CLI commands are mostly run on the Nexus devices. NX-API enables you to access these CLIs by making them available outside the switch by using HTTP/HTTPS. You can use this extension to the existing Cisco Nexus CLI system on the Cisco Nexus 9000, 3000, 3500, 3600, and 7000 Series devices. NX-API supports show commands, configurations, and Linux Bash. NX-API uses HTTP/HTTPS as its transport. CLIs are encoded into the HTTP/HTTPS POST body.
The NX-API back end uses the Nginx HTTP server. The Nginx process, and all of its children processes, are under Linux cgroup protection where the CPU and memory usage are capped. If the Nginx memory usage exceeds the cgroup limitations, the Nginx process is restarted and restored.
NX-API is integrated into the authentication system on the device. Users must have appropriate accounts to access the device through NX-API. NX-API uses HTTP basic authentication. All requests must contain the username and password in the HTTP header. You should consider using HTTPS to secure your user’s login credentials.
NX-API provides a session-based cookie, nxapi_auth, when users first successfully authenticate. With the session cookie, the username and password are included in all subsequent NX-API requests that are sent to the device. The username and password are used with the session cookie to bypass performing the full authentication process again. If the session cookie is not included with subsequent requests, another session cookie is required and is provided by the authentication process. Avoiding unnecessary use of the authentication process helps reduce the workload on the device.
Note
A nxapi_auth cookie expires in 600 seconds (10 minutes). This value is a fixed and cannot be adjusted.
The commands, command type, and output type for the Cisco Nexus 9000 Series devices are entered using NX-API by encoding the CLIs into the body of an HTTP/HTTPS POST. The response to the request is returned in XML or JSON output format.
NX-API CLI is enabled by default for local access. The remote HTTP access is disabled by default. First, you need to enable the NX-API feature before you can send any API requests to the NX-OS software.
To enable the NX-API nxapi feature, enter these commands:
switch# conf t
switch(config)# feature nxapi
Example 16-18 shows a request and its response in XML format.
Example 16-18 Request and Response in XML Format
Request:
<?xml version=”1.0″?>
<ins_api>
<version>1.2</version>
<type>cli_show</type>
<chunk>0</chunk>
<sid>sid</sid>
<input>show clock</input>
<output_format>xml</output_format>
</ins_api>
Response:
<?xml version=”1.0″?>
<ins_api>
<type>cli_show</type>
<version>1.2</version>
<sid>eoc</sid>
<outputs>
<output>
<body>
<simple_time>01:30:58.810 UTC Thu May 30 2019</simple_time>
</body>
<input>show clock</input>
<msg>Success</msg>
<code>200</code>
</output>
</outputs>
</ins_api>
Example 16-19 shows a request and its response in JSON format.
Example 16-19 Request and Response in JSON Format
Request:
{
“ins_api”: {
“version”: “1.2”,
“type”: “cli_show”,
“chunk”: “0”,
“sid”: “1”,
“input”: “show clock”,
“output_format”: “json”
}
}
Response:
{
“ins_api”: {
“type”: “cli_show”,
“version”: “1.2”,
“sid”: “eoc”,
“outputs”: {
“output”: {
“input”: “show clock”,
“msg”: “Success”,
“code”: “200”,
“body”: {
“simple_time”: “01:29:16.684 UTC Thu May 30 2019”
}
}
}
}
}
Leave a Reply