Cisco Automation with Puppet and onePK - PuppetConf 2013
-
Upload
puppet-labs -
Category
Technology
-
view
11.204 -
download
2
description
Transcript of Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK
Jason Pfeifer Technical Marketing Engineer
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
ICT O
perations A Decade Ago …
Network Survivability à Manageability
a
IT Services were: • Static • On premise • Best effort • Operated manually • Agreed between humans
1
... - 2000
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
ICT O
perations During a Decade: Operational Maturity Evolution
Network Survivability à Manageability
Business Operations
1
a
Survivable Managed Operated Business Objective Minimize Cost OPEX Control TCO/ROI
Optimization
Service Levels Best Effort Basic SLA Tailored SLA
Process Everything ad-Hoc
Tasks and Procedures
Best Practice Models
Round-trip > days > hours > minutes
People Multi-Role
Technology Hero
Tiered Domain Expert
Tiered Role and Domain Expert
Technology Point scripts and tools
Applications and point
integrations
Layered OSS Architecture
Typical Anecdotes
2000 - 2010
I run this
Company
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
ICT O
perations Recently …
Network Survivability à Manageability à Automation
Virtual / Overlay Networks
Business Operations
1
a
b
3
Business today requires: • Self-Service, On-Demand • On Premise, Remote, Hybrid Cloud • Wired/Wireless, BYOD • Tight SLA • Increasingly Automated ...
2000 - 2010
Puppet
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
ICT O
perations
Network Survivability à Manageability à Automation
Virtual / Overlay Networks
Business Operations
1
a
b
3
Domain Controllers Domain Controllers APIs and Agents
5
6 7
c
Inflection: Business-Driven Network Automations …
2
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
ICT O
perations Inflection: Network Programming
Network Survivability à Manageability à Automation à Autonomy
Virtual / Overlay Networks
Business Operations
1
a
b
3
Domain Controllers Domain Controllers APIs and Agents
5
6 7
c
What if the ‘User’ is a Software App?
2
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
“A platform for developing new control planes”
“An open solution for VM mobility in the Data-Center”
“A means to do traffic engineering
without MPLS”
“A way to scale my
firewalls and load
balancers”
“A solution to build a very large scale layer-2 network”
“A way to build my own security/encryption solution”
“A way to reduce the CAPEX of my network
and leverage commodity switches”
“A way to optimize broadcast TV delivery by optimizing cache placement and
cache selection”
“A means to scale my fixed/mobile gateways and optimize
their placement”
“A solution to build virtual topologies with optimum
multicast forwarding behavior”
“A means to get assured quality of experience for
my cloud service offerings”
“A way to distribute policy/intent, e.g. for DDoS prevention, in the network” “A way to configure my entire network
as a whole rather than individual devices”
“A solution to get a global view of the network – topology and state”
“Develop solutions at software speeds: I don’t want to work with my network vendor or go
through lengthy standardization.” Simplified
Operations
New Business
Opportunities Enhanced
Agility
I Want To Program My Network Because I Want…
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
New Paradigm Traditional Approach
Evolving Network Operating System Interaction
App C
Java Python Ruby
Network OS
Events
App EEM (TCL)
Actions
Routing
Data Plane
Policy
Interface
Monitoring
Discovery
CLI
AAA
SNMP
HTML
XML
Syslog
Span
Netflow
CDP
Routing Protocols
Any
thin
g yo
u ca
n th
ink
of
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco ONE Platform Kit (onePK)
Router/ Switch
YOUR Applications
onePK
Program
API Presentation
API Infrastructure
Catalyst Nexus ASR ISR
onePK IPC Channel
Network Programming Environment to: § Innovate § Extend § Automate § Customize § Enhance § Modify
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Where Do onePK Applications Run? Choose the Hosting Model that Suits Your Platform and Your Application
10
App
Bla
de
App
App
On An External Server • Plentiful memory/compute • Higher latency and delay
• Supported on by all platforms
On A Hardware Blade • Dedicated memory/compute • Low latency and delay • Requires modular hardware blade
On the Router • Shared memory/compute • Very low latency and delay • Requires modular software architecture
“End-Node”
“Blade”
“Process” Perfect for Puppet
Agent
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
onePK Architecture
C, Java, Python (Ruby) Program
onePK API Presentation
onePK API Infrastructure
IOS / XE (Catalyst, ISR, ASR1K)
NXOS (Nexus Platforms)
IOS XR (ASR 9K, CRS)
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
onePK APIs are Grouped in Service Sets
Base Service Set Description
Data Path Provides packet delivery service to application: Copy, Punt, Inject
Policy Provides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking, Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements
Routing Read RIB routes, add/remove routes, receive RIB notifications
Element Get element properties, CPU/memory statistics, network interfaces, element and interface events
Discovery L3 topology and local service discovery
Utility Syslog events notification, Path tracing capabilities (ingress/egress and interface stats, next-hop info, etc.)
Developer Debug capability, CLI extension which allows application to extend/integrate application’s CLIs with network element
Used by onePK Puppet Agent
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Agent Model Applications
Agent application resides on NE, utilizes onePK API library. Controller typically has network wide view, agent has individual box view.
Choices: Agent/Controller communication methods Where bulk of processing occurs
Agent
Network Element
onePK
Controller
Agent
onePK
Controller
Agent
Network Element
onePK
Agent
onePK
Controller
onePK
Path Computation
PCC PCC PCC
PCE
PCEP
Wireless LAN Control
WLC
AP AP AP
CAPWAP
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Security Five Ways
App Security
Admin Security
Container Security
Runtime Security
Code Security
Digital Signing Certification Process
CLI Control Resource Allocation
Isolation Resource Consumption
Code Isolation Strong Typing
AAA (PKI) Encryption (TLS)
The OnePK Puppet Agent
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Network Element Resident Agent
Puppet master
Puppet agent
Native Puppet agent
Puppet IPC
N3K N7K
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
NX
OS
onePK Agent Architecture
§ onePK provides manageability abstraction. – Avoids CLI scraping – Consistent across cisco OSes – Exposes dynamic device state and
configuration
§ Linux Container – Runs distribution on OS kernel – Fitted with cisco onepk libraries – Isolates application failures from
Network Element – Flexibility for application developers
Device Components
Management Agents
Manageability Abstraction
Device Management Infrastructure OS-specific
Management Infrastructure
XOS and Component APIs
Traditional Management
Agents (CLI, syslog, SNMP, XML)
Next Generation Management
Agents (Puppet, ..)
onePK PL Transport/Marshaling
onePK AL OS Shim
Linu
x C
onta
iner
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Puppet + onePK
Master Nexus Switch
onePK Module
Classify
Compile
Report
Container
onePK Infra
Puppet Agent
3. Execute
1. Request
4. Report
2. Reply onePK API
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Zero Touch
Default Gateway
N3K Switch
DHCP & file server
Puppet Master
1. Boot & Start POAP
2. Downloads image, base config and OVA file
3. Starts Puppet Agent and begins talking to Master
ova manifest
4. Applies configuration through onePK
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Puppet Types (Cisco) class cisco_onep { $ciscodev = "testdemo" cisco_device {$ciscodev: #log => debug, ensure => present, } cisco_interface { 'Ethernet1/8': description => 'Configured with puppet', switchport => access, access_vlan => 1001, element => $element, } cisco_vlan { 1001: ensure => present, vlan_name => 'red', state => active, element => $element, } }
Cisco Device
Cisco Interface
Cisco VLAN
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
onePK Puppet Agent CLI - Configuration
Command Description Example
Onep Application Application-name onep applications puppet
Puppet Version puppet v0.8
Master Puppet Master IPv4/FQDN and Port master bxb-oa-linux2.cisco.com port 8999
VRF VRF name vrf management
Cert-name Certificate name: Support shared certificate and non-shared certificate
cert-name n3k-oa-3.cisco.com
Environment Environment (categorization) environment bxb_oa_n3k_3
Node-name Node name node-name facter
Default-username Device credentials default-username lab password lab
Run-interval Run frequency run-interval 180
Domain-name Domain name domain-name cisco.com
Splay Pseduo random frequency add splay splay-limit 60
Activate Activate daemon mode activate
Name-server DNS name-server 173.37.87.157
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
onePK Puppet Agent CLI – Execution & Monitoring
Command Group Description Example
Noop Execute Noop execution execute onep application puppet v0.8 puppet_agent agent-noop
Oneshot Execute One time execution execute onep application puppet v0.8 puppet_agent agent-oneshot
Ssl-all Clear Clear all certificates and private keys clear onep application puppet v0.8 puppet_agent ssl-all
Ssl-cert Clear Clear certificate clear onep application puppet v0.8 puppet_agent ssl-cert
Show Oper Data Show Show puppet agent config data (master (server) name, run interval, etc.)
show onep application puppet v0.8 puppet_to agent agent oper-data
Show Last Exec Log
Show Show log from most recent noop or oneshot mode run (exec mode run)
show onep application puppet v0.8 puppet_agent agent last-exec-log
Show Run History Show Show logs from most recent daemon mode runs
show onep application puppet v0.8 puppet_agent agent run-history run-number 1
Show Puppet Config
Show Shows puppet agent –config print all show onep application puppet v0.8 puppet_agent config
Show Puppet Copyright
Show Show Puppet Agent copyright show onep application puppet v0.8 puppet_agent copyright
Show Facter Show Show all facter variables. show onep application puppet v0.8 puppet_agent facter
Show Log CLI Show Troubleshooting support show onep application puppet v0.8 puppet_agent agent log cli
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
onePK Puppet Agent CLI – Debug
Command Group Description Example
Debug Puppet Agent Level
Debug Enable debug level (verbose, etc.) debug onep application puppet v0.8 puppet_agent agent level 1
Debug Puppet CLI Debug CLI Troubleshooting debug onep application puppet v0.8 puppet_agent cli
Debug Puppet pmgmt
Debug Management daemon troubleshooting
debug onep application puppet v0.8 puppet_agent pmgmt
Debug Puppet Util Debug Utility troubleshooting debug onep application puppet v0.8 puppet_agent util
onePK Puppet Agent Demo
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
References
§ For more information on onePK – http://developer.cisco.com/web/onepk/home
§ Mail aliases – Puppet
§ [email protected] – onePK