Admittedly, I am sick. That is at least what most people would say, if I told them that last night I was having fun programming in Python in order to automate a VXLAN environment using an EVPN control plane. Whaaaat???
In my opinion, VXLAN fabrics with EVPN are really cool. Lots of benefits over traditional designs: scalable, IP-only backbone, standards-based, with optimal forwarding (routing in the ToR switch), and I am probably forgetting some.
One issue though is that the configuration gets more complex. Creating tenants and networks gets more complex as your grandpa’s VLANs and SVIs with Spanning Tree.
A colleague of mine asked me this week whether I had any Python script to help alleviate this configuration complexity, and so I started with it. The first Python script became pretty fast a Python module, and in order to test all that I did a quick shell based on the cmd2 module. Which is quite cool by the way.
The secret sauce here is the API of Cisco Nexus switches (aka NXAPI), and how to leverage it with Python. For this last point I used the Python library here: https://github.com/datacenter/nexus9000/tree/master/nx-os/python/remote_client, or from here, with a .tgz file you just need to unpack: https://developer.cisco.com/fileMedia/download/0eb10f7e-b1ee-432a-9bef-680cb3ced417. In my test I have Nexus 9000, I understand the Python functions would work slightly differently with other Nexus, testing N7Ks or N5Ks would be a logical next step here.
So at the end a shell with commands to create networks and tenants across multiple switches emerged. And equally important, to remove the config when it is not required any more. I recorded a demo in this video, so that you can see the shell in action without having to install it:
Another Cisco colleague told me once that he doesn’t read any blog that doesn’t include code, so here you are: I have uploaded all functions in a single module in Github: https://github.com/erjosito/evpn_shell.
WARNING: I wouldn’t recommend anybody to use this thing in a production network, this is more of a concept validation. A lot of stuff should be improved before calling this shell “production-ready” (for example, encrypting the passwords). But this gives you an idea of what is possible with scripting and Cisco Nexus REST APIs.