Network Automation & Programmability
APIs, Configuration Management, and Infrastructure as Code
CCNA 200-301 Objectives: 6.1-6.7
Network automation fundamentals and tools
REST APIs, JSON/XML, Configuration Management
Slide 1 of 20
Hexworth Prime
Why Network Automation?
Traditional manual network configuration faces serious challenges at scale:
Problems with Manual Configuration
- Human Error: Typos, forgotten commands, inconsistent configs
- Doesn't Scale: Configuring 1,000 switches manually is impossible
- Slow Deployment: Rolling out changes takes days or weeks
- Inconsistency: Each device might be slightly different
- No Version Control: Hard to track who changed what and when
Benefits of Automation
- Consistency: Same config deployed every time
- Speed: Deploy to 1,000 devices in minutes
- Reliability: Eliminate human typing errors
- Auditability: Track all changes in version control
- Scalability: Manage massive networks efficiently
Slide 2 of 20
Hexworth Prime
REST APIs (Representational State Transfer)
REST APIs allow programs to interact with network devices using standard HTTP methods.
What is REST? A software architecture style that uses standard HTTP methods to perform operations on resources (network devices, configurations, etc.)
Key Characteristics of REST
- Stateless: Each request contains all information needed (no session)
- Client-Server: Separation between client (your script) and server (device)
- Uses HTTP/HTTPS: Standard web protocols
- Resource-Based: Everything is a resource with a unique URI
- Returns Data: Usually JSON or XML format
Example URI:
https://router.example.com/api/v1/interfaces/GigabitEthernet0/1
Slide 3 of 20
Hexworth Prime
HTTP Methods - CRUD Operations
REST uses standard HTTP methods to perform Create, Read, Update, Delete (CRUD) operations:
GET (Read)
Retrieve information
Example: Get interface status
Safe, no changes made
POST (Create)
Create new resource
Example: Add new VLAN
Creates something new
PUT (Update)
Update existing resource
Example: Change IP address
Modifies existing config
DELETE (Delete)
Remove resource
Example: Remove ACL entry
Destructive operation
Important: GET requests should NEVER change anything on the device. PUT, POST, and DELETE modify the configuration.
Slide 4 of 20
Hexworth Prime
HTTP Status Codes
REST APIs return status codes to indicate success or failure:
| Code |
Meaning |
When You See It |
| 200 OK |
Success |
GET request successful, data returned |
| 201 Created |
Resource created |
POST request successful, new resource made |
| 400 Bad Request |
Invalid syntax |
Your JSON/XML is malformed or invalid |
| 401 Unauthorized |
Authentication failed |
Wrong username/password or missing token |
| 404 Not Found |
Resource doesn't exist |
URI incorrect or resource deleted |
| 500 Internal Server Error |
Server error |
Problem on the device/API server |
Rule of Thumb: 2xx = Success, 4xx = Your mistake, 5xx = Server's mistake
Slide 5 of 20
Hexworth Prime
Data Formats: JSON vs XML
REST APIs typically return data in JSON or XML format. Both represent structured data, but JSON is more popular.
JSON (JavaScript Object Notation)
{
"interface": "GigabitEthernet0/1",
"ip_address": "10.1.1.1",
"subnet_mask": "255.255.255.0",
"status": "up"
}
- Lightweight and easy to read
- Native to JavaScript
- Faster to parse
- More popular in modern APIs
XML (eXtensible Markup Language)
<interface>
<name>GigabitEthernet0/1</name>
<ip_address>10.1.1.1</ip_address>
<subnet_mask>255.255.255.0</subnet_mask>
<status>up</status>
</interface>
- More verbose (tags required)
- Supports attributes and namespaces
- Better for complex hierarchies
- Used by NETCONF
Slide 6 of 20
Hexworth Prime
JSON Syntax Essentials
Understanding JSON structure is critical for working with REST APIs:
Objects: Wrapped in curly braces { }
{ "key": "value" }
Arrays: Wrapped in square brackets [ ]
[ "item1", "item2", "item3" ]
Key-Value Pairs: "key": "value" format
Keys must be strings in double quotes
Data Types: Strings ("text"), Numbers (123), Booleans (true/false), Null (null)
{
"vlans": [
{
"vlan_id": 10,
"name": "Management",
"enabled": true
},
{
"vlan_id": 20,
"name": "Sales",
"enabled": true
}
]
}
Slide 7 of 20
Hexworth Prime
REST API Example: Getting Interface Status
Let's see a complete REST API interaction:
Request
GET https://router.example.com/api/v1/interfaces/GigabitEthernet0/1
Headers:
Authorization: Bearer abc123token
Accept: application/json
Response (200 OK)
{
"interface": "GigabitEthernet0/1",
"description": "Link to Core Switch",
"ip_address": "10.1.1.1",
"subnet_mask": "255.255.255.0",
"status": "up",
"bandwidth": "1000000",
"duplex": "full"
}
What Happened: We sent a GET request to read interface config. The API returned JSON data with a 200 status code.
Slide 8 of 20
Hexworth Prime
Cisco DNA Center
Cisco's centralized network management and automation platform with extensive REST APIs.
What is DNA Center?
- Software-defined networking (SDN) controller for enterprise
- Centralized management for switches, routers, wireless
- Intent-based networking (IBN) - tell it what you want, not how
- Powerful REST API for automation
DNA Center API Capabilities
- Device inventory and health monitoring
- Configuration deployment and compliance
- Path trace and troubleshooting
- Client health and application visibility
- Template-based configuration
CCNA Focus: You need to understand what DNA Center does and that it provides REST APIs for automation. You won't need to memorize specific API calls.
Slide 9 of 20
Hexworth Prime
Configuration Management Tools
Tools that automate deployment and management of network device configurations:
Push vs Pull: Push = Central server pushes configs. Pull = Devices periodically pull configs from central server.
Slide 10 of 20
Hexworth Prime
Ansible for Network Automation
Ansible is the most popular choice for network automation. Here's why:
Ansible Advantages
- Agentless: No software to install on network devices
- Uses SSH: Leverages existing SSH access
- Simple Syntax: YAML is human-readable
- Idempotent: Running same playbook multiple times = same result
- Extensive Modules: Pre-built modules for Cisco, Juniper, Arista, etc.
Ansible Playbook Example
---
- name: Configure VLANs on switches
hosts: all_switches
tasks:
- name: Create VLAN 10
ios_vlan:
vlan_id: 10
name: Management
state: present
- name: Create VLAN 20
ios_vlan:
vlan_id: 20
name: Sales
state: present
Slide 11 of 20
Hexworth Prime
Infrastructure as Code (IaC)
Treating network infrastructure configuration as software code.
Core Concept: Network configurations are written as code, stored in version control (Git), and deployed automatically.
Benefits of Infrastructure as Code
- Version Control: Track every change with Git (who, what, when, why)
- Reproducibility: Destroy and rebuild entire network from code
- Testing: Test configs in dev environment before production
- Documentation: Code IS the documentation
- Collaboration: Multiple engineers can work on same codebase
- Rollback: Easy to revert to previous working config
Example: Instead of logging into 500 switches to add VLAN 30, you update one Ansible playbook, commit to Git, and run the automation. All 500 switches get identical config.
Slide 12 of 20
Hexworth Prime
Python for Network Automation
Python is the most popular programming language for network automation.
Why Python?
- Easy to learn and read
- Massive library ecosystem
- Netmiko for SSH automation
- Requests for REST APIs
- NAPALM for multi-vendor
- TextFSM for parsing output
Simple Python Example
import requests
url = "https://router/api/v1/interfaces"
headers = {"Authorization": "Bearer token"}
response = requests.get(url, headers=headers)
if response.status_code == 200:
data = response.json()
for intf in data["interfaces"]:
print(f"{intf['name']}: {intf['status']}")
CCNA Note: You don't need to write Python code for the exam, but you should understand that Python is commonly used for REST API interactions and SSH automation.
Slide 13 of 20
Hexworth Prime
RESTCONF
Modern HTTP-based protocol combining REST principles with NETCONF data models.
What is RESTCONF?
- REST API interface to YANG data models
- Uses HTTP/HTTPS instead of SSH
- Returns JSON or XML (client's choice)
- Standard HTTP methods (GET, POST, PUT, DELETE, PATCH)
- Easier to use than NETCONF for web developers
| Feature |
NETCONF |
RESTCONF |
| Transport |
SSH (port 830) |
HTTPS (port 443) |
| Data Format |
XML only |
JSON or XML |
| Data Models |
YANG |
YANG |
| Use Case |
Legacy automation |
Modern web-based automation |
Slide 15 of 20
Hexworth Prime
YANG Data Models
YANG (Yet Another Next Generation) defines the structure of configuration and operational data.
Think of YANG as a blueprint: It defines what data exists, what types it is, and what operations are allowed.
Why YANG Matters
- Vendor-Neutral: Same model works across vendors
- Machine-Readable: APIs know exactly what to expect
- Validates Data: Prevents invalid configurations
- Standardized: IETF and OpenConfig publish common models
Example: A YANG model for interfaces defines that an IP address is a string in dotted-decimal format, a subnet mask is 0-32, and speed is an integer. NETCONF/RESTCONF use this model to validate your API requests.
CCNA Scope: Know that YANG defines data models used by NETCONF and RESTCONF. You don't need to write YANG models.
Slide 16 of 20
Hexworth Prime
Automation Protocol Comparison
| Protocol |
Transport |
Data Format |
Use Case |
| SSH/CLI |
SSH (port 22) |
Text commands |
Manual config, basic scripts |
| SNMP |
UDP 161/162 |
ASN.1 / MIBs |
Monitoring (read-only mostly) |
| NETCONF |
SSH (port 830) |
XML (YANG models) |
Structured config management |
| RESTCONF |
HTTPS (port 443) |
JSON/XML (YANG models) |
Modern API-based automation |
| gRPC |
HTTP/2 |
Protocol Buffers |
High-performance streaming |
Trend: Moving away from CLI/SNMP toward model-driven APIs (NETCONF, RESTCONF, gRPC)
Slide 17 of 20
Hexworth Prime
Typical Automation Workflow
How network automation is implemented in practice:
Define Desired State
Write configuration as code (Ansible playbook, Python script, etc.)
Store in Version Control
Commit code to Git repository for tracking and collaboration
Test in Lab/Dev
Run automation against test environment first
Review and Approve
Peer review changes before production deployment
Deploy to Production
Run automation tool to push configs to devices
Verify and Monitor
Confirm changes applied correctly and monitor for issues
Slide 18 of 20
Hexworth Prime
Network Automation Best Practices
Do This
- Start small - automate simple, repetitive tasks first
- Use version control (Git) for all automation code
- Test in lab environment before production
- Make automation idempotent (safe to run multiple times)
- Document your code and APIs
- Use RESTCONF/NETCONF over CLI scraping when possible
Avoid This
- Automating before understanding the process manually
- No testing - running untested automation in production
- Hard-coding credentials in scripts (use vaults/secrets management)
- No rollback plan if automation fails
- Screen scraping CLI output when APIs are available
Slide 19 of 20
Hexworth Prime
Key Takeaways
REST APIs
- HTTP methods: GET, POST, PUT, DELETE
- Status codes: 200, 201, 400, 401, 404
- Data formats: JSON (popular), XML
- Stateless architecture
Configuration Management
- Ansible: Agentless, SSH, YAML (most popular)
- Puppet: Agent-based, pull model
- Chef: Agent-based, Ruby DSL
- Infrastructure as Code (IaC)
Protocols
- NETCONF: SSH, XML, port 830
- RESTCONF: HTTPS, JSON/XML, port 443
- Both use YANG data models
- Model-driven automation
Exam Tips
- Know HTTP methods and status codes
- Understand JSON syntax basics
- Ansible = agentless, push model
- NETCONF uses YANG models
Automation is the future of networking!
Slide 20 of 20
Hexworth Prime
Puppet
Chef