10. 5.4 Implement Python Script to Configure SDWAN with API Part 02
All right, so let’s continue. Our agenda here is to check the attach and detach and moreover we are looking for the configuration option that with help of Python program, how we can push some configuration or how we can edit the configurations. Now, what I have done that I logged in into defnet app and this is the lab setup. So once you go to the URL that is given there and once you book the lab, this lab setup is like this. So here you can see that we manage IP is 1010 20 and then the username and password is admin and admin. So let me show that what I have done, I can set the environment variable. So here you can see the IP, then username and password. So once I have set this environment variable, then again I can go and test the new SDWAN fabric that we have. Again we can go and check the Python and then SDWAN and obviously always we can go and do for help. Then you want to see the device list that we have seen earlier with other SDWAN fabric.
So here you can see that device lists are different that we want to play around. Then if you want to check the template list, you can go and check the template list as well. I suppose if you want to check the attached device so we can go and check the attached device and if any other help function is there, so we can go and check with the help. So what attach device will do that they will go and tell you the templates that it attached with that you can see this program that we are using, attach device should be like this. So let me go and do that and we can use a help here. So you can see that what is there after that. So it is telling that you can use the attached device, then the template and then the template name. So it will tell you details about that template, correct? So at the moment what I can do, I can go and check the template list first, then I can go to the attach device and then we have this template option. So let me put here and then say for example DCBH template with this CSR so I can go and give the template ID enter.
So now you’re getting the detail about this particular template correct. So you can see we can check the device, the number of devices, then we can go and check the templates and then each particular device having which template and the attributes related to templates. For example, this DC device IP, the site ID, et cetera. So those detailed information we are getting now what I want here is that I want to see the template, the details about site three VH template, the program will run and it will tell that what’s the device IP because we’re going to do some sort of edit with this particular device. All right? So what I want here is that I want to do certain changes in this particular device. Again, we have option that we can go and utilize.
So for example, let me quickly log in to the we manage and the we manage IP is and then I can give the password notice I am inside we manage, I can go and go to the shell typing VShell and I want to SSH to this IP and let’s go inside that. Because if you want to check the details about this particular device so you can go inside this device and you can check the details okay, I’m not having the password for this particular device then we can always use this net conf as well. So let me use this net conf. All right so here you can see that from the we manage I’m unable to log into this device. The other option that I have is that I can go to the dashboard and from the dashboard I can go and check the various component even I can go and check the running configuration of this particular device. So no problem. What we want that we want to change certain attributes, certain variables related to this particular device.
So let me come back to my automation tool and if you go and check the SDWAN help first if I go and show you this attachment so we have two more templates or two more functions to be more precise. One is attach, one is detach. So first of all I want to attach something. Let me show you the attach how it is working. So when you use attach you can see you can set different things here, correct? So you can attach template ID, target ID host name, et cetera long list is there again, you can go and refer the program as well if you want only these two things or maybe these four things. So you can go and edit inside the program as well.
Okay? So as per the topology and as per the diagram we have certain things to change and for that here you can see obviously I’ll go and verify the template first of all with site three. So let’s check the template with site three first we’ll go to the template list and here you can see this template is this and let’s go back to the program. It should be f four to f exactly the same. So what we can do, we can go and use this command to attach this particular file. And before attaching this file, I just wanted to show you that this time we are using the YAML function.
And here if you go and check this particular program so here it is telling that use this. So actually there are two versions of program. If you go and check the latest version you’ll find that it is telling you to use the YAML. Okay, so here if I go and here you can see that I have this YAML. And these are the contents here inside the YAML. This system IP is the correct one. The device. ID. I should check the Device ID as well before doing anything. So I can go and check the device list. Because inside device list you will get the device ID. So do you have the same Device ID? Yes, the device ID is same. So we can go ahead and attach this program. Because I have the YAML file and I have all these information.
So I can go here, I can go to my program and I can use this string. Let’s go back here and because I am running Python Three, so I should use Python Three, let’s attach now what error it is saying there is no such option called Variables. Okay, so here you can see that if you are running a little bit older program, this will throw this type of error. So what we can do that. I can go and clone this particular program in some new folders. So let me do like this. I can make a directory called St and I can say Steven New and then I can go to Van New. Once I’m there, then I can clone that new program. This is the older one that we are running, but older one is also giving you the output. So let me clone the new one. So here you can see the URL and here you can see the Commit, two months old. This is actually the newer code. I can go inside this and let me clone this. Because of the fact I’m connected with the VPN, it is not allowing me to clone it. So let me disconnect my VPN first.
All right, so I have disconnected my VPN. Let me try this one more time. Now you can see that it is allowing me to clone it. And now I can go to the new program. And if I go here now you can see that we have this file here and this is some updated program. So the variable and all those things will work. Let me quickly reconnect my VPN. So I have connected back my VPN and let’s run the program called Device List. First it should give us the list of the devices and then we’ll go and check the other. Now when I’m running this program here, you can see the variable is set with 198. That’s not the correct IP. So let’s see here. Let’s set the variable one more time. We know that we have the variable that we have set earlier and the thing that you need to set it, either we can create one script to set that those options are there, we can create the script and set as well. Or every time you have to go and do like this. Obviously, if you have multiple fabric, then you can go and do it. So let me go and quickly put the URL, the IP, the username and the password. So IP is 1010 2019 username and password this, then I can go and run the device list one more time. So this time they should be working because now we have given the correct variable and then our VPN is also connected. Great. So I have set the environment variable and set the port number as well. If you go to the link here, you’ll get this information as well. And here you can see that is related to the sandbox we are running.
Before doing all these steps, you please follow the steps that is there. All right, so we have checked the device list earlier with the other program and we want to check the device list here as well. So check that device list, you’ll get the information and we can simply go and check the rest of the things. So we have checked the device list, we have checked the template, and what I want here is to attach. So here you can see this is the function that we want to use and this is the exact same thing. So let’s go and copy this. I can go and copy this. I can go back here. I can use my Python three SDWAN copy and enter. So now you can see that it’s attempting to attach the template. It is trying to do the configuration as per the YAML file that we have seen and we’ll wait for the result. So here you can see this attached device with the template is successful. Now if you want to verify it, obviously you can go and check the template list and it is receiving the information about the template list. So here it is. And here it is, the template. Great.
So you can see that how you can go and edit, because in this YAML file, if you want to edit certain variables, you can edit it and then you can paste it. So this is how you can attach. Suppose if you want to check the detach. So let’s do that as well. I can go and reach here, I can go and check the detach. And it’s actually very easy and straightforward. You have to give the target ID and the system IP. So we can go to the detach. Here it is telling give the target, give the target ID. Target ID you will get with the device list. So when we have the device list information, I can go here and check that this is the device ID. Then I can go and give the system IP. System IP is this one.
I can go and give that. So now the detach function is in progress. It is attempting to detach the template. If everything is correct, it will detach the template. Then we’ll go check the device list. You’ll find that this is in the CLI mode. Okay, so from we manage it will come to the CLI mode. All right? And here you can see that detach is completed if I go and check the device list and then you can see the difference. So in the device list, this is the guy, this is the device ID. And if I go and quickly show you the template so let me show you this template list as well, we will see that this device is not attached by any template rather than zero, because it is converted to the CRM, right? So you can use these methods even if you want. You can edit your program variables and even we can run this in the production environment as well.
11. 5.5 vManage Monitoring API
Now we reach to section five five, where we have to learn about the SDWAN. We manage monitoring APIs. That includes real time API. There is long list of monitoring and real time APIs. And then we need to construct these APIs. So I’ll show you how you can construct this in the Python format. But we have options and that we can use the HTML code as well that we have seen earlier. So let me go to the vanage dashboard and the API dock. So here you can see, you can go to the API doc and once you’re inside the API dock, you can search with monitoring. Now, once you’re searching with monitoring, you can see that monitoring, quality of service, alarms, application router stats, DPI, C flow interfaces, information means each and everything that you can monitor. Once you have the monitoring API, after that you have real time encounters, real time monitoring APIs. Say for example with respect to ARP, BFT, BGP, bridge, cellular device, THCP, et cetera, correct? So all these APIs you need to construct. And then obviously the question here is that whatever is usable in my case. So suppose DPI, deep packet inspection inside DPI. Again, you can see that you have six to seven different APIs that you can utilize. So what you are going to use, that’s important or you can take a summary of these APIs, maybe three API you can build inside one call, one process.
So what does it mean? Let me quickly show you my program here. So I have my program and you can see some errors as well. That I just wanted to show you that if you get the error, how we can improve that error. So if I go inside my program, I have my program and that program is in autoestivan. If I go inside that and if I type help here, you can see that we have this long list. Actually, I have constructed all these APIs, taking help of the API in the back. So how it will be once I am inside here, you can see that we have these APIs. The top format I have shown you, for example, if I go inside any of them except the device list for example, is OMP. Now, what you can do that, you can go and check the OMP pier, then you can go and check the OMP routes. Advertisement then you can go, even if you can integrate normal net miko Python program as well. So there may be a chance that you are using the API, but there’s still certain CLA commands you want to embed inside the Python programming. So you can go and embed those programs as well. Now, the program that you are seeing here, that is with respect to iOS XE, and suppose if I want to run this over the iOS Cisco iOS, unless the VIP tailor operating system is a bit different. So I want to run there because this is the V edge I want to test. And this code is related to CSO. What I will do here, let’s check over the ch only. Because VH versus ch, you know that in VH you have to type show MP service.
But in Cisco Edge ch you have to use show SDWAN than OMP services. So extra keyword you have to use that’s the SDWAN thing. What I’ll do here that I’ll give the IP as a C edge device, but you can construct for V edge as well. What is the IP for ch in one of the brands. So that will be maybe 10 four or five. So I’ll use five here and then I can go and copy. And this is the OMP related program. Now I can go back to my main automation tool, I can go and remove and then I can go and create the new one. I can paste it. CTRL o enter CTRL X. And then I want to check the help function first, then I want to check the OMP correct. And I’ll come to monitoring and other stuff as well. But I’m just showing that how we can construct is how we can embed the API calls. So that’s the beauty of Python we have that we have embedded the API. And plus you can see this CLI thing is also coming. So my device is logging into that device with help of CLI.
And here you can see this API that I have built that is related to or that is in terms of DC one, VH one. But the CLI command that you are seeing, that is one of the branch, branch one, ch one or maybe CS two that we can check here from the system. This is the branch one, ch two, and this is DC one vs one. So point here is this, that you can mix the things in your troubleshooting code, in your monitoring code even you can mix different type of devices. But obviously you should know that what are the things you are mixing. I’ll come back and explain you all these output, but let’s move and let’s stick with the monitoring stuff. So what I want to monitor, I want to monitor real time, I want to monitor the normal monitoring. So two monitors are there, but the real time monitoring is actually very beneficial. And we should focus on real time monitoring because all the time we are checking or we are doing the real time type of troubleshooting, means if you do the real time monitoring, you know that at this point of time what is happening and then you can troubleshoot. According to that, when you are doing the troubleshooting, what are the parameters you are checking? Obviously, first of all, you want to check the device info. So for that you can go and check the device list. So let’s stick with the basics. So I want to check the device info, then I want to check the interface of that particular device. Then I want to check the reboot, the security, the software, the system, those stuff.
So at least these things you will check after that, what you will check after that you should go and check the BFT, the control connection, et cetera et cetera. Correct? So in this section let’s focus on step by step thing, at least three things. We’ll check the device list. Here you can see that what devices I have and what is the status of that devices that we have seen earlier as well in the previous section. So I’ll move on. So now we know that we can check the device list. At this point of time I am focused on DC one VH one. So for DC one VH one I can go and check the interface info as well. So let’s go and check the interface info. Now here you will get the interface related stuff. So first of all DC one VH one, how many interfaces it has, how many VPN. Say this is the key, the system IP, then zero is the VPN, then zero slash one is the interface and then the protocol, this protocol is just the address family. So then you can see that you have 0102 system three and then you have VPN zero, VPN 1020 and management VPN correct, greatest stuff. So we have all the information that this device, this is very much similar to show IP interface brief. Then what you want to check is the RX packet, the RX error, the TX packet, the TX error MTU and speed.
Now here you can see that if you have error, so error counter is zero, the TX and ex errors are zero zero. So that means I don’t have interface related issues or errors. So once I’m very much happy with the device status, once I’m good with the interface status, then I want to check the miscellaneous thing like reboot security software and other stuff. So for that what I can do here that I can go and use this particular program or script. Now what this will do, this will tell you the important stuff related to that particular device. So you can see that rebooted this device has been rebooted at this time, this time, this time now initiated by user activated this code. So complete history you are getting, this is the reboot history. Correct. Then if I scroll down, you are seeing that IPsec authentication parameters. So HMAC retainable deeply menu. So that is also good. Then you can see that the software information for this device is running 21 one. That is true, that is set correct. Now then it tried to log into this device and then it has error. Why? Because we are not logging into the CLI of this. So let me go back and correct the code for the reboot and the security option. So here we can go and check this and let’s see, that where we have that program. So from here it is starting. So first APIs are well and good. It is working good. Then I have given some CLI commands as well. What is that CLI command? Show Sdvan system status. If you want to run this command, your command should be Show system status. And this is not the iOS XC, but we can make this as a Cisco iOS.
At this point of time again, I can go back to my program, I can remove the older one and then I can create the new program. I will place this, we can save this, come out and then run this program as well. One more time. Now, here you can see that when we are running these API calls, they are lightning fast, correct? The moment you click, you will get that information. Now, when it is trying to contacting via the CLI, you can see that there is some speed issue. Because see, when you are logging via the CLI what is happening that first of all, this program will try to connect try to SSH to that device. Then it will write that code. Once you write that code again, that code will go behind the scene to that particular device and then it will get the information. Now it is not able to SSH. We have the SSH issue. So what I will do here that I will go and give the SSH the management IP.
So I can go and give I know that Management IP is this. Even I can go and edit my single line of code inside this program as well. But because I’m doing in this manner, let’s do like this, save it, come outside and run this program one more time. I want system information. And that CLI command is show system status. Correct? So let’s wait. Here you can see this, try to log into that device. And here it is. We have the output. So here you can see that CPU uses the memory uses, the disk uses because this output is good output. And that’s why I added this particular command in my command built or in my command list. Likewise, you can see that you can go log into the device, check the device’s status, go check the interface status. Then with single API call, you can check the reboot history, you can the security info, you can check the software version, you can check the system info like CPU, memory, disk usage and others. Correct? So, how healthy and how good these programs are while we are doing the monitoring and while we are trying to reaching closely or try to reach closely to the troubleshooting option as well.
12. 5.6 vManage troubleshooting API
All right, so we reach to the last section of this particular section. I can say that subsection of this particular section five six double shoot Cisco SDWAN deployment using we manage API. Now, already I have the course just for troubleshooting in the SDWAN that is available in this platform. You can have a look. Now, the question here is that how useful this troubleshooting APIs are with the API, can we do the troubleshooting? The answer is yes, we can do the troubleshooting. Let me go to the we manage and if you are here and if you go and check the troubleshooting options that we have. So what are the troubleshooting options you have troubleshooting dashboard, device group software package, device software update, software action. But important point here is this that while you are doing the troubleshooting, that should be phased, that should be a step by step. So it is not necessary that you are using the troubleshooting API to do the troubleshooting. Rather than even you can use the real time monitoring application, or you can embed the CLI code inside your Python program to run the troubleshooting scripts as well, correct? So suppose obviously we don’t want to run debugs and all those things inside the API, because that should be under some circumstances. Meaning, suppose if you have the tags open, or if you have the maintenance window or some downtime, et cetera, et cetera, then you want to run the recursive or the regressive and all, correct?
So here at least you can do the baseline troubleshooting. You can do maybe phase one, phase two type of troubleshooting. But again, if you don’t want to go deep inside the packet captures and all better, we can go and use these things from the V manage dashboard where we have the troubleshooting option, we can take the captures, we can run certain commands from the vanished dashboard as well, correct? So do follow that video that I have complete course I have that where you will find the troubleshooting is given, plus you’ll find some interview questions as well. Great. So let’s move on. Now, when we are talking about troubleshooting, what you want to troubleshoot in the last section we have seen about the device monitoring, where I have covered the stuffs related to device list, the info and the rebuilt, correct? Now after that, suppose if you have any issue related to OSPF. Obviously you will directly go inside the OSPF and you will do the troubleshooting if you have any issue related to any other protocol suppose if you have an issue related to OMP some errors you are getting. Maybe some bug is also after troubleshooting find that is hitting some sort of bug. Maybe some security policy due to that package are getting dropped. Or maybe some of the policies are not configured properly. So there are n number of use cases as well for the troubleshooting.
Now, how we can do troubleshooting from here, I will show you some of the examples. But again you can add n number of APIs, n number of CLI commands from the Python script you can run and you can execute that command remotely to the devices. So if you have any issue related to it set tunnel, obviously your BFT will go down. You can go and verify with the BFT. Now, if I go and run the BFT command here, so here you can see that we are running the BFT API integration with Python and what are the inputs we are getting. So let me show you. And here you can give a nice description on the top that this is the device. BFT max session is four flap zero time. BFD session is up. Total BFT session four Paul interval and the host name. Likewise you can see the tunnel source, tunnel destination, the color, the TX packet, the device name, site ID and the state.
This is the alarming one. So if the state is down, that means this particular tunnel and what’s the source, what’s the destination? You can check. So here you can see that the site ID is 300 and we should just specify that the site ID is local or remote. So at the moment I am inside the one, I am doing all the testing with DC one VH one and if it is forming the site ID with this particular, if this is the destination site ID and this tunnel is down, here you can see the counters are down with these tunnels. So we can clearly mark that with this particular source and destination this is down. So from this API we can easily understand and then we can further troubleshoot. That is the ISP issue, is the link issue, the local issue or in between some transit failure, et cetera. All right, then again you can see the other BFD session output. So here you can see that which BFD sessions are up. So you can see the source and destination, source and destination. You can see the device name, site ID, the uptime protocol. These are up. Then you have the summary of BFD. So I have Vs control connection, expected connection, Ompp, et cetera, et cetera. It’s quite handy that we have actually four different or maybe five different commands embedded inside same command. And then we have
this API which is giving the result. So we can see that few of the BFTS are down. Next we can go and check the control connection as well, correct? So I can go and check the OMP sessions as well. Because whenever we are talking about control connection that is related to your DTLs connection, the VA Smart V manage connection. So all states are up, you can see your device is installed up. But here we are seeing some issue and this issue that you are seeing observing here, let me show you that if I go inside the control, my IP is not correct. So I should correct the IP and let me go next. Actually I want to go inside the control. Here you can see the IP. I just want to put this now this is okay but because since this is the Vs device so we should use show MP services, show OMP Summary and then here you can see I have given only two commands but it is true for a number of good commands.
So someone can create the script, they can give the meaningful CLI commands. At least those commands are in. Most of the time they are in use and then your script will be very useful globally to that particular organization. So let me remove this and let me go and add that script one more time. And let’s run this so I can go and run this control. Now here you can see the control connection output then the summary output and here we can give a nice description as well. Means whatever output we are getting why this output is what we are going to get from this output. Correct. Now you can see that just try to establish the connection and still okay so again you can see that issue here that I haven’t changed this image so it should be IOSA Cisco underscore iOS the rest of the things are okay and let’s go back and add this one more time so I can stop that session. I can go to the cell and let’s do the nano add that since it is not copied, let me go and copy this and let’s add it back. Alright, seems some issue adding this so I can exit and I can go here. Okay so add it back. Let’s go out and obviously because I have changed the name so I should go ahead and use one.
So now it is running again. You can see the API is quite faster than the CLI command but CLA command is also true because we have some nice CLI commands. So we can’t ignore those CLI commands, display the starts about the VA router, the VA smart controllers, instant VDM and process handling some issues there. Let’s see in detail why it is showing there all the time. Because we have seen that one of the command was ran perfectly, that was the b of and we are using Cisco iOS. The username and the password is correct. This should also run correct. So you have this Cisco iOS then the username and the password show MP services, show MP Summary. So you can see that we are getting the repetitive error and if I go inside the program here you can see the program I need to correct. So then let me go. Will log into this Cisco iOS whose IP is 300 that is nothing but DC one VH one and once we are inside this, we should not use this keyword SD one. But if we have the iOS XE then you can use this keyword called SD one. Again you can see that the benefit of API because API is true with ch and is just true with VH. So irrespective of what device we have, what nature of device we have, the API is true for that. But here you have to do the necessary changes and modification.
Now let’s go back and run this program. We want to get the information related to control connection. You can see that two of the APIs. But the important point here is that few of the CLI commands are good and we can follow those CLI commands. So first of all, what it is doing, the control statistics output, then the control summary. So now we are getting the information about the control summary. It’s a bit slow because it’s a CLI. And then the valid VH. So here you can see the valid VH and then it will go and give you the valid vs smart or VBOT or whatever we want we can go and put all those information and we can get the output. So here you can see that how helpful this is. So you have checked the BFT, you have checked the control connection. Likewise my favorite one is the IPsec. So I can go and check the IPsec inbound outbound connection and all IPsec related command. So here you can see the API is how fast is this? And the moment I click enter you are seeing the output. So what is the ten LM to you? What is the authentication key? The encryption key authentication use SPI. The encryption has the Tcpms. See all the information you are getting in one screen.
Now you can copy and paste this screen and you can use this information for further troubleshooting. So that’s the power we have with the API. So we have checked the BFT, we have checked the control device fifth table. Simply it will give you the fifth table. We have checked the interface, we have checked the IPsec, we haven’t checked the IP table. That is simply the IP route information IPsec. We have checked the OMP. If you have OMP advertisers you can go and run this. If you have OSPF related stuff you can run this. Then reboot tlock. So most of the things we have checked, but suppose if you are doing the table shooting related to application. So in that case you should go and check your app route states. Here you will see very robust output related to abroad, what’s the local color, what’s the remote color, the remote system IP, the source IP destination IP, the loss latency jitter loss average, latency average TXRX total packet. So you can see that the colors and you can see the source and destination IP. And then according to that you can check the counters where these counters have moved. Because according to that you can figure out that the loss or latency or Jitter correct. So I have built these many APIs integrated with python. But you are free. You can go and add more and more usable APIs inside the python to do the real time monitoring plus to do the troubleshooting as well.
