Migrating From CLI With NX-API Part 1

In this post I will cover interacting with an NX-OS device via NX-API versus traditional CLI. NX-API has been available on the Nexus 9000/6000/3000 for quite some time. But it is now supported on Nexus 7000/5000 series with the release of 7.2.0. For this article I will be using a Nexus 7000 series switch running NX-OS 7.2.0.

Enabling NX-API

First, we need to enable the NX-API feature on our Nexus 7000:

N7K_1(config)# feature nxapi  

After the feature has been enabled, we can open a web browser and enter [http://mgmt-ip] to access our 7K via http:
NX-API

With http access to our Nexus 7K we can post CLI commands and receive responses in a few different message formats:

  • json-rpc
  • json
  • xml
Gathering Data

Let's issue the command "show port-channel summary" and specify the message response to be formatted in JSON:
NX-API_sh_pc_summ

We received the following JSON response:

{
  "ins_api": {
    "type": "cli_show",
    "version": "1.2",
    "sid": "eoc",
    "outputs": {
      "output": {
        "input": "show port-channel summary",
        "msg": "Success",
        "code": "200",
        "body": {
          "TABLE_channel": {
            "ROW_channel": [
              {
                "group": "10",
                "port-channel": "port-channel10",
                "layer": "R",
                "status": "D",
                "type": "Eth",
                "prtcl": "NONE"
              },
              {
                "group": "11",
                "port-channel": "port-channel11",
                "layer": "R",
                "status": "D",
                "type": "Eth",
                "prtcl": "NONE"
              },
              {
                "group": "12",
                "port-channel": "port-channel12",
                "layer": "R",
                "status": "D",
                "type": "Eth",
                "prtcl": "NONE"
              },
            ]
          }
        }
      }
    }
  }
}

The output is now structured very nicely for us in JSON name/value pairs. At first glance, this may look horrible if you're used to using the CLI and seeing the following output:

N7K_1# show port-channel summary  
Flags:  D - Down        P - Up in port-channel (members)  
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports  
      Channel
--------------------------------------------------------------------------------
10    Po10(RD)    Eth      NONE      --  
11    Po11(RD)    Eth      NONE      --  
12    Po12(RD)    Eth      NONE      --  

However, with data provided to us in a format such as JSON, we can cherry pick the data we are interested in seeing. For instance, in the output above we have multiple port-channels with no member ports and we would like to clean the config of unused port-channels. With our data output formatted in JSON we can use a python script to find port-channels with no members and generate a configuration to remove them.

import json

#Encode json output into python string.
json_data = json.dumps({  
  "ins_api": {
    "type": "cli_show",
    "version": "1.2",
    "sid": "eoc",
    "outputs": {
      "output": {
        "input": "show port-channel summary",
        "msg": "Success",
        "code": "200",
        "body": {
          "TABLE_channel": {
            "ROW_channel": [
              {
                "group": "10",
                "port-channel": "port-channel10",
                "layer": "R",
                "status": "D",
                "type": "Eth",
                "prtcl": "NONE"
              },
              {
                "group": "11",
                "port-channel": "port-channel11",
                "layer": "R",
                "status": "D",
                "type": "Eth",
                "prtcl": "NONE"
              },
              {
                "group": "12",
                "port-channel": "port-channel12",
                "layer": "R",
                "status": "D",
                "type": "Eth",
                "prtcl": "NONE"
              },
            ]
          }
        }
      }
    }
  }
})

#Dictionary from json_data string.
int_dict = json.loads(json_data)

#For loop to find port-channels with down status.
for int in int_dict['ins_api']['outputs']['output']['body']['TABLE_channel']['ROW_channel']:  
  if int['status'] == 'D':
    print 'no interface ' + int['port-channel']

Here is the output from the script:

no interface port-channel10  
no interface port-channel11  
no interface port-channel12  
Summary

In this post we covered accessing the NX-API on a single 7K via a web browser. Accessing NX-API via a web browser and copying the message response is still a tedious process in my opinion. In part 2 of this series we will cover accessing multiple 7Ks via NX-API "off the box". Stay tuned!