Meraki

Guillaume6hat · ‎Jan 5 2024

Hello team,

I want to improve compliance on my networks, and so, I want to check firmware versions configured on devices/networks.

I found the Organization call : https://developer.cisco.com/meraki/api-v1/get-organization-devices/ , with it, I can get all devices information, with firmware, except that firmware info is not complete.

It only returns the "main version", not patches.

Example : On a MX network configured with 18.107.4, I get :

"firmware": "wired-18-1-07",

As I want to check the exact version, and validate it upgrades are necessary, this is not what I need.

I found that I can get the correct information with the call : https://developer.cisco.com/meraki/api-v1/get-network-firmware-upgrades/ . This time I get the correct info :

"currentVersion": {

"id": "2591",

"firmware": "wired-18-1-07",

"releaseType": "stable",

"releaseDate": "2023-08-09T00:34:30Z",

"shortName": "MX 18.107.4"

}

Firmware value is the same, the "main version", but with id or shortName, I get what I want.

Problem is that this is at network level, and so, I need to do one call per network. With more than 1000 networks, this takes a long time.

Is there any other option ?

Is it possible to have the exact version information in the Organization Devices call ?

Thank you

sungod · ‎Jan 5 2024

If you are using the Meraki Python library, using AsyncIO will generally speed things up significantly, for 1,000 calls I'd expect it to complete in just a few minutes - current API rate limit is 10 calls/second.

I cut/pasted chunks of some scripts to give an outline...

import meraki.aio
import asyncio
import sys
#####import whatever else is needed

#get your api key and org id from wherever you keep them
ORG_ID = ...
API_KEY = ...

# this is a function to get the firmware info for a network and output it
async def processNetwork(aiomeraki: meraki.aio.AsyncDashboardAPI, net):

    #blah blah blah, see example on github, something like this...

    #you probably need to add logic to skip SM networks as I think the endpoint will not be there

    try:
        info = await aiomeraki.networks.getNetworkFirmwareUpgrades(net['id'])
    except meraki.AsyncAPIError as e:
        print(f'pn Meraki API error: {e}', file=sys.stderr)
        sys.exit(0)
    except Exception as e:
        print(f'pn some other error: {e}', file=sys.stderr)
        sys.exit(0)
    else:
        #process info and output


async def main():

    async with meraki.aio.AsyncDashboardAPI(
        api_key=API_KEY,
        base_url='https://api.meraki.com/api/v1/',
        print_console=False,
        output_log=False,
        suppress_logging=True,
        wait_on_rate_limit=True,
        maximum_retries=100,
        aio_maximum_concurrent_requests=10

    ) as aiomeraki:

        # get list of networks in the target organization
        try:
            networks = await aiomeraki.organizations.getOrganizationNetworks(ORG_ID, perPage=1000, total_pages="all")
        except meraki.AsyncAPIError as e:
            print(f'script Meraki API error: {e}', file=sys.stderr)
            sys.exit(0)
        except Exception as e:
            print(f'script some other error: {e}', file=sys.stderr)
            sys.exit(0)

        #then pass the list to your function, processing networks concurrently
        networkTasks = [processNetwork(aiomeraki, net) for net in networks]
        for task in asyncio.as_completed(networkTasks):
            await task

        sys.exit(0)

if __name__ == '__main__':
    asyncio.run(main())

See readme and example etc. on github https://github.com/meraki/dashboard-api-python/blob/main/README.md

Guillaume6hat · ‎Jan 5 2024

Thank you for your quick reply.

That works great, we got everything in 2:30min way less than before ! 😍

But that is still more than 1000 calls, where it could be 1 or 2 with paging if info was directly available 😅.

I try my best to avoid unecessary calls, as we have automation everywhere and teams all around the world, this can have impact if multiple people want to deploy something at the same time with APIs.

For now, I'll use your method, thank you again, but that would be great if on Meraki side there was a possibility to get this information in the Organization Devices endpoint.

sungod · ‎Jan 5 2024

Yes a single org-wide call would be nice, but I would not worry about 1,000 calls - the orgs are distributed across many shards and each org is rate limited, API use on one org will not impact others.

It's certainly good to code to minimise calls, but if there isn't a choice you can only use the available calls, some of our scripts will generate far more than 1,000 API calls, they've been doing it for years, it hasn't been a problem.

Over time we do see more org-wide calls appearing, I'd expect Meraki do look at global usage and see what are the best candidates for optimising.

Guillaume6hat · ‎Jan 8 2024

Problem is that this is only one org, as this is for SDWAN, so it could impact the rate limit 😕

When I told about teams all around the world, it was to mention that all day long there are home made tools used with API calls, and so it's better to limit when possible.

Right now, we can use your AsyncIO solution, but yes, a single org wide call would be way better. If for each need we have to do that amount of calls, we definitely will face issues.

And on top of that, I think it's better when returning the firmware to give the exact version instead of just the main version, everyone gets what needed, full version, or main version by splitting.

Thank you

sungod · ‎Jan 8 2024

As long as everyone follows Meraki's recommended retry logic I would be surprised if there's a problem, the budget is 36,000 calls/hour.

The Meraki Python library transparently manages back-off/retry for you, if configured to do so. I know many of my scripts hit rate limit, but they all use the retry logic, the end result is that they all complete without error,.

If there's a high volume of updates, using action batches may be a good option to reduce call rate.

You can get actual API usage vs. response codes using this call...

https://developer.cisco.com/meraki/api-v1/get-organization-api-requests-overview-response-codes-by-i...

...I suggest use it to see what the actual global usage is over a few days, there are other calls that give more details on usage.

Guillaume6hat · ‎Jan 8 2024

Hello,

We already use action batches when possible, and also, we monitor API usage vs response codes, we have reports for this. This is what allowed us to found out that we needed to optimize and limit unnecessary calls.

Again, today, it seems ok, and doing these 1000+ calls is not a problem, but if we just thought "Ok, limit rate is high, we will not face any issue", we would definitely face many issues by now, this is why we prefer to optimize every usage.

And even if there would be a "no limit rate", I think it's always better to optimize when possible. If I can do 1 call instead of 1000+, that's easier to code, faster (for the user), less CPU time on both sides (Green IT and scalability), etc.

Better for everyone 🙂

Anyone on Meraki side to check feasability to return full firmware version info in the Org Wide API call ?

Meraki

Community

Get full firmware info for all devices

Get full firmware info for all devices