Network Automation & Programmability Flashcards

1
Q

Issues with Traditional Network Management

A

Configuring 1 device at a time is consuming/inefficient

Increases likelihood of typos/mistakes

Individual edits to multiple devices by separate engineers over time with little version control leads to configuration drift (non-standardized configs)

Having non-standardized configs and accessing one device at a time is also inefficient for troubleshooting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Network Automation Uses

A

Device config
Initial device provisioning
Software version control
Collecting stats from devices
Compliance verification
Reports
Troubleshooting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Network Automation Benefits

A

Enables automation which reduces human to machine interaction
–Greatly reduces the chance of human error

Modern tools have been built with monitoring, configuration, & troubleshooting in mind

It is much more scalable than configuring one device at a time

Network programmability can provide configuration version control
–Software version control as well

Troubleshooting is more efficient with a system-wide view & correlation between events

Events & error codes can be acted on programmatically

Improving configuration & troubleshooting efficiency reduces operational expenses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Network Automation Assurance

A

Ensure devices have a standardized config

Provide reports & correct exceptions

Provide correlation between events on different devices

Automatically take corrective action on events & error codes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Automation Methods

A

There are multiple methods to automate network management:

Python, NETCONF, RESTCONF, Ansible, Puppet, SDN, Cisco DNA center

Not all methods are supported by all devices

Choose the method most suitable for your environment/skills

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Python for Network Programmability

A

Relatively easy to learn with many training resources
Human readable
Open source
Cross OS compatible
Easy to find network automation code samples

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Git

A

A distributed version control system for tracking changes in source code & files
Typically used for software development but can provide version control for any type of files

With most client-server version control systems, the code has to be “checked out” and can only be worked on by one dev at a time

Every Git directory on every computer is a full-fledged repository with complete history and full version-tracking abilities
—Because of this, the code can be worked on by multiple devs

Organizations typically designate one repository as the master copy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

GitHub

A

A Git repository hosting service which adds many of its own features

Repositories can be public or private
Repositories can be copied between users

Task management tools are available
Control mechanisms provide security & resolve conflicts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CI/CD

A

CI (Continuous Integration)
CD (Continuous Delivery/Deployment)

A set or operating principles & practices that enable app development teams to deliver code changes more frequently & reliably

Frequent changes are more efficient than rolling them up into large change windows

Automation of building/testing/deployment

Implementation = CI/CD pipeline

Tools such as Jenkins & Travis CI aid management of the pipeline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Serialization

A

The process of converting structured data to a standardized format that allows sharing or storage of the data in a form that allows recovery of its original structure

Allows transfer of the data between different systems, apps, & programming languages

XML, JSON, & YAML are human & machine readable, plain text data encoding formats

Data formats are mostly interchangeable

Which one to use depends on the support in the system being used, & which is easiest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

JSON

A

JavaScript Object Notation:

First standardized in 2013
Easier for humans to read & work with than XML
Can be imported directly into JS
White space has no special meaning
RESTful APIs often use JSON

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

JSON Data Types: Object

A

An unordered collection of key/value pairs
Describe what the object is
Surrounded by curly braces {}

Keys must be strings, & values must be a valid JASON data type
Keys & values are separated by a colon
Each key/value pair is separated by a comma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

JSON Data Types: Array

A

An ordered list of values

Surrounded by square brackets []

Values must be a valid JSON data type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

JSON Data Types: String

A

Alphanumeric string of characters

“Name” : ”GigabitEthernet1”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

JSON Data Types: Number

A

“Input Errors” : 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

JSON Data Types: Boolean

A

“Enabled” : true

A true/false statement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

JSON Data Types: Null

A

“Msec” : null

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

XML

A

eXtensible Markup Language:

Standardized in 1998
Designed to describe & transfer data, while HTML is focused on displaying data

White space has no special meaning
value contained within objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

YAML
(Often used in ____, ___, & ___)
(also what does it start with)

A

YAML Aint Markup Language:

Often used in Python, Perl, & Ansible
Designed to be easily read by humans

White space = important
Anything at a common indentation level is considered related at the same level

Starts with —
Key: value representation
- indicates a list
Ansible playbooks use YAML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

API

A

Application Programming Interface:

A way for computer programs to communicate directly with another program
Typically used to perform CRUD operations

Two main API types for web services
—SOAP
—REST

NETCONF and RESTCONF are APIs specifically designed to work with network services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

CRUD

A

Create, Read, Update, Delete:

When we are building APIs, we want our models to provide four basic types of functionality

The model must be able to Create, Read, Update, and Delete resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

SOAP
Transport is __
Data Format is __

A

Simple Object Access Protocol:

Standard communication protocol system that permits processes using different OSs to communicate

Transport is typically HTTP(S)
Data format is always XML

Has strict standards to adhere to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

REST
Transport:
Data:

A

Representational State Transfer:

An architecture, not a protocol
Gives guidelines for the structure & organization of an API

Supports any transport & data format

HTTP(S) transport & JSON (or XML) data formats are commonly used

Typically faster performance & easier to work with than SOAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

REST Constraints

A

Client-server architecture: the client sends a request, server sends response

Uniform Interface: provides simplicity

Statelessness: no client context is stored on the server between requests

Cacheability: responses must define themselves as either cacheable or non-cacheable

Layered system: any intermediary devices such as load balancers must be transparent to the client/server

Code on demand (optional): servers can temporarily extend or customize the functionality of a client by transferring executable code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

REST Request URL

A

Request method must be sent (Get, Post, etc)

Headers with key:value pair info about the request can be added

Accept:application/json, credentials

Post, Put, & Patch requests include data in the body

https://demo.flackbox.com/api/running/aaa/users/neil?dryrun

demo.flackbox.com = Target Host
/api/running/aaa/users/neil = Resource
?dryrun = Parameters (optional)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

REST Response Codes

A

1xx: Informational

2xx: Success
–200: OK
–201: Created
–204: No Content (deleted)

3xx: Redirection

4xx: Client Error
–400: Bad request/malformed syntax
–401: Unauthorized
–403: Forbidden
–404: Not Found

5xx: Server Error
–500: Internal Server Error

Responses to Get requests include data in the body
Headers can also be included in the response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Data Models

A

A well understood & agreed upon method to describe something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

YANG

A

Yet Another Next Generation:

A data modeling language which provides a standardized way to represent the operational & config data of a network device

It can be used both internally & when packaged for transmission

Refer to diagram on study guide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Network Management Transport

(3 APIs that describe the methods)

A

The configuration & operational status of a network device’s components & services can be remotely read/written to

NETCONF, RESTCONF, & gRPC are APIs which describe the protocols & methods for transport of network management data

30
Q

Model-Driven Programmability Stack

A

Refer to diagram in study guide

31
Q

NETCONF & YANG

Encoding Type
Transport Type

A

NETCONF (2006) was designed to replace SNMP

NETCONF & YANG (2010) provide a standardized way to programmatically inspect & modify the configuration of a network device

NETCONF is a protocol that remotely reads/applies changes to the data on the device

XML encoding is used

Transport is over SSH/TLS

32
Q

NETCONF Protocol Stack

A

Content: the data to be inspected/changed

Operations: (Example = , )
Initiated via RPC methods using XML encoding

Messages: RPC (Remote Procedure Calls)
Allows one system to request another system to execute code

Transport: between client/server. Supports SSH/TLS

33
Q

RESTCONF

Encoding Type
Transport Type

A

2017
Builds on NETCONF

An IETF draft that describes how to map a YANG specification to a RESTful interface

Uses HTTP verbs over a REST API

RESTCONF is not intended to replace NETCONF, but simpler to use

XML or JSON encoding
Transport is HTTP(S)

34
Q

gRPC

Encoding Type
Transport Type

A

Google RPC:

An open source remote procedure call system initially developed at Google in 2015

Well suited to collecting telemetry statistics

GPB Google Protocol Buffers encoding is used
Transport is HTTP/2

35
Q

Postman

A

Very popular tool to test the operation of REST APIs

It can be downloaded as a standalone application or run as a chrome plugin

Collections & environment variables allow you to easily reuse requests

Requests can be exported as code in multiple programming languages

(cURL in Linux or the requests module in Python can be used to test APIs)

36
Q

Configuration Management Tool Benefits

A

Can automate provisioning & deployment of servers & network devices

Requires little knowledge of programming

Have established development practices including version control & testing

37
Q

Ansible

(Communicates via ____ by default) - Protocol
(Ansible playbooks are ___ files that outline the ____)

A

2012
Can be run from any machine with Python 2 or 3 installed

Agentless

Push model

Communicates via SSH by default
Simpler than most other tools

Modules
—Pre-built Python scripts
—Many pre-built network modules exist

Ansible inventory files define all hosts that will be managed by the control workstation
Ansible playbooks are YAML files that outline the instructions it needs to run

38
Q

Puppet

(Uses __ instead of YAML)

A

2005
Typically uses an agent on target devices

“Puppet Master” runs on Linux server

Pull model, agent checks in every 30 mins by default

Written in Ruby
Uses proprietary DSL rather than YAML

“Manifest”
—Defines the device’s properties

It can check configuration consistency

39
Q

Chef

A

2009

An agent must be installed on target devices

Pull model

Written in Ruby

Terminology is Cook Book > Recipe

40
Q

Configuration Management Tool Support

(___ is more suitable for network environments)

A

Ansible, Puppet, & Chef were designed primarily for server system administration

Ansible is typically more suitable for network environments than Puppet/Chef because it does not require an agent. (Also simpler to learn/use)

Cisco devices usually can’t run an agent
—Puppet works on some Nexus switches (more support may be added later on)

41
Q

SDN Router/Switch Planes: Data (Forwarding) Plane

A

Traffic which is forwarded through the device

42
Q

SDN Router/Switch Planes: Control Plane

A

Makes decisions about how to forward traffic

Control plane packets such as routing protocol/spanning tree updates are destined to or locally originated on the device itself

43
Q

SDN Router/Switch Planes: Management Plane

A

The device is configured & monitored in the management plane

For example at the CLI via Telnet/SSH, via a GUI using HTTPS/API/SNMP

44
Q

SDN: Data & Control Plane Separation
(Control plane moves to a ___)
(Rules for packet handling are sent to the ___ from the ___)
(The ___ devices query the ___ for guidance as needed)

A

Network infrastructure devices are responsible for their own individual control & data planes in a traditional environment

SDN decouples the data & control planes

The network infrastructure devices are still responsible for forwarding traffic
—But the control plane moves to a centralized SDN controller

Rules for packet handling are sent to the network infrastructure devices from the controller

The network infrastructure devices query the controller for guidance as needed
—& Provide it with info about traffic they are handling

45
Q

Pure SDN

A

Control plane runs purely on SDN controller

Data plane runs purely on network devices

46
Q

Hybrid SDN

A

(Most common)

Majority of control plane intelligence is provided by SDN controller

Network devices retain some control plane intelligence as well as data plane operations

47
Q

SDN Architecture

A

Refer to diagram in study guide

48
Q

Cisco SDN Controllers: APIC

(Designed to manage ___ with ___ ___)

A

Application Policy Infrastructure Controller:

Main component of Cisco ACI (Application Centric Infrastructure)

Designed to manage data center environments with Nexus switches

49
Q

Cisco SDN Controllers: DNA Center

A

Digital Network Architecture Center:

Designed to manage enterprise environments (campus/branch/WAN)

An upgrade to APIC-EM (Application Policy Infrastructure Controller - Enterprise Module)

50
Q

DNA Center Overview

(Utilizes ____) - 3 letter acronym

A

Enables you to streamline operations & facilitate IT & business innovation

IBN (Intent-based Networking) built on Cisco DNA takes a software-delivered approach to automating & assuring services across your WAN/campus/branch networks

51
Q

Software Defined Architecture: Building Blocks

A

DNA Center
SD-Access
SD-WAN

52
Q

DNA Center Appliance

(Runs on ___)
(Underlying OS)

A

Runs on Cisco UCS server hardware

Underlying OS is Linux

Can be clustered for redundancy

53
Q

IBN

A

Intent-Based Networking:

Transforms a traditional manual network into a controller led network that translates the business needs into policies that can be automated & applied consistently across the network

Goal is to continuously monitor & adjust network performance to help assure desired business outcomes

54
Q

Network Plug & Play

A

Allows routers, switches, & WAPs to be deployed in remote offices with zero touch config

Device is physically installed in the remote office & connected to the device

Discovers DNA Center through various methods including DHCP option 43 or DNS

It then registers with & downloads its config from DNA Center

Ensures consistent configuration of remote office devices with no need for a network engineer onsite

55
Q

DNA Center: Assurance

A

Guarantees that the infrastructure is doing what you intended

DNA Center receives info from all the network devices & ISE

DNA Center’s correlation engine can identify 150+ different types of network & client issues

DNA Center reports the problem & provides recommended remediation actions

56
Q

DNA Center: Network Time Travel

A

Admins can drill down into the health status of network devices/clients

You can see the current status & view historical info

Useful for troubleshooting intermittent problems which occurred in the past

57
Q

DNA Center: Path Trace

A

Can use to query DNA Center for the path that traffic takes over the network

58
Q

DNA Center: API Support

A

Everything done via Data Center GUI can also be done via northbound REST API

DNA Center also supports east/west bound APIs for integration with other services such as reporting & analytics servers

59
Q

SD-WAN Overview

A

Software-Defined WAN:

Cisco acquired Viptela in 2017 to enhance their SD-WAN solution

Provides automated setup of WAN connectivity between sites

Monitoring & failover is automated

Traffic flow control is application aware

60
Q

SD-WAN Benefits

A

Automated, standardized setup of connectivity between sites

Transport independent

Simplified, integrated operations

More flexibility & easier to migrate WAN services

The required, predictable performance for important applications

Integration with latest cloud & network tech

Lower cost

61
Q

Data Plane - vEdge Routers

(They are ___ or ____)
(They form an ____ encrypted data plane between each other)

A

vEdge routers run the data plane

They are physical or virtual

They form an IPsec encrypted data plane between each other

A site can have 2 vEdge routers for redundancy

62
Q

Control Plane - vSmart Controllers

(They are the ____ of the solution)
(They run as ____)
(They distribute ____ & ___ info to the ____ inside the ____)
(Each ___ connects to two ___ for redundancy)

A

vSmart Controllers run the control plane

They are the centralized brain of the solution

They run as VMs

They distribute policy & forwarding info to the vEdge routers inside TLS tunnels

Each vEdge router connects to two vSmart controllers for redundancy

63
Q

Management Plane - vManage NMS

(Enables ____ & simplifies ____)
(Provides ____)
(Runs as a ____)

A

Provides the management plane GUI

Enables centralized config & simplifies changes

Provides real time alerting

Runs as a VM

Multiple vManage NMS are clustered for redundancy

64
Q

Orchestration - vBond Orchestrator
(Authenticates all ____)
(Enables ___ to discover each other)
(Has a ___ & is deployed in the ___)
(Runs as a ___)

A

Authenticates all vSmart controllers, vManage NMS, & vEdge routers that join the SD-WAN network

Enables vEdge routers to discover each other, vManage & vSmart

Has a public IP address & is deployed in the DMZ

Runs as a VM (can run as router in smaller deployments)

Multiple can be deployed with round robin DNS

65
Q

ZTP Service

A

Zero Touch Provisioning Service:

Cloud based shared service hosted by Cisco

Utilized on first boot of vEdge router only

Directs it to vBond to orchestrate joining into the network

66
Q

SD-WAN: Premises & Cloud

A

vBond, vSmart, & vManage can be deployed both on premises & cloud

Most deployments are in cloud

67
Q

SD-WAN: Building the Data Plane

(The __ directs the ___ to build a full mesh of ___)
(____ propogates ___ & ___ to the ___ with OMP)

A

The vSmart controller directs the vEdge routers to build a full mesh of IPsec VPN tunnels between themselves

vSmart propagates policy & routing info to the vEdge routers with OMP (Overlay Management Protocol)

68
Q

SD-WAN: BF VPN Tunnel Monitoring

(____ packets are sent over all ___)
(This detects if ____ & provide ___, ___, ___ statistics)

A

Bidirectional Forwarding Detection packets are sent over all VPN tunnels

This detects if a tunnel goes down & provide latency, jitter & loss statistics

69
Q

SD-WAN: Traffic Forwarding Options
(Load Balancing: 4 types)

A

If multiple tunnels are available traffic can be load balanced over the tunnels
—Active/Active
—Weighted Active/Active
—Application pinning Active/Standby
—Application Aware Routing

70
Q

SD-WAN: Application Aware Routing

(___ monitors the __, __, ___ across the ___)
(You can set minimum requirements for an ___ with ___)
(___ ensures the application is sent over a link which meets the ____)
(By default…)

A

BFD monitors the latency, jitter & loss across the VPN tunnels

You can set minimum requirements for an application with SLA Classes

SD-WAN ensures the application is sent over a link which meets its SLA requirements

By default traffic will fall back to another link if no suitable link is available