Skip to content

ND Pre-Change Validation

Users of Nexus Dashboard Insights (NDI) can leverage this solution for automated pre-change validation. Hundreds of different checks have been codified and can be used to validate your changes on-demand. Compared to the --rules argument in nac-validate, there is no need to write Python code that contain your checks. NDI will notify you of any anomalies imposed by your new configuration. Besides looking at potential configuration errors, NDI provides a framework that enables users to write their own configuration and compliance rules. Each time a pre-change validation is run, that set of requirements is evaluated. Consider the following examples:

In this example, Endpoint Group (EPG) web and db must be able to communicate:

In this example all bridge domains need to be configured with at least one private subnet:

Compliance requirements in NDI drastically reduce the time required to write tests, in order to meet business requirements when driving automated changes.

Using the commandline tool Nexus-PCV, you can automate Pre-Change Validations in NDI. Nexus-PCV can either work with provided JSON file(s) or a terraform plan output from a Network-as-Code project. A planned change can be validated before applying it to a production environment by running a terraform plan operation first and then providing the output to nexus-pcv to trigger a pre-change validation.

The tool can easily be integrated with CI/CD workflows. Arguments can either be provided via command line or environment variables. The tool will exit with a non-zero exit code in case of an error or non-suppressed events being discovered during the pre-change analysis. The --output-summary and --output-url arguments can be used to write a summary and/or a link (URL) to a file, which can then be embedded or parsed into notifications (e.g., Webex).

Python 3.10+ is required to install nexus-pcv. Nexus-pcv can be installed using pip:

Terminal window
pip install nexus-pcv

To create a plan output that can be used by nexus-pcv in order to create a PCV in NDI, the following can be run:

Terminal window
> terraform plan -out=plan.tfplan
> terraform show -json plan.tfplan > plan.json
> nexus-pcv --hostname-ip 10.0.0.1 --username admin --password Cisco123 --group <yoursitegroup> --site <yourfabric> --name pcv123 --nac-tf-plan plan.json --output-summary output-summary.txt --output-url output-url.txt

This will trigger a new PCV in NDI:

After a few minutes you can evaluate the results:

Alternatively you can refer to the output-summary.txt to see if any anomalies have been found based on your intended configuration.