Friday, 15 July 2016

Python for Network Engineers - Part 6 - Using Cisco Nexus NETCONF interface

In the last blog article we looked at using NETCONF with Juniper Junos devices using the ncclient module.  In this blog article we’ll build on this knowledge and use ncclient with Cisco Nexus devices.


Blog Series

Python for Network Engineers - Part 1 - Introduction
Python for Network Engineers - Part 2 - Making REST calls
Python for Network Engineers - Part 3 - Using Cisco Nexus NX-API
Python for Network Engineers - Part 4 - Using Arista EOS eAPI
Python for Network Engineers - Part 5 - Using Junos NETCONF interface
Python for Network Engineers - Part 6 - Using Cisco Nexus NETCONF interface
Python for Network Engineers - Part 7 - Using Palo Alto Networks XML API


Introduction

In NX-OS 7.2 onwards  the Cisco Nexus platform offers a REST API.  However prior to that  the best way to programme a Cisco Nexus device is through it’s NETCONF interface.

In this blog we’ll show that it’s very simple to pass Cisco cli commands through NETCONF and get back structured data.

Cisco NETCONF interface


For this example I’m using a Cisco Nexus N7K and Ubuntu Linux 16.04 with Python.

Nexus Setup
On the Cisco Nexus switch there is no special configuration needed to enable NETCONF.  However you may wish to make a dedicated user for accessing the device whilst scripting.

We can test our Cisco Nexus switch is NETCONF capable by doing a simple SSH command from the Linux prompt:
james@ubuntu:~/python/git/examples/nxncc$ ssh admin@192.168.229.51 -s netconf
User Access Verification
Password:
<?xml version="1.0" encoding="ISO-8859-1"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <capabilities>
    <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
    <capability>urn:ietf:params:netconf:base:1.0</capability>
  </capabilities>
  <session-id>7500</session-id>
</hello>
]]>]]>

The Nexus switch sends a hello message back and we could now send raw NETCONF data to the switch through SSH, but we will just disconnect and use ncclient.

Python Setup
Please refer to the previous blog article (part 5) on how to setup ncclient before proceeding with the below examples.

Example 1
In this first example we’re just going to create a session to the nexus switch, run a simple show command and capture the response.  From the Python interactive prompt:
from ncclient import manager
import xmltodict, json
host = '192.168.229.51'
uname=upass='admin'
s = manager.connect(host=host, port=22, username=uname, password=upass, hostkey_verify=False, device_params={'name':'nexus'})
r = s.exec_command({'show vlan brief'})

We can now display the response data in a human friendly format.  However as it’s structured data it’s very easy for use to manipulate and pull out the bits that we need
j = xmltodict.parse(r.xml)['rpc-reply']['data']
print json.dumps(j, indent=2)

Example 2
In this next example we will execute a configuration level command and also show how we can work under sub prompts.  Assuming we already have a session object “s” from the previous example:
command = 'configure terminal ; vlan 10 ; name PYTHON_TEST10'
r = s.exec_command({command})

We can see we get some basic output to say the command completed correctly:
print r

If we try to execute a command with the wrong cli syntax then we get an error which can be captured in a script easily.  To show this then just try the following:
command = 'configure terminal ; blah blah'
r = s.exec_command({command})

Conclusion


That’s it for this article.  Only two examples, but from those two examples you should be able to do almost any task that you can do on the Nexus cli.

Note on OpenConfig

Lastly a quick note on OpenConfig.  In the last blog post and this one we've looked at using NETCONF to interact with Junos and Nexus devices.  For both we've been able to send cli formatted commands because we're using proprietary data models.

This is great for developing quick and easy tools to do simple tasks.  However to build complex apps on large networks it's harder to use as we always need to determine what device type we're connecting to.  Then we need to structure the configuration data for that device type and we'll get back different structured response data.

OpenConfig means that we can use exactly the same data model on different vendor devices.  For example I could send a standard piece of YANG data over NETCONF to configure a BGP parameter and get back response data in a standardised format.  IOS-XR has put a huge amount of development into OpenConfig in version 6.0.0 but I've yet to play around with it, so please see the links in the references section below.

Resources


NETCONF RFC

Githib for Python NETCONF module and YANG models

No comments:

Post a Comment