Starting out with network automation
Many customers are asking how to get started with network automation. There is an expectation from the rest of the business that the networking team will be changing its operational model and becoming more agile. How can you get started? One easy way is automating the deployment of new devices. Network Plug and Play (PnP) is a great way to get started. It is a foundational element of the Cisco Digital Network Architecture (DNA).
What is Plug and Play?
PnP is a mechanism to automate deployment of devices. Simply plug a device (router, switch, access point) into the network. It discovers the controller (more on how that happens later), and the automation begins. A few minutes later, your device is upgraded and/or configured and operational.
A PnP solution has four main components:
- An agent, which resides in the IOS software, that looks for a “Controller” when the device is first booted up.
- A PnP Server, which is an application running on APIC-EM (our free SDN controller).
- The PnP protocol, that allows the agent and the Controller to communicate.
- An optional mobile application, which runs on Android and iOS devices.
Discovering the Controller
The first thing that needs to happen is for the device to get in contact with the controller. There are five mechanisms you can use to make this work:
- DHCP server, using option 43 which is set to the IP Address of the controller
- DHCP server, using a DNS domain name. The device will do a dns lookup of pnpserver.<your domain>
- Cloud redirection, which is currently in controlled availability
- USB key. This can be used for routers and remote devices, where some initial configuration of the WAN connection is required (e.g. MPLS configuration).
- Smart Phone app (iPhone/Android). A special console cable connects to the device and downloads the bootstrap configuration. The app can also scan the barcode to create a rule for the device.
Let us go through all the steps to get a switch up and running. The first step is to create an initial configuration file for the switch and upload it to APIC-EM. Plug and Play will require a set of device rules to map a device serial number to a configuration file and/or a software image. To make it easier to organize these rules (there might be hundreds of them) we use a “Project”. A project is much like a folder on your computer for organizing files. In this example the project is called “Sydney”. It is created empty, without any rules, like an empty folder on your computer.
Rules are created inside a project. A rule defines the configuration file and potentially a software image to be sent to the device. If you provide a software image the device will be upgraded. Devices are identified by their serial number. Bootstrap is a small piece of configuration to get the device onto the network (used with the mobile device application). It is not required in other scenarios.
Click “add” to finish this step. Notice “Device Certificate” has been selected. A PKI certificate will be deployed on the device for secure communication between the device and PnP server. APIC-EM also has a built in PKI server, which is used to create and manage this device certificate.
With the above steps completed, our rule is in place. When the device is plugged in, it contacts the controller, initiating the Plug and Play process.
A few minutes later, the device is up and operational on the network.
There was still a bit of human activity in provisioning this device. I needed to create the initial configuration file, upload it to the controller, and create a rule/project. Oh, and I needed to plug the device in and power it on. All except the last step I could automate. The next blog Network Automation with Plug and Play (PnP) – Part 2 will look at how to automate those steps via the rich API in APIC-EM.
In the meantime, if you would like to learn more about this, you could visit Cisco Devnet . DevNet has further explanations about this. Also, we have a Github repository where you can get examples related to PnP.
Thanks for reading