Automation and Programmability

A Guide to Automation and Programmability in the Data Center

From CLI to CLIck
Future proof your business with network automation


Over the last five years, all aspects of the data center in one way or another have been disrupted by automation. Automated workflows and virtualization technologies have led to dramatic improvement in data center efficiency and agility. Server, virtualization, and cloud administrators have embraced “software-defined” ways of performing their duties. All of this disruption has brought renewed emphasis and innovation to the network.

The document primarily focuses on network automation and programmability use cases. We will shed light on Cisco NX-OS’ evolution into an open, modular and extensible network operating system, and how it can help automate the deployment of your networking infrastructure. We will also take a closer look at how you can benefit from the Network Fabric automation and the choices Cisco has to offer in addition to NX-OS. Finally, we will look at options on how you can leverage Cisco expertise to future proof your data center by taking advantage of all the advancement in the Software Defined Networking space.

As a multicloud data center strategy becomes a reality for many organizations, the network-centric approach to data center is giving way to an application-centric model. Customers could not care less about the supporting network infrastructure; they simply want their applications to be available and performing 24x7. At the same time, a proliferation of applications, and their underlying server, storage, and networking technologies, is placing increasingly greater burdens on IT staff, demanding more from IT than ever before.

From a business perspective, some of the top use cases for automation and programmability include:

IT as a service
Infrastructure provisioning
and automation
DevOps Monitoring
and security

A given organization may choose one or several of these as its top reasons for automation.

This requires that modern data center components—whether switches, routers, servers, or service appliances—support a wide range of automation features and provide robust APIs for external tools (both off the shelf and custom). There needs to be automatic provisioning of network resources and bandwidth allocation coupled with latency guarantees to support network service-level agreements (SLAs). All of this while monitoring the network for performance and compliance. And IT personnel are further challenged as these capabilities exist across multiple tools and silos. This is important in building a network to meet growing security, scale and availability requirements of modern applications.

Shifting from the CLI and SNMP

Nothing comes easier to the network administrators than the humble command-line interface (CLI). Ever since Cisco made its first routers in the early 1980s, most network engineers have relied on a CLI to configure, manage, and troubleshoot everything from small-office LANs to wide-area carrier networks. Over the years, Cisco’s approach to CLI has come to be a de facto standard in the industry, closely emulated by other vendors.

CLI has been the primary interface for interacting with network devices, used to manage, operate, and troubleshoot the network device throughout its lifecycle. CLI is a very comprehensive interface, but it has limitations when used as the interface for automation:

  • The CLI was designed as a human-readable interface, returning unstructured text data to the operator.
  • This unstructured text data requires post-processing (screen scraping) to transcode to machine-friendly formatting.
  • CLI does not return error or exit codes that can be programmatically acted upon.
  • CLI is a single-threaded serial interface, restricting the ability to manipulate multiple objects at the same time.

The Cisco Nexus 9000 Series supports standard network manageability features that are widely used by network administrators and operators for automation:

  • Simple Network Management Protocol (SNMP)
  • Syslog
  • Remote Monitoring (RMON)
  • Network Configuration Protocol (NETCONF)
  • CLI and CLI scripting

The difference between automation and programmability, and why you should care

Often IT professionals use the words “automation” and “programmability” interchangeably, but they are not truly the same. In the networking domain, “automation” is used to describe certain tasks that are automated “out of the box.” These capabilities are often provided by vendors like Cisco by default, and you can choose to use them or not.

For other tasks, network administrators may find themselves entering the same set of commands at the CLI over and over again. And at some point they may decide to automate these tasks instead for greater efficiency. To do so, they may leverage the scripting capabilities provided by the operating system to automate these particular tasks. This capability of the operating system is often referred to as “programmability.” The extent to which an operating system supports programmability often varies. As you will see in subsequent sections, NX-OS is the industry’s most open, modular, extensible, secure, and advanced operating system when it comes to programmability.

The Critical Role Your Network Operating System Plays

Modern data centers require a highly available network that provides the bandwidth and service guarantees required by organizations and their applications. In addition to performance and resiliency characteristics, modern networks need to support several new capabilities: automated provisioning and monitoring of network resources, programmatic access to statistics and events to enable end-to-end visibility, and role-based access control (RBAC) and policy management.

To meet the numerous demands of the network in the modern data center, a network device—or more particularly, the operating system that powers that device—must be:

  • Resilient: To provide critical business-class availability
  • Modular: To be extendable to evolve with business needs and provide an extended lifecycle
  • Highly programmable: To allow rapid automation and orchestration through APIs
  • Secure: To protect and preserve data and operations
  • Flexible: To integrate and enable new technologies
  • Scalable: To accommodate and grow with the business and its requirements
  • Easy to use: To reduce the amount of learning required, simplify deployment, and ease manageability

The enhanced and open Cisco NX-OS Software is designed to meet all aforementioned criteria while running on Cisco Nexus 9000 Series Switches. NX-OS integrates with a variety of open source software and commercial technologies to provide comprehensive automation, orchestration, programmability, monitoring, and compliance support (Figure 1).

Scripting and


Orchestration and



SNMPV1, V2, and V3: Syslog messages, NETCONF, CLI and XML, and RMON

Cisco NX-API, Python Scripting

Open and Modular

While NX-OS has always been powered by Linux under the hood, it has not until recently exposed many of the Linux capabilities to end users. With Cisco NX-OS, termed Open NX-OS, Cisco makes the full power of the underlying Linux operating system available to end users. In addition, Cisco builds in numerous extensions that make it possible for users to access these capabilities with the appropriate level of security and protection for the specific user.

Open NX-OS continues to uphold some of the Linux best practice capabilities that have always been part of NX-OS:

  • Modularity: Modules are loaded into the kernel only when needed. Modules can be loaded and unloaded on demand.
  • Fault isolation: A complete process isolation for NX-OS features, services, and user application processes is provided.
  • Resiliency: When an unexpected exit condition occurs, graceful restart or reinitializing of processes automatically follows.

Automation and Programmability with Cisco NX-OS

In the following sections, we will take a high-level look at the automation aspects of Cisco NX-OS. They can be broadly classified as follows:

  • Out of the box automation
  • Programmability
  • Network fabric automation with Cisco Network Manager
  • Software-defined networking with the Cisco ACI solution

Out-of-the-box automation

Power on Auto Provisioning (POAP)

Network admins might unanimously say that maintaining all the switching gear to their latest software version takes up many of their precious weekends. Enter POAP, or Power on Automatic Provisioning. Simply put, this means you can plug in a new Cisco Nexus switch and it will automatically be upgraded to the latest code and configured from a central server while you are doing work that requires your special expertise instead of wading through routine tasks. We call this being more productive.

Extensible Messaging and Presence Protocol support

Enhanced Cisco NX-OS on Cisco Nexus 9000 Series Switches integrates an Extensible Messaging and Presence Protocol (XMPP) client into the operating system. This integration allows a 9000 series switch to be managed and configured by XMPP-enabled chat clients, which are commonly used for human communication. XMPP support enables several useful capabilities:

  • Group configuration: Add a set of Cisco Nexus 9000 devices to a chat group and you can manage those switches as a group. For example, you can push common configurations to the group all at once instead of configuring the devices individually.
  • Single point of management: The XMPP server can act as a single point of management. Users authenticate with a single XMPP server and gain access to all the devices registered on the server.
  • Security: The XMPP interface supports RBAC, which helps ensure that users can run only commands that they are authorized for.
  • Automation: XMPP is an open, standards-based interface. It can be used by scripts and management tools to automate management of Cisco Nexus 9000 Series devices.

DevOps Support including Puppet and Chef

The agile development method, or continuous deployment, is the today’s approach for writing and deploying code. Often referred to as Continuous Deployment, application developers constantly find themselves deploying production-ready code on infrastructure that is highly decentralized and cloud-based. When you are dealing with frequent deployments of largely identical services across largely identical servers, having a way to automate the configuration and maintenance of the entire infrastructure is highly critical for maximum success. Deployment and configuration-management tools such as Chef and Puppet are designed for this purpose. They enable you to simplify automation and orchestration across your environment to provide a standard, consistent deployment.

Chef allows users to define their intent through what it calls a “recipe”: a reusable set of configuration or management tasks. They can then deploy that recipe on numerous devices. A recipe, when deployed on a Cisco Nexus 9000 switch, translates into network configuration settings and commands for collecting statistics and analytics information. It allows for automated configuration and management of the switch.

Puppet provides a similar intent-definition construct, which it calls a “manifest.” The manifest, when deployed on a 9000 series switch, translates into network configuration settings and commands for collecting information from the switch.

Both Puppet and Chef are widely deployed and receive significant attention in the infrastructure-automation and DevOps communities. The Cisco Nexus 9000 Series supports both the Puppet and Chef frameworks, with clients for Puppet and Chef integrated into enhanced Cisco NX-OS on the switch.

OpenStack integration

Neutron provides the networking capability for OpenStack. It helps ensure that each of the components of an OpenStack deployment can communicate with the others quickly and efficiently. The 9000 series switches include support for the Cisco Nexus plug-in for Neutron. This plug-in allows customers to easily build infrastructure-as-a-service (IaaS) networks using the industry's leading networking platform, delivering performance, scalability, and stability with familiar manageability and control. The plug-in helps bring operation simplicity to cloud network deployments. OpenStack’s capabilities for building on-demand self-serve multitenant computing infrastructure are well known. However, implementing OpenStack's VLAN networking model across virtual and physical infrastructures can be difficult. OpenStack networking provides an extensible architecture that supports plug-ins for configuring networks directly.

Comprehensive programmability support

Comprehensive programmability features available on enhanced and open Cisco NX-OS enable custom automation and scripting.

Cisco NX-API support

The Cisco NX-API on the Cisco Nexus 9000 Series Switches allows web-based programmatic access to the Cisco Nexus 9000 switches. This support is delivered through an open-source web server: NGINX. Cisco NX-API exposes the complete configuration and management capabilities of the CLI through web-based APIs. The Cisco Nexus 9000 Series Switches can be instructed to publish the output of the API calls in either XML or JSON format. This comprehensive, easy-to-use API enables rapid development on the 9000 series switches.

Python scripting

Python is an powerful, easy-to-learn programming language. It has efficient high-level data structures and provides a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an excellent language for scripting and rapid application development in many areas on most platforms.

The Cisco Nexus 9000 Series supports Python Release 2.7.5 in both interactive and noninteractive (script) modes.

The Python scripting capability on the Cisco Nexus 9000 Series Switches gives programmatic access to the switch CLI to perform various tasks, including the POAP and Cisco Embedded Event Manager (EEM) actions. Responses to Python calls that invoke a Cisco NX-OS CLI return JSON output instead of just text output, a powerful feature that makes Python scripting easy and helps ensure that the scripts are forward compatible. The Python interpreter is available by default in Cisco NX-OS.

Bash shell access and Linux container support

Network operators in DevOps environments and modern enterprise data centers often try to use the comprehensive tool and scripting capabilities developed for the computing environment on network devices. To support our customers, Cisco has enabled support for direct Linux shell access and for Linux containers. With Linux shell access, you can access the underlying Linux system on the Cisco Nexus 9000 Series Switches to use familiar Linux commands and manage the underlying system. You can also use support for Linux containers to install additional software in a relatively secure fashion to enhance the capabilities of the 9000 series switches.

NX-OS automation and programmability summary

Cisco NX-OS exposes a comprehensive set of automation and programmability features enabling a wide variety of use cases, as shown in Table 1.

Table 1. Summary of NX-OS support for key business strategic goals

  ITaaS Infrastructure provisioning & automation DevOps Monitoring Security & compliance
POAP Yes Yes     Yes
Chef integration Yes Yes Yes Yes Yes
Puppet integration Yes Yes Yes Yes Yes
XMPP support Yes Yes Yes    
OpenStack support Yes Yes      
OpenDaylight Yes Yes      
OpenFlow       Yes  
Cisco NX-API Yes Yes Yes Yes Yes
Python scripting Yes Yes Yes Yes  
Bash support Yes Yes Yes Yes  
Linux containers Yes Yes Yes Yes  

Despite what we see in terms of the multicloud movement, today’s data centers continue to be challenged by siloed resources and facilities, limited scalability, poor resource utilization, and growing complexity. Perhaps the biggest challenge is time. As data centers continue to evolve and expand, this problem becomes more pronounced. The automation and programmability tools discussed earlier may not suffice. That is where the concept of unified fabric comes in.

Cisco Unified Fabric serves as a primary building block for cloud-based, virtualized, and general-purpose data centers. It provides the foundational connectivity and unifies physical, virtual networking, storage, and network services. It offers architectural flexibility and consistent networking across physical, virtual, and cloud environments.

Cisco’s strategy is to help our customers evolve away from silos and help evolve your people, processes, and technologies so that you actually can deliver IT as a service and best take advantage of the trends in the data center. Simply put, IT can deploy applications faster and, more importantly, help organizations achieve a competitive advantage over their closest competitors.

Cisco Data Center Network Manager is a management system for the Cisco Unified Fabric. It enables you to provision, monitor, and troubleshoot the data center network infrastructure. It provides visibility and control of the unified data center so that you can optimize for the quality of service required to meet service-level agreements.

Network Manager increases overall data center infrastructure uptime and reliability, thereby improving business continuity. It provides a robust framework and comprehensive feature set that meets the routing, switching, and storage administration needs of data centers. Cisco Data Center Network Manager streamlines the provisioning for the unified fabric and monitors the SAN and LAN components. Network Manager provides a high level of visibility and control through a single web-based management console for Cisco Nexus, Cisco MDS, and Cisco Unified Computing System™ (Cisco UCS®) products.

All the solutions discussed earlier in one way or the other try to solve the complex problem of managing your networking infrastructure in a simple and unified fashion. An application-centric infrastructure approach, also called software-defined networking, in a true sense flips the problem on its head. Rather than finding another creative way to simplify the supporting infrastructure in isolation, it tries to understand the intent of the application itself and then provide it with the best possible infrastructure to ensure superior performance.

The Cisco ACI solution provides a holistic architecture with centralized automation and policy-driven application profiles that delivers the benefits of software flexibility while retaining hardware performance.

Key characteristics of Cisco ACI include:

  • Simplified automation provided by an application-driven policy model
  • Centralized visibility with real-time application-health monitoring
  • Open software flexibility for DevOps teams and ecosystem partner integration
  • Scalable performance and multitenancy in hardware

The future of networking with Cisco ACI is about providing a network that is deployed, monitored, and managed in a fashion that supports DevOps and rapid application change. The solution does so through by reducing complexity and a providing common policy framework that can automate provisioning and managing of resources.


Cisco understands that the needs of the market evolve rapidly as technologies evolve and new technologies emerge. Cisco has a long history of responding to customer needs and has designed the enhanced, open Cisco NX-OS Software to evolve rapidly with new features. Starting with a strong NX-OS foundation, Cisco Nexus 9000 Series Switches, and a comprehensive set of automation and programmability features, choose the level of network automation that meets your future data center security, scale and availability requirements.

For more information