ACI Automation & Scripting

ACI Automation & Scripting

ACI Automation & Scripting

While using Scripting and Orchestration there are common benefits observed which include following:

Fast, rapid and Consistent changes across ACI fabric

  • Provides simple method for Automation
  • It reduces chances of Human Error
  • It helps in making network & policy changes on Fly
  • It reduces the time over quick recovery after disaster
  • Cost reduction for Network Changes by using Automation & Orchestration.

In ACI Automation & Orchestration, REST API plays a major role, we can learn here what is the REST API and how it works via Postman APP.


REST is Representational State Transfer protocol, based on client/ Server communication method, which uses TCP based HTTP/HTTPS protocol. In the Client request to a server and in response Server transfer the actual status of Server resource or information which client has requested.

REST API accepts and return HTTP or HTTPS message via JSON or XML document.

RSET API uses request which contains following fields: 

  • HTTP(S): Defines the operation to be performed
  • Header: It contains Client request and it allow this request to pass along it.
  • Path: It identifies the location of a resource.
  • Message Body: It contains DATA

Below are three HTTP(S) method which is used by client to send request:

  • GET: It retrieves a set of information or resource which has been asked by client.
  • POST: It send some parameters, that is used to configure ACI fabric, it either create or updates any resource.
  • DELETE: It removes certain parameters or delete any particular resource.

In POST & DELETE methods, even though they are called multiple times, there will be no effect and hence are termed as idempotent. In GET method, even though it is executed multiple times, there will be no change in MIT object model and hence it is termed as nullipotent.

While using REST API, the Correct URI must be provided, in order to get valid and correct response.

As Example, if we want to get information about tenant DCLESSONS, we need to use following URI:


if we want to pull some information, from a node managed object, we need to use below URI, where the resource path contains the DN of managed Object.


ACI basic Automation tools

ACI provides some tools, through which we can do basic Automation, these tools are some where described below and as shown in figure.

  • API Inspector
  • Object Save As
  • Visore
  • MOQuery

API Inspector: whatever you configure in ACI via APIC, API Inspector, captures every packet. When any task is performed in APIC, GUI sends internal API message to operating system to execute the task.

You can copy those syntaxes and can also use it for further automation or to perform repetitive task. API inspector captures the API message only in JSON format.

In order to open the API inspector, open APIC GUI, go to right side corner of window, right click on circular help & Tool button and click on API inspector Tab. Now try to create any configuration via APIC, as example create any Tenant, and in the API you will see that timestamp for this task has been executed by APIC using HTTPS method and same has been recorded in API inspector. Below figure shows you only example for it.

You need to understand the JSON script, before you start your scripting. Below is the body of JSON format.

The JSON format in ACI starts with a curly bracket ({), followed by Parent-Object-Class” with double quotes and a colon (:). Then, “attributes” of “Parent-Object-Class” starts with double quotes and a colon followed by each of the object property key/value pairs, in the form {“property1”:”value”, “property2”:”value”}.

The properties of the child object class start with the key word “children” in double quotes and a colon followed by a square bracket ([).

Then the properties of each Child-Object-Class start with a curly bracket in double quotes and a colon. The “attributes” of Child-Object-Class start with double quotes and a colon followed by each of the object property key/value pairs in the form {“property1”:”value”, “property2”:”value”},” children”: []}}.

The last child object class does not have a comma at the end but rather a closing square bracket and curly brackets for the top-level parent object class(es).

Object Save as

With this method, you can download the configuration payload via XML also other than Json format.

Below figure shows how a particular configuration payload can be saved in xml format.

To do that, you need to right click any object whose payload you want to download, and then select the save as after choosing appropriate fields. In this method, you have option to choose XML or JSO format.

Now, once you save the configuration, it will not give you URL. So you need to build the URL for any certain managed object.


Visore (Object Store Browser)

Visore is a tool, which is used to provide view of entire MIT. This tool can be used to query a MO or class of object. A Visore can be accessed using OOB IP address of APIC:

https://<APIC IP address >/visore.html.

it can also be opened by using APIC GUI, by clicking circular icon in top-right corner of the window and selecting Object Store Browser.

Once done, you will be asked to provide APIC credentials to login in to it. In below figure you can see Visore (Object store Browser) where you can query any class of object or DN of managed Object in entire MIT.

In above figure, we have queried bridge domain class fvBD. Visore will pull out all 47 managed object and their properties.

We can also query property of an object of a certain class. Let say, we want to pull all the objects that contain certain EPG via query EPG object class fvAEPg.


MOQuery is a CLI based tool which is used to browse objects in MIT. It is not only used for automation scripts but also used for troubleshooting events.

In order to find the MOQuery command line Help we should use following commands.

Command to find a Class (-C)

MOQuery to find the a DN (-d)

MOQuery to find an EPG Class and Filtering on name DCLESSONS-WEB-Epg

MOQuery to find a BD Class and use filter on name containing Dclessons-WEB-DB and ARP folloing disable

Postman Scripting for ACI

POSTMAN is an HTTP web user interface client that allow you to make HTTP calls. Postman is a google chrome application which provides an easy way interface for interacting with REST API. Postman can be added in google chrome extension like this.


    You are will be the first.


Please login here to comment.