Showing results for 
Search instead for 
Did you mean: 
Cisco Employee
Cisco Employee

Let’s go Deeper – into our code

Recently, I wrote a blog entitled, "Under the Hood with Cisco DevNet: Developers> Cisco DNA Rocks!". In that blog, I talked about how I liked “APIC-EM”, “CMX” and “Collaboration”, related to the Cisco DNA architecture. In this blog, I thought we’d go under the hood, all the way to some code, in order to show you what is so cool about APIC-EM. If you are a network engineer or developer interested in network programming, this should be interesting for you.

Our Story

I recently went with my wife to a major retail store to buy some jeans. Unfortunately, they did not have the pair I wanted in my size. We went and found a sales person. First, they looked in the back. Then, they checked online. Eventually, they found a pair in a different store. I got out my credit card, purchased the pants and had them a few days later. That was good service for a retail store – historically. But, it took ~30 minutes to buy a pair of jeans – AFTER I knew what I wanted.

Now, let me tell you a hypothetical story in a digital world. A world that uses digitization to make the customer experience dramatically more enjoyable.

I went to the store to buy jeans. Again, they did not have them in that store. I whipped out my smartphone and used the store’s application. I had jeans coming to my house in a couple days. It took less than 5 minutes. In the future, I think we will have stories like this in successful retail businesses.

Our Use Case

In order to make our hypothetical story work, we’re going to need a great network. And, we are going to build on it, over the next few blogs.

Our retail network is not just moving data from the store to headquarters. Customers need Internet access so they can Snapchat outfits, and use our store application. Our store needs voice and video. All of our networks must be secure, reliable, and provide good performance.

In the figure below, you can see our store and our headquarters. You can see that our store is connected two ways. We have an MPLS connection and an Internet connection. MPLS is our primary link between our store and headquarters. You can also see 4 boxes showing our applications, color-coded to match the paths traveled by their packets. Note that our Internet access could go direct from the store. But, we’re using a centralized security policy like many of our customers do today.


We are going to build this network using our Digital Network Architecture, so I can highlight those things I said were great. Yes, I work at Cisco and admit some bias. But, I have been doing tech for over 30 years. APIC-EM, and the associated free apps, represents some of the coolest technology I’ve seen.

Our Technology

With APIC-EM, our SDN controller, you can configure this network with a drag and drop GUI. Back in the day, it took hours of VPN and QoS command line. Here’s a demo of the good way! All the traditional command line work is done automatically, in the background.

What you may have noticed in the video is a term called, “Policy”. In IWAN, which runs over APIC-EM, we drag and drop various applications into categories. Then, we set the policy for those categories. This controls the network traffic according to our business needs. Basically, we’re setting up our network according to our business intent. Application policies are the mechanism by which our business intent is applied to the network.

The demo video shows you how easy it is to configure the network. You don’t need to do 1,000s of commands on the routers any more.

To the Code

Here’s where this gets interesting for developers. All of the GUI capability is also available via northbound REST APIs. What we’re going to do is change our network – based on events. We’ll stick to a simple event. Time. At 8AM and 9PM we want to change the policy for backup and storage traffic. Check out the table below and note the green highlighted section.


If we focus on “backup and storage”, we can look at some code that teaches us, without getting caught up in the details. I only want to discuss how to change a policy using the API. You can use this method to change all of the policies you want.

Time-based changes are not built in to APIC-EM. To do time-event driven network changes, we will use the API. This is an easy introduction to network automation programming. Here’s what we need to do.

  1. Use the API to “GET” the existing configuration. It’s a JSON payload.
  2. Save it. Let’s save it as the "daytime" configuration.
  3. Edit the JSON payload to be the “night time” policy and save that too.
  4. Create some code to “PUT” a payload.
  5. Set up Microsoft Task Scheduler to execute your code at the right times, 8AM and 9PM.

The Code

Below, I’ve included a couple of blocks of text showing the JSON payloads that you would “GET” and “PUT” using the REST API.


The yellow highlighted text shows you the variable you would change to apply your two different policies. This video, by Adam Radford, @adamradford123, Cisco Distinguished Engineer, shows how to do this in all the detail you want!

More Information

To try this, go to Cisco DevNet and register. Start at the learning labs. Then, click on Networking to find the APIC-EM labs or, if needed, the ACI-101 and ACI-102 labs. If you want more of an overview before you get started, visit the APIC-EM area in DevNet.

In my next blog, we’re going to dive into location services with CMX. If you have questions, or want to chat, hit
me up @coggerin. We’ll go from there.

Thanks for reading!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers