API vs SNMP vs CLI: The Best Choice for Network Devices
Some days it might feel like instead of a network administrator, you are becoming more of a programmer. In some ways, this might be true. As network infrastructure becomes more complicated and network services are moved to the cloud, network operations become more automated. Unfortunately, the tools that network admins would traditionally use to manage networks don’t interoperate well with automated systems.
So, network management has begun using APIs to communicate with networking equipment instead of the traditional command-line environment. Of course, using an API is going to require a bit of programming. But, after all, an API is a bridge for communicating with applications.
That doesn’t mean using a command-line environment or SNMP are bad choices for network management, though. Each communication method has its pros and cons. Understanding the difference between a router or switch API, SNMP, and the CLI is essential for managing a network environment properly.
So, today we will discuss the difference between APIs vs. SNMP vs. CLI and which option is the best choice for network devices.
An Overview of API vs. SNMP vs. CLI [VIDEO]
In this video, Chuck Keith covers the three main methods of connecting to routers and switches: SSH (CLI), SNMP, and API. Each of these was developed for a specific purpose and they have different strengths, weaknesses, and features. Chuck will explain what each of these are then teach you how to choose which one to use.
CLI and Networking Configs
Previously, network routers and switches were configured through the command line. Actually, the command line is still the tool of choice for a lot of network engineers. Depending on what equipment an enterprise uses, network engineers may not have any other option but to use the command line for network configuration. So, what are the pros and cons of using the command line to configure networking equipment?
Up until about the mid 90’s network engineers used a Telnet tool to connect to network equipment. Telnet was a good tool at that time for remotely managing network devices. The original notion of computer networks didn’t include security, though.
This wasn’t any different for the Telnet protocol. Telnet does not use any cryptography for connections. Therefore, any remote connections using Telnet can be easily spied on. We’ve since learned that this is a huge issue.
Later, SSH was created. SSH establishes remote, encrypted connections using a private key system. SSH is now the standard way to use the command-line environment with networking equipment.
Using the CLI to configure routers and switches is still the most robust way of making configuration changes. This is because the CLI has more access to the hardware compared to SNMP or when using an API.
This means that network engineers have the most significant amount of control when using the CLI, but it does come with issues. Using a command-line environment for network engineering tasks takes a lot of preparation and documentation. Because networks needed to be configured manually, there wasn’t an excellent way to view the entire network from an exploded view. Network admins could only view configurations per device. They depended on documentation for a whole network scope of view. This creates the potential for a lot of user errors.
One of the biggest tasks network engineers have today is automating the network. Network services, security, and infrastructure depend on networks being automated. But, unfortunately, even the most efficient network team in the world couldn’t keep the pace at which changes need to be made to modern networks at any given point in a working day.
The CLI is designed by default for interactions with humans and not machines. Both commands and responses are geared for this type of interaction state. So, despite the CLI being capable of being used for automation, its automation extent is limited. CLI commands are not designed to be operated by scripts with the level of interactions that modern networks require. It’s also much slower to use the console environment for automation tasks compared against a programmatic approach, too.
SNMP and Network Metric Data
SNMP stands for simple network management protocol. Though the console is responsible for configuring the network, it can’t monitor it properly. SNMP was originally created as an easier way to manage networks. Still, due to its limited capacity to perform operations when compared to using the console, SNMP is primarily used to monitor networks instead.
SNMP has access to various variables inside of network equipment. For instance, a switch might track how much data is flowing in and out of its ports. SNMP can capture that data in real-time.
That data is fed into a management information base (MIB). Different vendors create different types of MIBs. Some are more capable than others. Though some configuration changes to networking devices can be made through these MIBs, they are used mainly to collect, manipulate, and display network data.
APIs and Networking
API stands for application programming interface. In the software development world, this is an endpoint that is used to ingest, process, and return data. For example, suppose you need to change the password for an online account. In that case, you will use a password reset form on the website for that account, making a password reset request. The API for that website takes that request and returns data, presumably a new password, back to you.
APIs are now being used for networking equipment like routers and switches. They work as they do for software development, too. Each hardware vendor creates an API specific for their devices. That API offers access to various configuration options in the hardware.
These APIs are considered RESTful services. So, they are made using a POST or PUT call. POST or PUT calls are web payloads, usually to a URL, containing information ingested by an application or service. Each API endpoint expects certain information formatted in a specific way in those POST or PUT requests.
An API makes automating network tasks much more accessible than using SNMP or the console. By utilizing an API, network engineers can create repeatable code blocks that can be interconnected and operate automatically based on certain conditions. This is essentially how most software functions, but network engineers use it to make physical and virtual changes to network infrastructure instead.
For example, let’s say that you are a business that sells HIPPA and HITECH-compliant file-sharing services to medical billing customers. These regulations require a specific minimum level of security. As a law-abiding business, though, you created the proper IT infrastructure for your medical billing customers. Each customer gets a private, encrypted storage space for them on individual virtual servers.
In the past, creating individual, encrypted VMs with file-sharing services was a task for a human (even if most of the process was automated). Today, once your customers pay for their file-sharing services, that payment can trigger a set of automated tasks. That task automatically creates a secure VM, configures its URL and DNS information, user accounts, and security keys. So, where the customer onboarding process might have taken 24 hours in the past, it now takes 10 minutes.
This is the prominent advantage network engineers have while using APIs. As a result, their network infrastructures can perform much more complex tasks while, at the same time, being more accessible to both deploy and manage.
API vs. SNMP vs. CLI: Recap
There are a variety of ways to communicate, configure, and manage network devices. The first way of managing network equipment is through the console. The console is a command-line environment that network admins connect to through a remote connection. Though SSH is commonly used today, that remote connection can be made through the Telnet or SSH protocols.
SNMP is another way to communicate with network devices. SNMP is more universal than console commands. SNMP has a limited ability to perform configurations, though, and is commonly used to collect metrics for networks instead. These metrics are collected and displayed by management information bases.
Finally, network engineers can also use APIs. Again, APIs are specific to each vendor, though common languages like OpenConfig attempt to make those APIs more universal. Network admins can create a much more automated, scalable, and robust network by using vendor APIs.