cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17694
Views
35
Helpful
18
Comments
aradford
Cisco Employee
Cisco Employee

Starting out with network automation

Many customers are asking how to get started with network automation. There is an expectation from the rest of the business that the networking team will be changing its operational model and becoming more agile. How can you get started? One easy way is automating the deployment of new devices.  Network Plug and Play (PnP) is a great way to get started. It is a foundational element of the Cisco Digital Network Architecture (DNA).

What is Plug and Play?

PnP is a mechanism to automate deployment of devices. Simply plug a device (router, switch, access point) into the network. It discovers the controller (more on how that happens later), and the automation begins.  A few minutes later, your device is upgraded and/or configured and operational.

Key Components

A PnP solution has four main components:

  1. An agent, which resides in the IOS software, that looks for a “Controller” when the device is first booted up.
  2. A PnP Server, which is an application running on APIC-EM (our free SDN controller).
  3. The PnP protocol, that allows the agent and the Controller to communicate.
  4. An optional mobile application, which runs on Android and iOS devices.

image1.png

Discovering the Controller

The first thing that needs to happen is for the device to get in contact with the controller. There are five mechanisms you can use to make this work:

  1. DHCP server, using option 43 which is set to the IP Address of the controller
  2. DHCP server, using a DNS domain name.  The device will do a dns lookup of pnpserver.<your domain>
  3. Cloud redirection, which is currently in controlled availability
  4. USB key. This can be used for routers and remote devices, where some initial configuration of the WAN connection is required (e.g. MPLS configuration).
  5. Smart Phone app (iPhone/Android).  A special console cable connects to the device and downloads the bootstrap configuration.  The app can also scan the barcode to create a rule for the device.

image2.png

Getting Started

Let us go through all the steps to get a switch up and running. The first step is to create an initial configuration file for the switch and upload it to APIC-EM. Plug and Play will require a set of device rules to map a device serial number to a configuration file and/or a software image.  To make it easier to organize these rules (there might be hundreds of them) we use a “Project”. A project is much like a folder on your computer for organizing files.  In this example the project is called Sydney.  It is created empty, without any rules, like an empty folder on your computer.

image3.png

Rules are created inside a project.  A rule defines the configuration file and potentially a software image to be sent to the device.  If you provide a software image the device will be upgraded. Devices are identified by their serial number. Bootstrap is a small piece of configuration to get the device onto the network (used with the mobile device application). It is not required in other scenarios.

image4.png

Click “add” to finish this step.  Notice “Device Certificate” has been selected. A PKI certificate will be deployed on the device for secure communication between the device and PnP server.  APIC-EM also has a built in PKI server, which is used to create and manage this device certificate.

image5.png

With the above steps completed, our rule is in place. When the device is plugged in, it contacts the controller, initiating the Plug and Play process.

image6.png

A few minutes later, the device is up and operational on the network.

image7.png

What Next?

There was still a bit of human activity in provisioning this device.  I needed to create the initial configuration file, upload it to the controller, and create a rule/project.  Oh, and I needed to plug the device in and power it on.  All except the last step I could automate.  The next blog Network Automation with Plug and Play (PnP) – Part 2 will look at how to automate those steps via the rich API in APIC-EM.

In the meantime, if you would like to learn more about this, you could visit Cisco Devnet . DevNet has further explanations about this. Also, we have a Github repository where you can get examples related to PnP.

Thanks for reading

@adamradford123

18 Comments
jboga
Level 5
Level 5

Adam,

Can APIC-EM be used to automate the upgrade of IOS in my network devices? I understand that in the first installation, I can do that. But how about choosing to upgrade devices 6 to 12 months after they've been installed.

aradford
Cisco Employee
Cisco Employee

Great question.  Not today.  Today, PnP is for day 0.  Today you can use Prime Infrastructure for day2 (or day 180/360) upgrades. 

jboga
Level 5
Level 5

Adam,

Yeah, that's what I thought. Any plans to incorporate that directly in APIC-EM?

Olivier Jessel
Level 1
Level 1

Hi,

Thanks for the great post.

One question... do we need any special license if we want to play around with APIC-EM and some switches we have in our lab ?

Thanks

aradford
Cisco Employee
Cisco Employee

Thanks Olivier,

APIC-EM is no charge.  IWAN app requires a device license (which is shares with Prime Infrastructure).

PnP, EasyQoS and base apps have no license.

Enjoy!!

Adam

Olivier Jessel
Level 1
Level 1

Thanks . Last but not least, if I have a look at the requirements for the APIC-EM VM machine, I have the feeling I could run half of the google DC within it What would you recommend for the VM to just play with few switches and routers ?

jboga
Level 5
Level 5

Olivier,

Check this thread APIC-EM Demo installation

We were able to use 32 GBs, we didn't try Adam's suggestion of 22 GB. However, that was for version 1.2. I don't know if that has changed with version 1.3

Best,

-- Jose B

aradford
Cisco Employee
Cisco Employee

In 1.3 the 16G demo version has been dropped.

You can use 32G+12cpu for 500 devices and 32G+8cpu for 200 devices.

IWAN has not been tested in this configuration.

Olivier Jessel
Level 1
Level 1

Hi guys,

Thanks for this great news I have request the VM, let see if I can get it... I don't need iWAN, we have already a WAN based on LISP fully redundant, and PfR is not a needed by us today. I am more interested in packing my ansible templates and scripts into APIC-EM and let's see what happen.

sjean2013
Level 4
Level 4

Hi all,

Cloud redirection is it available ?

/Seb

aradford
Cisco Employee
Cisco Employee

Not general availability.  We are still doing controlled.   Should be GA (Generally Available) very soon (~April)

sjean2013
Level 4
Level 4

Hi Adam

Thanks

dehrle001
Level 1
Level 1

Tell me more about the APIC-EN solution with LISP (and I assume GetVPN).  Where can I see or get the solution?

jvikman
Cisco Employee
Cisco Employee

Is there a PNP protocol specification somewhere?

Thanks,

Johan

gurindersingh81
Level 1
Level 1

Hello Adam,

I have a test controller and a test switch. APIC-EM was able to upload the image successfully but post the image upgrade the configuration file was not deployed by APIC-EM. I got the following messages. Would you able to help me on this.

Timestamp

Event
2017-04-19 19:11:36 (India Standard Time)Failed health check since device is stuck in non-terminal state PROVISIONED_IMAGE for more than threshold time: 0 hours, 80 minutes, 0 seconds
2017-04-19 17:48:43 (India Standard Time)Image upgrade was performed successfully
2017-04-19 17:44:49 (India Standard Time)Matched a pre-provisioned device in site Test
2017-04-19 17:43:41 (India Standard Time)Matched a pre-provisioned rule in site Test

The APIC EM controller and test device in separate subnets but on same location.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: