Free CCNP 350-401 ENCOR Complete Course: 6.0 Automation

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
- If you're interested in getting ahead in your career. Learn Python, learn Ansible. I've been saying these things for many, many years. Years ago, I was explaining the separation of the control plane and data plane. You can see this video on YouTube as an example made many years ago. This stuff has now become mainstream. It's important that you learn Python and Ansible for the real world and to get ahead in your career. (heavy synth music) This is one of multiple videos covering network automation. In the encore blueprint, we can see in section six 15% of the exam is automation. Topics include interpret basic Python components and scripts. You need to know Python for the encore exam. You need to be able to interpret a Python script. So as part of the series, I'm going to demonstrate the use of Python to automate network devices. I would highly recommend that you follow along, create your own scripts, connect to the Cisco DevNet sandboxes that I'm gonna be using as part of this course or use Cisco VIRL or CML as it's called now and automate network devices. You'll learn a lot more by simply doing something. So don't just watch these videos. Try and create your own scripts as we go through the course. So 6.1, Python, 6.2, construct valid JSON encoded files. 6.3, describe high level principles and benefits of a data modeling language such as YANG. You need to be able to describe APIs for Cisco DNA Center and vManage. 6.5, interpret REST API response codes and results in payloads using Cisco DNA Center and RESTCONF. You need to be able to construct an EEM applet to automate configuration, troubleshooting, and data collection. 6.7, compare agent versus agentless orchestration tools, such as Chef, Puppet, Ansible, and SaltStack. In this first automation video, I'm gonna give you a bit of background information with regards to network automation. We're gonna cover some of the foundational topics. Some of this comes from my CCNA course. So you'll see that I reference some of the blueprint in the CCNA. The reason why I'm doing this, is I want to lay a good foundation. You need to have a good foundation to build upon. So make sure that you learn the basics, but very quickly in subsequent videos, I'm gonna get you creating Python scripts using REST APIs, using JSON, and using some of the technologies that they mention in this section. Make sure that you understand the difference between Puppet, Ansible, Chef, and SaltStack before you go and take your exam. Make sure that you can interpret Python scripts. Make sure that you know how to create a JSON file. So make sure that you know how to read whether a file is correctly formatted using JSON formatting or if it's incorrect. Does it use a single inverted comma, or double inverted commas? Does it use a semicolon or colon? You need to know the format of a JSON file as an example. Okay, I could spend a lot of time talking about network automation in this introductory video, but I want to lay a good foundation in subsequent videos, we'll get into this in more detail. Let's get started talking about network automation fundamentals. (heavy synth music) Let me tell you, the world is changing with network automation. In the same way that we had autonomous access points in the past, and they are now managed using a controller. The idea here, is we're gonna have a controller that manages lots of devices. Now in the first sort of SDN or Software Defined Networking Implementation, the protocol used was OpenFlow. There's a big difference between the way OpenFlow did things and the way network automation is done today. In the purest form of OpenFlow, the switches or devices in your network become dumb. The controller which would simply be a Linux, Ubuntu server as an example, controls the devices in the network. They lose their brain. As a start, understand the following, where is the brain? Where is the intelligence for the network? In the purest OpenFlow implementation, the brain was removed from the networking device and put into the controller. If we had 100 routers, or 100 switches in a traditional network, we have 100 brains. Every router, every switch controls itself. It has its own data plane, or forwarding plane. That's how it switches traffic from one interface to another. It has its own control plane, in other words, its own brain. When a router using OSPF receives an update, it updates its routing table. So the RIB, Routing Information Base, that's a software-based table that's populated with routes learned through OSPF. So the brain is populating the routing table with routes. So the RIB, or Routing Information Base is a software-based routing table. That's then pushed down into the hardware or into the forwarding plane, or data plane. In other words into the FIB, or Forwarding Information Base. In other words, into hardware. So we have the control plane, which is the brain of the device, OSPF is populating the routing information base. The brain determines where traffic is routed. Same kind of idea with spanning tree. Spanning tree BPDUs are received, the brain decides once again which ports are forwarding, which ports are gonna be blocked. So the thing to remember is the device has a local intelligence, the brain is on the device. If we had 100 routers, they would each have their own local brain. Brain is localized to the device, but in the purest OpenFlow example, the devices became dumb and we put the brain into the controller. So the controller, centralized controller, was the brain for 100 devices. That's nice in a way, because the controller is a central device that you can manipulate and then update the forwarding of 100 devices. It also gives the centralized device more visibility of the network, so it can see the entire network instead of the router just seeing its own local routing table and not having visibility of the entire network. There were advantages with this kind of model. OSPF uses the SPF algorithm, shortest path first algorithm. Very complex, you have a distributed system that then somehow converges to decide which is the best paths in the network. Much easier to put the intelligence in a centralized controller, but it didn't work because as an attacker, which device am I going to attack? I'm going to attack that centralized device. If I can take out the controller, I not only just take out one router, I take out 100 routers. So I basically can destroy your network by just killing the controller. There were other problems, because okay, so we have a centralized device, but what about redundancy? If this thing dies, your whole network dies. So that kinda sucks. So what you're gonna do is have more than one controller. And now you're back to this distributed database scenario or synchronization issue. How do I synchronize multiple databases in multiple physical controllers to have a single logical controller? So there were a lot of other issues with this model, became a nightmare. What happens if the routers lose connectivity to the centralized controller? Think about it, the router has its own localized brain in a traditional networking environment. If it loses connectivity to another router, that's not a problem because he has his own local brain. That router has its own local brain, but if you put the brain in the controller and then the routers lose connectivity to the controller because a link goes down, suddenly what do the routers do? They have no brain. So the network dies, or breaks. So a lot of problems with the pure OpenFlow environment. They then came up with this hybrid approach, where we had some intelligence on the devices, some intelligence on the controller, where the controller could override what a router was doing so we could write OpenFlow rules to the router to override traditional networking. So the router as an example, a switch as an example would do traditional routing or traditional switching, but then we could create extra rules here where I could manipulate the flow of traffic from a centralized controller. Now one of the cool things with the OpenFlow model and the whole idea of a controller is these devices talk to the controller using what's called a Southbound API. So the controller is sitting over here, talks down to the devices using Southbound API. Notice how I've got my hand up here. Northbound APIS, Southbound APIs. Just think south down, north up. So an application developer could write an application, talk to the controller using a Northbound API, typically these would be REST APIs, that's very common today and then a protocol would be used on the Southbound API. So the controller would talk down to the routers and switches using some kind of protocol which could be OpenFlow, that was the original idea. Could be SNMP, don't forget simple network management protocol being used for years from management stations to networking devices. So SNMP could be used on a Southbound API, we could use NETCONF, we could use RESTCONF. We could use multiple other options for MPLS, BGP. Basically, there were many protocols. Now you don't have to use the REST API of the controller to manipulate devices. Typically, the idea was you were an application developer you used a Python script that wrote rules to the controller, which then sent it down to the devices. The advantage of that was this concept of abstraction. Complex to write rules to devices. That was what they said. Much easier to write stuff to a REST API on the controller. So you would write rules to the controller using the REST API, so application uses a high-level programming language like Python. Easy REST API on the controller, which then uses multiple protocols down to the devices, OpenFlow, NETCONF, BGPLS, whole bunch of weird and wonderful protocols down to the devices. You as the application developer being abstracted from the networking devices, that's the idea. But, you could do away with the controller and just configure the network devices directly using a Python script or Ansible script. That's what I'm gonna show you in the course because that's a lot easier actually to get started with. It's a lot easier to say, "Okay let's write a simple "Python script that updates something on the router." or pulls information out of the router, or switch. You can mimic this with physical equipment in a lab or in GNS3, or VIRL, or even GF if you like. So here they talk about separation of control plane and data plane. Just note, where is the brain? Local device in the old days, control plane, forwarding plane or data plane was in the device. So think of the data plane as the forwarding through the ASICs. I've got a router, traffic arrives on one interface. It gets switched to another interface. So data gets sent through the device, it's switched on the data plane, or forwarding plane. That still resides in the device. Typically it's done using ASICs, but the control plane or the brain, where does it reside? Today we still want to have the brain in the device. OpenFlow, the brain was removed and put into a separate controller. We don't want to do that. Cisco devices didn't really support OpenFlow, they still don't. The idea is the brain remains on the device, but we can use a centralized controller to configure the devices. So rather than making the devices dumb, we still allow them to do their forwarding, we still allow them to have their local brain, but we can configure the devices either directly or through a controller which makes it easier to manage many devices. So that's one of the central ideas of a controller-based network. Now what I haven't mentioned here is the management plane. There are actually three planes, control plane, or forwarding plane. It's like saying router, router. How is the traffic forwarded through the device? That always remains on the device 'cause we want high speed switching, or forwarding on the device. Brain, where does it reside? Typically it resides on the device, but we could have put it into a controller. Where is the management? So what's the management plane? We typically manage a Cisco device using a console, or remotely would be Telnet, bad idea, and SSH. So how do we manage the device? Now, us as humans would use one of those interfaces to configure the device, but to manage the device using a application, we in the old days would use SNMP. Simple Network Management Protocol. SNMP has issues. Number one, SNMP version one and two are insecure. Very easy to hack, bad idea to use SNMP version one and version two. SNMP version three supports encryption and authentication much better, but SNMP is not easy. The OIDs and the way to extract information from a device is difficult. So the rage today, which has actually been going on for a few years is to use a API. Application Programming Interface. Again, REST is one of the most popular APIs used all over the place. So when we transition from being a pure network engineer to doing more programming, the guys from the programming world are used to REST APIs, they're used all over the place once again in applications. So when they want to configure network devices, it makes sense that that device has a REST API. But just be aware, that a lot of old devices will not have a REST API, you need to use a modern Cisco network device to get a REST API. So just because REST is cool doesn't mean that all devices are gonna support REST. So in the examples that I'm gonna show you in this course which is very much based from my original Python course, I'm gonna show you how to configure the devices using Telnet and SSH, because that's an easy way to get started. Start with the basics at CCNA level, then go and do your DevNet associate exam. I highly recommend that you do the DevNet certification. So get your DevNet certification, so that you can prove to employers that you're not just a network engineer, but you also understand programming. Now, as I've said, I've been talking about programming for a long time. I spoke about OpenFlow more than five years ago. So the idea is, this stuff has been bubbling up in the industry, but now Cisco have formalized it. So my recommendation is, learn Python and Ansible. Learn this stuff for the real world, not for the CCNA. Learn it for the real world, and for the DevNet certification and go and get your DevNet certification as soon as you can, so that you can prove to employers that you're not just a network engineer, but you also understand programming. I'm afraid that being a traditional network engineer with no understanding of programming is over. You will need to learn programming if you want to have a good job in future. (heavy synth music)
Info
Channel: David Bombal
Views: 75,041
Rating: undefined out of 5
Keywords: ccnp, encor, 350-401, ccnp encor, devnet, ccna, python, ansibe, ccnp enterprise, free ccnp, automation, network automation, network programmability, ccnp training, ccnp study, cisco certifications, cisco training, cisco, cisco certified network professional, ccnp certification, encor 350-401, certification, ccnp automation, ccie, ccie encor, cisco ccnp exam, cisco ccnp, ccnp routing, cisco encor training, cisco encor test, cisco encor exam, 2020 ccnp, ccnp review, cisco ccna
Id: _Z_OHL8lBqQ
Channel Id: undefined
Length: 16min 11sec (971 seconds)
Published: Tue Apr 28 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.