Editor's note: This is a chapter excerpt from "Programming and Automating Cisco Networks: A Guide to Network Programmability and Automation in the Data Center, Campus, and WAN" by Ryan Tischer and Jason Gooley and published by Cisco Press.
Network programmability is a set of tools to deploy, manage, and troubleshoot a network device. A programmability-enabled network is driven by intelligent software that can deal with a single node or a group of nodes or even or address the network a single unified element. The tool chain uses application programming interfaces or APIs, which serve as the interface to the device or controller. The tool chain also utilizes software that uses the API to gather data or intelligently build configurations.
The term network programmability can have different meanings, depending on perspective. To a network engineer, programmability means interacting with a device or group of devices (driving configurations, troubleshooting, etc.) with a software that sits (logically) above the device. To a developer, network programmability means abstracting the network such that it appears as a single device that can be manipulated with specialized software or within existing software. Both perspectives are correct and drive toward the same goals of using the network to enhance and secure application delivery.
The software component of network programmability can encompass different purposes and either run on the device (on-box) or remotely (off-box). Software built to interact with the network and can address how and/or why the interaction is required. In the case of driving configurations, “How” software addresses the specific device changes when a human determines that configuration is required. “Why” software adds intelligence to automatically react to network or external events, for example, a WAN outage or sudden influx of traffic.
In some cases, the software will be purposely built to interact with the network—for example, day zero deployments or a component of a larger applications, such as Microsoft SharePoint. Figure 1-2 describes the relationship between software, the API, and the network.
Network programmability benefits
Some of the benefits of network programmability include:
- Time and money cost savings
- Reduction of human error
The network is a distributed system, and every new feature required adds configuration complexity and more operational risk. Complexity can lead to increased cost and increased outages. Today a high percentage of the “network down” events are due to misconfiguration (human error). Managing the network programmatically simplifies network management by reducing system variance with automated configurations and streamlined troubleshooting.
For example, Quality of Service (QoS) is a critical business feature that, due to complexity, is not commonly configured and is frequently configured incorrectly. A simple change, such as adding a new application, requires a human to access every network device and make a configuration change. Network programmability can simplify QoS deployment and configuration by using a simple application to quickly deliver consistent and accurate configuration changes. Simplified networking reduces man-hours spent operating the network to time spent innovating with the network.
Network innovation with programmability
Network programmability can transition the network from simple transport to a sourceof innovation. Today the network is a distributed system of single-purpose appliances that, in most cases, has excess resources. Network programmability unlocks these resources to solve business problems and enhance the application experience. The network is the most logical place for innovation because it has holistic application visibility with distributed policy enforcement. This allows the network to consistently check and adjust the user’s application experience. Examples of network innovation include abnormal traffic detection, for example, a deep packet inspection (DPI) tool driving QoS policy, custom integrations to critical mission applications, and automated response to link failure.
Many organizations use redundant WAN links; however, due to cost considerations, the redundant link may only provide enough bandwidth for critical application traffic. Distributed network protocols, for example, OSPF or BGP, are excellent at re-routing traffic in the event of failure, but they generally cannot differentiate between highpriority and low-priority traffic. Network programmability enables automatic and intelligent configuration changes to be also based on business priority. During a failure, a reactive script could change ACLs to block nonpriority traffic from the backup link and even configure policy-based routing to send low-priority traffic over an Internet link, as shown in Figure 1-3.
Network hardware provides a wealth of statistical information that can aid in detecting abnormal traffic or security issues. Data analytic tools can analyze n telemetry from network hardware detect patterns like abnormal flows, for example increased data rate or connections from new countries. If an issue is detected, network programmability can issue an updated QoS configuration to limit data flows or route traffic to a honey pot, as shown in Figure 1-4.
Traditionally, Cisco and other network vendors are the innovators in network software and network protocols. If a network administrator needs new features, they are faced with a long process of selling an idea and hoping the vendor will fund its development. Network programmability enables anyone to innovate by creating or extending software without his or her vendor. Network innovation helps organizations differentiate their products and solve problems using the network. Open NX-OS on Cisco Nexus 9000 enables use of the switch as a platform to run user-provided software/applications.
For more on network programmability, download sample content, including the index and chapter 7.