Brkops 1237

#CiscoLive
Programmability Skills for Engineers

Who Don't Want to Code
Hank Preston, Principal Engineer Learning and Certifications

ccie 38336 | devnet expert 20220001
@hfpreston
BRKOPS-1237
#CiscoLive
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space Enter your personal notes here
4 Enter messages/questions in the Webex space
Webex spaces will be moderated

by the speaker until June 9, 2023. https://ciscolive.ciscoevents.com/ciscolivebot/#BRKOPS-1237
#CiscoLive BRKOPS-1237 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
#CiscoLive IBOOPS-1214 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Spreadsheet driven
automation
• Aw CRUD, we gotta talk a
little about APIs
• Source of Truth, it doesn’t
have to be you anymore
Agenda • pyATS - How to no-code
and automate networks
• Ansible the Hammer of
Network Automation
BRKOPS-1237 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Spreadsheet
driven
automation
Story Time
with Hank
“Network Engineering Runs on Spreadsheets”
Device Configuration Standard
crypto isakmp policy 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set <TRANS_SET> esp-aes esp-sha256-hmac
crypto isakmp key <PRESHARED_KEY> address <PEER_ADDRESS>
access-list <ACL_NUM> permit ip <LOCAL_NET> <LOCAL_MASK> <REMOTE_NET> <REMOTE_MASK>
crypto map <MAP_NAME> 10 ipsec-isakmp

set peer <PEER_ADDRESS>
set transform-set <TRANS_SET>
match address <ACL_NUM>
interface <OUTSIDE_INT>
crypto map <MAP_NAME>
Creating the Access List Configuration
! Site 1 Access List


access-list 100 permit ip 10.98.128.0 0.0.3.255 172.28.11.0 0.0.0.255
Creating the Access List Configuration


access-list 100 permit ip 172.28.11.0 0.0.0.255 10.98.128.0 0.0.3.255
Using CONCAT Function in Excel to Create
Strings
=CONCAT("access-list 100 permit ip ",

VPNs[@[Side 1 Inside]]," ", VPNs[@[Side 1 Mask]], " ",
VPNs[@[Side 2 Inside]]," ", VPNs[@[Side 2 Mask]])
• Fill in the blank configuration creation

• Once formulas created, ”fill down” for other
rows / sites
Help info on CONCAT Function
CONCAT your CONCATs for Full Configs
Common Config Elements
=CONCAT('Common Info'!$C$2,
'Common Info'!$C$3,
B2, D2, C2, E2)
Per VPN Configurations
Tip! Don’t forget to add spaces and new lines where needed
Demo!
• MID – Pull characters out of a string
• REPLACE – Change characters in a
string
Other Useful • FIND – Locate a character in a

string
Functions • TRIM – Remove white space
• RAND / RANDBETWEEN – Provide
a random number
• Lots more!
• Business runs on
spreadsheets… not just
networking
• Formulas are WAY faster
Why should I care? and consistent than manual
• Double check, then triple
check results!
• But be careful you don’t go
too far…
Aw CRUD, we
gotta talk a little
about APIs
In the beginning…
Humans were the
only users
Software displays results
in User Interface (UI)
In the beginning…
Humans were the
only users
User asks for data or takes

action by interacting with UI
“It’s a way for two
pieces of software to
talk to each other”
What exactly IS an API?
My Software
Software returns System
results via API
Now software talks

to software
Your Software Software asks for

System data by interacting
with API
APIs aren’t
scary… you
already use
them
Command Line Interface (CLI)
Designed for Humans… so #!/usr/bin/expect -f
more a UI than API send "conf t\n"

expect "(config)#"
but...
send ”hostname my_switch\n"
• Network Management Systems expect "(config)#"
send "ntp server 10.10.10.101\n"
• Expect Scripts expect "(config)#"
send "ip domain-name domain.intra\n"
• Paramiko/Netmiko expect "(config)#"
• NAPALM send "end\n"

expect "#"
send "write mem\n"
expect "#"
Simple Network
Management Protocol
(SNMP)
“designed as a
programmatic interface
between management
applications and devices”
https://tools.ietf.org/html/rfc3535
Representational State Transfer (REST)
• API framework for simple web
services
• Another use for the HTTP
protocol
• Popular due to performance,
scale, simplicity, and reliability
RESTCONF
The URI: What are you Requesting?
https://router-01.example.com/restconf/data/Cisco-IOS-XE-native:native/hostname
Server or Host Resource
• Server or Host Response

{
• Resolves to the IP and port to "Cisco-IOS-XE-native:hostname":
connect to "csr1000v-1"
}
• Resource
• The location of the data or • JSON data returned
object of interest on the server
• Based on YANG model
HTTP Methods: What to do?
HTTP Verb Typical Purpose (CRUD) Description
Used to create a new object, or resource.
POST Create Example: Add new book to library
Retrieve resource details from the system.
GET Read Example: Get list of books from the library
Typically used to replace or update a resource. Can be used to
PUT Update modify or create.
Example: Update the borrower details for a book
Remove a resource from the system.
DELETE Delete Example: Delete a book from the library.
Demo!
• IT System Integrations
• Understand and work with
automation peers
Why should I care? • Evaluate APIs from your
products and vendors
• APIs are cool, add it to
your resume!
• REST API Fundamentals
Learning Module on
Resources DevNet
• Introduction to RESTCONF
Learning Lab on DevNet
Source of Truth,
it doesn’t have
to be you
anymore
Lookup
Desired State
How does Compare to

automation work? Current State
Do Something
Lookup
Desired State
How does
automation Compare to
network Current State
engineering work?
Do Something
What types of data make up “Desired State”
• IP Addresses • Cables / Circuits
• Interface settings • Management Access
• VLANs • Status
• Software Versions • Standards
• Credentials • Application / Service Details
• Serial / Asset Numbers • Host Details
• Neighbors
• In your head
• In someone else’s head
• On a spreadsheet
Where is the data • On a network diagram
found? • Text docs and notes apps
• Paper notes and scrap
paper
• Within the network
#CiscoLive © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Installation Workflow with Source of Truth
Add Gear to DHCP Provides IP Contact

Install, Cable,
Source of Truth and Deployment Deployment Server
Power on Gear
(SoT) Server (DS)
DS renders
DS/Gear updates Gear applies DS sends
bootstrap config
SoT with status bootstrap config bootstrap config
from SoT
• CSV Files
• YAML / JSON Files
Common • Git Repositories
Automation Source • APIs into Other
Applications
of Truth Options • IPAM / DCIM
• Secret Management
• Service Desk / CDB
• “Single” is a fantasy
• Goal should be ”single per
domain”
IPAM, DCIM, Secrets, etc
”Single” Source of
•
• It takes discipline to maintain

Truth Realities • Culture change - “Document
First”
• Go in phases and celebrate
success
pyATS – How to
no-code and
automate
networks
“Could you get me this
info from all of the
devices in the network?”
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Serial Numbers
• Interface status
• Routing table
“Could you get me this • ARP / MAC tables
info from all of the
devices in the network?” • Logs
• Etc
• Etc
• etc
We all have our cheats…
100%| █████████████████████████████████████████ | 1/1 [00:00<00:00, 1.89it/s]
+===========================================================================+
| Genie Parse Summary for rtr1 |
+===========================================================================+
Per device | Connected to rtr1 |
| - Log: output/ip_routes/connection_rtr1.txt |
results |---------------------------------------------------------------------------|
| Parsed command 'show ip route' |
| - Parsed structure: output/ip_routes/rtr1_show-ip-route_parsed.txt |
Command to Run | - Device Console: output/ip_routes/rtr1_show-ip-route_console.txt |
|---------------------------------------------------------------------------|
100%| █████████████████████████████████████████ | 1/1 [00:00<00:00, 2.00it/s]

+===========================================================================+
+===========================================================================+
pyats parse "show ip route" \ | Connected to rtr2 |
--testbed-file testbed.yaml \ |---------------------------------------------------------------------------|
| Parsed command 'show ip route' |
--output output/ip_routes | - Parsed structure: output/ip_routes/rtr2_show-ip-route_parsed.txt |
| - Device Console: output/ip_routes/rtr2_show-ip-route_console.txt |
|---------------------------------------------------------------------------|
100%|█████████████████████████████████████████| 1/1 [00:00<00:00, 2.05it/s]
Network Inventory +===========================================================================+

Captured Output +===========================================================================+
| Connected to rtr3 |
|---------------------------------------------------------------------------|
Per Device Results | Parsed command 'show ip route' |
| - Parsed structure: output/ip_routes/rtr3_show-ip-route_parsed.txt |
- Parse = JSON Data | - Device Console: output/ip_routes/rtr3_show-ip-route_console.txt |
|---------------------------------------------------------------------------|
- Console = Raw Data
Demo
• Collect network baselines
pyATS can do • Quickly find differences
much more • Create robust network tests
(does require coding)
• pyATS home on DevNet
Resources • pyATS CLI Hands On Lab
Ansible – The
Hammer of
Network
Automation
• OpenSource Infrastructure as
Code tool
• Low barrier of entry into
automation
Why Ansible? • Coding skills not needed
• Very popular -> Lots of
examples
• Broad network automation use
cases
- name: Side 2 Config
loop: "{{ vpns.list }}"
loop_control:
label: "{{ item.vpn_name }} Side 2"
Ansible, it isn’t
vars:
vpn_name: "{{ item.vpn_name }}"
preshared_key: "{{ item.preshared_key }} "
“code”… it’s just

source_network: "{{ item.side_2_inside }}"
source_mask: "{{ item.side_2_mask }} "
destination_network: "{{ item.side_1_inside }}"
YAML 🙂 destination_mask: "{{ item.side_1_mask }}"

tunnel_destination: "{{ item.side_1_public_ip }}"
tunnel_interface: "{{ item.side_2_outside }} "
ansible.builtin.template:
src: ios-vpn.j2
dest: configs/{{ item.vpn_name }}-side2-config.txt
Maybe I’m ready to try
something new…
Another approach to the Spreadsheet

Driven Automation
CSV
CLI
Demo!
• Apply configurations
directly to devices
Ansible can do • Complex workflows
much more • Manage network, compute,
storage, cloud, etc at once
• Ansible on DevNet
• Ansible Core Docs
• Reading from CSV
Resources • Using Jinja Templates
• Jinja Template
Documentation
• Demo Example Code
In closing…
Programmability…
Nothing to be
afraid of!
• Spreadsheet driven automation
• Aw CRUD, we gotta talk a little about APIs
What did we • Source of Truth, it doesn’t have to be you

anymore
cover? • pyATS - How to no-code and automate

networks
• Ansible the Hammer of Network
Automation
Hank Preston
• Stay in touch:
• Webex/Email: hapresto@cisco.com
• Twitter: @hfpreston
• Blogs: https://blogs.cisco.com/author/hankpreston
Fill out your session surveys!
Attendees who fill out a minimum of four session

surveys and the overall event survey will get
Cisco Live-branded socks (while supplies last)!
Attendees will also earn 100 points in the

Cisco Live Challenge for every survey completed.
These points help you get on the leaderboard and increase your chances of winning daily and grand prizes
• Visit the Cisco Showcase
for related demos
• Book your one-on-one

Meet the Engineer meeting
• Attend the interactive education

with DevNet, Capture the Flag,
Continue and Walk-in Labs
your education • Visit the On-Demand Library

for more sessions at
www.CiscoLive.com/on-demand
Thank you
#CiscoLive
Gamify your Cisco Live experience!
Get points for attending this session!
How:
1 Open the Cisco Events App.
2 Click on 'Cisco Live Challenge’ in the side menu.
3 Click on View Your Badges at the top.
4 Click the + at the bottom of the screen and scan the QR code:
#CiscoLive

Brkops 1237

Uploaded by

Copyright:

Available Formats

Brkops 1237

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brkops 1237

Uploaded by

Copyright:

Available Formats

#CiscoLive

Programmability Skills for Engineers

Hank Preston, Principal Engineer Learning and Certifications

2 Click “Join the Discussion”

4 Enter messages/questions in the Webex space

Webex spaces will be moderated

crypto ipsec transform-set <TRANS_SET> esp-aes esp-sha256-hmac

crypto isakmp key <PRESHARED_KEY> address <PEER_ADDRESS>

access-list <ACL_NUM> permit ip <LOCAL_NET> <LOCAL_MASK> <REMOTE_NET> <REMOTE_MASK>

crypto map <MAP_NAME> 10 ipsec-isakmp

! Site 1 Access List

! Site 1 Access List

! Site 2 Access List

! Site 2 Access List

=CONCAT("access-list 100 permit ip ",

• Fill in the blank configuration creation

Help info on CONCAT Function

Per VPN Configurations

Other Useful • FIND – Locate a character in a

User asks for data or takes

What exactly IS an API?

Now software talks

Your Software Software asks for

more a UI than API send "conf t\n"

• NAPALM send "end\n"

Server or Host Resource

• Server or Host Response

How does Compare to

Add Gear to DHCP Provides IP Contact

• It takes discipline to maintain

100%| █████████████████████████████████████████ | 1/1 [00:00<00:00, 2.00it/s]

100%|█████████████████████████████████████████| 1/1 [00:00<00:00, 2.05it/s]

Network Inventory +===========================================================================+

“code”… it’s just

YAML 🙂 destination_mask: "{{ item.side_1_mask }}"

Another approach to the Spreadsheet

What did we • Source of Truth, it doesn’t have to be you

cover? • pyATS - How to no-code and automate

Attendees who fill out a minimum of four session

Attendees will also earn 100 points in the

• Book your one-on-one

• Attend the interactive education

your education • Visit the On-Demand Library

2 Click on 'Cisco Live Challenge’ in the side menu.

3 Click on View Your Badges at the top.

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.