Very Good Read

Programmability beyond YANG
Application Hosting, Telemetry, and Configuration

Management Tools for IOS XE
Fabrizio Maccioni
BRKRST-2673
Cisco Spark
Questions?  
Use Cisco Spark to communicate  
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• Introduction
• Model Driven Telemetry
• Application Hosting
• Configuration Management
Tools
• DevNet
• Conclusion
4
Introduction
5
Why automation and programmability?
hostname switch1
int g0/0
ip address 10.1.1.11/24
vlan 100,200,300
.
Needs to configure
Administrator
.
.
hostname switch6
int g0/0
ip address 10.1.1.16/24
vlan 100,200,300
BRKRST-2673 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
“By 2020, networking personnel with experience in
Ansible, Python and/or integrating systems via APIs
will receive a 30% salary premium (on
average) over those with only CLI-based skills.”
Andrew Lerner, Gartner: 

https://blogs.gartner.com/andrew-lerner/2017/12/20/pragmatic-data-center-networking/?utm_medium=mailing&utm_campaign=NetAutSol
IOS XE 16.x: Intent-based Network OS
optimized for enterprise networks
wired and wireless access,

Intent-based   aggregation, core, and WAN
Network Infrastructure
open and flexible
standards-based APIs
IOS XE 16.x
IOS XE 16.x: Intent-based Network OS
INTENT CONTEXT
optimized for enterprise networks
wired and wireless access,

Intent-based   aggregation, core, and WAN
Network Infrastructure
open and flexible
standards-based APIs
IOS XE 16.x
IOS XE 16.X enables…
Cisco Solutions 3rd Party Integration DIY Solutions
DNA Center Standards Based Interoperability Custom Development
Model Driven Model Driven
Programmability Telemetry
Zero Touch Guest Shell  

Policy Automation Analytics Provisioning (On Box Python)
SDN Controllers CI/CD Tools NMS Systems App Hosting
Intent-based   Intent-based   Intent-based  

Network Infrastructure Network Infrastructure Network Infrastructure
IOS XE 16.X enables…
Cisco Solutions 3rd Party Integration DIY Solutions
DNA Center Standards Based Interoperability Custom Development
Model Driven Model Driven
Programmability Telemetry
Zero Touch Guest Shell  

Policy Automation Analytics Provisioning (On Box Python)
SDN Controllers CI/CD Tools NMS Systems App Hosting
Intent-based   Intent-based   Intent-based  

Network Infrastructure Network Infrastructure Network Infrastructure
Cisco Catalyst 9000 BRKRST-2673 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Multiple Approaches: Turn-Key or Build Your Own?
Turn Key DIY & 3rd Party
DNA Center and SD-Access Programmability
Model Driven Telemetry
12
IOS XE 
16.6.1
12
Problem Statement: 
Legacy Mechanisms Insufficient for Programmatic Environments
Where Data Is Created Network Where Data Is Useful

rity
ecu es
lete gac
yS Issu
Inc o mp Le Sca
le
SNMP
syslog
• Interface up/down CLI

• Instantaneous config
• Instantaneous topology Storage and
ge
• Flow fingerprints C han ard red Analytics
j e c tto
S tand s tr uctu
• Routes Sub No n Un
Automation not easy with SNMP and CLI
Why this matters now
New Requirements New Capabilities

• Speed and scale
• Quick fault isolation
• Open source applications
• Near real time data availability
• Automated remediation
• Forensic analysis
OPENSOURCE
Export enriched, consistent and concise data with context from

network devices for a better user and operator experience
Periodic or Structured Data Scalable Reduced CPU

On-Change Load
SNMP Syslog Netflow/SFlow YANG
Device Data Models
DATA CENTER ENTERPRISE SP
Pull vs Pull Architecture
Vs
× SNMP Pull ✔ Telemetry Push
Collector
NETCONF RESTCONF gNMI

YANG Data Models
Open Native
Programmable Configuration and Operation
Interfaces
Device Features
SNMP
Physical and Virtual Network Infrastructure Interface BGP QoS ACL …
tcollector
Collector

YANG Data Models
Subscription Publication
Open Native
Programmable Configuration and Operation
Interfaces
Device Features
SNMP
Physical and Virtual Network Infrastructure Interface BGP QoS ACL …
Quick APIs 
Refresh
20
BRKRST-2673
A fre
R
PI sh
e
s 
Configuration Management Today
CLI CLI
A fre
R
PI sh
e
s 
Configuration Management Today
CLIs are for humans
Machines need APIs

CLI CLI
(Open Programmable Interfaces)
A fre
R
PI sh
e
Open Programmable APIs
s 
CLI
Parser
Device Features
Interface BGP QoS ACL …
A fre
R
PI sh
e
s 
Simplified View
CLI
Parser
Device Features
Device 
Interface BGP QoS ACL … Features
A fre
R
PI sh
e
s 
Simplified View
CLI
Parser
Data Model YANG Models
Device Features
Device 
A fre
R
PI sh
e
s 
Simplified View
NETCONF RESTCONF gNMI Protocols

CLI
Parser
Data Model YANG Models
Device Features
Device 
A fre
R
PI sh
e
s 
Data Models
Interface Model definition
“A Data-Model Explicitly and

precisely defines Data Structure,
Syntax and Semantics”
A fre
R
PI sh
YANG Models
e
s 
YANG Models
XML Payload
Data
Gig 1/0/1
“CL rocks!”
enabled
YANG Models ! Data Models defined using the YANG language
A fre
R
PI sh
e
s 
Protocols Comparison

Shared Models
Content Content Content
YANG Model Content
<get> <get-config>   GET, POST 
Operations <edit-config> PUT, DELETE GET, SET
RPC  XML XML, JSON gRPC

Messages
Transport SSH HTTP/HTTPs HTTP2
A fre
R
PI sh
e
XML vs JSON vs YAML 
s 
lightweight, text-based, language-independent data interchange formats
<tag>value</tag> “key”: ”value” key: value
A fre
R
PI sh
e
XML vs JSON vs YAML 
s 
lightweight, text-based, language-independent data interchange formats
<tag>value</tag> “key”: ”value” key: value

{
<interfaces xmlns:=“[…]yang:ietf-interfaces”> "ietf-interfaces:interfaces": { ---
<interface> "interface": [ ietf-interfaces:interfaces:
{ interface:
<name>eth0</name> "name": "eth0”, name: eth0
<type>ethernetCsmacd</type> "type": "ethernetCsmacd”, type: ethernetCsmacd
<location>0</location> "location": "0”, location: 0
<enabled>true</enabled> "enabled": true, enabled: true
<if-index>2</if-index> "if-index": 2 if-index: 2
}
</interface> ]
</interfaces> }
}
A fre
R
PI sh
NETCONF definition 
e
s 
“NETCONF is a protocol defined by the IETF to install, manipulate, and delete the
configuration of network devices”
IOS XE  Protocol Stack

V 1.0 V 1.1 16.3.1 Extensions
Payload Content
• RFC 4741 1.0 • RFC 6241 – 1.1 • RFC 5277
Base NETCONF Base NETCONF Notifications
Protocol Protocol • RFC 5717 Partial Get Operations
Locking
• RFC 4742 • RFC 6242 – • RFC 6243 With
NETCONF over NETCONF over defaults RPC Messages
SSH SSH
• RFC 6020 YANG
SSH Transport
2006 2011
https://tools.ietf.org/html/rfc6241
A fre
R
PI sh
e
NETCONF Highlights
s 
• Transactional
• Either all configuration is applied or nothing
• Avoids inconsistent state
• Both at Single Device and Network-wide level
• Error Management
• OK or error code
• Capability Exchange
ssh -p 830 [email protected] -s netconf

• Models Download from a Device
A fre
R
PI sh
e
s 
REST vs RESTCONF: not the same!
RESTCONF IOS XE 
16.8.1
REST NETCONF RESTCONF gNMI / gRPC
YANG Data Models

GET
Open Native
POST
API PUT
Configuration and Operation
DELETE
Device Features
SNMP
“A framework for client-server communications”

“REST-like protocol for accessing  
YANG models”
RESTCONF Operations 
compared to NETCONF
RESTCONF NETCONF
<get-config>, <get>
GET
<edit-config> (operation=“create”)
POST
<edit-config> (operation=“create/replace”)
PUT
<edit-config> (operation=“delete”)
DELETE
A fre
R
PI sh
e
s 
IOS XE 
gNMI and gRPC 16.8.1
gNMI gRPC
Google  Google 
Network Management Interface Remote Procedure Call
• Network management protocol • carries gNMI

• Manage configuration and view • low-latency, scalable
operational data of network devices • HTTP/2 transport
• Developed by Google
• Modeled using YANG
A fre
R
PI sh
e
s 
gNMI Operations
CAP  Sent to Network Device on first connect

(capabilities)
Prefix Shortcut if Paths share root paths

GET Path(s) Defines what info is gathered
Data Type OPER, CONFIG, ALL)
Like GET Prefix, Path(s)

SET
Type Update, Replace or Delete
A fre
R
PI sh
e
s 
YANG Models and Tools
Presentation ID © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
A fre
R
PI sh
e
s 
https://github.com/YangModels/yang/tree/master/vendor/cisco
A fre
R
PI sh
e
s 
https://github.com/YangModels/yang/tree/master/vendor/cisco https://github.com/mbj4668/pyang
A fre
R
PI sh
e
s 
https://github.com/CiscoDevNet/yang-explorer
A fre
R
PI sh
e
s 
https://github.com/CiscoDevNet/yang-explorer https://developer.cisco.com/site/ydk/
MDT Subscription 
Publications
34
Presentation ID
IOS XE 
Network Subscription 16.6.1
A subscription is a contract between a subscription service and a

subscriber that specifies the type of data to be pushed.
Instruction on:
• What data to collect
• Where to send it and how
• How often
Collector
subscription
subscription service
subscriber
Network Subscription
Subscription Publication
NETCONF RESTCONF gRPC

• Any YANG subtree on device YANG Data Models
• Structured data
Open Native
• XML or JSON encoding
• Periodic or On-change Configuration and Operation
Device Features
SNMP
Types of Subscriptions
On-change
Event occurs
Subscriber
asynchronous notification
Publisher
Datastore
Periodic On-change
Push Tree every ‘X’
secondsdata
Continuous Event occurs
Subscriber Subscriber
regular cadence asynchronous notification
Publisher Publisher
Datastore Datastore
Model Driven Telemetry Operations Examples
git clone https://github.com/maccioni/BRKCRS-2673.git
Periodic subscription
t t t t t t t
Counters / Measures
Periodic subscription RPC
Filter
Period
Xpath-filter:
• XML Xpath filter defining the data object to which you want to subscribe.
Period:
• The time period, in centiseconds (1/100th of a second), between push updates
containing the subscribed information
RPC reply
OK
ID
Notification result:
• useful for error handling
Subscription-id:
• ID assigned to the subscription
IOS XE 
On-change subscription 16.8.1
t t t t t t t
State / Configuration / Identifiers

On-change subscription RPC
Filter
dampening-period
Xpath-filter:
• XML Xpath filter defining the data object to which you want to subscribe.
Dampening Period:
• Send immediately on change
Verify subscription by CLI or…
show telemetry ietf subscription all brief
brief
ID
show telemetry ietf subscription all brief
brief
ID show telemetry ietf subscription all detail

detail
Filter
Period
…by APIs
…by APIs
ng
e r.ya
<get> RPC t-op
E -md
IOS-X
c o-
Cis
…by APIs
ng
e r.ya
<get> RPC t-op
E -md
IOS-X
c o-
Cis
RPC Reply
ID
Period
Filter
Preferred Solution: Type
• error handling
• structured XML data
Delete subscription
Subscriptions can be deleted in two ways:
• Send a delete-subscription RPC with the subscription ID (Preferred)
• Close/disconnect the Netconf session
All subscriptions created over this session will be deleted
delete-subscription RPC
ID
Model Driven Telemetry Demo
47
Model Driven Telemetry in-a-box Demo
Ubuntu VM
IETF Client
NETCONF 
YANG
Cisco Catalyst
9300 BRKRST-2673 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Model Driven Telemetry in-a-box Demo
Ubuntu VM
3
IETF Client
Publications Subscriptions
2 1
NETCONF 
YANG
Cisco Catalyst
Model Driven Telemetry Recap
✔ Telemetry Push
NETCONF / YANG Network Subscriptions
Model Driven Telemetry Recap
IOS XE 
16.6.1
✔ Telemetry Push
IOS XE 
16.8.1
NETCONF / YANG Network Subscriptions
Application Hosting
50
IOS XE 
16.8.1
Application Hosting
50
Networking today...
Catalyst 9000
x86 CPU Linux-based OS Memory/Storage
Enables Fog Computing, hosting containers and 3rd party apps

BRKRST-2673 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Fog Computing, intelligence at the Edge 
Network Compute Storage
Unified Platform
Unified Platform
CLOUD
STORE ANALYZE ACT NOTIFY
Unified Platform
EDGE/FOG
ANALYZE NOTIFY ACT STORE
Use Cases enabled by App Hosting
Cloud Gateways with

IT Operations & Security Agents & Serverless Edge Customer Specific
Monitoring Tools Functions Compute Applications
Reduce App Latency

Consolidate Physical Enhance Visibility & Derive New Insights
& 
Infrastructure Security Enforcement and Respond
Optimize App Traffic
Container Basics & Terminology
}
App A App B
• Virtual Machine 
Bins/Libs Bins/Libs
GBs
Guest OS Guest OS
Includes application, binaries & libraries, an
Hypervisor
entire guest OS.  Host OS
Server
• Linux Container (LXC) 

OS level virtualization method for running
App A
Bins/Libs
App B
Bins/Libs
} MBs
multiple isolated Linux systems (containers) on Host OS
a single control host.  Server
• Docker Container  
format for Linux containers that makes the App A
Bins/Libs
App B
Bins/Libs
} MBs
process of creating and maintaining containers
Docker Engine
easier. Host OS
Server
Container Basics & Terminology
}
App A App B
• Virtual Machine 
Bins/Libs Bins/Libs
GBs
Guest OS Guest OS
Includes application, binaries & libraries, an
Hypervisor
entire guest OS.  Host OS
Server
• Linux Container (LXC) 

OS level virtualization method for running
App A
Bins/Libs
App B
Bins/Libs
} MBs
multiple isolated Linux systems (containers) on Host OS
a single control host.  Server
no native support on IOS XE

• Docker Container   yet App B }
format for Linux containers that makes the App A
Bins/Libs Bins/Libs
MBs
process of creating and maintaining containers
Docker Engine
easier. Host OS
Server
IOS XE  
Application Hosting
Application Hosting in Enterprise Platforms
VMAN Cisco Application Framework (CAF)/IOx
VM VM VM LXC LXC Multiple Apps
IOS  Custom 
Control 
Plane App
Kernel Kernel Kernel
Host OS (IOS XE Kernel)
LXC: Linux Container
Application Hosting in Enterprise Platforms
This Session
VMAN Cisco Application Framework (CAF)/IOx
VM VM VM LXC LXC Multiple Apps
IOS  Custom 
Control 
Plane App
Kernel Kernel Kernel
LXC: Linux Container
Application Hosting Framework
External Management Interfaces Coming 
Soon
IOx Client Fog Director DNA-C
On-Box Management Interfaces
REST
REST
REST
CLI Local Manager
REST
Cisco Application Framework (CAF)/IOx
VM VM LXC LXC
Custom 
App
Kernel Kernel
Demo 
IOx Management Interfaces: DNA-Center @ WoS
Demo 
IOx Management Interfaces: DNA-Center @ WoS
Enterprise Single Pane of Glass
Consistent DNA-C workflows

App Store
App Lifecycle
Provisioning of multiple devices

Change management
Integrated with DNA-C Assurance
Apps deployed at run time for Monitoring and

Troubleshooting
Enterprise Application
Standalone DNAC Automated DNAC Integrated
Infrastructure programmability and
Infrastructure programmability hosting services, with DNA Center
hosting services, with DNA Center
and hosting services only provided automation, assurance, APIs,
provided automation, assurance, APIs
and DNA Center integrated UI/UX
Enterprise Application
Standalone DNAC Automated DNAC Integrated
Infrastructure programmability hosting services, with DNA Center
hosting services, with DNA Center
and hosting services only provided automation, assurance, APIs,
provided automation, assurance, APIs
and DNA Center integrated UI/UX
App Hosting 
Enterprise Platforms
App Hosting Enterprise Platforms
• Catalyst 9000  IOS XE 

16.8.1
9300, 9400, 9500
Future
• ISR4K 
ISR4321, ISR4331, ISR4351, ISR4431, ISR4451
• ASR1K  Future
ASR 1001-X (HX), ASR 1002-X (HX), CSR
FY
Cat9k HW Resources
I
App Hosting
Total Total  Core  Max 
Platform Memory  CPU  Spedd  Storage USB Storage
(GB) Cores (GHz) (GB) Memory CPU  M2 SATA
Cores USB 2.0 USB 3.0
(GB) units Storage
(front) (back)
Catalyst 2 1 5032 8 120 N/A
8 4 1.8 120
9300
240 
Catalyst
16 4 2.4 960 8 1 7400 8 N/A 480 
9400
960
Catalyst
16 4 2.4 120 8 1 7400 8 120 N/A
9500
*Apps CANNOT be installed into the flash, they need to be installed in USB/SATA storage. Note: Guestshell has access to the flash
** Cisco advise not to use Front Panel USB ports for App Hosting. Caveats, it is the only option available in IOS XE 16.8.1 
** Support for USB 3.0 and SATA SSD Storage for App Hosting is targeted for IOS XE 16.9.1
Catalyst 9K– New External Storage Options
Cat 9300/9500 Cat 9400
USB 3.0 M2 SATA

120GB 240/480/960GB
Plug into
Back Panel
removable SUP
For Local Storage* and App Hosting**

IOS XE 16.8.1 only front panel USB 2.0 can be used for App Hosting
* IOS XE 16.8.1 **IOS XE16.9.1 BRKRST-2673 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
App management and
configuration
App Lifecycle Management
app-hosting install appid perfsonar package usbflash0:perfsonar.tar
app-hosting activate appid perfsonar
app-hosting start appid perfsonar
install activate start
uninstall deactivate stop
app-hosting stop appid perfsonar
app-hosting deactivate appid perfsonar
app-hosting uninstall appid perfsonar package
Application Hosting: Virtual Port Group
VPG
• maps to a Linux bridge IP address  C9K
SVI interface of the Linux switch Container
vNIC 0
Container
vNIC 0 vNIC 0
VM
vNIC 1
10.0.0.2 10.0.0.3 10.0.0.6 10.0.0.5
• multiple interfaces per VPG 

Linux-bridge
each mapping to a different VM or container
IOS XE VPG interface
• multiple interfaces per container
10.0.0.1/24
SVI
Bridging Routing
vNIC 12.0.0.1/24
E0/0/1 E0/0/2 E0/0/3 E0/0/11 E0/0/12 E0/0/13
• container standard Ethernet interface L2 interface* L3 interface

12.0.0.1/24 12.0.0.2/24
*L2 not supported yet
Application Hosting: Virtual Port Group
VPG
• maps to a Linux bridge IP address  C9K
SVI interface of the Linux switch Container
vNIC 0
Container
vNIC 0 vNIC 0
VM
vNIC 1
10.0.0.2 10.0.0.3 10.0.0.6 10.0.0.5
• multiple interfaces per VPG 

Linux-bridge
each mapping to a different VM or container
IOS XE VPG interface
• multiple interfaces per container
10.0.0.1/24
SVI IOS XE 

Future Bridging Routing 16.8.1
vNIC 12.0.0.1/24
E0/0/1 E0/0/2 E0/0/3 E0/0/11 E0/0/12 E0/0/13
• container standard Ethernet interface L2 interface* L3 interface

12.0.0.1/24 12.0.0.2/24
*L2 not supported yet
App Network Configuration
Virtual Port Group
1. config IOS XE
LXC/VM interfaces
console connection
2. connect to container
app-hosting connect appid wireshark console
Management interface
3. configure container 
interfaces
interface connected to VPG
Applications list
Applications list
App ID State
show app-hosting list
Applications list
Type
App ID State
Resources
show app-hosting list
show app-hosting detail
Network
HW Resources
show app-hosting resource
Storage
Device Total and Available

resources for Apps
Memory
CPU
Application
Development
Anatomy of IOx an Application
IOx App
resource
network limit
console storage
Application
Descriptor
Development Flow
Container
Workflow
rootfs
(ext2)
- artifacts.tgz
VM IOx Client - package.yaml
- package.mf
Workflow package.tar
Disk Img
(Qcow2)
IOx Application Descriptor: LXC workflow
App Info
Type: LXC
HW Resources
Application 
Descriptor Network int
Startup
IOx Application Descriptor: KVM workflow
App Info
Type: VM
HW Resources
Application 
Descriptor Network int
qcow2 image
Use Cases
Demoed 
Performance Monitoring @ CL
Catalyst 9K Cisco UCS
Traffic Analysis VPG
VM int
IOX VM-202
IOS XE
Config
eth1  ERSPAN
VPG   30.30.30.10
30.30.30.1/24 G1/0/45 UCS int
Cat9K ERSPAN
G1/0/45 G1/0/46
vlan 30 vlan 30
eth1  eth1  mgmt IP

30.30.30.45 30.30.30.46
VM
ifconfig
ERSPAN dest IP
Traffic Analysis VPG
VM int
IOX VM-202
IOS XE
Config
eth1  ERSPAN
VPG   30.30.30.10
30.30.30.1/24 G1/0/45 UCS int
Cat9K ERSPAN
G1/0/45 G1/0/46
vlan 30 vlan 30
eth1  eth1  mgmt IP

30.30.30.45 30.30.30.46
VM
ifconfig
ERSPAN dest IP
Application Hosting Demo
PerfSonar GUI
78
Application Hosting Demo WoS 
Demo
PerfSonar GUI
78
App Hosting Recap
App Hosting Recap
IOS XE 
16.8.1
Configuration
Management 
Tools
80
Configuration Management Tools
“Automate device configuration in a consistent fashion at scale”
Desired State
(Intent)
CMT Server Device
Main Benefits:
• Automated provisioning • Facts
• Consistency • Version control (infrastructure as code)
• Declarative Intent • Open Source
• Idempotency
Configuration Management Tools
“Automate device configuration in a consistent fashion at scale”
configuration
CMT Server Device
Main Benefits:
• Automated provisioning • Facts
• Consistency • Version control (infrastructure as code)
• Declarative Intent • Open Source
• Idempotency
Most Popular Configuration Management Tools
Most Popular Configuration Management Tools
Enterprise Customers
Focused
Configuration Management Tools Comparison
FY
I
Software
Python Ruby Ruby Python
Language
Script  Playbook Manifest  Recipe 
SLS Formula
names Role Module Cookbook
Script YAML  YAML 

Puppet DSL Ruby DSL
Language Jinjia2 templates Jinjia2 templates
traditionally agent Agent Based 

Architecture agentless Agent Based
based “minions”
Open Source
any server Puppet Master Chef Server Salt Master
Management
Enterprise Salt Stack
Ansible Tower Puppet Enterprise
Management Enterprise
http://docs.ansible.com/
https://puppet.com/blog/ https://
ansible/latest/ https://docs.chef.io/
Get Started intro_getting_started.ht how-get-started-puppet- quick_start.html docs.saltstack.com/en/
beginners-guide getstarted/overview.html
ml
Architecture: agent vs agent-less
Intent Intent
NETCONF RESTconf gRPC

CLI
Parser
Data Model
Device Features
Intent Intent

Puppet  CLI
Agent Parser
Data Model
LXC Device Features
LXC: Linux Container BRKRST-2673 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Intent Intent
CLI 
Intent NETCONF
config CLI
Puppet 
Agent Parser
Data Model
LXC Device Features
TODAY
Intent Intent
CLI 
Intent NETCONF
config CLI
Puppet 
Agent Parser
Data Model
LXC Device Features
Architecture: agent-less + APIs
North Star
Intent
All Platforms

CLI
Parser
Data Model
Device Features
* not committed by ISV (independent software vendor) © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Architecture: agent-less + APIs
FY
I
North Star
Intent
All Platforms

CLI
Parser
Data Model
Device Features
* not committed by ISV (independent software vendor) © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
86
Ansible Strengths
http://www.meetup.com/AnsibleSF/events/232761994/
Ansible Strengths
• Everybody talks about Ansible!!
• Simple to install and get started
• Written in Python
• Servers, Application and Networking
• Roles, Variables, Templates
Ansible Strengths
• Everybody talks about Ansible!!
• Simple to install and get started
• Written in Python
• Servers, Application and Networking
• Roles, Variables, Templates
• Agentless!
• Agentless!!
• Agentless!!!
Ansible Installation and Configuration Reference
git clone https://github.com/maccioni/cisco-ansible.git
Ansible Install
Requires Python 2.6 or 2.7

pip install
Python 3 Tech Preview only
pip install ansible
http://docs.ansible.com/ansible/latest/intro_installation.html
Ansible Configuration File
• Control Operation of Ansible

• Default:
/etc/ansible/ansible.cfg
• Common overrides: Inventory File
ansible.cfg in current directory
.ansible.cfg in home directory
ANSIBLE_CONFIG env variable
http://docs.ansible.com/ansible/latest/intro_configuration.html
Ansible Inventory
Define the hosts and group of hosts

group
• hosts by IP or FQDN range
• groups [<group-name>]
• Optional parameters
nested groups
host parameter
group parameter
Ansible Device Authentication based on keys
Default and Recommended Ansible Server

Key-gen
1. Generate Keys on Ansible server:
ssh-keygen
2. Copy Public Key to remote hosts

copy keys
ssh-copy-id [email protected]
Ansible Device Authentication based on Passwords
Many Options
• Inventory file
[all:vars] 
username=cisco
password=cisco
• External variable file
• Environment Variables
export ANSIBLE_NET_USERNAME=cisco 
export ANSIBLE_NET_PASSWORD=cisco
• Ansible command line
ansible-playbook ios_banner.yaml -u admin -k
• Ansible Vault
Ansible Taxonomy
Role
Playbook
Play
Task
Module
Ansible Taxonomy
Role
• Role: a set of Playbooks (repeatable standard config)
Playbook
• Playbook: a YAML file with one or more Plays
Play
• Play: a set of tasks
Task
• Task: single action that references a module
Module
• Module: reusable, standalone scripts
Ansible Playbook Example
http://docs.ansible.com/ansible/latest/YAMLSyntax.html
Playbook
Playbook
Play
Playbook
Play
Task
Playbook
Play
Task
Module
Ansible Playbook Run
To run an playbook 
ansible-playbook <playbook>.yaml [options]
Common options:
-u admin -k. username and password at runtime
-l 172.26.249.42 single or list of hosts
-i ./hosts overrides inventory files
-v verbose output
-vvvv connection debug
Ansible Variables and Loops
Referenced as {{ variable }}
external file 
Defined in many different ways: list example
• Environment variables
{{ inventory_hostname }}
• Defined in host_vars or group_vars   external file
./host_vars/172.26.249.48.yaml 
./group_vars/ios-xe.yaml imported list
• Defined in external files 

list item
vars_files: filename.yaml
• Variables used in Loops 
with_items: variable
Ansible Templates
Playbook
interface list
te te file
• Based on Jinja2 pla era
tem gen
• Supports loops, conditions and more
• Implemented in the template module hostname
• Attributes:
mgmt int config
• src: template file
Loop
• dest: directory to store generated files Jinja2 Template
Range
http://docs.ansible.com/ansible/latest/playbooks_templating.html
ule
Ansible Documentation mod
loca
tion
• Main documentation page:

ons
opti
http://docs.ansible.com/ansible/latest/index.html
• Ansible modules:
ansible-doc ios_vrf
mp les
exa
Ansible 2.4 Core Modules for IOS/IOS XE
• ios_banner Manage multiline banners

• ios_command Run commands on remote devices
• ios_config Manage Cisco IOS configuration
• ios_facts Collect facts from remote devices
• ios_interface Manage Interface
• ios_logging Manage logging
• ios_ping Tests reachability
• ios_static_route Manage static IP routes
• ios_system Manage System attributes
• ios_user Manage of local users
• ios_vrf Manage VRF definitions
IOS XE Playbook Example
https://docs.ansible.com/ansible/list_of_network_modules.html#ios
Ansible 2.5
• Additional Modules and Platforms (Cisco NSO)

• New Connection Types (network_cli and netconf)
• Persistent SSH Connection Improvements
• Continued Enablement for Declarative Intent
• To install a specific release

pip install ansible==2.5.0rc1
https://releases.ansible.com/ansible/
Ansible 2.5 New Core Modules for IOS/IOS XE
• ios_l2_interface Manage Layer-2 interface

• ios_l3_interface Manage L3 interface
• ios_linkagg Manage port channels
• ios_lldp Manage LLDP config
• ios_vlan Manage VLANs
IOS XE Playbook Example
Ansible 2.5: new connections
• Linux Host vs Network Device

Playbooks are usually executed on the remote host
For networking devices:
• playbooks are executed locally 
(connection:local)
• connection to device using providers
• with Ansible 2.5 no need for local connection!!

• Allows playbooks to look, feel and operate just  
like Linux hosts.
Ansible 2.5: netconf connection
Ansible 2.4 Ansible 2.5
connection local
parameters
• connection type defined in:

• -c netconf option at runtime
• ansible_connection=netconf in the hosts file
• Less parameters per tasks
• Same options available for Linux hosts
Ansible 2.5: Persistent SSH Connection
• Before Ansible 2.3

a new SSH connection for every task!!
• Ansible 2.3 introduced the Persistent SSH connection:

SSH connection open for 30 seconds after the playbook completed and can
be reused by other playbooks
• Ansible 2.5 enhancement:

connection shut down immediately at the end of a playbook run for Security
Ansible 2.5: Declarative Intent
• Introduced in Ansible 2.4

• help verify Configuration and Operational State
• Ansible 2.5 enhancement for IOS
IOS Module Parameter

state 
neighbors 
ios_interface rx_rate 
tx_rate
state 
ios_vlan interface
ios_vrf interfaces Interface Example
Ansible Demo
107
108
Puppet: Agent-less Architecture for Networking
Linux Server
Cisco Catalyst
Puppet: Agent-less Architecture for Networking
Linux Server
NETCONF 
YANG
Cisco Catalyst
Cisco Catalyst 9000 CI/CD with Puppet
CentOS VM
Cisco Catalyst BRKRST-2673 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
CentOS VM
1 Puppet code
Manifests
2 Checkpoint NETCONF 
Save 
3 Config 4 Validation 5
Config YANG
Cisco Catalyst BRKRST-2673 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
CentOS VM
1 Puppet code
Manifests
2 Checkpoint NETCONF
3 Config
Tech 
Field  
Day
Cisco Catalyst BRKRST-2673

http://techfieldday.com/event/cleur18/
CentOS VM
1 Puppet code
Manifests
2 Checkpoint NETCONF
3 Config 4 Validation 5 Rollback
Tech 
Field  
Day
Cisco Catalyst BRKRST-2673

http://techfieldday.com/event/cleur18/
Configuration Management Tools Recap
2.5
Desired State
(Intent)
CMT Server Device
Configuration Management Tools Recap
2.5
configuration
CMT Server Device
DevNet
113
Cisco DevNet
• Learning Labs
• Sandboxes
• API Documentation
• Python, YDK, REST
• And More!
https://developer.cisco.com/
IOS XE on DevNet
https://developer.cisco.com/site/ios-xe/
FY
IOS XE on DevNet
I
https://developer.cisco.com/site/ios-xe/
DevNet Cat9K Sandbox
Cat9K Sanbox
Cisco DevNet video course: 
from understanding and using JSON, XML and YAML to Edge computing!
https://developer.cisco.com/video/net-prog-basics?utm_campaign=programmability-us&utm_source=ptwitter-engineer&utm_medium=devnet-video
FY
Cisco DevNet video course: 
I
from understanding and using JSON, XML and YAML to Edge computing!
https://developer.cisco.com/video/net-prog-basics?utm_campaign=programmability-us&utm_source=ptwitter-engineer&utm_medium=devnet-video
Conclusion
118
Call to Action
• Build your Programmability Skills

• Start from Cisco DevNet: 
https://developer.cisco.com/
Q&A
120
Complete Your Online  
Session Evaluation
• Give us your feedback and receive
UPDATE
a Cisco Live 2018 Cap by
completing the overall event
evaluation and 5 session
evaluations.
• All evaluations can be completed
via the Cisco Live Mobile App.
Don’t forget: Cisco Live sessions will be

available for viewing on demand after the
event at www.CiscoLive.com/Online.
Thank you
122

Very Good Read

Uploaded by

Copyright:

Available Formats

Very Good Read

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Very Good Read

Uploaded by

Copyright:

Available Formats

Programmability beyond YANG

Application Hosting, Telemetry, and Configuration

Andrew Lerner, Gartner:

optimized for enterprise networks

wired and wireless access,

wired and wireless access,

Zero Touch Guest Shell

Intent-based Intent-based Intent-based

Zero Touch Guest Shell

Intent-based Intent-based Intent-based

DNA Center and SD-Access Programmability

Model Driven Telemetry

Where Data Is Created Network Where Data Is Useful

• Interface up/down CLI

New Requirements New Capabilities

Export enriched, consistent and concise data with context from

Periodic or Structured Data Scalable Reduced CPU

SNMP Syslog Netflow/SFlow YANG

Device Data Models

DATA CENTER ENTERPRISE SP

× SNMP Pull ✔ Telemetry Push

NETCONF RESTCONF gNMI

Programmable Configuration and Operation

NETCONF RESTCONF gNMI

Programmable Configuration and Operation

CLIs are for humans

Machines need APIs

(Open Programmable Interfaces)

Interface BGP QoS ACL …

NETCONF RESTCONF gNMI Protocols

“A Data-Model Explicitly and

YANG Models ! Data Models defined using the YANG language

NETCONF RESTCONF gNMI

RPC XML XML, JSON gRPC

Transport SSH HTTP/HTTPs HTTP2

<tag>value</tag> “key”: ”value” key: value

<tag>value</tag> “key”: ”value” key: value

IOS XE Protocol Stack

ssh -p 830 [email protected] -s netconf

REST NETCONF RESTCONF gNMI / gRPC

YANG Data Models

“A framework for client-server communications”

• Network management protocol • carries gNMI

CAP Sent to Network Device on first connect

Prefix Shortcut if Paths share root paths

Like GET Prefix, Path(s)

A subscription is a contract between a subscription service and a

NETCONF RESTCONF gRPC

regular cadence asynchronous notification

git clone https://github.com/maccioni/BRKCRS-2673.git

State / Configuration / Identifiers

ID show telemetry ietf subscription all detail

NETCONF / YANG Network Subscriptions

NETCONF / YANG Network Subscriptions

x86 CPU Linux-based OS Memory/Storage

Enables Fog Computing, hosting containers and 3rd party apps

Network Compute Storage

Network Compute Storage

STORE ANALYZE ACT NOTIFY

Network Compute Storage

Andrew Lerner, Gartner: 

Zero Touch Guest Shell  

Intent-based   Intent-based   Intent-based  

Zero Touch Guest Shell  

Intent-based   Intent-based   Intent-based  

RPC  XML XML, JSON gRPC

IOS XE  Protocol Stack

CAP  Sent to Network Device on first connect

• Linux Container (LXC) 

• Linux Container (LXC) 

• Catalyst 9000  IOS XE 

• multiple interfaces per VPG 

• multiple interfaces per VPG 

SVI IOS XE 

eth1  eth1  mgmt IP

eth1  eth1  mgmt IP

Script YAML  YAML 

traditionally agent Agent Based 