Copyright © 2015 World Wide Technology, Inc. All rights reserved.

Software-Defined NetworkingNetwork Automation with Ansible and NX-API

Joel W. KingTechnical Solutions ArchitectEnterprise Networking SolutionsEngineering and Innovations

Goals

• Demonstrate NX-API

• NX-API is an enhancement to the Cisco Nexus 9000 Series (CLIs) system.

• NX-API uses HTTP/HTTPS to make CLI commands available to the network programmer outside of the switch.

Nexus Programmability

Power On

Auto Provisio

ning(POAP)

Nexus Programmability

onePK

API

Nexus 9K

NX-APIRPC / REST API

Python Interpreter

Supercommands

-Software-Defined Network

Programming Class

OpenFlow | XNC

XNC Monitor Manager Demow/ Python REST

API

NXOS ACI

Orchestration

APIC

REST API

Matrix SwitchQualiSystems

XNC

Security-Defined Routing

Goals

• Demonstrate NX-API

• NX-API is an enhancement to the Cisco Nexus 9000 Series (CLIs) system.

• NX-API uses HTTP/HTTPS to make CLI commands available to the network programmer outside of the switch.

• Demonstrate orchestration of enhanced NX-OS

• Ansible proved interesting because:

• Agentless

• uses Open SSH for transport

• Written in Python

• Improve your value as a network engineer

What do Network Engineers Need?

• A toolset which doesn’t require programming skill to be usable, but allows user written modules if required.

• While existing tools are end node (server) oriented, NetOps need tools which can be used in the hierarchical nature of networks.

• Resources to test automation tools, e.g. virtual routers

• Agents or Agentless?

• Automation tools which don’t require agents running on the end nodes (routers / switches)

• Network Configuration Protocol (NETCONF) defines an XML-based interface between a network device and a network management system to provide a mechanism to manage, configure, and monitor a network device.

• Drawback for IT tools like Puppet and Chef, is they require agents.

• Ansible is great for VARs to upgrade and install equipment for their customers.

NX-API

• What is NX-API?

• Enhancement to the Cisco Nexus 9000 Series command-line interfaces (CLIs) system.

• NX-API support on Nexus 3000 series starting with NX-OS 6.0(2)U4(1).

• Uses HTTP/HTTPS to make CLI commands available to the network programmer outside of the switch.

• Supports show commands, configurations, and Linux Bash.

• Nexus 9Ks in Non-ACI mode

• feature nxapi

HTTP/HTTPS

Ansible

• Ansible began as a project about February of 2012, out of a need for a simpler automation tool than existed in Puppet and Cobbler.

• Does not require custom scripting or code.

• Designed to be easy for anyone to understand and learn.

• Ansible Design Principles:

• Simply Clear no gnarly scripts or custom code

• Simply Fast minimal learning curve

• Simply Powerful toolbox for automation

• Simply Efficient agentless - lightweight and unobtrusive

• Simply Secure no agent on managed hosts – uses OpenSSH

• ANSIBLE HQ in Durham NC

• Ansible Tower adding over two customers a day

Agentless

Efficient Architecture• Open source system automation tool

• Connects to systems and pushes out Python programs - “Ansible Modules”

• Executes modules via SSH and removes the module when finished.

• Modules reside on any machine, no server, databases required.

• Playbooks, written in YAML, configuration, deployment, orchestration language

• Ansible ships with a module library• Ansible is primarily used for working with server operating systems,

• Majority of the modules are focused on server administration.

• Modules can be locally written and added to the library, e.g. https://github.com/joelwking

Ansible Tower: Commercial GUI for Ansible

Lexicon

• Inventory

• Playbooks

• YAML a data serialization format

• Facts

• Variables

• Modules

• Roles

• Idempotent(*)

• Agentless

• Jinja2

(*) http://en.wikipedia.org/wiki/Idempotence

Playbooks

• Playbooks are Ansible’s configuration, deployment, and orchestration language.

• Ansible modules are the tools in your workshop,

• Playbooks are your design plans.

Inventory

Host Inventory is maintained in text files

• INI files are used to define managed hosts

• INI format is human-readable and simple to parse programmatically

• Hosts can be assigned to groups

[sample]localhost ansible_connection=local ansible_ssh_user=administrator

[nexus9k]raleighcarydurham

Variables

Variables can be associated with hosts or groups

~/ansible/

~/ansible/host_vars ~/ansible/group_vars

cat ~/ansible/host_vars/caryhost : 10.255.139.185int_ip : 192.0.2.1

cat ~/ansible/host_vars/raleighhost : 10.255.44.44int_ip : 192.0.2.3

cat ~/ansible/group_vars/nexus9k#int_mask: 255.255.255.255

Variables can also be specified in the playbook.

Modules

• Modules typically are executed through Playbooks

• Playbooks are likely to be managed with a source control / versioning system

• Arguments are specified in the playbook, host_vars, group_vars or host files

• ~/ansible/bin/ansible-playbook -i ansible_hosts/ansible_hosts ./SAMPLE_FILE_XFER.yml

• For ad-hoc tasks, your can run the main Ansible program

• Arguments to the module specified on the command line

• ~/ansible/bin/ansible nexus9k -m nxapi-module.py -a "show=version" -i ./ansible_hosts

• For module development, use the test module

• ~ansible/hacking/test-module -m /tmp/nxapi-module.py -a "show='banner motd' host=10.255.139.185"

Copyright © 2015 World Wide Technology, Inc. All rights reserved.

Software-Defined NetworkingAnsible Nexus 3000 Series Lab

Joel W. KingTechnical Solutions ArchitectEnterprise Networking SolutionsEngineering and Innovations

Demonstrations

• Uses Ansible roles organizational feature for templates, tasks and variable files

• Creates router configuration files base on templates

• Invokes a Python module locally on the initiating host which reads the config files

• Uses nx-api (REST API) to apply the config to the Nexus 9K

Nexus 3000 SeriesTop of Rack Switches

NEX-3048-Enex-3048-bNEX-3048-A

10.255.40.87 Interface mgmt010.255.138.6910.255.40.80

Process Flownxapi_install_config

nxapi_install_config

read configuration file

write log file

REST json-rpc

Nexus nx-api9000 / 3000

Ansible moduleor playbook

json

Argumentshostnamehostuserid pwconfig_filedebug

Generate router configuration files from templates

administrator@api:~/ansible$ more nexus_cfg_builder.yml

---

- name: Generate nexus router config files

hosts: nexus9k

connection: local

gather_facts: no

roles:

- router

administrator@api:~/ansible$ ls ~/ansible/roles/router

tasks templates vars

---

- name: Generate Nexus configuration files

template: src=NEX-9396.j2 dest=/home/administrator/ansible/CFGS/{{hostname}}.txt

main.yml

#no interface loopback{{loopback_number}}interface loopback{{loopback_number}}

description {{hostname}}ip address {{int_ip}}/{{int_mask}}

#ntp server {{ntp_server}}

---ntp_server : 10.255.139.129

NEX-9396.j2

main.yml

[nexus9k]raleighcarydurham

ansible_hosts

host : 10.255.139.185hostname : caryint_ip : 192.0.2.1

host_vars/cary

group_vars/nexus9k

int_mask: 255.255.255.255loopback_number : 99

./bin/ansible-playbook nexus_cfg_builder.yml

Execute the Playbook

• The playbook runs locally on the linux machine, creating the configuration templates

Resulting output files

$ cat NEX-3048-A.txt## Nexus 3K template for Ansible Demo - joel.king@wwt.com - 18 Feb 2015##interface loopback99

description NEX-3048-Aip address 203.0.113.1 255.255.255.255

#no ntp server 10.255.139.129 use-vrf management## if this statement exists you will get an error#ntp server 10.255.139.129 use-vrf management#logging timestamp milliseconds#logging level ftp 7no logging console#copy run start#

Ansible modules to automate Cisco NX-OS switches

https://github.com/datacenter/nxos-ansible

https://github.com/datacenter

https://github.com/joelwking