Nxos or nxos_ssh: which to choose?

Hello everyone

I have a few Nexus 9k I want to configure with Nornir. Nothing major… (see below for an example). Everything is working so far but I’m still unsure about some things. One of those things is whether to use “nxos” or “nxos_ssh” as the “platform” and subsequently the transport channel.

My first and current setup is with SSH. The only thing that led me to look into something different is the following: when I use IOS devices with the napalm.configure module I see the difference in a way nicer manner then on the NXOS device. Meaning something like this, adding a name/description to a VLAN:

IOS:

vlan 10
  + name test

NX:

name test

That’s really annoying, not to see the “upper” config line. The line “vlan 10” is just not visible on the NXOS diff and becomes something like this:

---- Loading Configuration on the device ** changed : True --------------------- INFO
name VLAN-NAME-1
name VLAN-NAME-2
name VLAN-NAME-3
name VLAN-NAME-4

So, my first question is; am I doing something wrong? Is the difference just a given one in the implementation of Napalm? I looked into doing it into with the nxapi but I got the same results…
The second question therefore would be; what “platform” is better to use, “nxos_ssh” or plain “nxos”? I’m aware of the need to enable nxapi (and scp-server), that traffic runs through HTTPS instead of SSH, some different Getters in Napalm that are available, but that’s about it… on the other hand, if there’s no benefit in using the API, i could life with two features less, which is good.
And one last thing: although i have “replace=False” in the Nornir script, it’s always pushing the whole config to the device, with SSH or HTTPS, doesnt matter.

Are there any people with long-term experience regarding this “desgin”-decision?

Thank you for reading this, and if you have any input, even better. I really appreciate it!

def base(task):
    # Transform inventory data to configuration via a template file
    template_config = task.run(
        task=text.template_file,
        name="Base Configuration",
        template=f"base.j2",
        path=f"templates/{task.host.platform}",
        severity_level=logging.DEBUG,
    )

    # Save the compiled configuration into a host variable
    task.host["config"] = template_config.result

    # Deploy that configuration to the device using NAPALM
    task.run(
        task=networking.napalm_configure,
        name="Loading Configuration on the device",
        replace=False,
        configuration=task.host["config"],
        severity_level=logging.INFO,
    )

I think you should ask that question in a napalm forum.

Regarding replace=False, nornir, via napalm, will send whatever config you give it. The replace is just an option telling the remote device if you sent a full config or just part of it

Thanks for your reply! I’ll be looking for a good place to ask the general “which to choose” question and try my luck.

Just for a reference, the difference in the diff-output seems to come from different options to compare configs on the device directly. For example, on IOS devices the command show archive config differences will give the output I mentioned (with “+” and “-” indicators). Link to Ciscos documentation.
The command is not available on NXOS.