Network Automation MODULE 09
0 / 16 topics

Network Automation

The future of networking β€” scripting, APIs, and controllers replacing manual CLI configuration.

Why Network Automation?
Scale, speed, and consistency β€” what humans can't do manually
Scale
One script can configure 1000 devices in seconds. Humans: weeks.
Consistency
No typos, no missed steps, no "I forgot that one switch".
Agility
Provision new services in minutes, not change-window weeks.
TraditionalSSH β†’ type commands β†’ verify β†’ repeat Γ— 500 devices
AutomatedRun playbook β†’ 500 devices configured + verified in 90 seconds
Data Formats β€” JSON, XML, YAML
Structured data is how APIs and automation tools communicate
JSON (JavaScript Object Notation)
"hostname" "Router-1" "interfaces" "name" "GigabitEthernet0/0" "ip" "192.168.1.1" "enabled" true "ospf_areas" 2
YAML (Ansible playbooks use YAML)
--- hostname: Router-1 interfaces: - name: GigabitEthernet0/0 ip: 192.168.1.1 enabled: true ospf_areas: 2 # More human-readable than JSON # Indentation = structure
JSON rules to remember: Keys must be strings (in quotes). Values can be string, number, boolean (true/false), array [], or object {}. Trailing commas are NOT allowed (unlike Python dicts).
REST APIs
Representational State Transfer β€” the language of modern network controllers

REST APIs allow software to interact with network devices and controllers using standard HTTP methods. No CLI needed β€” just HTTP requests returning JSON.

GET
Read (R)
200 OK
POST
Create (C)
201 Created
PUT
Update (U)
200 OK
DELETE
Delete (D)
200 / 204
Example: GET devices from DNA Center
# HTTP Request: GET https://dnac/api/v1/network-device Authorization: Bearer <token> Content-Type: application/json # Response (JSON): "response" "hostname" "HQ-SW1" "managementIpAddress" "10.1.1.1"
HTTP Status Codes to Know
200 OK Request succeeded 201 Created Resource created (POST) 204 No Content Success, nothing returned 400 Bad Request Invalid syntax 401 Unauthorized Bad/missing credentials 403 Forbidden No permission 404 Not Found Resource doesn't exist 500 Server Error Problem on server side
Python for Network Automation
Netmiko simplifies SSH to network devices from Python
Netmiko β€” connect and send commands
# pip install netmiko from netmiko import ConnectHandler device = 'device_type': 'cisco_ios', 'host': '192.168.1.1', 'username': 'admin', 'password': 'cisco', with ConnectHandler(**device) as conn: output = conn.send_command( 'show ip interface brief' ) print(output)
Netmiko β€” send config commands
from netmiko import ConnectHandler commands = 'interface GigabitEthernet0/1', 'description Configured by Python', 'ip address 10.0.0.1 255.255.255.0', 'no shutdown', with ConnectHandler(**device) as conn: conn.send_config_set(commands) conn.save_config() # wr mem
NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) is another popular library. It abstracts vendor differences β€” the same Python code works on Cisco, Juniper, Arista, etc.
Ansible for Network Automation
Agentless, YAML-based β€” the most widely used network automation tool

Ansible is agentless β€” no software needed on network devices. It connects via SSH. Playbooks define WHAT to do (YAML files), inventory defines WHO to do it on.

inventory (hosts file)
# inventory r1 ansible_host=192.168.1.1 r2 ansible_host=192.168.1.2 sw1 ansible_host=10.0.0.10 sw2 ansible_host=10.0.0.11 ansible_network_os=ios ansible_user=admin ansible_password=cisco
playbook.yml
--- - name: Configure interface description hosts: routers gather_facts: no tasks: - name: Set G0/1 description cisco.ios.ios_config: lines: - description Ansible-managed parents: interface GigabitEthernet0/1 register: result
Idempotency: Ansible modules check current state before making changes. Running a playbook twice doesn't cause double-changes β€” if the config already matches, Ansible skips it. This is a key advantage over raw scripts.
NETCONF & YANG
The "SSH of automation" β€” structured, transactional device management
NETCONF (RFC 6241) β€” A protocol for network device management. Runs over SSH (port 830). Uses XML for data encoding. Supports transactions (commit/rollback).
PortTCP 830 (over SSH)
FormatXML
Operationsget, get-config, edit-config, commit
YANG (Yet Another Next Generation) β€” A data modeling language. Defines the structure and constraints of configuration and state data. Think of it as the "schema" for NETCONF data.
RESTCONF (RFC 8040) is the REST-based equivalent of NETCONF β€” uses HTTP methods and JSON/XML instead of SSH and XML.
SDN β€” Software Defined Networking
Separating the control plane from the data plane

Traditional networks run both the control plane (routing decisions) and data plane (forwarding) on every device. SDN centralizes the control plane in a controller.

β–² Application Layer Northbound API
Network applications (security policies, traffic engineering, monitoring dashboards) communicate with the controller via northbound APIs (typically REST). Example: Cisco APIC, DNA Center applications.
β–² Control Layer Controller (Brain)
The SDN controller maintains a global view of the network topology. Makes forwarding decisions and pushes them down to devices. Examples: OpenDaylight, Cisco APIC, DNA Center, Open vSwitch (OVS).
β–² Infrastructure Layer Southbound API
Physical and virtual network devices (switches, routers). Receive forwarding instructions from the controller via southbound APIs. OpenFlow is the classic southbound protocol. NETCONF/RESTCONF also used.
Cisco DNA Center: Enterprise SDN controller. Provides intent-based networking (IBN) β€” you define the intent ("users in Finance VLAN can access only Finance servers") and DNA Center translates that to device config.
Overlay vs Underlay: The physical network (underlay) carries the virtual tunnels (overlay). VXLAN is the most common overlay protocol in data centers.

Automation Drills

Network automation is heavily tested on the CCNA β€” know your APIs, formats, and tools.

30s
QUESTION 1 / 16
Loading…
βœ“ 0 βœ— 0 πŸ”₯ 0

Automation Flashcards

Click to flip. Arrow keys and spacebar work too.

CONCEPT
Loading…
Click to reveal answer
Loading…
1 / 1

Automation Labs

Study these code patterns β€” the CCNA exam tests automation concepts, not running code.

Lab A β€” Parse JSON API Response in Python
Understand how to work with REST API responses
1

Make a REST API call with Python requests library

import requests, json url = "https://sandboxdnac.cisco.com/api/v1/network-device" headers = "X-Auth-Token" "your_token_here" response = requests.get(url, headers=headers, verify=False) data = response.json() # response.status_code β†’ 200 # data["response"] β†’ list of device dicts for device in data["response"]: print(device["hostname"], device["managementIpAddress"])
2

Understand the JSON structure

"response" "hostname" "HQ-Router" "managementIpAddress" "10.1.1.1" "platformId" "CSR1000V" "reachabilityStatus" "Reachable" "version" "1.0"
Lab B β€” Ansible Playbook: Configure OSPF
1

Write the playbook

--- - name: Configure OSPF on all routers hosts: routers gather_facts: no tasks: - name: Enable OSPF process cisco.ios.ios_config: lines: - router ospf 1 - network 10.0.0.0 0.0.0.255 area 0 - passive-interface default - no passive-interface GigabitEthernet0/0 - name: Save config cisco.ios.ios_config: save_when: always
2

Run the playbook

# Run the playbook ansible-playbook -i inventory ospf.yml # Run with verbose output ansible-playbook -i inventory ospf.yml -v # Dry run (check mode β€” no changes) ansible-playbook -i inventory ospf.yml --check
Lab C β€” JSON Parsing Exercise
Given the JSON below, write the Python to extract the interface IP addresses
"interfaces" "name" "Gi0/0" "ip" "192.168.1.1" "status" "up" "name" "Gi0/1" "ip" "10.0.0.1" "status" "up" "name" "Gi0/2" "ip" "172.16.0.1" "status" "down"
Solution
import json data = json.loads(json_string) # parse JSON string # Extract only UP interfaces up_ips = iface["ip"] for iface in data["interfaces"] if iface["status"] == "up" print(up_ips) # ['192.168.1.1', '10.0.0.1']

SDN Topology

SDN ARCHITECTURE β€” THREE PLANES Application Layer Security Apps Β· Traffic Eng. Β· Analytics Β· Cisco DNA Center UI Northbound API (REST) Northbound SDN Controller Cisco DNA Center / OpenDaylight Global network view Β· Makes all forwarding decisions Southbound (OpenFlow / NETCONF) Infrastructure Layer (Data Plane) Router 1 Switch A Switch B Router 2 FW Devices receive instructions from controller β€” forward traffic but don't make routing decisions independently Northbound (REST API) Southbound (OpenFlow/NETCONF)

Automation Cheatsheet

REST API HTTP Methods
GETRead β€” returns data (200 OK)
POSTCreate β€” new resource (201 Created)
PUTUpdate β€” replace resource (200 OK)
PATCHUpdate β€” partial update (200 OK)
DELETERemove resource (200/204)
Data Format Comparison
JSONREST APIs, DNA Center
XMLNETCONF, SOAP
YAMLAnsible playbooks
YANGData model language (with NETCONF)
CSVSpreadsheet exports (not APIs)
Automation Tools
NetmikoPython SSH to multi-vendor devices
NAPALMMulti-vendor Python abstraction
AnsibleAgentless, YAML playbooks
Puppet/ChefAgent-based (not Cisco-focused)
TerraformInfrastructure as code (cloud)
SDN Interfaces
NorthboundController β†’ Applications (REST)
SouthboundController β†’ Devices (OpenFlow, NETCONF)
EastboundController β†’ Controller
WestboundController β†’ Legacy devices
NETCONF portTCP 830

Module Progress

Topic Checklist
Mark topics as done to track your progress