Author of Cisco Press book on IPv6 Security.
Founding member of the Rocky Mountain IPv6 Task Force.
Member of Infoblox IPv6 Center of Excellence
CCIE #5133, CISSP #4610.
BS Computer Science, Colorado State University.
MS Telecommunications, University of Colorado
IPv6, SDN, Networking Protocols, Network Security
Yes, you can definitely use Ansible with a Nexus 9000. You can build your inventory, create your playbook, and then push Ansible modules to the switches. You have to enable NXAPI first, with the "feature nxapi" command. You will need to create an Ansible authentication file (e.g. /home/Ubuntu/.netauth") that contains the username and password for the switch. You can create your .yml file on your server and then run it with ansible-playbook.
... View more
There are many different sides of the Cisco Nexus 9000 switches. As you may already know, the Cisco Nexus 9000 switches have high-performance, high availability hardware, energy efficiency, 40G BiDi optics, and scalability to 100GE interfaces. The Nexus 9000 switches can also run in one of two modes: NX-OS mode or ACI mode. In NX-OS mode, they run the NX-OS software and operate much like any other Nexus switch you know and love. In Application Centric Infrastructure (ACI) mode, they use the Application Policy Infrastructure Controller (APIC) to control their configuration and they participate in an ACI data center fabric as either a spine or leaf switch. In this way, the Nexus 9000 switches have split personalities, but can only run one personality at a time. When the Nexus 9000 is running in NX-OS mode, there are many different modes of operation and programming interfaces. Each one adds a new dimension to what you can do with the switches and further customize how you configure the switches. The Nexus 9000 switches running in NX-OS mode support all the typical configuration methods like standard NX-OS CLI that you are likely already familiar with, in addition to SNMP and NETCONF. We will now look deeper into these different configuration modes that extend the ways that we can speed up and improve the accuracy of how we configure these switches. We should also mention that the Nexus 3000 switches also have these same features, but the focus of this article is on the Nexus 9000 switches. Also, please don’t get intimidated about programming and scripting with these switches. Much of these interfaces build upon your existing knowledge of the NX-OS CLI and support you in your scripting efforts. Bash Shell The Bourne-Again SHell (BASH) runs on-box and give you access to the command shell. To start the shell you mush first install the feature and then invoke the bash with the run CLI command as follows. N9K(config)# feature bash N9K# run bash bash-4.2$ When you are in the bash, you can run common Unix commands like pwd, cd, ps, grep, ifconfig, top, and other scripting syntax like do loops. You can use the bash shell to quickly edit your files on the box itself. One of the great things about bash shell is that it has built in “vi” editor. Not everyone likes the vi editor as much as old-timers like me, so you can still edit the file off-box and TFTP the file to the proper bootflash: directory. To edit your filename with vi, use the following syntax. bash-4.2$ vi /bootflash/my-script-filename.py Nexus 9000 switches also have a scheduler that allows you to periodically run specific processes or scripts. To enable the feature, enter the following command and then proceed to schedule your job. N9K(config)# feature scheduler N9K(config)# scheduler job name my-run-job You can then schedule the start time, stop time, and the number of repeats, and other characteristics of the job. Python The Nexus 9000 switches also allow for Python scripting natively on-box. You can run python in an interactive mode by simply typing “python” at the CLI prompt or the bash shell. N9K# python N9K# >>> print “Hello World!” Hello World! N9K# >>> exit() Alternatively, you can create your own python scripts and run them as needed. The python scripting environment has a standard library that you need to import into your own scripts. You will need to put “import cli” at the top of all of your python scripts. Several of the more useful functions in the python CLI module are: cli.cli() - executes a CLI command and returns the output cli.clid() - outputs the JSON syntax for the CLI command cli.clip() - takes the output of the CLI command and echoes it to standard-out (stdout). Once you write your python script, you store the python file in the scripts directory on the bootflash: storage. Then you can execute your script from the CLI or bash using the following syntax. N9K# python bootflash:/my-script-name.py There is also a way to compile your python scripts if you want using the “python –m compileall my-python-script.py” command. If you should need it, Cisco has written a “Troubleshooting Python API” page that may give you some tips. NX-API The Cisco Nexus Application Programming Interface (NX-API) allows for off-box web-based programmability of the N9K switches and provides tools to aid in your scripting. The Nexus 9000 switches run a NGINX web service that allows for a RESTful API interface using either XML or JSON format with RBAC security. To enable the NX-API interface, you enter the following configuration command. N9K(config)# feature nxapi Then you can use the “show nxapi” CLI command to verify that it is running. Next, you can open your web browser and go to: https://<switch_IP_address>/ins If you want to interact with the NX-API in sandbox mode, then you would open your web browser to: http://<switch_IP_address>/ In this web interface, you can enter CLI commands and then have this utility determine the scripting syntax based on CLI commands you are already familiar with. This is a quick way to learn the XML, JSON or python syntax that you may use in other scripts. Cisco also has a good page on “Troubleshooting NX-API” that may come in handy. Tcl and EEM Just like many other Cisco devices, there is native on-box Tool Command Language (Tcl) scripting. Also, Embedded Event Manager (EEM) is an on-box method of configuring events, actions, and policies to adjust the switch’s configuration or behavior based on monitoring specific states. This works similarly as it does on other NX-OS switches. To invoke a python script from within an EEM script, you use the “action” statement. Broadcom Shell There is also a Broadcom Shell that allows you to access the Broadcom Network Forwarding Engines (NFE). From this shell you can collect information about the T2 ASICs. You can use the “show module” command to see the hardware within the N9K switch. From here you can use the “attach module #” command to gain access to that particular slot/module number. There are a number of commands that give you information on the line card ASICs. Guest Shell and Linux Containers The Nexus switches run a Linux container that has built-in support for software containers. The Guest Shell is an embedded container environment that allows you to further customize the N9K switches and leverage DevOps functionality. This Guest Shell has access to python scripting, PIP python package index, other open source software packages, bootflash access and NX-OS CLI access. With these container modes you can use Puppet, Chef, and Ansible to further perform configuration management, automation and orchestration of N9K configurations. You can verify that you have the Guest Shell container installed using the following CLI command. N9K# show virtual-service list To enter the guest shell simply enter the following CLI command. N9K# guestshell guestshell:~$ From within the Guest Shell, there are limitless possibilities to what you can accomplish and automate. XMPP Cisco also allows for automation using the Extensible Messaging and Presence Protocol (XMPP). Presumably with this feature, you can have your switches tuned into an XMPP channel and send and receive messages from the switches in your environment. Where to go for more info? Cisco has published a “Nexus NX-OS Programmability Guide” that give a lot of good details on how to get started. Cisco has also written a “Cisco Nexus 9000 Series Switches: Integrate Programmability into Your Data Center” that shares insights into programming the N9K switches. If you want to learn more, check out the Cisco Live technical session BRKDCT-1302 “Network Programmability and Automation using Nexus 9000”. There is also another session BRKAPP-9005 “The Migration to Switch Programmability and a Dev-Ops operation with the Nexus 9000 & 3000” that goes into additional details. There are sure to be more information revealed at next week’s Cisco Live U.S. conference. Cisco has put together a set of sample scripts that you can learn from and build on. Cisco has put these “Who Moved My CLI” scripts on GitHub and, provided you have git, you can retrieve them with the following command. git clone https://github.com/datacenter/who-moved-my-cli.git Cisco has also published a set of Nexus 9000 scripts that you can retrieve using git. git clone https://github.com/datacenter/nexus9000.git Summary With all of these varied interfaces, the Nexus 9000 can become far more than a traditional data center switch. The openness of these switches is refreshing and provides a lot more options that simply configuring each switch manually one-by-one using the NX-OS CLI. The Nexus 9000, with these programmability extensions, can be an important part of your Fast IT strategy.
... View more