Config Best Practice
Cisco has documented a lot of best practices on Cisco.com and in its Validated Design Guides. To make it easier for our customers and partners, lots of intellectual capital (IC) has been created to validate certain configurations and assess whether they are following best practices or not.
This API helps you verify how well your network is adhering to Cisco best practices.
The Config Best Practice API is sub-divided in these resources:
/configBestPractices/rules/configBestPractices/rules/:bestPracticeRuleId/configBestPractices/rulesReferences/configBestPractices/rulesReferences/:bestPracticeRuleId/configBestPractices/summary/configBestPractices/summary/:bestPracticeRuleId/configBestPractices/details
We describe each resource separately below
Config Best Practice Rules
This resources gives an overview of the digitized config best practice rules. Each rule gives an overview of the problem, the related technology and software, a recommendation, the assumed risk to you if you do not implement this best practice.
Copy{
"bestPracticeCaveat": "",
"bestPracticeCorrectiveAction": "In the global configuration mode,enter 'snmp-server enable traps system' command to enable system traps.",
"bestPracticeDescription": "If NX-OS device has system configured and running and SNMP Traps enabled then flag an exception if globally you don't find: \n\nsnmp-server enable traps system",
"bestPracticeNuggetId": "IOS_XR_UNSUPP_TRANSEIVER",
"bestPracticePrimaryTechnology": "*Network Management",
"bestPracticeRecommendation": "Cisco recommends to enable SNMP traps,as they are helpful to log the event related to system process and can be used for troubleshooting when required.",
"bestPracticeRisk": "Low",
"bestPracticeRuleId": "11148",
"bestPracticeSecondaryTechnology": "",
"bestPracticeTitle": "System SNMP Traps Not Enabled",
"createdTimestamp": "2016-06-04T04:01:00",
"softwareType": "NX-OS",
"bestPracticeRuleModificationTimestamp": null
}
Config Best Practice Rules References
This resource gives an overview of the evidence or documentation that the different best practice rules are based on. It can help address how to implement the best practice.
The following is an example of a reference to a Cisco.com command reference
Copy{
"bestPracticeRuleId": "11148",
"bestPracticeUrl": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/system-management/command/reference/n7k_sm_cmd_ref/sm_cmd_s.html#pgfId-1035395",
"bestPracticeUrlTitle": "Nexus 7000 System Command Reference"
}
Config Best Practice Summary
The summary resource gives you a summary of how many devices are not adhering to a given best practice. In the below example we can see that 4 devices should be reviewed for this best practice.
Copy{
"bestPracticeNuggetId": "IOS_XR_UNSUPP_TRANSEIVER",
"bestPracticePrimaryTechnology": "*Network Management",
"bestPracticeRisk": "Low",
"bestPracticeRuleId": "11148",
"bestPracticeSecondaryTechnology": "",
"bestPracticeTitle": "System SNMP Traps Not Enabled",
"softwareType": "NX-OS",
"totalDeviceCount": 4
}
Another interesting use-case is to query for all the High risk best pratices and group them per technology. This can give you insights into which technology needs to be reviewed first.
Config Best Practice Details
This resource can be used to get details over what devices violate what best practice rule.
Below you can see an example of devices not adhering to the best practice rule 11148 we were using above:
Copy"items": [
{
"bestPracticeNuggetId": "IOS_XR_UNSUPP_TRANSEIVER",
"bestPracticeRuleId": "11148",
"configSource": "STANDARD",
"deviceId": 26431167
},
{
"bpNuggetId": "IOS_XR_UNSUPP_TRANSEIVER",
"bpRuleId": "11148",
"configSource": "STANaDARD",
"deviceId": 26431168
},
...
Remember from the Inventory API description that every device has a unique deviceId.
You could now query the /inventory/devices API resource with a filter {"deviceId": 26431167} to find the details of
the device listed above.