With Open IOS XE, Cisco is Changing the Game
Old-school network engineers probably remember the Cisco 2500-series router. It ran a slow Motorola 68000 CPU, the monolithic IOS operating system, and did one thing only: route packets. Routers and switches have certainly sped up since then, and the operating system has been modernized, but networking hasn’t changed much otherwise. We still use CLI and SNMP to manage our networks the same way we did in the 1990’s.
With Open IOS XE, however, Cisco is changing the game. We now support powerful programmable interfaces like NETCONF and YANG. We can easily on-board devices without tedious manual configuration, and we can host Python scripts and applications all directly on the box. As a result, network engineers are able to configure their networks more quickly, with fewer errors, and build a network that understands and adapts to events.
Let me introduce you to four key areas where IOS XE helps you program the network, automate routine tasks – day zero provisioning, NETCONF/YANG, On-box Python, and app hosting.
Day Zero Provisioning
If you were given 50 switches to configure, how would you do it? If you’re like most network engineers, you would configure one, paste its configuration into Notepad, tweak a few values, paste that back into the next switch, and repeat. Aside from being highly inefficient and error-prone, this probably isn’t the most exciting part of your job. When it comes time to do the image upgrades on those switches, it’s TFTP and a lot of coffee.
Today’s day-zero technologies automate the provisioning process for network devices like the Catalyst 9k. Switches, routers, and other devices can pull down both their configuration and system image from an external server, resulting in automated deployment with no touch other than plugging in the box and turning it on.
Figure 1 – IOS XE offers three different Day Zero provisioning options to
meet the needs of customer environments
Figure 1 above shows you the three provisioning options available in IOS XE. Cisco has developed Network Plug-N-Play, which works across a number of different platforms and offers robust enterprise features such as a cloud redirection service. PnP, which uses Cisco’s APIC-EM SDN controller, has been around for a while now and is our most turnkey solution.
IOS XE goes beyond PnP starting in 16.5. We now support Zero Touch Provisioning (ZTP) and Preboot eXecution Environment (PXE) on our switches and routers. While not as full-featured as PnP, ZTP and PXE boot use entirely open protocols, and may be better suited to environments with a mix of products.
NETCONF/YANG
Network scripting used to mean two things: Expect and Regular expressions. With Expect, we had to send CLI commands to the box while “expecting” (waiting for) a response before sending the next command. Regular expressions are just a complex way of doing string parsing. They look like “/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.[\W]).{8,}$/” but for most network engineers, they’re more like, “!@##!@#”.
If Expect and Regular expressions give you nightmares, we have good news. Open IOS XE supports YANG data models and the NETCONF protocol. Data models describe the structure of configuration and operational data on a network device like a Catalyst 9k switch. YANG models make it far easier to write scripts that read or write data from IOS XE products. When reading operational data, a single line of code can convert an output into a Python dictionary, saving hours of laborious Regular expression building and verification. When sending configuration, we can use data models to easily turn configuration into a template into which we can quickly insert variables.
Figure 2 – Cisco’s YDK tool automatically generates APIs based on YANG
models for many languages
NETCONF is the protocol that uses YANG models. Think of NETCONF like SNMP and YANG like the MIB. NETCONF uses a secure channel to send and receive data structured according to the YANG models. NETCONF adds an additional layer of functionality. For example, it allows for easy rollback of an entire block configuration change if an error is detected.
Let’s look at an example of reading operational data with YANG models. (If you need to back up a few steps to learn more about YANG and NETCONF, please check out the Network Engineer Learning Track on DevNet.) In the following example, We can use a Python script to read in the BGP neighbors using the models:
Figure 3 – Using Python to quickly extract BGP neighbor information using a YANG model
The first line of code reads in the data using the NCClient Python tool and converts it to a Python dictionary. The second line extracts the BGP neighbors from the RPC message that comes back. If we wanted to loop through the list and print out all the neighbor IDs, we could do it like this:
Figure 4 – NETCONF YANG example continued
Try that with regular expressions!
On-Box Python
If you don’t want to run your scripts on a server, why not run them on your switch? Starting in Open IOS XE 16.5, Catalyst switches support on-box Python running in a Linux container. On-box scripts can access the same data models we just described, but can also directly access the device bootflash and send CLI if necessary. Even more powerful, on-box Python can be integrated with Cisco’s Embedded Event Manager (EEM). EEM takes actions based on events on the device, so you could use it to trigger a Python script when the box is configured, when an IP SLA probe fails, or when an interface shuts down. With REST APIs, you could even post a notification of the error condition to a Spark room, or open a trouble ticket in your help desk system.
Python wouldn’t be much without its libraries, so we also support PIP install of Python modules.
App Hosting
When is a switch not a switch? When it’s hosting third-party applications! You won’t be playing video games on your Catalyst, and we don’t recommend mining digital currency with it, but you can install applications for network troubleshooting and performance monitoring.
Figure 5 – The Catalyst 9000-series can host several applications in VMs or containers
The Catalyst 9k has an x86 processor and an option for USB and even SSD external storage to make it possible to run a variety of applications directly on the switch. Want to run a performance monitoring tool like iPerf directly on your switch? It’s now possible with the Catalyst 9k and Open IOS XE. Take a look:
Figure 6 – Running iPerf on an IOS XE device to test performance
You can see from this output that we actually connected to an LXC container from our switch, and ran an iPerf test successfully. IOS XE supports both LXC containers as well as full-blown virtual machines, depending on your requirements. Containers run directly on the IOS XE kernel, so they are lightweight and have better driver support. VMs have their own kernel, so they provide better security.
You could spin up a VM and then install your software on it using standard tools like RPM or Yum. However, you probably don’t want to do this 50 or 100 times. Cisco’s IOx framework provides tools for packaging applications which can be easily distributed to your switches. There are three ways to get your packages on to your switches:
- CLI-based copy of the package to the device, followed by CLI-based activation
- Copy and activate through the GUI using Local Manager on a single device
- Copy and activate on multiple devices using Fog Director
Learn more about Cisco’s IOx framework at DevNet.
Conclusion
Cisco routers and switches have come a long way since the days of IOS. Our latest products provide a robust platform for programming the network, automating laborious tasks, and hosting applications. As the management of network devices changes, it’s critical for network engineers to keep developing their skills to take advantage of programmability. Cisco offers a number of resources to helping engineers grow their skills. In addition to breakouts and labs at Cisco Live, the DevNet community is a great place to start learning about programmability and expand your skills. Check out the Network Engineer Learning Track on DevNet and start programming with IOS XE!
Nice Job Jeff. I can’t wait to see the upcoming blogs that dive into the details of these technologies!
Great post, Jeff! Love the run down of how things used to be done and what is possible today now that programmability is built into the network with IOS-XE and with app hosting.
Jeff, very nice article! Love the way you wrote those and I found this very funny:
Regular expressions are just a complex way of doing string parsing. They look like “/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.[\W]).{8,}$/” but for most network engineers, they’re more like, “!@##!@#”.
Hahaha..
Jeff, well done thoughtful article on the future of networking and how the future is now.
Thank you Jeff. Very nice post, things are absolutely moving so fast. ZTP is definitely a much more convenient and easy to use.
Also, I don’t think that anybody will disagree with you on regular expressions nightmare (funny).