Thinking. Writing. Philosophising.

Email Github LinkedIn

VMware VeloCloud SD-WAN Orchestrator API: Automated Edge Configuration Backup

Posted on November 22, 2021 — 5 Minutes Read

IP networking has been undergoing a quiet and steady shift ever since the conception of a framework that has the control function of a network separated from the forwarding one, as part of a larger movement that sees software disrupting nearly every industry and company and as software is eating the world. Purpose-built equipment, and the circuitry between them, that were the building blocks of a traditional hardware-defined network have been abstracted away, and have become the underlay infrastructure, on top of which, an overlay Software-Defined Network (SDN) with a control plane that populates and updates the routing table, as the data plane forwards frames and routes packets in reference to which, operates. As SDN gained inroads into the backhaul networks between data centres and in large campuses, for the cost saving and the performance and resiliency benefits that come with its programmability, the same principle of separating the control and forwarding planes was applied to the Wide Area Network (WAN) as well, resulting in a Software-Defined WAN (SD-WAN) that is transport-agnostic, application-centric and that routes network traffic in accordance to the real-time network status and the service levels required by the respective applications.

Most vendor implementations of SD-WAN provide a set of Application Programming Interface (API) that allows it to interact with other software systems. What follows will be a Python app that calls the VMware VeloCloud SD-WAN Orchestrator (VCO) API for an automated backup of all of the SD-WAN Edges in the enterprise network. The rest of the code is containerised with Docker Compose for a modular and cloud-native deployment that fits in any microservice architecture, and is shared on Github for reference and further development. With the Python app containerised with Docker Compose, deployment is as simple as:

  1. Download a copy of the app;
  2. Create the environment variables for the VCO authentication and modify the crontab if needed; and
  3. Docker Compose or build and run the image manually to start the app, or alternatively run the Python script as a standalone service.

See also:

Git Clone

Download a copy of the app with git clone. Be sure to pass the --recurse-submodules argument to initialise and update each submodule in the repository.

$ git clone --recurse-submodules https://github.com/kurtcms/vco-api-ent-edge-config /app/vco-api-ent-edge-config/

Environment Variables

The app expects the hostname, the API token or the username and password for the VCO, as environment variables in a .env file in the same directory.

Should both the API token, and the username and password, for the VCO be present, the app will always use the API token.

Be sure to create the .env file.

$ nano /app/vco-api-ent-edge-config/.env

And define the credentials accordingly.

VCO_HOSTNAME = 'vco.managed-sdwan.com/'

# Either the API token
VCO_TOKEN = '(redacted)'

# Or the username and password
VCO_USERNAME = 'kurtcms'
VCO_PASSWORD = '(redacted)'


By default the app is scheduled with cron to pull a copy of the config stack for all the SD-WAN Edges in the enterprise network every 15 minutes, with stdout and stderr redirected to the main process for Docker logs.

Modify the crontab if a different schedule is required.

$ nano /app/vco-api-ent-edge-config/crontab

Docker Container

Packaged as a container, the app is a standalone, executable package that may be run on Docker Engine. Be sure to have Docker installed.

Docker Compose

With Docker Compose, the app may be provisioned with a single command.

Install Docker and Docker Compose with the Bash script that comes with app.

$ chmod +x /app/vco-api-ent-edge-config/docker-compose/docker-compose.sh \
    && /app/vco-api-ent-edge-config/docker-compose/docker-compose.sh

Start the containers with Docker Compose.

$ docker-compose -f /app/vco-api-ent-edge-config/docker-compose.yml up -d

Stopping the container is as simple as a single command.

$ docker-compose -f /app/vco-api-ent-edge-config/docker-compose.yml down

Build and Run

Otherwise the Docker image can also be built manually.

$ docker build -t vco_api_ent_edge_config /app/vco-api-ent-edge-config/

Run the image with Docker once it is ready.

$ docker run -it --rm --name vco_api_ent_edge_config vco_api_ent_edge_config

Standalone Python Script

Alternatively the vco_api_ent_edge_config.py script may be deployed as a standalone service.


In which case be sure to install the following required libraries for the vco_api_main.py:

  1. Requests
  2. Python-dotenv
  3. NumPy
  4. pandas

Install them with pip3:

$ pip3 install requests python-dotenv numpy pandas


The script may then be executed with a task scheduler such as cron that runs it once every 15 minutes for example.

$ (crontab -l; echo "*/15 * * * * /usr/bin/python3 /app/vco-api-ent-edge-config/vco_api_ent_edge_config.py") | crontab -

Config Stack in JSON

The config stacks for all the Edges in the enterprise network will be downloaded and saved as separate JSON files on a Docker volume that is mounted in the same directory of the docker-compose.yml file on the Docker host. If the Python script is run as a standalone service, the JSON files will be in the same directory of the script instead.

In any case, the JSON files are stored under a directory by the enterpriseName, and nested in a number of subdirectories named respectively by the year, the month and the day, and finally by the full date and time of the API call to ease access.

└── enterpriseName/
    └── Year/
        └── Month/
            └── Date/
                └── YYYY-MM-DD-HH-MM-SS/
                    ├── edgeName1.json
                    ├── edgeName2.json
                    ├── edgeName3.json
                    └── edgeName4.json


With a set of well- defined and documented API like the one with the VMware VeloCloud SD-WAN, a fully automated network that responds to changing business needs, and that attempts to heal itself should it detect functional anomaly is no longer a distant dream.