DEVASC 200-901
docstrings
*describes what your function does*. It is placed in the *immediate line after* the function header and is placed *between triple double quotes """* The interpreter will save this string as a special __doc__ variable for the module.
symbols and meanings in a unified diff file
+: Indicates that the line has been added. -: Indicates that the line has been removed. /dev/null: Shows that a file has been added or removed. or "blank": Gives context lines around changed lines. @@: A visual indicator that the next block of information is starting. Within the changes for one file, there may be multiple. index: Displays the commits compared.
CI/CD benefits
- Integration with agile methodologies - Shorter Mean Time To Resolution (MTTR) - Automated deployment - Less disruptive feature releases - Improved quality - Improved time to market
URI syntax
- Scheme - Authority - Path - Query scheme:[//authority][/path][?query] http://localhost:8080/vi/books/?=DevNet
Unified CM Advanced Features-1
-AXL: SOAP APIs (XML requests) for managing various aspects of CUCM via programs rather than the web UI. AXL is for the administration and configuration of CUCM.
Cisco UCS Director Features and benefits
-Central Management -Self-service catalog -Adaptive provisioning -Dynamic Capacity Management -Multiple Hypervisor Support -Computing Management -Network Management -Storage Management -Dashboards
key features of Cisco SDWAN
-Cloud-first architecture -Embedded security -Predictable application experience
Features of Webex Teams
-Create Spaces -Create Meetings -Work inside and outside your company the same way -Place calls
Unified CM Advanced Features-6
-Extension Mobility: Users can log into any phone and that phone will switch from its default directory number to the user's directory number while the user is logged in.
Unified CM Advanced Features-8
-Java Telephony API (JTAPI) or Telephony API (TAPI): Enable you to write programs that automate the way calls are handled.
Cisco UCS Director several programmatic capabilities
-REST API -Tasks - can be atomic or monolithic. Written in CloupiaScript, a javaScript-like language. -Script Libraries -PowerShell Host -Integrations
Unified CM Advanced Features-5
-Softphone compatibility: Softphone devices can allow a Jabber user to make and receive phone calls.
Unified CM Advanced Features-2
-UDS: Enables end-users to update their own personal settings stored on CUCM.
The RESTCONF RFC 8040 states that RESTCONF base URI syntax is
/restconf/<resource-type>/<yang-module:resource>. <resource-type> and <yang-module:resource> are variables and the valuesare obtained using specific YANG model files.
Benefits of clean code
1. Accelerates development enormously 2. Enabling reuse 3. Debugging 4. Security analysis 5. Code review and merging
Cisco SDWAN RESTAPI resource collections
1. Administration 2. Certificate Management 3. Configuration 4. Device Inventory 5. Monitoring 6. Real-Time Monitoring 7. Troubleshooting
NSO Northbound Interfaces
1. CLI 2. RESTCONF API 3. NETCONF 4. Java 5. JavaScript 6. SNMP 7. Web UI 8. MAAPI 9. REST API (Deprecated since NSO 5.1 and to be removed in 5.3)
Test-driven development (TDD)
1. Create a new test (adding it to existing tests, if they already exist) 2. Run tests to see if any fail for unexpected reasons 3. Write application code to pass the new test 4. Run tests to see if any fail 5. Refactor and improve application code
NSO adding device methods
1. Discovery 2. Manually 3. Cloning 4. Templates
SDLC Design Phase-2 (HLD)
1. Gives a 10,000-foot view 2. It describes the general architecture, components and their relationships, and may provide additional detail
SDLC Deployment Phase
1. Install Software into production
SDLC Testing Phase additional testings
1. Integration testing 2. Performance testing 3. Security testing
SDLC Requirements and analysis-4
1. Is it possible to develop the software according to these requirements, and can it be done on-budget? 2. Are there any risks to the development schedule, and if so, what are they? 3. How will the software be tested? 4. When and how will the software be delivered?
Advantages of webhook
1. It enables applications to get real-time data. 2. Applications are more efficient because they no longer need to have a polling mechanism.
Two Types of API Keys
1. Public API Key - can be shared and enables the user to access a subset of data and APIs. 2. Private API Key
SDLC phases
1. Requirements and analysis 2. Design 3. Implementation 4. Testing 5. Deployment 6. Maintenance
Benefits of cloud paradigms
1. Self-service("platforms on demand") 2. Close specification, consistency, repeatability 3. Platform abstraction
SDLC Testing Phase
1. Takes the software code as input. 2. Install the software in a test environment to follow the test plan. 3. Every single test to cover all the features and functionality of the software.
4 major components of REST API requests
1. Uniform Resource Identifier (URI) 2. HTTP Method 3. Header 4. Body
Software development methodologies
1. Waterfall 2. Agile 3. Lean
SDLC Requirements and analysis-2
1. What is the organization's current infrastructure, application ecology, and development culture like? (Are they a Windows-only shop? Do they write 100% of their applications in Java?) 2. What is the organization's current IT process, roadmap, headcount, role breakdown? Where are they with respect to web, mobile, cloud, DevOps, testing, monitoring, continuous delivery, and other modern paradigms for building, updating, and operating software?
Prevent SQL Injection
1. With database firewalls like Web Application Firewalls 2. Use prepared statements 3. Use stored procedures 4. Whitelist Input Validation 5. Escaping all user-supplied input (last-resort) 6. Least privilege 7. Multiple database users 8. SQL views
OrderedDict collection
1. dict subclass that remembers the order entries were added. 2. We had to import it from the collection library 3. some methods not available in the dict data structure. 4. looks like a list of tuples
benefit of MVC
1. is each component can be built in parallel 2. only information each component needs is the input and output interface for the other two components 3. Components don't need to know about the implementation within the other components. 4. each component is only dependent on the input it receives, components can be reused as long as the other components provide the data according to the correct interface
GITHUB support many forms of collaborative coding including
1. private repos visible only to designated teams 2. "social coding" projects that are public, but whose contributors may be anonymous 3. broad-based open source efforts with many contributors, sometimes numbering in the thousands
HTTP status codes for API responses
1xx - informational 2xx - Success 3xx - redirection 4xx - Client Error 5xx - Server Error
common HTTP status codes
200OKRequest was successfully and typically contains a payload (body) 201CreatedRequest was fulfilled and the requested resource was created 202AcceptedRequest has been accepted for processing but is not complete 400Bad RequestRequest will not be processed due to an error with the request 401UnauthorizedRequest does not have valid authentication credentials to perform the request 403ForbiddenRequest was understood but has been rejected by the server 404Not FoundRequest cannot be fulfilled because the resource path of the request was not found on the server 500Internal Server ErrorRequest cannot be fulfilled due to a server error 503Service UnavailableRequest cannot be fulfilled because currently the server cannot handle the request
AMP API rate limits
3 x-headers: X-Rate-Limit-Limit - Number of total allowed requests in the current period. X-Rate-Limit-Remaining - Number of requests left before reaching the limit. X-Rate-Limit-Reset - Number of seconds before the limit is reset.
DHCPRELEASE
A DHCP client can relinquish its IP lease by sending a DHCPRELEASE message, identifying the lease to be released using the client identifier, chaddr and network address in the DHCPRELEASE message.
REST API
A REST web service API (REST API) is a programming interface that communicates over HTTP while adhering to the principles of the REST architectural style
XML namespace
A URI designating where additional information, such as schema or a taxonomy, can be found. Each name space in an XML document must be unique. They are used to designate specifically where elements where elements and attributes are defined in order to avoid naming collisions.
Developer documentation
A central location for all of Cisco's product's developer (API) documentation
transport layer port numbers
A differentiation between different applications running on the same host is also done at this layer
unittest
A framework included in Python by default that enables creation of test collections as methods extending a default TestCase class
hypervisor
A hypervisor is software that creates and manages VMs. Hypervisors are available open-source (OpenStack, Linux KVM, XEN) and from commercial vendors such as Oracle (VirtualBox), VMware (Horizon, vSphere, Fusion), Microsoft (Hyper-V), and others.
Authoritative name servers
A name server is authoritative for those parts of the tree for which the server has full information. Each zone normally has at least one authoritative name server. An authoritative server is configured with host table information or acquires it via a zone transfer (which takes place when a secondary DNS server updates itself from a primary server).
network
A network consists of host devices such as computers, mobile devices, and printers that are connected by networking devices such as switches and routers.
Code Exchange
A repository of sample code written by other developers
stack trace
A stack trace shows the calling "stack" of statements all the way from the top-level script that is being executed down to the statement that has produced the error.
Sequence diagram also called event diagrams
A type of diagram that shows objects participating in interactions and the messages exchanged between them. Sequence diagrams are used to explain a sequence of exchanges or events. They provide a scenario of an ordered set of events.
Unique local address
A unique local address is an IPv6 unicast address that is globally unique and is intended for local communications. It is not expected to be routable on the global internet and is routable inside of a limited area, such as a site. It may also be routed between a limited set of sites.
webhook
A webhook is an HTTP callback, or an HTTP POST, to a specified URL that notifies your application when a particular activity or "event" has occurred in one of your resources on the platform. The concept is simple — think of asking someone "tell me right away if X happens." That "someone" is the webhook provider, and you are the application.
APIC CLI
ACI also offers an NX-OS style CLI to configure and manage ACI in a traditional CLI way. Moquery is a CLI Object Model query tool, while Visore is Object Store Browser (GUI).
AMP Detection
AMP continuously monitors and records all file activity to detect malware. It ensures visibility into endpoint file activity and incoming threats, as well as reporting which endpoints have been compromised. AMP Cloud offers lookups, a signature engine, and a machine learning engine for a constantly updated intelligence database so that detection can happen on-disk. The AMP Cloud is the service you query with the AMP API.
Cisco AMP Capabilities
AMP prevents breaches and blocks malware at the point of entry, then detects, contains, and remediates advanced threats that can evade front-line defenses and get to your network. Prevention Detection Responses and automation
AMP Prevention
AMP protects against identified threats in malware files by preventing breaches. You can use the API to create isolation sessions, preventing network connection of a device for a set duration so you have time to prevent further problems. AMP uses global threat intelligence and can block file-based or non-file-based malware, IP addresses from a list, or block applications.
OAuth addressed which drawbacks
API Keys never expire unless revoked by the API provider and OAuth helps here by: 1. The application accessing the resource is known (using client application credentials) 2. The API provider can define scopes to limit the access to certain operations (you can GET a catalog entry, but you can't PUT a new catalog entry, even with a valid token). 3. Tokens have a limited lifetime
How AXL works
AXL is a SOAP interface, meaning it is based on the exchange of XML documents (defined in a schema, or Web Services Description Language (WSDL). Several APIs and development frameworks can consume the AXL WSDL to produce 'native' code/libraries allowing you to use AXL without handling XML. For simple requests it can be simpler to make AXL requests by creating XML strings and sending via HTTP POST.
IPv6 Unicast address are of several types
Aggregatable global addresses Link-local addresses IPv4-compatible IPv6 addresses Unique local addresses
SDLC Design Phase-MVP
Agile method tend to document less at this stage, preferring to move directly to the design and delivery of the features of the MVP
DNA Center Intent API method responses
All Intent API methods respond with a JSON structured content payload.
The Cisco UCS Manager management requests from the GUI or CLI are encoded in eXtensible Markup Language (XML)
All XML requests to Cisco UCS are asynchronous and terminate on the active Cisco UCS Manager. Cisco UCS Manager mediates all communication within the system; no direct user access to the Cisco UCS components is required.
NTP Security Features
An access list-based restriction scheme in which NTP traffic is allowed in the network only from specific sources. An encrypted authentication mechanism in which both the clients and the servers authenticate each other securely.
IPv6 anycast address
An anycast address is an address that is assigned to a set of interfaces that typically belong to different nodes. A packet sent to an anycast address is delivered to the closest interface (as defined by the routing protocols in use) identified by the anycast address. Assigning a unicast address to more than one interface makes a unicast address an anycast address. Anycast addresses can be used only by a device, not a host, and anycast addresses must not be used as the source address of an IPv6 packet.
Stateless automation tool
An app that persists its state to a separate database or that provides service that requires no memory of state between invocations.
not-stateless automation tool
An app that saves important information in files or in a database on the local file.
OpenID Connect
An interoperable authentication protocol based on the OAuth 2.0 family of specifications. It allows a user to share some aspect of their profile with an application with no need to share their credentials.
Arguments
Another feature of methods and functions is the ability to execute the code based on the values of variables passed in on execution
Cross Site Request Forgery
Another type of attack that shares some aspects of Cross Site Scripting attacks is Cross Site Request Forgery (CSRF), sometimes pronounced "Sea Surf." In both cases, the attacker intends for the user to execute the attacker's code, usually without even knowing it. The difference is that CSRF attacks are typically aimed not at the target site, but rather at a different site — one into which the user has already authenticated.
Tools that employ declarative Domain-Specific Languages (DSLs)
Ansible (based on python) and Puppet (based on Ruby)
Examples of automation tools
Ansible, Puppet, or Chef
OSI Layers
Application, Presentation, Session, Transport, Network, Data Link, Physical
AXL and the UCM CDB
Application->Application API->AXL Protocol->SOAP Encoding->XML Transport->HTTP(S) Application Server->Apache/Tomcat Data storage->Database
The YANG based Model-Driven Programmability Stack looks like this
Apps: App APIs: Model-Driven APIs (YANG Development Kit:YDK) Protocol: NETCONF, RESTCONF, GRPC Encoding: <---XML---><--JSON---> <-GPB-> Transport:<--SSH--><-----HTTP----> Models: YANG models (native, open)
YAML parse JSON and vice-versa?
As a superset of JSON, YAML parsers can generally parse JSON documents (but not vice-versa). Because of this, YAML is better than JSON at some tasks, including (somewhat ironically) the ability to embed JSON directly (including quotes) in YAML files. JSON can be embedded in JSON files too, but quotes must be escaped with backslashes (\") or encoded as HTML character entities (")
Examples of ad-hoc automation
Bash and python
Basic Authentication
Basic Authentication, also known as Basic Auth, uses the standard Basic HTTP authentication scheme. Basic Auth transmits credentials as username/password pairs separated with a colon ( : ) and encoded using Base64. In a REST API request, the Basic Auth information will be provided in the header: Authorization: Basic <username>:<password> Not encrypted unless passed through HTTPS. Not secure.
Bearer Authentication
Bearer Authentication, also known as Token Authentication, uses the standard Bearer HTTP authentication scheme. It is more secure than Basic Authentication and is typically used with OAuth and Single Sign-On (SSO). Bearer Authentication uses a bearer token, which is a string generated by an authentication server such as an Identity Service (IdS). In a REST API request, the Bearer Auth information will be provided in the header: Authorization: Bearer <bearer token>. Still use with HTTPS
FMC API and FTD API
Both cannot co-exist. The former is to manage through the FMC while the latter is directly to the FTD devices.
SSH and Telnet ports
By default, SSH uses port 22 and Telnet uses port 23. Telnet can also use port 992 when over TLS or SSL.
Running Javascript on devices with macros
CE v9.2.1+ enables you to deploy custom code to the device itself via the macro feature. This feature enables you to upload JavaScript code and run it directly on the collaboration device (hosted in a secure 'sandbox' environment). This custom code can interact with the device using the exposed xAPI JavaScript object. Ideally, code developed on an external app server using jsxapi could be uploaded to run directly on a collaboration device without requiring an external server. However, the macro JavaScript environment has some limitations, including the lack of local file storage, the inability to install additional JavaScript packages via NPM, and restrictions on establishing network connections.
CI vs Continuous Delivery
CI enables small changesets into the main code branch. Continuous Delivery enables those changes to be engineered to be self-contained to the point where at any given time, you could deploy a working application if needed.
CIDR
CIDR stands for Classless Inter-Domain Routing, and is a way of specifying the subnet mask for an IP address. When networks and subnets are created, the network engineer typically enters the IP address followed by the subnet mask. CIDR notation simplifies subnet notation. In CIDR notation, the number of subnet mask bits is converted into a single number, which appears after the IP address.
vManage NMS
Centralized network management system, so that you can configure overlay networks from a dashboard.
Automation tool that is more inherently procedural
Chef (based on Ruby)
ohai
Chef Infra Client includes a discovery subsystem called Ohai, which collects system facts and uses them to determine whether (and how) the target system has drifted from its configuration, and needs to be converged.
FirePower Integration
Cisco ISE Umbrella Threat Grid
Cisco Meraki
Cisco Meraki is a suite of cloud-managed network solutions that enables a single source of management for infrastructure, locations, and devices.
Cisco AMP API Integrations
Cisco Umbrella Meraki MX
echo $PATH
Command to print the current value of the PATH environment variable.
Comments in YAML
Comments in YAML can be inserted anywhere except in a long string literal, and are preceded by the hash sign and a space
Modern automation tools strive to be "data-driven" and enable the following:
Compilation of variable definitions. Server inventory as structured data and other details separate from generic code. Orderly means to inject variable values into code, config file templates, and other destinations at runtime.
model-driven programmability provides:
Configuration language that is human-readable Model-based, structured, and computer-friendly Include support for multiple model types, including native, OpenConfig, and IETF The specification is decoupled from transport, protocol end encoding. Use model-driven APIs for abstraction and simplification. Leverage open-source and enjoy wide support
internetworking
Connecting physically disparate networks
DNA Center Intent API Domain, Purpose and Subdomains-4
Connectivity Manage and configure SD-Access fabric wired and non-fabric wireless networks, including Enterprise SSIDs, wireless profiles, RF profiles, and access points. SDA, Non-Fabric Wireless
NSO packages
Custom code, applications, and specific NEDs are examples of packages that NSO loads. A package consists of code, YANG modules, custom UI widgets, and so on. NSO loads these at startup. Packages can be added and upgraded at run-time.
Switches operate in these switching modes
Cut-Through Switching mode Store and Forward Switching mode
TCP provides a reliable byte stream delivery by implementing the following functionality:
Data is delivered in the order that it was sent Lost or discarded packets are resent Traffic congestion control through a windowing system Minimizes transmit errors Duplicate data is discarded
VMWare's main CLI is now
Datacenter CLI, which enables command-line operation of vCenter Server API and VMWare Cloud on AWS. It's written in Python and runs on Linux, Mac, and Windows.
Unified CM Purpose
Define gateways, trunks, remote destinations, and more telephony-related information. Configure a full range of call handling tasks, including hold, transfer, call forward, and starting conference calls. Unified CM stores configuration data in an internal database, with a Publisher→Subscriber cluster architecture.
Automation Deployment
Deployment involves building, arranging, integrating, and preparing multi-component applications (such as database clusters) or higher-level platforms (like Kubernetes clusters), often across multiple nodes.
Cisco DNA GUI - Provision
Deployment, and Policy-based automation to deliver services to the network based on business priority and to simplify device deployment.Zero-touch device provisioning and software image management features reduce device installation or upgrade time.
Examples of actions with UDS include:
Directory search for users Manage Call Forward, Do Not Disturb, and Speed Dial settings, including visual and audible alert preferences Set Language and Locale Subscribe to IP Phone Service Applications Reset PIN or password credentials Configure Remote Destinations used with Cisco Mobility & Single Number Reach
Examples of MVC
Django (an MVC framework for Python), Rails (ditto for Ruby), Spring (ditto for Java), and Backbone.js (ditto for Javascript)
Software to create and manage or orchestrate containers is available from
Docker, AWS (Elasticized Container Service), Microsoft (Azure Container Service), and others.
Meraki location and privacy
Due to the sensitive nature of location data with exact MAC addresses as part of that data, Meraki only stores a hashed version of the MAC address. It's implemented in such a way that no algorithm can recover the original MAC address of a client.
Mac Address
Each NIC card has a unique Media Access Control (MAC) address that identifies the physical device, also known as a physical address. A MAC address is six bytes long, in hexadecimal format. The first three bytes are the vendor ID, and the last three bytes are the NIC ID.
Each Instance of TestCase
Each instance of TestCase will run a single base method: the method named methodName. In most uses of TestCase, you will neither change the methodName nor reimplement the default runTest() method.
OOP formally-defined properties
Encapsulation Data abstraction Polymorphism Inheritance
DNA Center Intent API Domain, Purpose and Subdomains-7
Event Management Configure and manage event-based notification to external handlers Event Management
XML
Extensible Markup Language (XML) is a derivative of Structured, Generalized Markup Language (SGML), and also the parent of HyperText Markup Language (HTML). XML is a generic methodology for wrapping textual data in symmetrical tags to indicate semantics.
NSO FASTMAP
FASTMAP enables automatic management of any kind of change or deletion.
namedtuple() collection
Factory function for creating tuple subclasses with named fields
True or false: every request that is sent to the REST API server will return a response with a status code.
False
Finesse REST APIs
Finesse provides REST APIs for performing agent and supervisor actions programmatically. They can be used to build custom agent desktops, integrate into existing applications, and/or build a script to automate tasks. Since the APIs are HTTP based, they can be used in both thick and thin applications.
Options to manage FMC and FTD
Firepower Device Manager(FDM)/FTD-API/CDO - These three options can co-exist. Firepower Management Center (FMC) - For advanced scenarios, FMC provides for the most product functionality through its graphical user interface. API capabilities between the two are similar.
Cisco DNA Multivendor SDK
For partners and customers who have a mix of Cisco and non-Cisco devices in their network, this SDK builds support directly in Cisco DNA Center.
types of code review
Formal code review Change-based code review Over-the-shoulder code review Email pass-around
Fragmentation
Fragmentation is the process of splitting the packet into several fragments at one node, sending the fragments independently and reassembling the fragments at another node.
software testing is divided into two categories
Functional Testing Non-Functional Testing
SNMP messages
Get GetNext GetResponse Set Trap
Other repos that use GIT
Gitlab BitBucket
The APIC API accepts and returns
HTTP or HTTPS messages that contain JSON or XML documents. You can use any programming language to generate messages and JSON or XML documents that contain the API methods or Managed Object (MO) descriptions.
concepts of the HTTP protocol
HTTP requests/responses HTTP verbs HTTP status codes HTTP headers/body
Internet Protocol performs two basic functions:
Host addressing and identification Packet routing
IP
IP, it is a best effort, unreliable protocol and error detection is used by implementing a basic checksum mechanism.
Schema trees
In YANG, data models are represented by definition hierarchies called schema trees. Instances of schema trees are called data trees and are encoded in XML.
working copy
In order to make a change to a file, an individual must get a working copy of the repository onto their local system. The working copy is the individual's personal copy of the files, where they can make changes without affecting others.
In the most common usage of RPC,
In the most common usage of RPC, the client makes a synchronous request to the server and is blocked while the server processes the request. When the server is done with the request, it sends a response back to the client, which unblocks its process. (This doesn't apply for asynchronous requests, remember.)
405 - Method Not Allowed
In this case, the request was recognized by the server but the method specified in the request has been rejected by the server. You may want to check the API reference guide to see what methods the server expects. The response from server may also include an Allow header containing a list of valid methods for the requested resource. For example, if you mistakenly use the POST method for an API that expects the GET method you will receive a 405 error.
Contact centers have two categories of tasks:
Inbound tasks: When customers initiate communication with customer service. Examples include: a customer asking questions about their bill or needing IT help, or a new customer trying to sign up. Outbound tasks: A customer interaction made from the contact center agent to a customer. Examples include telemarketing, reminders for an upcoming appointment or service, or a follow-up on a previous customer service interaction.
Challenges of microservices
Increased complexity Automation is a requirement
Cisco DNA GUI - Platform
Information and documentation for the DNA Center Intent API supporting the use of third-party applications and processes for data gathering and control via the API.This is the means to improve and automate IT operations, establish customized and automated workflow processes and integrate network operations into third-party applications.
OWASP recommends never displaying untrusted content in the following locations:
Inside script tags Inside comments As part of attribute names As part of tag names In CSS (within style tags)
Video Courses
Instructor led videos teaching various topics that includes hands-on exercises
Cisco DNA Center Intent API
Intent API provides the means to programmatically access the Cisco DNA Center services and functionality. This allows for automation and standardization of common management activities, as well as integration with third-party or enterprise applications. It is a RESTful API and uses HTTPS verbs (GET, POST, PUT, and DELETE) with JSON structures to discover and control the network.
GIT
Is easy to learn Can handle all types of projects, including large enterprise projects Has fast performance Is built for collaborative projects Is flexible Has a small footprint Has all the benefits of a distributed version control system Is free
To define the data type in the parameter
Is strongly recommended as it makes it easier to fix type mismatch errors
Knowing the rate limit
It can be added to the response header. Common keys include: X-RateLimit-Limit: The maximum number of requests that can be made in a specified unit of time X-RateLimit-Remaining: The number of requests remaining that the requester can make in the current rate limit window X-RateLimit-Reset: The time the rate limit window will reset
dockerfile
It defines the steps the docker build command needs to take in order to create an image that can be used to create the target container.
OAuth is not an authentication protocol
It delegates access to a resource like a hotel card. Once you have a hotel card, it no longer proves who you are.
partially done work in lean method
It doesn't add any value to the customer The time and resources spent doing this work could have been used on something that is of value to the customer The work usually isn't maintained, so it eventually becomes obsolete
Key advantage of JWT
It has the ability to contain claims, or information about the user, which the backend services can use to make business logic decisions.
A batch of SQL statement
It is a group of two or more SQL statements, separated by semicolons.
Network Programmability
It is the ability to configure, monitor, and react to events in the network in real-time.
SDLC
It is the process of building software, starting with the original idea and ending with a high-quality working product. It involves gathering requirements, creating a proof of concept, testing and fixing bugs.
JSON and YAML
JSON and YAML are close cousins: the YAML standard was created as a superset of JSON, so any legal JSON document can be parsed and converted to equivalent YAML, and (with some limitations and exceptions) vice-versa
REST API response header
Just like the request, the response's header also uses the standard HTTP header format and is also optional. The header in the response is to provide additional information between the server and the client in name-value pair format that is separated by a colon ( : ), [name]:[value].
DNA Center Intent API Domain, Purpose and Subdomains-2
Know Your Network Discover and manage sites, topology, devices, users, and issues. Sites, Topology, Devices, Clients, Users, Issues
YANG defines four types of nodes for data modeling
Leaf Nodes Leaf-List Nodes Container Nodes List Nodes
Password strength is determined by
Length Complexity Unpredictability
deque collection
List-like container with fast appends and pops on either end
GIT 2 types of repo
Local Remote
GIT support 4 major transport protocols for accessing the repo
Local SSH GIT HTTP
Types of version control
Local version control system Centralized version control system Distributed version control system
LLC Layer
Logical Link Control (LLC) layer - responsible for identifying and encapsulating network layer protocols, error checking controls and frame synchronization. IEEE 802.3 Ethernet, 802.11 Wi-Fi, and 802.15.4 ZigBee protocols operate at the data link layer.
Contact Center agents use an application called an agent desktop for the following tasks:
Manage their incoming work (call, text, chat, email) Get the customer data that was provided through a menu prompt or form Get customer information from a customer relationship management or an internal database Enter notes into the customer's account/file for future reference Get help from a knowledge base in order to assist the customer Request help from peers or the supervisor
NSO Mapping Logic
Mapping logic can be interface-agnostic and unaware of interface specifics such as if it is handled through CLI, NETCONF, or SNMP. The mapping logic also does not include error handling for southbound interface errors which is managed automatically by the transaction manager.
MAC Layer
Medium Access Control (MAC) layer - responsible for controlling how devices in a network gain access to the transmission medium and obtaining permission to transmit data.
Webex Teams Membership API
Memberships represent a person's relationship to a room. The Memberships API resources allow you to list members of any room that you're in, create or revoke memberships, and memberships can be updated to make someone a moderator of a room.
Meraki MV Sense
Meraki Smart Cameras can perform object detection, classification, and tracking directly on the edge of the network, placing the computing needs in the endpoint. Through both REST and MQTT API endpoints, applications can request or subscribe to historical, current, or real-time data generated in the camera to use the camera for more than security. When you access the API endpoints in MV Sense, you gain access to machine learning/computer vision data for use in applications.
git merge <branch
Merge the specified branch into the current branch.
Exceeding the rate limit
Most commonly used HTTP status codes are 429: too many requests and 403: Forbidden
NETCONF feature comparison to SNMP
Multiple configuration data stores (candidate, running, startup) Device-level and network-wide transactions Configuration testing and validation Distinction between configuration and operational data Selective data retrieval with filtering Streaming and playback of event notifications Extensible remote procedure calls Built-in capability exchange
NETCONF/Yang support on IOS-XE
NETCONF/YANG is supported as of IOS XE 16.3.1 software. In Cisco IOS XE Fuji 16.8.1 and later releases, operational data works on platforms running NETCONF and is enabled by default.
NSO managing services (southbound)
NSO requires a YANG model, device address, management port, and authentication credentials for each device to be managed.YANG models are imported using the NSO YANG compiler.
NTP avoids synchronizing with upstream servers whose time is not accurate. It does this in two ways:
NTP never synchronizes with a machine that is not itself synchronized. NTP compares time reported by several machines, and will not synchronize to a machine whose time is an outlier, even if its stratum is lower.
NETCONF
Network Configuration (NETCONF) is a protocol defined by the IETF RFC6241 to install, manipulate, and delete the configuration of network devices. It is the primary protocol used with YANG data models today. Its operations are realized on top of Remote Procedure Call (RPC) exchanged via a secure transport protocol such as SSH.
The following are examples of Contact Center agent states:
Not Ready: The agent is not available to take incoming task (call, text, chat, email) Ready: The agent is available to take incoming task from the queue (call, text, chat, email) Talking: The agent is currently handling a call from the queue. Work: The agent just finished handling the task and is wrapping up work by adding notes, completing forms, and so on. In this state, the agent will not receive a new task. Logout: The agent is signed out and not working at the moment.
source command
Notice that when using the source command, we can run a script even if it's not executable
two versions of OAuth
OAuth 1.0 OAuth 2.0 - better of the two and not backward compatible.
OAuth 2.0 authorization framework
OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Tools for sanitizing content
OWASP Java HTML Sanitizer HtmlSanitizer Python Bleach
Opaque vs JWT
Oauth does not mandate the access token format and as such, depending on the OAuth server implementation, the access token could be opaque(typically a long string carrying no information) or JWT.
SNMP traps contain
Object IDs that identify each event and match it with the entity that generated the event. Severity of the alarm (critical, major, minor, informational or event). A date and time stamp.
TDD provides test harness and Co-evolving test and application code this way:
Obliges developers to consistently think about requirements (and how to capture them in tests). Helps clarify and constrain what code needs to do (because it just has to pass tests), speeding development and encouraging simplicity and good use of design patterns. Mandates creation of highly-testable code. This is code that, for example, breaks operations down into pure functions (functions that don't access global variables of possibly-indeterminate state) that can be tested in isolation, in any order, and so on.
OAuth
Open Authorization combines authentication with authorization. OAuth was developed as a solution to insecure authentication mechanisms. With increased security compared to the other options, it is usually the recommended form of authentication/authorization for REST APIs.
Open NX-OS
Open NX-OS is the set of software used to provide the APIs, data models, and programmatic access.This includes the NX-API REST service and model-driven programmability using YANG modeling.Both the NX-API CLI and NX-API REST API interfaces are served by an NGINX web server.The NX-API REST model borrows several concepts from Cisco ACI and makes them available for a non-ACI based standalone Nexus fabric environment.
NX-OS OpenConfig
OpenConfig, an alternative model, must be downloaded to the switch.
Switches have the following functions
Operate at the link layer of the TCP/IP protocol stack. Forward, filter or flood frames based on entries in the MAC address table. Have a large number of high speed and full-duplex ports.
GitOps
Operations by pull requests
vBond Orchestrator
Orchestrates connectivity between vEdge routers and vSmart controllers. If any vEdge router or vSmart controller is behind a NAT, the vBond orchestrator also serves as an initial NAT-traversal orchestrator.
Automation Orchestration
Orchestration may refer to several things. When meant concretely, it usually refers to user-built or platform-inherent automation aimed at managing workload lifecycles and reacting dynamically to changing conditions (e.g., by autoscaling or self-healing), particularly in container environments. When meant abstractly, it may refer simply to processes or workflows that link automation tasks to deliver business benefits, like self-service.
dict data type
Ordered key-value pairs, keys don't have to be same data type, values don't have to be same data type. Keys are unique; must be immutable. It was unordered till Python3.7
list data type
Ordered list of items, mutable (can be changed after created), items can be different data types, and it can contain duplicate items
Webex Teams API Organization
Organization resources can only be accessed by an admin.
[class instance].[method name]
Outside of the class name scope, class methods and data attributes are referenced using the dot notation
Parsing and serializing
Parsing means analyzing a message, breaking it into its component parts, and understanding their purposes in context and serializing is roughly the opposite
seven wastes of Lean
Partially Done Work Extra Processes Extra Features Task Switching Waiting Motion Defects
Webex Teams People API
People are registered users of Webex Teams.
4 social engineering vectors
Phishing Vishing or voice phishing Smishing or SMS text messaging Impersonation
DNA Center Intent API Domain, Purpose and Subdomains-6
Policy Applications, Application Sets, and Application Policy Management Application Policy
ISE capabilities
Policy Compliance Secure wired access Segmentation
ISE PSN Node
Policy Service node: A Cisco ISE node with the Policy Service persona provides network access, posture, guest access, client provisioning, and profiling services. The policy information point represents the point at which external information is communicated to the Policy Service persona. For example, external information could be a Lightweight Directory Access Protocol (LDAP) attribute.
Finesse Use Cases-7
Problem: A company is using the Finesse out of the box agent desktop and wants to integrate a different application that has REST APIs into the agent desktop. Solution: The company can build a custom gadget and integrate in the application by using the application's REST APIs. The gadget has the ability to call external REST APIs, parse the responses, and display the data accordingly.
Finesse Use Cases-2
Problem: A company uses a customer relationship management (CRM) as their main application for their contact center agents. They want to add agent state and basic call control into the CRM to avoid needing to flip between two applications. Solution: The company will use the User and Dialog APIs in conjunction with the Finesse Notification Service. The User APIs will add the agent state capabilities while the Dialog APIs will add the basic call control capabilities.
Finesse Use Cases-5
Problem: A company wants a supervisor specific desktop because their supervisors do not take incoming customer calls. Solution: The company can build a supervisor desktop that only contains supervisor capabilities. Finesse has APIs for the following features for their team: team messages, silent monitor, barge, view and change agent's state.
Finesse Use Cases-3
Problem: A company wants to add a "Click to call" feature to their application. Solution: The company will use the Dialog--Create a New Dialog API to add this functionality
Finesse Use Cases-9
Problem: A company wants to change the color of the light on their IoT capable headset when the agent states change. Solution: The company will build a custom gadget that calls the headset's APIs to change the color of the light when the agent state changes. The gadget has the ability to receive all of the User notifications so it will know when the agent state changes.
Finesse Use Cases-8
Problem: A company wants to integrate a webpage into the Finesse agent desktop. Solution: If the webpage allows itself to be loaded in an iframe, they can build a custom gadget that is as simple as just an iframe that loads that webpage.
Finesse Use Cases-4
Problem: A telemarketing company wants a custom agent desktop where there is only outbound capabilities. Solution: The company can build a 100% fully functioning outbound only agent desktop. They will need to add agent sign in/out, agent state, outbound features, and specific call control for outbound calls. Supported outbound features include: receiving an outbound call, accept/close/reject/reclassify outbound calls, schedule callbacks.
Sandboxes
Production-like development and testing environments for a lot of the Cisco technologies
software design patterns takeaways
Program to an interface, not an implementation Favor object composition over class inheritance
block comments
Python doesn't support blocked comments to hide multiple lines of code. If you want to comment a block of lines, you must explicitly add a pound symbol before each line of code
REST API request
REST API requests are essentially HTTP requests that follow the REST principles. These requests are a way for an application (client) to ask the server to perform a function. Since it is an API, these functions are predefined by the server and must follow the provided specification.
REST API Response
REST API responses are essentially HTTP responses. These responses communicate the results of a client's HTTP request. The response may contain the data that was requested, signify that the server has received its request, or even inform the client that there was a problem with their request.
Two different types of API endpoints are available in the MV Sense collection of API endpoints;
REST-based and MQTT-based. RESTful APIs offer an on-demand service. A connection will be made only when data is requested. Using the MV Sense REST APIs enables historical or near real-time people detection data from the camera. MQTT-based protocols use a publish-subscribe connection between the client and server. In the case of MV Sense, the server is continuously pushing messages to the MV smart cameras so the device can respond instantly. Using the MV Sense MQTT APIs enables a real-time feed of people detection and their locations. Light-level readings can also be obtained.
NX-OS also provides a REST API service and model-driven programmatic access via
RESTCONF, NETCONF, and OpenConfig.
REST
REpresentational State Transfer (REST) is an architectural style, as a hybrid style, derived from several network-based architectural styles he described elsewhere in the paper, "combined with additional constraints that define a uniform connector interface."
popular types of API architectural styles:
RPC, SOAP, and REST.
Social engineering reliese heavily on six principles of influence
Reciprocity Commitment Consistency Social proof Authority Liking Scarcity
Regular proxy vs Reverse proxy
Regular proxy make requests from multiple computers look like they all come from the same client. Reverse proxy make sure responses look like they all come from the same server
RPC
Remote Procedure Call (RPC) is a request-response model that enables an application (acting as a client) to make a procedure call to another application (acting as a server). The "server" application is typically located on another system within the network.
Types of REST API HTTP Headers
Request headers Entity headers
Request Header
Request headers include additional information that doesn't relate to the content of the message. For example, here is a typical request header you may find for a REST API request: Key-Example Value-Description Authorization-Basic dmfcvandafefejfksdfadsf-Provide credentials to authorize the request
REST API response header
Response headers contain additional information that doesn't relate to the content of the message. Some typical response headers you may find for a REST API request include: key-Example Value-Description Set-CookieJSESSIONID=30A9DN810FQ428P; Path=/Used to send cookies from the server Cache-ControlCache-Control: max-age=3600, publicSpecify directives which MUST be obeyed by all caching mechanisms
1xx - informational
Responses with a 1xx code are for informational purposes, indicating that the server received the request but is not done processing it. The client should expect a full response later. These responses typically do not contain a body.
2xx - informational
Responses with a 2xx code mean that the server received and accepted the request. For synchronous APIs, these responses contain the requested data in the body if applicable. For asynchronous APIs, the responses typically do not contain a body and the 2xx status code is a confirmation that the request was received but still needs to be fulfilled.
4xx - client error
Responses with a 4xx code means that the request contains an error, such as bad syntax or invalid input, which prevents the request from being completed. The client must take action to fix these issues before resending the request.
5xx - server error
Responses with a 5xx code means that the server is unable to fulfill the request even though the request itself is valid. Depending on which particular 5xx status code it is, the client may want to retry the request at a later time.
IN-ADDR.ARPA pseudo-domain
Reverse mapping from IP addresses to names is done via the IN-ADDR.ARPA pseudo-domain. IP (v4) addresses are normally read from left to right, with the rightmost number having greatest significance. Thus for purposes of reverse lookup, the DNS entry for the IP address 72.163.120.82 is given as 82.120.163.72.IN-ADDR.ARPA.
Webex Teams Room API
Rooms are virtual meeting places where people post messages and collaborate to get work done. The Rooms API can manage, create, update, and delete rooms.
docker run or docker container create
Run a container based on the image
SDK
SDK stands for Software Development Kit. Typically an SDK contains a set of software development tools integrated for developing applications for a specific device or system.
What provides sanity by providing guidance on building sustainable software packages?
SDLC - Software Development Lifecycle
Service Level Indicators
SLIs are engineered to map to the practical reality of delivering a service to customers: they may represent a single threshold or provide more sophisticated bracketing to further classify outlier results. SLOs (targets for actual performance)
advantages of SNMP
SNMP is supported in LAN equipment, WAN equipment, firewalls, and server operating systems. SNMP is based on open standards documented in IETF RFCs. SNMP is easily extensible. SNMP provides a single framework for managing many different kinds of devices.
SNMP-manager network consist of the following components
SNMP manager SNMP agents Managed devices
SNMP versions
SNMPv1 SNMPv2c SNMPv3
SQL Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
SQL Injection detection engines
SQLmap or SQLninja
Ways to secure data in motion
SSH TLS VPN
DNA User Roles
SUPER-ADMIN-ROLE - allowing complete control of the DNA Center and access to all sections. NETWORK-ADMIN-ROLE - have general access and may create and manage devices. OBSERVER-ROLE - have read-only access in both the GUI and API (GET only) and are restricted from some portions of the GUI interface.
How to prevent XSSq
Sanitize content where possible and if it can't be sanitized, don't display it.
Benefits of microservices
Scalability Infrastructure automation tools
NSO Service Mapping
Service Configuration->Device Configuration -CLI or SNMP or NETCONF->Device Commands Service Configuration->YANG Service Models Device Configuration->YANG Device Models YANG Service and Device Models->CDB sync
git diff <file-path>
Show changes between the version of the file in the working directory and the last commit that the local clone copied from the parent branch in the Git repository
git diff <commit id 1> <commit id 2> <file path>
Show the changes between a file's two commits from the file history
git diff <file path 1> <file path 2>
Show the changes between two files in the working directory or on disk
What to use instead of browser local storage and session storage
Since they can be read from JavaScript, use secure cookies, the httpOnly flag, and CSRF measures to prevent tokens from being stolen
DNA Center Intent API Domain, Purpose and Subdomains-3
Site Management Enterprise network provisioning, onboarding, and deployment, and software image management. Site Design, Network Settings, Software Image Management, Device Onboarding (PnP)Configuration Templates
scripts vs modules
Some Python files could serve as both a script (to be executed) and a module (which could be imported).
unified diff
Some projects require changes to be submitted through a .diff file as a patch. Since it's all in one file, it's referred to as a unified diff
Advantages of full-stack automation
Speed Repeatability The ability to work at scale, with reduced risk
NX-OS Linux environment and tooling
Standard Linux tools like ifconfig, ethtool, route, or tcpdump can be used to manage a Cisco Nexus switch with NX-OS. You can also use yum (Yellowdog Updater, Modified) as it is the default package and repository management tool for NX-OS and has RPM underneath.These same tools can be used for NX-OS process-patching or installing external or custom-developed programs onto the switch.
To ensure the scripts are efficient and reusable, you will:
Standardize the ordering and presentation of parameters, flags, and errors. Create a code hierarchy that divides tasks logically and efficiently. Create high-level scripts for entire deployments and lower-level scripts for deployment phases. Separate deployment-specific data from the code, making the code as generic and reusable as possible.
Records stored in the DNS database include
Start of Authority (SOA) IP addresses (A for IPv4 and AAAA for IPv6) SMTP mail exchangers (MX) addresses for name servers (NS) pointers for reverse DNS lookups (PTR) alias records (CNAME)
Developer support
Support for developer related issues through tickets, live chats, and forums
TETRA
TETRA is an antivirus engine delivered as part of the AMP Connector for Windows, and ClamAV is a similar engine for macOS and Linux.
Webex Teams Team API
Teams are groups of people with a set of rooms that are visible to all members of that team. The Teams API resources are teams to be managed, created, updated, and deleted.
AMP API Pagination
The AMP API uses Links to get to locations within the response, such as self, next, and last. You can also use an offset parameter to get the next number of results based on the offset value.
AXL API Purpose
The AXL API is for administration and configuration. For example, you could write an AXL/SOAP-based application to streamline operations like adding a user, configuring which phones the user is allowed to control, configure that user's Extension Mobility (the ability to log in to other phones and use a pre-defined directory number on that phone), and much more.
DNA Center REST API initiat auth
The Cisco DNA Center REST APIs use token-based authentication.An Authentication (Access Token Request) POST is used to obtain the initial session token.
Jabber Guest SDK for Web
The Cisco Jabber Guest SDK for Web is primarily a call widget that is embedded in an iframe within another web page.
Cisco SDWAN resource
The Cisco SD-WAN REST API calls expose the functionality of the software and hardware features and of the normal operations you perform to maintain SD-WAN devices and the overlay network itself. In REST API terminology, each of these features or operations is called a resource. A resource is an object with a type, associated data, relationships to other resources, and a set of methods that operate on it.
UCS Python SDK
The Cisco UCS Python SDK is a Python module used to automate all aspects of Cisco UCS management, including server, network, storage, and hypervisor management.
Webex Board Series
The Cisco Webex Board Series are an all-in-one team collaboration device for meeting rooms and spaces. Benefits include: A fully touch-based device that simplifies the meeting experience. Cloud-based platform that allows you to save and continue work before, during, and after the meeting. Cloud registration makes it affordable and easy to deploy with end-to-end encryption. Wireless presentations with no more need for dongles and wires. Digital whiteboards. High quality and high fidelity video and audio conferencing. High-resolution 4K screen.
Webex Desk Series
The Cisco Webex Device Series brings high-quality video conferencing to your desktop. Benefits include: HD Video and high fidelity audio. Intuitive touchscreen. Built for both on-premises and cloud deployment.
Webex Room Series
The Cisco Webex Room Series bring integrated video conferencing systems to every room. Benefits include: 55- or 70-inch 4K screen(s). Intelligent viewing capabilities, such as automatic framing and speaker tracking. Dual screens, dual content sources, wireless sharing, and 4K content for presentations. AI based noise suppression, voice-activated controls, and people counting. APIs and macros allow for expressive meeting personalization. Built for both on-premises and cloud deployment. Digital whiteboards.
Cisco APIC Python SDK (Cobra SDK)
The Cobra SDK is a native Python language binding for the APIC REST API to interact with the APIC controller. The installation of Cobra requires installing two .egg files: acicobra.egg and acimodel.egg.
Umbrella APIs
The Enforcement API integrates security events with Umbrella. Developers and security experts use the Umbrella Enforcement API to take actions on a domain request The Network Devices API integrates hardware devices with Umbrella. The Investigate API gives you data to find more about security incidents and pull threat intelligence data programmatically The Reporting API enables organizations to run several reports.
SOAP Envelope
The Envelope must be the root element of the XML document. In the Envelope, the namespace provided defines that the XML document is a SOAP message.
Fabric Interconnects
The FIs provide redundant network and storage paths, redundant management, and a single point of management control for an administrator.
Finesse JavaScript APIs
The Finesse agent and supervisor desktop is an OpenSocial container that has the ability to host OpenSocial gadgets. Finesse provides JavaScript APIs for building custom OpenSocial gadgets to be used in the out-of-the-box Finesse agent and supervisor desktop.
Intersight API capabilities
The Intersight API provides access to the Intersight MIM. The Intersight API accepts and returns messages that are encapsulated through JavaScript Object Notation (JSON) documents and uses HTTP over TLS as the transport protocol.
MVC
The Model-View-Controller design pattern is sometimes considered an architectural design pattern. Its goal is to simplify development of applications that depend on graphic user interfaces
NSO CLI
The NSO CLI provides a unified CLI towards the complete network. It comes in two flavors: Juniper-style and Cisco XR-style.NSO CLI is a single northbound interface for network devices and network services. Note that this is different than a "cut-through" CLI that reaches the devices directly.
pipenv file and pipenv.lock
The Pipenv file indicates what the intended packages are and the Pipenv.lock file shows the last tested listing of packages.
Pupperware
The Puppet Server can be a VM or even a Docker container for small self-teaching implementations, and Puppet provides a compact Docker install for this purpose
Cisco UCS XML API
The UCS XML API uses XML as a method to encode requests and responses via the API, and also uses XML to define the entire Object Model. The entirety of XML used to define the MIM is known as the XML schema. All UCS objects are described in the XML schema. The schema defines the objects, their attributes, and the associated values. All components of UCS are always available with the XML API.
NSO Web UI
The Web UI is a YANG model browser with additional device and service functionality. The interface is built with pure client-side JavaScript. The Web UI is a mix of custom-built widgets and auto-rendering of the underlying device and service models. All major web browsers are supported, and no plugins are required.The Web UI is available on port 8080 on the NSO server. The port number is configured in ncs.conf.
Features of Webex Teams API
The Webex Teams API is an extensive set of APIs that allow you to interact with the entire Webex Teams platform. From managing organizations, teams, people, rooms, memberships, and messages to creating conversational bots or embedded video calls, you can extend the capabilities of Webex Teams. -Use the Webex API to create webhooks enabling fine-grained communication with and control of applications and services in response to specific events in Webex Teams. -Create bots that emulate Webex users and mediate with external applications to provide services (often using webhooks). -Use Webex Embedding APIs for Java, node.js, browsers, iOS, and Android, along with Webex Widgets, to embed Webex voice/video calling and messaging functionality into desktop, web, and mobile applications.
XSRF token in SDWAN
The XSRF token is used to prevent cross-site request forgery attacks and is mandatory from vManage 19.x onward. The xsrf_token_url variable is built as a concatenation of the base_url and the /dataservice/client/token API resource.
IaC
The ability to manage the infrastructure with automation.
SNMP MIB
The agent captures data from MIBs, which are data structures that describe SNMP network elements as a list of data objects. Think of the MIB as a "map" of all the components of a device that are being managed by SNMP. To monitor devices, the SNMP manager must compile the MIB file for each equipment type in the network. Given an appropriate MIB, agent and manager can use a relatively small set of commands to exchange a wide range of information with one another.
puppet.conf
The agents will then need have the puppet.conf file configured to communicate with a Puppet Server. After the client service is started, it will have its certificate signed by the server. The Server will now be able to gather facts from the client and update the client state with any configuration changes.
In order to receive a notification from a webhook provider
The application must be running at all times to receive HTTP POST requests. The application must register a URI on the webhook provider so the provider knows where to send a notification when target events occur. the application must handle the incoming notifications from the webhook server.
Cisco APIC REST API auth token
The authentication token is listed in the response body as token and is also contained in the response header as APIC-cookie. Subsequent requests of the REST API can use this token value as a cookie named APIC-cookie to authenticate future requests.
SOAP Body
The body contains the actual data to be transported to the recipient. This data must be in XML format, and in its own namespace.
REST API Response Body
The body of the REST API response is the data that the client requested in the REST API request. The body is optional, but if data is provided in the body, the data type is specified in the header using the Content-Type key. If the REST API request was unsuccessful, the body may provide additional information about the issue or an action that needs to be taken for the request to be successful.
Ansible control-plane solutions
The commercial Red Hat Ansible Tower product provides a sophisticated web interface, REST API, and rich, role-based access control options. The open-source, feature-comparable alternative AWX project, of which Ansible Tower is a value-added distribution. AWX, however, is said to represent a development branch that undergoes minimal testing, and is not made available via signed binaries — a deal-breaker for many enterprises.
MVC Controller
The controller is like the middleman between the model and view. It takes in user input and manipulates it to fit the format for the model or view.
data link layer
The data link layer provides host to host data transfer, practically establishing a logical link between two connected nodes. Physical layer errors are usually detected and corrected at this layer. The data link layer specification also defines the protocols to establish and terminate connections as well as the flow control between two physically connected devices.
SOAP Fault
The fault is an optional element, but must be a child element of the Body. There can only be one fault element in a SOAP message. The fault element provides error and/or status information.
Cisco UCS MO
The hierarchical structure starts at the top (sys) and contains parent and child nodes. Each node in this tree is a managed object and each object in Cisco UCS has a unique distinguished name (DN) that describes the object and its place in the tree. Managed objects are abstractions of the Cisco UCS resources, such as fabric interconnects, chassis, blades, and rack-mounted servers. Cisco UCS Managed Objects are XML representations of a physical and logical entities in the UCS system.
Cisco UCS DME
The information model is centrally stored and managed by the Data Management Engine (DME), a process running on the fabric interconnects.
What does _ represent in python interpreter?
The last output is assigned to _ and can be called with it. Advise is not to use this in your code.
leaky bucket
The leaky bucket algorithm puts all incoming requests into a request queue in the order in which they were received. The incoming requests can come in at any rate, but the server will process the requests from the queue at a fixed rate. If the request queue is full, the request is rejected. With this algorithm, the client must be prepared for delayed responses or rejected requests.
MVC Model
The model is the application's data structure and is responsible for managing the data, logic and rules of the application. It gets input from the controller.
Physical Layer
The physical layer is responsible with the transmission and reception of raw bit streams. At this layer, the data to be transmitted is converted into electrical, radio or optical signals. Physical layer specifications define voltage levels, physical data rates, modulation scheme, pin layouts, cable specification, and so on.
Segmentation
The process of dividing a long data string into smaller messages at the transport layer
400 - Bad request
The request could not be understood by the server due to malformed syntax. Check your API syntax. Another cause of a 400 Bad Request error might be a syntax issue in the JSON object the represents your POST request. Check the API reference guide to make sure.
NSO Python requests is used to perform GET operation on the RESTCONF endpoint.
The requests package makes parameter passing very simple - we just pass in both as part of the auth parameter, and requests generates a Basic Auth base 64 encoded value for us. That value is actually included in the generated header.
Omnitruck
The script uses a Chef-provided installer called Omnitruck to do this. The Omnitruck shell script figures out which kind of Linux distribution you're using and otherwise enables a safe, predictable installation of Chef software (you can also use it to install other Chef products).
404 - Not Found
The server has not found anything matching the request URI; check the request URI to make sure it's correct. If the code used to work, you may want to check the latest API reference guide, as an API's syntax can change over time.
503 Service Unavailable
The server is currently unavailable (overloaded or down). Check with API server administrator.
APIC API requests require an authentication token.
The token can be generated by authenticating to the /api/aaaLogin resource with username and password. To authenticate using JSON, send a POST request to http://APIC-IP/api/aaaLogin.json. To authenticate using XML, send a POST request to http://APIC-IP/api/aaaLogin.xml. After a successful request, the response will contain an authentication token which can be used as a cookie to authenticate future requests.
MVC View
The view is the visual representation (the presentation) of the data. There can be multiple representations of the same data.
AXL and UDS
These APIs provide Cisco partners and developers an easier way to automate and manage the devices, user profiles, and calls.
Jabber Web SDK
This SDK is used for developing web applications on Cisco Unified Communications, including voice and video, IM and Presence, voice messaging, and conferencing.
406 - Not Acceptable
This error indicates that the target resource does not have a current representation that would be acceptable to the client. The server has the data, but can't represent it using any of the options listed in the client's Accept- headers.
501 Not Implemented
This error means that the server does not support the functionality required to fulfill this request. For example, the server will respond with a 501 code when it doesn't recognize the request method and is therefore incapable of supporting it for any resource. Check API reference guide.
500 Internal Server Error
This error means that the server encountered an unexpected condition that prevented it from fulfilling the request. Check API reference guide.
502 Bad Gateway
This error means that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request. Check with API server administrator.
makefile
This is the file the make utility uses to compile and build all the pieces of the application.
Sensitive Data Exposure
This item refers to when attackers steal sensitive information such as passwords or personal information. You can help to prevent these attacks by storing as little personal information as possible, and by encrypting the information you do store.
Insufficient Logging and Monitoring
This item reminds you that your most basic responsibility is to ensure that you're logging everything important happening in your system so that you can detect attacks, preferably before they succeed. It's particularly important to ensure that your logs are in a common format so that they can be easily consumed by reporting tools, and that they are audit-able to detect (or better yet prevent) tampering.
Immutability
This literally means "the state of being unchangeable," but in DevOps parlance, it refers to maintaining systems entirely as code, performing no manual operations on them at all.
APIC REST Python adapter (ARYA)
This tool converts XML/JSON objects to equivalent Python code. Often people use it with the API Inspector built into the product. Note that the tool does not validate targets or perform lookups.
ACIrb
This tool provides a Ruby-based implementation of the Cisco APIC REST API. It enables direct manipulation of the MIT through the REST API using standard Ruby language patterns.
Cisco UCS Director can automate these for examples
VM provisioning and lifecycle management Network resource configuration and lifecycle management Storage resource configuration and lifecycle management Tenant onboarding and infrastructure configuration Application infrastructure provisioning Self-service catalogs and VM provisioning Bare metal server provisioning, including installation of an operating system
Application packet-filtering firewalls
Visibility all the way to Layer 7. This additional inspection capability can impact performance, and limited buffering space can hinder deep content analysis.
The SDK needs a Webex Teams access token to make API calls. You can either set it with a
WEBEX_TEAMS_ACCESS_TOKEN environment variable or by putting the access_token argument into the function call.
SDLC Requirements and analysis-5
Waterfall method requires creating a Software Requirement Specification (SRS) stating the software requirements, scope, and so on, and confirming this meticulously with stakeholders. Agile proponents prefer defining a "minimum viable product" (MVP) that can be used to guide delivery of initial features.
Cisco UCS model-driven framework
When a user initiates an administrative change to a Cisco UCS component (for example, associating a service profile to a server), the DME first applies that change to the information model, and then applies the change to the actual managed endpoint. This approach is called a model-driven framework.
Webex Teams API Auth
When making requests to the Webex REST API, an Authentication HTTP header is used to identify the requesting user. This header must include an access token. This access token may be a (limited duration) personal access token, a Bot token, or an OAuth token from an Integration or Guest Issuer application.
compressed response data
When the server needs to send very large amounts of data that cannot be paginated, compressed data is another way to reduce the bandwidth. This data compression can be requested by the client through the API request itself. To request a data compression, the request must add the Accept-Encoding field to the request header.
response content for NETCONF vs RESTCONF
When using RESTCONF, the response content is JSON formatted.When using NETCONF, the response is XML formatted.
API Inspector
When you perform a task in the Cisco APIC GUI, the GUI creates and sends internal API messages to the operating system to execute the task. By using the API Inspector, which is a built-in tool of the Cisco APIC, you can view and copy these API messages.
NSO MAAPI
While most of the validation can be expressed in YANG, in some cases, the configuration data validation will require external code, such as when performing look-ups in databases. This step is developed using MAAPI. MAAPI comes in several flavors. It is the general Management Agent API. MAAPI is available as command line utilities: C-API, Java API, and a Python API.
Whitespace in JSON
Whitespace in JSON isn't significant, and files can be indented using tabs or spaces as preferred, or not at all (which is a bad idea)
Umbrella's protection capabilities
Wi-Fi protection when guests are on your network. Selected application blocking. Endpoint security for off-network (not on VPN) devices. Web filtering.
UserDict collection
Wrapper around dictionary objects for easier dict subclassing
Ansible main playbook files
Written in YAML, these files may reference one another or lower-level roles.
three most popular standard formats for exchanging information with remote APIs
XML JSON YAML
NSO supported data formats
XML and json. Use Content-Type header value application/yang-data+json
Comments in XML
XML files can include comments, using the same commenting convention used in HTML documents.<!--!>
XML tags
XML tag names are user-defined. If you're composing XML for your own application, obvious best-practice is to pick tag names that clearly express the meaning of data elements, their relationships, and hierarchy
AXL SQL queries
You can also perform direct SQL queries to update or retrieve data in the Unified CM configuration database using ExecuteSQLupdate or ExecuteSQLquery.
How many IPv6 addresses per interface?
You can configure multiple IPv6 addresses per interfaces, but only one link-local address.
server persistence -stickiness
You can configure the load balancer to allow the same client to maintain multiple simultaneous or subsequent TCP or IP connections with the same real server for the duration of a session. A session is defined as a series of interactions between a client and a server over some finite period of time (from several minutes to several hours).
Webex Teams Python SDK Example -1
You can work with the Webex Teams APIs using a familiar language, in this case Python, with the webexteamssdk available on GitHub at https://github.com/CiscoDevNet/webexteamssdk. This SDK handles pagination for you automatically, simplifies authentication, provides built-in error reporting, and manages file attachments.
UML (Unified Modeling Language)
___ is a language based on OO concepts that describes a set of diagrams and symbols used to graphically model a system. Formalized sequence diagrams are closely linked to and are considered a subset of a standardized modeling system. UML includes standardized approaches to other aspects of static resources and process, including standardized ways to diagram and explain user interfaces, class definitions and objects, and interaction behavior. Sequence diagrams are one way to diagram interaction behavior.
The NSO architecture is logically comprised of two layers:
a Device Manager that simplifies device integration and manages device configuration scenarios, and a Service Manager that applies service changes to devices.
Larger-scale Ansible implementations will also benefit from Ansible Vault
a built-in feature that enables encryption of passwords and other sensitive information and provides a straightforward and easily-administered alternative to storing sensitive information in playbooks, roles, or elsewhere as plaintext.
Meraki Integrations - MV Sense API
a combination of REST APIs and realtime MQTT stream supporting oversight of a physical space. - Real-time (4Hz) data stream - Historical time-series via REST - Current snapshot
unittest framework demands
a different syntax than PyTest. For unittest, we need to subclass the built-in TestCase class, and test by overriding its built-in methods or adding new methods whose names begin with 'test_'.
hash function
a hash function is a mathematical algorithm that maps data of any size to a bit string of a fixed size. We can refer to the function input as message or simply as input. The fixed-size string function output is known as the hash or the message digest. It has the following key properties: "It's easy and practical to compute the hash, but "difficult or impossible to re-generate the original input if only the hash value is known." "It's difficult to create an initial input that would match a specific desired output.""
Test-Driven Development
a methodology that captures requirements in the form of automated software tests, then implements software to ... pass those tests
Distributed version control system
a peer-to-peer model The repository can be stored on a client system, but it is usually stored in a repository hosting service. To make changes require you to first clone the repo locally. Multiple people can work on the same file at the same time. Multiple copies exist in the event of losing the master. No need to lock the master file. conflicts are detected between file changes. Think GIT
Meraki Integrations - Webhook API
a real-time notification system for network alerts, covering events and network health. - Event stream - Automation trigger
A salt
a salt is a fixed-length cryptographically-strong random value that is added to the input of hash functions to create unique hashes for every input, regardless of the input not being unique. A salt makes a hash function look non-deterministic, which is good as we don't want to reveal password duplications through our hashing.
GIT pull-request
a way of formalizing a request by a contributor to review changes such as new code, edits to existing code, etc in the contributor's branch for inclusion in the project's main or other curated branches.
Cisco DNA Center provides both
a web-based GUI dashboard and the RESTful Intent API used to programmatically access its services and function.
Cisco UCS presents the abstraction layer is presented as
a web-based Graphical User Interface (GUI), an SSH Command Line Interface (CLI), and Application Programming Interface (API).
UCS XML API Authentication methods authenticate and maintain an API session with UCS Manager:
aaaLogin: Initial method for logging in and retrieving an authentication cookie. aaaRefresh: Refreshes the current authentication cookie. aaaLogout: Exits the current session and deactivates the authentication cookie.
git add <file path>
add a single file to the staging area
git add .
add all the changed files to the staging area
git add <file path 1> file path 2>
add multiple files to the staging area
Session Layer
allows hosts to establish sessions between them. Over these end to end sessions, different services can be offered. Keeping track on whose turn is to transmit data, making sure two parties are not attempting to perform the same operation simultaneously as well as picking up a transmission that failed from the point it failed and completing it are all functions of the session layer. The session layer is explicitly implemented in applications that use remote procedure calls (RPCs).
input()
always return a string without any validation.
Cisco Intersight RESTful API
an OpenAPI-compatible API that can be interrogated with Swagger and other open source OpenAPI tools
imperative procedure
an ordered sequence of commands aimed at achieving a goal.
TCP/IP Model
application, transport, internet, network access
The Finesse REST APIs that use the GET verb
are synchronous, which means that the Finesse server will return a response with the requested information immediately. The application must wait for a response before proceeding. The rest of the Finesse REST APIs are asynchronous, which means that the Finesse server will acknowledge that the request was made, but will send a notification with the requested information via the Finesse Notification Service. The asynchronous Finesse REST APIs goes hand in hand with the Finesse Notification Service.
examples of CLI stream editors
awk and sed
docker build -t myubuntu .
build an ubuntu image
Cisco UCS Configuration methods
configConfMo: Affects a single managed object. configConfMos: Affects multiple subtrees. configConfMoGroup: Applies the same configuration changes to multiple subtree structures or managed objects.
git checkout -b branch <parent branch> <branch name>
create a branch and switch the working directory to that branch
UDS supports Single Sign-on (SSO) and Basic Authentication for authentication. Not all UDS API requests require authentication, but the UDS resources that do require authentication are:
credentials device(s) extension(s) remoteDestination(s) speedDial(s) subscribedService(s) user userPolicy
3 main default roles for MS SQL
db_datareader, db_datawriter and db_owner
Aggregatable global address
defined by a global routing prefix, a subnet ID, and an interface ID. Except for addresses that start with binary 000, all global unicast addresses have a 64-bit interface ID. The IPv6 global unicast address allocation uses the range of addresses that start with binary value 001 (2000::/3). 001 - first 3 bits Global routing prefix - 45 bits SLA/subnet ID - 16 bits Interface ID - 64bits
git branch -d <branch name>
delete a branch
large organizations use a four-tier structure:
development, testing, staging, and production.
Counter collection
dict subclass for counting hashable objects
defaultdict collection
dict subclass that calls a factory function to supply missing values
ChainMap collection
dict-like class for creating a single view of multiple mappings
To check docker container processes
docker ps -a
to run a docker
docker run busybox for example
The Intent API is organized hierarchically into functional groups known as
domains and subdomains.
Functional Testing
eeks to determine whether software works right: whether it behaves as intended in a logical sense, from the lowest levels of detail examined with Unit Testing to higher levels of complexity explored in Integration Testing
git diff command
essentially a generic file comparison tool the file does not need to be a Git tracked file
Non-Functional Testing
examines usability, performance, security, resiliency, compliance (with standards and regulations, for example), localization, and many other issues, with an eye to finding out if software is fit for purpose, provides intended value, and minimizes risk.
NX-OS API enable feature commands
feature bash-shell feature netconf feature restconf
puppet manifests
files declaring operational classes — units of code describing a configuration operation. Manifest files typically end in the extention .pp, and are written in Puppet's declarative language, which looks something like Ruby and was inspired by the Nagios configuration file format.
UCS Python SDK code to authenticate with a UCS Manager
from ucsmsdk.ucshandle import UcsHandle handle=UcsHandle("ucs-ip","user","pass") handle.login()
SDLC Implementation Phase-2
functional code that implements all of the customer's requirements
difference between methods and functions
functions are standalone code blocks while methods are code blocks associated with an Object, typically for Object-Oriented programming
Accepted values for reques header's Accept-Encoding
gzip compress deflate br identity * If the server cannot provide any of the requested compression types, it will send a response back with a status code of 406 -- Not acceptable. If the server fulfills the compression, it will send the response back with the compressed data and add the Content-Encoding field to the response header. The value of the Content-Encoding is the type of compression that was used, enabling the client to decompress the data appropriately.
Server load balancing
helps ensure the availability, scalability, and security of applications and services by distributing the work of a single server across multiple servers.
One way to prevent XSRF
hidden token to accompany any request
The basic format of a RESTCONF URL is:
https://<hostURL>/restconf<resource><container><leaf><options>where any portion after restconf could be omitted.
The authentication endpoint for the Cisco SD-WAN vManage REST API is
https://<vManage-hostname-or-IP-address:port>/j_security_check. The data payload for the authentication POST request is JSON-formatted and contains the username and password in the following format: {'j_username' : vmanage_username, 'j_password' : vmanage_password}
ACI REST API Distinguished Name
identifies a specific target object, letting you map the name directly to URLs.
URI or URL
identifies which resource the client wants to manipulate. If you recall from the REST section, a REST request must identify the requested resource; the identification of resources for a REST API is usually part of the URI.
What command in the python interpreter display the "Zen of Python"?
import this
Hybrid cloud is often confused with multi-cloud
in which an organization uses multiple clouds for different purposes. What distinguishes hybrid cloud is the use of more than one cloud within a single application. As such, a hybrid cloud application has to be much more aware of its environment than an application that lives in a single cloud.
UC Manager Serviceability
includes similar SOAP-based API requests for retrieving information about phones such as the registration status, the IP address, and more. It also includes a performance monitoring API, and an API to manage and get the status of CUCM services.
Cisco provides and maintains a range of SDKs for the Intersight RESTful API
including ones for Python and Microsoft PowerShell. They also provide a range of Ansible modules.
Model-driven programmability
inherits the power of models, matching devices' abilities and services to standardized models making it easier to configure network devices and overcome drawbacks posed by traditional network device management techniques.
Enable RESTCONF on IOS-XE
ip http secure-server restconf
A Cisco DNA Center
is a foundational controller and analytics platform at the heart of a Cisco intent-based network for large and midsize organizations.It provides a single dashboard for network management, network automation, network assurance, monitoring, analytics, and security.
OWASP Enterprise Security API or ESAPI
is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications and serve as a solid foundation for new development.
Application Layer
is closest to the end user and contains a variety of protocols usually needed by users.
DNA API completion status
is obtained using Task API methods to monitor execution completion.
code review
is when developers look over the codebase, a subset of code, or specific code changes and provide feedback
Advantages of hashing
it is deterministic it conceals passwords at rest and in motion
ls -a
list all files and directories including hidden ones
ls -l
lists all contents of a directory in long format
NTP chooses the best server based on a range of variables:
lowest stratum, network distance (latency), and precision claimed.
The APIC
manages and provides for automation and management, policy programming, application deployment, and health monitoring for the fabric.
Automation Configuration
means installing base applications and services and performing the operations, tasks, and tests required to prepare a low-level platform to deploy applications or a higher-level platform.
git checkout <target branch> and git merge <source branch>
merge a branch into a branch that is not the client's current branch/repository
git merge <branch name 1> <branch name 2>
merge more than one branch into the client's current branch/repository. It's called an octopus merge
MVC abstracts code and responsibility into three different components:
model, view, and controller
example of YAML list
mylist: - 1 - 2 - 3
example of long strings in YAML The greater than (>) indicator gives us the folding syntax, where the pipe (|) does not.
mylongstring: > This is my long string which will end up with no linebreaks in it myotherlongstring: | This is my other long string which will end up with linebreaks as in the original
example of YAML map
mymap: myfirstkey: 5 mysecondkey: The quick brown fox
pyATS EasyPy module
one or more pyATS scripts can be compiled into a "job" and run together as a batch, through the pyATS EasyPy module, which enables parallel execution of multiple scripts, collects logs in one place, and provides a central point from which to inject changes to the topology under test.
two types of YANG models
open and native models
GIT Branches are essentially
pointers to the appropriate commit
Transport Layer
provides the functional and procedural means of taking data from the layer above, the session layer, splitting it into smaller units if needed, passing that data to the network layer, and ensuring all pieces arrive correctly at the other end
Genie,
provides the necessary APIs and libraries that drives and interacts with network devices, and performs the actual testing
GIT 3 stages
repository ( the .git directory) working directory staging area REPO-get a copy->working directory(make changes)-Add changes to stage->Staging area-commit(update repo with changes)->REPO
VLANs are organized in 3 ranges
reserved: 0, 4095 Normal: 1-1005 Extended: 1006-4094
Synchronous APIs
respond to a request directly, usually providing data (or another appropriate response) immediately.
another way to remove a file in a git directory
rm <file path 1> git dd <file path 1> Using this option does not allow the file to be preserved in the working directory.
docker run -it myubuntu /bin/sh
run it and log in
The NETCONF RFC has three distinct data stores that are the target of configuration reads and writes.
running (mandatory) candidate (optional) startup (optional)
Cisco IOS XE supports two datastores:
running and candidate. It also supports the lockingof datastores, as well as configuration rollback.
API rate limit
s a way for a web service to control the number of requests a user or application can make per defined unit of time, and implementing them is considered a best practice for public and unrestricted APIs
docker images
see your image in the list of images on your machine
git config --global user.name "name" git config --global user.email "email"
set the initial global settings. It writes to the ~/.gitconfig file Set the username and email
Examples of observer design pattern
social media
Presentation Layer
specifies context between application-layer entities. he presentation layer is concerned with the syntax and the semantics of the transmitted information and how this information is organized. Differentiation is done at this layer between what type of data is encoded for transmission, for example text files, binaries, or video files.
waiting delays in lean method
starting the project getting the right resources (staff) getting the requirements from the customer approvals of documentation getting answers making decisions implementation testing
Local version control systems
stores the delta between the two version of the file instead of the file itself in order to revert easily
Flask works by enabling you to create
templates which are stored in the templates folder and then rendering those templates. The templates themselves can have Python code embedded in them as indicated by double curly braces {{}}
One of the main features of Ethernet switches is
that they allow the segmentation of a Local Area Network into separate collision domains.
Finesse communicates with the contact center system via
the CTI protocol. This protocol is different between the Contact Center Enterprise and Contact Center Express systems, but Finesse provides the same interface for the two deployments while maintaining the behavioral differences.
Difference between prepared statements and stored procedures
the difference between prepared statements and stored procedures is that the SQL code for a stored procedure is defined and stored in the database itself, and then called from the application.
XML prologue
the first line in an XML file -- has a special format, bracketed by <? and ?>. It contains the tag name xml and attributes (see more below) stating the version and a character encoding.
git working directory
the folder that is visible in the filesystem that is a copy of the files in the repository. These files can be modified and the changes are only visible to the user of the client.
If dynamic SQL is generated inside stored procedures
the stored procedure must use input validation or proper escaping to makes sure that all user supplied input to the stored procedure can't be used to inject SQL code into the dynamically generated query. Auditors should look for sp_execute, execute, or exec within SQL stored procedures.
when a return statement is executed
the value of the return statement is returned and any code below it gets skipped
RESTCONF media types
there are two media types: "application/yang-data+xml" and "application/yang-data+json" that should be supported by a RESTCONF server. In a Python script, we may specify either one of these media types in the headers.
NTP uses the concept of strata: layers —
to describe how far away a host is from an authoritative time source.
git pull
to get updates from a branch or repository. This command can also be used to integrate the local copy with a non-parent branch.
Why do coders test software?
to make sure it works the way it's supposed to work, conceals a wealth of nuance and detail.
The AXL schema version is backwards-compatible for up to
two major releases.
examples of unit testing
unittest pytest
git push origin <branch name>
update the contents from the local repository to a particular branch in the remote repository
A way to create a new Flask object
using the decorator notation(@sample) to define what happens when a user pulls up the root document for the site.
Module
way to build independent and self-contained chunks of code that can be reused. is packaged as a single file and in addition to being available for integration with other modules, it should work independently. consists of a set of functions and typically contains an interface for other modules to integrate with. It is essentially a library and cannot be instantiated.
Hypervisors are generally classified as either 'Type 1',
which run directly on the physical hardware ('bare metal')
Hypervisors are generally classified as either 'Type 2',
which run, usually as an application, under an existing operating system
DNA Center Auth token is assigned to the header
with a header parameter named 'X-Auth-Token'.
The OpenStack project provides OSC, the OpenStack Client,
written in Python, which lets you access OpenStack Compute, Identity, Image, Object Storage, and Block Storage APIs.
untangle
xml parser library
Combining the ACI data models with devops tools like Ansible, Chef, or Puppet,
you can manage your infrastructure holistically with applications in mind.
Ansible variable files
These files describe variable values pertinent to groups of hosts and individual hosts.
API Integrations
They build a network between multiple applications which enables the applications to share the data, request actions to be performed, or even notify each other when a specific event happens.
407 - Proxy Authentication Required
This code is similar to 401 (Unauthorized), but indicates that the client must first authenticate itself with the proxy. In this scenario, there is a proxy server between the client and server, and the 407 response code indicates that client needs to authenticate with the proxy server first.
Finesse deployments
Finesse has two different deployments. In a contact center solution, Finesse sits on top of Contact Center Enterprise or Unified Contact Center Express and cannot function without one of these contact center systems.
GIT and GITHUB
Git is an implementation of distributed version control and provides a command line interface, while GitHub is a service, provided by Microsoft, that implements a repository hosting service with Git.
SOAP has three characteristics:
Independent Extensible Neutral
The goal of waterfall
It was to complete each phase of SDLC down to the last detail before proceeding to the next — never returning to a prior phase, and writing everything down along the way.
Learning Labs
Self-paced tutorials that cover a wide range of topics; starting from basic coding to using REST APIs with various Cisco technologies
Source code analysis tool
Static Application Security Testing (SAST) is designed to analyze source code and/or compiled versions of code to help find security flaws. It can find buffer overflows, SQL injection flaws, etc
Sliding window counter
The sliding window counter algorithm allows a fixed number of requests to be made in a set duration of time. This duration of time is not a fixed window and the counter is not replenished when the window begins again
URI Scheme
The scheme specifies which HTTP protocol should be used. For a REST API, the two options are: - http - https
504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server. Check with API server administrator.
415 Unsupported Media Type
The server will not accept the request, because the media type is not supported. In this case, the client sent a request body in a format that the server does not support. For example, if the client sends XML to a server that only accepts JSON, the server would return a 415 error.
token bucket
The token bucket algorithm gives each user a defined number of tokens they can use within a certain increment of time, and those tokens accumulate until they're used. When the client does make a request, the server checks the bucket to make sure that it contains at least one token. If so, it removes that token and processes the request. If there isn't a token available, it rejects the request. Retry mechanisms can help.
Module Constants
Their values can be changed. As a community we recognize an all-CAPS variable name as a name that we probably shouldn't change.
Meraki Integrations - Dashboard API
a RESTful service for device provisioning, management, and monitoring. - Programmability - Automation - Monitoring - Reporting - Data Insights
.git directory
a hidden directory that hold metadata such as the files (compressed), commits, and logs (commit history).
git checkout
command to switch branches by updating the working directory with the contents of the branch.
git switch <branch>
command to switch the working directory to the new branch.
git push
command to update the remote Git repository with the content changes from the local Git repository. This command will not execute successfully if there is a conflict
git commit -m
commit and add a message describing the change(s)
VMWare also provides vSphere CLI
for Linux and Windows, which lets you manage ESXi virtualization hosts, vCenter servers, and offers a subset of DCLI commands.
Unit Testing examples
for example, do the functions, libraries, and other small components you write return expected results and reject known-bad inputs?
Integration Testing examples
for example, do your components talk to one another properly and connect correctly with the database?)
Programmability
is the ability for a device to accept instructions to control or alter behavior.
The class variable self
is the internal class name for the object itself
The ncclient library
is the most commonly used Python library for a NETCONF client for communicating with a NETCONF server.
Disadvantages of polling
polling degrades the performance of both the client and server due to the need to repeatedly process requests and responses. Polling is not real-time because polls happen at fixed intervals.
ls -t
orders files and directories by the time they were last modified
Pip
package installation tool for python
Asynchronous APIs
provide a response to signify that the request has been received, but the response won't have any actual data.
The Cisco Meraki Dashboard API is a RESTful API
that uses HTTPS for transport and JSON for object serialization. 1. Enable access to the Cisco Meraki API. Organization>Settings 2. Go to My Profile page to generate an API key. It can be generated, revoked, and regenerated. Every request must specify an API key via a request header. The API will return a 404 (rather than a 403) in response to a request with a missing or incorrect API key. This behavior prevents leaking even the existence of resources to unauthorized users. X-Cisco-Meraki-API-Key:<secret-key>
Methods and functions share the same concept
they are blocks of code that perform tasks when executed
git pull or git pull origin or git pull origin <branch>
updates the local repo from the master or specified branch
REST API response HTTP status
use the standard HTTP status codes in the response to inform the client whether the request was successful or unsuccessful. The HTTP status code itself can help the client determine the reason for the error and can sometimes provide suggestions for fixing the problem.
snmp-views
used to limit access control on the managed device
DNA File API methods
used to obtain additional results following successful execution completion.
.diff file
used to show how two different versions of a file have changed
MVC is used mostly in
user interfaces and web applications
A cloud
is a system that provides self-service provisioning for compute resources, networking, and storage.
ACI REST API Relative Name
names the object apart from its siblings within the context of a parent object.
Enable NETCONF on IOS-XE
netconf-yang
Cisco DNA Center Maintain and Operate Guides
Cisco Digital Network Architecture Center Administrator Guide Cisco DNA Center High Availability Guide
Cisco IMC Python SDK
Cisco IMC Python SDK is a Python module supporting the automation of all Cisco IMC management servers (C-Series and E-Series).
What is cowboy coding?
An unstructured software project
Software code scanning tools
Bandit, Brakeman and VisualCodeGrepper
Finesse APIs
REST and JavaScript APIs
dicttoxml
serialization library
git rm
command to remove files from the Git repository.
SDLC Design Phase-1
Design the software based on the SRS
DevNet events
Events around the world where you can find DevNet's developer advocates teaching classes on various developer topics including hands-on workshops.
FMC
FMC is a central management console for the Firepower Threat Defense (FTD) Next-Generation Firewall. This console can configure all aspects of your FTD including key features like access control rules (traffic filtering) and policy object configuration such as network objects. FMC provides a central configuration database enabling efficient sharing of objects and policies between devices. It provides a REST API to configure a subset of its functionality.
Cisco UCS Director Requests made to the API must have the following xteristics
Requests are sent over HTTP. Request format encoding can be either JSON or XML in UCS Director API Version 1. Only XML is supported for Version 2 of the UCS Director API. Request must contain a valid URL.
Cisco DNA Center GUI organizes services and activities into
'Design', 'Policy', 'Provision', 'Assurance' and 'Platform'.
Cisco DNA supports full 360-degree services and integration:
'North': The Intent API provides specific capabilities of the Cisco DNA Center platform. 'East': Services for asynchronous Event Notification through WebHooks and email notification. 'Southbound': The Multivendor SDK is used to integrate non-Cisco devices into the Cisco DNA network. 'Westbound': Integration with Assurance and IT Service Management (ITSM) services, such as ServiceNow.
RESTCONF uses structured data
(XML or JSON) and YANG to provide REST-like APIs, enabling programmatic access to devices.
NSO Service model design consists of
- A YANG service model - A device configuration mapping ==Service templates ==Programmatic mapping
A CI pipeline example
- Code Compilation - Unit test execution - Static code Analysis - Integration testing - Packaging and versioning - Publishing the version package to Docker Hub or other package repositories
CI/CD pipeline tasks
- gather and compile source code - test - compile artifacts such as tar files or other packages
principles of idempotency
- look before you leap - get to a known-good state, if possible before making changes - test for idempotency - one bad apple spoils the bunch
InterSight Integrations
-Ansible modules -Python SDK and PowerShell modules that are generated from Intersight OpenAPI schema which is also referred to as the Intersight Swagger Spec.
Unified CM integrates with other services:
-Cisco Instant Messaging and Presence (Cisco IM&P): Requires a server installed with Cisco IM&P, also known as CUP. The Cisco IM&P server synchronizes presence and instant messaging (IM) information between Cisco Unified Communications and other applications. -Voicemail: Advanced voicemail management, requires a server installed with Cisco Unity Connection (CUC). -Contact Center: Route customer service requests to a pool of agents to provide efficient customer support.
Unified CM Advanced Features-7
-Cisco Jabber Voice & Video SDK: A JavaScript library/add-on and Chrome/Firefox extension that enables you to create a web page that can act as a softphone (audio and optional video). You can also use the web page to leverage your physical phone.
Unified CM Advanced Features-9
-Client Matter Codes (CMC): Enables you to manage call access and accounting. CMC forces the user to enter a code to specify that the call relates to a specific client matter. You can assign client matter codes to customers, students, or other populations for call accounting and billing purposes.
Decentralized ecosystem for developers bring about new challenges namely,
-Components need to be flexibly configurable (able to work alongside many other components in many different situations) and "unopinionated" (showing no more preference for specific companion components or architectures than absolutely necessary). -Component developers may abandon support for obsolete features and rarely-encountered integrations, disrupting processes that depend on those features. It's also difficult or impossible to test a release exhaustively, accounting for every configuration -Dependency-ridden application setups tend to get locked into fragile and increasingly insecure deployment stacks, effectively becoming monoliths: "special snowflakes" that can't easily be managed, improved, scaled, or migrated to new, perhaps more cost-effective infrastructures. Updates and patches may be postponed because changes are risky to apply and difficult to roll back.
You can use UCS Director to perform the following tasks:
-Create, clone, and deploy service profiles and templates for all Cisco UCS servers and compute applications. -Monitor organizational usage, trends, and capacity across a converged infrastructure on a continuous basis. For example, you can view heat maps that show virtual machine (VM) utilization across all your data centers. -Deploy and add capacity to converged infrastructures in a consistent, repeatable manner. -Manage, monitor, and report on data center components, such as Cisco UCS domains or Cisco Nexus network devices. -Extend virtual service catalogs to include services for your physical infrastructure. -Manage secure multi-tenant environments to accommodate virtualized workloads that run with non-virtualized workloads.
Steps to troubleshooting errors for API responses
1. Check the return code. It can help to output the return code in your script during the development phase. 2. Check the response body. Output the response body during development; most of the time you can find what went wrong in the response message sent along with the status code. 3. If you can't resolve the issue using the above two steps, use the status code reference to understand the definition of the status code. Let's look at these codes in more detail so you can understand what they actually mean.
Types of Webex Devices
1. Cisco Webex Board 2. Cisco Webex Room Devices 3. Cisco Webex Desk Devices
The NSO Service Manager provides the following:
-Creating, modifying, deleting services. (FASTMAP works behind the scenes here.) -Dry-run service life-cycle operations and report before making modifications. A dry-run report will predict changes to the devices. -Check-sync all services or specific service: Check if the actual device configuration corresponds with the service view. This can be used to check if the device configuration has been changed out of band or if the resulting device configuration is in violation of permitted service configurations. -Maintaining device dependencies: Every service instance in NSO knows the corresponding device configuration. Device configurations that are the result of service provisioning can be mapped to the service instances that created the configuration. -Service self-test: With a self-test action in NSO, you can trigger diagnostic tests of the service.
MV Camera API use cases
-Detect one or several people in the vicinity of a dangerous machine, and set off a nearby warning alarm to alert. -Detect several people standing in one location for an extended period of time and correlate with customer wait times. -Provide better workplace lighting by integrating MV light readings into workplace smart lighting.
Unified CM Advanced Features-10
-Forced Authentication Codes: Limit access to certain directory numbers users by requiring users to enter an authentication code first.
Unified CM Advanced Features-11
-Hunt Lists: Lists of directory numbers. If you call a number in a Hunt List and that number is not available (busy, for example), it rings the next number in the list, and so on, until it either reaches a callee or runs out of numbers in the list.
Cisco Meraki components include
-Integration APIs -A complete cloud-managed network infrastructure solution -Wireless, switching, security, SD-WAN, Mobile Device Management (MDM), and smart cameras -Integrated hardware, software, and cloud services
Automated problem mitigation
-Minimize the "blast radius" of issues: recognize problems quickly and route traffic to alternative capacity, ensuring that end users aren't severely impacted and that on-call operations personnel aren't unnecessarily paged. -Self-heal: allocate resources according to policy and automatically redeploy failed components as needed to return the application to a healthy state in current conditions. -Monitor events: remember everything that led to the incident, so that fixes can be scheduled and post-mortems can be performed.
Unified CM Advanced Features-12
-Music/Video on Hold: Define your own music and/or video to play when a user is on hold.
NSO Device Manager changes, depending on the device type, different protocols are spoken southbound. If the device is or has:
-NETCONF-capable, Device Manager produces explicit NETCONF edit-configuration RPC operations for each participating device and then inside the same transaction that runs in NSO, executes all the individual, device-specific NETCONF operations. -An SNMP device, Device Manager translates the change of the NCS DOM tree into the corresponding SNMP SET PDUs. -A CLI, such as Cisco IOS or IOS XR routers (or supporting the same command structure). A CLI NED is used to produce the correct sequence of CLI commands. Otherwise, for devices that do not fall into those categories, Java code in a Generic NED gets invoked with the proposed changes. The job for that NED code is to translate between the diff on the NCS DOM tree to the corresponding operations on the device.
In NSO, there are three primary YANG sources:
-NSO data-model, defining the built-in functions of NSO. -Data models from devices such as native YANG modules from NETCONF devices, generated YANG modules from SNMP MIBs, or reverse engineered YANG modules from a CLI device. These YANG modules then specify the functions of the devices that are integrated to NSO. -YANG service models: When developing service applications, a developer specifies the service model, such as a BGP peer, firewall setting, or MPLS VPN, in YANG.
Unified CM Advanced Features-4
-Platform Administrative Web Services (PAWS): Enables you programmatically perform operations such as upgrades instead of performing the steps manually.
ACI use cases
-Programmability as a single fabric, with access to read and write object models representing all attributes in the system. -Desired state defined and enforced. -Extension to AWS or Azure public clouds (via Multi-Site Orchestrator (MSO) and its API)
Webex Teams Security
-Protect messages, files, and whiteboard drawings with end-to-end encryption. -You can also manage your own encryption keys on-premises. -Your policies are maintained even when your employees are collaborating with others outside your company, through integration with your chosen DLP solution.
When you enable the developer menu, Cisco UCS Director GUI provides a developer menu option for developers to access the report metadata and REST API Browser. You can then access the following features:
-Report Metadata: The report metadata enables you to view the REST API URL for every report displayed in Cisco UCS Director. -REST API Browser: The REST API Browser is accessible from the Orchestration menu of Cisco UCS Director. The REST API Browser provides API information and API code generation capabilities that make it easy to see and work with all the available APIs, including both the REST APIs and the Java APIs. -REST Client: The REST Client is a useful widget for parsing and viewing API requests and responses. In this widget, you can enter a REST URL and apply an HTTP method such as POST, PUT, or DELETE to the URL for data manipulation. The REST Client provides a simple user interface for entering a URL to fetch data from the Cisco UCS Director server.
Cisco UCS is engineered to improve flexibility and manageability for conventional infrastructure:
-Resolve problems that prevent, hinder, or make unaffordable the provisioning of optimal compute/storage/network configurations for diverse and dynamic applications. -Reduce hardware limitations on the efficiency of virtualization, cloud computing, PaaS, container orchestration, and other frameworks that abstract compute, storage, and network resources. -Enable end-users to provision arbitrary configurations of virtualized infrastructure that map efficiently to underlying physical infrastructure capabilities, capacity, and configuration. -Enable management of physical infrastructure using the same type of software-centric, "infrastructure as code" disciplines that DevOps is applying, higher in the stack, to accelerate and scale operations.
Unified CM Advanced Features-3
-Serviceability: RisPort provides real-time registration and IP address information for phones. PerfMon provides real-time monitoring of Cisco Unified CM hardware and software.
Cisco UCS Manager includes the following features:
-Supports Cisco UCS B-Series Blade and C-Series Rack Servers, the C3260 storage server, Cisco UCS Mini, and the Cisco HyperFlex -Programmatically controls server, network, and storage resources, with a unified, policy-driven management, so they can be efficiently managed at scale through software -Works with HTML 5, Java, or CLI graphical user interfaces -Can automatically detect, inventory, manage, and provision system components that are added or changed -Facilitates integration with third-party systems management tools -Builds on existing skills and supports collaboration across disciplines through role-based administration
UCS virtualizes physical infrastructure and makes it uniformly software-definable:
-The underlying physical plant provides modular compute and flexible storage capability connected using an any-to-any switch fabric, making it easy to add capacity. -Above this, novel firmware and embedded management software abstract the physical layer, making what are conventionally hard-coded characteristics (such as server UUIDs, MAC addresses, disk-drive layouts, and BIOS settings) configurable at boot times, under control of management software. This eliminates the need to manually implement complex hardware configurations and enables a uniform, software-driven, hands-off infrastructure management experience. -Atop the hyperconverged infrastructure, UCS system management software and services enable web, CLI, API, and tool-based automated management (for example, using Ansible) of up to tens of thousands of physical servers, as well as the ability to manage a host of non-Cisco infrastructure products.
Through a dashboard called vManage, Cisco SD-WAN provides:
-Transport independence: Guaranteeing zero network downtime, Cisco SD-WAN automates application flexibility over multiple connections, such as the Internet, MPLS, and wireless 4G LTE. -Network services: Deliver rich networking and security services with clicks on the dashboard. WAN optimization, cloud security, firewalls, IPS, and URL filtering can be deployed wherever needed across the SD-WAN fabric from a single location. -Endpoint flexibility: Cisco SD-WAN can simplify connectivity across branches, campuses, data centers, or cloud environments, extending the SD-WAN fabric wherever you need it to go.
Unified CM is
-Used to configure and automate the provisioning of devices, the routing of calls, and the management of profiles and settings in a single solution. -Deployed in hospitals, banks, universities, and government agencies to manage the increasing number of devices and user profiles.
Finesse REST API functionality
-User: Represents an Agent, Supervisor or Administrator and enables you to retrieve or update user details and state information. -Dialog: Represents a call and the participants if the media type is voice and enables you to make calls, take action on calls, and make make outbound related actions. -Media: Represents a user's state in a non-voice Media Routing Domain (MRD) and enables you to get information about users and manage user state. -Team: Represents a team of Users and enables you to get team details and lists of team messages. -SystemInfo: Represents current state of the system and enables you to retrieve System Details such as XMPP Server, PubSub Domains, Node IP Addresses, Status, and Deployment Type. -ClientLogs: Enables you to send client-side logging to the Finesse Server.
There are a couple of ways to gain access to the Intersight API:
-Web browser as an Intersight API REST Client -API keys for remote or service access The site at intersight.com also hosts a REST Client that allows direct interaction with the API. The REST Client on the site also supports the full query language of the API and details on the supported Query Parameters can be viewed in the Parameters pages.
To create Intersight API keys
-You require product licensing Click the Settings icon. Click API Keys in the left-hand navigation pane. Click Generate API Key. Enter a Description for the key. Click Generate. Click the Save Secret Key to text file icon.A "SecretKey.txt" file is downloaded to your default downloads location.
Cisco UCS Directo Rest API calls
-from any programming language or tool that support HTTP requests. e.g. ==PowerShell ==Python ==Postman ==cURL CloupiaScript is used directly or imported into built-in and custom tasks. Tasks can also call PowerShell Cmdlets through the PowerShell agent. Built-in tasks and custom tasks are used to build workflows and workflows can be invoked from the UCS Director REST API, making UCS Director almost completely automatable.
pyATS has several key features
-pyATS framework and libraries can be leveraged within any Python code. -It is modular, and includes components such as: ==AEtest executes the test scripts. ==Easypy is the runtime engine that enables parallel execution of multiple scripts, collects logs in one place, and provides a central point from which to inject changes to the topology under test. -A CLI enables to enable rapid interrogation of live networks, extraction of facts, and helps automate running of test scripts and other forensics. this enables very rapid 'no-code' debugging and correction of issues in network topologies created and maintained using these tools. -pyATS can consume, parse, and implement topologies described in JSON, as YANG models, and from other sources — even such primitive sources as Excel spreadsheets.
Puppet's core architecture
1. A designated server to host main application components: ==The Puppet Server (historically called "Puppet Master"). ==Facter, the fact-gathering service. ==PuppetDB, which can store facts, node catalogs, and recent configuration event history. 2. A secure client, also known as a Puppet Agent, installed and configured on target machines. Clients and server are mutually authenticated with self-signed certificates, and SSL is used for transport. The agents gather facts (under control of the Facter service) and make configuration changes as directed by the Puppet Server. 3. For cloud APIs and hardware that can't run an agent, Puppet has modules available to enable these connections. 4. In scaled-out implementations where many non-agent-capable devices are under management, Puppet enables a proxy agent to offload the work of directly connecting to device CLIs and exchanging information.
Many takes on the Agile method
1. Agile Scrum - focuses on small, self-organizing teams that meet daily for short periods and work in iterative sprints, constantly adapting deliverables to meet changing requirements 2. Lean - emphasizes elimination of wasted effort in planning and execution, and reduction of programmer cognitive load 3. Extreme Programming (XP) - is more prescriptive about software engineering best-practices, and more deliberately addresses the specific kinds of quality-of-life issues. It articulates twelve core practices for improving productivity, including how to develop coding standards, when to apply refactoring, methods such as Pair Programming, and end-to-end process automation disciplines like Continuous Integration 4. Feature-Driven Development (FDD) - prescribes that software development should proceed in terms of an overall model, broken out, planned, designed, and built feature-by-feature
OAuth mapping from practical name, development-focused terminology to OAuth terminology and description
1. Application-Client-The client is the application accessing a resource on behalf of a user. 2. Web server apps-Confidential client-An application running on the server side and capable of safely storing an application secret. 3. Single-page apps/browser-based apps/mobile apps-Public client-An application entirely running on the client-side or on a device that cannot safely store an application secret. 4. API-Resource server-The API is the means to access the resources belonging to the user (e.g. a bank account). 5. OAuth Server-Authorization server- The OAuth server is in charge of processing the OAuth token mgmt requests (authorize access, issue tokens, revoke tokens). 6. User-Resource owner -The person granting access to the resource the application is trying to access. 7. Access token-Bearer token-The access token authorizes the application to access the API.
Parsing XML, JSON, or YAML oft-encountered pattern
1. Authenticate, usually by POSTing a user/password combination and retrieving an expiring token for use in authenticating subsequent requests. 2. Execute a GET request to a given endpoint (authenticating as required) to retrieve the state of a resource, requesting XML, JSON, or YAML as the output format. 3. Modify the returned XML, JSON, or YAML. 4. Execute a POST (or PUT) to the same endpoint (again, authenticating as required) to change the state of the resource, again requesting XML, JSON, or YAML as the output format and interpreting it as needed to determine if the operation was successful.
use cases of API
1. Automation tasks: Build a script that performs your manual tasks automatically and programmatically. 2. Data integration: An application can consume or react to data provided by another application. 3. Functionality: An application can integrate another application's functionality into its product.
Benefits of automation tools over ad-hoc automation tools
1. Automation tools "wrap" operating system utilities and API functions to simplify and standardize access. 2. Often they also establish intelligent defaults that speed code drafting and testing and make tool-centric code less verbose and easier to understand than scripts. 3. You can still access deeper underlying functionality with built-in shell access that enables you to issue "raw" shell commands, inject shell and other scripts into remote systems to enable delicate configuration and reuse legacy configuration code, and add functionality to the tool itself by composing modules and plugins in languages like Python or Ruby. 4. Automation tool modules enable best practices that make code safer and idempotency easier to achieve.
Common types of authentication mechanisms
1. Basic Authentication 2. Bearer Authentication 3. API Key
other reasons developers want to write clean code
1. Clean code is easier to understand, more compact, and better-organized, which tends to result in code that works correctly (fewer bugs) and performs as required. 2. Clean code, being modular, tends to be easier to test using automated methods such as unit testing frameworks. 3. Clean code, being standardized, is easier to scan and check using automated tools such as linters, or command-line tools like grep, awk, and sed. 4. It just looks nicer.
standard best-practices for determining whether a piece of code should be encapsulated in a method or function
1. Code that performs a discrete task, even if it happens only once, may be a candidate for encapsulation. 2. Task code that is used more than once should probably be encapsulated.
benefits of version control
1. Collaboration capabilities: Multiple people can work on a project (a set of files) at the same time without overriding each other's changes. 2. Accountability and visibility: Know who made what changes, when they made it and (hopefully) why. 3. Isolation for a work environment: Build new features independently without affecting the existing software. 4. Safety with backup and restore: Files can be reverted when a mistake is made. 5. Work anywhere: Files are stored in a repository, so any device can have a working copy.
Workflow of the ACI Cobra SDK Objects
1. Create Session ==session=LoginSession(apic,username,password) ==moDir=MoDirectory(session) 2. Login ==moDir.login() 3a. Build Configuration Object ==uniMo=moDir.lookupByDn('uni') ==new_mo=Tenant(uniMo, name='PEPSI') 3b. Get Object ==tenant=moDir.lookupByDn('uni/tn-PEPSI') 4. Create Config Request ==tenantCfg=ConfigRequest() ==tenantCfg.addMo(new_mo) 5. Commit Config Request ==moDir.commit(tenantCfg)
git clone command actually does what?
1. Creates the working directory on the local filesystem with the name of the repository or the specified name, if provided. 2. Creates a .git directory inside the newly created folder. 3. Copies the metadata of the repository to the newly created .git directory. 4. Creates the working copy of the latest version of the project files. 5. Duplicates the branch structure of the cloned, remote repository and enables tracking of changes made to each branch, locally and remotely — this includes creating and checking out a local active branch, "forked" from the cloned repository's current active branch.
Original design patterns categories
1. Creational - Patterns used to guide, simplify, and abstract software object creation at scale. 2. Structural - Patterns describing reliable ways of using objects and classes for different kinds of software projects. 3. Behavioral - Patterns detailing how objects can communicate and work together to meet familiar challenges in software engineering.
Agile twelve principles
1. Customer focus 2. Embrace change and adapt 3. Frequent delivery of working software 4. Collaboration 5. Motivated teams 6. Face-to-face conversations 7. Working software 8. Work at a sustainable pace 9. Agile environment 10. Simplicity 11. Self-organizing teams 12. Continuous Improvement:
DevNet Automation Exchange: Fly
1. Deploy applications, network configurations, and more through CICD 2. Monitor and proactively manage users and devices plus gain insight with telemetry data.
Data Formats
1. Easily use off-the-shelf software components and/or built-in language tools to convert messages into forms that are easy for us to manipulate and extract data from, such as data structures native to the programming language(s) we're using. We can also easily convert them into other standard formats that we may need for various purposes. 2. Easily write code to compose messages that remote entities can consume. 3. Read and interpret received messages ourselves to confirm that our software is handling them correctly, and easily compose test messages by hand to send to remote entities. 4. More easily detect "malformed" messages caused by transmission or other errors fouling up communication.
Cisco UCS Manager is an advancement in server management and deployment for several reasons:
1. Embedded Management 2. Unified Fabric 3. Converged Management
Cisco UCS Director REST API
1. Enable it on the user access profile dashboard. 2. Pass the access key as an HTTP header in the following format: X-Cloupia-Request-Key: <key>
DevNet Automation Exchange: Run
1. Enable users to provision their own network updates. 2. Automate on-boarding workflows. 3. Manage day-to-day network configurations. 4. Activate policies and provide self-service across multiple domains.
What a Firewall should do with regards to software developments
1. Firewalls should keep any outside access to the untested application from happening 2. Firewalls need to be configured in such a way that the application can be appropriately tested. For example, if the application needs to access a development version of a database firewall rules will need to allow that. 3. The environment should be as close a replica of production as possible in order to catch any firewall-related configuration issues as quickly as possible.
DevNet Automation Exchange: Walk
1. Gather read-only data so as to minimize risk of causing a breaking change in your network environment. 2. Using GET requests 3. Use a read scenario to audit configurations and do the next natural step which is to put the configuration back into compliance.
Values of the Agile method
1. Individuals and interactions over processes and tools 2. Working software over comprehensive documentation 3. Customer collaboration over contract negotiation 4. Responding to change over following a plan
OWASP Top 10
1. Injection 2. Broken Authentication 3. Sensitive Data Exposure 4. XML External Entities (XXE) 5. Broken Access Control 6. Security Misconfiguration 7. Cross-Site Scripting (XSS) 8. Insecure Deserialization 9. Using Components with Known Vulnerabilities 10. Insufficient Logging & Monitoring
SDLC Design Phase-3 (LLD)
1. It describes in much greater detail the architecture of individual components, 2. protocols used to communicate among them, 3. enumerates required classes and other aspects of the design in a fine-grained way
What are the advantages of the significant whitespaces in python?
1. It meets the requirement of a readable code. 2. No clutter. 3. Human and computer can't get out of sync.
Common algorithms for rate limiting
1. Leaky bucket 2. Token bucket 3. Fixed window counter 4. Sliding window counter
Meraki Camera API categories
1. MV Sense: This includes REST and MQTT API endpoints, which provide historical and real-time people detection data and light readings. 2. Live Link API: A REST API which returns a Dashboard link for a specified camera. If the link includes a timestamp, it provides data from that time. 3. Snapshot API: A REST API that generates a snapshot of the specified camera's field of view at a specific time and returns a link to that image.
NSO Southbound Interfaces
1. NETCONF 2. SNMP 3. CLI 4. IOS, IOS-XR 5. Other/generic
Advantages of APIs
1. Open the doors to building automated scripts 2. Provide integrations between applications.
Password cracking methods
1. Password guessing. Prevent with Account Lockout. 2. Dictionary attack. Prevent with passphrase. 3. Pre-computed dictionary attacks or rainbow table attacks. Prevent with salting. 4. Social engineering
Load-balancers in software development
1. Persistent sessions 2. Round robin 3. Least connections 4. IP Hash 5. Blue-green deployment 6. Canary development
Significant Whitespaces Rules
1. Prefer four spaces. 2. Never mix spaces and tabs. 3. Be consistent on consecutive lines. 4. Only deviate to improve readability
SDLC Maintenance Phase
1. Provides support for customers 2. Fixes bugs found in production 3. Works on software improvements 4. Gathers new requests from the customer
A REST API request can provide an API key in a few different ways:
1. Query string: only recommended for public API keys == GET http://localhost:8080/v1/books?API_KEY=YOUR_KEY_HERE 2. Header: uses the authorization key or a custom key == Authorization: <API Key> or Authorization: APIkey <API Key> or APIkey: <API Key> 3. Body data: uses a unique key as the identifier Content-Type: application/json { API_KEY: <API Key> } 4. Cookie: uses a unique key as the identifier == Cookie: API_KEY=<API Key>
how to read a stack trace
1. Read the Last Line First: This is "what went wrong." Often the error messages are clear and helpful, sometimes they aren't. Either way they should provide some hint as to what is going on. 2. Then review the call stack from Top to Bottom: This will show you where the error has occurred; starting with the top-level statement in the current script being executed through all of the nested function calls in the call stack down to where the error occurred. The details provided help you locate the calls and statements involved in the issue: - They tell where each statement is found (file and line number). - They display the statement for your reference.
SQL Injection causes
1. SQL injection attacks allow attackers to spoof identity, 2. tamper with existing data, 3. cause repudiation issues such as voiding transactions or changing balances, 4. allow the complete disclosure of all data on the system, 5. destroy the data or make it otherwise unavailable, and become administrators of the database server.
Challenges of cloud paradigm
1. So you thought application coding was tricky 2. Great power, great responsibility 3. Cost as a metric
Software is built using a structure to provide what 3 things?
1. Sustainability 2. Manageability 3. Coherency
waterfall software development steps
1. System requirements 2. Software requirements 3. Analysis 4. Program design 5. Coding 6. Testing 7. Operations
SDLC Implementation Phase-1
1. Takes the LLD as input 2. Also called coding or development phase. 3. The longest phase of the life cycle. 4. Developers take the design documentation and develop the code according to the design.
git pull actually make these happen:
1. The local repository (.git directory) is updated with the latest commit, file history, and so on from the remote Git repository. (This is equivalent to the Git command git fetch.) 2. The working directory and branch is updated with the latest content from step 1. (This is equivalent to the Git command git merge.) 3. A single commit is created on the local branch with the changes from step 1. If there is a merge conflict, it will need to be resolved. 4. The working directory is updated with the latest content.
to implement the observer design pattern subscription mechanism
1. The subject must have the ability to store a list of all of its observers. 2. The subject must have methods to add and remove observers. 3. All observers must implement a callback to invoke when the publisher sends a notification, preferably using a standard interface to simplify matters for the publisher. This interface needs to declare the notification mechanism, and it needs to have parameters for the publisher to send the necessary data to the observer.
NSO Auto-generated CLI supports
1. Unified CLI across network, devices, and network services. 2. Command line history and command line editor. 3. Tab completion for content of the configuration database. 4. Monitoring and inspecting log files. 5. Inspecting the system configuration and system state. 6. Copying and comparing configuration between different parts of the CLI, such as between two interfaces or two devices. 7. Configuring common setting across a range of devices.
If you use JWTs to carry information useful only for backend services, what other approach can you take?
1. Use an opaque string or basic JWT between the client and the backend. 2. At the backend, validate the request and inject a new JWT with a payload containing the claims that are consumed downstream. 3. If you want to use the same token across the entire flow, encrypt the token payload. 4. Never use JWT to carry user's credentials, such as passwords.
SDLC Requirements and analysis-3
1. What features should the software have? 2. How many users will the software need to support? 3. What should the user experience generally be like on each platform the software needs to support, such as web, desktop application, mobile application? 4. With what other applications and resources will the software need to integrate? 5. How will the software need to scale?
SDLC Requirements and analysis-1
1. Who are the stakeholders? 2. What are their pressing challenges, both globally, and in terms of the software they want you to build? 3. How are they meeting those challenges now? What solution(s)/processes have already been tried? What solution(s)/processes does the new software need to displace/replace? 4. What are their organizational/cultural constraints? Technical expertise? Appetite for risk? Tolerance of change?
API Rate Limiting helps to
1. avoid a server overload from too many requests at once 2. provide better service and response time to all users 3. protect against a denial-of-service (DoS) attack
GIT 3 states
1. committed: the version of the file has been saved in the repository (.git directory) 2. modified: the file has changed but has not been added to the staging area or committed to the repository 3. staged: the modified file is ready to be committed to the repository
IPv6 advantages
1. provides more than enough globally unique IP addresses for every networked device on the planet. 2. add a much larger address space and improvements such as a simplified main header and extension headers. 3. provide services such as end-to-end security, quality of service (QoS) 4. The larger IPv6 address space allows networks to scale and provide global reachability. 5. The simplified IPv6 packet header format handles packets more efficiently. 6. IPv6 prefix aggregation, simplified network renumbering, and IPv6 site multihoming capabilities provide an IPv6 addressing hierarchy that allows for more efficient routing. 7. he flexibility of the IPv6 address space reduces the need for private addresses; therefore, IPv6 enables new application protocols that do not require special processing by border devices at the edge of networks.
NIST 800-63B Digital Identity Guidelines:
8-character minimum when a human sets it 6-character minimum when set by a system/service Support at least 64 characters maximum length All ASCII characters (including space) should be supported Truncation of the secret (password) shall not be performed when processed Check chosen password with known password dictionaries Allow at least 10 password attempts before lockout No complexity requirements No password expiration period No password hints No knowledge-based authentication such as, who was your best friend in high school? No SMS for two-factor authentication, instead use a one-time password from an app like Google Authenticator
Chef components
==Chef Workstation: A standalone operator workstation, which may be all that smaller operations need. ==Chef Infra Client (the host agent): Chef Infra Clients run on hosts and retrieve configuration templates and implement required changes. Cookbooks (and proxy Clients) enable control of hardware and resources that can't run a Chef Infra Client locally (such as network devices). ==Chef Infra Server: Replies to queries from Chef Infra Agents on validated hosts and responds with configuration updates, upon which the Agents then converge host configuration.
Components of Chef Workstation
==Command-line tools for authoring, testing, and maintaining "cookbooks" and applying them directly to hosts ==Interacting with Chef Infra Servers to bootstrap new nodes and set policy ==Test Kitchen, a testing harness (Test Kitchen) ==ChefSpec, which simulates the effects of code before implementing changes ==InSpec, a security/compliance auditing and testing framework
A service in NSO consists of the following:
A YANG service model: This defines the attributes of the service. For example, a Layer 2 VPN Network Service might be defined with virtual circuit ID, service identifiers, and interface names. NSO will use the YANG service model to render corresponding CLI and Web UI. Device configuration map: When the service is created, corresponding changes must be made to the devices. NSO supports ways to define this either with templates or with Java.
Pytest
A framework easily added to Python (from pip repositories: pip install pytest). PyTest can run unittest tests without modification, but also simplifies testing by letting coders build tests as simple functions rather than class methods. PyTest is used by certain important, more-specialized test suites, like PyATS from Cisco
link-local address
A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Used in NDP and stateless autoconfiguration process. Not sent to other links
Parameterized queries
A means of structuring SQL queries to limit escaping and thus prevent injection attacks. The use of prepared statements with variable binding.
NSO CDB provides
A model on how to handle configuration data in network devices, including an update mechanism upon subscription. An internal API for locating network element configurations. Automatic support for upgrade and downgrade of configuration data. The consumers of the database services include the CLI, the web UI, and the NETCONF sessions.CDB client applications need to be able to read configuration data from the database and react when configurations are updated.
pipenv
A newer way to keep up with dependencies and share them with collaborators
REPL
A read-execute-print loop repeats the process of obtaining one instruction, executing it, and printing the output.
Routers
A router is a networking device that functions at the internetwork layer of the TCP/IP model and has the role of forwarding packets between different networks or LANs. Routers use a routing table to route between networks. A router generally has two main functions: Path determination Packet routing or forwarding
Adding salt to password hashing
A salt is added to the hashing process to force their uniqueness, increase their complexity without increasing user requirements, and to mitigate password attacks like rainbow tables attacks, while slowing down dictionary and brute-force attacks.
Standup
A standup is a meeting that should last no longer than 15 minutes, and should take place at the same time every day. In fact, it's called a "standup" because ideally it should be short enough for the team to accomplish it without having to sit down.
ISE Administration node
Administration node: In this node you perform all administrative operations on Cisco ISE. It handles all system-related configurations such as authentication, authorization, and accounting.
Cisco UCS Object classes
All managed objects belong to a class indicating the type of UCS resource the object represents. For example, computeBlade is the class that all UCS blades belong to, and fabricVlan is the class for all VLAN objects.
DNA Center Client Health
All the health information on all clients is obtained from the Assurance information available in Cisco DNA Center. From this output we can see that there are 81 clients connected to this network, 1 wired client and 80 wireless clients. Their average health score is 28 out of 100. The client health status is computed based on information that is available through the Assurance component, such as client on-boarding time, RSSI information for wireless clients, DNS queries responsiveness, and so on.
Cisco UCS MIT
All the physical and logical components that comprise Cisco UCS are represented in a hierarchical management information model (MIM), also referred to as the MIT. The MIT is a tree structure with nodes. Each node in the tree represents a managed object (MO) or group of objects that contains the nodes' administrative state and its operational state.
Ansible Inventory files
Also called hostfiles. These organize your inventory of resources (e.g., servers) under management. This enables you to aim deployments at a sequence of environments: e.g., dev, test, staging, production.
API
An Application Programming Interface (API) defines the ways users, developers, and other applications can interact with an application's components. An API can use common web-based interactions or communication protocols, and it can also use its own proprietary standards
IPv4-compatible IPv6 address
An IPv4-compatible IPv6 address is an IPv6 unicast address that has zeros in the high-order 96 bits of the address and an IPv4 address in the low-order 32 bits of the address.
IPv6 multicast address
An IPv6 multicast address is an IPv6 address that has a prefix of FF00::/8 (1111 1111). An IPv6 multicast address is an identifier for a set of interfaces that typically belong to different nodes. A packet sent to a multicast address is delivered to all interfaces identified by the multicast address. The second octet following the prefix defines the lifetime and scope of the multicast address. A permanent multicast address has a lifetime parameter equal to 0; a temporary multicast address has a lifetime parameter equal to 1. A multicast address that has the scope of a node, link, site, or organization, or a global scope has a scope parameter of 1, 2, 5, 8, or E, respectively. For example, a multicast address with the prefix FF02::/16 is a permanent multicast address with a link scope.
AN NSO Service
An NSO service is a function provided by network devices. Creating, modifying,or deleting the service manipulates the actual configuration of the end devices. However, an NSO service does not actually include manual steps. Instead, service transactions performed complete logical operations meeting ACID (Atomic, Consistent DB, Isolated, and Durable) transaction properties.That is, the transaction must either complete as a unit, or not execute at all, and the database must be maintained in a consistent state.
Cisco Touch 10
An intuitive touchscreen device for interacting with Cisco conferencing systems. Supports the Cisco MX Series, SX Series, IX Series and Webex Room Series. Power over Ethernet. Wide language support. Touch 10 customization is enabled with in-room controls, control room devices, and Touch 10 peripherals, and enables integration with Control Systems.
Observability
An observable system enables users to infer the internal state of a complex system from its outputs. Observability (sometimes abbreviated as o11y) can be achieved through platform and application monitoring and through proactive production testing for failure modes and performance issues, but in a dynamic operation that includes autoscaling and other application behaviors, complexity increases and entities become ephemeral.
Cisco UCS Automation tools
An open API facilitates integration of Cisco UCS Manager with a wide variety of monitoring, analysis, configuration, deployment, and orchestration tools from other independent software vendors. The API also facilitates customer development through the Cisco UCS PowerTool for PowerShell and a Python SDK.
YAML file structure
As shown in the example, YAML files conventionally open with three dashes (--- alone on a line) and end with three dots (... likewise). YAML also accommodates the notion of multiple "documents" within a single physical file, in this case, separating each document with three dashes on its own line.
OWASP agrees with displaying sanitized content in the following locations:
As the content of an HTML tag As the value of an attribute As a variable within your Javascript
Benefits of asynchronous APIs
Asynchronous APIs enable the application to continue execution without being blocked for the amount of time it takes for the server to process the request. As a result, the application may have better performance because it can multi-task and make other requests soon after. Unnecessary or excessive use of asynchronous calls can have the opposite effect, however. Sometimes the client can establish a listener or callback mechanism to receive these notifications and process them when they are received. Also depending on the design of the application, your client may also need a queue to store the requests to maintain the order for processing. Other API designs need the client to have a polling mechanism to find out the status and progress of a given request.
NSO CDB
At the core of NSO is the Configuration Database (CDB), providing persistent datastore and which synchronizes with device and service configuration. It manages relationships between services and devices and can handle revisions of device interfaces. NSO addresses the mapping, working from a desired service configuration to the corresponding device configuration and through to a dedicated mapping layer.
DNA Center Intent API Domain, Purpose and Subdomains-1
Authentication User authentication and session token generation Authentication
DHCP allocates IP addresses in three ways:
Automatic allocation - the DHCP server assigns a permanent IP address to the client. Dynamic allocation - the DHCP assigns an IP address to a client for a limited period of time (lease time). Manual allocation - the network administrator assigns an IP address to a client and DHCP is used to relay the address to the client.
Halfwake
Branding and customization of the room device "Halfwake" screen lets you upload your own text and images to customize the appearance of the screen and/or the Touch10 control interface.
Cisco UCS Service Profile
By moving all the server configuration into a Service Profile, UCS Manager enables the administrators to define server identity, addresses, configuration, and settings without actually having a physical server. Cisco-designed hardware enables the overwriting or reassignment of identifiers and addresses, even ones that were "burned-in". In addition, UCS Manager provides address pools and policy definitions that can be consumed by Service Profiles. UCS Manager also provides templates for Service Profiles and templates for network and storage adapters.
Chef
Chef provides a complete system for treating infrastructure as code. Chef products are partly licensed, but free for personal use (in Chef Infra Server's case, for fewer than 25 managed nodes).
Chef resources
Chef resources tend to be more abstract than Ansible's or Puppet's, which helps address cross-platform concerns. For example, the package resource can determine the kind of Linux, MacOS, or Windows environment that it is running on and complete a required installation in a platform-specific way.
Cisco AMP API
Cisco Advanced Malware Protection (AMP) for Endpoints provides API access to automate security workflows and includes advanced sandboxing capabilities to inspect any file that looks like malware in a safe and isolated way. AMP works with Windows, Mac, Linux, Android, and iOS devices through public or private cloud deployments.
Cisco DNA Center Install and Upgrade Guides
Cisco DNA Center Second Generation Appliance Installation Guide Cisco DNA Center First Generation Appliance Installation Guide Cisco DNA Center Upgrade Guide
Cisco DNA Center User Guides
Cisco DNA Center User Guide Cisco DNA Assurance User Guide Cisco DNA ITSM Integration Guide Cisco DNA Center Platform User Guide
Cisco Instant Connect SDK
Cisco Instant Connect has an Android, Windows, and Apple iOS Software Development Kit, providing tools for partners to embed Push-To-Talk in mobile or desktop applications.
The products provide scalability by integrating many components of a data center and enabling users to manage them as a single unit through UCS Manager, UCS Central, and the Cisco Integrated Management Controller. The different management products directly relate to the number of servers being managed.
Cisco Integrated Management Controller (CIMC) can manage a single physical server. Cisco UCS Manager (UCSM) can manage up to one hundred and sixty physical servers. Cisco UCS Central (UCSC) can manage up to ten thousand physical servers.
Cisco Intersight
Cisco Intersight is a Software as a Service (SaaS) systems management platform capable of managing infrastructure at the edge and remote locations as well as in the data center. The Intersight API is consistently available with a cloud-based management model.
NX-OS architecture
Cisco Open NX-OS leverages the native Linux networking stack, instead of a custom-built userspace stack (NetStack) that was used in prior versions of NX-OS.Virtual Routing and Forwarding actions (VRFs) are implemented using Linux network namespaces. Network namespaces provide the same isolation capabilities as VRFs. Nexus switch interfaces, including physical, port-channel, vPC, VLAN, and other logical interfaces, are mapped to the kernel as standard Linux netdevs. The REST API service is provided using an NGINX web server.
Cisco UCS Director Workflows
Cisco UCS Director enables you to build workflows that provide automation services and to publish the workflows and extend their services to your users on demand. You can build Cisco UCS Director workflows to automate simple or complex provisioning and configuration processes.
Cisco UCS Director Model-based orchestration
Cisco UCS Director includes a task library that contains over 1000 tasks and out-of-the-box workflows. Model-based orchestration and a workflow designer enable you to customize and automate the infrastructure administrative and operational tasks. You can extend and customize the system to meet individual needs.
Cisco UCS Director Custom tasks and CloupiaScript
Cisco UCS Director provides automated, profile-based provisioning, management, and reporting of infrastructure resources. Cisco UCS Director incorporates a powerful orchestration engine that enables complex operations on any element of your converged infrastructure, both physical and virtual. These operations are embodied in workflows, which are scripted sequences of individual tasks.
Cisco UCS Director
Cisco Unified Computing System (UCS) Director is a complete, highly secure, end-to-end management, orchestration, and automation solution for a wide array of Cisco and non-Cisco data center infrastructure components, and for converged infrastructure solutions based on the UCS and Cisco Nexus platforms.
Cisco Webex Teams
Cisco Webex Teams is an online collaboration solution to connect people and teams through chat, voice, and video. With the Webex Teams app, you gain access to secure virtual work spaces. You also use messaging and file sharing with third-party app integrations.
Ansible modules for ACI (and MSO)
Cisco and the wider community have collaborated on a broad suite of open source modules for Ansible, enabling configuration and management of ACI fabrics as code, alongside other Ansible-managed inventory. Modules have also been created to address multi-site and hybrid cloud resources via the Multi-Site Orchestrator (MSO) APIs. The ACI/MSO modules permit the simple creation of playbook elements to perform inquiry, administration, and management tasks upon an ACI fabric.
YANG-CLI
Cisco has provided tools such as YANG-CLI, which validates and consumes XML relevant to data modeling and related tasks
Tools used with ACI
Cisco provides several open source tools or frameworks such as the -ACI toolkit, -Cobra (Python), -ACIrb (Ruby), -Puppet, and -Ansible to automate and program the APIC. On top of -REST API are also -both a CLI and a GUI for day-to-day administration.
REST six constraints
Client-Server Stateless Cache Uniform Interface Layered System Code-On-Demand (optional)
NTP association modes
Client/Server - polling Symmetric Active/Passive - push-pull Broadcast and/or multicast mode
Software-defined infrastructure: a case for automation
Cloud computing also enables more abstract platforms and services, such as Database-as-a-Service (DaaS), Platform-as-a-Service (PaaS), serverless computing, container orchestration, and more. Private clouds let businesses use expensive on-premises hardware much more efficiently. Public and hosted private clouds let them rent capacity at need, letting them move and grow (or shrink) faster, simplifying planning and avoiding fixed capital investment.
There are four major statements in a YANG module:
Container: A grouping of other statements (has no "Value"). List: Multiple records containing at least one Leaf "Key" and an arbitrary hierarchy of other statements Leaf: Single key/value pair. Leaf-list: Multiple key/values pair of the same type.
Continuous Delivery vs Continuous Deployment
Continuous delivery ensure you have a version to deploy. Continuous deployment means you deploy constantly.
vSmart Controller
Controls the flow of data traffic by working with the vBond orchestrator to authenticate SD-WAN devices as they join the network. It also orchestrates connectivity among the vEdge routers.
Cross-site Scripting
Cross site scripting attacks happen when user-submitted content that hasn't been sanitized is displayed to other users. The most obvious version of this exploit is where one user submits a comment that includes a script that performs a malicious action, and anyone who views the comments page has that script executed on their machine
NETCONF operations and RESTCONF methods mapping
Description- NETCONF. RESTCONF Create a data resource<edit-config>, </edit-config> POST Retrieve data and metadata<get-config>, <get> , </get-config> GET Create or replace a data resource<edit-config> (nc:operation="create/replace") PUT Delete a data resource<edit-config> (nc:operation="delete") DELETE
DHCP packets
DHCPDISCOVER - server discovery DHCPOFFER - IP lease offer == can contain IP address lease time, renewal time and DNS IP address DHCPREQUEST - IP lease request DHCPACK - IP lease acknowledgment
Cisco DNA GUI - Policy
Define and manage user and device profiles to facilitate highly secure access and network segmentation.
Cisco DNA GUI - Design
Design your network using intuitive workflows, starting with locations where your network devices will be deployed.Existing network designs created in Cisco Prime Infrastructure or Application Policy Infrastructure can be imported into Cisco DNA Center.
Unit Testing
Detailed functional testing of small pieces of code (lines, blocks, functions, classes, and other components in isolation. Modern developers usually automate this kind of testing using unit test frameworks, software that lets you make assertions about testable conditions
Open YANG Models:
Developed by vendors and standards bodies, such as IETF, ITU, OpenConfig, and so on. They are designed to be independent of the underlying platform and normalize the per-vendor configuration of network devices.
Native Models:
Developed by vendors, such as Cisco. They relate and are designed to integrate to features or configuration only relevant to that platform.
Amplify learning with short sprint in lean method
Developers learn faster Customers can give feedback sooner Features can be adjusted so that they brings customers more value
Network automation is used for various common tasks in an organization:
Device Provisioning Device Software Management Compliance Checks Reporting Troubleshooting Data Collection and Telemetry
At the device level, the load balancer provides high network availability by supporting:
Device redundancy Scalability Security
Ansible roles folders and files
Each role folder tree aggregates resources that collectively enable a phase of detailed configuration. A role folder contains a /tasks folder with a main.yml tasks file. It also contains a folder of asynchronous handler task files.
A YANG module contains a sequence of statements.
Each statement starts with a keyword, followed by zero or one argument, followed either by a semicolon (";") or a block of sub-statements enclosed within braces ("{ }").
docker build or docker pull
Either create a new image using docker build or pull a copy of an existing image from a registry using docker pull.
Seven principles of Lean
Eliminate waste Amplify learning Decide as late as possible Deliver as fast as possible Empower the team Build integrity in Optimize the whole
deliver as fast as possible in lean method
Enables customers to provide feedback Enables developers to amplify learning Gives customers the features they need now Doesn't allow customers to change their mind Makes everyone make decisions faster Produces less waste
OOP Encapsulation
Encapsulating functionality together with data storage in a single structure also accomplishes one aspect of data abstraction
Protecting data at rest
Encryption - one-way or two-way encryption
Advantages of automation
Enterprises compete and control costs by operating quickly and being able to scale their operations. - Speed and agility enable the business to explore, experiment with, and exploit opportunities ahead of competition. - Scaling operations enables the business to capture market share efficiently and scaling capacity to match demand.
Entity Header
Entity headers are additional information that describes the content of the body of the message. e.g. Key-Example Value-Description Content-Type-application/json-specify the format of the data in the body
A SOAP message is just an XML document that can contain four elements:
Envelope Header Body Fault
Finesse
Finesse is Cisco's browser-based contact center agent and supervisor desktop. Finesse has REST APIs and JavaScript APIs that can be used to build fully custom agent desktops, integrate contact center functionality into applications, and integrate applications into the Finesse agent and supervisor desktop. This integration can be accomplished in the form of OpenSocial gadgets.
Firepower management tools run on VMware vSphere or Amazon Web Services (AWS) and include:
Firepower Management Center (FMC) is multi-device manager for large Enterprise deployments with the need for deep correlation and analytics capabilities. Firepower Device Manager (FDM) is a "single" device manager for small and medium customers with small number of devices with simple dashboards and easy to use configuration wizards. It contains the FDM and Next Generation Firewall APIs.
URI Path
For a REST API, the path is usually known as the resource path, and represents the location of the resource, the data or object, to be manipulated on the server. The path is preceded by a slash ( / ) and can consists of multiple segments that are separated by a slash ( / )
409 - The request could not be completed due to a conflict with the current state of the target resource.
For example, an edit conflict where a resource is being edited by multiple users would cause a 409 error. Retrying the request later might succeed, as long as the conflict is resolved by the server.
FMC REST API Authentication
For the Firepower Management Center API, you use an access token to authenticate to the REST API. The token lasts for 30 minutes before the client must refresh it. To make the call, you use the header X-auth-access-token:<authentication token value>. To refresh the token, request another token from the API and then send both the token value X-header and X-auth-refresh-token:<refresh token value> with the next call.
FTD REST API Authentication
For the Firepower Threat Defense REST API, OAuth 2.0 workflows authenticate calls from API clients. OAuth is an access token-based method. The token goes in the Authorization: Bearer header of requests. Tokens can also be revoked using the API.
class method
Functions defined within a class
This sample UCM UDS API XML request returns a list of your user's settings and preferences:
GET https://{host}:8443/cucm-uds/user/{userId} Accept: application/xml
Difference between GIT and other version control systems
Git stores data as snapshots instead of differences (the delta between the current file and the previous version). If the file does not change, git uses a reference link to the last snapshot in the system instead of taking a new and identical snapshot.
Components of REST API responses
HTTP Status Header Body
At the network service level, a load balancer provides advanced services by supporting:
High services availability — High-performance server load balancing, which allows to distribute client requests among physical servers and server farms, and provide health monitoring at the server and server farm levels through implicit and explicit health probes. Scalability — Virtualization, which allows the use of advanced load-balancing algorithms (predictors) to distribute client requests among the virtual devices configured in the load balancer. Each virtual device includes multiple virtual servers. Each server forwards client requests to one of the server farms. Each server farm can contain multiple physical servers. Services-level security — Allows to establish and maintain a Secure Sockets Layer (SSL) session between the load balancer and its peer, which provides secure data transactions between clients and servers.
IPv6 nodes (hosts and routers) are required to join (receive packets destined for) the following multicast groups:
IPv6 nodes (hosts and routers) are required to join (receive packets destined for) the following multicast groups: All-nodes multicast group FF02:0:0:0:0:0:0:1 (scope is link-local) Solicited-node multicast group FF02:0:0:0:0:1:FF00:0000/104 for each of its assigned unicast and anycast addresses IPv6 routers must also join the all-routers multicast group FF02:0:0:0:0:0:0:2 (scope is link-local). The solicited-node multicast address is a multicast group that corresponds to an IPv6 unicast or anycast address. IPv6 nodes must join the associated solicited-node multicast group for every unicast and anycast address to which it is assigned. The IPv6 solicited-node multicast address has the prefix FF02:0:0:0:0:1:FF00:0000/104 concatenated with the 24 low-order bits of a corresponding IPv6 unicast or anycast address
ISE and ISE API
ISE provides a rule-based engine for enabling policy-based network access to users and devices. It enables you to enforce compliance and streamline user network access operations. With the ISE APIs, you can automate threat containment when a threat is detected. It integrates with existing identity deployments.
REST Uniform Interface constraint, The interface between the client and the server must adhere to these four principles:
Identification of resources Manipulation of resources through representations Self-descriptive messages. Examples of information can be: == The protocol type == The data format of the message == The requested operation Hypermedia as the engine of application state
403 - Forbidden
In this case, the server recognizes the authentication credentials, but the client is not authorized to perform the request. Some APIs, such as Cisco DNA Center, have Role Based Access Control, and require a super-admin role to execute certain APIs. Again, the API reference guide may provide additional information.
FirePower takes the following action for traffic control
Inspect, log, and take action on network traffic. Use security intelligence data to filter traffic. You can create lists of blocked and allowed IP addresses or address blocks, domain names, or URLs. Control which websites are available to users on your network. Block or filter certain files based on lists containing data about the files. Rate limit network traffic based on access control. Create protective measures to redirect traffic to a "sinkhole server", where the firewall can fake a DNS query response for a known malicious domain. For example, when a user tries to access a known bad site, the sinkhole configuration resolves to an IP address that you define and you can display information to the end-user trying to access the bad domain.
Common principles of clean code
Is the formatting of the code neat, and does it follow generally-accepted formatting practices for the computer language(s) involved, and/or meet specific requirements of the institutional, project, and/or team "stylebook?"Does it stick with ALL tabs or ALL spaces?Does it use the same number of tabs or spaces per indentation level, throughout the file? (Some languages, such as Python, make this a requirement.)Does it have the indentation in the right places?Does it use consistent formatting for syntax, such as the location of curly braces ({})? Are variable, object, and other names used in the code intuitive? Is the code organized in a way that it makes sense? For example, are declarations grouped, with functions up top, mainline code at the bottom, or otherwise, depending on language and context? Is the code internally documented with appropriate comments? Does each line of code serve a purpose? Have you removed all unused code? Is the code written so that common code can be reused, and so that all code can be easily unit-tested?
flow in OAuth
Is the process of obtaining the token. The token is used as a Bearer Authentication
Characteristics of Unique local address
It has a globally unique prefix (that is, it has a high probability of uniqueness). It has a well-known prefix to allow for easy filtering at site boundaries. It allows sites to be combined or privately interconnected without creating any address conflicts or requiring renumbering of interfaces that use these prefixes. It is ISP-independent and can be used for communications inside of a site without having any permanent or intermittent internet connectivity. If it is accidentally leaked outside of a site via routing or DNS, there is no conflict with any other addresses. Applications may treat unique local addresses like global scoped addresses. Starts with FC00::/7
JSON
JSON, or JavaScript Object Notation, is a data format derived from the way complex object literals are written in JavaScript (which is in turn, similar to how object literals are written in Python).
Continuous delivery around Ansible deployment can be performed with any general-purpose CI/CD automation tool such as
Jenkins or Spinnaker.
automated testing tools
Jenkins, CircleCI, or TravisCI
tuple data type
Just like a list; except: it's immutable (cannot be changed)
If you want to download the WSDL to produce a 'native' library, download it from Unified CM:
Log into Unified CM as an administrator. Select Application -> Plugins from the menu. Click the Find button. The first entry in the list is the Cisco AXL toolkit. Download the file axlsqltoolkit.zip and unzip it in a working directory. This kit contains AXL schema for a WSDL and XSD files for a variety of Unified CM versions, so you have a nice collection to pick from for your particular version of Unified CM.
Two sublayers of data link layer
Logical Link Control (LLC) and Media Access Control (MAC)
3 functional planes of a network
Management Plane: The management plane manages traffic that is sent to the network device and is made up of applications and protocols such as Secure Shell (SSH) and Simple Network Management Protocol (SNMP). Control Plane: The control plane of a network device processes the traffic that is paramount to maintain the functionality of the network infrastructure. The control plane consists of applications and protocols between network devices, which includes the Border Gateway Protocol (BGP), as well as the Interior Gateway Protocols (IGPs) such as the Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF). Data Plane: The data plane forwards data through a network device. The data plane does not include traffic that is sent to the local network device.
Webex Teams Messages API
Messages are how we communicate in a room. In Webex Teams, each message is displayed on its own line along with a timestamp and sender information. Use this API to list, create, and delete messages. Message can contain plain text, rich text, and a file attachment.
NSO 3 components
Model-driven programmable interface (YANG models) Configuration database Device and service abstraction layers
ISE Monitoring Node
Monitoring node: A Cisco ISE node with the Monitoring persona is the log collector. It stores log messages from all the Administration and Policy Service nodes in a network.
Idempotency critical components
More easily gather components in collections that build new kinds of infrastructure and perform new operations tasks. Execute whole build/deploy collections to safely repair small problems with infrastructure, perform incremental upgrades, modify configuration, or manage scaling.
Difference between SDK and APIs
Most SDKs are a package, integrated with libraries, documents, code examples, and so on. Most SDKs require installation. In comparison, an API is essentially a documented set of URIs. Developers require only a reference guide and a resource address to get started. An SDK can provide simpler authentication methods as well as enabling token refreshes as part of the package. SDKs often help with pagination or rate limiting constraints on responses for a particular API. Also, it can be easier to read examples in a programming language you are already familiar with, so code examples in an SDK can be helpful.
NX-OS API Capabilities
NX-OS fulfills several configuration use cases, such as interface configuration, VLAN configuration, VLAN management, and Open Shortest Path First (OSPF) configuration.
NX-OS YANG, NETCONF, and RESTCONF
NX-OS has a comprehensive set of both native and open YANG models, supporting Nexus switch management. The list of supported models includes native, OpenConfig, and Internet Engineering Task Force (IETF) models.Cisco NX-OS supports YANG models through the interfaces of NETCONF, RESTCONF on Open NX-OS, you must enable the features and install the desired OpenConfig models to the network switch.
NX-OS Container Support
NX-OS supports running Linux Containers (LXCs) directly on the platform. It provides access to a CentOS 7-based Guest Shell, which supports custom functionality directly on the device in a secure, isolated shell.
Docker is a format that wraps a number of different technologies to create what we know today as containers. These technologies are:
Namespaces, which isolate different parts of the running container. For example, the process itself is isolated in the pid (process ID) namespace, the filesystem is isolated in the mnt (mount) namespace, and networking is isolated in the net namespace. Control groups, or cgroups, are a standard linux concept that enables the system to limit the resources, such as RAM or storage, used by an application. Union File Systems, or UnionFS, are file systems that are built layer by layer, combining resources.
NSO
Network Services Orchestrator (NSO) enables operators to adopt the service configuration solution dynamically, according to changes in the offered service portfolio. It delivers the SDN vision by providing a logically centralized interface to the multi-vendor network.
three variables in the relationship between a client and a time server:
Network delay between the server and the client. Dispersion of time data exchanges — it represents a measure of the maximum clock error between the server and the client. Clock offset — The correction applied to a client's clock to synchronize it to the current time.
Network Simulation
Network simulation provides a means to test network configurations, debug configuration code, and to work with and learn Cisco infrastructure and APIs in a safe, convenient, and non-cost-prohibitive way.
ACI MO
Object instances are referred to as Managed Objects (MOs). Every MO in the system can be identified by a unique DN. With the MO and its DN, you can refer to any object globally. In addition to a DN, you can refer to each object by its RN. As you might imagine, the RN identifies an object relative to its parent object. Any given object's distinguished name is derived from its own relative name that is appended to its parent object's distinguished name.
Cisco UCS FSMs
Objects can be changed by an administrator or a process. Mutations or changes to the object are events. Mutations happen as the object is created, modified, and deleted, and may generate events and faults. The process of mutating is performed by one or more Finite State Machine processes (FSMs).
Using Components with Known Vulnerabilities
One of the advantages today's developers have is that most of the core functions you're trying to perform have probably already been written and included in an existing software package, and it's probably open source. However, many of the packages that are available also include publicly available exploits. The fix for this is obvious: ensure you are using only necessary features and secure packages, downloaded from official sources, and verified with a signature.
Cisco UCS Director is a 64-bit appliance that uses the following standard templates:
Open Virtualization Format (OVF) for VMware vSphere Virtual Hard Disk (VHD) for Microsoft Hyper-V
Routers have the following functions
Operate at the internetwork layer of TCP/IP protocol stack. Route packets between networks based on entries in the routing table. Have support for a large variety of network ports, including various LAN and WAN media ports which may be copper or fiber. The number of interfaces on routers is usually much smaller than switches but the variety of interfaces supported is much larger. IP addresses are configured on the interfaces.
DNA Center Intent API Domain, Purpose and Subdomains-5
Operational TasksCommand (CLI). Task, and Tag Management, Network Discovery and Path Trace <Task ManagementTag Management Command Runner, Network Discovery, Path Trace, File, Task, Tag
Cisco UCS Operations
Operations are performed using the HTTP post method over TCP. Cisco UCS supports both HTTP and HTTPS requests and HTTP and HTTPS can be configured to use different port numbers, but TCP/443 (or TCP/80 for non-secure connections) is used by default. The HTTP POST body contains the XML configuration.
RESTCONF vs NETCONF
Overall, NETCONF is more comprehensive, flexible, and complex than RESTCONF.RESTCONF is easier to learn and use for engineers with previous REST API experience. The following are differences between NETCONF and RESTCONF: NETCONF supports running and candidate data stores, while RESTCONF supports only a running datastore as any edits of candidate data store are immediately committed. RESTCONF does not support obtaining or releasing a data store lock. If a datastore has an active lock, the RESTCONF edit operation will fail. A RESTCONF edit is a transaction limited to a single RESTCONF call. RESTCONF does not support transactions across multiple devices. Validation is implicit in every RESTCONF editing operation, which either succeeds or fails.
REST API HTTP Methods
POST-Create-Create a new object or resource. GET-Read-Retrieve resource details from the system. PUT-Update-Replace/Update an existing resource. PATCH-Partial Update-Update some details from an existing resource. DELETE-Delete-Remove a resource from the system.
Parameters
Parameters can be of any data type and each parameter in a method or function can have a different data type. Arguments passed to the method or function must match the data type(s) expected by the method or function. They are inputs to the function
important fields of the a MAC layer
Preamble: This field consists of 7 bytes of alternating 1s and 0s that are used to synchronize the signals of the communicating computers. SFD (Start of frame delimiter): Is a 1 byte field that marks the end of the preamble and indicates the beginning of the Ethernet frame. DA: The destination address field is 6 bytes long and contains the address of the NIC on the local network to which the packet is being sent. SA: The source address field is 6 bytes long and contains the address of the NIC of the sending computer. Type: This field contains a code that identifies the network layer protocol. For example, if the network layer protocol is IPv4 then this field has a value of 0x0800 and for IPv6 it has a value of 0x086DD. Data and pad: This field contains the data that is received from the network layer on the transmitting computer. This data is then sent to the same protocol on the destination computer. If the data is shorter than the minimum length of 46 bytes, a string of extraneous bits is used to pad the field. FCS: The Frame Check Sequence field includes a checking mechanism to ensure that the packet of data has been transmitted without corruption.
Finesse Use Cases-6
Problem: A company is using the Finesse out of the box agent desktop but wants to add agent state workflows. Solution: The company can build a custom gadget for the agent state workflow. The custom gadget has the ability to receive all of the User notification. With that data, the gadget can trigger the workflow accordingly.
Finesse Use Cases-1
Problem: A company needs a contact center agent desktop that is custom to their agent's needs. The provided Finesse agent desktop is not sufficient. Solution: The company can build a 100% fully functioning agent desktop that is branded and contains every single feature that can be found in the out of the box Finesse agent desktop. They will need to use most of the User, Dialog, Team APIs in conjunction with the Finesse Notification Service.
3 packet-forwarding mechanisms supported by routers
Process switching: every packet that is routed requires a full lookup in the routing table. This mechanism is very slow and is not typically used in modern routers. Fast switching: with fast switching, a routing cache mechanism is implemented. The first packet whose destination is not found in the fast-switching cache is process switched, an entry is created in the cache and subsequent packets are then fast switched. Cisco Express Forwarding (CEF): instead of waiting for packets to build the cache, CEF builds the cache table entries based on changes in the network. When there is a change in the network topology and the routing table, the change is also reflected in the cache table. CEF is the fastest and the preferred forwarding mechanism on Cisco devices.
The NSO Device Manager supports the following overall capabilities:
Provision a new device by copy-and-edit: either from another configuration of another device or from a template configuration. Deploy configuration changes to multiple devices in a fail-safe way using distributed transactions. Validate the integrity of configurations before deploying to the network. Apply configuration changes to named device groups. Apply templates (with variables) to named device groups. Roll back changes, if needed. Audit configurations: Check if device configuration state is synchronized with the NSO CDB view. Synchronize the CDB and the configurations on devices. Connect devices to NSO using NEDs.
vEdge Routers
Provisioned at the perimeter of a site (such as remote offices, branches, campuses, data centers), and delivered as hardware, software, cloud or virtualized components, vEdge Routers secure virtual overlay network over a mix of WAN transports.
REST API HTTP Header
REST APIs use the standard HTTP header format to communicate additional information between the client and the server, but this additional information is optional. HTTP headers are formatted as name-value pairs that are separated by a colon ( : ), [name]:[value]. Some standard HTTP headers are defined, but the web service accepting the REST API request can define custom headers to accept.
Name Resolvers
Resolvers are programs that run on client hosts and interrogate name servers. Given the address of one nameserver, the resolver may obtain the information directly from that machine, or may pursue the query via referrals to other nameservers. Resolvers are typically implemented as system functions.
two types of REST API response header
Response Header Entity Header
Response pagination
Response pagination enables the data to be broken up into chunks. Most APIs that implement pagination will enable the requester to specify how many items they want in the response. Since there are multiple chunks, the API also has to allow the requester to specify which chunk it wants. There isn't a standard way for an API to implement pagination, but most implementations use the query parameter to specify which page to return in the response.
3xx - informational
Responses with a 3xx code mean that the client has an additional action to take in order for the request to be completed. Most of the time a different URL needs to be used. Depending on how the REST API was invoked, the user might be automatically redirected without any manual action.
CI/CD deployment strategies
Rolling upgrade: periodic rollout in such a way that they don't impact users. Canary pipeline: new version is rolled out to a subset of users and rolled back if a problem exist or rolled into production if all is well. Blue-green: a new environment is built for user to test and if all is well the new environment is made production.
SRE approach
Shared responsibility Embrace of risk Acknowledgment of failure as normal Commitment to use automation to reduce or eliminate "toil" Measurement of everything Qualifying success in terms of meeting quantitative service-level objectives
git diff <commit id> <file path>
Show changes between the version of the file in the working directory and a particular commit from the file history
Stateless packet-filtering by firewalls based on several packet header fields like
Source and/or destination IP address IP protocol ID Source and/or destination TCP or UDP Port number ICMP message type Fragmentation flags IP option settings
Several options are available with traceroute including
Specifying the TTL value of the first packet sent. By default this is 1. Specifying the maximum TTL value. By default, it will increase the TTL value up to 64 or until the destination is reached. Specifying the source address in case there are multiple interfaces on the host. Specifying Quality of Service (QoS) value in the IP header. Specifying the packet length.
Gating tests
Starting a version artifact created in the CI process, deploy the candidate version on staging and then running integration test, security test, performance test, scale test and/or other test. If all pass, you can tag the build as suitable for production.
Types of NAT include
Static address translation (static NAT)—One-to-one mapping between global and local IP addresses. Dynamic address translation (dynamic NAT)—Maps registered IP addresses from a pool to registered IP addresses. Overloading (also called Port Address Translation)—Maps many unregistered IP addresses to a single registered address (many to one) on different ports. Through overloading, thousands of users can be connected to the Internet by using only one real global IP address.
Threat Grid static and dynamic analysis
Static analysis provides identifying information about the file, file headers, and its contents. Dynamic analysis actually executes the malware in a safe, specialized virtual environment called a "glovebox". This enables you to interact with the malware without harming your production system, and helps you discover file modifications, process calls, network activity or connections.
YAML data types
String values in YAML are often left unquoted. Quotes are only required when strings contain characters that have meaning in YAML. For example, {, a brace followed by a space, indicates the beginning of a map. Backslashes and other special characters or strings also need to be considered. If you surround your text with double quotes, you can escape special characters in a string using backslash expressions, such as \n for newline.
benefits of synchronous APIs
Synchronous APIs enable the application to receive data immediately. If the API is designed correctly, the application will have better performance because everything happens quickly. However, if it is not designed correctly, the API request will be a bottleneck because the application has to wait for the response. The application making the API request must wait for the response before performing any additional code execution tasks.
Cisco DNA GUI - Assurance
Telemetry and notification for application performance and user connectivity events in real-time
IaC tools
Terraform and Saltstack
"{}".format()
The .format() method lets you insert named or unnamed placeholders {} in a string and then use the .format() method to insert values into those placeholders
"".join()
The .join() method lets you put a sequence of strings together using, joining them with a separator that you provide
"".split()
The .split() method lets you split a string into multiple strings using a separator that you provide as the delimiter
Cisco UCS Unified API
The Cisco UCS Unified API is called unified because the same API methodology is used for the CIMC, Cisco UCS Manager, and Cisco UCS Central.
Cisco UCS DN
The Distinguished Name (DN) enables you to unambiguously identify a target object. All UCS managed objects have a unique DN; no other object in the entire UCS management domain can have the same DN.
Umbrella Enforcement API decision points
The Enforcement API helps create and maintain custom blocked and allowed lists. It goes through several decision points that work to update those custom lists.
What makes Finesse JavaScript API unique
The Finesse JavaScript library is a layer built on top of the Finesse REST API and Finesse notification service communication. It abstracts the details of the request and notifications by wrapping them into JavaScript classes, methods, and callbacks. By doing so, developers using the Finesse JavaScript APIs do not need to deal with the BOSH connection setup and making the REST API requests directly. The Finesse JavaScript API contains almost all of the same APIs as the Finesse REST APIs.
Finesse Notification Services
The Finesse Notification Service is an instance of an OpenFire server that runs as a separate process on the platform. The notification service provides event notification from the Finesse server to any client that is subscribed to a particular resource. OpenFire uses the XMPP protocol as the data communication channel. Applications must communicate with the Finesse Notification service with XMPP or BOSH (Bi-directional streams Over Synchronous HTTP) for web applications.
Cisco Jabber Guest for iOS
The Jabber Guest SDK for iOS coordinates and simplifies the implementation, use, and quality of two-way video calls from within an application.
RESTCONF
The RESTCONF RFC 8040 defines a protocol and mechanism for REST-like access to configuration information and control.Similar to NETCONF, it uses the datastore models and command 'verbs' defined in the Network Configuration Protocol (NETCONF), encapsulated in HTTP messages.As with NETCONF, the YANG language is used to define the command structure syntax, as the semantics of the configuration datastore configuration, state, and events
UCM UDS Purpose
The UDS API is designed for end users to configure settings. For example, the API provides authenticated access to enable end users to update their personal settings for their own devices.
URI Authority
The authority, or destination, consists of two parts that are preceded with two forward slashes ( // ): - Host - The host is the hostname or IP address of the server that is providing the REST API (web service). - Port - he port is the communication endpoint, or the port number, that is associated to the host
Over-the-shoulder Code Review
The benefit of an over-the-shoulder code review is that there is direct interaction between the author of the code and the reviewer, which allows for discussion about what is the right fix. The downside of this type of code review is that it typically involves only one reviewer, so the comments can be one-sided.
NSO device and service abstraction layers
The data model for a service correlates service definitions with network operations. An embedded algorithm determines the minimum network changes required for a service, and then executes them.For device data models, NSO recognizes and can work across the physical devices in a data center, including firewalls and other OSI model layer 4 through layer 7 devices. It also works with virtual resources, including Virtual Machines (VMs) and container-based networking models. The Cisco Elastic Services Controller (ESC) is part of the core platform and provides these capabilities. In addition, NSO can automate the launch, configuration, monitoring, and license management of Virtual Network Functions (VNFs).
Fixed counter window
The fixed window counter algorithm is similar to the token bucket, except for two major differences: first, it uses a counter rather than a collection of tokens, and second, the counter cannot be accumulated.
Unified Contact Center Express (UCCX) is for small to medium businesses.
The hardware footprint is tiny compared to a Contact Center Enterprise system because most products are co-resident. When products are co-resident, it means that it utilizes one server/VM and therefore one installer. Since UCCX is for smaller businesses, there are not as many features as there are in a CCE deployment.
SOAP Header
The header is an optional element, but if present it must be the first child of the Envelope element. Just like most other headers, it contains application-specific information such as authorization, SOAP specific attributes, or any attributes defined by the application.
Transport layer in TCP/IP model
The protocols at this layer usually provide error control, segmentation, flow control and congestion control.
NSO Device Manager
The purpose of the Device Manager is to manage different devices using a YANG and NETCONF view. Whether the interface is SNMP or CLI, the Device Manager creates a transactional change sequence for the target devices. When the device supports YANG and NETCONF natively, the Device Manager process is automatic. Non-NETCONF devices are integrated into Device Manager using Network Element Drivers (NEDs).
URI Query
The query, which includes the query parameters, is optional. The query provides additional details for scope, for filtering, or to clarify a request.If the query is present, it is preceded with a question mark ( ? ). There isn't a specific syntax for query parameters, but it is typically defined as a set of key-value pairs that are separated by an ampersand ( & ). For example: http://example.com/update/person?id=person%40example.com
401 - Unauthorized
This error message means the server couldn't authenticate the request. Check your credentials, including username, password, API key, token, and so on. If there are no issues with those items, you may want to check the request URI again, as the server may reject access in the case of an improper request URI.
Injection
This item consists of all sorts of injection attacks. We talked earlier about SQL injection, but this is only the most common. All databases, such as LDAP databases, Hibernate databases, and so on, are potentially vulnerable. In fact, any action that relies on user input is vulnerable, including direct commands. You can mitigate these types of attacks by using parameterized APIs, escaping user input, and by using LIMIT clauses to limit exposure in the event of a breach.
Insecure Deserialization
This item describes issues that can occur if attackers can access, and potentially change, serialized versions of data and objects -- that is, text versions of objects that can be reconstituted into objects by the server. For example, if a users' information is passed around as a JSON object that includes their access privileges, they could conceivably give themselves admin privileges by changing the content of that object. Because objects can include executable code, this exploit can be particularly dangerous, even if it is not necessarily simple to exploit. To help prevent issues, don't accept serialized objects from untrusted sources, or if you must, ensure validation before deserializing the objects.
XML External Entities (XXE)
This item refers to attacks made possible by a feature of XML that enables users to incorporate external information using entities. You can solve this problem by disabling XML Entity and DTD processing, or by simply using another format, such as JSON, instead of XML.
Broken Access Control
This item refers to the need to ensure that you haven't built an application that enables users to circumvent existing authentication requirements. For example, attackers shouldn't be able to access admin functions just by browsing directly to them. In other words, don't rely on "security through obscurity". Make sure to protect all resources and functions that need to be protected on the server side, ensuring that all accesses really are authorized.
Broken Authentication
This item relates to multiple problems with user credentials, from stolen credentials database to default passwords shipped with a product. You can mitigate these attacks by avoiding default passwords, by requiring multi-factor authentication, and using techniques such as increasing waiting periods after failed logins.
Cisco ACI toolkit
This toolkit is a set of Python libraries you can use for basic configuration of a subset of the object model. This set exposes a small subset of the Cisco APIC object model, unlike the full functions of the Cobra SDK.
Formal Code Review
This type of code review is often called Fagan inspection and is common for projects that use the waterfall software development methodology. Requires a lot of meeting. A modern adaptation is to have single meeting to review only the code changes. This way, the code can benefit from the live discussion amongst reviewers. This is sometimes known as a walkthrough.
Cisco Threat Grid
Threat Grid is a malware analysis platform that combines static and dynamic malware analysis with threat intelligence from global sources. You can add a Threat Grid appliance to your network or use the Threat Grid service in the cloud. It can also be integrated into other security technologies such as Advanced Malware Protection (AMP).
the NTP client applies many sanity checks:
Timeouts to prevent trap transmissions if the monitoring program does not renew this information after a lengthy interval. Checks on authentication, range bounds, and to avoid use of very old data. Checks warn that the server's oscillator (local clock tick-source) has gone too long without update from a reference source. Recent additions to avoid instabilities when a reference source changes rapidly due to severe network congestion, including the peer.valid and sys.hold variables, plus other variables and bitfields (such as peer.config, peer.authenable, and peer.authentic) added for control of special features and simplified configuration. If any one of these checks fail, the device declares the source insane.
FMC and FTD API limits
To limit network load, the FMC API accepts a maximum of 120 messages per minute from an individual IP address. In addition to this rate limiting, there is payload limiting where the API cannot accept a payload larger than 20480 bytes. With the Firepower Threat Defense API, you can send a limit value as a parameter for your request to bring back a limited number of responses. By default, the API's upper limit value is 1000.
Umbrella Integration
To use Umbrella, you will add hardware devices for management by Umbrella security. There are also API integration points with threat protection and enforcement use cases. You can integrate Meraki MR and Umbrella for wireless protection use cases.
How to secure an application using OWASP
Tools: OWASP produces tools such as the OWASP Zed Attack Proxy (ZAP), which looks for vulnerabilities during development, OWASP Dependency Check, which looks for known vulnerabilities in your code, and OWASP DefectDojo, which streamlines the testing process. Code projects: OWASP produces the OWASP ModSecurity Core Rule Set (CRS), generic attack detection rules that can be used with web application firewalls, and OWASP CSRFGuard, which helps prevent Cross-Site Request Forgery (CSRF) attacks, which we'll discuss further later in this module. Documentation projects: OWASP is perhaps best known for its documentation projects, which include the OWASP Application Security Verification Standard, the OWASP Top Ten, which describes the 10 most common security issues in web applications, and the OWASP Cheat Sheet Series, which explains how to mitigate those issues.
FTD with FDM provides protective services as listed here
Track, backup, and protect CA Certificates. Manage, backup, encrypt, and protect private keys. Internet Key Exchange (IKE) key management, which helps with site-to-site IPsec VPN. Provide Access Control Lists to select traffic for services. You can configure two types of ACL:Extended: (IPv4 and IPv6) Identifies traffic based on source and destination address and ports. Supports IPv4 and IPv6 addresses, which you can mix in a given rule.Standard: (IPv4 only) Identifies traffic based on destination address only.
Cisco UCS query simple filters
True: Objects with the Boolean condition of true. False: Objects with the Boolean condition of false.
Cisco UCS Ansible
UCS Ansible is available for UCS Manager and the Cisco Integrated Management Controller. Similar to UCS Python SDK, UCS Ansible combines the UCS Manager authentication with the object mutation or object query. This makes a lot of sense because UCS Ansible modules are writen using the UCS Python SDK. UCS Ansible modules are called as tasks in an Ansible playbook. All the features and capabilities of the Ansible Domain Specific language are available to UCS Ansible Modules.
Cisco USC PowerTool
UCS PowerTool is a library of PowerShell Cmdlets that enable the management of UCS environments from Microsoft Operating Systems, via the UCS XML API. The UCS XML schema is used to generate more than 98% of the UCS PowerTool Library. Using the XML schema to generate the PowerTool, Cmdlets ensure that the Cmdlets are completely aware of objects, their containment, properties and the details associated with each property. UCS PowerTool is a library of PowerShell Cmdlets. PowerShell Desktop runs on Windows and PowerShell Core runs on Linux variants including macOS. UCS PowerTool and UCS PowerTool Core support those releases of PowerShell.
Cisco UCS Python SDK
UCS Python SDK is a set of Python modules, each containing one or more classes, developed specifically to automate UCS Manager via the UCS XML API. The UCS Python SDK is developed with PEP8 compliance and supports every Object in the UCS Object Model. The UCS XML schema is used to generate more than 98% of the UCS Python SDK. Using the XML schema to generate the UCS Python SDK ensures that the Python modules are completely aware of objects, their containment, properties, and the details associated with each property.
How UCM UDS works
UDS is a REST-based interface that sends and receives XML-formatted data. UDS implements the four common HTTP request methods: GET, POST, PUT, and DELETE.
UI Extensions earlier called Control Panel Editor or In-Room Control
UI Extensions enable you to add custom user interface elements to the Touch 10 display used to control room devices, as well as the on-screen control interface of the DX Series. These elements can trigger applications to control aspects of the device itself or affect in-room lighting, blinds, video switches, or other peripherals. UI Extensions can be bi-directionally integrated with additional external control systems (such as AMX/Crestron) with xAPI. To get a feeling for the possibilities offered by custom UI Extensions, Webex collaboration devices come with a built-in control simulator that can be run directly from a web browser.
Cisco Umbrella
Umbrella uses Domain Name Servers (DNS) to enforce security on the network. You configure your DNS to direct traffic to Umbrella, and Umbrella applies security settings on their global domain name list based on your organization's policies.
3 major types of network communication
Unicast Broadcast Multicast
What you can do with AXL
Unified CM Groups Call Park Directory Numbers (DNs) Call Pickup Groups Calling Search Spaces Computer Telephony Integration (CTI) Route Points Device Pools Device Profiles Dial Plan Tags Dial Plans Digit Discard Instructions Directory Numbers Gateways (Analog, T1, PRI) Locations Media Gateway Control Protocol (MGCP) Devices Phones Process Nodes Process Node Services Regions Route Filters Route Groups Route Lists Route Partitions Service Parameters Translation Patterns Users Voice Mail Ports
Cisco UCS
Unified Computing unifies network virtualization, storage virtualization, and server virtualization into one, within open industry standard technologies and with the network as the platform
There are two versions of Contact Center Enterprise (CCE):
Unified Contact Center Enterprise (UCCE) and Packaged Contact Center Enterprise (PCCE). The difference between the two is mainly hardware footprint, the ease of installation and the number of supported agents. The audience for a Contact Center Enterprise system is large businesses.
No comments in JSON
Unlike XML and YAML, (and even Javascript itself) JSON does not support any kind of standard method for including unparsed comments in code.
'private' class variables or internal methods
Unlike other OOP languages, in Python, there is no means of creating 'private' class variables or internal methods. However, by convention, methods and variables with a single preceding underscore (_) are considered private and not to be used or referenced outside of the class.
NETFCONF vs SNMP Capabilities
Use Case NETCONFSNMP Get collection of status fields YesYes Set collection of configuration fields YesYes Set configuration fields in transaction. YesNo Transactions across multiple network elementsYesNo Send event notifications YesYes Secure protocol YesYes Test configuration before final commit. YesNo
Webex Teams Android SDK
Use the Webex Teams Android SDK to customize your app and to access powerful Webex Teams collaboration features without making your users leave the mobile app.
UCM UDS
User Data Services (UDS) is a REST-based API that provides a mechanism for inserting, retrieving, updating and removing data from the Unified Communication configuration database. Developers can use the UDS API to create, read, update, and delete user resources, including devices, subscribed services, and speed dials.
MVC cyclical flow
User(user input)->Controller(manipulated data)->Model(updated data)->View(display data)->User
Centralized version control system
Uses a server-client model Only one person can work on a file at a time. This is done by checkout which locks the file and need to be checkin to save the changes to the master and tag a new version. Think Sharepoint
SNMP feature comparison to NETCONF
Uses pull model when retrieving data from device which does not scale up well for high-density platforms Does not have a discovery process for finding Management Information Base (MIBs) supported by a device Does not support the concept of transactions Lacks backup-and-restore of element configuration Limited industry support for configuration MIBs
VLAN parameters you can create in a management domain
VLAN number VLAN name VLAN type VLAN state (active or suspended) Maximum transmission unit (MTU) for the VLAN Security Association Identifier (SAID) VLAN number to use when translating from one VLAN type to another
variable local scope
Variables created inside of a function or class, are defined only within the "local scope" in which they have been created. They may only be accessed by statements executing within the local scope in which they were created. Function arguments are locally scoped variables.
Variable module scope
Variables created outside of any function or class, are defined at "module-scope" and can be accessed by every function and class created within that module.
repository
Version control systems store the master set of files and the history of changes in a repository, also known as a repo.
xAPI
Webex Devices can be customized through the API, known as the xAPI. This enables bi-directional communication with third-party applications and control systems. There are multiple ways to access xAPI: Telnet/SSH, HTTP, and RS-232 serial connection. Regardless of the method you choose, xAPI has the same general format, behaves similarly, and allows full device control, optimized for integrating with Control Systems. xAPI supports both XML and JSON and provides direct access via the Command Line. It also supports JavaScript Macros for on-device customization.
User stories
When a feature gets close to the top of the priority list, it gets broken down into smaller tasks. A user story is a simple statement of what a user (or a role) needs, and why. The suggested template for a user story is: As a <user|role>, I would like to <action>, so that <value|benefit>.
GIT master branch
When a repository is created, the code is automatically put on a branch called master.
Cisco Jabber Guest for Android
With the Jabber Guest Android SDK, you can enable your application to instantiate a two-way video call via the public Internet between the user's device and a video endpoint registered with a CUCM inside an enterprise firewall. The SDK handles all aspects of establishing and maintaining the two-way video call within your application.
GIT Branching enable users to:
Work on a feature independently while still benefitting from a distributed version control system Work on multiple features concurrently Experiment with code ideas Keep production, development, and feature code separately Keep the main line of code stable
UserList collection
Wrapper around list objects for easier list subclassing
UserString collection
Wrapper around string objects for easier string subclassing
XML attributes
XML lets you embed attributes within tags to convey additional information. 1. Attribute values must always be included in single or double quotes. 2. An element may have multiple attributes, but only one attribute with a specific name. 3. If an element has no content, we can use a shorthand notation in which we put the slash inside the open tag, rather than including a closing tag.
RPC is an API style that can be applied to different transport protocols. Example implementations include:
XML-RPC JSON-RPC NFS (Network File System) Simple Object Access Protocol (SOAP)
YAML indentation
YAML doesn't use brackets or containing tag pairs, but instead indicates its hierarchy using indentation
YAML maps and list
YAML easily represents more complex data types, such as maps containing multiple key/value pairs (equivalent to dictionaries in Python) and ordered lists. Lists (arrays) are represented in a similar way, but with optionally-indented members preceded by a single dash and space. Maps and lists can also be represented in a so-called "flow syntax," which looks very much like JavaScript or Python:
YAML
YAML, an acronym for "YAML Ain't Markup Language," is a superset of JSON designed for even easier human readability. It's becoming more common as a format for configuration files, and particularly for writing declarative automation templates for tools like Ansible.
YANG
YANG, an acronym for Yet Another Next Generation, as defined in RFC6020, is "a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications."
AMP API Authentication
You can either use an API client ID with an API key for authentication or use Basic HTTP authentication with a Base 64-encoded string that combines your API client ID with the API key.
NX-OS Telemetry
You can integrate different telemetry applications such as Ganglia, Splunk, or Nagios on the switch with NX-OS.
Long strings in YAML
You can represent long strings in YAML using a 'folding' syntax, where linebreaks are presumed to be replaced by spaces when the file is parsed/consumed, or in a non-folding syntax. Long strings cannot contain escaped special characters, but may (in theory) contain colons, though some software does not observe this rule.
Executing a script locally and remotely
You can store scripts locally, transmit them to target machines with a shell utility like scp, then log into the remote machine using ssh and execute them. You can pipe scripts to a remote machine using cat | ssh and execute them in sequence with other commands, capturing and returning results to your terminal, all in one command. You can install a general-purpose secure file-transfer client like SFTP, then use that utility to connect to the remote machine, transfer, set appropriate permissions, then execute your script file. You can store scripts on a webserver, log into the remote machine and retrieve them with wget, curl, or other utilities, or store the scripts in a Git repository — installing git on the remote machine, cloning the repo to it, checking out a branch, and executing the scripts found there. You can install a full remote-operations solution like VNC or NoMachine locally, install its server on the target (this usually requires also installing a graphical desktop environment), transmit/copy and then execute scripts. If your target devices are provisioned on a cloud framework (for example, UCS, AWS, Azure, GCP), there's usually a way to inject a configuration script via the same CLI command or WebUI action that manifests the platform.
AXL has some advanced features. One of the most useful is the Change Notification Feature.
You can use this SOAP request repeatedly to see what changes have been made to the system since the last time you ran the request. You can request to see changes about specific categories, like Phone or User, or just see all changes.
How Serverless Computing works
You create your application. You deploy your application as a container, so that it can run easily in any appropriate environment. You deploy that container to a serverless computing provider, such as AWS Lambda, Google Cloud functions, or even an internal Function as a Service infrastructure. This deployment includes a specification of how long the function should remain inactive before it's spun down. When necessary, your application calls the function. The provider spins up an instance of the container, performs the needed task, and returns the result.
Webex Teams API Rooms vs Spaces
You may be wondering, what's the difference between rooms and spaces? The API refers to "rooms," but the application interfaces refer to "spaces." So, when we're talking about the API, we'll use the term "room."
Zones
Zones are points of delegation in the DNS tree within a domain. A zone contains all domains below it in the tree (except those for which other zones have authority).
git rm --cached <file path>
add the specified file(s) to be removed to the staging area without removing the file(s) itself from the working directory, use the following command. This command will not work if the file is already in the staging area with changes
Version control
also called version control systems, revision control or source control, is a way to manage changes to a set of files in order to keep a history of those changes.
Change-based Code Review
also known as a tool-assisted code review, reviews code that was changed as a result of a bug, user story, feature, commit, etc.
Intersight API keys are categorised into two;
an API key ID and a secret key. The API Key ID is a multi-character string always visible after initial key creation. The secret key is an RSA Private Key only available at API key creation.
The NETCONF protocol uses
an Extensible Markup Language (XML) based data encoding for both the configuration data and the protocol messages.
Meraki Integrations - Location-streaming API
an HTTP POST method providing Wi-Fi and Bluetooth client location information (GPS, X/Y) based on Meraki Access Point (AP) map placement, and client signal strength. - Wayfinding - Asset tracking - Location & footfall analytics
An SNMP Trap is a change of state message meaning it could be either one of the following:
an alarm, a clear, a status message.
Contact center systems perform what is called skill-based routing, using
an automatic call distributor (ACD) to to intelligently route inbound customer interactions (such as calls, text, chat, email) to customer service agents by matching them based on skills and specialties using sophisticated algorithms.
another name of the staging area
an index file located in the .git directory.
common YANG terms
anyxml: A data node that can contain an unknown chunk of XML data. augment: Adds new schema nodes to a previously defined schema node. container: An interior data node that exists in at most one instance in the data tree. A container has no value, but rather a set of child nodes. data model: A data model describes how data is represented and accessed. data node: A node in the schema tree that can be instantiated in a data tree. One of container, leaf, leaf-list, list, and anyxml. data tree: The instantiated tree of configuration and state data on a device. derived type: A type that is derived from a built-in type (such as uint32), or another derived type. grouping: A reusable set of schema nodes. Grouping may be used locally in the module, in modules that include it, and by other modules that import from it. The grouping statement is not a data definition statement and, as such, does not define any nodes in the schema tree. identifier: Used to identify different kinds of YANG items by name. leaf: A data node that exists in at most one instance in the data tree. A leaf has a value but no child nodes. leaf-list: Like the leaf node but defines a set of uniquely identifiable nodes rather than a single node. Each node has a value but no child nodes. list: An interior data node that may exist in multiple instances in the data tree. A list has no value, but rather a set of child nodes. module: A YANG module defines a hierarchy of nodes that can be used for NETCONF-based operations. With its definitions and the definitions it imports or includes from elsewhere, a module is self-contained and "compilable". state data: The additional data on a system that is not configuration data such as read-only status information and collected statistics [RFC4741]. RPC: A Remote Procedure Call, as used within the NETCONF protocol.
In OOP languages and Python, classes are
are a means of bundling data and functionality. Each class declaration defines a new object type.
Data models
are a programmatic and standards-based way of writing configurations for any network device. It can replace manual configuration, implementing YANG as the de-facto data modeling language.
OOP objects
are instantiated (created) as they are first used, rather than being predeclared.
Objects in python
are purpose-built groupings of variables (called attributes) and functions that work together to do something useful
SNMP community names are used in SNMPv2C to
authenticate SNMP requests and traps.
SNMPv3 additional features
authentication encryption message integrity
Webhook aka reverse APIs
because applications subscribe to a webhook server by registering with the webhook provider. During this registration process, the application provides a URI to be called by the server when the target activity or event occurs. This URI is typically an API on the application side that the server calls when the webhook is triggered. When the webhook is triggered, the server sends a notification by becoming the caller and makes a request to the provided URI. This URI represents the API for the application, and the application becomes the callee and consumes the request. As a result, for webhooks, the roles are reversed; the server becomes the client and the client becomes the server. Multiple applications can subscribe to a single webhook server.
git branch
command to list, create, or delete a branch
RESTCONF is not intended to replace NETCONF,
but rather to provide an HTTP interface that follows the Representational State Transfer (REST) principles and is compatible with the NETCONF datastore model.A network device may serve both NETCONF and RESTCONF concurrently or may provide only one or the other.
pyATS can be used to help
check whether your changes work before putting them into production, and continue validation and monitoring in production to ensure smooth operations.
GITHUB provide additional features such as
code review documentation project management bug tracking feature requests
git clone <repository>[target directory] command
command that clones an existing repository to the local filesystem.
git add command
command to add file(s) to the staging area These files being added to staging can include newly untracked files, existing tracked files that have been changed, or even tracked files that need to be deleted from the repository. Modified files don't need to be added to the working directory unless the changes need to be added to the repository.
git init <project-directory> command
command to create an empty Git repository or make an existing folder a Git repository. Files created are: HEAD, index, objects, ref, config, branches
git status command
command to get a list of files that have differences between the working directory and the parent branch. This includes newly added untracked files and deleted files. It also provides a list of files that are in the staging area. Current branch of the working directory. Number of commits the working directory is behind the latest version of the parent branch. Instructions on how to update the local repository and how to stage/unstage files.
command git config
command to get and set Git's global settings or a repository's options
Cisco UCS Query method examples - simple filters - property filters - composite filters - Modifier filter (NOT is the only one supported)
configResolveDn: Retrieves objects by DN. configResolveDns: Retrieves objects by a set of DNs. configResolveClass: Retrieves objects of a given class. configResolveClasses: Retrieves objects of multiple classes. configFindDnsByClassId: Retrieves the DNs of a specified class. configResolveChildren: Retrieves the child objects of an object. configResolveParent: Retrieves the parent object of an object. configScope—Performs: class queries on a DN in the MIT.
git branch <parent branch><branch name>
create a branch from the parent branch
GIT Branches
enables users to work on code independently without affecting the main code in the repository. Users can have multiple branches and those are independent of each other as well.
Meraki Integrations - External Captive Portal (EXCAP) API
enabling an organization to build out custom engagement models at Wi-Fi access points. - Guest Wi-Fi experiences - Secure onboarding
Webex
encompasses Meetings, Teams, and Devices. Webex simplifies the needs of voice, video, and data into one solution so that people can collaborate more efficiently. -Webex Teams is a meetings and messaging app designed to improve collaboration. The Webex Teams API enables you to create chat bots and integrations to streamline activities. -Webex Devices include digital whiteboards, telepresence units, and room controls. Customize and personalize the Webex Devices with the xAPI.
Design Pattern: MVC
encourage creation of add-on frameworks that simplify implementation in widely-used languages and paradigms
Webex Teams Python SDK Example -2
from webexteamssdk import WebexTeamsAPI, ApiError access_token = 'jY1...e10f' api = WebexTeamsAPI(access_token=access_token) try: me = api.people.me() print(me.emails) except ApiError as e: print(e) The SDK provides error reporting with the ApiError exception. Notice that ApiError imported in the first line. The SDK gives you access to precise parts of the return body, such as me.emails in the example above returning only the emails data from the response JSON.
NETCONF base protocol includes the following protocol operations:
get: retrieve running configuration and device state information. get-config: retrieve all or part of a specified configuration. edit-config: edit a device configuration. copy-config: create or replace an entire configuration datastore with another complete configuration datastore. delete-config: delete a configuration in a data store. lock: lock the entire configuration datastore system of a device. unlock: release a configuration lock, previously obtained with the lock operation. close-session: request graceful termination of a NETCONF session. kill-session: force termination of a NETCONF session.
UDP
is a connectionless datagram protocol and is used in situations where timely delivery is more important than reliability. UDP is typically used for applications such as streaming media, voice and video.
VLAN
is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. It defines a broadcast domain.
Simple Object Access Protocol (SOAP)
is a messaging protocol for communicating between applications that may be on different platforms or built with different programming languages. It is an XML-based protocol that was developed by Microsoft. SOAP is commonly used with HyperText Transfer Protocol (HTTP) transport, but can be applied to other protocols as well.
Python return of None
is a special Python singleton value. It essentially means "no value." None is the closest thing Python has to a null value that is present in some other languages.
The observer design pattern
is a subscription notification design that lets objects (observers or subscribers) receive events when there are changes to an object (subject or publisher) they are observing.
API Key also referred to as API Token
is a unique alphanumeric string generated by the server and assigned to a user. To obtain their unique API key, the user typically logs into a portal using their credentials. This key is usually assigned once and will not be regenerated. All REST API requests for this user must provide the assigned API key as the form of authentication. Only secure when used with HTTPS. API keys are intended to be an authentication mechanism, but are commonly misused as an authorization mechanism.
Administrative XML Layer (AXL)
is an XML/SOAP based interface that provides a mechanism for inserting, retrieving, updating, and removing data from the Unified Communication configuration database. Developers can use AXL and the provided Web Services Description Language (WSDL) to create, read, update, and delete objects such as gateways, users, devices, route-patterns and much more.
Finesse in brevity
is an agent and supervisor desktop. The Finesse API provides Cisco partners and developers with more flexibility and customization of the desktop to deliver customer-driven care.
An interface definition
is basically a collection of function prototypes, defining names and types for functions and parameters that higher-level logic might use to invoke a range of classes (and that such classes can implement, to expose their functionality in generic ways).
_init()__ method is defined in a class
is called upon object instantiation (creation), with a special variable called self , and all variables passed at the time it is invoked
goal of code review:
is easy to read is easy to understand follows coding best practices uses correct formatting is free of bugs has proper comments and documentation is clean
Backlog
is made up of all of the features for the software, in a prioritized list.
benefit of the observer design pattern
is that observers can get real time data from the subject when a change occurs. Subscription mechanisms always provide better performance than other options, such as polling.
IOS XE
is the next-generation programmable platform. With IOS XE, you have access to standards-based, consistent, programmable interfaces, standard data models for configuration, deployment, and rollback, as well as services integration with the network.
Clean code
is the result of developers trying to make their code easy to read and understand for other developers.
the purpose of sprints
is to accomplish the frequent delivery of working software principle of the Agile manifesto. A sprint is a time-boxed iteration which is usually between two weeks and four weeks, but preferably as short as possible.
PyTest is handy because
it automatically executes any scripts that start with test_ or end with _test.py, and within those scripts, automatically executes any functions beginning with 'test_' or 'tests_'.
pip install some executable script
it's stored in the /bin directory
pip install some library inside a venv
it's stored in the /lib directory
Stateful packet-filtering firewalls
like stateless but with the ability to track connection state
example of YAML flow-syntax
mymap: { myfirstkey: 5, mysecondkey: The quick brown fox} mylist: [1, 2, 3]
Contact Center
provides robust customer support for call centers such as agent desktop, supervisor, and reporting capabilities. Contact Center can be used with Unified CM or standalone. Contact Center is used to manage and route high-volume calls, text, video, and data to the right agent at the right time with the right information.
ISE PxGrid Node
pxGrid node: The pxGrid framework integration enables the system to exchange policy and configuration data between nodes. This is how the system can share tags and policy objects between Cisco ISE and third party vendors.
Command to see the python version
python --version or python -V
command to create a virtual environment
python -m venv <name>
install virtualenv for python2
python2 -m virtualenv py2-venv
Automation Provisioning
refers to obtaining compute, storage, and network infrastructure (real or virtual), enabling communications, putting it into service, and making it ready for use by operators and developers (e.g., by installing an operating system, machine-level metrics, ssh keys, and the lowest level of operations tooling).
git rm <file path>
remove the specified file(s) from the working directory and add this change to the staging area
The ACI object model
represents the complete configuration and run-time state of every software and hardware component in the entire infrastructure.
REST API Request Body
request contains the data pertaining to the resource that the client wants to manipulate. REST API requests that use the HTTP method POST, PUT, and PATCH typically include a body. Depending on the HTTP method, the body is optional, but if data is provided in the body, the data type must be specified in the header using the Content-Type key. Some APIs are built to accept multiple data types in the request.
DNA Intent API request which has been successfully initiated,
responds a structure containing executionId, executionStatusUrl, and a status message.
which python
returns the directory where the python command runs
SNMP
s an application-layer communication protocol that lets devices integrate with one another, and with software, to exchange configuration and event data (such as metrics, conditional alerts).
Network Layer
specifies the means and protocols to be able to transfer variable length data packets from one device to another connected in different networks.
staging area
stores the information about what the user wants added/updated/deleted in the repository
APIs can be delivered in one of two different ways:
synchronously or asynchronously.
Cobra (Cisco ACI) Python SDK
the Cobra SDK gives you access to all REST functions using native Python bindings. Objects in Cobra are one-to-one representations of the Management Information Tree (MIT). The SDK offers Python methods to match the REST methods that the GUI uses, such as those shown in the API Inspector. It offers full functionality and is suited for complex queries, incorporating Layer 4-7 devices, initial fabric builds, and so on.
four distinct types of YANG models in NSO
the built-in NSO YANG models for the device manager, the service manager models, YANG models imported from the managed devices, and service models
Frame
the container into which data is placed for transmission is called a frame
EUI-64
the first three octets (24 bits) are taken from the Organizationally Unique Identifier (OUI) of the 48-bit link-layer address (the media access control, or MAC, address) of the interface, the fourth and fifth octets (16 bits) are a fixed hexadecimal value of FFFE, and the last three octets (24 bits) are taken from the last three octets of the MAC address. The construction of the interface ID is completed by setting the universal/local (U/L) bit--the seventh bit of the first octet--to a value of 0 or 1. A value of 0 indicates a locally administered identifier; a value of 1 indicates a globally unique IPv6 interface identifier.
Security Misconfiguration
this item refers to the need to ensure that the system itself is properly configured. Is all software properly patched and configured? Is the firewall running? Prevention of these types of problems requires careful, consistent hardening of systems and applications. To reduce the attack surface available, only install the services you actually need, and try to separate out components that aren't related to different systems to reduce it further.
Chaos Engineering
using automation tools to cause controlled (or random) failures in production systems. Tools like Chaos Monkey and "Failure-as-a-Service" platforms like Gremlin are purpose-built for breaking things, both at random and in much more controlled and empirical ways: an emerging discipline called "failure injection testing."
Ciscco SDWAN Components
vManage NMS vSmart Controller vBond Orchestrator vEdge Routers
fast-forward merge
when the Git algorithm is able to apply the changes/commits from the source branch(es) to the target branch automatically and without conflicts. It just moves the pointer that represents the HEAD of the target branch, rather than adding a new commit
VMware also offers PowerCLI for Windows PowerShell,
which provides cmdlets for vSphere, vCloud, vRealize Operations Manager, vSAN, NSX-T, VMware Cloud on AWS, VMware HCX, VMware Site Recovery Manager, and VMware Horizon environments.