Kelser Blog, Media, and News | Connecticut IT Consulting Blog

Cisco Nexus 9000 Automation

Written by Kelser | December 30, 2015

Network automation is right up there with automated server provisioning, to accelerate the development and advancement of applications and services. A common example, might be: “There’s a problem in production and I need to clone my production environment to a bubble test environment for rapid testing and resolution.”

OK – we can automate server (VM) cloning with a variety of tools or scripts, but what about the network portion? For the prod to test example, you probably want a bubble that you can access, but is insulated from the production environment and related components. Technically, that probably means a new VLAN and IP subnet with routing capability. Having switches with rich APIs allow you to do this programmatically (i.e. the “easy button” for cloning prod to test with network isolation).

This blog looks at the Cisco Nexus 9000 (9K). For an enterprise switch it is relatively inexpensive and highly programmable for the modern data center. Cisco built it with commodity parts (vs. custom ASICs) to keep costs down. The switch used in this blog is a 1U 9K and probably runs about $15,000. It has a full enterprise L2/L3 feature-set, NX-OS or ACI mode, and 48 1/10 GbE SFP+ ports and 6 40GbE QSFP+ uplinks.

Admittedly, I’m not a heavy network admin. I know enough to get into trouble which is actually good, because this blog is about data center automation not deep networking concepts! The NX-API (NX-OS mode) was appealing to me because you can use RESTful APIs with JSON. JSON is arguably ubiquitous these days and this demonstration uses standard JSON with PowerShell. Don’t let the acronyms scare you away. This example is complete, simple, and something you can build on.

Here’s the demo: use PowerShell to get the hostname of the switch (I told you it was simple!).

  1. Open your PowerShell prompt.
  2. Since this is my lab, I need to tell PS it's OK to connect to a site with an invalid (self-signed) certificate. This is a simple command to do that:

   [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

  1. Open the NX-API Sandbox on the Nexus 9000 to get a translator which will convert normal commands into JSON. You can usually hit that just by opening https://<ip of switch>. I'm going to use plain JSON, so on the upper right I select "json" (not json-rpc!). In the upper box, I put my command: show hostname. In the box below it, the "Request" now shows the JSON code for "show hostname".

     show hostname

     -- turns into ---

     {
       "ins_api": {
        "version": "1.0",
        "type": "cli_show",
        "chunk": "0",
        "sid": "1",
        "input": "show hostname",
        "output_format": "json"
       }
      }

  1. Take that output and escape the quotes (double them up). I just used notepad (yep, plain old notepad) to find " and replace with "". The code then looks like:

     {
        ""ins_api"": {
        ""version"": ""1.0"",
        ""type"": ""cli_show"",
        ""chunk"": ""0"",
        ""sid"": ""1"",
        ""input"": ""show hostname"",
        ""output_format"": ""json""
       }
     }

  1. Not just run it through PowerShell with the Invoke-RestMethod cmdlet. For the $json variable you just type $json=" then copy and paste from step #4 and close with another single ":

     PS C:\Windows\system32> [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

     PS C:\Windows\system32> $user = "admin"

     PS C:\Windows\system32> $pass = ConvertTo-SecureString -String "yourpassword" -AsPlainText -
Force

     PS C:\Windows\system32> $pscred = New-Object -TypeName
System.Management.Automation.PSCredential -ArgumentList $user, $pass

     PS C:\Windows\system32> $json="{
        ""ins_api"": {
          ""version"": ""1.0"",
          ""type"": ""cli_show"",
          ""chunk"": ""0"",
          ""sid"": ""1"",
          ""input"": ""show hostname"",
          ""output_format"": ""json""
         }
       }"

     PS C:\Windows\system32> $output=Invoke-RestMethod -Uri https://<ip address>/ins -Method post -
Credential $pscred -ContentType "application/json" -Body $json

  1. Then you can access the results of the command, by accessing this element:

     PS C:\Windows\system32> $output.ins_api.outputs.output.body

     hostname

     --------

     N9k-Spine1

  1. Pat yourself on the back. Now go automate your data center!

See how you can use Python to automate your Nexus 9000 in Part 2 of this post.

This is just a taste of what the Cisco Nexus 9000 can do. If it has peaked your curiosity, give us a call or send us a note or send us a note - we'd be happy to talk with you about your data center automation needs and curiosities.
View full post