Enterprise SDN - APIC Enterprise...
-
Upload
truongquynh -
Category
Documents
-
view
261 -
download
0
Transcript of Enterprise SDN - APIC Enterprise...
#clmel
Enterprise SDN - APIC Enterprise Module
BRKRST-2641
Adam Radford
Distinguished Systems Engineer
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Agenda
• Introduction
• APIC-EM
• NB API
• Scale out
• Interaction with Prime Infrastructure
• Conclusion
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Level 0/10 Level 2
Maturity Model
Level 1 Level 3
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Cisco ACI Common Policy Model
APPLICATION
PROFILE
USER
ACCESS
APIC EMAPIC EM
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Cisco APIC Enterprise Module Architecture
Abstracts Network Devices to Mask Complexity
Treat Network as a System
Exposes Network Intelligence
For Business Innovation
Cisco APIC Enterprise Module
Cisco and Third Party Applications
Network DevicesCatalyst, ASR, ISR
Network Info Database
PolicyInfrastructure
Automation
REST API
CLI, Netconf, etc API
Security QoS ZTD Path Selection
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Policy Engine – Business Intent
Intent Policies
High Level Constructs
Translation
Network Control Functions
QoS ACLConfiguration
Translation of high level
constructs to network control
functions reduces skills gaps
and clarifies policy procedures
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
An Example
Intent Policies
High Level Constructs
Translation
Network Control Functions
QoS ACLConfiguration
UI:: BradWebAllow: Brad Web allow
Policy Manager:: Business Policy -> Network Policy
Policy Programmer:: Network Policy-> Network Cmds
Scanner-Service:: Network Commands -> device
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Evolution to a Campus/WAN Policy Model
policy
traditional
co
nfigura
tion
traditional
policy policy
ACIToday
traditional
Time
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Reality of Adoption
co
nfigura
tion
traditional
Today
Time
policy
traditional
Traditional
Read
Only
Apps
Earn
Trust
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
APIC-EM: Services Layered View
NB REST API
Pxgrid Client + LDAP client
Radius Proxy + LDAP client
Inventory
Topology
Policy Analysis
PnP
Network Discovery
Network Programmer
Policy Programmer (QoS, ACL)
Network Tapping
Easy QoS
Network Events
Policy Manager
Conflict Detection and Resolution (BI and NI)
Business Intent to Network Intent
Conversion
NETWORK
MODEL
DEVICE
MODEL
DEVICE
INTERFACE
Application Visibility
PfR
APIC
-EM
Serv
ices
APIC
-EM
Apps
IWAN Services
APIC-EM Services
IWAN Services
Basic Services for Controller Availability
Inventory Visualiser
Topology Visualiser
Application Visualiser
Discovery
Easy QoSVisualiser
Compliance Check
ACL Visualiser
Network PnP
Network Tapping Visualiser
Policy Manager
NETWORK13
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Controller Home Page
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Path Trace Application – 5 Tuple
Exact path through network
- Netflow
- Cef
- Traceroute for unknown
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Use Case: Path Visualisation via Collaboration AppMapCollab App
17
APIC
CUCM Cluster
Map
Co
llab
Serv
er
SIP RegistrationSIP Registration
SIP MessagesSIP Messages
• 5 tuple• Information on active calls:
1
5 Tuple
2
Path
3
User Sees Path (UI)
4
MapCollabClients
WWW &
REST API
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Path Trace – CAPWAP Tunnels
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Cisco Intelligent WAN (IWAN) App for the APIC-EMEnables IT automation through centrally managed policies
• Simplified workflows — use case driven with step-by-step provisioning
• Zero touch provisioning – plug & play for remote devices without user intervention
• Business - level policies – application rules drive network actions and abstraction of underlying policy configurations
• Open architecture – northbound API
• Network and application monitoring – status, alerting of network issue
19
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Cisco Intelligent WAN App for APIC-EM
Business Policy Dictates Network Action
IT Admin
Business
Policy:
App SLA
APP DMVPN
SLA
QoS
Security
Path
Selection
Access Application
Network Profile
NETWORK
SDN
Simple Workflow
Templates
Zero Touch
ProvisioningBusiness
Level Policies
Open
Architecture
Network, Applications
Monitoring
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Site topology choices in IWAN app
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Link type selection in
IWAN app
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Application priority policy setting in IWAN app
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Network Plug-N-Play – Simple, Secure, Scalable
Unskilled
InstallerGUI Based
Consistent for devices &
PIN(Campus/Branch)Secure
Zero-touch
RMA
Greenfield
& Brownfield
Central Staging Facility
Site-1
• Install OS
• Install base
configNetwork
Admin
Installer
Site-3
Today’s Process
Site-2 Site(s)
Network PnP
Pre Provision Projects/Sites
Network Admin
1
Install & Power-on devices
2
Installer
Monitor device installation
3
Network Admin
Reseller/Part
ner
Ships
equipment
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Three Classes of Use Case
NetOps Net Integration Net Innovation
"HOW" to "WHAT"
Cultural change: "TEST and VERIFY" "TRUST"
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
RESTful Services Exposed
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
API: VERBS + NOUNS + SYNTAX
GET
POST
PUT
DELETE
JSON Syntax:
{
"policyOwner": "Admin",
"networkUser":
{"userIdentifiers":["40.0.0.15"],
"applications":[{"raw": "12340;UDP"}]
}
}
Header: Content-Type: Application/JSON
https://test-apic/api/v0/policy GET/POST
/host
/link
/network-device
/interface
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
General Structure
GET /noun/count, /noun/{id}, /noun?offset=1&limit=500, /noun/1/500
POST Now Asynchronous. Returns 202 status code and a ‘taskId’
GET /api/v0/task/{taskId} to find out result
PUT Now Asynchronous. Returns 202 status code and a ‘taskId’
GET /api/v0/task/{taskId} to find out result
DELETENow Asynchronous. Returns 202 status code and a ‘taskId’
GET /api/v0/task/{taskId} to find out result
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Postman
Verb
URI
(Noun)
Response
Code
Body
Syntax
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
API Structure
33
/ztd-site/
/device/file-service/
file/config
file/image
2
1
/ztd-device 3
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Create a Rule
34
https://adam-ztd:443/api/v0/ztd-site/device POST
{
"hostName" : "test-switch6",
"site" : "Sydney",
"platformId" : "WS-C2960X-48FPD-L"
}
IMPORTANT: Name of "site" rather than UUID
These are only three mandatory attributes
Default "status" is PENDING
"serialNumber", "configId", "imageId", are often used
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
More on API – developer.cisco.com
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Grapevine Console
serviceStart/stop
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Physical Host
Architecture
Root VM: Manage client spin-up.
• Operation and update of services.
• Service catalog
Client VM(s): Controlled by root.
• Where services run
Client VM(s): Controlled by root.
• Where services run
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Stateless Services
$ ./bin/harvest_all_clients
Harvesting client b2c1f0f0-b616-4606-a5ea-60d0a4edc33c...
Harvesting client 6a699442-201e-4d4f-a558-dc1125010bdb...
Harvesting client 76dca644-be38-43ea-bb37-c24e595f38bd...
Harvesting client 4c230bed-bd2f-4582-90e2-36e3bd5961e7...
Task 'b75745a2-ba72-11e4-a41d-005056b1beb8' completed
successfully
(grapevine)
$ ./bin/grow_all_services
Growing reverse-proxy latest...
Growing router latest...
Growing telemetry-service latest...
Growing postgres latest...
Growing cas-service latest...
Growing data-access-service latest...
Growing rbac-service latest...
Growing task-service latest...
Growing data-uploader latest...
Growing file-service latest...
Growing identity-manager-pxgrid-service
latest...
Growing inventory-manager-service latest...
Growing network-discovery-service latest...
Growing network-poller-service latest...
Growing policy-analysis-service latest...
Growing port-stats-service latest...
Growing topology-service latest...
Growing ui latest...
Task 'd182b83a-ba72-11e4-a41d-005056b1beb8'
completed successfully
Shutdown/resume
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Physical Host Physical Host Physical Host
Service Upgrades (1)
… and service catalogs are
updated with new version…
Cloud Store
Cisco deploys new version
of service to the cloud…
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Physical Host Physical Host Physical Host
Service Upgrades (2)Grapevine automatically
deploys the new version of
the service…
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
What About Network Management?
Management
(NMS)
NE NE NE NE
Customer developed
provisioning tools, manual CLI
changes, and run book
automation for IT Operations
support
Controller
(APIC-EM)
Management
(Provisioning and Assurance)
Automation
(Workflow / Orchestration)
NE NE NE NE
Customer input on business /
service intent
Traditional Management SDN Led Management
Feature
Configuration
Policy
Automation
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Systemic View of Management / Control Roles
Network Infra
Owns the communication to/from the network and drives programmability
Stores, processes and visualisesall historical data for monitoring
and network change
Orchestrates sequential changes and enables IT process execution
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Key Milestones to SDN Led Management Evolution in 2015
Q1 2015 Mid-2015 Q4 2015
APIC-EM CA
Path Visualisation application for
network path tracing
APIC-EM GA
Scalable controller foundation
supporting multiple use case / apps
APIC-EM Updates
Expanded application support across
multiple enterprise use cases
Prime Infra 2.2 FCS (Dec 2014)
Cross domain monitoring across WAN, Access, DC
Prime Infra Niihau
Integration with APIC-EM for core
network service automation
Prime Infra Lanai
Integration with APIC-EM and
Automation as System of Record
APIC EM Apps
IWAN App GA with dynamic QoS
changes; BSA app EFT
APIC-EM Apps
Multiple apps across Wireless, Access,
Collab, Security and Automation
APIC-EM Apps
IWAN app EFT with policy based provisioning of Secure WAN
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Cisco Controller and Management System Portfolio for the Campus/Branch in 12-24 Months
Common Controller Layer
for Campus/ Branch
Policy
Prescriptive
Provisioning
Feature
Configurable
Provisioning
Common Monitoring / Assurance
Common Automation LayerSystem of
Automation
System of Record
System of Change
NE NE NE NE NE
APIC-EM
Multiple APIC-EM
Apps
Prime
Infrastructure
Prime Infrastructure
Branch Service Automation
NE NE NE NE NE
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2641 Cisco Public
Give us your feedback and receive a
Cisco Live 2015 T-Shirt!
Complete your Overall Event Survey and 5 Session
Evaluations.
• Directly from your mobile device on the Cisco Live
Mobile App
• By visiting the Cisco Live Mobile Site
http://showcase.genie-connect.com/clmelbourne2015
• Visit any Cisco Live Internet Station located
throughout the venue
T-Shirts can be collected in the World of Solutions
on Friday 20 March 12:00pm - 2:00pm
Complete Your Online Session Evaluation
Learn online with Cisco Live!
Visit us online after the conference for full
access to session videos and
presentations. www.CiscoLiveAPAC.com