/config-temp-ietf-interfaces.xml
config-temp-ietf-interfaces.xml
Payload for NETCONF
• Verify result
Payload for NETCONF
• Verify result
DevNet$ python -i example3.py
Configuration Payload:
<config>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<description>Configured by NETCONF</description>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">
ianaift:ethernetCsmacd
</type>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<address>
<ip>10.255.255.1</ip>
<netmask>255.255.255.0</netmask>
</address>
</ipv4>
</interface>
</interfaces>
</config>

<rpc-reply xmlns=”urn.." message-id=”..9784" xmlns:nc="urn..">
<ok/>
</rpc-reply>
Summing up
Review
• Why technologies like NETCONF, RESTCONF, and YANG were
developed and how they relate.
• The elements of the NETCONF transport protocol
• How to leverage ncclient to use NETCONF in Python
• Examples retrieving and configuring data from a NETCONF Agent
Learn to CRUD with GET, POST
and DELETE using RESTCONF
Network Programmability Basics/Network Device APIs/Learn to CRUD with GET, POST and DELETE using RESTCONF
Topics to Cover
• Understanding RESTCONF
• Using RESTCONF with
Postman
• Automate Your Network with
RESTCONF
Understanding RESTCONF
RESTCONF Details
• RFC 8040 - January 2017

“an HTTP-based protocol • Uses HTTPS for transport
that provides a • Tightly coupled to the YANG
programmatic interface for data model definitions
accessing data defined in • Provides JSON or XML data
YANG…” formats
• https://tools.ietf.org/html/rfc8040
What about NETCONF?
RESTCONF Protocol Stack & Transport
Operations - HTTP CRUD
RESTCONF NETCONF
GET <get> , <get-config>
POST <edit-config> (operation="create")
PUT <edit-config> (operation="create/replace")
PATCH <edit-config> (operation="merge")
DELETE <edit-config> (operation="delete")

Content - XML or JSON
HTTP Headers RESTCONF MIME Types
• Content-Type: Specify the type • application/yang-data+json
of data being sent from the
• application/yang-data+xml
client
• Accept: Specify the type of data
being requested by the client
Constructing RESTCONF URIs
https://<ADDRESS>/<ROOT>/data/<[YANG MODULE:]CONTAINER>/<LEAF>[?<OPTIONS>]
• ADDRESS - Of the RESTCONF Agent

• ROOT - The main entry point for RESTCONF requests.
Discoverable at https://<ADDRESS>/.well-known/host-meta
• data - The RESTCONF API resource type for data

• The “operations” resource type used to access RPC operations available
• [YANG MODULE:]CONTAINER - The base model container being
used. Providing the module name is optional.
• LEAF - An individual element from within the container
• [?<OPTIONS>] - optional parameters that impact returned results.
URL Creation Review
https://<ADDRESS>/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet1?depth=unbounded
module: ietf-interfaces
+--rw interfaces
| +--rw interface* [name]
| +--rw name string
| +--rw type identityref
| +--rw enabled? boolean
| +--rw link-up-down-trap-enable? enumeration {if-mib}?
Options Examples:
• depth=unbounded
Follow nested models to end. Integer also
supported
Key: • content=[all, config, nonconfig]
https://<ADDRESS>/<ROOT>/data>/<[YANG MODULE:]CONTAINER>/<LEAF>[?<OPTIONS>] Query option controls type of data returned.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • fields=expr
Limit what leafs are returned
Using RESTCONF with
Postman
Postman: Powerful but Simple REST API Client
• Quickly test APIs in GUI
• Save APIs into Collections for
reuse
• Manage multiple environments
• Auto generate code from API
calls https://www.getpostman.com
• Standalone Application or
Chrome Plugin
Setup Environment for RESTCONF
• Add variables for host, and
credentials
• Reference anywhere with
{{variable name}} syntax
Step 1: Get Capabilities List via RESTCONF
• GET
/restconf/data/netconf-state/capabilities
• Add RESTCONF Headers

• Content-Type and Accept
application/yang-data+json
(or xml)
• Configure Basic Auth with username
and password variables
Step 1: Get Capabilities List via RESTCONF
• Send and review results
urn:ietf:params:xml:ns:yang:ietf-interfaces
? module=ietf-interfaces
& revision=2014-05-08
& features=pre-provisioning,if-mib,arbitrary-names
& deviations=ietf-ip-devs
.
http://cisco.com/ns/ietf-ip/devs
? module=ietf-ip-devs
& revision=2016-08-10
Data Model Details
• Model URI
• Module Name and Revision Date
• Protocol Features
• Deviations – Another model that modifies this one
Automate Your Network
with RESTCONF
• GET
restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet2
• Configure Auth and Headers

• PUT

• Configure Body (raw)
• Send and check status code
Configuring Interface Details - Verification
• GET

• Check that the new config was
successful
Summing up
Review
• Why technologies like NETCONF, RESTCONF, and YANG were
developed and how they relate.
• The elements of the RESTCONF transport protocol
• How to leverage Postman to use RESTCONF
• Examples retrieving and configuring data using RESTCONF
Call to Action!
7.0.3 Lab - Install the CSR1000v VM – ILM
8.3.5 Lab - Explore YANG Models – ILM
8.3.6 Lab - Use NETCONF to Access an IOS XE Device – ILM
8.3.7 Lab - Use RESTCONF to Access an IOS XE Device - ILM

Network Virtualization: Enterprise Networking, Security, and Automation v7.0 (ENSA)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Virtualization: Enterprise Networking, Security, and Automation v7.0 (ENSA)

Uploaded by

Copyright:

Available Formats

Network Virtualization

Enterprise Networking, Security, and Automation v7.0

These are additional benefits of virtualization:

• Application Policy Infrastructure Controller (APIC) - APIC is a centralized software controller

Enterprise Networking, Security, and Automation v7.0

• JavaScript Object Notation (JSON)

• eXtensible Markup Language (XML)

• YAML Ain’t Markup Language (YAML)

• Cacheable - Clients can cache responses to improve performance.

• The API must be hypertext driven.

HTTP Method RESTful Operation

• To limit the number of people using the API.

• To limit the number of requests per user.

• To better capture and track the data being requested by users.

• To gather information on the people using the API.

• Software and version control

• Device attributes such as names, addressing, and security

Network Programmability Basics/Introduction/How to be a Network Engineer in a Programmable Age

• Today’s Network Engineer

The OSI Model of Networking…

The Four Ages of Networking…..

The Four Ages of Networking…..

The Four Ages of Networking…..

The Four Ages of Networking…..

Internet of Things Tech Unicorns

Carl’s 3 Step Approach to Network Programmability

“New” Networking Stuff

Network Programmability Basics/Introduction/How to be a Network Engineer in a Programmable Age

Make Geopy run using different tools:

Since REST APIs communicate over HTTP, they use

Status codes HTTP

It can do the same thing as a browser!

The response is the same, but the response is in text format.

Text format is necessary for Automation!

Curl supports user: pass or custom headers

VERBS – API developer will choose and define

./ from current directory

Security - Authentication is in the header!!!

In a Bash script NO spaces!!

4.5.5 - Lab - Explore REST APIs with API Simulator

authCreds = (LOGIN, PASSWORD)

# Get the Auth Token Key

# Using the faker module, generate random "fake" books

devasc@labvm:~/labs/devnet-src/school-library$ python3 /home/devasc/labs/devnet-src/school-library/add100RandomBooks.py

python3 –v : version of python

Pip and Python Virtual Environments

python3 –m venv ‘devfun’ : create python3 virtual environment

python3 –m pip freeze | grep ‘package’ : find of the package installed

Python – requirements file

pip3 freeze > requirements.txt : generate output file

3.1.12 - Lab - Explore Python Development Tool – pip, virtual environment

Know Your Audience {

that applications use to

• Python includes a native Markup

• JSON Objects convert to

• YAML Objects become

• Efficiently processes large files

○ Key – in databases (column name)

■ Non-Atomic, for example a list []

○ Determines what you can do in Python

○ It can be a DICT or a string

○ Converting different data types (TypeCasting)

■ Dict or number into a string