From CLI to CLIck
Future proof your business with network automation
Over the last five years, all aspects of the data center in one way or another have been disrupted by automation. Automated workflows and virtualization technologies have led to dramatic improvement in data center efficiency and agility. Server, virtualization, and cloud administrators have embraced “software-defined” ways of performing their duties. All of this disruption has brought renewed emphasis and innovation to the network.
The document primarily focuses on network automation and programmability use cases. We will shed light on Cisco NX-OS’ evolution into an open, modular and extensible network operating system, and how it can help automate the deployment of your networking infrastructure. We will also take a closer look at how you can benefit from the Network Fabric automation and the choices Cisco has to offer in addition to NX-OS. Finally, we will look at options on how you can leverage Cisco expertise to future proof your data center by taking advantage of all the advancement in the Software Defined Networking space.
As a multicloud data center strategy becomes a reality for many organizations, the network-centric approach to data center is giving way to an application-centric model. Customers could not care less about the supporting network infrastructure; they simply want their applications to be available and performing 24x7. At the same time, a proliferation of applications, and their underlying server, storage, and networking technologies, is placing increasingly greater burdens on IT staff, demanding more from IT than ever before.
From a business perspective, some of the top use cases for automation and programmability include:
A given organization may choose one or several of these as its top reasons for automation.
This requires that modern data center components—whether switches, routers, servers, or service appliances—support a wide range of automation features and provide robust APIs for external tools (both off the shelf and custom). There needs to be automatic provisioning of network resources and bandwidth allocation coupled with latency guarantees to support network service-level agreements (SLAs). All of this while monitoring the network for performance and compliance. And IT personnel are further challenged as these capabilities exist across multiple tools and silos. This is important in building a network to meet growing security, scale and availability requirements of modern applications.
Shifting from the CLI and SNMP
Nothing comes easier to the network administrators than the humble command-line interface (CLI). Ever since Cisco made its first routers in the early 1980s, most network engineers have relied on a CLI to configure, manage, and troubleshoot everything from small-office LANs to wide-area carrier networks. Over the years, Cisco’s approach to CLI has come to be a de facto standard in the industry, closely emulated by other vendors.
CLI has been the primary interface for interacting with network devices, used to manage, operate, and troubleshoot the network device throughout its lifecycle. CLI is a very comprehensive interface, but it has limitations when used as the interface for automation:
The Cisco Nexus 9000 Series supports standard network manageability features that are widely used by network administrators and operators for automation:
The difference between automation and programmability, and why you should care
Often IT professionals use the words “automation” and “programmability” interchangeably, but they are not truly the same. In the networking domain, “automation” is used to describe certain tasks that are automated “out of the box.” These capabilities are often provided by vendors like Cisco by default, and you can choose to use them or not.
For other tasks, network administrators may find themselves entering the same set of commands at the CLI over and over again. And at some point they may decide to automate these tasks instead for greater efficiency. To do so, they may leverage the scripting capabilities provided by the operating system to automate these particular tasks. This capability of the operating system is often referred to as “programmability.” The extent to which an operating system supports programmability often varies. As you will see in subsequent sections, NX-OS is the industry’s most open, modular, extensible, secure, and advanced operating system when it comes to programmability.
Modern data centers require a highly available network that provides the bandwidth and service guarantees required by organizations and their applications. In addition to performance and resiliency characteristics, modern networks need to support several new capabilities: automated provisioning and monitoring of network resources, programmatic access to statistics and events to enable end-to-end visibility, and role-based access control (RBAC) and policy management.
To meet the numerous demands of the network in the modern data center, a network device—or more particularly, the operating system that powers that device—must be:
The enhanced and open Cisco NX-OS Software is designed to meet all aforementioned criteria while running on Cisco Nexus 9000 Series Switches. NX-OS integrates with a variety of open source software and commercial technologies to provide comprehensive automation, orchestration, programmability, monitoring, and compliance support (Figure 1).
SNMPV1, V2, and V3: Syslog messages, NETCONF, CLI and XML, and RMON
Cisco NX-API, Python Scripting
Open and Modular
While NX-OS has always been powered by Linux under the hood, it has not until recently exposed many of the Linux capabilities to end users. With Cisco NX-OS, termed Open NX-OS, Cisco makes the full power of the underlying Linux operating system available to end users. In addition, Cisco builds in numerous extensions that make it possible for users to access these capabilities with the appropriate level of security and protection for the specific user.
Open NX-OS continues to uphold some of the Linux best practice capabilities that have always been part of NX-OS:
Automation and Programmability with Cisco NX-OS
In the following sections, we will take a high-level look at the automation aspects of Cisco NX-OS. They can be broadly classified as follows:
Power on Auto Provisioning (POAP)
Network admins might unanimously say that maintaining all the switching gear to their latest software version takes up many of their precious weekends. Enter POAP, or Power on Automatic Provisioning. Simply put, this means you can plug in a new Cisco Nexus switch and it will automatically be upgraded to the latest code and configured from a central server while you are doing work that requires your special expertise instead of wading through routine tasks. We call this being more productive.
Extensible Messaging and Presence Protocol support
Enhanced Cisco NX-OS on Cisco Nexus 9000 Series Switches integrates an Extensible Messaging and Presence Protocol (XMPP) client into the operating system. This integration allows a 9000 series switch to be managed and configured by XMPP-enabled chat clients, which are commonly used for human communication. XMPP support enables several useful capabilities:
DevOps Support including Puppet and Chef
The agile development method, or continuous deployment, is the today’s approach for writing and deploying code. Often referred to as Continuous Deployment, application developers constantly find themselves deploying production-ready code on infrastructure that is highly decentralized and cloud-based. When you are dealing with frequent deployments of largely identical services across largely identical servers, having a way to automate the configuration and maintenance of the entire infrastructure is highly critical for maximum success. Deployment and configuration-management tools such as Chef and Puppet are designed for this purpose. They enable you to simplify automation and orchestration across your environment to provide a standard, consistent deployment.
Chef allows users to define their intent through what it calls a “recipe”: a reusable set of configuration or management tasks. They can then deploy that recipe on numerous devices. A recipe, when deployed on a Cisco Nexus 9000 switch, translates into network configuration settings and commands for collecting statistics and analytics information. It allows for automated configuration and management of the switch.
Puppet provides a similar intent-definition construct, which it calls a “manifest.” The manifest, when deployed on a 9000 series switch, translates into network configuration settings and commands for collecting information from the switch.
Both Puppet and Chef are widely deployed and receive significant attention in the infrastructure-automation and DevOps communities. The Cisco Nexus 9000 Series supports both the Puppet and Chef frameworks, with clients for Puppet and Chef integrated into enhanced Cisco NX-OS on the switch.
Neutron provides the networking capability for OpenStack. It helps ensure that each of the components of an OpenStack deployment can communicate with the others quickly and efficiently. The 9000 series switches include support for the Cisco Nexus plug-in for Neutron. This plug-in allows customers to easily build infrastructure-as-a-service (IaaS) networks using the industry's leading networking platform, delivering performance, scalability, and stability with familiar manageability and control. The plug-in helps bring operation simplicity to cloud network deployments. OpenStack’s capabilities for building on-demand self-serve multitenant computing infrastructure are well known. However, implementing OpenStack's VLAN networking model across virtual and physical infrastructures can be difficult. OpenStack networking provides an extensible architecture that supports plug-ins for configuring networks directly.
Comprehensive programmability support
Comprehensive programmability features available on enhanced and open Cisco NX-OS enable custom automation and scripting.
Cisco NX-API support
The Cisco NX-API on the Cisco Nexus 9000 Series Switches allows web-based programmatic access to the Cisco Nexus 9000 switches. This support is delivered through an open-source web server: NGINX. Cisco NX-API exposes the complete configuration and management capabilities of the CLI through web-based APIs. The Cisco Nexus 9000 Series Switches can be instructed to publish the output of the API calls in either XML or JSON format. This comprehensive, easy-to-use API enables rapid development on the 9000 series switches.
Python is an powerful, easy-to-learn programming language. It has efficient high-level data structures and provides a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an excellent language for scripting and rapid application development in many areas on most platforms.
The Cisco Nexus 9000 Series supports Python Release 2.7.5 in both interactive and noninteractive (script) modes.
The Python scripting capability on the Cisco Nexus 9000 Series Switches gives programmatic access to the switch CLI to perform various tasks, including the POAP and Cisco Embedded Event Manager (EEM) actions. Responses to Python calls that invoke a Cisco NX-OS CLI return JSON output instead of just text output, a powerful feature that makes Python scripting easy and helps ensure that the scripts are forward compatible. The Python interpreter is available by default in Cisco NX-OS.
Bash shell access and Linux container support
Network operators in DevOps environments and modern enterprise data centers often try to use the comprehensive tool and scripting capabilities developed for the computing environment on network devices. To support our customers, Cisco has enabled support for direct Linux shell access and for Linux containers. With Linux shell access, you can access the underlying Linux system on the Cisco Nexus 9000 Series Switches to use familiar Linux commands and manage the underlying system. You can also use support for Linux containers to install additional software in a relatively secure fashion to enhance the capabilities of the 9000 series switches.
NX-OS automation and programmability summary
Cisco NX-OS exposes a comprehensive set of automation and programmability features enabling a wide variety of use cases, as shown in Table 1.
Table 1. Summary of NX-OS support for key business strategic goals
|ITaaS||Infrastructure provisioning & automation||DevOps||Monitoring||Security & compliance|
Despite what we see in terms of the multicloud movement, today’s data centers continue to be challenged by siloed resources and facilities, limited scalability, poor resource utilization, and growing complexity. Perhaps the biggest challenge is time. As data centers continue to evolve and expand, this problem becomes more pronounced. The automation and programmability tools discussed earlier may not suffice. That is where the concept of unified fabric comes in.
Cisco Unified Fabric serves as a primary building block for cloud-based, virtualized, and general-purpose data centers. It provides the foundational connectivity and unifies physical, virtual networking, storage, and network services. It offers architectural flexibility and consistent networking across physical, virtual, and cloud environments.
Cisco’s strategy is to help our customers evolve away from silos and help evolve your people, processes, and technologies so that you actually can deliver IT as a service and best take advantage of the trends in the data center. Simply put, IT can deploy applications faster and, more importantly, help organizations achieve a competitive advantage over their closest competitors.
Cisco Data Center Network Manager is a management system for the Cisco Unified Fabric. It enables you to provision, monitor, and troubleshoot the data center network infrastructure. It provides visibility and control of the unified data center so that you can optimize for the quality of service required to meet service-level agreements.
Network Manager increases overall data center infrastructure uptime and reliability, thereby improving business continuity. It provides a robust framework and comprehensive feature set that meets the routing, switching, and storage administration needs of data centers. Cisco Data Center Network Manager streamlines the provisioning for the unified fabric and monitors the SAN and LAN components. Network Manager provides a high level of visibility and control through a single web-based management console for Cisco Nexus, Cisco MDS, and Cisco Unified Computing System™ (Cisco UCS®) products.
All the solutions discussed earlier in one way or the other try to solve the complex problem of managing your networking infrastructure in a simple and unified fashion. An application-centric infrastructure approach, also called software-defined networking, in a true sense flips the problem on its head. Rather than finding another creative way to simplify the supporting infrastructure in isolation, it tries to understand the intent of the application itself and then provide it with the best possible infrastructure to ensure superior performance.
The Cisco ACI solution provides a holistic architecture with centralized automation and policy-driven application profiles that delivers the benefits of software flexibility while retaining hardware performance.
Key characteristics of Cisco ACI include:
The future of networking with Cisco ACI is about providing a network that is deployed, monitored, and managed in a fashion that supports DevOps and rapid application change. The solution does so through by reducing complexity and a providing common policy framework that can automate provisioning and managing of resources.
Cisco understands that the needs of the market evolve rapidly as technologies evolve and new technologies emerge. Cisco has a long history of responding to customer needs and has designed the enhanced, open Cisco NX-OS Software to evolve rapidly with new features. Starting with a strong NX-OS foundation, Cisco Nexus 9000 Series Switches, and a comprehensive set of automation and programmability features, choose the level of network automation that meets your future data center security, scale and availability requirements.
For more information