Automation & Programmability Study Guide

1. Software-Defined Networking (SDN)

SDN separates the network's control plane (decision-making) from the data plane (packet forwarding), centralizing control in a software-based controller.

Traditional vs SDN Architecture

Network Planes

Plane	Function	Examples
Data Plane (Forwarding)	Actual packet forwarding	Moving frames/packets based on tables
Control Plane	Builds forwarding tables	Routing protocols (OSPF), STP, ARP
Management Plane	Device configuration & monitoring	SSH, SNMP, Syslog, APIs

SDN Benefits

Centralized Management: Single point of control for entire network
Programmability: Network behavior through software/APIs
Agility: Rapid deployment of changes
Network-wide View: Controller sees entire topology
Vendor Neutral: Open standards (in theory)

OpenFlow: An early and influential SDN protocol that allows the controller to directly program the forwarding tables of network devices. Uses TCP port 6653 (formerly 6633).

2. Controller-Based Architectures

SDN Controller Interfaces

Interface	Direction	Purpose	Examples
Northbound API	Controller ↔ Applications	Allow apps to interact with controller	REST API, Java API
Southbound API	Controller ↔ Devices	Controller programs network devices	OpenFlow, NETCONF, RESTCONF
Eastbound/Westbound	Controller ↔ Controller	Communication between controllers	Federation, synchronization

Cisco SD-Access

Cisco's SDN solution for enterprise campus networks, managed through DNA Center.

SD-Access Components:

DNA Center: Centralized management and automation platform
Fabric: Overlay network using VXLAN and LISP
ISE: Identity Services Engine for policy and access control

Cisco SD-WAN

SDN solution for WAN connectivity, providing centralized control of branch office connections.

Component	Function
vManage	Management and monitoring GUI
vBond	Orchestrator for initial device authentication
vSmart	Controller for routing and policy
vEdge/cEdge	Edge routers at branch sites

Know the difference between SD-Access (campus/LAN) and SD-WAN (wide area network). Both use centralized controllers but serve different network segments.

3. REST APIs

REST (Representational State Transfer) APIs provide a standardized way for applications to communicate with network controllers and devices using HTTP.

REST Principles

Client-Server: Separation of concerns
Stateless: Each request contains all needed information
Cacheable: Responses can be cached
Uniform Interface: Standardized methods (GET, POST, etc.)
Layered System: Client doesn't know if connected directly to server

HTTP Methods (CRUD Operations)

HTTP Method	CRUD	Action	Example
GET	Read	Retrieve data	Get list of VLANs
POST	Create	Create new resource	Create new VLAN
PUT	Update (Replace)	Replace entire resource	Replace VLAN config
PATCH	Update (Modify)	Partial update	Change VLAN name only
DELETE	Delete	Remove resource	Delete a VLAN

HTTP Response Codes

Code Range	Category	Common Codes
2xx	Success	200 OK, 201 Created, 204 No Content
3xx	Redirection	301 Moved, 304 Not Modified
4xx	Client Error	400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found
5xx	Server Error	500 Internal Error, 503 Service Unavailable

REST API Example

# GET request to retrieve interface information GET https://192.168.1.1/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces Authorization: Basic YWRtaW46cGFzc3dvcmQ= Accept: application/yang-data+json # Response (200 OK) { "Cisco-IOS-XE-interfaces-oper:interfaces": { "interface": [ { "name": "GigabitEthernet1", "interface-type": "iana-iftype-ethernet-csmacd", "admin-status": "if-state-up", "oper-status": "if-oper-state-ready" } ] } }

RESTCONF vs NETCONF

Feature	RESTCONF	NETCONF
Transport	HTTP/HTTPS	SSH (TCP 830)
Data Format	JSON or XML	XML only
Operations	HTTP methods (GET, POST, etc.)	RPC operations
Data Model	YANG	YANG
Ease of Use	Simpler, more accessible	More complex, more powerful

YANG: Yet Another Next Generation - a data modeling language used to describe the configuration and state data of network devices. Both NETCONF and RESTCONF use YANG models.

4. JSON Data Format

JSON (JavaScript Object Notation) is a lightweight, human-readable data format widely used in APIs for data exchange.

JSON Syntax Rules

Data is in name/value pairs
Data is separated by commas
Curly braces {} hold objects
Square brackets [] hold arrays
Strings must use double quotes

JSON Data Types

{ "string": "Hello World", "number": 42, "float": 3.14, "boolean": true, "null_value": null, "array": ["item1", "item2", "item3"], "object": { "nested_key": "nested_value" } }

Network Device JSON Example

{ "device": { "hostname": "switch01", "ip_address": "192.168.1.10", "model": "Catalyst 9300", "interfaces": [ { "name": "GigabitEthernet1/0/1", "status": "up", "vlan": 10, "speed": "1000Mbps" }, { "name": "GigabitEthernet1/0/2", "status": "down", "vlan": 20, "speed": "auto" } ], "vlans": [1, 10, 20, 30], "management_enabled": true } }

JSON vs XML vs YAML

Feature	JSON	XML	YAML
Readability	Good	Verbose	Excellent
Comments	No	Yes	Yes
Data Types	Native	All strings	Native
API Use	Very common	Legacy systems	Configuration files
File Extension	.json	.xml	.yml, .yaml

Be able to read JSON and identify data types. Know that objects use {} and arrays use []. Strings always have double quotes in JSON.

5. Configuration Management Tools

Configuration management tools automate the deployment and management of device configurations at scale, ensuring consistency and reducing human error.

Tool Comparison

Feature	Ansible	Puppet	Chef
Architecture	Agentless	Agent-based	Agent-based
Language	YAML (Playbooks)	Puppet DSL	Ruby
Communication	SSH/WinRM	HTTPS (agent pulls)	HTTPS (agent pulls)
Learning Curve	Lower	Medium	Higher
Push/Pull	Push	Pull	Pull

Ansible Overview

Ansible Key Concepts:

Playbook: YAML file containing automation tasks
Inventory: List of managed devices
Module: Reusable units of code (ios_config, ios_command)
Task: Single action to perform
Role: Collection of playbooks, templates, variables

Ansible Playbook Example

# configure_vlans.yml --- - name: Configure VLANs on switches hosts: switches gather_facts: no tasks: - name: Create VLAN 10 cisco.ios.ios_vlans: config: - vlan_id: 10 name: Sales state: active - vlan_id: 20 name: Engineering state: active state: merged - name: Save configuration cisco.ios.ios_command: commands: - write memory

Ansible Inventory Example

# inventory.yml --- all: children: switches: hosts: switch1: ansible_host: 192.168.1.10 switch2: ansible_host: 192.168.1.11 vars: ansible_network_os: cisco.ios.ios ansible_user: admin ansible_password: SecretPass ansible_connection: network_cli

Puppet Overview

# Puppet manifest example node 'switch1.example.com' { cisco_vlan { '10': ensure => present, vlan_name => 'Sales', state => 'active', } cisco_interface { 'GigabitEthernet1/0/1': ensure => present, switchport => true, access_vlan => 10, } }

Configuration Management Benefits

Consistency: Same configuration across devices
Version Control: Track changes with Git
Idempotent: Same result no matter how many times run
Scalability: Manage thousands of devices
Documentation: Code IS the documentation

6. Cisco DNA Center

Cisco DNA (Digital Network Architecture) Center is Cisco's enterprise SDN controller for campus networks, providing centralized management, automation, and assurance.

DNA Center Functions

Function	Description
Design	Network hierarchy, settings, image management
Policy	Group-based access control, application policies
Provision	Device onboarding, templates, plug-and-play
Assurance	Network health monitoring, AI/ML analytics
Platform	APIs, integrations, developer tools

Intent-Based Networking (IBN)

Intent-Based Networking: Express business intent (e.g., "Marketing can't access Finance data") and the controller translates this into network configuration automatically. DNA Center implements IBN principles.

DNA Center APIs

# Authenticate and get token POST https://dnacenter.example.com/dna/system/api/v1/auth/token Authorization: Basic base64(username:password) # Response { "Token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." } # Get network devices GET https://dnacenter.example.com/dna/intent/api/v1/network-device X-Auth-Token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

DNA Center uses REST APIs with token-based authentication. The base path for Intent APIs is /dna/intent/api/. Know that DNA Center provides network assurance through AI/ML analytics.

7. Python for Network Automation

Python is the most popular programming language for network automation due to its simplicity, extensive libraries, and strong community support.

Essential Python Libraries

Library	Purpose
Netmiko	SSH connections to network devices
Paramiko	Low-level SSH library
NAPALM	Multi-vendor network automation
Requests	HTTP/REST API interactions
Nornir	Automation framework
pyATS/Genie	Cisco testing and parsing

Python REST API Example

import requests import json # DNA Center authentication base_url = "https://dnacenter.example.com" auth_url = f"{base_url}/dna/system/api/v1/auth/token" # Get authentication token response = requests.post( auth_url, auth=("admin", "password"), verify=False ) token = response.json()["Token"] # Get network devices headers = { "X-Auth-Token": token, "Content-Type": "application/json" } devices_url = f"{base_url}/dna/intent/api/v1/network-device" response = requests.get(devices_url, headers=headers, verify=False) # Print device information devices = response.json()["response"] for device in devices: print(f"Hostname: {device['hostname']}, IP: {device['managementIpAddress']}")

Netmiko Example

from netmiko import ConnectHandler # Device information device = { "device_type": "cisco_ios", "host": "192.168.1.10", "username": "admin", "password": "password", } # Connect and send commands with ConnectHandler(**device) as conn: # Show command output = conn.send_command("show ip interface brief") print(output) # Configuration commands config_commands = [ "interface Loopback100", "ip address 10.100.100.1 255.255.255.0", "description Created by Python" ] conn.send_config_set(config_commands) conn.save_config()

For CCNA, you don't need to write Python code, but you should understand basic concepts and be able to read simple scripts.

8. Key Automation Concepts

Infrastructure as Code (IaC)

Infrastructure as Code: Managing and provisioning infrastructure through machine-readable definition files rather than manual processes. Benefits include version control, consistency, and repeatability.

CI/CD for Network

CI/CD Pipeline for Network Changes: [Code Change] → [Git Commit] → [Automated Tests] → [Review] → [Deploy] | | | | | v v v v v Engineer Version Syntax, Approval Push to modifies control simulation, process production config history validation network

Version Control with Git

Concept	Description
Repository	Storage for code and history
Commit	Snapshot of changes with message
Branch	Independent line of development
Merge	Combine branches together
Pull Request	Request to merge with review

Automation Terminology

Term	Definition
Idempotent	Same result regardless of how many times executed
Declarative	Specify desired state, not steps to get there
Imperative	Specify exact steps to execute
Orchestration	Coordinating multiple automated tasks
Abstraction	Hiding complexity behind simpler interface

Automation Key Takeaways

SDN separates control plane from data plane
Controllers use northbound (apps) and southbound (devices) APIs
REST APIs use HTTP methods: GET, POST, PUT, PATCH, DELETE
JSON is the primary data format for network APIs
Ansible is agentless, uses YAML playbooks, connects via SSH
DNA Center is Cisco's intent-based networking controller
Infrastructure as Code enables version control for networks

Focus on understanding concepts rather than memorizing code. Know the difference between REST and NETCONF, understand JSON format, and be familiar with Ansible's agentless architecture versus Puppet/Chef's agent-based approach.