Devnet 2000

DEVNET-2000
ACI Programmability
Fundamentals
Start programming your APIC today!
John McDonough, Technical Leader, DevNet

Devarshi Shah,Technical Marketing Engineer, DCG
Agenda
• Exploring the ACI Object Model and REST API
• ACI Programmability with Python and ACI Toolkit
• ACI Meets NetDevOps in Ansible and Terraform!
DEVNET-2000 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
The ACI Object Model
• Everything in ACI is an Object
• Object Class identifies its type
• Parent/Child relationships
between object
• 1 Parent to Many Children
• Assembled, create the MIT
• Everything builds from “root”
• Aka “uni”
Object Model & REST API = Foundation of
Programmability
• ACI designed as “API First”
• Everything built on top of the Python
Web ACI vSphere
REST API GUI
Cobra
Toolkit Plugin
SDK
• APIC GUI
• Cobra SDK
• PyACI REST API
• ACI Toolkit
• Plugins APIC Management
• ACI Kubernetes Integration
Information Model (MIM)
An Object by any other name…
Example:
• Objects have 2 names
• Relative Name (RN)
• Identify object related to “siblings”
• Unique within a parent object
• Distinguished Name (DN)
• Unique identification within MIT
• Series of Relative Names building to Mr. Smith Tom Smith Jill Smith
“uni/sys”
First names (relative) are used at
home.
But full names (distinguished)

are needed in larger contexts.
Sample ACI Object Names
Object Example RN Example DN Class
System uni uni uni
Tenant tn-Heroes uni/tn-Heroes fvTenant
VRF/Context ctx-Development uni/tn-Heroes/ctx-Development fvCtx
Bridge Domain BD-Web uni/tn-Heroes/BD-Web fvBD
Subnet subnet—10.1.2.1/24 uni/tn-Heroes/BD-Web/subnet—10.1.2.1/24 fvSubnet
Application Profile ap-Save_The_Planet uni/tn-Heroes/ap-Save_The_Planet fvAp
EPG epg-Database uni/tn-Heroes/ap-Save_The_Planet/epg-Database fvAEPg
Client Endpoint cep-0000.1111.2222 uni/tn-Heroes/ap-Save_The_Planet/epg-Database/cep- fvCEp
0000.1111.2222
Filter flt-HTTP uni/tn-Heroes/flt-HTTP vzFilter

Contract brc-Web_Services uni/tn-Heroes/brc-Web_Services vzBrCP
Contract Subject subj-HTTP uni/tn-Heroes/brc-Web_Services/subj-HTTP vzSubj
Full ACI Model Reference: https://developer.cisco.com/site/aci/docs/apis/apic-mim-ref/
Things to Know about the ACI REST API
• Leverages token in cookie or
certificate based authentication
• Uses .json and .xml within
URI instead of Content-Type
and Accept headers to indicate
data format
• API will target specific class type
or managed object (mo)
• REST API Guide available on
Cisco.com
ACI REST API URI Construction
https://<ADDRESS>/api/<QUERY TYPE>/<IDENTIFIER>.<FORMAT>[?<QUERY PARAMS>]
• api - The main entry point for ACI API REST requests.
• QUERY TYPE
• node/class – Query and return all instances of a given class
• node/mo – Target a specific instance of an object from the MIT
• IDENTIFIER - Class Name or Distinguished Name
• FORMAT – Identify XML or JSON as type of content

• * Used instead of HTTP Headers
• [?<QUERY PARAMS>] - optional parameters that impact returned results.

• Examples:
• query-target – Return Scope (self, children, subtree)
https://10.10.10.1/api/class/pcAggrIf.json?query-target=subtree
ACI REST API URI Construction Continued
https://<ADDRESS>/api/<QUERY TYPE>/<IDENTIFIER>.<FORMAT>[?<QUERY PARAMS>]
• [?<QUERY PARAMS>] - optional parameters that impact returned results.
• Examples:
• query-target-filter – Limit returned objects for Class Queries
https://10.10.10.1/api/class/fabricNode.json?query-target-filter=eq(fabricNode.role,"controller")
• rsp-subtree – Return Scope (no | children | full)
https://10.10.10.1/api/class/compHv.json?rsp-subtree=full
• rsp-subtree-class – Limit returned objects for a Class Queries in the subtree
https://10.10.10.1/api/class/mgmtMgmtIf.json?rsp-subtree-class=eqptIngrBytes5min
• rsp-subtree – Request additional objects (fault-count | health | stats | relations | ..)
https://10.10.10.1/api/class/compHv.json?rsp-subtree-include=relations,fault-count
ACI REST API CRUD Operations
HTTP Method Details
GET Return an object by DN or all instances of a class
POST Create a new instance of an object or Update details
about an existing object.
DELETE Delete an object
Setup Postman Environment for ACI APIC
• Add variables for host, and
credentials
• Reference anywhere with
{{variable name}} syntax
APIC Login Request
• APIC uses a ticket (token) for
authenticating API calls
• POST to /api/aaaLogin.json
with credentials to receive token
• Once logged in, Postman
automatically includes token in
further requests as session
cookie
Step 2: Query for All Tenants in Postman
• Query the Tenant Class
• GET
/api/node/class/fvTenant.json
• .json indicates JSON is

preferred. .xml is also
supported
• Send and review response
Step 3: Create a New Tenant
• Target the root object of uni
• POST
/api/node/mo/uni.json
• .json indicates JSON is

preferred. .xml is also
supported
• Provide new object definition in
body
• Send and review response
ACI Network Programmability Scripting Options
Direct API
Software
Pros: “Toolkits”
Development Kit
Limitless options Pros:
Pros:
Any Encapsulate common use cases
language/method Language Wrapper of
API Less code
Cons:
Simplifies Syntax and Cons:
Raw API syntax Management Not 100% Coverage
Session Management Cons: Availability
Individual Atomic Availability
Actions
Atomic API Interactions
ACI Toolkit
• Python Libraries for Working with
APIC Controller
• Designed to quickly enable users
to use REST APIs
• Available on GitHub
• https://github.com/datacenter/acitool
kit
• Docs
• http://acitoolkit.readthedocs.io
Automating ACI with
Python and the ACI
Toolkit
ACI Programmability to Go - ACI Toolkit
Sample Scripts
Toolkit Library
Toolkit Applications
Get Started with the Toolkit Library
• Open a Python interpreter and
get started
• python –m idlelib.idle
• Import ACI Toolkit
• Create a Session and Login to

the APIC
• Use the toolkit to create, query or
modify objects in ACI
netprog_basics/network_controllers/aci/device_info.py
netprog_basics/network_controllers/aci/toolkit_getting_started.py
ACI Toolkit Object Models
• ACI Toolkit provide a simple, user Context
friendly object model

BridgeDomain Subnet
• Python classes for developer to
work with
AppProfile EPG
• Three areas of objects Tenant
• Application Topology Object Model OutsideEPG
• Interface Object Model

• Physical Topology Model Contract ContractSubject
Filter
* Partial representation of the Application Topology Object Model
Working with ACI Toolkit Objects
• Query APIC for Objects with • View native ACI object definition
Class.get() method new_tenant.get_json()
tenants = Tenant.get(session) • Push updates to APIC
• Create new object as instance of session.push_to_apic(
class new_tenant.get_url(),
data=new_tenant.get_json()
new_tenant = )
Tenant(“MyTenant”)
• Attach objects with methods
new_bd.add_context(new_vrf)
Sample Scripts $ cd samples/
$ ls *tenant*
aci-copy-tenant-config.py
• “acitoolkit/samples” directory aci-get-tenantObject-from-json.py
aci-show-tenant-health.py
• Many examples to run or use as aci-create-tenant.py
starting points aci-show-tenant-detail.py
aci-show-tenants.py
aci-delete-tenants.py
aci-show-tenant-faults.py
aci-subscribe-tenants.py
$ ls *epg*
aci-attach-epg-to-interface.py
aci-create-epg.py
aci-epg-reports-in-yaml.py
aci-attach-epgs-with-contract.py
aci-create-microepg.py
aci-show-epgs.py
Toolkit Applications – ACI Diagram
$ ls acitoolkit/applications/
• ”acitoolkit/applications”
aci-diagram
directory configpush
eventfeeds
lint
reports
testharness
cableplan
connection_searchinheritance
multisite
search
visualizations
cli
endpointtracker
intraepg
http://acitoolkit.readthedocs.io/en/latest/applications.html object_browser
snapback
Toolkit Applications – ACI Diagram
Demo Time!
Cobra Python SDK and PyACI
• Comprehensive SDK and Python binding for building Python
applications with ACI
• Cobra Python packages
• acicobra: for interacting with APIC
• acimodel: a model of the MIT
• Cobra Download from APIC Controller
• https://<apic address>/cobra/_downloads
• PyACI Download
• https://github.com/datacenter/pyaci
• Docs
• https://pyaci.readthedocs.io/en/latest/
• https://cobra.readthedocs.io
ACI Meets NetDevOps
in Ansible and Terraform
Terraform is an Infrastructure Resources Manager
• Compose and combine infrastructure resources to build

and maintain a desired state
• Plan and execution are distinct actions
• Manages all resources through APIs
• Resources and data can be re-used within modules
• Terraform use core and plugins components for basic
functions and extensibility
How to install it?
• Go to www.terraform.io/download.html
• Pick you platform

• Unzip
• Move binary somewhere in your PATH
(e.g: /usr/local/bin)
• Run terraform commands
Terraform defines a high level syntax
• Resources are declared in TF file
• Syntax is HCL – HashiCorp Configuration Language
• Human understandable
Connecting to ACI
• You can use user/password or certificate base authentication
• Certificates based authentication is recommended though
path to user private key
Name of cert object in ACI
APIC address
Arguments are used to compose Resources
Type of resource Name of the resource
Project folder
main.tf
variables.tf
terraform.tfvars
Manage Relation Source Objects
• ACI leverages objects to build relations to other nodes in different part of the tree
• These objects are represented as arguments under the target Terraform resource
• Example with EPG that can have relation to VMM domain (fvRsDomAtt), Bridge-
Domain (fvBD) and Contract consumer/provider (vzBrCP)
“uni/vmmp-VMware/dom-VDS01”
“bd1”
“Web”
ACI Provider Resources
Available Resource Data Source
aci_tenant
aci_vrf
aci_bridge_domain
aci_subnet
aci_application_profile
aci_application_epg
aci_contract
aci_contract_subject
aci_filter
aci_filter_entry
aci_vmm_domain
aci_l3_outside
aci_external_network_instance_profile
aci_rest
Demo Time!
Now in Ansible! – ACI Modules
• Ansible includes many network
modules by default
• Includes Cisco as well as many
other vendors
• Over 65+ ACI Modules with MSO
modules added in 2.8
• ACI modules available with
Ansible 2.4 onwards
Subset of available modules shown
http://docs.ansible.com/ansible/latest/list_of_network_modules.html
Summing Up
Explore More and Get Hands On
• ACI Programmability Workshop • ACI Cloud APIC Workshop
• DEVWKS-2001 • DEVNET-2603
• ACI Terraform Workshop • REST API Documentation
• DEVWKS-1344 • http://cs.co/ACI_API
• ACI Programmability Learning Labs • ACI Toolkit Documentation
• http://cs.co/DevNet_ACI • https://acitoolkit.readthedocs.io
• Always-On ACI Sandbox • Cobra SDK Documentation
• http://cs.co/ACI_SBX • https://cobra.readthedocs.io
• ACI on DevNet • ACI Ansible Documentation
• https://developer.cisco.com/aci • http://cs.co/ansible_net
• Code Samples • Terraform-ACI Provider and GO SDK
• https://github.com/datacenter/aci • Terraform ACI Provider
• ACI Go Client
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#DEVNET-2000
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
Don’t forget: Cisco Live sessions will be available for viewing

on demand after the event at ciscolive.cisco.com
Continue Your Education
Demos in Meet the Related

Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings
Thank you

Devnet 2000

Uploaded by

Copyright:

Available Formats

Devnet 2000

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Devnet 2000

Uploaded by

Copyright:

Available Formats

What is the ACI object model and how are objects named in ACI?

What is the ACI object model and how are objects named in ACI?

What is the foundation of ACI programmability?

What is the foundation of ACI programmability?

DEVNET-2000

John McDonough, Technical Leader, DevNet

But full names (distinguished)

Filter flt-HTTP uni/tn-Heroes/flt-HTTP vzFilter

Full ACI Model Reference: https://developer.cisco.com/site/aci/docs/apis/apic-mim-ref/

• IDENTIFIER - Class Name or Distinguished Name

• FORMAT – Identify XML or JSON as type of content

• [?<QUERY PARAMS>] - optional parameters that impact returned results.

• .json indicates JSON is

• .json indicates JSON is

• Create a Session and Login to

friendly object model

• Three areas of objects Tenant

• Application Topology Object Model OutsideEPG

• Interface Object Model

* Partial representation of the Application Topology Object Model

• Compose and combine infrastructure resources to build

• Pick you platform

path to user private key

Name of cert object in ACI

Subset of available modules shown

Don’t forget: Cisco Live sessions will be available for viewing

Demos in Meet the Related

You might also like