White paper
Public
© 2022 Cisco and/or its affiliates. All rights reserved.
A RESTful API is an architectural style for an API that uses HTTP request methods to access and use
data. That data can be accessed via GET, PUT, PATCH, POST, and DELETE methods, which refers to
the reading, updating, creating, and deleting programmable resources [19].
Undoubtedly, knowledge of REST APIs and programmability are key skills for network engineers to
acquire.
Network programmability is a generic term, which has different meanings to different people. In this
document we are referring to network programmability as the use of software tools to deploy,
manage, and troubleshoot network elements [20].
Scripts are used in network programmability. As these scripts started to become more complex and
interact with the network using APIs, the use of Python has become popular; nowadays many network
engineers make use of it. Python is not the only language being used for network automation, but the
combination of being an easy to learn language, and availability of many code samples and utilities,
has made it a go-to language for network engineers [21]. Python has a built-in standard library that
provides complete support for data encoding and decoding, network protocols, and all other
networking concepts. Writing the code for network programming in Python is easier than in C++ or
Java. Python programming language provides two levels of network service access: low-level and
high-level access. The low-level access offers the basic socket support of the operating system, while
the high-level access allows the implementing protocols like FTP, HTTP, etc. [22].
Broadened scope of networks
The scope of ‘network’ has broadened over the years. While in the first days of networking it referred
to routers and switches only, extending to firewalls and load-balancers later, today the term
encompasses networks in virtualized datacenter environments, VXLAN overlays, public cloud
networking, or container service mesh. We could say that the network is the collection of physical and
virtual systems that provide connectivity between users, devices, and applications.
This is raising the need for network engineers to become cross-domain experts, since IT teams need
to manage end-to-end connectivity. Today we still observe many organizations managing network
connectivity in silos, in particular the cloud and container environments, but there is a trend towards
unifying responsibilities under a single team that manages end-to-end connectivity. The number of
network engineers with public cloud and Docker / Kubernetes certifications is rapidly increasing,
which facilitates this operational transformation.
Automating network security
Enterprises need to add consistent end-to-end security policies to network deployments. Using CLIs
or GUIs is not a way to rapidly deploy security policies that have been validated, are consistent, and
cover end-to-end traffic flows [23]. Furthermore, administrator errors (fat finger errors) can leave the
configuration in an unsecured state.
In traditional network domains, a subset of security features is deployed and managed by network
controllers. For example, a campus network controller will typically provide the capability to implement
user access control, segmentation, and micro-segmentation policies.
In the case of dedicated appliance-based security systems such as firewalls or IDS/IPS, traditional
management methods are no longer sufficient and there is a shift towards leveraging device or
controller APIs to provide consistent, scalable methods, to automate and orchestrate configuration
changes.