Presented by

Network Elements The Final Frontier

of Data Center Automation

Jason PfeiferTechnical Marketing | Cisco

Presented by

Why?

I can spin up servers in minutes with my Puppet workflows, why does it take orders of magnitude more to spin up and affect change on my Network Elements?”

Presented by

IT Management ChallengesAgility 60% of IT managers are not satisfied with the speed

at which IT responds to business needs

Reliability

$72,000 / hr

cost of downtime due to manual errors and configuration drift

Productivity

48% of IT professionals spend 50% or more of their time on basic administrative tasks

Shadow IT

36% of employees have already used “unapproved” cloud services

Insight 93% of IT professionals cannot answer “What changed?” when an outage incident occurs

Sources: Gartner, Kaseya, Harvey Nash, Vanson Bourne, Evolven, InformationWeek

Similar Challenges in the NetOps Space

Presented by

Network Operations Challenges

Agility Rollout speed of network equipment is slow. After physical kit is installed, configuration should be immediate.

Reliability

Huge cost of downtime due to manual errors and configuration drift

Productivity

Networking professionals spend 50% or more of their time on basic administrative tasks, CLI interaction , screen scraping output

Home Built

Employees have home built scripts / one –off procedures specific to the local network environment

Insight “What changed?” plagues the industry when an outage incident occurs. How do we recover?

Sources: Disgruntled Network Administrators

Presented by

for i in $(cat host.cfg)do ssh user@$i uname -adone

Existing Management Solutions = Insufficient

Sources: THINKstrategies/FrontRange

• Not reusable across different applications or operating systems

• What happens when original author leaves?

CUSTOM ONE-OFF SCRIPTS

IT

spawn telnet $ip(t)$port(t)expect "Trying $in_telnet...\r*Connected to $in_telnet.\r*Escape character is '^\]'.\r*”send -- "\r”

CUSTOM ONE-OFF SCRIPTS

NetOps

Presented by

Puppet Automates Infrastructure for Network Admins

NETWORK STACKS

Asset Management

Physical &Virtual Nodes

OperatingSystems

Controllers

ApplicationsCode & Data

Discovery

Provisioning

Configuration

Orchestration

Reporting

Automation

NETOPS MANAGEMENT STACK

Service Catalog

Monitoring Help Desk

Lifecycle management for heterogeneous environments possible

Presented by

NetOps Agent

Reporting

GUI Workflows

Admin & Security

VM Node Cloud NodeHardware Node

DISTRIBUTED AGENTS

CENTRALIZED MANAGEMENT SERVER

CLOUD-BASED REPOSITORY OF PRE-BUILT SOLUTIONS

Puppet Forge

Agent Agent Agent

3RD PARTY INTEGRATIONS

CMDBs

LDAP & AD

Monitoring

Version ControlAgent

Switch

Presented by

Enabling Technologies

Presented by

NX-OS Architecture

Layer-2 Protocols Storage ProtocolsLayer-3 Protocols

Interface Management

Chassis Management

Kernel

Sysm

gr, P

SS &

MTS

SNM

P, X

ML,

CLI

Man

agem

ent,

NXA

PI

Chip/Driver Infrastructure

VLAN Mgr

STP

OSPF

BGP

EIGRP

GLBP

HSRP

VRRP

VSANsZoningFCIPFSPFIVR

UDLD

CDP

802.1XIGMP snp

LACP PIMCTS SNMP

Container Services(ADT /Guest Shell)

……

Protocol Stack (IPv4 / IPv6 / L2)

Shel

l Acc

ess

oneP

K (E

lem

ent /

VTY

)

Presented by

NXAPI• CLI Interaction with device over HTTP / HTTPS• Input/Output encoded in JSON or XML (key for programmability)

Show clock

NXAPI Web Server(NGINX)

[ { "jsonrpc": "2.0", "method": "cli", "params": { "cmd": "show clock", "version": 1 }, "id": 1 }]

{ "jsonrpc": "2.0", "result": { "body": { "simple_time": "15:00:37.762 PST Mon Aug 18 2014\n" } }, "id": 1}

HTTP / HTTPS

Switch# conf tSwitch(config)# feature nxapi Switch(config)# exit

Presented by

NXAPI - Response

{"jsonrpc": "2.0", "result": {

"body": { "header_str": "Cisco Nexus Operating System (NX-OS) ", "bios_ver_str": "3.22.0", "kickstart_ver_str”: "7.1(0)D1(1) [build 7.1(0)ZD(0.102)] [gdb]", "sys_ver_str": "7.1(0)D1(1) [build 7.1(0)ZD(0.102)] [gdb]", "bios_cmpl_time”: "02/20/10", "kick_file_name”: "bootflash:///n7000-s1- kickstart.7.1.0.ZD.0.102.gbin", "kick_cmpl_time”: " 2/11/2014 18:00:00", "kick_tmstmp": "03/14/2014 05:31:12", "isan_file_name”: "bootflash:///n7000-s1-dk9.7.1.0.ZD.0.102.gbin", "isan_cmpl_time”: " 2/11/2014 18:00:00", "isan_tmstmp": "03/13/2014 23:16:21", "chassis_id": "Nexus7000 C7010 (10 Slot) Chassis", "module_id": "Supervisor Module-1X", "cpu_name": "Intel(R) Xeon(R) CPU ", "manufacturer”: "Cisco Systems, Inc."

}},"id": "1"

}

Output

Presented by

ONE Platform Kit (onePK)

Any CiscoRouter or

Switch

Applications

onePK

C, JAVA, Python

API Presentation

API Abstraction

Catalyst Nexus ASRISR

IPC Channel

Network Programming

Environment to:• Innovate• Extend• Automate• Customize• Enhance• Modify

Presented by

Where Do onePK Applications Run?

Choose the Hosting Model that Suits Your Platform and Your Application

16

App

Blad

eApp

App

On An External Server• Plentiful memory/compute• Higher latency and delay• Supported on by all platforms

On A Hardware Blade• Dedicated memory/compute• Low latency and delay• Requires modular hardware blade

On the Router• Shared memory/compute• Very low latency and delay• Requires modular software architecture

“End-Node”

“Blade”

“Process”

Presented by

New Paradigm Traditional Approach

App

CJava

Python(Ruby*)

Network OS

Events

AppEEM (TCL)Actions

Routing

Data Plane

Policy

Interface

Monitoring

Discovery

CLI

AAA

SNMP

HTML

XML

Syslog

Span

Netflow

CDP

Routing Protocols Anyt

hing

you

can

thin

k of

Evolving How We Interact

Presented by

APIS Are Grouped (Service Sets)Service Set Description

Data Path Provides packet delivery service to application: Copy, Punt, Inject

PolicyProvides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking, Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements

Routing Read RIB routes, add/remove routes, receive RIB notifications

Element Get element properties, CPU/memory statistics, network interfaces, element and interface events

Discovery topology and local service discovery

Utility Syslog events notification, Path tracing capabilities (ingress/egress and interface stats,next-hop info, etc.)

Developer Debug capability, CLI extension which allows application to extend/integrate application’s CLIs with network element

Presented by

Agent application resides on NE, utilizes onePK API library

Choice of communication methods between agent and controller

Choice of where bulk of processing will occur.

Controller typically has network wide view, agent has individual box view.

Examples Web application with REST interface Management over XMPP

Path Computation

PCC PCC PCC

PCE

PCEP

Wireless LAN Control

WLC

AP AP AP

CAPWAP

Agent Model Applications

Presented by

Dev Ops - Plug Ins

Container based packaging of Dev Ops agentsDevice hosted

Software runs on local deviceStandard

Standard Linux softwareSoftware independence

Secure: Not running in host OS TTM: Host release independence, fast TTM NOS

OS/Linux

Switch/Router

Container

Dev Ops Plug-ins

Presented by

NXOS Puppet Integration

Presented by

Compute/Storage Servers

Cisco Nexus Cisco Nexus Cisco Nexus

Presented by

Data Center Network

Puppet Master

LXC Container

Network OS

Puppet Agent

Cisco Puppet Plug-In: Architecture

onePK

Cisco Network Resources

Presented by

Cisco NXOS Puppet Agent Integration Packaged as virtual-services LXC container OVA OVA registers CLI extensions

Configuration commands Show commands Exec commands Clear commands Debug commands

OVA syslogs are linked to NXOS syslog “show log”

Presented by

Cisco Puppet Agent Configuration Example Puppet configuration mode

(config)# puppet (config-puppet)# master pmaster.cisco.com port 8999 (config-puppet)# vrf management (config-puppet)# run-interval 180 (config-puppet)# domain-name cisco.com (config-puppet)# name-server 4.1.1.128 (config-puppet)# activate

Presented by

Puppet Deployment using POAP

Switch downloads scriptExecute script locallyDHCP phase:

Get IP Address, GatewayScript server IPScript file name

Download software imagesDownload running-configDownload puppet_plugin.ovaDownload plugin_activate.py script

1 Power up Switch with no startup-config and default images

NXOS

DHCP Script ConfigPuppet

OVA

Reload the router with downloaded softwareplugin_activate.py script executes , installing and activating puppet_plugin.ova

Puppet Master

Once the plugin is activated, puppet agent running inside the container will establish a session with the puppet master and retrieve catalogues, etc.

2 3 4

5

6

Presented by

Device Plug-ins:• Manage images and patches/SMUs

Puppet Master

Device Plug-in

Package Repository Puppet/

Chef Master

New server

Server Admin

• Security policies, mgmt. servers (syslog, dns, snmp etc.) are common across the network.

• Inject changes at master

Puppet/Chef Master

Network Admin

• ToR configuration for every new device onboarded

• Reduce Manual process • Master puts the new server in the right

VLAN/segment / ACL’s

Image/Patch Config. DistributionNew Server/VM Deployment

Presented by

Cisco Puppet Resource Type Coverage: Feature Resource Name Description

Cisco Device Access cisco_device Allows credentials for user access control & accounting

Base L2/L3 interface cisco_interface General interface & L2/L3 base settings

VLAN cisco_vlan Create/destroy of VLANs and general settings

Interface-vlan (SVI) cisco_interface_vlan Create/destroy of SVIs and SVI specific interface settings

VLAN Trunking Proto (VTP) cisco_vtp VTP global settings

SNMP cisco_snmp_servercisco_snmp_communitycisco_snmp_groupcisco_snmp_user

SNMP monitoring settings. Notification receiver settings not covered as of now.

OSPF cisco_ospfcisco_ospf_vrfcisco_interface_ospf

OSPF instance create/destroy, per-VRF settings, and interface settings (area, cost, msg digest, etc)

Presented by

Cisco Puppet Resource Type CoverageFeature Resource Description

TACACS/AAA***

***full set not available at EFT target date

cisco_tacacs_servercisco_tacacs_server_hostcisco_aaa_tacacs_groupcisco_aaa_authenticationcisco_aaa_authorizationcisco_aaa_accounting

• TACACS global settings• TACACS per-host settings• group association and settings• mapping of groups to AAA features

(authentication, authorization, accounting).

Raw Config CLI commands cisco_command_config Resource to directly apply blocks of configuration CLI commands.

Presented by

Demo