Network Automation & Programmability

Question 1

Issues with Traditional Network Management

Answer 1

Configuring 1 device at a time is consuming/inefficient

Increases likelihood of typos/mistakes

Individual edits to multiple devices by separate engineers over time with little version control leads to configuration drift (non-standardized configs)

Having non-standardized configs and accessing one device at a time is also inefficient for troubleshooting

Question 2

Network Automation Uses

Answer 2

Device config
Initial device provisioning
Software version control
Collecting stats from devices
Compliance verification
Reports
Troubleshooting

Question 3

Network Automation Benefits

Answer 3

Enables automation which reduces human to machine interaction
–Greatly reduces the chance of human error

Modern tools have been built with monitoring, configuration, & troubleshooting in mind

It is much more scalable than configuring one device at a time

Network programmability can provide configuration version control
–Software version control as well

Troubleshooting is more efficient with a system-wide view & correlation between events

Events & error codes can be acted on programmatically

Improving configuration & troubleshooting efficiency reduces operational expenses

Question 4

Network Automation Assurance

Answer 4

Ensure devices have a standardized config

Provide reports & correct exceptions

Provide correlation between events on different devices

Automatically take corrective action on events & error codes

Question 5

Automation Methods

Answer 5

There are multiple methods to automate network management:

Python, NETCONF, RESTCONF, Ansible, Puppet, SDN, Cisco DNA center

Not all methods are supported by all devices

Choose the method most suitable for your environment/skills

Question 6

Python for Network Programmability

Answer 6

Relatively easy to learn with many training resources
Human readable
Open source
Cross OS compatible
Easy to find network automation code samples

Question 7

Git

Answer 7

A distributed version control system for tracking changes in source code & files
Typically used for software development but can provide version control for any type of files

With most client-server version control systems, the code has to be “checked out” and can only be worked on by one dev at a time

Every Git directory on every computer is a full-fledged repository with complete history and full version-tracking abilities
—Because of this, the code can be worked on by multiple devs

Organizations typically designate one repository as the master copy

Question 8

GitHub

Answer 8

A Git repository hosting service which adds many of its own features

Repositories can be public or private
Repositories can be copied between users

Task management tools are available
Control mechanisms provide security & resolve conflicts

Question 9

CI/CD

Answer 9

CI (Continuous Integration)
CD (Continuous Delivery/Deployment)

A set or operating principles & practices that enable app development teams to deliver code changes more frequently & reliably

Frequent changes are more efficient than rolling them up into large change windows

Automation of building/testing/deployment

Implementation = CI/CD pipeline

Tools such as Jenkins & Travis CI aid management of the pipeline

Question 10

Data Serialization

Answer 10

The process of converting structured data to a standardized format that allows sharing or storage of the data in a form that allows recovery of its original structure

Allows transfer of the data between different systems, apps, & programming languages

XML, JSON, & YAML are human & machine readable, plain text data encoding formats

Data formats are mostly interchangeable

Which one to use depends on the support in the system being used, & which is easiest

Question 11

JSON

Answer 11

JavaScript Object Notation:

First standardized in 2013
Easier for humans to read & work with than XML
Can be imported directly into JS
White space has no special meaning
RESTful APIs often use JSON

Question 12

JSON Data Types: Object

Answer 12

An unordered collection of key/value pairs
Describe what the object is
Surrounded by curly braces {}

Keys must be strings, & values must be a valid JASON data type
Keys & values are separated by a colon
Each key/value pair is separated by a comma

Question 13

JSON Data Types: Array

Answer 13

An ordered list of values

Surrounded by square brackets []

Values must be a valid JSON data type

Question 14

JSON Data Types: String

Answer 14

Alphanumeric string of characters

“Name” : ”GigabitEthernet1”

Question 15

JSON Data Types: Number

Answer 15

“Input Errors” : 3

Question 16

JSON Data Types: Boolean

Answer 16

“Enabled” : true

A true/false statement

Question 17

JSON Data Types: Null

Answer 17

“Msec” : null

Question 18

XML

Answer 18

eXtensible Markup Language:

Standardized in 1998
Designed to describe & transfer data, while HTML is focused on displaying data

White space has no special meaning
value contained within objects

Question 19

YAML
(Often used in ____, ___, & ___)
(also what does it start with)

Answer 19

YAML Aint Markup Language:

Often used in Python, Perl, & Ansible
Designed to be easily read by humans

White space = important
Anything at a common indentation level is considered related at the same level

Starts with —
Key: value representation
- indicates a list
Ansible playbooks use YAML

Question 20

API

Answer 20

Application Programming Interface:

A way for computer programs to communicate directly with another program
Typically used to perform CRUD operations

Two main API types for web services
—SOAP
—REST

NETCONF and RESTCONF are APIs specifically designed to work with network services

Question 21

CRUD

Answer 21

Create, Read, Update, Delete:

When we are building APIs, we want our models to provide four basic types of functionality

The model must be able to Create, Read, Update, and Delete resources

Question 22

SOAP
Transport is __
Data Format is __

Answer 22

Simple Object Access Protocol:

Standard communication protocol system that permits processes using different OSs to communicate

Transport is typically HTTP(S)
Data format is always XML

Has strict standards to adhere to

Question 23

REST
Transport:
Data:

Answer 23

Representational State Transfer:

An architecture, not a protocol
Gives guidelines for the structure & organization of an API

Supports any transport & data format

HTTP(S) transport & JSON (or XML) data formats are commonly used

Typically faster performance & easier to work with than SOAP

Question 24

REST Constraints

Answer 24

Client-server architecture: the client sends a request, server sends response

Uniform Interface: provides simplicity

Statelessness: no client context is stored on the server between requests

Cacheability: responses must define themselves as either cacheable or non-cacheable

Layered system: any intermediary devices such as load balancers must be transparent to the client/server

Code on demand (optional): servers can temporarily extend or customize the functionality of a client by transferring executable code

Question 25

REST Request URL

Answer 25

Request method must be sent (Get, Post, etc) Headers with key:value pair info about the request can be added Accept:application/json, credentials Post, Put, & Patch requests include data in the body https://demo.flackbox.com/api/running/aaa/users/neil?dryrun demo.flackbox.com = Target Host /api/running/aaa/users/neil = Resource ?dryrun = Parameters (optional)

Question 26

REST Response Codes

Answer 26

1xx: Informational 2xx: Success --200: OK --201: Created --204: No Content (deleted) 3xx: Redirection 4xx: Client Error --400: Bad request/malformed syntax --401: Unauthorized --403: Forbidden --404: Not Found 5xx: Server Error --500: Internal Server Error Responses to Get requests include data in the body Headers can also be included in the response

Question 27

Data Models

Answer 27

A well understood & agreed upon method to describe something

Question 28

YANG

Answer 28

Yet Another Next Generation: A data modeling language which provides a standardized way to represent the operational & config data of a network device It can be used both internally & when packaged for transmission Refer to diagram on study guide

Question 29

Network Management Transport (3 APIs that describe the methods)

Answer 29

The configuration & operational status of a network device’s components & services can be remotely read/written to NETCONF, RESTCONF, & gRPC are APIs which describe the protocols & methods for transport of network management data

Question 30

Model-Driven Programmability Stack

Answer 30

Refer to diagram in study guide

Question 31

NETCONF & YANG Encoding Type Transport Type

Answer 31

NETCONF (2006) was designed to replace SNMP NETCONF & YANG (2010) provide a standardized way to programmatically inspect & modify the configuration of a network device NETCONF is a protocol that remotely reads/applies changes to the data on the device XML encoding is used Transport is over SSH/TLS

Question 32

NETCONF Protocol Stack

Answer 32

Content: the data to be inspected/changed Operations: (Example = , ) Initiated via RPC methods using XML encoding Messages: RPC (Remote Procedure Calls) Allows one system to request another system to execute code Transport: between client/server. Supports SSH/TLS

Question 33

RESTCONF Encoding Type Transport Type

Answer 33

2017 Builds on NETCONF An IETF draft that describes how to map a YANG specification to a RESTful interface Uses HTTP verbs over a REST API RESTCONF is not intended to replace NETCONF, but simpler to use XML or JSON encoding Transport is HTTP(S)

Question 34

gRPC Encoding Type Transport Type

Answer 34

Google RPC: An open source remote procedure call system initially developed at Google in 2015 Well suited to collecting telemetry statistics GPB Google Protocol Buffers encoding is used Transport is HTTP/2

Question 35

Postman

Answer 35

Very popular tool to test the operation of REST APIs It can be downloaded as a standalone application or run as a chrome plugin Collections & environment variables allow you to easily reuse requests Requests can be exported as code in multiple programming languages (cURL in Linux or the requests module in Python can be used to test APIs)

Question 36

Configuration Management Tool Benefits

Answer 36

Can automate provisioning & deployment of servers & network devices Requires little knowledge of programming Have established development practices including version control & testing

Question 37

Ansible (Communicates via ____ by default) - Protocol (Ansible playbooks are ___ files that outline the ____)

Answer 37

2012 Can be run from any machine with Python 2 or 3 installed Agentless Push model Communicates via SSH by default Simpler than most other tools Modules ---Pre-built Python scripts ---Many pre-built network modules exist Ansible inventory files define all hosts that will be managed by the control workstation Ansible playbooks are YAML files that outline the instructions it needs to run

Question 38

Puppet (Uses __ instead of YAML)

Answer 38

2005 Typically uses an agent on target devices “Puppet Master” runs on Linux server Pull model, agent checks in every 30 mins by default Written in Ruby Uses proprietary DSL rather than YAML “Manifest” ---Defines the device’s properties It can check configuration consistency

Question 39

Chef

Answer 39

2009 An agent must be installed on target devices Pull model Written in Ruby Terminology is Cook Book > Recipe

Question 40

Configuration Management Tool Support (___ is more suitable for network environments)

Answer 40

Ansible, Puppet, & Chef were designed primarily for server system administration Ansible is typically more suitable for network environments than Puppet/Chef because it does not require an agent. (Also simpler to learn/use) Cisco devices usually can’t run an agent ---Puppet works on some Nexus switches (more support may be added later on)

Question 41

SDN Router/Switch Planes: Data (Forwarding) Plane

Answer 41

Traffic which is forwarded through the device

Question 42

SDN Router/Switch Planes: Control Plane

Answer 42

Makes decisions about how to forward traffic Control plane packets such as routing protocol/spanning tree updates are destined to or locally originated on the device itself

Question 43

SDN Router/Switch Planes: Management Plane

Answer 43

The device is configured & monitored in the management plane For example at the CLI via Telnet/SSH, via a GUI using HTTPS/API/SNMP

Question 44

SDN: Data & Control Plane Separation (Control plane moves to a ___) (Rules for packet handling are sent to the ___ from the ___) (The ___ devices query the ___ for guidance as needed)

Answer 44

Network infrastructure devices are responsible for their own individual control & data planes in a traditional environment SDN decouples the data & control planes The network infrastructure devices are still responsible for forwarding traffic ---But the control plane moves to a centralized SDN controller Rules for packet handling are sent to the network infrastructure devices from the controller The network infrastructure devices query the controller for guidance as needed ---& Provide it with info about traffic they are handling

Question 45

Pure SDN

Answer 45

Control plane runs purely on SDN controller Data plane runs purely on network devices

Question 46

Hybrid SDN

Answer 46

(Most common) Majority of control plane intelligence is provided by SDN controller Network devices retain some control plane intelligence as well as data plane operations

Question 47

SDN Architecture

Answer 47

Refer to diagram in study guide

Question 48

Cisco SDN Controllers: APIC (Designed to manage ___ with ___ ___)

Answer 48

Application Policy Infrastructure Controller: Main component of Cisco ACI (Application Centric Infrastructure) Designed to manage data center environments with Nexus switches

Question 49

Cisco SDN Controllers: DNA Center

Answer 49

Digital Network Architecture Center: Designed to manage enterprise environments (campus/branch/WAN) An upgrade to APIC-EM (Application Policy Infrastructure Controller - Enterprise Module)

Question 50

DNA Center Overview (Utilizes ____) - 3 letter acronym

Answer 50

Enables you to streamline operations & facilitate IT & business innovation IBN (Intent-based Networking) built on Cisco DNA takes a software-delivered approach to automating & assuring services across your WAN/campus/branch networks

Question 51

Software Defined Architecture: Building Blocks

Answer 51

DNA Center SD-Access SD-WAN

Question 52

DNA Center Appliance (Runs on ___) (Underlying OS)

Answer 52

Runs on Cisco UCS server hardware Underlying OS is Linux Can be clustered for redundancy

Question 53

IBN

Answer 53

Intent-Based Networking: Transforms a traditional manual network into a controller led network that translates the business needs into policies that can be automated & applied consistently across the network Goal is to continuously monitor & adjust network performance to help assure desired business outcomes

Question 54

Network Plug & Play

Answer 54

Allows routers, switches, & WAPs to be deployed in remote offices with zero touch config Device is physically installed in the remote office & connected to the device Discovers DNA Center through various methods including DHCP option 43 or DNS It then registers with & downloads its config from DNA Center Ensures consistent configuration of remote office devices with no need for a network engineer onsite

Question 55

DNA Center: Assurance

Answer 55

Guarantees that the infrastructure is doing what you intended DNA Center receives info from all the network devices & ISE DNA Center’s correlation engine can identify 150+ different types of network & client issues DNA Center reports the problem & provides recommended remediation actions

Question 56

DNA Center: Network Time Travel

Answer 56

Admins can drill down into the health status of network devices/clients You can see the current status & view historical info Useful for troubleshooting intermittent problems which occurred in the past

Question 57

DNA Center: Path Trace

Answer 57

Can use to query DNA Center for the path that traffic takes over the network

Question 58

DNA Center: API Support

Answer 58

Everything done via Data Center GUI can also be done via northbound REST API DNA Center also supports east/west bound APIs for integration with other services such as reporting & analytics servers

Question 59

SD-WAN Overview

Answer 59

Software-Defined WAN: Cisco acquired Viptela in 2017 to enhance their SD-WAN solution Provides automated setup of WAN connectivity between sites Monitoring & failover is automated Traffic flow control is application aware

Question 60

SD-WAN Benefits

Answer 60

Automated, standardized setup of connectivity between sites Transport independent Simplified, integrated operations More flexibility & easier to migrate WAN services The required, predictable performance for important applications Integration with latest cloud & network tech Lower cost

Question 61

Data Plane - vEdge Routers (They are ___ or ____) (They form an ____ encrypted data plane between each other)

Answer 61

vEdge routers run the data plane They are physical or virtual They form an IPsec encrypted data plane between each other A site can have 2 vEdge routers for redundancy

Question 62

Control Plane - vSmart Controllers (They are the ____ of the solution) (They run as ____) (They distribute ____ & ___ info to the ____ inside the ____) (Each ___ connects to two ___ for redundancy)

Answer 62

vSmart Controllers run the control plane They are the centralized brain of the solution They run as VMs They distribute policy & forwarding info to the vEdge routers inside TLS tunnels Each vEdge router connects to two vSmart controllers for redundancy

Question 63

Management Plane - vManage NMS (Enables ____ & simplifies ____) (Provides ____) (Runs as a ____)

Answer 63

Provides the management plane GUI Enables centralized config & simplifies changes Provides real time alerting Runs as a VM Multiple vManage NMS are clustered for redundancy

Question 64

Orchestration - vBond Orchestrator (Authenticates all ____) (Enables ___ to discover each other) (Has a ___ & is deployed in the ___) (Runs as a ___)

Answer 64

Authenticates all vSmart controllers, vManage NMS, & vEdge routers that join the SD-WAN network Enables vEdge routers to discover each other, vManage & vSmart Has a public IP address & is deployed in the DMZ Runs as a VM (can run as router in smaller deployments) Multiple can be deployed with round robin DNS

Question 65

ZTP Service

Answer 65

Zero Touch Provisioning Service: Cloud based shared service hosted by Cisco Utilized on first boot of vEdge router only Directs it to vBond to orchestrate joining into the network

Question 66

SD-WAN: Premises & Cloud

Answer 66

vBond, vSmart, & vManage can be deployed both on premises & cloud Most deployments are in cloud

Question 67

SD-WAN: Building the Data Plane (The __ directs the ___ to build a full mesh of ___) (____ propogates ___ & ___ to the ___ with OMP)

Answer 67

The vSmart controller directs the vEdge routers to build a full mesh of IPsec VPN tunnels between themselves vSmart propagates policy & routing info to the vEdge routers with OMP (Overlay Management Protocol)

Question 68

SD-WAN: BF VPN Tunnel Monitoring (____ packets are sent over all ___) (This detects if ____ & provide ___, ___, ___ statistics)

Answer 68

Bidirectional Forwarding Detection packets are sent over all VPN tunnels This detects if a tunnel goes down & provide latency, jitter & loss statistics

Question 69

SD-WAN: Traffic Forwarding Options (Load Balancing: 4 types)

Answer 69

If multiple tunnels are available traffic can be load balanced over the tunnels ---Active/Active ---Weighted Active/Active ---Application pinning Active/Standby ---Application Aware Routing

Question 70

SD-WAN: Application Aware Routing (___ monitors the __, __, ___ across the ___) (You can set minimum requirements for an ___ with ___) (___ ensures the application is sent over a link which meets the ____) (By default...)

Answer 70

BFD monitors the latency, jitter & loss across the VPN tunnels You can set minimum requirements for an application with SLA Classes SD-WAN ensures the application is sent over a link which meets its SLA requirements By default traffic will fall back to another link if no suitable link is available